2010/10/15, Henning Brauer :
> this way queue foo will exist on all interfaces. the assignment can be
> done inbound if the packet is forwarded and doesn't go through a
> userland proxy.
A little bit off-topic question: Would it be too stupid to extend
divert_output() with a way of assigning queue
2010/10/12, Xavier Beaudouin :
> Our idea is to have all our system to be IPv6 only native and when an IPv4
> wants to access to an IPv6 service, IVI can do the translation (this is not
> magic, but the idea is to provide specific IPv6 hosts to be "visible"
> Does OpenBSD has somewhat support abou
2010/10/11, Claudio Jeker :
> CPU consumed by the kernel is not accounted by the scheduler. All the
> work done by urandom is system time.
And for the curious people who can't see the obvious: why is that?
--
Martin Pelikan
Giving up, my old curses code is too gross... better sent it to /dev/null.
The only usable thing would be this piece, wrappers for
adding/deleting ipv4/6 addresses. Might be useful even for python
people, if they change err() for something they'd like.
http://sztorkie.steadynet.org/files/temp/wra
2010/10/7, Jona Joachim :
> On 2010-10-07, Christiano F. Haesbaert wrote:
>> Why not make a curses GUI ? I find it much more useful than gtk/qt (IMHO).
>
> What would be really nice IMHO is to expose an API that gives access to
> ifconfig functionality so everybody could easily write their own UI.
2010/10/6, Fabio Almeida :
> Is there a chance this messy setup can work?
> Has anyone configured some setup like that in Bridge mode (not ECMP)?
I don't have access to any of the UBNT's we use right now, but any
mode except WDS seems not to be fully L2 transparent, hence it might
be incompatible
2010/10/3, Daniel Browning-Weber :
> Okay, and the divert (4) man page says that outbound packets,
> after being reinjected, "are processed directly by the relevant
> IP/IPv6 output function," so I probably can't get pf to take
> another look at them so that "route-to" will apply.
>
> If I were fee
2010/9/22, Beavis :
> I would like to ask if someone has done routing via pf(4) (non-NAT
> rules). My idea is to be able to route packets from one interface to
> the other. say from tun0 to rl0. I've been googling a lot and most of
> the rules im seeing have something to do with NAT routes.
hint:
2010/9/10, Chris Cappuccio :
> Stop using ALTQ on your DNS server, perhaps? That may be what is causing
> the back-pressure that you're seeing.
Why do you think it would help? Those lots of packets would arrive
anyway, only the decent user will wait longer for his website to load.
Fortunately alt
2010/9/9, Claudio Jeker :
>> And a new flag to struct in6_ifextra?
>
> Nope, it will be part of ifnet->if_xflags.
Actually, it's already in in6_ifextra->nd_ifinfo->flags, named
ND6_IFF_ACCEPT_RTADV and controlled by the "ndp -i" command. However,
ifconfig autoconfprivacy uses if_xflags and separat
2010/9/10, Andy Bradford
:
> Why would you need 65k UDP for DNS? Almost all UDP based DNS responses
> are under 512 bytes, those that are larger are required to set the
> truncated bit and the client restart the query using TCP.
We have probably too many wild users because the logs were fl
2010/9/10, Stuart Henderson :
> these affect traffic sourced from the box itself, *not* routed through it.
We had to do quite extensive link testing because of strange packet
loss on the SDH circuit. The buffer sizes really mattered :-) But
thanks to the information as the link appears to be okay
2010/9/7, Claudio Jeker :
> As soon as you spilt a /64 into something smaler you left IPv6 land end
> entered something that looks like IPv6 but isn't. Sure it is possible but
> by doing it you make every IPv6 disciple scream in agony (which is
> probably a good thing anyway).
I don't understand t
2010/9/9, Joe Warren-Meeks :
> Well, the machine has 6Gb of RAM and is only pushing 10Mbit/s of
> traffic at peak. It does need to maintain a largeish state table, as
> it is predominatly web traffic, but I've run much much larger and
> busier sites behind much smaller hardware with the same config
2010/9/8, Joe Warren-Meeks :
> I've had a weird problem happen twice now. It seems after about 4 - 6
> weeks of running very happily, both servers lock up completely at the
> same time. Both consoles show no error messages, but the cursor is
> blinking away happily. Neither console will take any in
2010/9/6, Claudio Jeker :
> Only if you plan to use NAT in the near future. /64 is like a /32 in IP.
> Not enough in most cases.
Why? You can always use DHCPv6 and split the rank further... I haven't
much studied the protocol itself, but in practice the only system that
has trouble with it is Linu
2010/9/5, Simon Comeau Martel :
> I am trying to figure out why OpenBSD won't let me activate
> "net.inet6.ip6.accept_rtadv" and "net.inet6.ip6.forwarding" at the same
> time.
/usr/src/sys/netinet6/in6_proto.c:int ip6_accept_rtadv = 0; /*
enabling forwarding and rtadv concurrently is dangerous
2010/8/29, Denis Fondras :
> I have a problem with uplcom(4). Whenever I connect to a remote terminal
> with "cu -l /dev/ttyU0", it hangs after a few seconds (usually under 2
> minutes).
I've seen way too many faulty/misbehaving uplcom's. Have you tried
different piece of hardware?
--
Martin Pel
2010/8/27, Henning Brauer :
> find that #define (I forgot its name and location), increase,
> recompile.
>
We use such setup with HFSC limit raised up from 64 ten times, so far
without any problems (core i3, 2G RAM, em(4) gigabit desktop nics,
12-15k pps on average).
Is there a reason why are the
Hello list,
I just updated my IPv6 address calculator and thought it might find
its use in OpenBSD. It shouldn't contain any security risk, is small
enough not to bloat the tree and handy enough to help admins visualize
and plan their network's addressing or set those crazy PTRs properly.
As there
2010/8/20, Daniel Ouellet :
> I don't really know
> much about how the smart drive suppose to be any good monitoring works
> to alerts of up coming hard drive failures.
Neither do I, but I've noticed that the measurement units across
different HD vendors (I've only worked with IDE/SATA) are not
s
2010/8/17, Jiri B. :
> what's up with vpn and samba?
who goes around, comes around...
--
Martin Pelik an
2010/7/29, Chris Cappuccio :
> I bet the IBM ath cards are probably an older chip than AR5413. Maybe
> AR52xx ?
Yes, mine is 5213. And so are CM9's. The 5413 is only in the Mikrotik AP.
> The ath driver has never worked well with the "newer" stuff in my
> experience. But these days, even the At
Hello everyone.
I have a AP with AR5413 with RouterOS and several OpenBSD clients. IBM
notebooks using ath(4), iwi(4) and rum(4) work perfectly. The problem
happens when I try to connect my alix board (4.7-release, i386) with
Wistron Neweb CM9 (with unlocked all channels, cos we use 5500-5700 MHz):
2010/7/18, Matt S :
> Hello,
>
> Could someone tell me why, given the following ruleset, I cannot get to my
> machine from the outside on ipv6?
Because you didn't allow neighbor discovery?
pass in on $ip6if inet6 proto icmp6 icmp6-type \
{echoreq,unreach,neighbrsol,neighbradv}
--
Martin Pelikan
Hello everyone.
Yesterday I compiled some stuff from ports, when my i386 -current (about
two days old) paniced (onproc was one of those cc(1)):
Debugger(), panic(),
mtx_enter+0x5a(d0a2fc20, d2bae000, d2baf000, 0, 0)
uvm_pseg_release+0x6b
uvm_swap_allocpages+0x8d9
uvm_swap_get+0x38
uvm_fault_anonget
2010/7/13, Ted Wynnychenko :
> the network card will be the same, since it's moving too
Actually, it doesn't have to; its number might change due to different
motherboard layout (happened to me on one crappy ECS). Then you end up
playing with config(8).
--
Martin Pelikan
2010/7/13, jackwssp q :
> Who knows anything about the secret keys in the packet filter(pf), such as
> way only for developers.
You can actually read the code yourself, find them and write paper
about them... Don't forget to mail misc@ about it.
--
MP
2010/7/12, Paolo Aglialoro :
> Unfortunately the question was meant for a dual boot P3-M 256MB laptop, so
BTW: I can hardly think of a person I know who used XFS on laptop and
didn't lose at least subset of his data there. My suggestion: run,
before it's too late. Ext3fs works for me between Linux
2010/6/18, Rioux, Christophe :
> Hi
>
> We tried to implemant a monitoring on a OpenBSD 4.4; I get an error message:
> index not found (monitoring via Cacti, means net-snmp). My Cacti server is
> hosted on another server.
So do we, our cacti is 0.8.7e, from some redhat repository quite some
time a
Hi,
this you might already know, but good rule of thumb is to set the
levels manually for each source (according to its dynamics), having
peaks around -6dB to -10dB. If you have manual volume/gain control on
your recording device/preamp, I'd set all levels in the computer to
80% of the scale and th
Hello misc@, claudio@,
I've noticed that when I propagate subnet of size /63 on our ospf-v3
network (unfortunately on routeros), ospf6d not only marks the ASE
update as invalid, but also refuses to move on with the rest, ending
up filling logs with nonsense in endless loop.
This diff only makes osp
Hello misc,
I tried to set up relayd on internet gateway to handle our web
requests this way:
- "site.org", "www.site.org" and "intranet.site.org" forward to our
main web server
- "*.site.org" forward to the secondary web server (handling all those domains)
At this time the "site.org" requests go t
2010/5/22, Don Reis :
> I have the idea that to make DHCP work over IPSec on my VPN gateway, I have
> to make dhcpd listen on lo0, and then have dhcrelay listen on enc0 and relay
> to lo0. (dhcpd runs on same machine)
>
> Why doesn't dhcrelay find enc0? And Is this the proper way to make this
> w
2010/5/22, dontek :
> Yes, thanks, I've read the man pages. I've even made the proposed
> connection
> work both ways. (less the DHCP working) What I was hoping for was a few
> that
> have more experience than I do to share their experiences and tell me some
> of
> the potential benefits and/or d
Hi
did you actually read any piece of documentation about the topic?
Manual pages like ipsec(4) for overview, ipsec.conf(5) for
configuration and isakmpd(8) + keynote(3,4,5) + openssl(1) + authpf(8)
for possible ways of authenticating your warriors.
> I've found many examples via Google. Some are
If your firewall has to run in not so hostile conditions like sub-zero
temperatures or large temp differences over short time (typically
right under the roof), consider using flash memory (CF-ATA converters
being available around 20 USD) instead of hard disk + eventually mfs
for some logging or so.
Is it possible that you have multiple addresses on $ext_if? You NAT it
to the first one (:0), but tunnel established using FQDNs could try to
send stuff to another IP that doesn't match your NAT table. Have you
actually seen anything going out of the external boxes on your
firewall? Pflog and tcpd
2010/5/11, Chris Smith :
> Maybe I'm missing something:
You might want something like this:
# mkdir /var/log/rd ; chmod 700 /var/log/rd ; chown _pflogd:_pflogd
/var/log/rd
# echo 'pflogd_flags="-f /var/log/rd/pflog" ' >> /etc/rc.conf.local
# echo 'swap /var/log/rd/ mfs rw,nodev,nosuid,-s=67108864
Hi,
my guess would be somewhere about line 2803 in pf.c:
when the rule matches for the first time, it reaches the if (af !=
AF_INET6) which is isn't (pfctl's parse.y sets it to 0 when AF
omitted). There's also a subtle name inconsistency between use of 'af'
and 'pd->af' (compare ICMP4 vs 6 cases),
Hi,
I've recently written czech keyboard layout to the console. It's
basically standard cz_qwertz layout with every character that
one might need from the us layout hidden under AltGr in the standard
way (as in X.org).
I don't know what's wrong about 29th layout in the kernel to get me
banned from
41 matches
Mail list logo