Re: OpenBGPd forward update configuration

On Thu, Jun 11, 2015 at 03:21:31PM -0600, dsp wrote: > On Wed, Jun 10, 2015 at 08:18:34PM -0600, dsp wrote: > > Hello list! > > > > please excuse my probably idiotic question, but i'm still a new OpenBGPd > > user. > > (5.7 release) > > > > what i'm trying to achieve is: > > a) connect to a bunc

IPV6 routing issue

HI all, I've recently changed my ISP and they have native IPv6. My customer premises equipment, which is a GPON, supports both stateless as DHCPv6 on it's LAN interface. I want to put a OpenBSD firewall between this CPE and my internal network. I'm using OpenBSD 5.7 stable. My CPE receive

Softraid Experiences

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I had a situation where I needed to scan something and my 5.7 scanimage didn't want to work so I rebooted into 5.6 (I've been keeping my boot devices on USB) and ran scanimage, then rebooted to 5.7, after which my softraid0 device came up non-op w

Re: The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege

On Thu, Jun 25, 2015 at 05:39:46PM -0400, Jean-Philippe Ouellet wrote: > And an intel microcode update: > https://downloadcenter.intel.com/download/24290 Oops, I read the date wrong on that page. Still though. > And microsoft (yup) pushed an update for it: > https://support.microsoft.com/en-ca/kb

Re: The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege

And an intel microcode update: https://downloadcenter.intel.com/download/24290 And microsoft (yup) pushed an update for it: https://support.microsoft.com/en-ca/kb/3064209 Waiting to get the new ucode through bios updates (which will realistically never come) sounds like a recipie for disaster. D

Re: nsd configuration problem

Good that you solved your problem. I'v done same work as you by converting from bind to nsd+unbound. "The hard way" via digging Google and trying out. You got lucky with shortcut ;) //mxb On 2015-06-25 21:22, Andrew Daugherity wrote: On Wed, Jun 24, 2015 at 1:06 PM, Graham Stephens wrote: ---

Re: mail server on rental server ,cannot recieve mail

thanks for many kind advices , but i cannot recieve mail because of limits of my ability . namely pop3d is hard to overcome ssl . dovecot is also hard because it is involved to mx and postfix . i may study bind or so . so i give up dovecot , pop3d and pop3*.. ---

Re: Chromium in the latest snapshot packages

On Thu, Jun 25, 2015 at 04:19:42PM +, Christian Weisgerber wrote: | > It's typical for a few ports to fail during a snapshot build. | > Usually because of changes in the ports tree, sometimes because of | > changes in base, sometimes just because a particular port doesn't | > build reliably. |

Re: UPDATE: www/vimb 2.9 => 2.10

Brian Callahan said: > Not quite with removing patches/patch-Makefile though: the install > routine uses a GNU install extension (-D). So a patch needs to exist > removing that. Actually not: ports call /bin/install via wrapper that strips unknown options. -- Dmitrij D. Czarkoff

Re: Any books about OpenBSD ARM programming?

Hi, andrew fabbro wrote on Thu, Jun 25, 2015 at 11:00:32AM -0700: > On Wed, Jun 24, 2015 at 9:38 PM, Hrishikesh Muruk wrote: >> The online man (man.cgi) for intro(9) is very short >> I suppose the other man pages in section 9 (kernel >> developer's manual) will have more details. As a matter of

Re: Any books about OpenBSD ARM programming?

On 2015-06-25, andrew fabbro wrote: > There was a 2nd edition of "The Design and Implementation of the FreeBSD > Operating System" released September 2014. I haven't looked at it - was it > updated to reflect current design? It was, but how is any of this relevant for OpenBSD? -- Christian "n

Re: nsd configuration problem

On Wed, Jun 24, 2015 at 1:06 PM, Graham Stephens wrote: > --- > On 24/06/2015 18:43, mxb wrote: >> Hey, >> this is a bit different from bind/named. >> >> nsd is a authoritative server ONLY. >> unbound is a caching server ONLY. >> >> I use those together on the same mach

Re: Any books about OpenBSD ARM programming?

On Wed, Jun 24, 2015 at 9:38 PM, Hrishikesh Muruk wrote: > But it does not seem to get a complete list of pages in section 9 > I asked Kristaps Dzonsos this question a while back and he was kind enough to send me the answer. If you want to get a list of man pages in, say, section 9: http://www.

Re: Any books about OpenBSD ARM programming?

On Wed, Jun 24, 2015 at 6:57 PM, Geoff Steckel wrote: > The McKusick books are a reasonable introduction to the kernel > as it was some decades ago. There was a 2nd edition of "The Design and Implementation of the FreeBSD Operating System" released September 2014. I haven't looked at it - was

Re: panic during boot of 5.7 in de(4) running in Hyper-V

On Tue, Jun 23, 2015 at 09:08:25PM -0600, Theo de Raadt wrote: > > I looked into this last year but lost interest. It seems like the DMA buffer > > is being placed past the UVM constraint for DMA ( eg > 4GB). > > A configuration buffer is in the softc. It should be allocated to be > dma-reachable

Re: out of memory and login.conf logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Michael, thanks for your reply. >> would I see any log entries in /var/log/messages if the system >> runs out of memory and kills a process or if a limit in >> /etc/login.conf has been overstepped by a process? > > It should be easy to test

Intel Compute Stick - OpenBSD "compatible"?

Hello, Did anyone try OpenBSD on Intel Compute Stick STCK1A32WFC ? More details here: http://www.tweaktown.com/reviews/7099/intel-compute-stick-stck1a32wfc-2gb-windows-8-1-review/index3.html

Re: out of memory and login.conf logging

On Thu, Jun 25, 2015 at 05:06:32PM +0200, nusenu wrote: > would I see any log entries in /var/log/messages if the system runs > out of memory and kills a process or if a limit in /etc/login.conf has > been overstepped by a process? It should be easy to test this yourself. See login.conf(5) and the

Re: "when SSDs are not so solid" or why no TRIM support can be a good thing :)

On Thu, Jun 25, 2015 at 12:57 PM, Mikael wrote: > For having a *guaranteedly intact* storage, what is the way then? > > This is with the background of recent discussions that touched on > https://www.usenix.org/legacy/events/fast08/tech/full_papers/bairavasundaram/bairavasundaram_html/index.htmlan

Re: Chromium in the latest snapshot packages

On 2015-06-22, Christian Weisgerber wrote: > The chromium build is very brittle and fails frequently in quasi-random > ways. During the latest amd64 snapshot build, chromium errored out > twice, in slightly different ways. I've uploaded new amd64 packages (Jun 25) that include chromium. In fact

Re: pf nat and routing question

> On 25 Jun 2015, at 15:46, Marko Cupać wrote: > > On Wed, 24 Jun 2015 08:17:15 -0400 > Michel Blais wrote: > >> The solution seem his explain on this link >> >> ‎http://www.openbsd.org/faq/pf/rdr.html#reflect > > On Thu, 25 Jun 2015 14:50:42 +0100 > Andy Lemin wrote: > >> Hi, >> >> We do

out of memory and login.conf logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, would I see any log entries in /var/log/messages if the system runs out of memory and kills a process or if a limit in /etc/login.conf has been overstepped by a process? (OpenBSD 5.7) thanks, nusenu -BEGIN PGP SIGNATURE- iQIcBAEBCgAGB

Re: nsd configuration problem

On Thu, Jun 25, 2015 at 11:55:06AM +0100, Graham Stephens wrote: > I haven't used dig before, I hope these are what you're after. They do show > different results to nslookup. These are all taken from the local machine. > > dig blahms01 and dig @127.0.0.1 blahms01 return: > > ; <<>> DiG 9.4.2-P2

Re: nsd configuration problem

On Thu, Jun 25, 2015 at 02:13:15PM +0100, Graham Stephens wrote: > OK, it seems that when I skip-read the NSD/Unbound info I got them wrong. > Unbound sounded like a DNS cache, and NSD, unsurprisingly, a name server. They are both name servers, but NSD is only meant to serve information authoritat

Re: pf nat and routing question

On Wed, 24 Jun 2015 08:17:15 -0400 Michel Blais wrote: > The solution seem his explain on this link > > ‎http://www.openbsd.org/faq/pf/rdr.html#reflect On Thu, 25 Jun 2015 14:50:42 +0100 Andy Lemin wrote: > Hi, > > We do exactly the same thing for our wifi network. Users on wifi can > *only*

Re: pf nat and routing question

Hi, We do exactly the same thing for our wifi network. Users on wifi can *only* use public IP addresses. The solution is easy, you just have to consider where you do your nat'ing; You can't do bin-at, so you will need nat-to and rdr-to rules to make it work. E.g. The following line translates t

Re: PF Packet Flow Diagram

> > IIRC pf packet flow is also influenced by routing which is done > > before pf. That's why local sourced traffic for remote destination > > cannot be redirected back to local host. > > Could you help me understand this a little better? How do you mean traffic > locally originated by the firewal

Re: nsd configuration problem

Am Donnerstag, den 25.06.2015, 11:42 +0100 schrieb Graham Stephens: > I'm trying to replace several boxes (firewall, file server, mail > server) > with one virtualized one. [..] So actually you do not want to serve names of a domain (say "thestephensdomain.com") to the Internet, but you want the

Re: "when SSDs are not so solid" or why no TRIM support can be a good thing :)

For having a *guaranteedly intact* storage, what is the way then? This is with the background of recent discussions that touched on https://www.usenix.org/legacy/events/fast08/tech/full_papers/bairavasundaram/bairavasundaram_html/index.html and https://blog.algolia.com/when-solid-state-drives-are-

Re: PF Packet Flow Diagram

Hi, > On 25 Jun 2015, at 10:31, Jiri B wrote: > > On Thu, Jun 25, 2015 at 10:15:08AM +0100, Andy Lemin wrote: >> Surprised I've not had any replies for this? >> http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg >> >> >> I copie

Re: Is PFSync over IPSec still broken?

On Sun, Jun 21, 2015 at 03:20:34PM +0200, ??ukasz Czarniecki wrote: > W dniu 2015-06-18 o 17:30, ??ukasz Czarniecki pisze: > >> It's still broken because as mentioned at the end of the thread you > >> linked IPsec state gets replicated to the peer and this is causing > >> the "replayed" packets you

Re: Any books about OpenBSD ARM programming?

On 2015-06-25 09.39.23 +0530, Hrishikesh Muruk wrote: > Is there a way to see all of the pages in section 9 using man.cgi (or man)? I had done this; perhaps there is a better way, but I don't know it: $ apropos -s 9 *

Re: PF Packet Flow Diagram

On Thu, Jun 25, 2015 at 10:15:08AM +0100, Andy Lemin wrote: > Surprised I've not had any replies for this? > http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg > > > I copied this from a diagram I found some years ago which has b

Re: PF Packet Flow Diagram

Surprised I've not had any replies for this? http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg I copied this from a diagram I found some years ago which has been photocopied a few times and is now intelligible, so thought I'd qu

Re: beaglebone rj45 cape

On 2015-06-24, Richo Healey wrote: > On 25/06/15 00:18 +0200, Martijn van Duren wrote: >>Hello misc@, >> >>I'm currently looking into a managed switch for my home and I would >>like to achieve this with OpenBSD's bridge(4) option and pf. The >>throughput shouldn't be too high (at most some video s

Re: Fwd: Re: Q: Assistance with pf.conf rules

On 2015-06-24, John Nyhuis wrote: > bond0 is a virtual interface that consists of two LACP bonded NICs. This doesn't sound like OpenBSD...

Re: Any books about OpenBSD ARM programming?

Am Mittwoch, den 24.06.2015, 17:26 +0200 schrieb Piotr Kubaj: > I want to install OpenBSD on my BeagleBone Black and write some > simple > programs using I/O pins. Are there any tutorials on this? Additionally to what the others did say, you probably should have a look into the (code of the) gpi

Re: nsd configuration problem

Am Mittwoch, den 24.06.2015, 18:02 +0100 schrieb Graham Stephens: > I've tried to set up nsd on 5.7 x64 and it's not working as it > should, > but I'm lost as to where to look to correct the issue. I was hoping > for > some pointers. :) Okay. First of all, I hope you are aware of the differenc