Re: 4.6 will be released on October 1st?
Stopping Theo's insults and crap-screaming would be the biggest carbon dioxide source in the project that could be stopped. It's up to him becoming green -- but people that molest little children don't need this, so there's little chance. :) Welcome to the block list, dickhead. Goodbye. I'm sure you just made a lot of other peoples as well...
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 7:53 AM, Eric Furman ericfur...@fastmail.netwrote: Stopping Theo's insults and crap-screaming would be the biggest carbon dioxide source in the project that could be stopped. It's up to him becoming green -- but people that molest little children don't need this, so there's little chance. :) Welcome to the block list, dickhead. Goodbye. I'm sure you just made a lot of other peoples as well... I don't mind. There's a plethora of free email accounts out there.
Re: 4.6 will be released on October 1st?
now all banning has been done, can we please return to the subject of 5month release schedule / 1 month scew for this release / quantum flux making the months be longer / optimised release planning / explanation for the early date. I'm not complaining, far from that. but following Wouters and probably Dippel I'm just curious to the what and why.
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 8:11 AM, Nice Daemonnicedae...@googlemail.com wrote: I don't mind. There's a plethora of free email accounts out there. And I'm sure you'll touch yourself inappropriately when hitting send from those too.
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 08:36:44AM +0200, Nido wrote: now all banning has been done, can we please return to the subject of 5month release schedule / 1 month scew for this release / quantum flux making the months be longer / optimised release planning / explanation for the early date. I'm not complaining, far from that. but following Wouters and probably Dippel I'm just curious to the what and why. It was all explained at the slackathon. In short some changes now in the tree and coming need the additional 1 month of this release cycle. 4.7 will be released on the well known date. -- :wq Claudio
net hangs (pf related?)
Hi. For five days in a row now I've been having the same issue. 2 days ago I upgraded to a never snapshot in case it would fix my problem without luck. This is @home on a DSL lines. OpenBSD gateway is connected to the modem with an axe(4), default setup, nothing fancy running... Every night I'm doing an rsnapshot backup off site of a small amount of data (couple of Gb). This setup has been running for about a year. Since 5 days, the connexion hangs during that backup, everytime. My logs are empty and the only way to get net access again is to: # pfctl -d ; sleep 2 ; pfctl -e pyr@ and I couldn't find anything obviously wrong. I'm not sure where I should start to debug this and would appreciate any hint. Thanks. INFO: Status: Enabled for 1 days 00:38:41 Debug: Urgent State Table Total Rate current entries 77 searches 9982542 112.5/s inserts 1794532.0/s removals 1793762.0/s Counters match 1805402.0/s bad-offset 00.0/s fragment 00.0/s short 00.0/s normalize 00.0/s memory 00.0/s bad-timestamp 00.0/s congestion 00.0/s ip-option 00.0/s proto-cksum00.0/s state-mismatch720.0/s state-insert 10.0/s state-limit00.0/s src-limit 100.0/s synproxy 00.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: stateshard limit1 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 OpenBSD 4.6-current (GENERIC) #105: Mon Aug 10 18:02:36 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1000MHz (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 real mem = 469254144 (447MB) avail mem = 445857792 (425MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/16/06, BIOS32 rev. 0 @ 0xfa960, SMBIOS rev. 2.3 @ 0xf0800 (26 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 06/16/2006 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdd14 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc60/176 (9 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 9 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xf200 0xd/0x8000! 0xd8000/0x4400! cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100a1308000a13 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 998 MHz: speeds: 1000, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xe800, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
Re: 4.6 will be released on October 1st?
On Tuesday 18 August 2009 02:11:15 Nice Daemon wrote: On Tue, Aug 18, 2009 at 7:53 AM, Eric Furman ericfur...@fastmail.netwrote: Stopping Theo's insults and crap-screaming would be the biggest carbon dioxide source in the project that could be stopped. It's up to him becoming green -- but people that molest little children don't need this, so there's little chance. :) Welcome to the block list, dickhead. Goodbye. I'm sure you just made a lot of other peoples as well... I don't mind. There's a plethora of free email accounts out there. Which cowards use. --STeve Andre'
Re: OpenBSD 4.5 amd64 boot hangs on Intel motherboard (intel S3210SH)
On Mon, Aug 17, 2009 at 1:33 PM, Marco Peereboomsl...@peereboom.us wrote: That was fixed in 4.6. Can you please verify that this works for you? Thanks a lot, boots fine with ACPI enabled! (tried from 17082009 snapshot) Cheers, Steph
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 8:14 AM, STeve Andre' and...@msu.edu wrote: On Tuesday 18 August 2009 02:11:15 Nice Daemon wrote: On Tue, Aug 18, 2009 at 7:53 AM, Eric Furman ericfur...@fastmail.net wrote: Stopping Theo's insults and crap-screaming would be the biggest carbon dioxide source in the project that could be stopped. It's up to him becoming green -- but people that molest little children don't need this, so there's little chance. :) Welcome to the block list, dickhead. Goodbye. I'm sure you just made a lot of other peoples as well... I don't mind. There's a plethora of free email accounts out there. Which cowards use. --STeve Andre' All of them are used by cowards. Your life seems very boring, brain-wise.
Re: 4.6 will be released on October 1st?
Please, stop feeding the trolls. -- I can resist anything but temptation.
Re: 4.6 will be released on October 1st?
Nice Daemon wrote: [nothing of interest] [nothing but bad gas] about 23 times worse than CO2. Amazing how the nicknames are what one should be as opposed to what one is. There are a few exceptions, but not this idiot who cannot tell the difference between a cup holder and a disk drive.
Re: VHS transfer on OpenBSD
On Aug 18 03:58:03, Jacob Meuser wrote: On Mon, Aug 17, 2009 at 10:43:45PM +0100, Peter wrote: Jan Stary wrote: On Aug 17 16:06:05, Peter Kay - Syllopsium wrote: I wouldn't even consider converting something that is readily available in digital form. The analog VHS material is not available elsewhere, and is slowly deteriorating on these tapes. Otherwise : 1) Find decent hardware (not TV cards) that can capture compressed video in real time (2nd hand ebay may help). You mean UNcompressed, right? No, I mean compressed. The tape is analogue, it's then captured to a compressed digital format with the capture card offloading the task from the CPU. It's entirely possible to work directly with compressed video and it'll be much lighter on CPU and I/O than capturing in raw format. Ideally you want hardware that can capture in your chosen format, so that lengthy transcoding time is not required and (if you're fussy - doesn't really apply in the case of VHS) there's no quality loss in the final product. fwiw, I was capturing/encoding to mpeg4 with ffmpeg and a bktr. in realtime, 3 years ago, on a not so fast machine, with OpenBSD. couldn't quite do full DVD quality in realtime though. wouldn't surprise me at all if it can be done with a decent machine today. This is an Atom 1.6 GHz with 1GB RAM; and I'm looking at the (cheapo) Leadtek WinFast VC100 XP (as an altermative to the VCD - DV camera route mentioned earlier); bktr(4) does not specifically mention this card, but it has the Conexant Fusion 878A chip; did anyone use it successfully? Thanks Jan
Mail Delivery Failure
Delivery Failure Report.
The following message was incorrectly addressed.
Recipient: hotelh is unrecognised.
Please contact postmas...@obriy.ua for further assistance
---
Received: from pop.svitonline.com by obriy.ua (VPOP3) with POP3; Tue, 18 Aug
2009 15:16:21 +0300
Return-Path: misc@openbsd.org
Received: from relay01.kiev.sovam.com (relay01.kiev.sovam.com [62.64.120.200])
by imap.svitonline.com with LMTP;
Tue, 18 Aug 2009 15:16:06 +0300
X-Sieve: CMU Sieve 2.2
Received: from [65.101.129.5] (helo=openbsd.org)
by relay01.kiev.sovam.com with smtp (Exim 4.69)
(envelope-from misc@openbsd.org)
id 1MdNbP-000PtZ-14
for hot...@obriy.ua; Tue, 18 Aug 2009 15:16:06 +0300
Received: from vgwcdcv (93.34.167.1)
by openbsd.org; Tue, 18 Aug 2009 18:15:55 +0300
Date: Tue, 18 Aug 2009 18:15:55 +0300
From: Misc misc@openbsd.org
X-Mailer: The Bat! (v3.44.24) Pro
Reply-To: Misc misc@openbsd.org
X-Priority: 3 (Normal)
Message-ID: 52266743.20081106194...@openbsd.org
To: Hotelh hot...@obriy.ua
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=--AF45221213B74B
X-Scanner-Signature: dc9851233e967de4527dd65bbc92362e
X-DrWeb-checked: yes
X-Spam-Status: is_spam
X-Spam-Score: 104
Subject: [!! SPAM] Lndek| opnteqqhnm`k|m{u jnloeremvhi. (}c)
Envelope-To: hot...@obriy.ua
Re: VHS transfer on OpenBSD
On Tue, Aug 18, 2009 at 05:49:22PM +1200, Paul M wrote: On 18/08/2009, at 3:48 PM, Jacob Meuser wrote: On Tue, Aug 18, 2009 at 12:02:08PM +1200, Paul M wrote: On 18/08/2009, at 3:15 AM, Landry Breuil wrote: On Mon, Aug 17, 2009 at 4:39 PM, Jan-Erik Skatajesk...@gmail.com wrote: On Mon, Aug 17, 2009 at 3:17 PM, Jan Stary h...@stare.cz wrote: I need to transfer some old VHS tapes into (any) digital video format. On OpenBSD of course. I understand I need All the bt848-based cards works through bktr(4), with composite input. Some time ago, when I looked into something similar, all the supported cards that I found could only record incomming video at 1/2 res max. Whether this is a limitation of the bt848 chipset, I didnt bother to verify. what do you mean by 1/2 res? the bt8x8 (also conexant fusion 878) chips can capture full resolution NTSC (640x480) or PAL (768x576). By half res, I mean 360x240. hmm, 360 is not a multiple of 16, nor is 360/240 == 4/3. sure you don't mean 320x240? It must have only been a limitation of the various cards I could find info on. I should perhaps clarify that this limitation only applied to the video input from the external video connectors, not to the tuner output, which could be recorded at full resolution on all the cards I looked at. That may not have been clear from my use of the term 'incomming video'. Could you perhaps point me at cards which you know can capture at full res from an external input? If I can get a card, I'd quite like to resurect this project. I've already been through the list of cards in the man page, but it seemed to be a little old when I looked a while ago. I'm pretty sure I've used both ATI TV Wonder VE and Zoltrix Genie TV/FM to capture from composite input at 640x480 (NTSC, I live in north america). -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: VHS transfer on OpenBSD
On Tue, Aug 18, 2009 at 02:04:41PM +0200, Jan Stary wrote: On Aug 18 03:58:03, Jacob Meuser wrote: On Mon, Aug 17, 2009 at 10:43:45PM +0100, Peter wrote: Jan Stary wrote: On Aug 17 16:06:05, Peter Kay - Syllopsium wrote: I wouldn't even consider converting something that is readily available in digital form. The analog VHS material is not available elsewhere, and is slowly deteriorating on these tapes. Otherwise : 1) Find decent hardware (not TV cards) that can capture compressed video in real time (2nd hand ebay may help). You mean UNcompressed, right? No, I mean compressed. The tape is analogue, it's then captured to a compressed digital format with the capture card offloading the task from the CPU. It's entirely possible to work directly with compressed video and it'll be much lighter on CPU and I/O than capturing in raw format. Ideally you want hardware that can capture in your chosen format, so that lengthy transcoding time is not required and (if you're fussy - doesn't really apply in the case of VHS) there's no quality loss in the final product. fwiw, I was capturing/encoding to mpeg4 with ffmpeg and a bktr. in realtime, 3 years ago, on a not so fast machine, with OpenBSD. couldn't quite do full DVD quality in realtime though. wouldn't surprise me at all if it can be done with a decent machine today. This is an Atom 1.6 GHz with 1GB RAM; and I'm looking at the (cheapo) Leadtek WinFast VC100 XP (as an altermative to the VCD - DV camera route mentioned earlier); bktr(4) does not specifically mention this card, but it has the Conexant Fusion 878A chip; did anyone use it successfully? pretty much any bt8x8/fusion878 card should work for composite input. what might not work on such cards is the tuner, but you don't need the tuner for capturing from the inputs. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: 4.6 will be released on October 1st?
(with apologies to Claudio) Claudio Jeker wrote: On Tue, Aug 18, 2009 at 08:36:44AM +0200, Nido wrote: now all banning has been done, can we please return to the subject of 5month release schedule / 1 month scew for this release / quantum flux making the months be longer / optimised release planning / explanation for the early date. I'm not complaining, far from that. but following Wouters and probably I don't believe it. It's bad enough when this happens in my home nation. It's wAuters. Cheers. Dippel I'm just curious to the what and why. It was all explained at the slackathon. In short some changes now in the tree and coming need the additional 1 month of this release cycle. 4.7 will be released on the well known date. Thanks for the update, I hope undeadly makes a fuss of it :-) The increase in packages and hardware support over the last years has been way too fast, I'm still getting over the shock of having OpenOffice JAVA as a package :-) Although it would be useful if we could aim Theo at Adobe (Flash...) and save the universe 8-) Actually, better to aim Theo at YouTube and their ilk so they stop using Flash in the first place.
Some strange blocking packets
Hi, I have some strange packet filtering on an openbsd 4.4 at the beginning a normal block all (not a block in quick, but only a block in) block in log on em0 all block out log on em0 all then I autorise some traffic: pass in on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state pass out on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state If I log the result, I see: Aug 17 17:41:02.521407 rule 42/(match) block in on em0: 172.30.251.131.2715 172.30.251.141.2146: [|tcp] = rule 42 is the rule block in log on em0 all. I worked with macros and I check the result with an pfctl -s rules = evry thing is ok pass in on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep state pass out on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep state An idea ? Regards Christophe
Multiple paths and two IPSec connections to one host.
Hi I want to set VPN failover between two internet links. I plan to use gre over IPSec and ospf over gre to dynamically change routes on failure. I've started with creating IPSec transport mode connection between two hosts and I got stuck. Let say I have HostA - which has two internet connections HostA1 - public IP from ISP1 HostA2 - public IP from ISP1 HostB - which has only one public IP HostB Now I want to make two tunnels from HostB to HostA. I figured I have to use passive and dynamic mode. on HostA I have --- ike passive esp transport from any to any \ quick group modp1024 \ psk xxx --- on HostB --- ike dynamic esp transport from HostB to HostA2 \ quick group modp1024 \ psk xxx ike dynamic esp transport from HostB to HostA1 \ quick group modp1024 \ psk xxx --- and it doesn't work. I get errors pasted below. I've tried many combinations but can't get it right and I guess I'm tired with this. I tried adding srcid and dstid to ike rules but had no luck. Can anyone please point me in right direction ? Aug 18 15:34:56 HostB isakmpd[13542]: isakmpd: exit Aug 18 15:35:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA1, no response from peer HostA1:500 Aug 18 15:35:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA2, no response from peer HostA2:500 Aug 18 15:37:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA1, no response from peer HostA1:500 Aug 18 15:37:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA2, no response from peer HostA2:500 Aug 18 15:34:53 HostA isakmpd[13928]: isakmpd: shutting down... Aug 18 15:34:53 HostA isakmpd[13928]: isakmpd: exit Aug 18 15:35:06 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 43 in payload of type 5 Aug 18 15:35:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:13 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:13 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:13 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 43 in payload of type 5 Aug 18 15:35:13 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:22 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:22 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:22 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 43 in payload of type 5 Aug 18 15:35:22 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:33 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:33 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:33 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 43 in payload of type 5 Aug 18 15:35:33 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:37:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 62 in payload of type 5 Aug 18 15:37:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:37:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type Unknown 42 in payload of type 5 Aug 18 15:37:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE
Re: Some strange blocking packets
Confirmation: the rules 44 blocks
@42 block drop in log on bge1 all
[ Evaluations: 32122 Packets: 17Bytes: 1428States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@43 block drop out log on bge1 all
[ Evaluations: 45Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@44 block drop in log on em0 all
[ Evaluations: 32122 Packets: 28857 Bytes: 13154820States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@45 block drop out log on em0 all
[ Evaluations: 29572 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@46 block drop in quick on bge0 inet from 172.30.251.33 to any
[ Evaluations: 32122 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@47 block drop in quick on bge0 inet from 10.33.15.33 to any
[ Evaluations: 2461 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@48 block drop in quick on em0 inet from 172.30.251.33 to any
[ Evaluations: 32086 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@49 block drop in quick on em0 inet from 10.33.15.33 to any
[ Evaluations: 29369 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
--- some pass in quick inet proto tcp from IP to any port = ssh flags S/SA
keep state
@65 block return-rst in quick inet proto tcp from any to 127.0.0.1 port = ssh
[ Evaluations: 28667 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@66 block return-rst in quick inet proto tcp from any to IP port = ssh
[ Evaluations: 28667 Packets: 2 Bytes: 120 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@67 block return-rst in quick inet proto tcp from any to 10.33.15.4 port =
ssh
[ Evaluations: 28650 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
@68 block return-rst in quick inet proto tcp from any to 172.30.251.4 port =
ssh
[ Evaluations: 28650 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: uid 0 pid 9178 State Creations: 0 ]
And then the pass rules
And the rules
@117 pass in on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA
keep state
[ Evaluations: 16Packets: 2 Bytes: 480 States: 2
]
[ Inserted: uid 0 pid 9378 State Creations: 2 ]
@118 pass out on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA
keep state
[ Evaluations: 3 Packets: 1 Bytes: 28 States: 1
]
[ Inserted: uid 0 pid 9378 State Creations: 1 ]
You're right, this seems the filter are not loaded, and the firewall seems to
stop at rules 44.
I have still check the pf.conf with od -c but didn't find any special chars
Regards
-Message d'origine-
De : Woodchuck [mailto:mar...@pennswoods.net]
Envoyi : mardi 18 ao{t 2009 18:02
@ : Rioux, Christophe
Objet : Re: Some strange blocking packets
On Tue, Aug 18, 2009 at 10:56 AM, Rioux, Christophecri...@viseo.net wrote:
Hi,
I have some strange packet filtering on an openbsd 4.4
at the beginning a normal block all (not a block in quick, but only
a block
in)
block in log on em0 all
block out log on em0 all
then I autorise some traffic:
pass in on em0 from 172.30.251.0/24
to 172.30.251.0/24 keep state
pass out on em0 from 172.30.251.0/24
to 172.30.251.0/24 keep state
If I log the result, I see:
Aug 17 17:41:02.521407 rule 44/(match) block in on em0:
172.30.251.131.2715
172.30.251.141.2146: [|tcp]
= rule 42 is the rule block in log on em0 all.
I worked with macros and I check the result with an pfctl -s rules =
evry thing is ok
pass in on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA
keep state pass out on em0 inet from 172.30.251.0/24 to
172.30.251.0/24 flags S/SA keep state
An idea ?
Regards
Christophe
Somebody will doubtless want to look at the other 40+ rules. It seems odd
that block in all on em0 ended up as rule 44.
Dave
--
Caution, this account is hosted by gmail.
Strangers scan the content of all mail transiting such accounts.
Piense en Grande y Haga como la Mayoria de los Lideres
Buenos dmas, ?Csmo esta? Mi nombre es Patricia Silva, responsable por las inscripciones de la Conferencia Gestisn en Ventas que se realizara el dma 21 de Noviembre en el Hotel Melia Mixico Reforma en la Ciudad de Mixico. En caso de que tenga dificultades para Motivar a su Fuerza de Ventas, evitar una Guerra de Precios, estimular el deseo del Cliente por su Producto, implantar una Estrategia de Ixito; entre al sitio abajo y vea csmo podemos ayudarle. www.klaeventos.com.mx/borghino Venga a pasar un dma entero con Mario Borghino en una verdadera Inmersisn en Ventas, Liderazgo y Estrategias. Muchas gracias. Patricia Silva K.L.A. Educacisn y Eventos Empresariales MIXICO Tel. (55) 5635 98 61 Tel/Fax (55) 5635 30 47
Re: Some strange blocking packets
On Tue, Aug 18, 2009 at 8:56 AM, Rioux, Christophecri...@viseo.net wrote: I have some strange packet filtering on an openbsd 4.4 at the beginning a normal block all (not a block in quick, but only a block in) block in log on em0 all block out log on em0 all then I autorise some traffic: pass in on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state pass out on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state If I log the result, I see: Aug 17 17:41:02.521407 rule 42/(match) block in on em0: 172.30.251.131.2715 172.30.251.141.2146: [|tcp] = rule 42 is the rule block in log on em0 all. I worked with macros and I check the result with an pfctl -s rules = evry thing is ok pass in on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep state pass out on em0 inet from 172.30.251.0/24 to 172.30.251.0/24 flags S/SA keep state An idea ? You might want to try adding proto tcp to the rules (and 4.4 doesn't require flags S/SA). Outside of this, pf might be blocking the traffic because the TCP handshake never completed. You might want to try reviewing the traffic in further detail using tcpdump.
Re: 4.6 will be released on October 1st?
wim wauters wrote: Actually, better to aim Theo at YouTube and their ilk so they stop using Flash in the first place. +1 Flash is a pox. Youtube, and any other flash site, should go over to open standards. Ogg Theora comes to mind there. Back to the topic of 4.6 and the extra time for VFS development, I've been able to fit some use of -current into my regular routine sometimes and think I might try to work out how to be more active in testing patches. That means being able to collect traces. Maybe a best practices for the casual -current user can be posted to Undeadly to help bring more people closer to the bleeding edge of testing. At Slackathon, Theo using setting kern.splassert to level 2 to collect traces to test on more configurations. That seems a bit harder on some hardware, since using a serial line is the familiar way to collect traces and a lot of common hardware lacks serial out. What is the best way to collect traces from hardware that lacks a built-in serial output? Josh Grosse mentioned last year that the ddb output can be found in the dmesg saved in the core dump, using the -M and -N options of dmesg(8). The core dumps are saved in /var/crash, if things go well. crash(8) mentions a little about how to retrieve information from the dump after reboot. e.g. ddb boot crash . . . ps -N /var/crash/bsd.0 -M /var/crash/bsd.0.core -O paddr dmesg -N /var/crash/bsd.1 Or systctl ddb.panic=0 might be used to reboot automatically. Again, a best practices would be useful. Regards, -Lars
Re: Some strange blocking packets
On 2009-08-18, Rioux, Christophe cri...@viseo.net wrote: I have some strange packet filtering on an openbsd 4.4 at the beginning a normal block all (not a block in quick, but only a block in) block in log on em0 all block out log on em0 all then I autorise some traffic: pass in on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state pass out on em0 from 172.30.251.0/24 to 172.30.251.0/24 keep state If I log the result, I see: Aug 17 17:41:02.521407 rule 42/(match) block in on em0: 172.30.251.131.2715 172.30.251.141.2146: [|tcp] = rule 42 is the rule block in log on em0 all. There's something about that packet which causes it to not match an existing state (e.g. bad sequence number). New TCP states are normally only created from the initial handshake packets (default is flags S/SA). [|tcp] indicates that only part of the packet was captured; you might get something more useful if you increase snaplen in the tcpdump line (e.g. -s1500). You could also look for syslog entries (you might need pfctl -x misc).
Re: VHS transfer on OpenBSD
On 19/08/2009, at 12:41 AM, Jacob Meuser wrote: On Tue, Aug 18, 2009 at 05:49:22PM +1200, Paul M wrote: On 18/08/2009, at 3:48 PM, Jacob Meuser wrote: On Tue, Aug 18, 2009 at 12:02:08PM +1200, Paul M wrote: On 18/08/2009, at 3:15 AM, Landry Breuil wrote: On Mon, Aug 17, 2009 at 4:39 PM, Jan-Erik Skatajesk...@gmail.com wrote: On Mon, Aug 17, 2009 at 3:17 PM, Jan Stary h...@stare.cz wrote: I need to transfer some old VHS tapes into (any) digital video format. On OpenBSD of course. I understand I need All the bt848-based cards works through bktr(4), with composite input. Some time ago, when I looked into something similar, all the supported cards that I found could only record incomming video at 1/2 res max. Whether this is a limitation of the bt848 chipset, I didnt bother to verify. what do you mean by 1/2 res? the bt8x8 (also conexant fusion 878) chips can capture full resolution NTSC (640x480) or PAL (768x576). By half res, I mean 360x240. hmm, 360 is not a multiple of 16, nor is 360/240 == 4/3. sure you don't mean 320x240? Sorry, yes of course. that's a typo. It must have only been a limitation of the various cards I could find info on. I should perhaps clarify that this limitation only applied to the video input from the external video connectors, not to the tuner output, which could be recorded at full resolution on all the cards I looked at. That may not have been clear from my use of the term 'incomming video'. Could you perhaps point me at cards which you know can capture at full res from an external input? If I can get a card, I'd quite like to resurect this project. I've already been through the list of cards in the man page, but it seemed to be a little old when I looked a while ago. I'm pretty sure I've used both ATI TV Wonder VE and Zoltrix Genie TV/FM to capture from composite input at 640x480 (NTSC, I live in north america). Thanks for this, I'll look them up. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 10:03:58PM +0300, Lars Nooden wrote: wim wauters wrote: Actually, better to aim Theo at YouTube and their ilk so they stop using Flash in the first place. +1 Flash is a pox. Youtube, and any other flash site, should go over to open standards. Ogg Theora comes to mind there. *sigh* you're blaming the wrong people. 2009 and just now streaming video/audio is being standardised in html? and theora? give me a break. either blame the w3c or the FOSS comunity in general for not creating a superior free video codec. don't blame youtube and the like for using de facto standards. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Fique a conhecer os Gadgets mais interessantes desta semana!
caso nco visualize correctamente este e-mail, clique aqui Consulte aqui outros Summer Products a PREGOS FANTASTICOS: Encomende ja online, por telefone ou por e-mail www.loja21.pt|214 151 492 |ap...@loja21.pt Morada: Rua Professor Reinaldo dos Santos, N:13, 9:Esq. 1500-501 Lisboa. Horario: 2* a 6* feira das 10h00 `s 19h00. Este e-mail promocional foi enviado para o enderego misc@openbsd.org Caso nco deseje voltar a receber a nossa newsletter, por favor clique aqui.
