fficient that it
doesn't matter anyway, and the ruleset optimizer, skip steps et al do
their job so that you can concentrate on a ruleset optimized for the
human dealing with it, not the machine.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de,
ot;.
sounds like your routes from AS22652 aren't considered valid, could be
due to the nexthop. bgpctl show rib & show nexthops should give clues.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. V
uldn't just shutdown
> itself no matter what payload it gets?
the later shutdown indeed shouldn't happen.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fu
imes is vether0 as
> both are the same physical nic?
it logs whatever teh receiving interface is, as set by the lower
layers of the stack. why that is sometimes vether and sometimes the
underlaying if I can't tell w/o code digging.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS W
w for the net.
>
> There are no static rules for any of those destination sites.
>
> Why is it that blocked packets appear sometimes on fxp0 and sometimes on
> vether0?
it's simply the interface the packet came in on.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS We
bgpd, or
the remote bgpd is severely broken. By definition, the first 16 bytes
of a bgp packet have all bits set. this is not the case here.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual &
* Stuart Henderson [2015-04-16 22:41]:
> (filtering is just slow rather than buggy afaik; but then AIUI this
> wasn't supposed to be the final implementation of filters ;)
amazing how long "temporary" solutions can last...
--
Henning Brauer, h...@bsws.de, henn...@openbs
It is very sad to have to communicate that our friend, Paul
Schenkeveld, has passed away.
Just recently Paul held a tutorial at AsiaBSDcon 2015; as we know
he enjoyed - or rather lived for - BSD conferences. He was
particularily proud of the 2011 EuroBSDcon in Maarssen, for which he
was the prime
options set, or fragments if defrag is turned off (on by default) and
there is no rule specifically matching fragments. since these have no
rule to refer to, they refer to the default rule, which happens to be
a pass one. and that pass is shown. can admittedly be misleading.
--
Henning Brauer, h.
* ML mail [2015-02-19 09:07]:
> I might also experiment if I should use bsd.mp or the standard non
> SMP bsd.
you'll want amd64, not i386. MP vs SP should make little difference, I
use the MP kernels these days.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
ell suited for MP, due to quite a lot of shared data structures
(think routing table, pf state table, ...).
> For example:
> - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores:
> - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores:
the latter.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS We
sp all
[ Evaluations: 47477 Packets: 2949816 Bytes: 1681517248 States: 1 ]
[ Inserted: uid 0 pid 11764 State Creations: 12]
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicat
* Federico Giannici [2015-03-09 16:51]:
> On 03/09/15 15:24, Henning Brauer wrote:
> >* Federico Giannici [2015-02-04 01:11]:
> >>I have done an experiment: I replaced in every rule the "set queue XXX" with
> >>"tag XXX" ("XXX"
quot; - really almost identical
codewise.
since you're running 5.5, I'll assume ALTQ and thus the problem being
gone :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
gt; pfctl -sr -R
pfctl -vvsr
is the usual way, shows all rules prefixed w/ the rule #, as well as
some per-rule counters.
> Further details can be found in the man page.
indeed :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
S
te can be very misleading.
> FWIW, net.inet.ip.ifq.drops=0.
100% unrelated.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
as independently discovered by the operator of
> IPredator, the highest-bandwidth Tor relay:
>
> https://ipredator.se/guide/torserver#performance
>
> My 800 KB/s exit node had up to 7,000 gettimeofday() calls a second,
> along with hundreds of clock_gettime() calls.
those
ey" don't have a choice, because OpenBSD is open source, or
> haven't you heard?
OpenBSD being open source does not imply that you decide what we
ship...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting
* Henning Brauer [2014-10-14 20:52]:
> netmap is luigi's research framework, and he used it for some cool
> research an sure will do so more in the future. no more, no less.
I should clarify: I am aware of a few use cases that profit enormously
from netmap.
Let's look at what
* Mikael [2014-10-14 16:35]:
> 2014-10-14 16:15 GMT+02:00 Henning Brauer :
> > > i.e. there's no way for a userland application to do high speed
> > > packet-level IO.
> > there are plenty of methods actually.
> Like what?
bpf, for example.
but since you stil
* Mikael [2014-10-14 14:57]:
> 2014-10-14 11:02 GMT+02:00 Henning Brauer :
>
> > * Mikael [2014-10-14 10:24]:
> > > NetMap (http://info.iet.unipi.it/~luigi/netmap/) in OpenBSD would be a
> > > great idea.
> > We kinda like our stack.
> Of course, OBSD has
een 0 and zero.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
if one of the network interfaces
> are actually changed?
the latter, they are tables internally that get updated on changes.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Server
two separate log entries.
nope, pflog has both the original and the rewritten address(es).
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Br
e get into nitpicking.
you tell pkg_add a source for your packages, that's it.
> It looks like pkg_add references and uses the ports directory
nope
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. V
th cases correctly parsed?
yes
> And even if so, should the man page be fixed for consistency?
I honestly don't see the point. Commas are optional in most places and
neither form (with/without) is "preferred" in any way.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS W
enough" to the Generalized Packet System.
>
> I would like to make this with OpenBSD, and I would like some pointers on
> where to look about the implementation to identify the model used.
pf.conf(5)
sys/net/hfsc.*
sys/net/if.*
sys/net/pf.c & pf_ioctl.c
sbin/pfctl/*
--
Henning
in/target exceed max, all bets are off. fix your queue defs.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Kapetanakis Giannis [2014-09-06 00:50]:
> I'm asking about "reassemble tcp".
>
> According to some 2010's threads in misc@ it used to cause problems to some
> users.
> I'm wondering what's the status now.
unchanged.
--
Henning Brauer, h...@bsws
* Sonic [2014-09-05 17:12]:
> On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis
> wrote:
> > yeah, don't use reassemble tcp. it's not perfect.
> Isn't that default behavior?
hell, no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, ht
o to fix this? Is getting the tun interface to
> calculate the checksums the way to go?
seems like you manage to hit a case where the %*&#^(*@!^(_! bridge
confuzzles interfaces. AGAIN.
did I mention the bridge has to die?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Service
d to do at all...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ransfer
finishes.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Gregory Edigarov [2014-09-12 20:28]:
> On 09/12/14 19:07, Henning Brauer wrote:
> >* Paul S. [2014-08-28 11:19]:
> >>Earlier today, however, I discovered that routes that I'm announcing under
> >>the same ASN (in another location) are being received and put in
ay to make it send through
> the correct interface (ext_if1 in this case)?
pf-generated packets like these RSTs bypass the ruleset, thus never
hit your reply-to.
I'm not aware of a solution.
(route-to and reply-to are stupid to begin with. Avoid at all cost.)
--
Henning Brauer, h...@bsws
AS aren't supposed to be
distributed via BGP but your IGP.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
r they call it today) are actually better than the
consumer grade ones. Having an nontrivial (3-digit) amount of both, I
don't really see a difference in reliability, but these numbers are
too small for proper statistics and I haven't done any scientific
examination, rather looking over ou
* Stuart Henderson [2014-08-22 13:51]:
> On 2014-08-22, Henning Brauer wrote:
> > * Federico Giannici [2014-08-22 09:51]:
> >> On 08/22/14 08:22, Henning Brauer wrote:
> >> >* Adam Thompson [2014-08-21 19:13]:
> >> >>Unless I've mis-un
* Federico Giannici [2014-08-22 09:51]:
> On 08/22/14 08:22, Henning Brauer wrote:
> >* Adam Thompson [2014-08-21 19:13]:
> >>Unless I've mis-understood all the emails and reports about this, it
> >>affects low-bandwidth queues, not low-bandwidth interfaces.
>
* Christer Solskogen [2014-08-22 08:20]:
> On Thu, Aug 21, 2014 at 7:41 PM, Henning Brauer wrote:
> > named is even still in base in -current (atm at least), let alone 5.5.
> Okay? Are you sure about current?
kidding?
> I've just upgraded the day before yesterday
&g
ame link will not.
>
> Yes/no?
pretty much.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
# for normal use: ""
> >
>
> It might also have something do with that named is not in base anymore
> (I figured that out now)
named is even still in base in -current (atm at least), let alone 5.5.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
that.
> trying to do the same for IPv6, the set nexthop statement in the bgpd.conf
> has no effect. The cisco receives the prefixes with the non-carp IP of each
> firewall as nexthop.
that smells like a bug.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, ht
* Scott Bonds [2014-08-19 02:28]:
> The funny thing is that I have a book on Snort on my reading list. Time
> to read it.
or you use the time for something useful instead.
did I say snake oil? ewps.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de
mplete
noops, no effect whatsoever), seem arbitary and break style by
resulting in too long lines.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henni
* Gustav Fransson Nyvell [2014-08-11 09:04]:
> Good thing OpenBSD didn't go down the multiple versions path.
Good thing OpenBSD doesn't attract more idiots like you.
Go away.
Everybody else: don't feed the troll.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web S
D? Will I have to go with Software RAID?
there is no hardware raid in your server, it is fake. the bios etc
know the bare minimum to boot from it, the actual raid functionality
is in the driver.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full
* Giancarlo Razzolini [2014-08-05 18:36]:
> On 05-08-2014 03:36, Henning Brauer wrote:
> > the 90s are over.
> Yep, I know Henning. Vlan's are pretty secure. But they add complexity
> and if you use physical separation you can mitigate problems caused by
> misconfigura
, there should never be a good reason to apply queues to
> the VLAN interfaces at all?
I can't see any. There's always an interface (or a stack of interfaces
even) with a queue underneath, so THAT is the point to do the queueing.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
* David Dahlberg [2014-08-05 10:17]:
> Am Dienstag, den 05.08.2014, 08:36 +0200 schrieb Henning Brauer:
>
> > queueing on vlan is pretty meaningless.
>
> > however, classification can happen anywhere, so assign queues on your
> > vlan interface and create them on th
go to queue foo". once the packet hits an outbound
interface, we check wether queue foo exists there and if so use it.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
t use bi-nat for our DMZ Servers.
there really is nothing wrong with aliases on carp interfaces.
you ahve to keep them in sync of course. just like the vhid and the
passphrase...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure H
* Loïc Blot [2014-07-23 17:12]:
> pfctl: DIOCADDQUEUE: No such process
that most likely means you're trying to create a queue on a nonexistant
inmterface.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail
d be appreciated.
really sounds like you're getting into the ballpark area where the
timer resolution isn't good enough to hit your rather small bandwidth
on - assumption here - rather high bandwidth interfaces.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH
pert on the topic, but basically, it
> reduce the amount of sharing needed.
yeah, I know. that is certainly not the stupidest approach ever seen.
wether it is the smartest i'm not certain. not judging here.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http:
* sven falempin [2014-07-08 14:16]:
> On Mon, Jul 7, 2014 at 11:55 PM, Henning Brauer wrote:
> > * Franco Fichtner [2014-07-06 00:29]:
> >> Missing SMP support is the fork in the road. The window of opportunity
> >> seems to be closing. A penny for Henning'
* Franco Fichtner [2014-07-08 11:20]:
> On 08 Jul 2014, at 09:58, Henning Brauer wrote:
> > this has NOTHING to do with the problem or the question at hand.
> So then what has it to do with? You tell me I missed the obvious
> but don't provide your arguments.
it's
ans the entire area is a collection of poo.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
g any network. So, some basic message passing, across
> the OS. It's implemented using sqlite3 which in my case is not good,
ok, I stop reading here.
Using a fickle rocket launcher to light a candle.
That might be the main reason why software today is so miserable.
--
Henning Brauer, h..
but hey, you can throw cores at it, make intel & the power
companies even richer, increase pollution, and whatnot), and making
sure we can never take these changes back even if we wanted to.
how bright!
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Ful
* Franco Fichtner [2014-07-08 10:48]:
> On 08 Jul 2014, at 04:55, Henning Brauer wrote:
> > And the possible pf MP gains are drasticly overrated anyway.
> I'm not sure. Maybe that's a stance that fits OpenBSD well, but in
> networking as a whole that's not appl
+--
> > sys/net/pf/pf_norm.c | 118 --
> > sys/net/pf/pfvar.h | 17 +-
> > 7 files changed, 588 insertions(+), 323 deletions(-)
> > http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3a0038bfb239dd522057809c52d7d23dd2134c38
>
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
f MP gains are drasticly overrated anyway.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Mihai Popescu [2014-07-02 17:05]:
> Better buy a hardisk, copy your data and mail it abroad. Seriously.
A truck full of harddisks is a transport link with fantastic bandwidth.
Latency kinda sucks, tho.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws
all.
I even wouldn't be surprised if the !carpdev case bites the bullet at
some point, should we change/redesign basics. There's nothing up in
that direction tho, call it a vague feeling.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Servic
Can hurt, esp when the
default gateway is in that net, but is perfectly fine in many cases.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ld this mode of operation have compared to the
> classic mode with IPs assigned?
the backup node might not be able to reach the network on the carp if
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual &
* ian kremlin [2014-06-29 01:05]:
> due to its unportability (as it's written in pure C)
that doesn't make the slightest sense.
"pure C" can be and often is perfectly portable.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de,
* Chris Cappuccio [2014-06-23 20:24]:
> Henning Brauer [lists-open...@bsws.de] wrote:
> > * Chris Cappuccio [2014-06-21 20:05]:
> > > Right now all routers and firewalls should
> > > be on SP kernels or you will actually have worse performance.
> >
> > Th
nel side, i. e. a pure packet forwarding firewall (no
proxies) or a static-routing router won't really benefit.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to F
VLAN security concerns today isn't "don't use VLANs
> for security", it's "use Cisco/Juiniper switches if possible, or at least
> tier-2 gear, and implement mitigation techniques".
The answer is NOT "use cisco/juniper", the answer is really "
* Boris Goldberg [2014-06-20 15:51]:
> There is no real security separation between vlans.
sigh. stop spreading myths from the last century.
> Also OT - is OBSD handling 10 gigabit interfaces at full capacity
> already?
yes
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web
ly due to the anoncvs mirror you
used) wasn't really up to date, then.
$ cat /usr/src/lib/libssl/ssl/shlib_version
major=25
minor=0
> This e-mail is confidential
oh damn, I retract my answer then
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws
through vlan_start/vlan_input.
Should not make much of a difference in practice.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning B
h udp or non TCP data, i
> wonder why this is so poor and abandoned.
I don't know what to say about this really... but I feel I have to,
since others might think it made sense in any way.
The only advice I can really give here: get a book on tcp/ip basics.
--
Henning Brauer, h...@bsws.
OpenBSD has a lot more uses than just that -> compromise) you have zero
control over what gets dropped since the NIC does it already.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicat
* Paco Esteban [2014-05-29 12:11]:
> On Thu, 29 May 2014, Marko Cupać wrote:
> > On Wed, 28 May 2014 21:40:58 +0200
> > Henning Brauer wrote:
> > > I'm pretty damn sure I added "reset prio if queueing is on" thing.
> > >
> > > yes, in IF_
* Marko Cupać [2014-05-28 18:12]:
> On Wed, 28 May 2014 14:12:42 +0200
> Henning Brauer wrote:
>
> > prio is ignored when bandwidth shaping is on.
> >
> > priority in ALTQ-HFSC was an illusion really.
>
> Hi Henning,
>
> knowing your role i
dth shaping is on.
priority in ALTQ-HFSC was an illusion really.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Marko Cupać [2014-05-06 17:55]:
> Was nice to see those values in real time. Are they gone for good, or
> developers need some time to adjust them for new queueing mechanism?
that's what it comes down to.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
ch rule, if X.X.X.X is anything else, they won't.
If Y.Y.Y.Y happens to be 192.168.1.55, these packets will match the
pass rule, otherwise they won't.
I'm really saying here that rewrites are applied immediately (hurts a
little to say that since I know the internals, but that'
t of work since a few free()s are missing for that
to give real results, but shouldn't be much.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Mana
; free(ibuf_main);
> ...
>
> at the end of session_main() in session.c.
we tend to have explicit free()s in bgpd since that allows us to find
memory leaks easier using instrumented alloc/free routines.
so not freeing conf isn't a bug, but makes the leak finding harder.
--
Henning
of the fork() we are). With a report like that I had to go
through large parts of code to ecventually maybe spot what you are
referring to. That doesn't help, that just costs time. I appreciate
the effort, but please make it easier to consume for us :)
--
Henning Brauer, h...@bsws.de, henn
>
> What is the point of passing the parameters ? I thought it would be
> close()'d from main() in bgpd.c.
well, rde_main and session_main fork()...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and
nged, and there's no problem with that.
wether you use libevent or not is a matter of taste imho unless we're
potentially dealing with a very large number of sockets, in which case
kqueue has advantages over poll.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services Gmb
* Atanas Vladimirov [2014-04-23 21:30]:
> `pfctl -vvs queue` shows that traffic flow only on default queue.
ewps... I feel stupid. repaired. sorry.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Servi
* Daniel Melameth [2014-04-23 18:27]:
> On Wed, Apr 23, 2014 at 9:58 AM, Henning Brauer wrote:
> > * Daniel Melameth [2014-04-23 17:56]:
> >> Anyone else seeing this? I also noticed pps and bps were missing from
> >> systat queues, but I assume this is expected
>
* Daniel Melameth [2014-04-23 17:56]:
> Anyone else seeing this? I also noticed pps and bps were missing from
> systat queues, but I assume this is expected
hmm, no, that worked for me. did I forget to commit sth?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Service
to go
way back in history. there was a time when the only way to run a
grapical browser on openbsd was to use the netscape binary under BSDi
emulation (I think it was BSDi, not 100% certain) on i386 or the solaris
binary under emulation on a sparc. there was no open source graphical
browser back th
all on tun(4) devices?
"yes".
as in, it works but probably has no effect since shit is buffered
after again.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Ro
d /dev/var/local/etc.d/$hostname/etc/cron.d/modern/* easier.
and now?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
from my iPhone
fiddling with the pf rules on that PoS too?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ng match rules, not pass.
sez who?
nat-to on pass rules is perfectly fine.
using a match rule is just more practical in most scenarios.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Se
NPTD reports:
>
> reply from 192.168.1.102: not synced (alarm), next query 3156s
>
> Is there a way to make ntpd ignore these alarms, or perhaps set them to a
> time
> less than fifty minutes (average)?
not without changing code.
--
Henning Brauer, h...@bsws.de, henn
* Chris Cappuccio [2014-01-18 21:25]:
> Mike, [...], You were henning's roommate
err, no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Hennin
ly.
that sounds like arp problems, namely very slowarp resolution. I've
seen that before, it was very obvious some L2 gear was to blame, but
details escaped me by now.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting,
> tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
> > as before we still have a miscounting bug for inbound with pf on, to be
> > fixed in the next step.
> > found by, prodding & ok naddy
> > ====
> >
to 7 when they match the state outbound on $lan.
>
> Correct?
pretty much, there are a few cases (liek carp announcements) that get
a higher priority by default.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
1 - 100 of 1586 matches
Mail list logo
