date:20110731

Re: pf: state key linking mismatch (?)

2011-07-31 Thread Henning Brauer

* Limaunion limaun...@fibertel.com.ar [2011-07-17 02:26]:
 hi all: I'm getting tons of messages like this one:
 
 pf: state key linking mismatch! dir=OUT, if=vr1, stored af=2, a0:
 83.237.186.131:51413, a1: 192.168.1.2:64768, proto=17, found af=2,
 a0: 192.168.1.2:64768, a1: 181.110.135.229:51413, proto=17
 
 The public 'a1' address (181.110.135.229) is repeated always but
 does not much my real public interface address.
 
 The rule is probably related with this line:
 
 @41 pass in on vr0 inet proto tcp from any to (vr0:1) port = 64768
 flags S/SA synproxy state (max 50, adaptive.start 30, adaptive.end
 60) tag VR0_TAG rdr-to 192.168.1.2 port 64768
 
 Can someone enlighten me what does this means?

executive summary? you can ignore it.

this is a check just before linking state keys together. in this case,
they must not be linked because something in the way changed things.
usually some kind of tunnel or encryption.
in a perfect world we'd find all these codepathes and add the calls to
pf_pkt_addr_changed(). we're not making much progress lately in
idetifying the few remaining ones tho :((

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: routing problem with 2nd default route via ipsec

2011-07-31 Thread Axel Rau

Am 28.07.2011 um 13:23 schrieb Axel Rau:

 all CARP traffic from its carp2) go to enc0, like this:
What may cause IPv4 CARP traffic to not go out on its parent device but on
enc0 instead?
IPv6 CARP and other CARP devises behave as expected.

Axel
---
PGP-Key:29E99DD6  b +49 151 2300 9283  b computing @ chaos claudius

Re: Mouse0: No Device specified, looking for one.. (it's specified)

2011-07-31 Thread LEVAI Daniel

Hali!


FWIW, on my thinkpad t60 I can not configure the EmulateWheel option for
the trackpoint because of this. The configure option for the input
devices in xorg.conf are simply getting ignored.


Daniel


Section InputDevice
Identifier  TrackPoint
Driver  mouse
Option  Device/dev/wsmouse
Option  Emulate3Buttons   false
Option  EmulateWheel  true
Option  EmulateWheelButton2
Option  XAxisMapping  6 7
Option  YAxisMapping  4 5
EndSection



OpenBSD 5.0-beta (GENERIC.MP) #28: Tue Jul 26 20:15:10 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
real mem  = 2145775616 (2046MB)
avail mem = 2100592640 (2003MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS 
rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version 79ETE5WW (2.25 ) date 08/27/2009
bios0: LENOVO 2007FRG
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpimcfg0 at acpi0 addr 0xf000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 93P5030 serial  2444 type LION oem SONY
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 
0xe/0x1!
cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: apic 1 int 16
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X1400 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16
drm0 at radeondrm0
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi
azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices 
AD1981HD
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 20
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, address 
00:16:41:aa:d2:70
ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 21
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: msi, MoW2, 
address 00:18:de:65:2d:37
ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 22
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 23
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 17
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 1 int 19
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 1 int 19
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 TI PCI1510 CardBus rev 0x00: apic 1 int 16
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM

Re: Mouse0: No Device specified, looking for one.. (it's specified)

2011-07-31 Thread Christopher Zimmermann

Can you post your Xorg.log and complete xorg.conf?

See also xorg.conf(5); this may be what you need.

Option AllowEmptyInput boolean
   If enabled, don't add the standard keyboard and mouse drivers,
   if there are no input devices in the config file.  Enabled by
   default if AutoAddDevices and AutoEnableDevices is enabled,
   otherwise disabled.  If AllowEmptyInput is on, devices using the
   kbd, mouse or vmmouse driver are ignored.


Christopher


On 07/31/11 17:54, LEVAI Daniel wrote:
 Hali!
 
 
 FWIW, on my thinkpad t60 I can not configure the EmulateWheel option for
 the trackpoint because of this. The configure option for the input
 devices in xorg.conf are simply getting ignored.
 
 
 Daniel
 
 
 Section InputDevice
   Identifier  TrackPoint
   Driver  mouse
   Option  Device/dev/wsmouse
   Option  Emulate3Buttons   false
   Option  EmulateWheel  true
   Option  EmulateWheelButton2
   Option  XAxisMapping  6 7
   Option  YAxisMapping  4 5
 EndSection
 
 
 
 OpenBSD 5.0-beta (GENERIC.MP) #28: Tue Jul 26 20:15:10 MDT 2011
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
 real mem  = 2145775616 (2046MB)
 avail mem = 2100592640 (2003MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @ 0xfd6b0, 
 SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
 bios0: vendor LENOVO version 79ETE5WW (2.25 ) date 08/27/2009
 bios0: LENOVO 2007FRG
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT
 acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
 EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpiec0 at acpi0
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 166MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
 cpu1: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 2, remapped to apid 1
 acpimcfg0 at acpi0 addr 0xf000, bus 0-63
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (AGP_)
 acpiprt2 at acpi0: bus 2 (EXP0)
 acpiprt3 at acpi0: bus 3 (EXP1)
 acpiprt4 at acpi0: bus 4 (EXP2)
 acpiprt5 at acpi0: bus 12 (EXP3)
 acpiprt6 at acpi0: bus 21 (PCI1)
 acpicpu0 at acpi0: C3, C2, C1, PSS
 acpicpu1 at acpi0: C3, C2, C1, PSS
 acpipwrres0 at acpi0: PUBS
 acpitz0 at acpi0: critical temperature is 127 degC
 acpitz1 at acpi0: critical temperature is 99 degC
 acpibtn0 at acpi0: LID_
 acpibtn1 at acpi0: SLPB
 acpibat0 at acpi0: BAT0 model 93P5030 serial  2444 type LION oem SONY
 acpibat1 at acpi0: BAT1 not present
 acpiac0 at acpi0: AC unit online
 acpithinkpad0 at acpi0
 acpidock0 at acpi0: GDCK not docked (0)
 bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 
 0xe/0x1!
 cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03
 ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: apic 1 int 16
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X1400 rev 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 radeondrm0 at vga1: apic 1 int 16
 drm0 at radeondrm0
 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi
 azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices 
 AD1981HD
 audio0 at azalia0
 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 20
 pci2 at ppb1 bus 2
 em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, 
 address 00:16:41:aa:d2:70
 ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 21
 pci3 at ppb2 bus 3
 wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: msi, 
 MoW2, address 00:18:de:65:2d:37
 ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 22
 pci4 at ppb3 bus 4
 ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 23
 pci5 at ppb4 bus 12
 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 16
 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 17
 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev

Re: current: high interrupts on a macbook

2011-07-31 Thread Jan Stary

On Jun 17 17:53:10, Jan Stary wrote:
 Since a few snapshots ago, current/amd64 has occassionaly
 been interrupting like crazy on my macbook. top(1) shows
 above 90% interrupt, and

On Jun 17 18:02:17, Otto Moerbeek wrote:
 Try a more recent snap, various things related to interrupt handling
 have been volatile these days.

On Jun 18 06:57:26, Ted Roby wrote:
 I can verify high interrupts on a Macbook 3,1 with recent changes.
 I can also verify that the problem went away with further -current
 development.
 Perhaps build your own release until the next snapshot.

On Jul 12 10:28:53, Jan Stary wrote:
 This is just to confirm that the high interrupts exist in the last
 amd64 snapshot (yesterday). Now they consistently occur after 
 suspend/resume. The machine will not suspend a second time.

On Jul 27 23:32:06, Leroy van Engelen wrote:
 This week I upgraded the OpenBSD install on my laptop to 5.0-current, and I
 noticed some applications running very sluggish. Running 'top' showed me
 that CPU0 has an interrupt load of 80-90%:

Just upgraded to the latest amd64 snapshot,
and the high interrupts still appear.

It consistently appears after a suspend/resume;
top(1) starts showing something around 70% interrupt
on one processor, and 0 interrupt on the second processor.

On Jul 27 22:43:41, Matthew Dempsky wrote:
 Run systat 1 and it'll show you a breakdown of interrupt counts
 along the right hand side.  The clock counter should be 200 (hz=100
 * #cpus=2) and everything else to be low if the machine is idle.

Yes, this is the situation on my machine.
200 for clock, a few for ipi, negligible for others.

 Do any counts deviate significantly from these expected values?

No. After the suspend/resume which somehow triggers the high interrupts,
systat still reports those values; maybe a few more for ipi, but the
total is still about 220.

Differing from my previous experience, the cpufreq (as governed by apmd -C)
stays at 800, the lowest possible value, and does not jump to 2000, the
highest possible value. Also, the machine gets generally slower, but
not unusably slow, as it did before.

Also, it does a second suspend (before, it never got to it).
And after the second resume, the high interrupts are gone!
A third suspend/resume triggers the high interrupts again.
A fourth suspend/resume fixes that again.

Is there something specific that I should test?
Would an acidump be useful for debugging this?

Thank you for your time

Jan


OpenBSD 5.0-beta (GENERIC.MP) #44: Sat Jul 30 16:55:27 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2646556672 (2523MB)
avail mem = 2562052096 (2443MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (44 entries)
bios0: vendor Apple Inc. version MB31.88Z.008E.B02.0803051832 date 03/05/08
bios0: Apple Inc. MacBook3,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices ADP1(S3) LID0(S3) ARPT(S3) GIGE(S3) UHC1(S3) UHC2(S3) 
UHC3(S3) UHC4(S3) UHC5(S3) EHC1(S3) EHC2(S3) EC__(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 1995.35 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 1995.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpimcfg0 at acpi0 addr 0xf000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP05)
acpiprt2 at acpi0: bus 3 (RP06)
acpiprt3 at acpi0: bus 4 (PCIB)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 15253732082930497 type 15253732284385612 oem 
15253732284452179
acpivideo0 at acpi0: GFX0
cpu0: Enhanced SpeedStep 1995 MHz: speeds: 2000, 1800, 1600, 1400, 1200, 800 MHz
memory map conflict 0xf00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict 0xfffa/0x3
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)

Re: make an firewall with IDS

2011-07-31 Thread Simeon Rusev

Sure,
take a look at
http://www.sec-net.net/en/2011/07/openbsd/snort-2-9-0-5-on-openbsd-current.html



On Sun, 31 Jul 2011 00:37:41 +0400 Wesley MOUEDINE ASSABY
open...@e-solutions.re wrote

 Hi,
 
 Does someone already build an IDS on OpenBSD, and would help me ?
 I want to use snort on an OpenBSD 4.9 with a small web interface to see
 Snort alerts.
 What do you advice me ?
 
 Do i need to install a precompiled snort, with mysql support?? or use
 ports ?
 What is the best way to do it ?
 
 Thank you very much for your replies !
 
 Wesley.

Re: pf: state key linking mismatch (?)

2011-07-31 Thread Limaunion


On 07/31/2011 07:13 AM, Henning Brauer wrote:

* Limaunionlimaun...@fibertel.com.ar  [2011-07-17 02:26]:

hi all: I'm getting tons of messages like this one:

pf: state key linking mismatch! dir=OUT, if=vr1, stored af=2, a0:
83.237.186.131:51413, a1: 192.168.1.2:64768, proto=17, found af=2,
a0: 192.168.1.2:64768, a1: 181.110.135.229:51413, proto=17

The public 'a1' address (181.110.135.229) is repeated always but
does not much my real public interface address.

The rule is probably related with this line:

@41 pass in on vr0 inet proto tcp from any to (vr0:1) port = 64768
flags S/SA synproxy state (max 50, adaptive.start 30, adaptive.end
60) tag VR0_TAG rdr-to 192.168.1.2 port 64768

Can someone enlighten me what does this means?


executive summary? you can ignore it.

this is a check just before linking state keys together. in this case,
they must not be linked because something in the way changed things.
usually some kind of tunnel or encryption.
in a perfect world we'd find all these codepathes and add the calls to
pf_pkt_addr_changed(). we're not making much progress lately in
idetifying the few remaining ones tho :((



ok, thanks Henning for the clarification, now at least I know that this 
is not a mistake related with my rules.

Regards.

Re: dual-stack IPv4/IPv6 CARP SOLVED

2011-07-31 Thread Jussi Peltola

On Sun, Jul 31, 2011 at 02:16:15PM -0700, David Newman wrote:
 2. CARP heartbeat messages use multicast. This means a switch with
 dual-stack CARP-attached devices should support not only IGMP snooping
 for IPv4 but also MLD snooping for IPv6.
 
Hmm. carppeer does not seem to like an inet6 address to work around
that. I wonder what happens if you dual-stack a carp interface with a
carppeer - I remember having some mysterious issues after which I've
been running a separate carp if for ipv6. OTOH I have dual-stacked
carppeer-less carp if's that show no problems. Perhaps I can find time
to investigate.

zedist

2011-07-31 Thread director

van arn ME-NS BE-ST PROD-UCKT G-O!jqx C+L+I+C+K H+E+R+Ehqe
glamourgirlsofthesilverscreennrl
wedgienylonxttexturedpicksbuyyvk
bowlingforbearsrko

Re: dual-stack IPv4/IPv6 CARP SOLVED

2011-07-31 Thread David Newman

On 7/31/11 4:02 PM, Jussi Peltola wrote:
 On Sun, Jul 31, 2011 at 02:16:15PM -0700, David Newman wrote:
 2. CARP heartbeat messages use multicast. This means a switch with
 dual-stack CARP-attached devices should support not only IGMP snooping
 for IPv4 but also MLD snooping for IPv6.
  
 Hmm. carppeer does not seem to like an inet6 address to work around
 that. I wonder what happens if you dual-stack a carp interface with a
 carppeer - I remember having some mysterious issues after which I've
 been running a separate carp if for ipv6. OTOH I have dual-stacked
 carppeer-less carp if's that show no problems. Perhaps I can find time
 to investigate.

Can't say; I've never used carppeer.

If it's used with a multicast group address I would think the switch
would need to support MLD for this to work with IPv6. The only exception
I can think of is with a crummy switch that just floods multicast frames
everywhere, same as broadcast.

dn

Re: make an firewall with IDS

2011-07-31 Thread Wesley MOUEDINE ASSABY

First, thank you very much for your link.
I will try it this night.


On Mon, 01 Aug 2011 00:18:06 +0300, Simeon Rusev sim...@sec-net.net
wrote:
 Sure,
 take a look at

http://www.sec-net.net/en/2011/07/openbsd/snort-2-9-0-5-on-openbsd-current.html
 
 
 
 On Sun, 31 Jul 2011 00:37:41 +0400 Wesley MOUEDINE ASSABY
 open...@e-solutions.re wrote
 
 Hi,
 
 Does someone already build an IDS on OpenBSD, and would help me ?
 I want to use snort on an OpenBSD 4.9 with a small web interface to see
 Snort alerts.
 What do you advice me ?
 
 Do i need to install a precompiled snort, with mysql support?? or use
 ports ?
 What is the best way to do it ?
 
 Thank you very much for your replies !
 
 Wesley.

Re: pf: state key linking mismatch (?)

Re: routing problem with 2nd default route via ipsec

Re: Mouse0: No Device specified, looking for one.. (it's specified)

Re: Mouse0: No Device specified, looking for one.. (it's specified)

Re: current: high interrupts on a macbook

Re: make an firewall with IDS

Re: pf: state key linking mismatch (?)

Re: dual-stack IPv4/IPv6 CARP SOLVED

zedist

Re: dual-stack IPv4/IPv6 CARP SOLVED

Re: make an firewall with IDS

11 matches

Site Navigation

Mail list logo

Footer information