> > On 27.02.2017, at 16:10, Theo de Raadt wrote:
> >
> >>>
> >>> A patch to get away from SHA1 in dhcpd
> >>>
> >>
> >> HMAC-SHA1 is not affected by the published collision, but I'm not
> >> against switching the sync protocol to SHA2. Performance also doesn't
> >> matter that much here as the t
> On 27.02.2017, at 16:10, Theo de Raadt wrote:
>
>>>
>>> A patch to get away from SHA1 in dhcpd
>>>
>>
>> HMAC-SHA1 is not affected by the published collision, but I'm not
>> against switching the sync protocol to SHA2. Performance also doesn't
>> matter that much here as the typical sync rate i
> > A patch to get away from SHA1 in dhcpd
> >
>
> HMAC-SHA1 is not affected by the published collision, but I'm not
> against switching the sync protocol to SHA2. Performance also doesn't
> matter that much here as the typical sync rate is fairly small.
>
> Once done, it should also be done fo
On Sat, Feb 25, 2017 at 04:15:07PM +0100, Denis Fondras wrote:
> Hi,
>
> A patch to get away from SHA1 in dhcpd
>
HMAC-SHA1 is not affected by the published collision, but I'm not
against switching the sync protocol to SHA2. Performance also doesn't
matter that much here as the typical sync rat
> It does also need some notice to users that old+new aren't compatible.
> But as far as I'm aware SHA1 and even MD5 are still considered suitable
> for HMAC aren't they?
>
You are right Stuart.
On 2017-02-25, Denis Fondras wrote:
> Hi,
>
> A patch to get away from SHA1 in dhcpd
It does also need some notice to users that old+new aren't compatible.
But as far as I'm aware SHA1 and even MD5 are still considered suitable
for HMAC aren't they?
Hi,
A patch to get away from SHA1 in dhcpd
Index: sync.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/sync.c,v
retrieving revision 1.23
diff -u -p -r1.23 sync.c
--- sync.c 13 Feb 2017 23:04:05 - 1.23
+++ sync.c 25 Feb 20
Hi List,
i am using two machines in our network as DHCP servers and want to
synchronise them via the -Y and -y switches. After a while, they get out
of sync and have slight differences in their leasefiles. After
investigating a bit, i activated the sync_debug mode in
/usr/src/usr.sbin/dhcpd/sync.c
Hi again,
Since I am now seeing some IP address conflicts, I am understanding that
dhcpd lease synchronization is not working properly.
The funny thing is that I see dhcpd sync packets being sent through the
sync interface and being received at the other side.
I still can't see at the log
Hi,
I've the same problem for over 2 years now, never figured it out. Did not
invest much time though :-)
I tried it with multicast and unicast, currently its like that:
host 1
/usr/sbin/dhcpd -y 172.16.106.252 -Y 172.16.106.253 vlan703
host 2
/usr/sbin/dhcpd -y 172.16.106.253 -Y 172.16.106.252
Hi again,
The strange thing is that spamd is getting the sync messages from
the master firewall and updating the spamd tables and log files.
But, although the dhcpd sync messages seem to go through the
em0 iface, the dhcpd in the backup firewall is not displaying
sync updates in the log
Hi,
Thanks a lot for your hint.
Now, I can see (what I guess should be) the sync packets
going through the em0 iface:
07:54:32.877138 00:22:64:89:64:79 01:00:5e:00:01:f0 0800
142: 10.1.1.2.8067 > 224.0.1.240.8067: udp 100 [ttl 1]
(id 20862, len 128)
07:54:32.877187 00:22:64:89:67:6a 01:00:
B ...
> (DF) [tos 0x10] (ttl 255, id 8912, len 1472)
>
>
> When I run route -n get 224.0.1.240, I get:
>
> route to: 224.0.1.240
> destination: 224.0.0.0
> mask: 240.0.0.0
> interface: lo0
> if address: 127.0.0.1
> priority: 8 (static)
> flags:
> use B B
Hi again,
Is it possible that the dhcp sync messages are not being
sent/received through the sync iface (em0) because the
Ip address associated with this iface is not in the same
subnet of the IP addresses of the dhcpd servers?
Should I be able to view the sync packets on the lo0
iface?
kind reg
B B B 0
My questions are:
1) Why I cannot see the dhcpd sync packets
using tcpdump -nevvi em0?
2) Is there a way to verify that they are
in sync?
Thanks for any help.
Kind regards,
Jose
DHCP_SYNC_LEASE for hw
> 98:4b:e1:01:c5:e6 -> ip 10.30.216.96, start 0, end 0
>
> But when I try to start it on Selenium I get this error:
> dhcpd: sync init: Can't assign requested address
>
> When I try to start it using the host name instead, I get this:
> dhcpd: sync
cpd: sync init: Can't assign requested address
When I try to start it using the host name instead, I get this:
dhcpd: sync init: Device not configured
Additional details:
- I have the file /var/db/dhcpd.key on each server:
-rw-r--r-- 1 root wheel 2048 Nov 18 17:55 /var/db/dhcpd.key
- The
state (no-sync)
# spmd and dhcpd use multicasts to 224.0.1.240 for their sync
pass log quick on vlan20 proto igmp keep state (no-sync)
While testing dhcpd sync and devising a pf rule for it, looking at
'tcpdump -i vlan20' triggered the following remarks and questions:
a) It might be he
On 2008-05-21, Chris Kuethe <[EMAIL PROTECTED]> wrote:
> I'd say read the error a couple of times. DHCPD can't find the
> definition of "dhcpd-sync" in /etc/services.
>
> To see if there's a newer version of this file, you can check cvsweb
> (http://w
On 5/21/08, Insan Praja SW <[EMAIL PROTECTED]> wrote:
> Hi Misc@,
> Just update the kernel and userland from openbsd.de, and got the following
> message..
> myNiceMachine# dhcpd rl0
> dhcpd: Can't find service "dhcpd-sync" in /etc/services
>
> Anybody
On Thu, 22 May 2008 03:16:56 +0700, Chris Kuethe <[EMAIL PROTECTED]>
wrote:
sysmerge.. shiny... me likey..
Thanks Chris and Misc@
Insan
I'd say read the error a couple of times. DHCPD can't find the
definition of "dhcpd-sync" in /etc/services.
To see if there'
I'd say read the error a couple of times. DHCPD can't find the
definition of "dhcpd-sync" in /etc/services.
To see if there's a newer version of this file, you can check cvsweb
(http://www.openbsd.org/cgi-bin/cvsweb/src/etc/services) and patch it
in yourself or use the
dhcpd: Can't find service "dhcpd-sync" in /etc/services
Anybody can point me where to go?
Best Regards and Thanks,
--
insandotpraja(at)gmaildotcom
Update your /etc/services from -current sources or a snapshot.
Ken
--
insandotpraja(at)gmaildotcom
Hi Misc@,
Just update the kernel and userland from openbsd.de, and got the following
message..
myNiceMachine# dhcpd rl0
dhcpd: Can't find service "dhcpd-sync" in /etc/services
Anybody can point me where to go?
Best Regards and Thanks,
--
insandotpraja(at)gmaildotcom
24 matches
Mail list logo
