Hello,
I'm running the latest snapshot on a thinkpad T400 witha an intel GM45 intel
video card.
After some use I get errors in dmesg and sometimes it glxinfo reports switching
to sw rendering, it can always be triggered simply by trying to use youtube in
chromium.
Even when glxinfo reports st
On Wed, Nov 13, 2013 at 12:12:47PM +, Alexey E. Suslikov wrote:
> Tomas Bodzar gmail.com> writes:
>
> > Right, my fault. Missed complete path in output. Those are for Haswell
>
> Looking at mentioned commits, at least cursor update diffs aren't
> strictly Haswell related. So Mesa update.
>
I
On Wed, Nov 13, 2013 at 03:06:08PM +0200, Alexey Suslikov wrote:
> On Wed, Nov 13, 2013 at 2:30 PM, Claudio wrote:
> > On Wed, Nov 13, 2013 at 12:12:47PM +, Alexey E. Suslikov wrote:
> >> Tomas Bodzar gmail.com> writes:
> >>
> >> > Right, my fault.
On Wed, Nov 13, 2013 at 03:20:58PM +0200, Alexey Suslikov wrote:
> On Wed, Nov 13, 2013 at 3:18 PM, Claudio wrote:
> > On Wed, Nov 13, 2013 at 03:06:08PM +0200, Alexey Suslikov wrote:
> >> On Wed, Nov 13, 2013 at 2:30 PM, Claudio wrote:
> >> > On Wed, Nov 13, 2013
performance when playing html5 videos, I've
tried chromium , xombrero and midori and they all work fine while firefox
playback is choppy when it's at his best else it just saturates the cpu and
freezes the browser.
No output or errors are disaplyed when unsing firefox started from a terminal.
Claudio
reproducible in -current?
>
> Good luck.
>
> On 14 November 2013 22:07, Claudio wrote:
> > Hello,
> >
> > On my laptop firefox cpu usage spikes to 100% when trying to play an html5
> > video on youtube, the situation is slightly better on other sites but s
Hello,
When startig X on the latest snapshot the kernel paniced, I was stupid enough
not to run the suggested command at the ddb prompt because I forgot.
Here's the error it reported:
uvm_fault(0xfe823cb0c468, 0x278, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at radeon_vm_bo_add
Hello,
On the latest snapshot when trying to install speex (it's brought in by
firefox) it fails since it can't find /usr/lib/libsndio.so.5.0 ,
libsndio.so.6.0 is present instead.
It needs rebuilding.
Hello
I've decided to give gnome 3.10 a shot in the latest current snapshot.
Here are some of the issues big and small I've encountered:
1- gdm fails to start, or better it starts but the frowny face comes up saying
that there's been an error and to logout. After that it either goes to a black
lookup the last entry that mabo was
> able to parse, and look at the next entry in bgpdump (presumably the
> one triggering the failure), does that give any clues about what
> the problem might be?
>
I guess this is the same bug reported in Dec last year and fixed in rev
1.356 of session.c. So this is fixed in 6.1 and -current but not in 6.0.
--
:wq Claudio
.1 }
>
> relay www {
> listen on thelang.space port 443 tls
>
> forward to check tcp port 8080
> }
>
> $ doas relayd -d
> startup
> /etc/relayd.conf:7: cannot load certificates for relay www
> no actions, nothing to do
> hce exiting, pid 2324
> pfe exiting, pid 21204
> ca exiting, pid 18722
> ca exiting, pid 45718
> ca exiting, pid 79639
> relay exiting, pid 31292
> relay exiting, pid 32940
> relay exiting, pid 75225
>
> $ ls /etc/ssl/thelang.space.crt
> /etc/ssl/thelang.space.crt
> $ doas ls /etc/ssl/private/thelang.space.key
> /etc/ssl/private/thelang.space.key
>
You need to use IP addresses not domain names for the cert name.
e.g. /etc/ssl/127.0.0.1.crt ect
--
:wq Claudio
ng table will spontaneously change from
> 10.1.1.2 to G. What could be causing the routing table to spontaneously
> change in this manner without my intervention?
>
Most probably dhclient(8).
--
:wq Claudio
On Sun, Jul 02, 2017 at 08:27:36AM +, Stuart Henderson wrote:
> On 2017-07-01, Claudio Jeker wrote:
> > On Sat, Jul 01, 2017 at 04:48:05PM +0200, tonypon...@mail.com wrote:
> >> I use an ssh tunnel for a VPN on OpenBSD 6.1. To initiate the VPN
> >> connection,
e for
the big lock since it reduces the packet loss and so TCP suffers less.
The latency increase is something we decided to accept since we're not
that latency sensitive.
The long term plan is actually to get rid of this queue and knob but we're
not right there yet.
--
:wq Claudio
> i386 -curren?
>
They are both similarly bad. I think it would not matter which one you
use.
--
:wq Claudio
have tried both "match request quick path" and "match request quick url"
> > but what I noticed is that as soon as you have visited one of the URLs that
> > needs forwarding to a different host you end up at the for all
> > subsequent requests.
> > With "match request quick url" this is to be expected as it checks
> > everything up to /.
> >
> > For example:
> >
> > http://example.com/ -> wwwhost
> > http://example.com/crm/ -> otherhost
> > http://exmaple.com/folder/ -> otherhost
> >
> > Is this expected behaviour for "match request quick path" as well?
> > Is there any way to do this type of load balancing?
> >
> > Thanx!!
> >
> > Mischa
> >
>
--
:wq Claudio
ow to make this work on 6.2?
>
Remove one of the two lines.
--
:wq Claudio
rk? I intend to share dmesg to dmesg@
> and nycbug's dmesgd.
>
The R440 need IIRC at least 6.3 to support the H740p RAID controller.
Apart from that they work.
--
:wq Claudio
ader "Host" value "www.example.com"
I'm not sure why you do this. In general I leave the Host parsing to the
backend servers. Also I think Host may include the port number if it is
not a default port.
> }
>
> relay wwwrelay {
> listen on em1 port 443 tls
> protocol wwwproto
> transparent forward to lo port http
On hig volume servers I would not use transparent forwading but instead
set the X-Forwarded-For header. Also transparent needs help from pf.
> }
>
--
:wq Claudio
nless they run as superuser. It is not perfect but
neither is the linux or freebsd solution when it comes to networking.
--
:wq Claudio
; ifconfig: SIOCSIFRDOMAIN: File exists
> ifconfig: SIOCSIFRDOMAIN: File exists
> add net default: gateway 127.0.0.1
> add net default: gateway 127.0.0.1
> add net default: gateway 127.0.0.1
> reordering libraries: done.
> starting early daemons: syslogd pflogd unbound ntpd.
> starting RPC daemons:.
> savecore: /bsd: kvm_read: version misread
> checking quotas: done.
> kvm_mkdb: can't open /dev/ksyms
> clearing /tmp
> kern.securelevel: 0 -> 1
> creating runtime link editor directory cache.
> preserving editor files.
> starting network daemons: sshd dhcpd smtpd.
> starting package daemons: siproxd dhcpd2(failed).
> starting local daemons: cron.
> Sun Jul 1 06:15:17 CEST 2018
>
>
>
>
>
--
:wq Claudio
-queue and therefor a simple cat
bigfile will not fill the cache. You would need to read the file multiple
times and even then you may not manage.
--
:wq Claudio
are never put in high mem or actually flipped down when written.
In short the buffer cache is a complex beast and the few statistic numbers
systat are not enough to correctly understand the various states buffers
can be in.
--
:wq Claudio
ng the same?
> Is there something obvious I am missing?
Did you check the cable?
Also did it work before? Or is this a new install?
--
:wq Claudio
> All I found on this was this old thread:
> http://openbsd-archive.7691.n7.nabble.com/Forcing-re-driver-to-1000baseT-no-connection-4-4-re
The amount of bugs we hit because of such
features are countless. NFS and multicast packets are just two things to
mention which broke on Intel cards when enabling some of the offloading
features. I lost interest in offloading since CPUs are now fast enough.
--
:wq Claudio
files or users, again this
needs to be done by hand but often does not hurt (until it does and then
it causes strange issues).
In general if you install from snapshots most of current.html does not
apply and this is why it is the prefered way to stay -current.
--
:wq Claudio
and full logs of both incidents if necessary.
>
Are you using templates (aka neighbors with a netmask in the config)?
The peer id seems to suggest that...
If so can you add 'announce restart no' to the template and recheck?
I think the issue is that a clone of a previous neighbor is created on
reconnect and then the stale routes (from graceful reload) and the new
routes of this clone are identical. I need to look into this a bit more
(just returned from vacation).
--
:wq Claudio
t(1)
for this. What linux offers is at best best-effort and sometimes wrong.
--
:wq Claudio
4 {
> descr "C-1"
> remote-as 64555
> local-address 198.51.100.252
> announce default-route
> }
> }
> match from any set { origin igp }
> allow from any
> deny to any
> allow to any prefix 198.51.100.164/32
> allow to any prefix 203.0.113.0/24 prefixlen >= 24
> allow to group "C_NETS"
>
--
:wq Claudio
ne but I'm not so sure about any other system. Also flaping
sessions because of too aggressive holdtime is counterproductive the
session flap dampening will kick in and will keep session longer down than
needed.
In the end, like with most tuning, you need to check for yourself with what
you are comfortable with.
--
:wq Claudio
;continue the
> connection with synproxy in place", which in my mind implies "synproxy
> state" ?
Syncookies are similar to synproxy but unlike synproxy they don't create
state on the initial SYN (only on the ACK sent back as repsonse to the
syncookie). It does similar to synproxy only open the backend connection
once the 3-way handshake is finished.
--
:wq Claudio
t added).
>
>
> The only way I have found so far, is to restart the ospfd daemon, but
> that seems a bit excessive - recalculations and all that. By the way,
> I am running ospfd with "-d" - do not daemonize. Any suggestions?
>
> Running OpenBSD 6.3, tried on octeon and amd64, same behaviour.
>
> I will be happy to supply any information requested.
>
This smells like a bug - unsure if it is fixed in -current.
What does `ospfctl show int` show?
--
:wq Claudio
ion resumes, as in all layer3+
> services start functioning again: icmp, nfs, ssh etc
>
Since your policy is from 0.0.0.0/0 to 0.0.0.0/0 all traffic will end up
in the ipsec tunnel. I doubt this is what you want. IPsec flows steal the
traffic before routing happens. I think you need to refine your policy
also check with tcpdump what happens on enc0, etc. pp.
--
:wq Claudio
? or
> just not necessary?
>
Until now there has not been a need for this. In general and probably best
common practice is to not mix BGP and OSPF. Instead OSPF is building the
underlaying network to run BGP on top of. This is why benno@ was asking
for the use case.
By the way, because of the nature of OSPF it does not make sense to tag
routes by interface, doing it by area could be an option but that comes
with some edge cases that need further inspection.
--
:wq Claudio
selection that results in problems
> > (specifically multiple routers thinking they were all DR) after a
> > netsplit if there was no link-state change. This was already fixed
> > though so if you are running 6.3+ and still seeing problems, please
> > send a bug report with some information.
> >
> >
>
--
:wq Claudio
..@nevtelen.com) on 2018.10.16 15:11:51 +0200:
> > > > On Tue, Oct 16, 2018 at 10:21:37AM +0200, Claudio Jeker wrote:
> > > > > On Tue, Oct 16, 2018 at 09:13:20AM +0200, open...@kene.nu wrote:
> > > > > > Hello,
> > > > > >
> > > > &g
o put above:
>
> ### for simple BGP setups, no editing below this line is required ###
>
> ...in order to set nexthop per upstream neighbor, if possible?
The new ruleset has a few deny quick rules in it. Make sure you don't hit
one of those.
It would be helpful to see the full ruleset as shown with 'bgpd -nv'
--
:wq Claudio
! = invalid
> :origin: i = IGP, e = EGP, ? = Incomplete
> :
> :flags ovs destination gateway lpref med aspath origin
> :elisheva:~$ doas pfctl -Ts -t bgp_spamd
> :elisheva:~$ doas pfctl -Ts -t bgp_spamd_bypass
> :elisheva:~$
> :--8<--
> :
> :Any hints as to how to further diagnose? I’ve tried most conceivable
> additional arguments to `bgpctl show rib` and I haven’t found a way to list
> entries yet. Log entries are benign ((re)configuration success messages).
> :
> :Thanks,
> :
> :Ashe
> :
>
> --
> For those who like this sort of thing, this is the sort of thing they like.
> -- Abraham Lincoln
>
--
:wq Claudio
e about the recently introduced "network inet6
> priority 1", I guess that could fit with some appropriate filtering.
> Thanks!
Another option is to set the rtlabel on the interface and then use network
rtlabel to redistribute it.
--
:wq Claudio
On Mon, Oct 29, 2018 at 10:26:40PM +0100, Pierre Emeriaud wrote:
> Le lun. 29 oct. 2018 à 22:04, Claudio Jeker a
> écrit :
> >
> > Another option is to set the rtlabel on the interface and then use network
> > rtlabel to redistribute it.
>
> I tried that, b
icitly setting it didn’t give me any luck.
> >
> >> On Nov 7, 2018, at 2:33 AM, J Evans <3...@startmail.com> wrote:
> >>
> >> I am by no means an expert, but for my setup, in order to get multiple
> >> policies working, I had to specify both srcid and dstid for each policy on
> >> the passive peer. And then I set srcid and dstid for the policies on the
> >> active peers.
> >>
> >
--
:wq Claudio
that this is the common arch
every developer has access to.
In the end running OpenBSD gives you as many security features turned on
by default as nowhere else.
--
:wq Claudio
ee why bgpctl should not work.
If there are no errors logged in the httpd error log then you could try to
ktrace -di the slowcgi process and see why bgplg and bgpctl fails.
--
:wq Claudio
not need NAT here?
>
You need to add routes for your internal network on ext_fw and on the DNS
box. They need to know that those networks are reachable via int_fw. These
routes are more specific and will make sure that the traffic has a path
back to int_pc.
--
:wq Claudio
e route.
I normally use carp on both sides and use 'network X/Y set nexthop $CARPIP'
Where $CARPIP is the external carp IP shared between the two routers. In
this case both systems announce the same network with the same nexthop
(the carp IP) to the next routers and so no rerouting happens if the
master dies. This only works if the systems share a lan segement for ebgp
sessions.
--
:wq Claudio
, should the routers just recover then from this scenario even if it
> > was happening due to lost packets, CPU pause etc.
>
> I think so. But it may take quite a while. It might also be an bug in ospfd
> or in another implementation.
Since this issues happen with 5.8 and 6.4 ospfd I would suggest to update
to at least 6.6 (especially the 5.8). IIRC there was some issue with ospfd
neighbor selection that caused troubles when sessions flapped. This was
fixed some time ago but I doubt 5.8 has that fix in.
--
:wq Claudio
lds but the timeline got a bit mixed up. Unless someone
steps up ADD_PATH will not show up in the 6.8 release but probably in 6.9.
--
:wq Claudio
oming and outgoing
filters. So you need to check your ruleset and maybe add some additional
filters. Something like
allow from ibgp
allow to ibgp
may do the trick.
--
:wq Claudio
.
>From that we can see what the syscalls are issued and if there is indeed
an error on shutdown().
--
:wq Claudio
te being provided by the bgp speakers.
> >
> > Hope this makes sense. I am sure I am missing something obvious...
> >
> > Effectively I want the bgp speakers to announce themselves as the default
> > route for their neighbor firewalls over ospf.
> >
> > Thanks
> >
--
:wq Claudio
>
> Is that the best/general practise in general?
I would use a -blackhole route (no need to send out ICMP messages) but
yes, that is what I normally use in such a case (at least for the DFZ).
> Cheers
>
> Richard
>
> On Mon, Apr 27, 2020 at 8:25 AM Claudio Jeker
>
s AS 0 and this is what
triggers. You normally get the error on the initial sync.
I wanted to make the error better an include ASPATH / prefix but at the
time this problem happens this information is not available. Time to look
at this again so that the finger pointing is more helpful.
--
:wq Claudio
t the tcpdump output there is something strange with the various
reported length fields. Is it possible to get the raw packet dumps?
--
:wq Claudio
On Tue, May 05, 2020 at 10:51:40AM +0200, Claudio Jeker wrote:
> On Tue, May 05, 2020 at 09:07:34AM +0100, Richard Chivers wrote:
> > After some more work this morning we have managed to extract the
> > information from tcpdump of the full LS-Update packet, we couldn't se
On Wed, May 06, 2020 at 09:33:11AM +0100, Richard Chivers wrote:
> Hi,
>
> Some progress has been made, we can now replicate this consistently and it
> appears that whenever a LS update exceeds the mtu (1500) we get this issue
> of lsa_check bad age.
>
> When running with
t you are advertising a lot
of stub networks in the router lsa. stub networks are from interface rules
that are passive or have no active peers. So to reduce the size of the
router LSA an option is to remove some of the interfaces and change them
to redistribute connected which uses Type-5 LSA instead.
--
:wq Claudio
> > rt_tableid_max (and new rt_tableid_mask and bits values too), my whole
> > userland throw an rtable / rdomain too large error.
> > Is there behaviour change?
> > The only thing changed (as i know) it is news net/trable.c struct to map
> > loopback to domain, where there is only 8 unused bits to which i can expand
> > tableid value.
> >
> >
--
:wq Claudio
um value was limited to u_int16_t in some deep places,
> > but nowadays there is only 8 bits allocated to it based on the struct + 8
> > unused bits which i hop i can safely add to allocation.
> > I worried these unused bits are not guaranteed to users, so actually the
>
run diskless but not sure if it works well, that depends on
your workload and opinion.
--
:wq Claudio
Hello,
any of the list members came across a kernel panic caused by running
/usr/X11R6/bin/video ?
$ video
fatal protection fault in supervisor mode
http://155.138.134.219/videokernelcrash.jpg
OpenBSD 6.7-current (GENERIC.MP) #204: Thu May 21 11:44:48 MDT 2020
dera...@amd64.openbsd.org:/u
fault:
>
> bgpd:\
> :openfiles=512:\
> :tc=daemon:
>
> How can I pinpoint the source of the problem ?
>
Can you check and monitor with ps aux | grep bgpd and or top the VSZ and
RSS of the RDE process. What is the maximum you notice. Also how do you
start bgpd? Make sure the limits from login.conf are actually applied
(using rcctl start should do that while doas bgpd would not).
Cheers
--
:wq Claudio
east that is my
experience.
Better to look for an M3000 or M4000 or as suggested for a T4-1. Also make
sure you get good CPUs in them (esp. the M4000 comes with a few options).
--
:wq Claudio
etter to do the rtable change on input. By doing so you
actually save an extra route lookup (the one on rtable 0 hitting the dummy
route).
--
:wq Claudio
s to prefer announcements from the neighbor which is
the originator. To do this you can use a rule like:
match from ebgp source-as neighbor-as set med +100
Now it is a bit strange that an AS is prepending on peering. I wonder why
they do that (is their connection to the IX undersized?).
--
:wq Claudio
n is skipped and only state matching happens. In
that case you can get EACCESS for connections that would normally be
allowed by pf(4).
--
:wq Claudio
Thank you very much,
you made a difference in a teacher's life.
Regards
Laurence Tratt wrote:
> Lots of us have to use webcams more than we used to. There have been
> some recent changes in OpenBSD support for webcams that some might
> find useful. Most of the hard work was done by Marcus Glo
e an option.
--
:wq Claudio
un
> Fire V215 SAS drives?
Any spinning rust is slow compared to SSD disks. I run my Fire V215 with a
NVME disk for the busy partitions (but boot from the SAS drives). This is
not really possible with the primepower 250 (hard to find any kind of SSD
for that system).
--
:wq Claudio
u may be able to limit the input as well.
I guess in this simple setup it does not matter to have simple allow
filters since this bgpd instance is not connected to the default free zone
and so there is less risk of leaking or receiving leaked routes. In
general if your BGP setup has more than one external neighbor you need to
take care of your filters to make sure that you don't leak updates from
one neighbor to the other.
--
:wq Claudio
On Mon, Jul 15, 2019 at 11:33:45PM -0700, BSD user wrote:
>
>
> On 7/14/19 11:24 PM, Claudio Jeker wrote:
> > On Sun, Jul 14, 2019 at 07:28:29PM -0700, BSD user wrote:
> > >
> > >
> > > On 7/14/19 12:52 AM, Denis Fondras wrote:
> > > > On
it cards.
--
:wq Claudio
>
> Sent from a teeny tiny keyboard, so please excuse typos
>
> > On 2 Aug 2019, at 09:52, Jonathan Gray wrote:
> >
> >> On Fri, Aug 02, 2019 at 09:19:09AM +0100, Andy Lemin wrote:
> >> Hi list,
> >>
> >> I know
;
> >>> I’m not at my computer at the moment so can’t share the exact errors, but
> >>> thought I’d ask as it feels like I’m missing something obvious!
> >>>
> >>> Maybe I need some extra build options or static library references to
> >>> make it as smooth as the built in Unbound? Or maybe I should be using a
> >>> different source?
> >>>
> >>> Any initial thoughts? I’ll post exact errors as soon as I can.
> >>
> >> Initial thoughts are "did you use the same configure flags as much as
> >> possible
> >> as the build in base". Really need to see the errors to be able to make any
> >> more detailed suggestions.
> >>
> >> The default install can't include Python support, because the default
> >> install
> >> of Unbound is in the base OS, and Python isn't.
> >>
> >>
--
:wq Claudio
to identify synfloods but pfctl -ss will
probably show them as well (up to the moment where pf decides to switch to
syncookies).
--
:wq Claudio
lem is in the error handling of one of the filter codes
which leaks an fd. At least I suspect that the error message about filter
type is suggesting that.
--
:wq Claudio
:55)
> >
> > *** Parse error: Need an operator in 'endif' (Makefile.common:61)
> >
> > Bad modifier: , ,$(shell go env GOPATH)))
> >
> > Bad modifier: , ,$(shell go env GOPATH)))
> >
> >
> > Given the popularity of Prometheus, I'm sure someone on-list must be
> > actively running it ?
> >
> > Thanks !
> >
> > Rachel
> >
>
--
:wq Claudio
:9f em1 0 flags=0<>
> 38:f9:d3:47:db:54 em1 1 flags=0<>
> 48:bf:6b:e6:27:c2 em1 0 flags=0<>
> 74:d4:35:80:51:91 em2 1 flags=0<>
> 74:44:01:81:9b:7e em1 0 flags=0<>
>
> --
> Kindest regards,
> Tom Smyth.
--
:wq Claudio
On Fri, Sep 20, 2019 at 10:36:11AM +0200, Rachel Roch wrote:
> Claudio,
>
> pkg_add node_exporter ?
>
> I already had a good look at the package list on the FTP mirror and
> can't see any node_exporter there ? pkg_add seems to agree with me, it
> says "can't
with "group", though it's not very convenient to change the
> output format now ..
Better now than later. You could add the name/ip to the end.
--
:wq Claudio
re needed to open the raw socket after that privs are
dropped. Also check the mail from Theo about nosuid mount option on /var
> OpenBSD version is 6.5 amd64.
>
> Is there anything I am missing that I would need to do in order to make
> this work?
> Thanks in advance!
> -Henry
--
:wq Claudio
g the prefixes with a different community (first set community on all
routes and then delete community again from those where you set the other
community).
Adding a 'not' option to community matching should be possible. I will
look into that after 6.6 is out.
--
:wq Claudio
>
> > You won't convince us to make a global which people don't understand...
> >
>
> This "strong" model is a bad fit for routers.
>
> When this model is needed we have pf (antispoof or urpf-failed).
> Alternatively rdomains can be used (put a network interface with management
> services on it in a separate rdomain).
>
The BSD systems and IIRC most unix systems have been following the
weak host model. As mentioned the weak model has a lot of benefits.
I see no point in changing this.
--
:wq Claudio
here any kernel parameter to control these behaviours, like
> net.inet.ip.check_interface for FreeBSD or NetBSD?
We don't have a button and just follow the "Weak Host Model".
You can enforce a strong model per interface with pf(4):
block in on !em0 inet to (em0)
or
block in
pass in on em0 to (em0)
pass in on em1 to (em1)
--
:wq Claudio
ound 72. Additionally you
can use !fmt with movement chars to reformat sections. I use !{fmt
or {!}fmt frequently to reformat the paragraph I'm in.
--
:wq Claudio
So should this sysctl be retired, or is there an indirect accessor path I
> did not find?
Yes, I agree this is dead and could be GC-ed.
--
:wq Claudio
dap_extended(struct request *req)
> {
> int i, rc = LDAP_PROTOCOL_ERROR;
> char*oid = NULL;
> - struct ber_element *ext_val = NULL;
> struct {
> const char *oid;
> int (*fn)(struct request *);
> @@ -307,11 +306,11 @@ ldap_extended(struct request *req)
> { NULL }
> };
>
> - if (ber_scanf_elements(req->op, "{se", &oid, &ext_val) != 0)
> + if (ber_scanf_elements(req->op, "{s", &oid) != 0)
> goto done;
>
> log_debug("got extended operation %s", oid);
> - req->op = ext_val;
> + req->op = req->op->be_sub->be_next;
>
> for (i = 0; extended_ops[i].oid != NULL; i++) {
> if (strcmp(oid, extended_ops[i].oid) == 0) {
OK claudio@
--
:wq Claudio
So nobody is using syncookies/synproxy at all?
I guess that is a reasonably safe assumption. syncookies are rather new
and probably need more battle testing. synproxy never helped me much in
case of a SYN attack since it will cause pf(4) to hit the state limit no
matter what you do and then stuff starts to break.
--
:wq Claudio
not work well.
One way to work around this is using rdomains another is renumbering the
network.
--
:wq Claudio
hing you're
> compiling locally into your kernel) then you should start a new thread
> starting with a dmesg and a clear description of the involved hardware.
I don't know what OpenMP uses for communication but re(4) does not return
errno 60 (ETIMEDOUT). So it seems like it is something else. Also 8111G
and 8111H are treated the same way in our re(4) driver.
--
:wq Claudio
total" }'
12386 <= 10 char
25894 <= 20 char
176304 rest
202198 total
Sorry but 25k is no where close to 75% of 202198.
Seems he did count words not characters.
--
:wq Claudio
/tun0 /dev/tun1' to wire tun0 and tun1 together.
You can select between, select(2), poll(2), kqueue(2) and pthreads as the
way on how to multiplex the reads.
For me the code triggers scheduler inefficencies and causes packets drops
on the output queue when there are multiple packet produc
On Tue, Jan 21, 2020 at 02:44:35AM +, Tom Smyth wrote:
> Claudio,
> Thanks for this,
> I compiled it on Openbsd 6.6 (stable) amd64
>
> it compiled without error
>
> the binary seems to run fine but,
> ./tbridge -k /dev/tap0 /dev/tap1
>
> runs and displays t
n max out the performance of a single CPU.
My tests running tcpbench just between two interfaces show no
measurable performance difference between the different modes (for either
tun or tap).
--
:wq Claudio
controller
> "Intel 6 Series SMBus" rev 0x05 at pci0 dev 31 function 3 not configured
> "Intel 6 Series Thermal" rev 0x05 at pci0 dev 31 function 6 not configured
>
>
> I hope this is enough info and would greatly appreciate it if anyone could
> help me out!
>
> Greetings,
>
> Thomas
>
--
:wq Claudio
as pointer.
Now if SIZE_MAX is the highest address is a different thing.
On OpenBSD 0..SIZE_MAX will cover the address room (in most cases
it covers actually more then what is possible). The highest valid
address is in most cases less than SIZE_MAX.
--
:wq Claudio
On Thu, Feb 27, 2020 at 01:36
On Thu, Feb 27, 2020 at 02:07:36PM +0100, zeurk...@volny.cz wrote:
> Haai,
>
> "Claudio Jeker" wrote:
> > This has not much to do with OpenBSD.
>
> On the contrary: these issues touch the fundaments of UNIX programming.
>
> > As for OpenBSD, it only
esult that the dns server can not reach
> any externel dns server.
You need to use pf to move packets between rdomains. Look for the rtable
keyword.
--
:wq Claudio
t; or
> pass out rdomain from any to any rtable 2 nat-to (pppoe0)
>
> same with "in" because an simple ping to 8.8.8.8 in ( or on ? ) rdomain 0
> ( direct on the router ) is no working.
>
> there is no default route at rdomain 0
>
You going to need a default route (can point to loopback) because routing
decisions are done before pf can move the packet.
--
:wq Claudio
r FW than you most probably need
redistribute connected. In such a simple setup as yours you can also skip
using OSPF and just use "set nexthop self" in bgpd since all your routers
& firewalls are directly connected.
In short the IGP (OSPF) is required for incoming traffic to find its
destination in your network whereas iBGP is required to take the optimal
way out of your network.
--
:wq Claudio
gs. It seems that even configure tells that
--enable-cgi is the default it seems it is not. Go figure...
Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
the module that should be used with the worker or event MPM.
So maybe
+49 160 90378641
>
> BCIX Management GmbH / BCIX e.V.
> Stromstrasse 5
> 10555 Berlin - Germany
>
> http://www.bcix.de/
> https://twitter.com/bcix <http://twitter.com/bcix>
> https://www.facebook.com/BCIX.Internet.Exchange
>
--
:wq Claudio
Index: bgpd.c
==
1 - 100 of 1112 matches
Mail list logo
