Re: bgpd/session.c+rde.c code explanation

> well, rde_main and session_main fork()... > While I'm at it, I can't see where "conf = calloc(1, sizeof(struct bgpd_config))" is free()'d. Denis

Re: bgpd/session.c+rde.c code explanation

* Denis Fondras [2014-05-06 10:12]: > > well, rde_main and session_main fork()... > While I'm at it, I can't see where > "conf = calloc(1, sizeof(struct bgpd_config))" is free()'d. please, if you want to help, be MUCH more precise (and get clear on what side of the fork() we are). With a report l

pf multiple match rules

Hi, with the following two match lines: match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y and the following pass line: pass in on $int_if inet proto tcp from 192.168.1.55 to any will the packets be translated to X.X.X.X

who develops NIC drivers?

i have some nics i want to discus about -- Hilsen Isak Åben op for det store amerikanske Netflix udvalg, lovligt og let: brug *www.unblock-us.com *

Re: who develops NIC drivers?

On Tue, May 06, 2014 at 01:09:01PM +0200, Isak Lyberth wrote: > i have some nics i want to discus about > Do you have any more details? What kind of NICs? There are some people in OpenBSD who developed NIC drivers, but it generally depends on the availability of the hardware, interest in the ch

Re: pf multiple match rules

On 05/06/2014 12:54 PM, Marko Cupać wrote: > Hi, > > with the following two match lines: > > match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X > match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y > > and the following pass line: > > pass in on $int_if inet proto tcp from 192.

Re: bgpd/session.c+rde.c code explanation

> please, if you want to help, be MUCH more precise (and get clear on > what side of the fork() we are). With a report like that I had to go > through large parts of code to ecventually maybe spot what you are > referring to. That doesn't help, that just costs time. I appreciate > the effort, but p

Re: who develops NIC drivers?

I am thinking Intel ET Quadport gigabit server cards 2014-05-06 13:09 GMT+02:00 Isak Lyberth : > i have some nics i want to discus about > > -- > Hilsen Isak > > Åben op for det store amerikanske Netflix udvalg, lovligt og let: brug *www.unblock-us.com > *

Re: who develops NIC drivers?

On 06/05/14 7:52 AM, Isak Lyberth wrote: I am thinking Intel ET Quadport gigabit server cards What about them? You need to be more forthcoming with the details and what it is that you're after. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed t

Lenovo Y510P laptop support

Hi all, yesterday just quick test from USB flash disk with OpenBSD installed about how well is OpenBSD working with Lenovo Y510P 2x NV GT755M SLI, core i7, 16GB RAM, hybrid HDD. Later I will send dmesg, but except of: VGAs (one can be removed to get access to Intel HD4600) wired network (Qualcom

Re: bgpd/session.c+rde.c code explanation

Denis Fondras writes: >> please, if you want to help, be MUCH more precise (and get clear on >> what side of the fork() we are). With a report like that I had to go >> through large parts of code to ecventually maybe spot what you are >> referring to. That doesn't help, that just costs time. I ap

Re: bgpd/session.c+rde.c code explanation

> By the OS, which cleans up after the process exits. If it wasn't that > way, we'd all have a much shorter uptime... > Thank you Jérémie :) I had not considered it as I can see ... free(ibuf_rde); ... free(ibuf_main); ... at the end of session_main() in session.c. Denis

dovecot-lda delivery failure: "can't expand ~/"

Hi folks, I'm preparing a new machine (OpenBSD 5.5, Dovecot 2.2.10) to replace an elderly but venerable (OpenBSD 4.3, Dovecot 1.0.10) mailserver. Access from mail clients to the IMAP Maildirs is working fine (so it's not an auth issue, I think), but local mail delivery (to/from system users) i

Re: who develops NIC drivers?

On Tue, May 6, 2014 at 1:52 PM, Isak Lyberth wrote: > I am thinking Intel ET Quadport gigabit server cards > > Well more details like dmesg, pcidump or output from other systems about details of those cards and what you want to do in fact will be fine for sure. Because such cards seems to be "sup

Re: bgpd/session.c+rde.c code explanation

Denis Fondras writes: >> By the OS, which cleans up after the process exits. If it wasn't that >> way, we'd all have a much shorter uptime... >> > > Thank you Jérémie :) > I had not considered it as I can see > > ... > free(ibuf_rde); > ... > free(ibuf_main); > ... > > at the end of session_mai

Re: dovecot-lda delivery failure: "can't expand ~/"

Steve Fairhead writes: > Hi folks, Hi, > I'm preparing a new machine (OpenBSD 5.5, Dovecot 2.2.10) to replace an > elderly but venerable (OpenBSD 4.3, Dovecot 1.0.10) mailserver. Access > from mail clients to the IMAP Maildirs is working fine (so it's not an > auth issue, I think), but local ma

Re: dovecot-lda delivery failure: "can't expand ~/"

jca said: >> I use the dovecot, just to fill and access my maildir (no listener or auth involved), with ''dovecot-lda -kc conffile'' from my .forward. It uses the environment to expand my ~/Maildir path, and userdb { driver = passwd } (just to avoid spam about disabling the duplicates database).

Re: dovecot-lda delivery failure: "can't expand ~/"

On 06/05/2014 14:56, Jérémie Courrèges-Anglas wrote: I use the dovecot, just to fill and access my maildir (no listener or auth involved), with ''dovecot-lda -kc conffile'' from my .forward. It uses the environment to expand my ~/Maildir path, and userdb { driver = passwd } (just to avoid spam a

Re: bgpd/session.c+rde.c code explanation

On Tue, May 06, 2014 at 01:45:57PM +0200, Denis Fondras wrote: > > please, if you want to help, be MUCH more precise (and get clear on > > what side of the fork() we are). With a report like that I had to go > > through large parts of code to ecventually maybe spot what you are > > referring to. Th

Re: bgpd/session.c+rde.c code explanation

On Tue, May 06, 2014 at 02:49:00PM +0200, Denis Fondras wrote: > > By the OS, which cleans up after the process exits. If it wasn't that > > way, we'd all have a much shorter uptime... > > > > Thank you Jérémie :) > I had not considered it as I can see > > ... > free(ibuf_rde); > ... > free(ibu

Re: bgpd/session.c+rde.c code explanation

On Tue, May 06, 2014 at 03:32:06PM +0200, Jérémie Courrèges-Anglas wrote: > Denis Fondras writes: > > >> By the OS, which cleans up after the process exits. If it wasn't that > >> way, we'd all have a much shorter uptime... > >> > > > > Thank you Jérémie :) > > I had not considered it as I can

pftop and systat with new queueing

Hi, I have just upgraded (actually reinstalled from scratch) one of my firewalls to 5.5 release, and I have noticed that 'systat queues' no longer shows P/S and B/S values. pftop does not show queues at all. Was nice to see those values in real time. Are they gone for good, or developers need som

Re: bgpd/session.c+rde.c code explanation

* Denis Fondras [2014-05-06 14:49]: > > By the OS, which cleans up after the process exits. If it wasn't that > > way, we'd all have a much shorter uptime... > Thank you Jérémie :) > I had not considered it as I can see > > ... > free(ibuf_rde); > ... > free(ibuf_main); > ... > > at the end of

Re: bgpd/session.c+rde.c code explanation

Claudio Jeker writes: > On Tue, May 06, 2014 at 03:32:06PM +0200, Jérémie Courrèges-Anglas wrote: >> Denis Fondras writes: >> >> >> By the OS, which cleans up after the process exits. If it wasn't that >> >> way, we'd all have a much shorter uptime... >> >> >> > >> > Thank you Jérémie :) >> >

Re: queueing question

Hi, One thing worth mentioning.. Queuing only works on 'Egress', not ingress. So if you want to queue downstream traffic from the Internet, you need to queue it as it egresses the internal interfaces. If you have a LAN and a DMZ however and you queue on each interface you will have to slice

"icanhaze.c" OpenSSH exploit?

Does anyone have any information that can share? http://pastebin.com/raw.php?i=gjkivAf3 Thanks, Dustin Lundquist

Re: "icanhaze.c" OpenSSH exploit?

Le 06/05/2014 18:50, Dustin Lundquist a écrit : > Does anyone have any information that can share? > > http://pastebin.com/raw.php?i=gjkivAf3 > > https://lists.cacert.org/wws/arc/cacert-sysadm/2014-05/msg1.html

Re: bgpd/session.c+rde.c code explanation

* Claudio Jeker [2014-05-06 17:41]: > This was done to be able to spot memory leaks on shutdown. > Not used that part of the code in a long time. Maybe it is time to remove > this bad habit. nah, being able to apply leakfinder.shar to find memleaks is still valuable. yes, requires a bit of work

Re: pf multiple match rules

* Marko Cupać [2014-05-06 12:55]: > Hi, > > with the following two match lines: > > match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X > match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y > > and the following pass line: > > pass in on $int_if inet proto tcp from 192.168.

Re: pftop and systat with new queueing

* Marko Cupać [2014-05-06 17:55]: > Was nice to see those values in real time. Are they gone for good, or > developers need some time to adjust them for new queueing mechanism? that's what it comes down to. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.d

Re: "icanhaze.c" OpenSSH exploit?

On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote: > Does anyone have any information that can share? > > http://pastebin.com/raw.php?i=gjkivAf3 OpenBSD isn't affected, so no need to worry.

Re: "icanhaze.c" OpenSSH exploit?

On 06 May 2014, at 19:32, Ted Unangst wrote: > On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote: >> Does anyone have any information that can share? >> >>http://pastebin.com/raw.php?i=gjkivAf3 > > OpenBSD isn't affected, so no need to worry. Thanks, now I do worry.

Re: pftop and systat with new queueing

On Tue, May 6, 2014 at 9:55 AM, Marko Cupać wrote: > I have just upgraded (actually reinstalled from scratch) one of my > firewalls to 5.5 release, and I have noticed that 'systat queues' no > longer shows P/S and B/S values. pftop does not show queues at all. > > Was nice to see those values in r

Re: "icanhaze.c" OpenSSH exploit?

Em 06-05-2014 15:27, Franco Fichtner escreveu: > On 06 May 2014, at 19:32, Ted Unangst wrote: > >> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote: >>> Does anyone have any information that can share? >>> >>>http://pastebin.com/raw.php?i=gjkivAf3 >> OpenBSD isn't affected, so no need to

Re: "icanhaze.c" OpenSSH exploit?

On Tue, May 06, 2014 at 16:30, Giancarlo Razzolini wrote: > Em 06-05-2014 15:27, Franco Fichtner escreveu: >> On 06 May 2014, at 19:32, Ted Unangst wrote: >> >>> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote: Does anyone have any information that can share? http://pastebi

Re: Yaifo WIP

Jona Joachim joachim.cc> writes: > As Miod suggested off list, this was due to the fact that the necessary > devices were not created in /dev. This is fixed in the updated tarball: > > > http://joachim.cc/files/yaifo-55beta-wip.tar.gz > > asterix% ssh root 10.0.0.17 > Enter passphrase for key '

Re: "icanhaze.c" OpenSSH exploit?

Em 06-05-2014 16:50, Ted Unangst escreveu: > On Tue, May 06, 2014 at 16:30, Giancarlo Razzolini wrote: >> Em 06-05-2014 15:27, Franco Fichtner escreveu: >>> On 06 May 2014, at 19:32, Ted Unangst wrote: >>> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote: > Does anyone have any infor

Re: question about pppoe(4) and IPv6

On 2014-05-02, Brad Smith wrote: > On 02/05/14 10:24 AM, Peter J. Philipp wrote: >> On 05/02/14 16:13, Stefan Sperling wrote: >>> OpenBSD doesn't support IPv6 autoconf on routers (i.e if forwarding >>> is enabled). Some ISPs have started using autoconf to assign a >>> global prefix for use on the

Re: "icanhaze.c" OpenSSH exploit?

Giancarlo Razzolini [grazzol...@gmail.com] wrote: > My gut feeling when I first read your message was that you're joking. > But, since it was a subtle joke, I got suspicious. Better to safe than > sorry. Anyway, I hardly believe the post is real. If they *at least* > offered to proof it, by exploit

Strange behaviour on the console with Metakey

hello, i am using 'mg' on the console (not x11) and everythings works as expected. When I type 'Alt-F', I go forward one word. When I am using XEmacs or GNU Emacs (24) on the console, I can't use 'Alt-F'. Nothing happens. I discovered this on OpenBSD 5.4, but I have the same problem with Open

Re: "icanhaze.c" OpenSSH exploit?

On Tue, May 06, 2014 at 02:32:16PM -0700, Chris Cappuccio wrote: > Giancarlo Razzolini [grazzol...@gmail.com] wrote: > > My gut feeling when I first read your message was that you're joking. > > But, since it was a subtle joke, I got suspicious. Better to safe than > > sorry. Anyway, I hardly belie

Re: "icanhaze.c" OpenSSH exploit?

> On Tue, May 06, 2014 at 02:32:16PM -0700, Chris Cappuccio wrote: > > Giancarlo Razzolini [grazzol...@gmail.com] wrote: > > > My gut feeling when I first read your message was that you're joking. > > > But, since it was a subtle joke, I got suspicious. Better to safe than > > > sorry. Anyway, I ha

Re: 5.5 upgrade and wpi Firmware

On 2014-05-02, Kevin Chadwick wrote: > previously on this list Axel contributed: > >> > Specifically: >> > wpi-firmware-3.2p1 firmware binary images for wpi(4) driver >> > >> > I checked in the ports and there appears to be none! >> > >> > ftp://ftp.openbsd.org/pub/OpenBSD/5.5/packages/i386/ >> >

Re: Problems with PPPoE, VLAN, 5.5 (amd64)

On 2014-05-02, Thorsten Bonck wrote: > On Fri, May 02, 2014 at 08:14:40PM +, Peter J. Philipp wrote: >> On Fri, May 02, 2014 at 09:14:16PM +0200, thors...@bonck.net wrote: >> > > maybe you could try to put pppoe0 on rl0, untag vlan10 on switch port >> > > where rl0 is connected and tag other v

Re: Dual connections not Load Balancing

What you want is very similar to the load balancing example in faq/pf/pools.html, but rather than using one route-to rule with a round-robin address pool with multiple addresses used for packets "from $lan_net", you want two route-to rules, one for "from $wireless_lan_net" using "adsl wan 1" in the

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

What arch is this Daniel? I've done multiple 5.4->5.5 upgrades with OpenLDAP/bdb without need for additional steps, but they were all on amd64. On 2014-05-02, LEVAI Daniel wrote: > Hi! > > I've recently upgraded one of my systems to 55 from 54 (btw, for me, the > most painful upgrade since ~3.9;

Re: who develops NIC drivers?

i will provide some outputs tonight 2014-05-07 8:12 GMT+02:00 Isak Lyberth : > i will make some dumps tonight > > > 2014-05-06 23:56 GMT+02:00 Brad Smith : > > On 06/05/14 8:31 AM, Isak Lyberth wrote: >> >>> They are not discovered by OpenBSD when i put them in my computer at >>> home. they are