PF SMP

Does PF utilize multiple processors? One of my router/firewalls is a dual Pentium Pro 200. It also runs ftp-proxy, but that's it. Would a PII 400MHz be equivalent, better, or worse? Just curious. From what I understand, the network stack is not threaded, thus multiple processors would not be

Re: Partitions

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Brahy Sent: Thursday, June 29, 2006 11:00 PM To: misc@openbsd.org Subject: [misc] Partitions At first I didn't understand the reason for all the partitions (

Re: PF SMP

I have the same understanding you have Pachl. I believe OpenBSD IP Stack is not multithreaded implemented. A core developer could deny/confirm such belief. /all the best. On 6/30/06, Clint Pachl [EMAIL PROTECTED] wrote: Does PF utilize multiple processors? One of my router/firewalls is a dual

Re: PF SMP

OpenBSD SMP is based on BigLock, so only one processor at the time can execute kernel code, and IP Stack is kernel side only. As far as I remember. regards M.K. Gustavo Rios napisaE(a): I have the same understanding you have Pachl. I believe OpenBSD IP Stack is not multithreaded implemented.

Re: isakmpd: Phase 2 Cisco PIX fun

On 29 jun 2006, at 22.33, Stephen Bosch wrote: I'm trying to set up a tunnel to a Cisco PIX. It seems to make it past Phase 1, the trouble starts at Phase 2. I've provided some tcpdump output below: ... So, at this point it looks like Phase 1 was successful. Phase 2 begins:

Re: Where to start studying OpenBSD networking code

The second volume of TCP/IP Illustrated is very interesting, it describes the BSD implementation of the TCP stack, walking you through the code. Although dated, the code still bears a lot of similarities with what you'll find in /usr/src.

Re: Where to start studying OpenBSD networking code

Hi Joakinen, On 2006.06.28, at 11:24 PM, joakinen wrote: Is there any diagram of how every piece of code retales to the others? I don't know how relevant it is to OpenBSD, if at all, but I seem to remember getting a BSD TCP/IP network stack diagram poster with the boxed set of TCP/IP

Patent jeopardizes IETF syslog standard

Patent jeopardizes IETF syslog standard. Read here http://trends.newsforge.com/article.pl?sid=06/06/28/2320232

Re: Partitions

Hi, So am I going overboard? or am I missing any good partions. I never understood why putting /tmp on its own partition is good when nobody notices /var/tmp. In addition to /tmp I always put /var/tmp on its own partition too, so that I can mount it with nodev,noexec,nosuid. I also try to

Re: Mixing queues in pf

On Thu, Jun 29, 2006 at 05:26:30PM -0700, Lawrence Horvath wrote: Is it possible to mix queue types with pf, for instance all http traffic is sent to a hfsc queue while all ssh traffic is sent to a priq queue, or could you have a master priq queue and child cbq queues under it? thanks All

Re: Partitions

* Nick [EMAIL PROTECTED] [2006-06-30 03:33]: yes, I'd say you are going a bit overboard. very slightly, if at all. nor do I see any real-life benefit to a /usr/local partition. I do, a lot. prevent 3rd party crap shit from overflowing /usr. and, that way, you can even mount /usr RO unless

Re: gcc support to stack-smashing attacks protection

Thanks folks . On 6/29/06, Joachim Schipper [EMAIL PROTECTED] wrote: On Thu, Jun 29, 2006 at 04:48:24PM -0300, Jo?o Salvatti wrote: Hi all... I'd like to know if OpenBSD's gcc build binary files with built-in stack-smashing attacks protection. As Theo pointed out, yes. Be aware that

Re: Partitions

On Fri, Jun 30, 2006 at 12:00:12PM +0200, Tobias Weisserth wrote: I never understood why putting /tmp on its own partition is good when nobody notices /var/tmp. In addition to /tmp I always put /var/tmp on its own partition too, so that I can mount it with nodev,noexec,nosuid. I always

Re: premature end of script headers

On Fri, Jun 30, 2006 at 11:49:26AM +0700, riwanlky wrote: Hi All, I am trying to run TWiki on my OBSD 3.9 box. Installed using pkg_add TWiiki-20040903p0.tgz Include the following in my httpd.conf: apachectl restart. Try this: # apachectl stop # httpd -u - TWiki wont run in chroot

Re: Mixing queues in pf

Joachim Schipper wrote: On Thu, Jun 29, 2006 at 05:26:30PM -0700, Lawrence Horvath wrote: Is it possible to mix queue types with pf, for instance all http traffic is sent to a hfsc queue while all ssh traffic is sent to a priq queue, or could you have a master priq queue and child cbq queues

Re: News From HiFn

Hi! On Thu, Jun 29, 2006 at 03:45:55PM -0700, J.C. Roberts wrote: [...] I just got a call this afternoon from Tom Moore to let me know they've set up an anon FTP site (no registration) with their documentation: ftp://ftp.hifn.com Kudoes to you for your initiative and to HiFn for their

Re: isakmpd: Phase 2 Cisco PIX fun

Hekan Olsson wrote: On 29 jun 2006, at 22.33, Stephen Bosch wrote: I'm trying to set up a tunnel to a Cisco PIX. It seems to make it past Phase 1, the trouble starts at Phase 2. I've provided some tcpdump output below: ... So, at this point it looks like Phase 1 was successful. Phase 2

Re: News From HiFn

J.C. Roberts wrote: This should take care of any of the long standing issues OpenBSD has had with the HiFn's procedures for releasing documentation. This is good news. Thanks for your contribution! To all the nay-sayers out there: this proves that sometimes companies do 'get' their

routing through IPsec tunnel with NAT: add routes?

Hi, everybody: Okay -- the good news is that we've got the SA up between these two sites, the bad news is that traffic isn't passing. The situation is complicated by some NAT that I need through the encryption interface. We have the following: HostA_private_IP HostA_private_NAT_IP

Re: routing through IPsec tunnel with NAT: add routes?

Stephen Bosch wrote: Hi, everybody: Okay -- the good news is that we've got the SA up between these two sites, the bad news is that traffic isn't passing. The situation is complicated by some NAT that I need through the encryption interface. We have the following: HostA_private_IP

Re: routing through IPsec tunnel with NAT: add routes?

Stephen Bosch wrote: Hi, everybody: Okay -- the good news is that we've got the SA up between these two sites, the bad news is that traffic isn't passing. The situation is complicated by some NAT that I need through the encryption interface. We have the following: HostA_private_IP

Re: routing through IPsec tunnel with NAT: add routes?

Clint Pachl wrote: Stephen Bosch wrote: In the NAT section of my pf.conf, I have the following command: binat on $enc_if from $HostA_private_IP to RemoteB_private_subnets - $HostA_private_NAT_IP Try binat pass ... Done. In the FILTER section, I have: pass in on $enc_if from

Re: routing through IPsec tunnel with NAT: add routes?

On 2006/06/30 10:51, Stephen Bosch wrote: Thanks. No joy yet. Traceroute traffic is still going out the public interface when I try to ping a host on RemoteB_private_subnets... If this traceroute is from the vpn gateway itself (rather than an endpoint) you'll need to either set the source

Re: News From HiFn

On Thu, Jun 29, 2006 at 03:45:55PM -0700, J.C. Roberts wrote: I just got a call this afternoon from Tom Moore to let me know they've set up an anon FTP site (no registration) with their documentation: hi5. nicely done. Please check out the readme on the FTP. Basically it says if you wish

Re: routing through IPsec tunnel with NAT: add routes?

Stuart Henderson wrote: On 2006/06/30 10:51, Stephen Bosch wrote: Thanks. No joy yet. Traceroute traffic is still going out the public interface when I try to ping a host on RemoteB_private_subnets... If this traceroute is from the vpn gateway itself (rather than an endpoint) you'll need to

A little script to remove packages don't needed

I don't know how to explain it well (:P), the script finds which packages are not needed by others, so you can delete those you don't use. It's my first shell script, so feedback is apreciated, :) This is in public domain, blah blah blah blah. #!/bin/ksh function check_for_packages {

Re: News From HiFn

On 6/30/06, Breen Ouellette [EMAIL PROTECTED] wrote: J.C. Roberts wrote: This should take care of any of the long standing issues OpenBSD has had with the HiFn's procedures for releasing documentation. This is good news. Thanks for your contribution! To all the nay-sayers out there: this

Ye Olde Binary Patching Question

I've got a handful of OpenBSD boxes, and instead of keeping src on all of them, I'd like one box to follow stable and build patched programs which I could then distribute to my other boxes. I poked around the archives of this list, and it looks like this is a reacurring question. Has there

Re: Ye Olde Binary Patching Question

From: [EMAIL PROTECTED] I also tried playing with setting DESTDIR, but that didn't work very well. After a lot of messing around, I got a useable tar file, but it sure wasn't elegant. (http://seattlecentral.edu/~dmartin/docs/binpatch.html for my notes on that experience). My next idea is

Re: Ye Olde Binary Patching Question

On Fri, 30 Jun 2006, Dylan Martin wrote: If there is a better or best way to do this, let me know! You could try something like : #!/bin/sh DESTDIR=/tmp/sendmail mtree -qdef /etc/mtree/4.4BSD.dist -p ${DESTDIR}/ -u touch ${DESTDIR}/timestamp cd /path_to_sendmail_src env DESTDIR=${DESTDIR}

Re: A little script to remove packages don't needed

It's going to get deleted if you choose that. It's not a fully automated script. Thanks for the feedback :) On 6/30/06, Wade, Daniel [EMAIL PROTECTED] wrote: That all good and well, but what happens when my package that I use has zero depends? It's going to get deleted.

Re: Ye Olde Binary Patching Question

Dylan Martin wrote on Fri, Jun 30, 2006 at 11:38:45AM -0700: I've got a handful of OpenBSD boxes, and instead of keeping src on all of them, I'd like one box to follow stable and build patched programs which I could then distribute to my other boxes. Two ways are officially supported: -

Fw: NFSd problem - solved!

Don't respond to this mail. Problem got solved, a powercut and a toasted exports file. On Thu, 29 Jun 2006 22:44:51 +0200 Rico Secada [EMAIL PROTECTED] wrote: Hi I am having problems with one of our NFS servers at our datacenter. I have just set it up. I have edited /etc/rc.conf and

usb ralink RT2571 problem

i tried 2 usb ralink RT2571F usb with openbsd 3.9 and -current. ural0 at uhub0 port 1 ural0: ASUS 802.11g WLAN Drive, rev 2.00/0.01, addr 2 ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526, address 00:17:31:2e:ae:34 problem: this ifconfig works ifconfig ural0 192.168.2.2 netmask 255.255.255.0 nwid

Re: Ye Olde Binary Patching Question

Spruell, Darren-Perot wrote: You could NFS export out the build directory from your build server and mount it on the clients that want to update. Then a 'make build' on them would grab the newest stuff, and you could be selective about portions of the tree and so forth. Good solution, but

Re: News From HiFn

Nick Guenther [EMAIL PROTECTED] wrote: Done, but I've left their ranking as unfriendly on the front page because they've given no apology and they still seem to be shady. No worries, I just got word that they'll send a prostitute over to your house to fix that right up.

Re: Encryption and Compression with ipsecctl?

On Tuesday 20 June 2006 21:00, Clint Pachl wrote: Is IP compression/ipcomp flows implemented in ipsecctl(8)? I am trying to perform encryption (enc) and compression (ipcomp) between two OBSD3.9 hosts. IPcomp is known broken for at least two years, perhaps longer. Do not use it.

Re: News From HiFn

On Fri, 30 Jun 2006 14:27:53 -0400, Nick Guenther [EMAIL PROTECTED] wrote: On 6/30/06, Breen Ouellette [EMAIL PROTECTED] wrote: J.C. Roberts wrote: This should take care of any of the long standing issues OpenBSD has had with the HiFn's procedures for releasing documentation. This is good

Re: News From HiFn

On Fri, Jun 30, 2006 at 02:27:53PM -0400, Nick Guenther wrote: On 6/30/06, Breen Ouellette [EMAIL PROTECTED] wrote: PS - Someone who participates in editing vendorwatch.org might want to update the Hifn status page. Done, but I've left their ranking as unfriendly on the front page because

Re: News From HiFn

J.C. Roberts wrote: On Fri, 30 Jun 2006 14:27:53 -0400, Nick Guenther [EMAIL PROTECTED] wrote: On 6/30/06, Breen Ouellette [EMAIL PROTECTED] wrote: J.C. Roberts wrote: This should take care of any of the long standing issues OpenBSD has had with the HiFn's procedures for releasing

interupt mapping

On a Toshiba Satellite a35-s1593, without a PC-card currently plugged in, I get a mapping error for the CardBus (cbb). I intend to purchase a wireless PC-Card (I haven't decided on model yet), and wish to ensure it will work with the cardbus before doing so. OpenBSD 3.9 (GENERIC) #617: Thu Mar

Re: interupt mapping

D. E. Evans wrote: On a Toshiba Satellite a35-s1593, without a PC-card currently plugged in, I get a mapping error for the CardBus (cbb). I intend to purchase a wireless PC-Card (I haven't decided on model yet), and wish to ensure it will work with the cardbus before doing so. Try changing

Re: News From HiFn

Daniel Ouellet wrote: [snipp'ed] Agreed as well. It's just fair to see them presented as it is. Somewhat Friendly is really where they are now, so would be fair to do that. Changed. Reference the hifn article as to why (which was updated by the time I got there) their status was upgraded.

Re: News From HiFn

It seems to me that if people are going to make a huge fuss about a company's documentation not being open enough or not available or what have you, and then following the fuss, they make their documentation available, they should at a minimum be considered somewhat friendly. I think you are

refund of $63.80

[IMAGE] After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons. For example

Re: News From HiFn

On Fri, Jun 30, 2006 at 07:11:50PM -0600, Theo de Raadt wrote: I think you are right. If someone commits a crime, and then promises to never do it again, we should forgive them. I will ask this honestly: Why should we bleed our little hearts over a company who acted like assholes towards

Re: News From HiFn

Ok, so there's no need to fawn over them for doing what they should have done before. I'd be nice to have an apology AND the docs. Given the choice of one or the other, it's better to have the docs. And who knows, maybe there will be real policy shift for now and the future with Hifn. I'm not

Re: News From HiFn

Theo de Raadt wrote: I will ask this honestly: Why should we bleed our little hearts over a company who acted like assholes towards us for years, and only changed their policy due to public pressure? To make ourselves feel better? I think it is pointless. They still did not apologize. I

Re: News From HiFn

Theo de Raadt wrote: So they gave us docs. Now we need to say they are nice? No way. They have received money from hundreds of you. You are customers. They are a company. Now if you (like them) cannot figure out what that means, that they have a RESPONSIBILITY to their customers, and that

Re: News From HiFn

On Fri, Jun 30, 2006 at 08:09:50PM -0600, Theo de Raadt wrote: Ok, so there's no need to fawn over them for doing what they should have done before. I'd be nice to have an apology AND the docs. Given the choice of one or the other, it's better to have the docs. And who knows, maybe there

OT: large, wireframe Puffy stickers

While browsing through some pictures of one of the OpenBSD events (can't find the link again right this moment) there were a couple of attendees who had large wireframe Puffy stickers on the lid of their laptops. There was also a very large one on the top of a 1U chassis. These were larger, much