Re: detaching xnf(4) not recognized

Sebastian Reitenbach writes: > Hi, > > I'm toying with OpenBSD 6.3 image on AWS, trying to add/remove Elastic > Network Interfaces (ENI). > OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > So when I

Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0

On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote: > Lads, > > Im pleased to say that my testing of OpenBSD 6.1 and OpenBSD 6.2 > Release > amd64 , > appear to work a little better in Proxmox PVE5.1 as released this week, > > I used iso version 5.1-722cc488-1 from Proxmox > Updated on 24

Re: Hyper-V Disk Performance

On Mon, Oct 23, 2017 at 16:41 -0500, Daniel Boyd wrote: > Is there a recommended configuration for virtual disks in Hyper-V? I > have a virtual machine that I set up recently running 6.2 that has > *very* slow disk performance. It took well over an hour to untar > ports.tar.gz. The host server

Re: CoDel Flows

and then re-evaluate the situation and only if you see the problem with downloads, attempt to fix it. Cheers, Mike > > Regards, > Glenn > > > > On Mon, Oct 16, 2017 at 2:06 AM, Mike Belopuhov <m...@belopuhov.com> wrote: > > > On Sat, Oct 14, 2017 at 02:

Re: CoDel Flows

On Sat, Oct 14, 2017 at 02:51 +, Glenn Faustino wrote: > Hi Mike, > > I'm using HFSC with two root queues (1 for uplink and 1 for downlink), can > you please share your config for FQ-CoDel with HFSC with two queues if you > don't mind? > > Regards, > Glenn > I'm not certain which config

Re: CoDel Flows

On Fri, Oct 13, 2017 at 05:33 +, Daniel Melameth wrote: > In playing around with the new CoDel/fair traffic sharing, it's not > clear to me the best way to work with this when also using the > previous queuing. It's not clear to me either at least not in the generic case :-) I guess it

Re: late 6.1 question ( arp , table , routing )

On Mon, Sep 11, 2017 at 18:41 -0400, sven falempin wrote: > Feels like it s impossible to use virtual routing table without a rdomain > on interface with 6.1 > I think you were relying on an arp(1) bug that influenced your understanding of routing tables and routing domains. To recap: 1. There

Re: Calculate the frequency of the tsc timecounter

On Mon, Jul 31, 2017 at 09:48 +0800, Adam Steen wrote: > Ted Unangst wrote: > > we don't currently export this info, but we could add some sysctls. there's > > some cpufeatures stuff there, but generally stuff isn't exported until > > somebody finds a use for it... it shouldn't be too hard to add

Re: Calculate the frequency of the tsc timecounter

On Wed, Jul 26, 2017 at 19:24 +0800, Adam Steen wrote: > Hi > > Is there an easy/accurate way to calculate the tsc timecounter frequency? > like Time Stamp Counters on Linux. (on a > Sandy Bridge cpu) > > Another reference Converting Sandy Bridge TSC to wall clock

Re: Disk I/O performance of OpenBSD 5.9 on Xen

On Fri, Jul 21, 2017 at 09:15 -0400, Maxim Khitrov wrote: > On Sat, Jul 16, 2016 at 6:37 AM, Mike Belopuhov <m...@belopuhov.com> wrote: > > On 14 July 2016 at 14:54, Maxim Khitrov <m...@mxcrypt.com> wrote: > >> On Wed, Jul 13, 2016 at 11:47 PM, Tinker <ti...@open

Re: re0 and re1 watchdog timeouts, and system freeze

On Mon, Jun 12, 2017 at 15:11 +1000, David Gwynne wrote: > On Fri, Jun 09, 2017 at 07:19:34PM +0200, Bj??rn Ketelaars wrote: > > On Fri 09/06/2017 12:07, Martin Pieuchot wrote: > > > On 08/06/17(Thu) 20:38, Bj??rn Ketelaars wrote: > > > > On Thu 08/06/2017 16:55, Martin Pieuchot wrote: > > > > >

Re: inet6 nat-to (group) address selection algorithm question

On 18 May 2017 at 19:51, Adam Thompson wrote: > > So I’ve discovered that, when trying to do NAT66 (for a ULA network), a line like: > "match out on egress inet6 from !(egress:network) to any nat-to (egress:0)" > doesn’t work. (Yes, the network in this case is

Re: pf queue definition: bandwidth resolution problem

le > queue, as you suggested, could determine whether pf is enforcing the correct > bandwidth values. To make it easiest to see an error the optimum leaf queue > max bandwidth to use is 1999K. Then see whether the measured bandwidth is ~2M > or ~1M. > > When I have time I'

Re: Ipsec - Problem configuring host-to-host

On Wed, May 10, 2017 at 18:36 +, jphe...@yenn.ulegend.net wrote: > Hello. > > I am trying to establish an ipsec connection in transport mode between two > hosts located in the same LAN, using PSK for authentication and ikev1 for > automatic keying. So far, my attempts have resulted in

Re: pf queue definition: bandwidth resolution problem

On Tue, May 09, 2017 at 19:47 +, Carl Mascott wrote: > Intel Atom D2500 1.66GHz > OpenBSD i386 v6.1-stable > > I can't get pf to give me the queue bandwidths that I specify in pf.conf. > > pf.conf: > > queue rootq on $ext_if bandwidth 9M max 9M qlimit 100 > queue qdef parent rootq

Re: Looking for Xen blkfront driver xbf(4) tests

On Sun, Dec 11, 2016 at 05:09 -0500, mabi wrote: > Hi, > > Thanks for your efforts and making OpenBSD work even better on > Xen. I use Xen for all types of virtualization and started only > recently using OpenBSD 6.0 as domU. My current test setup is a 2 > node redundant cluster with Xen 4.4.1

Re: Looking for Xen blkfront driver xbf(4) tests

On Wed, Dec 07, 2016 at 19:30 +0100, Mike Belopuhov wrote: > Hi, > > I've committed today a driver for the Xen paravirtualized disk > interface also known as Blkfront. Despite being pretty stable > for me so far, it's not enabled by default at the moment. > Therefore I'm look

Looking for Xen blkfront driver xbf(4) tests

Hi, I've committed today a driver for the Xen paravirtualized disk interface also known as Blkfront. Despite being pretty stable for me so far, it's not enabled by default at the moment. Therefore I'm looking for additional tests on different Xen versions and EC2 instances to ensure robustness

Re: iked.conf - ikelifetime?

On 26 November 2016 at 03:29, wrote: > Hello: > > What are the units for "ikelifetime" in iked.conf? > > Per the man page, for "lifetime," it states: > lifetime time [bytes bytes] ... Several unit specifiers are recognized > (ignoring case): ‘m’ and ‘h’ for minutes and

Re: Attach EBS volume on aws OpenBSD instance

On 1 November 2016 at 16:46, zack wrote: > Hi, > > I'm running OpenBsd 6.0 instance on AWS using the public AMI. Attached > EBS volume as /dev/xvda as i found in previous discussion, but it don't > seems to get detected on the instance, nothing shows up on dmesg nor i > can't

Re: Disk I/O performance of OpenBSD 5.9 on Xen

On 14 July 2016 at 14:54, Maxim Khitrov wrote: > On Wed, Jul 13, 2016 at 11:47 PM, Tinker wrote: >> On 2016-07-14 07:27, Maxim Khitrov wrote: >> [...] >>> >>> No, the tests are run sequentially. Write performance is measured >>> first (20 MB/s), then

Re: How to turn off disk elevator

On Wed, Jul 13, 2016 at 12:48 +0200, Peter N. M. Hansteen wrote: > On Wed, Jul 13, 2016 at 12:39:14PM +0200, Christian Rner wrote: > > > Hello, you should use virtio drivers for the disk in KVM. > > > > I already use virtio ;-) But there is no need for the BSD kernel to do > > further > >

Re: issue with xnf running 15th jan snapshot on Xen v. 4.5.1

Hi, Thanks for taking your time to test and write a report. I've fixed a few issues since then and was going to ask you to test a -current kernel. Could you also please send bug reports like this to bugs@ rather than misc@. Thank you! Cheers, Mike On Sat, Jan 16, 2016 at 20:56 +0200, Imre

Re: Strange network issue during startup

On 7 October 2015 at 07:04, Alessandro DE LAURENZIS wrote: > I'll try your patch asap. > Hi, Please drop the diff I've sent you and try current. The fix should be in the if_trunk.c revision 1.121. Regards, Mike > All the best > > -- > Alessandro DE LAURENZIS >

Re: Strange network issue during startup

On 9 October 2015 at 19:15, Alessandro DE LAURENZIS <just22@gmail.com> wrote: > Hi Mike, > > On Fri 09/10/2015 19:07, Mike Belopuhov wrote: >> Hi, >> >> Please drop the diff I've sent you and try current. >> The fix should be in the if_trunk.c revision

unbreak trunk(4)

Hi, If you have noticed recent problems with trunk(4) please try the diff below as it fixes a subtle issue (not introduced by my changes!) with setting lladdr on non primary trunk ports: trunk_port_ioctl needs to be able to lookup the trunk port, but we didn't put it on the list yet, doh! OK's

Re: unbreak trunk(4)

On Wed, Oct 07, 2015 at 15:41 +0200, Mike Belopuhov wrote: > Hi, > > If you have noticed recent problems with trunk(4) please try the > diff below as it fixes a subtle issue (not introduced by my changes!) > with setting lladdr on non primary trunk ports: trunk_port_ioctl >

Re: Strange network issue during startup

On Tue, Oct 06, 2015 at 08:01 +0200, Alessandro DE LAURENZIS wrote: > Hello Mike, > > Thanks for your feedback, > > On Mon 05/10/2015 16:43, Mike Belopuhov wrote: > > > > Can you please add an "ifconfig -A" invocation to your hostname.trunk0: > >

Support for ActivCard, CRYPTOCard and SNK-004 authentication tokens

Hello, We're currently evaluating if we should keep providing support for ActivCard, CRYPTOCard and SNK-004 authentication tokens via login_token(8). If you're a user of "activ", "crypto", "snk" or "token" authentication methods (check your /etc/login.conf), please speak up so that we could

Re: Logjam Attack: is OpenIKED and OpenSMTPD vulnerable?

On 25 May 2015 at 14:33, Pablo Méndez Hernández pabl...@gmail.com wrote: Hi, Any statement for iked? iked implements IKEv2 which doesn't use SSL/TLS. So this attack doesn't directly apply to IKEv2. However we would accept MODP 1024 and better by default. Perhaps we should bump it to 2048

Re: IPv6 help needed

= 0.389/0.389/0.389/0.000 ms = Is this something that persists across reboots? or does it require like an /etc/rc.conf.local setting to bypass? Thank you incredibly!! - -Chris On 5/21/15 3:23 PM, Mike Belopuhov wrote: ipsecctl -F -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2

Re: IPv6 help needed

hey, do you happen to see anything in the ipsecctl -sf output? if there's a deny flow, try flushing it via ipsecctl -F. On 21 May 2015 at 23:22, Chris Moody ch...@node-nine.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello - new list-subscriber here. Need a little help

Re: iked without psk

On 6 November 2014 10:19, Peter J. Philipp p...@centroid.eu wrote: Hi, Since my upgrade on saturday to 5.6 my iked stopped working with psk. I've disabled it by now but the config was something of the order of: ikev2 active esp from 192.168.179.1 to 192.168.179.10 psk icutwithanulu! ikev2

Re: pf anchor references

On Mon, Jun 02, 2014 at 17:51 +0200, Mike Belopuhov wrote: Hi, I've been chasing some bugs in the pfctl anchor code for a couple of weeks and I'm not astonished at how loose the handling is in general. Lot's of rules and checks are being violated by some code paths while honoured by others

Re: nfs server causing lockups lately

On Sun, Apr 13, 2014 at 01:27 -0400, Luke Tidd wrote: march 7th snapshot and before, no problem next upgrade was april 9th snapshot, nfsd usage for more than a minute or so will bring down the system reproducibly. tried again with a bit ago (april 12th) snapshot, still crashing

Re: Packet Filter nat-to issue

On 28 February 2014 10:15, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, i encounter a strange problem today on PF. I don't know if this i normal but the result is illogic. I have this rule: pass out quick proto tcp from all_clients_v4 to port { smtp smtps 587 imap imaps pop3 pop3s

Re: Strange packets lost

On 25 September 2013 11:03, Loïc BLOT loic.b...@unix-experience.fr wrote: Hello all, i have searched many options but i haven't any new idea. I have 4 openbsd routers (2 on each site). Each router create a GRE tunnel with it's pair. Here is the configuration: | S1R1

Re: Interface input errors incrementing

On 20 September 2013 08:36, Darren Spruell phatbuck...@gmail.com wrote: Running 5.3 (release) i386 on a soekris net4521 with 2 connected sis(4). The device is a router/firewall on a home network with a cable Internet connection. One of these interfaces has in the last few weeks started to

Re: IPSec endpoints won't talk to each other

On 24 September 2013 16:35, Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar wrote: On 2013-09-24 09:44, James Griffin wrote: * Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar [2013-09-24 03:53:46 -0300]: Hi, I've been experimenting a bit with IPSec and creating a VPN using it. I've

Re: iked's ikev2 segfaults during connection initiation from strongswan

On 25 September 2013 14:41, LEVAI Daniel l...@ecentrum.hu wrote: Hi! I'm trying to setup StrongSwan (oh, the pain...) to iked(8) IPsec. When trying to bring up the connection from the Linux end (ipsec up connection), the iked(8) at the OpenBSD (5.3-stable) endpoint segfaults. I'm trying to

Re: 10GBit OpenBSD Firewall

On 2 September 2013 12:26, Andy a...@brandwatch.com wrote: Hi everyone, I know this gets discussed a lot and I don't want to re-tread old ground, but I am in the process of specifying firewall hardware for 10Gbit and would like to check the rules-of-thumb I am using.. We would like to reach

Re: BCM5719C/BCM5720 partially working

On Fri, May 24, 2013 at 15:48 +0200, David Imhoff wrote: Mike Belopuhov wrote on 2013-05-23 21:55: On Thu, May 23, 2013 at 11:04 +0200, David Imhoff wrote: The problem seems to be in the Auto polling of the mac link state. ifconfig shows the correct link state, but the BGE_STS_LINK bit

Re: BCM5719C/BCM5720 partially working

On Thu, May 23, 2013 at 11:04 +0200, David Imhoff wrote: Hi, Having finally found the BCM5718 Programmers guide from http://www.broadcom.com/support/ethernet_nic/open_source.php I managed to get a bit further with this problem. The problem seems to be in the Auto polling of the mac link

Re: Crashes with IPsec + GRE (+ crypto softraid)

On Mon, Feb 18, 2013 at 15:45 +0100, Michael wrote: Hi all, after having a somewhat weird problem for a while now I hope someone can help me. _Sorry_ for the really lengthy mail but it is kind of complex to describe. dmesg and other information can be found at the end. The problem in

Re: OpenBSD5.3-beta, kernel panic : pf.conf with once option

On 22 February 2013 14:02, Wesley M.A. open...@e-solutions.re wrote: Hi, I'm running : kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC 2 network cards : bge0 and axe0 pfctl -vf /etc/pf.conf load

Re: Low latency and interrupt mitigation

On 11 February 2013 12:19, Dan Shechter dans...@gmail.com wrote: Hi All, I have a very latency sensitive application. I need to move packets from one interface to another I am using a quad 1000/pro Intel NIC. pcidump shows 82571EB My latency sensitive application reads packets from one em

Re: Low latency and interrupt mitigation

be trivially explained and is certainly not something that OpenBSD supports or would want to support out of the box. FreeBSD netmap interface would be helpful in your situation but is not currently supported by OpenBSD. Cheers, Mike Best regards, Dan On Mon, Feb 11, 2013 at 1:43 PM, Mike Belopuhov m

Re: Low latency and interrupt mitigation

that with netmap there would be no such need). BTW, would HW TX IP/UDP checksum reduce the latency? I don't know exactly, but compared to the amount of work done by bpf/pcap and syscalls (at least write), I'd say it's negligible. Best regards, Dan On Mon, Feb 11, 2013 at 2:11 PM, Mike Belopuhov m

Re: OpenBSD 5.2 isakmpd sequence number problem

On Wed, Jan 30, 2013 at 14:59 +0100, Bartosz Brzozowski wrote: Hi Misc. I have two location A i B in my lab. In the location A there is isakmpd + carp + pfsync + sasync cluster on which there is installed OpenBSD 5.2 GENERIC.MP#339 i386 In the location B there is single OpenBSD 5.2

Re: OpenBSD does not initiate ipsec connection

On Sun, Oct 28, 2012 at 7:49 AM, Erwin Schliske erwin.schli...@sevenval.com wrote: But now I have figured out what I have to change to bring up the tunnels after loading the config with ipsecctl. I have to disable sasyncd, which if enabled causes to start isakmpd with parameter S. If

Re: Slow VPN Performance

of the performance changes that were committed are helpful in your setup. On Mon, Oct 22, 2012 at 6:41 PM, Mike Belopuhov m...@belopuhov.com wrote: On Mon, Oct 22, 2012 at 4:10 PM, Michael Sideris urg...@gmail.com wrote: It seems that changing to hmac-md5 boosted network throughput from

Re: Slow VPN Performance

through a stronger algorithm? You can get 600-750Mbps (depending on the CPU speed) in the AES-NI enabled setup (using AES-GCM that is). On Mon, Oct 22, 2012 at 2:58 PM, Mike Belopuhov m...@belopuhov.com wrote: On Tue, Oct 16, 2012 at 11:43 AM, Michael Sideris urg...@gmail.com wrote: Both

Re: ikev2 and (ta-da) OpenBSD road warrior host

On Thu, Oct 4, 2012 at 6:13 AM, Erling Westenvik erling.westen...@gmail.com wrote: Shamefully I must admit what many OpenBSD'ers consider a crime worse than intercourse with the devil, namely to follow a so-called Howto (http://www.mouedine.net/) and within minutes having my daughters Windows

Re: IPSEC VPN performance

On Thu, Sep 27, 2012 at 11:30 PM, Jim Miller jmil...@sri-inc.com wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each

Re: IPSEC VPN performance

On Fri, Sep 28, 2012 at 11:45 AM, Otto Moerbeek o...@drijf.net wrote: On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a

Re: 10Gbit Intel 10GbE SFP+ (82599) performance

On Sat, Aug 04, 2012 at 17:43 +0200, Claudio Jeker wrote: On Tue, Jul 24, 2012 at 02:22:57PM +0200, Henrik Lund Kramshøj wrote: On 24/07/2012, at 14.16, Otto Moerbeek wrote: On Tue, Jul 24, 2012 at 01:52:03PM +0200, Peter Hessler wrote: On 2012 Jul 24 (Tue) at 12:40:00 +0200

Re: ipsec between 5.0 5.1

On Fri, Jul 27, 2012 at 10:33 AM, lilit-aibolit lilit-aibo...@mail.ru wrote: Hi misc. is it possible? why wouldn't it be?

Re: Windows 7 and IkeV2 VPN Issue

On Thu, Jul 26, 2012 at 9:27 PM, Bentley, Dain dbent...@nas.edu wrote: Hello fellow OpenBSD users, I've run into a of couple issues with setting up and IKE IPSEC VPN with a windows 7 native client. Now I've ran through the lists and have found a solution to get it working somewhat how I'd

Re: ipsec tunnel speeds

On Mon, Jun 25, 2012 at 2:53 PM, Mark Romer romesterm...@gmail.com wrote: Great question Ted Does anyone know the answer? sure. Thanks Mark On Jun 22, 2012 12:58 PM, Ted Unangst t...@tedunangst.com wrote: On Fri, Jun 22, 2012 at 12:52, Ryan McBride wrote: 550Mb/s with aes-128-gcm

Re: ikev2 between openbsd and windows

On Thu, May 31, 2012 at 12:18 +0200, Peter J. Philipp wrote: On Tue, May 29, 2012 at 01:55:45PM +0200, Mike Belopuhov wrote: On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote: 2. Doesn't work EAP mode - Windows stops on Checking username and password error. Then #13803, 1931

Re: ikev2 between openbsd and windows

On Thu, May 31, 2012 at 12:47 +0200, Peter J. Philipp wrote: On Thu, May 31, 2012 at 12:28:47PM +0200, Mike Belopuhov wrote: My iked config looks like this: do you have a user specification in your iked.conf? which user are you trying to authenticate as? user specification

Re: ikev2 between openbsd and windows

On Thu, May 31, 2012 at 12:18 +0200, Peter J. Philipp wrote: My iked config looks like this: ikev2 win7 passive esp \ from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \ srcid 10.0.0.1 \ eap mschap-v2 \ config address 172.16.20.1 \ config

Re: ikev2 between openbsd and windows

On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote: 2. Doesn't work EAP mode - Windows stops on Checking username and password error. Then #13803, 1931... Hi, Just to mention it for those not following source-changes@ that there was a bug in the message ID handling that prevented EAP

Re: ikev2 between openbsd and windows

On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote: Thank you very much for the detailed reply. It helped a lot, though I have something to add. 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates by doubleclicking on them. You should not import the cert by

Re: ikev2 between openbsd and windows

On Wed, May 16, 2012 at 10:00 PM, Peter J. Philipp p...@centroid.eu wrote: On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote: 4) Install the server certificate on the server: ikectl ca vpn certificate 10.1.0.1 install 5) To export the client certificate in a ZIP'ed PFX format

Re: ikev2 between openbsd and windows

On Fri, May 11, 2012 at 20:39 +0400, Pavel Shvagirev wrote: Hi everyone. Trying to build ikev2 vpn between openbsd 5.1 and windows 7 via certificates. Windows stops at #13843 error message - Invalid payload received. Iked -vd output has a 'sa_state: VALID - ESTABLISHED' meaning that 2nd

Re: pfsync changes in current?

On Fri, May 4, 2012 at 12:27 PM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: On 03/05/12 22:56, mxb wrote: I'd suggest you to experiment with the src and try to rollback if_pfsync.c to, say rev. 1.179, then roll forward with revisions until you can pinpoint one which breaks it.

Re: Problems reading from (but not writing to?) LTO 5 Ultrium tape from i386 snapshot(s)

On Wed, May 02, 2012 at 11:29 +, Fergus Wilde wrote: Hello, I wonder if anyone can help me out with the following. Any or all help, including 'this has nothing to do with OBSD', or options to try passing to the dump, happily received. In particular, I wonder if my situation is

Re: alix2d2 LM86, no hw.sensors

On Sun, Feb 19, 2012 at 00:06 +0100, Mike Belopuhov wrote: On Sat, Feb 18, 2012 at 03:09 +1100, Jonathan Gray wrote: On Fri, Feb 17, 2012 at 04:20:25PM +0100, Michal Mazurek wrote: I have an alix2d2 running OpenBSD 5.0. There are no hw.sensors. The producer says there is an LM86 on board

Re: alix2d2 LM86, no hw.sensors

On Sat, Feb 18, 2012 at 03:09 +1100, Jonathan Gray wrote: On Fri, Feb 17, 2012 at 04:20:25PM +0100, Michal Mazurek wrote: I have an alix2d2 running OpenBSD 5.0. There are no hw.sensors. The producer says there is an LM86 on board, which is supported by the maxtmp driver. It appears the

Re: uvm_fault in Dec. 15 amd64 snapshot

On Sun, Dec 18, 2011 at 18:50 -0800, James A. Peltier wrote: - Original Message - | Hi All, | | Today is our semester maintenance day and we've upgraded our backup | bridge firewall to the Dec. 15, 2011 snapshot available from | ftp.openbsd.org and I'm getting this odd error when I

Re: uvm_fault in Dec. 15 amd64 snapshot

On Mon, Dec 19, 2011 at 21:46 +0100, Mike Belopuhov wrote: On Sun, Dec 18, 2011 at 18:50 -0800, James A. Peltier wrote: - Original Message - | Hi All, | | Today is our semester maintenance day and we've upgraded our backup | bridge firewall to the Dec. 15, 2011 snapshot

Re: OpenBSD 5.0 upgrade: em interface status no carrier

On Fri, Nov 18, 2011 at 4:01 AM, Sam Vaughan samvaug...@surgeonline.com wrote: On 18/11/2011, at 12:59 PM, Sam Vaughan wrote: Hi, After upgrading from OpenBSD 4.9 to OpenBSD 5.0, the Intel 82579LM and Intel PRO/1000 MT (82574L) devices on one of my servers no longer come up. facepalm If

Re: PFSYNC - pf.conf best practice

On Thu, Oct 27, 2011 at 11:18 AM, Mike Belopuhov m...@crypt.org.ru wrote: On 26-10-2011 20:32, Maxim Bourmistrov wrote: The side question, after observing 'systat -s1 states', is WHY failover-side doubles exp. time?? I'm more expected to have it like a copy of the current state

Re: PFSYNC - pf.conf best practice

On Fri, Oct 28, 2011 at 11:25 AM, Mike Belopuhov m...@crypt.org.ru wrote: On Thu, Oct 27, 2011 at 11:18 AM, Mike Belopuhov m...@crypt.org.ru wrote: On 26-10-2011 20:32, Maxim Bourmistrov wrote: The side question, after observing 'systat -s1 states', is WHY failover-side doubles exp. time

Re: PFSYNC - pf.conf best practice

On Wed, Oct 26, 2011 at 9:51 PM, Maxim Bourmistrov m...@alumni.chalmers.se wrote: Well, it is idle so far as it is not able to take care of dhcp-clients - dhcpd listens on CARP which is not available at the moment. This box is a slave to the named too, but updates of zone are not so frequent

Re: pfsync0 MTU

On Mon, Oct 24, 2011 at 12:18 PM, Maxim Bourmistrov m...@alumni.chalmers.se wrote: Hi, I patched on side of this tandem do you mean 'one'? then you should obviously patch both. i mean, come on, you wanted to do some research on your own, so do it. and had following setup: fw1: em0 mtu

Re: pfsync0 MTU

On Thu, Oct 20, 2011 at 10:40 +0200, Maxim Bourmistrov wrote: Hi list, is there any reason for MTU on pfsync0 to be limited to 2048? yes, when pfsync(4) was written, there was only one mbuf cluster pool: MCLBYTES (2048) sized one. now we have several. Any benefit from having it lager, say up

Re: pfsync0 MTU

On Sat, Oct 22, 2011 at 20:14 +0200, Maxim Bourmistrov wrote: On both sides I use em(4) with MTU 9000. Then tried to set the same value to the pfsync with success (ifconfig pfsync0 mtu 9000), but the actual value I see is 2048. ugh. i thought you've fixed up the source code. i'm curious

Re: IPSEC/SSL accelerator

On Tue, May 17, 2011 at 3:45 PM, Stuart Henderson s...@spacehopper.org wrote: On 2011-05-17, patrick.oesch...@bluewin.ch patrick.oesch...@bluewin.ch wrote: i am looking for a IPSEC accelerator board for a company firewall to terminate multiple IPSEC tunnels (branches) expected IPSEC

Re: anybody working on support for Cavium CN16xx crypto accelerator?

not that i'm aware of. but we'd be interested if someone would provide hardware and documentation. On Tue, May 17, 2011 at 8:46 AM, patrick.oesch...@bluewin.ch patrick.oesch...@bluewin.ch wrote: http://www.caviumnetworks.com/processor_security_nitroxPX.html thank you /pat

Re: Dell R310 - H200 Raid performance problem

On Thu, Feb 10, 2011 at 14:25 +0100, Lukasz Czarniecki wrote: Hi I've bought a Dell R310 with H200 raid controller reported in dmesg as: Symbios Logic SAS2008. It uses mpii driver and has two hard drives configured in RAID 1. Now it seems to work fine but i still have a problem with its

Re: Migrating from isakmpd to iked: interface name not recognized

On Mon, Dec 13, 2010 at 18:50 +0100, Axel Rau wrote: Hi all, in the man page for iked.conf, I read: Addresses can be specified in CIDR notation (matching netblocks), as symbolic host names, interface names, or interface group names. In my iked.conf, I have local pppoe0 but iked

Re: kernel hangs by many connections (reproducable)

On Sun, Sep 12, 2010 at 11:26 +0600, Anton Maksimenkov wrote: Hello. I use my OBSD machine to test some server on another machine. They are connected by pathcord, 1Gbit network cards are used. Test program (uses kqueue) do many (I want thousands) connections to server. Write query, read

Re: OpenBSD on DELL R310

2010/9/29 Bjvrn Sandell bi...@chalmers.se: Hi, Is anyone running OpenBSD on a DELL R310? With a H200 raid controller? Any issues? Thanks, -- Bjvrn Sandell bi...@chalmers.se according to the mpii(4) manpage, this is supposed to be LSI SAS2008 that is well supported in OpenBSD 4.8+.

Re: [dera...@cvs.openbsd.org: Re: I would like to send this to misc@ and security-announce@, from me.]

C'mon, ftp.kd86.com was delisted from the ftp.html page on Mon Apr 6. Can you just stop bashing Wim? It doesn't make anyone happier (except Theo probably). Or maybe we should rush searching the whole fscking internet for the incorrect OpenBSD mirrors? Chill out, dudes. On Thu, Apr 30, 2009 at

Please test this on all available nVidia AHCI-capable controllers

Including MCP65, MCP67, MCP73, MCP77 and MCP79 families. If you see something like this in your dmesg: pciide1 at pci0 dev 9 function 0 NVIDIA MCP77 AHCI rev 0xa2: \ DMA (unsupported) please make sure you've switched your SATA controller to the native (or AHCI mode) in the BIOS.

Re: tcpdump | more doesn't produce output

On Thu, Jul 28, 2005 at 15:26 -0700, Michael Favinsky wrote: Has anyone tried a tcpdump | more ? Or a tcpdump | grep? When I try to pipe tcpdump output to either more or grep I don't get any network data output. Anyone have any explanation for this behavior? use stdout line buffered mode:

Re: static route files

On Thu, Jul 14, 2005 at 23:22 -0700, Reza Muhammad wrote: dear All, In which file should i put my static route entry ? in hostname.if(5). regards reza Start your day with Yahoo! - make it your home page

Re: Mail from doubleclick.com sites

On Thu, May 12, 2005 at 11:45 -0500, Dave Feustel wrote: Is there any straightforward way to block email from locations that whois shows to have been created by doubleclick.com? something like this maybe?... LOCAL_CONFIG Kcheckblocked regex [EMAIL PROTECTED] (doubleclick.com)

Re: built php4 from ports, but no mysql or postgresql support...how to enable support?

On Thu, May 12, 2005 at 14:13 -0400, Rick Barter wrote: I have Googled and searched the archives, but I'm not finding what I'm looking for. I have installed php4 from ports and realize after researching an erro I was getting and viewing info.php that I don't have support for mysql and