Re: mod_gzip not compressing files
Alexander Hall wrote: Jeremy Bowen wrote: Doh! facepalm After sleeping on this overnight I've discovered a misconfigured server. All working as desired now. Too embarrassing to share for the archives? :-9 Well, almost. But here we go :-) I think I know what the problem was but I'm not 100% sure of the failure mechanism. I've just shifted my webserver to a newly installed OpenBSD v4.4 box. I'm doing this behind NAT (pf rdr) and using Virtual hosting. For various reasons, I'm running an internal DNS which I had forgotten to update to point to the new webserver. The clue was that telnetting to port 80 on localhost showed activity in the logs/mod_gzip.log file but specifying the Host: header for a virtual host in an HTTP/1.1 request, didn't show any gzip activity, but did show in the logs/access_log file. Updating the misconfigured DNS records seems to have cured the mod_gzip problem. I can't quite explain why this would have affected mod_gzip as the new server was definitely serving up the pages (verified by checking logs/access_log) but that was the fix. In addition, the http://www.whatsmyip.org/mod_gzip_test/; site I was using to verify my setup appears (I'm guessing) to be geared towards apache v2.x as having finally seen info in my logfiles, it isn't sending the expected GET request first. Instead it sends a HEAD which mod_gzip v1.3.x doesn't handle. So even when I had mod_gzip working, it would lie to me and say that it wasn't. Testing with perl/telnet verified that the server is now behaving as desired. I doubt this will be of any use to anyone else (except maybe for some light entertainment value) but there you have it. Cheers
IPSEC in 4.3 and 4.4: strange packet loss
Hi, I have a VPN running which, for this problem, looks roughly like this: net-West - West - East - net-East | +--- South - net-South West is the central site, and East and South are quite similarly configured branch offices. Esp., regarding the packet filter configuration on West, both sites are configured symmetrically. Traffic between (West, East) and (West, South) is permitted to flow freely in both directions. West, East and South are OpenBSD-based firewalls. East has a default route to West, but South has only a route to net-West. Now the problem: Ping with oversized packets (I see 1548 bytes with tcpdump, and the user set a packet size of slightly more than 1500 bytes) from net-West to net-East work fine, all the time, while the same command from net-West to net-South does not work, also most of the time, with success rates varying between zero and three packets returning, out of four. At South, the packets which arrive, are only 1528 bytes long, so I've lost some 20 bytes on the road. Running tcpdump on the internal LAN interface and on enc0 of West shows, that not all of the packets which enter the LAN interface, and which are destined for net-South, even enter the enc0 interface. Conclusion: Packets are lost within the Firewall (but I can't see anything on pflog0, too). West are two machines, one runs OpenBSD 4.3 amd64, with the GENERIC.MP kernel, and the other runs OpenBSD 4.4 i386, with the GENERIC.MP kernel (fully patched). Any ideas about how to better debug such a problem are very much appreciated! Kind regards, --Toni++
Re: ipv6/pf/relayd/totd
Thanks a lot for your help, Todd.
On Wed, 2008-12-17 at 13:01 -0600, Todd T. Fries wrote:
| The ipv6 only client gets its ipv6 address via the rtadvd running on the
| gatway's internal interface. The gateway's external interface is ipv4
| only.
So however you've managed it you have an IPv6 subnet internally. But it is
not routed to the world? Shame. Go get a tunnel broker and fix this! You
really are missing out..
Yep, University gave us five ipv6 ranges without being able to route
them (yet).
| The ipv6 host can already ping6 the gatway. DNS I have 'fixed' with
| totd, so ipv4 addressed are mapped into the ipv6 space:
|
| ipv6-client:~$ host www.google.ch
| www.l.google.com has address 74.125.39.147
| www.l.google.com has IPv6 address 2001:620:10:1401::4a7d:2767
|
|
| The default ipv6-gateway of my ipv6 client is properly set
| in /etc/mygate.
|
| I try to use pf on the gateway to intercept tcp/ip6 traffic and to feed
| it into relayd. The relevant parts are as follows:
|
| ---pf.conf--
| rdr pass inet6 proto tcp from lan:network - :: port 8081
| ---pf.conf--
Wrong. Try this instead:
rdr pass inet6 proto tcp from lan:network - lan port 8081
You cannot redirect to `::', a wildcard address. You must redirect to
a specific address.
Oh, yes. This is wrong indeed. I wonder why pfctl hasn't bailed out.
However, using - ::1 should then do the trick as well, right?
Unfortunately, I still see the same effect, here are the packets on
doing an 'ssh my.external.ipv4.host' from my ipv6-client:
gw# tcpdump -evni pflog0 -s 512 ip6
10:44:55.701935 rule 32/(match) [uid 0, pid 28859] pass in on em0:
2001:620:10:1401:20d:60ff:fe2e:251b.27021 2001:620:10:1401::.53:
42719+ ? merry.ini.uzh.ch. (34) [flowlabel 0xbc4e3] (len 42, hlim
64)
10:44:55.710561 rule 32/(match) [uid 0, pid 28859] pass in on em0:
2001:620:10:1401:20d:60ff:fe2e:251b.21304 2001:620:10:1401::.53:
61177+ A? merry.ini.uzh.ch. (34) [flowlabel 0xdcf20] (len 42, hlim 64)
10:44:55.717571 rule 11/(match) [uid 0, pid 28859] rdr in on em0:
2001:620:10:1401:20d:60ff:fe2e:251b.37356 ::1.8081: S
3170155212:3170155212(0) win 16384 mss 1440,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 1991902115 0 [flowlabel 0xc4399] (len 44, hlim 64)
So, the traffic *is* redirected to ::1.8081 but the client connection
times out after a while and the relayd log doesn't show anything.
However, if I test with 'telnet ::1 8081', I do see a connection attempt
in relayd's log file.
| ---relayd.conf---
| tcp protocol tcpgeneric {
| tcp { backlog 128, nodelay, sack, socket buffer 131072 }
| }
|
| relay tcp6to4 {
| listen on :: port 8081
| forward to nat lookup inet
| protocol tcpgeneric
| }
| ---relayd.conf---
This relayd.conf looks like what I've done. here is my setup on the gateway
with a couple little twists (I'm using abcd::/48 as an example allocation):
-- pf.conf --
table 6to4ok { abcd::/48 } # who is permitted to use this relay?
table 6to4net { abcd:0:0:::/96 } # the 6to4 prefix
rdr pass inet6 proto tcp from 6to4ok to 6to4net port { 80 8080 } -
abcd::1 port 8080
rdr pass inet6 proto tcp from 6to4ok to 6to4net - abcd::1 port 8081
-- pf.conf --
-- relayd.conf --
tcp protocol tcpgeneric {
tcp { backlog 128, nodelay, sack, socket buffer 131072 }
}
http protocol httpgeneric {
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to \
X-Forwarded-By
header change Connection to close
tcp { backlog 128, nodelay, sack, socket buffer 131072 }
}
relay tcp6to4 {
listen on :: port 8081
forward to nat lookup inet
protocol tcpgeneric
}
relay http6to4 {
listen on :: port 8080
forward to nat lookup inet
protocol httpgeneric
}
-- relayd.conf --
.. this way http traffic gets some info injected about being forwarded.
I will take care of http as soon as the basic setup works.
| After that kinda long intro, here's the problem:
|
| Though name resolution works, an actual connection to an ipv6 address on
| port 80 wouldn't work and isn't 'seen' by relayd either. If I tcpdump on
| the gateway I see that the client, after it got the faked ipv6 address,
| sends an icmp6: neighbor sol: who has 2001:620:10:1401::4a7d:2767.
|
| So, it believes google is part of 'our' name space, which is probably
| wrong. I then tried to change the prefix of totd to a non-local prefix,
| like 2001:620:10:1400:: (instead of :1401::) so that a 'host
| www.google.ch' results in 2001:620:10:1400::4a7d:2767 and thus can't be
| treated as 'local'.
|
| When I do this I can see the traffic on the gatway:
| 2001:620:10:1401:20d:60ff:fe2e:251b.13239
| 2001:620:10:1400::4a7d:2768.80
|
| but it's still not seen by relayd.
|
| Can someone with some degree of patience shed some light on my dark
Re: IPSEC in 4.3 and 4.4: strange packet loss (addendum)
On Fri, 19.12.2008 at 10:38:28 +0100, Toni Mueller openbsd-m...@oeko.net wrote: Ping with oversized packets (I see 1548 bytes with tcpdump, and the user set a packet size of slightly more than 1500 bytes) from The user uses this command to test from his desktop computer: ping 1.2.3.4 -l 1500 -n 1 with 1.2.3.4 being an IP located in net-South. -- Kind regards, --Toni++
Re: openbsd igmp v3 proxy?
* Tobias Wigand li...@underscore.de [2008-11-28 14:05]: hi, lately my ip-tv provider switched from igmp v2 to v3 and my openbsd setup with igmp-proxy from ports stopped working. if i get the v3 rfc correctly, it4s not conform to the igmp standard to cut support for older igmp versions but they did it anyway. i found http://potiron.loria.fr/projects/madynes/internals/perso/lahmadi/igmpv3proxy but it won4t compile. i browsed through openbsd4s source and noticed, that it only seems to support igmp v1 and v2. the kame patches for igmp v3 seem very old (openbsd 3.5.) and i don4t think they would apply to openbsd 4.4. so my question is: even if i did have an igmp v3 proxy for openbsd, would it help me at all as the os does not seem to support v3? does anyeone have a working igmp v3 / multicast setup and can point me to the right directions or just shed some light into this? I am not aware of anyone actively working on any igmp-related stuff, the lack of v3 comes probably down to nobody did it. well written diffs in reasonably small chunks will certainly be considered. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: ipv6/pf/relayd/totd
Penned by Stephan A. Rickauer on 20081219 11:01.16, we have: | Thanks a lot for your help, Todd. | | On Wed, 2008-12-17 at 13:01 -0600, Todd T. Fries wrote: | | The ipv6 only client gets its ipv6 address via the rtadvd running on the | | gatway's internal interface. The gateway's external interface is ipv4 | | only. | | So however you've managed it you have an IPv6 subnet internally. But it is | not routed to the world? Shame. Go get a tunnel broker and fix this! You | really are missing out.. | | Yep, University gave us five ipv6 ranges without being able to route | them (yet). Yecht. *sigh*. Hopefully this changes ;-) | | The ipv6 host can already ping6 the gatway. DNS I have 'fixed' with | | totd, so ipv4 addressed are mapped into the ipv6 space: | | | | ipv6-client:~$ host www.google.ch | | www.l.google.com has address 74.125.39.147 | | www.l.google.com has IPv6 address 2001:620:10:1401::4a7d:2767 | | | | | | The default ipv6-gateway of my ipv6 client is properly set | | in /etc/mygate. | | | | I try to use pf on the gateway to intercept tcp/ip6 traffic and to feed | | it into relayd. The relevant parts are as follows: | | | | ---pf.conf-- | | rdr pass inet6 proto tcp from lan:network - :: port 8081 | | ---pf.conf-- | | Wrong. Try this instead: | | rdr pass inet6 proto tcp from lan:network - lan port 8081 | | You cannot redirect to `::', a wildcard address. You must redirect to | a specific address. | | Oh, yes. This is wrong indeed. I wonder why pfctl hasn't bailed out. | However, using - ::1 should then do the trick as well, right? Sorry I was not clear. With IPv6, unlike IPv4, it is not possible to redirect to `localhost'. You must redirect to a global scope address. [..] | .. this way http traffic gets some info injected about being forwarded. | | I will take care of http as soon as the basic setup works. Sure. [..] | I think the pf.conf tweak may be all thats necessary for you to see traffic | via relayd. | | Unfortunately, it doesn't. The packets aren't blocked by pf but are | properly redirected to relayd. Relayd stays quiet. | | On a side note: I also don't understand why the wrong default gateway is | advertised to my client. Instead of my global IPv6 address, the | local-link address is propagated. I was under the impression rtadvd will | take care of it: | | gw$ cat /etc/rtadvd.conf | em0:\ | :addr=2001:620:10:1401:::prefixlen#64:raflags#0: You have a wrong understanding of IPv6. It is recommended to use the link local address for the router(s) since they will always be link local. Routing to a global scope address is a last choice. Don't over-ride the defaults here, you have no good reason to. | client$ sudo route -n show -inet6 | grep default | default fe80::20c:f1ff:fe8f:a9c4%em0 UG 0 43 - em0 | | client$ cat /etc/mygate | 2001:620:10:1401:: Choose one or the other. You either need a default route in /etc/mygate and a static IP for the client or you need rtsol(d). One trick I picked up from ISC is if you want your client to be '::' then set this in the hostname.if file: inet6 fe80:: rtsol .. and you'll get global scope addresses on that host that end in ::. [..] | Hope this provides some useful pointers! | | Well, at least my pf.conf is fixed now! Thanks again. But I still | struggle with relayd. I'll try to setup this case at home on my much | simpler environment over christmess. Maybe that'll work. I'm still convinced the pf.conf is the problem, redirect to a global scope IPv6 address and I suspect you'll be much better off. Thanks, -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
relayd - ssl offloading
hi,
I'm trying to get relayd to work with ssl and I'm having quite a hard
time. I get the error message : SSL library error: httpproxy:
relay_ssl_accept: error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl
session id callback failed relay, which is involves /dev/random
issues.
So test if it was a general problem with /dev/random I installed
stunnel and forwarded all https packets from stunnel to the webhosts
in relayd and it works so narrowed it down to relayd. I checked the
rights on /dev/random and I don't have any issues with it. Can someone
point me in the direction to resolving my problem please ? Any idea on
how to solve this ?
Here is the relayd log snippet :
startup
init_filter: filter init done
init_tables: created 0 tables
relay_privinit: adding relay httpproxy
protocol 0: name httpfilter
flags: 0x20004
type: tcp
request change Connection to close
request change Keep-Alive to $TIMEOUT
request append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
request append $REMOTE_ADDR to X-Forwarded-For
response change Server to Server1
relay_init: max open files 11095
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
relay_launch: running relay httpproxy
relay_init: max open files 11095
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
relay_launch: running relay httpproxy
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
hce_notify_done: 192.168.190.53 (recv_icmp: done)
host 192.168.190.53, check icmp (0ms), state unknown - up, availability 100.00%
pfe_dispatch_imsg: state 1 for host 1 192.168.190.53
hce_notify_done: 192.168.190.53 (recv_icmp: done)
Here is my relayd.conf :
relayd_addr=192.168.172.77
relayd_port=8080
web_port=80
table web_hosts { 192.168.190.53 }
interval 10
timeout 200
prefork 5
http protocol httpfilter {
return error
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
header change Keep-Alive to $TIMEOUT
header change Connection to close
response header change Server to Server1
ssl { sslv3, tlsv1, ciphers HIGH:!ADH, no sslv2 }
}
relay httpproxy {
listen on $relayd_addr port $relayd_port ssl
protocol httpfilter
forward to web_hosts port $web_port mode loadbalance check icmp
}
Here is my pf.conf
int_if=bce0
rdr-anchor relayd/*
rdr pass on $int_if proto tcp to port 443 - 192.168.172.77 port 8080
--
uday
Re: ipv6/pf/relayd/totd
On Fri, 2008-12-19 at 08:13 -0600, t...@fries.net wrote: | Wrong. Try this instead: | | rdr pass inet6 proto tcp from lan:network - lan port 8081 | | You cannot redirect to `::', a wildcard address. You must redirect to | a specific address. | | Oh, yes. This is wrong indeed. I wonder why pfctl hasn't bailed out. | However, using - ::1 should then do the trick as well, right? Sorry I was not clear. With IPv6, unlike IPv4, it is not possible to redirect to `localhost'. You must redirect to a global scope address. You Made My Week. It's working. Awesome. Thanks a lot! This is a good example where ipv4 concepts can't be applied to the ipv6 world in a straight forward way. I would not have thought that it's no longer possible to redirect to localhost, ever. Well, time to put localhost off the network then ;) | On a side note: I also don't understand why the wrong default gateway is | advertised to my client. Instead of my global IPv6 address, the | local-link address is propagated. I was under the impression rtadvd will | take care of it: | | gw$ cat /etc/rtadvd.conf | em0:\ | :addr=2001:620:10:1401:::prefixlen#64:raflags#0: You have a wrong understanding of IPv6. Will be fixed soon. O'Reillys IPv6 Network Administration has been downloaded today... It is recommended to use the link local address for the router(s) since they will always be link local. Routing to a global scope address is a last choice. Don't over-ride the defaults here, you have no good reason to. | client$ sudo route -n show -inet6 | grep default | default fe80::20c:f1ff:fe8f:a9c4%em0 UG 0 43 - em0 | | client$ cat /etc/mygate | 2001:620:10:1401:: Choose one or the other. You either need a default route in /etc/mygate and a static IP for the client or you need rtsol(d). One trick I picked up from ISC is if you want your client to be '::' then set this in the hostname.if file: inet6 fe80:: rtsol .. and you'll get global scope addresses on that host that end in ::. Cool. Will try that. I'm still convinced the pf.conf is the problem, redirect to a global scope IPv6 address and I suspect you'll be much better off. Yes, that fixed it. Thanks again. I owe you a pint, well ... two pints ;) Cheers, -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWebwww.ini.uzh.ch
Re: ipv6/pf/relayd/totd
Penned by Stephan A. Rickauer on 20081219 16:44.47, we have: | On Fri, 2008-12-19 at 08:13 -0600, t...@fries.net wrote: | | Wrong. Try this instead: | | | | rdr pass inet6 proto tcp from lan:network - lan port 8081 | | | | You cannot redirect to `::', a wildcard address. You must redirect to | | a specific address. | | | | Oh, yes. This is wrong indeed. I wonder why pfctl hasn't bailed out. | | However, using - ::1 should then do the trick as well, right? | | Sorry I was not clear. With IPv6, unlike IPv4, it is not possible to | redirect to `localhost'. You must redirect to a global scope address. | | You Made My Week. | | It's working. Awesome. Thanks a lot! | This is a good example where ipv4 concepts can't be applied to the ipv6 | world in a straight forward way. I would not have thought that it's no | longer possible to redirect to localhost, ever. Well, time to put | localhost off the network then ;) To be clear, this is due to the way pf rdr and IPv6 interaction works. Not sure if 'ever' is the right outlook here. [..] | I'm still convinced the pf.conf is the problem, redirect to a global scope | IPv6 address and I suspect you'll be much better off. | | Yes, that fixed it. Thanks again. Welcome. -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
Re: Incorrect output from pftop on OpenBSD 4.4
Thanks for your replies. systat, of course, is solution, but I like and got used pftop :-) I wrote message to Can Acar, but there're no replies yet. -- View this message in context: http://www.nabble.com/Incorrect-output-from-pftop-on-OpenBSD-4.4-tp21057551p21094413.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Pedido de remoção da lista Novos
recebemos um pedido de remogco do seu enderego misc@openbsd.org na lista Novos. Por favor, clique no seguinte enderego para confirmar que pretende anular a sua subscrigco: http://www.mktid.com/pub/rn.php?dodel=dodelu=2d50b65318l=1491
gd without xbase?
I am running 4.4 stable on i386 for the sole purpose of running nagios. So that I could get visualizations on the statusmap, nagios docs say that gd is required. I have performed just a minimal install, bsd, base44, etc44 and man44. When i try installing gd i come up with the following error: # pkg_add -nv gd parsing gd-2.0.35 Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) gd-2.0.35:parsing jpeg-6bp3 found libspec c.48.0 in /usr/lib Pretending to add gd-2.0.35:jpeg-6bp3 gd-2.0.35:parsing png-1.2.28 Pretending to add gd-2.0.35:png-1.2.28 found libspec c.48.0 in /usr/lib found libspec expat.9.0 in /usr/lib Can't install gd-2.0.35: lib not found fontconfig.5.1 Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) Full dependency tree is libiconv-1.12,jpeg-6bp3,png-1.2.28 Can't install gd-2.0.35: lib not found freetype.16.1 found libspec iconv.5.0 in package libiconv-1.12 found libspec jpeg.62.0 in package jpeg-6bp3 found libspec m.3.0 in /usr/lib found libspec png.7.0 in package png-1.2.28 found libspec z.4.1 in /usr/lib /dev/wd0g: 1432 bytes /dev/wd0f: 1381968 bytes I did some searching on this and found it most recently referenced about Openbsd 3.9 where people were indicating that gd was not going to have the x dependency in future releases. I have another machine that i did my nagios testing on that does NOT have gd installed but the .gd2 icons are displayed correctly in the statusmap. I do have php5-gd installed and doing a test install of php5-gd-no_x11 which works. My question here is, even though nagios doesn't use php, is the php-gd what is allowing the icons to display in this case since i don't actually have gd installed? Is there any other way to make this work? i didn't really want to install php or xbase on this box. Thanks in advance and dmesg below. Aaron Martinez OpenBSD 4.4-stable (GENERIC) #1: Fri Dec 5 15:52:41 CST 2008 r...@obsdbuild.minn.example.com:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 527986688 (503MB) avail mem = 502087680 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/10/03, BIOS32 rev. 0 @ 0xeb4e0, SMBIOS rev. 2.3 @ 0xf8dd4 (57 entries) bios0: vendor Hewlett-Packard version 786B2 v1.11 date 07/10/2003 bios0: Hewlett-Packard HP d530 SFF(DG781A) acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT SSDT SSDT APIC SSDT ASF! SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PCI0(S4) HUB_(S4) COM1(S4) COM2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3) PBTN(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (HUB_) acpicpu0 at acpi0 acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xe0c00/0x9a00! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xf000, size 0x800 drm at vga1 unsupported uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2 pci1 at ppb0 bus 5 bge0 at pci1 dev 2 function 0 Broadcom BCM5782 rev 0x03, BCM5705 A3 (0x3003): irq 5, address 00:0e:7f:f3:46:a7 brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340014A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: LITEON, CD-ROM LTN486S, YQSM ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt auich0 at pci0 dev 31 function 5 Intel 82801EB/ER AC97 rev 0x02: irq 5, ICH5 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D
Re: verify installed packages' binaries integrity ?
Stuart Henderson wrote on 18/12/08 21:14: On 2008-12-18, jul jul_...@yahoo.fr wrote: a small question, is there any way to check integrity of installed packages'binaries ? yes, by (ab)using pkg_create: for i in `find /var/db/pkg -name +CONTENTS`; do pkg_create -nf $i /dev/null done exactly, what i want. thanks a lot stuart for archives, seriously and as said before, it's only one step in investigation. it doesn't replace a dd + forensic analysis for a compromised host. But when you are suspicious and there is no mtree/samhain/aide/else, it helps.
Re: relayd - ssl offloading
Hi guys,
I tried generating random numbers with the _relayd user without a problem :
[_rel...@myserver /etc/ssl]$ od -D -A n /dev/random | head -2
2530374051 2874409472 1650458018 3736200264
1776311775 448067355 3385764049 245858356
[_rel...@myserver /etc/ssl]$ od -D -A n /dev/random | head -2
3500873714 1514410290 1261638879 3441183390
1244646393 1231567229 2455711758 3155117271
[_rel...@myserver /etc/ssl]$ od -X -A n /dev/random | head -2
ec656a22865705affba217e99141ec7c
24cab1151d520b9aba1e1c48a5016cbd
[_rel...@myserver /etc/ssl]$ od -X -A n /dev/random | head -2
82028e10a31642abea289fa8986233be
620b5ed369888e5b938c7cdf2e9f2794
Now I really don't know where to go. I tried out pound and it handled
ssl proxy like a pro. Am I missing something here ? Am I even
debugging correctly ? Thanks alot for the help guys.
uday
On Fri, Dec 19, 2008 at 11:08 AM, uday umoorjani@gmail.com wrote:
hi,
I'm trying to get relayd to work with ssl and I'm having quite a hard
time. I get the error message : SSL library error: httpproxy:
relay_ssl_accept: error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl
session id callback failed relay, which is involves /dev/random
issues.
So test if it was a general problem with /dev/random I installed
stunnel and forwarded all https packets from stunnel to the webhosts
in relayd and it works so narrowed it down to relayd. I checked the
rights on /dev/random and I don't have any issues with it. Can someone
point me in the direction to resolving my problem please ? Any idea on
how to solve this ?
Here is the relayd log snippet :
startup
init_filter: filter init done
init_tables: created 0 tables
relay_privinit: adding relay httpproxy
protocol 0: name httpfilter
flags: 0x20004
type: tcp
request change Connection to close
request change Keep-Alive to $TIMEOUT
request append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
request append $REMOTE_ADDR to X-Forwarded-For
response change Server to Server1
relay_init: max open files 11095
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
relay_launch: running relay httpproxy
relay_init: max open files 11095
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
relay_launch: running relay httpproxy
relay_init: max open files 11095
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
adding 1 hosts from table web_hosts:80
relay_launch: running relay httpproxy
hce_notify_done: 192.168.190.53 (recv_icmp: done)
host 192.168.190.53, check icmp (0ms), state unknown - up, availability
100.00%
pfe_dispatch_imsg: state 1 for host 1 192.168.190.53
hce_notify_done: 192.168.190.53 (recv_icmp: done)
Here is my relayd.conf :
relayd_addr=192.168.172.77
relayd_port=8080
web_port=80
table web_hosts { 192.168.190.53 }
interval 10
timeout 200
prefork 5
http protocol httpfilter {
return error
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
header change Keep-Alive to $TIMEOUT
header change Connection to close
response header change Server to Server1
ssl { sslv3, tlsv1, ciphers HIGH:!ADH, no sslv2 }
}
relay httpproxy {
listen on $relayd_addr port $relayd_port ssl
protocol httpfilter
forward to web_hosts port $web_port mode loadbalance check icmp
}
Here is my pf.conf
int_if=bce0
rdr-anchor relayd/*
rdr pass on $int_if proto tcp to port 443 - 192.168.172.77 port 8080
--
uday
Re: verify installed packages' binaries integrity ?
Try: pkg_delete -n /var/db/pkg/* Look for any lines mentioning failes are missing or files have the wrong hash. For example, I added a '.' to README.OpenBSD in qemu: $ pkg_delete -n qemu /usr/sbin/pkg_delete should be run as root Pretending to delete qemu-0.9.1p4 Problem: checksum doesn't match for /usr/local/share/doc/qemu/README.OpenBSD NOT deleting: /usr/local/share/doc/qemu/README.OpenBSD remove dependency on sdl-1.2.13p6 --- qemu-0.9.1p4 --- Couldn't delete /usr/local/share/doc/qemu/README.OpenBSD (bad checksum) Problem being, regardless the os, unless you boot from clean media and execute no binaries etc from the compromised system's disk or any other files the compromised system has access to, you really can never trust anything you see or any programs you run. So, the above is only valid if you want to check for disk corruption, really. -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by jul on 20081219 20:08.11, we have: | Stuart Henderson wrote on 18/12/08 21:14: | On 2008-12-18, jul jul_...@yahoo.fr wrote: | a small question, is there any way to check integrity of installed | packages'binaries ? | | yes, by (ab)using pkg_create: | | for i in `find /var/db/pkg -name +CONTENTS`; do | pkg_create -nf $i /dev/null | done | | | exactly, what i want. | | thanks a lot stuart | | for archives, seriously and as said before, it's only one step in | investigation. it doesn't replace a dd + forensic analysis for a | compromised host. | But when you are suspicious and there is no mtree/samhain/aide/else, it | helps.
Does the iwi driver support wpa encryptition ?
Hi I have a intel pro/wireless 2200 card in my laptop, and the man page for iwi don't say if it support wpa. Now, i'm doing this. $ sudo ifconfig iwi0 nwid mywireless wpa-psk 0xmywpapskwkey $ sudo dhclient iwi0 no link Regards. --- --- ficovh - http://bsdguy.net In the beginning God created the heavens and the earth. Gen. 1:1
Re: gd without xbase?
On Fri, Dec 19, 2008 at 12:40:38PM -0600, Aaron Martinez wrote: I am running 4.4 stable on i386 for the sole purpose of running nagios. So that I could get visualizations on the statusmap, nagios docs say that gd is required. I have performed just a minimal install, bsd, base44, etc44 and man44. When i try installing gd i come up with the following error: # pkg_add -nv gd parsing gd-2.0.35 Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) gd-2.0.35:parsing jpeg-6bp3 found libspec c.48.0 in /usr/lib Pretending to add gd-2.0.35:jpeg-6bp3 gd-2.0.35:parsing png-1.2.28 Pretending to add gd-2.0.35:png-1.2.28 found libspec c.48.0 in /usr/lib found libspec expat.9.0 in /usr/lib Can't install gd-2.0.35: lib not found fontconfig.5.1 Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) Full dependency tree is libiconv-1.12,jpeg-6bp3,png-1.2.28 Can't install gd-2.0.35: lib not found freetype.16.1 found libspec iconv.5.0 in package libiconv-1.12 found libspec jpeg.62.0 in package jpeg-6bp3 found libspec m.3.0 in /usr/lib found libspec png.7.0 in package png-1.2.28 found libspec z.4.1 in /usr/lib /dev/wd0g: 1432 bytes /dev/wd0f: 1381968 bytes I did some searching on this and found it most recently referenced about Openbsd 3.9 where people were indicating that gd was not going to have the x dependency in future releases. I have another machine that i did my nagios testing on that does NOT have gd installed but the .gd2 icons are displayed correctly in the statusmap. I do have php5-gd installed and doing a test install of php5-gd-no_x11 which works. My question here is, even though nagios doesn't use php, is the php-gd what is allowing the icons to display in this case since i don't actually have gd installed? Is there any other way to make this work? i didn't really want to install php or xbase on this box. Thanks in advance and dmesg below. Aaron Martinez OpenBSD 4.4-stable (GENERIC) #1: Fri Dec 5 15:52:41 CST 2008 r...@obsdbuild.minn.example.com:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 527986688 (503MB) avail mem = 502087680 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/10/03, BIOS32 rev. 0 @ 0xeb4e0, SMBIOS rev. 2.3 @ 0xf8dd4 (57 entries) bios0: vendor Hewlett-Packard version 786B2 v1.11 date 07/10/2003 bios0: Hewlett-Packard HP d530 SFF(DG781A) acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT SSDT SSDT APIC SSDT ASF! SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PCI0(S4) HUB_(S4) COM1(S4) COM2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3) PBTN(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (HUB_) acpicpu0 at acpi0 acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xe0c00/0x9a00! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xf000, size 0x800 drm at vga1 unsupported uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2 pci1 at ppb0 bus 5 bge0 at pci1 dev 2 function 0 Broadcom BCM5782 rev 0x03, BCM5705 A3 (0x3003): irq 5, address 00:0e:7f:f3:46:a7 brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340014A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: LITEON, CD-ROM LTN486S, YQSM ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt auich0 at
Re: Does the iwi driver support wpa encryptition ?
On Fri, Dec 19, 2008 at 7:01 PM, Francisco Valladolid Hdez. fic...@yahoo.com wrote: $ sudo ifconfig iwi0 nwid mywireless wpa-psk 0xmywpapskwkey $ sudo dhclient iwi0 no link Hello Francisco, As discussed earlier this week on this link, you'll need -current to get this working. Cheers, Steph
Re: gd without xbase?
If you have a package that somewhere down the line has requirements for libraries only provided by xbase, well, you're going to need xbase. If you're concerned about security, you can always un-setuid the bin/ dir, but you really do need xbase for packages that require freetype shared libs. It's not really that big, either. Thanks, -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Aaron Martinez on 20081219 12:40.38, we have: | I am running 4.4 stable on i386 for the sole purpose of running nagios. | So that I could get visualizations on the statusmap, nagios docs say that | gd is required. | | I have performed just a minimal install, bsd, base44, etc44 and man44. | When i try installing gd i come up with the following error: | # pkg_add -nv gd | parsing gd-2.0.35 | Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, | png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) | gd-2.0.35:parsing jpeg-6bp3 | found libspec c.48.0 in /usr/lib | Pretending to add gd-2.0.35:jpeg-6bp3 | gd-2.0.35:parsing png-1.2.28 | Pretending to add gd-2.0.35:png-1.2.28 | found libspec c.48.0 in /usr/lib | found libspec expat.9.0 in /usr/lib | Can't install gd-2.0.35: lib not found fontconfig.5.1 | Dependencies for gd-2.0.35 resolve to: libiconv-1.12, jpeg-6bp3, | png-1.2.28 (todo: jpeg-6bp3,png-1.2.28) | Full dependency tree is libiconv-1.12,jpeg-6bp3,png-1.2.28 | Can't install gd-2.0.35: lib not found freetype.16.1 | found libspec iconv.5.0 in package libiconv-1.12 | found libspec jpeg.62.0 in package jpeg-6bp3 | found libspec m.3.0 in /usr/lib | found libspec png.7.0 in package png-1.2.28 | found libspec z.4.1 in /usr/lib | /dev/wd0g: 1432 bytes | /dev/wd0f: 1381968 bytes | | | I did some searching on this and found it most recently referenced about | Openbsd 3.9 where people were indicating that gd was not going to have the | x dependency in future releases. | | I have another machine that i did my nagios testing on that does NOT have | gd installed but the .gd2 icons are displayed correctly in the statusmap. | I do have php5-gd installed and doing a test install of php5-gd-no_x11 | which works. My question here is, even though nagios doesn't use php, is | the php-gd what is allowing the icons to display in this case since i | don't actually have gd installed? | | Is there any other way to make this work? i didn't really want to install | php or xbase on this box. | | Thanks in advance and dmesg below. | | Aaron Martinez | | | | OpenBSD 4.4-stable (GENERIC) #1: Fri Dec 5 15:52:41 CST 2008 | r...@obsdbuild.minn.example.com:/usr/src/sys/arch/i386/compile/GENERIC | cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz | cpu0: | FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR | real mem = 527986688 (503MB) | avail mem = 502087680 (478MB) | mainbus0 at root | bios0 at mainbus0: AT/286+ BIOS, date 07/10/03, BIOS32 rev. 0 @ 0xeb4e0, | SMBIOS rev. 2.3 @ 0xf8dd4 (57 entries) | bios0: vendor Hewlett-Packard version 786B2 v1.11 date 07/10/2003 | bios0: Hewlett-Packard HP d530 SFF(DG781A) | acpi0 at bios0: rev 0 | acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT SSDT SSDT APIC SSDT ASF! | SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT | acpi0: wakeup devices PCI0(S4) HUB_(S4) COM1(S4) COM2(S4) USB1(S3) | USB2(S3) USB3(S3) USB4(S3) EUSB(S3) PBTN(S4) | acpitimer0 at acpi0: 3579545 Hz, 24 bits | acpiprt0 at acpi0: bus 0 (PCI0) | acpiprt1 at acpi0: bus 5 (HUB_) | acpicpu0 at acpi0 | acpibtn0 at acpi0: PBTN | bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xe0c00/0x9a00! | cpu0 at mainbus0 | pci0 at mainbus0 bus 0: configuration mode 1 (no bios) | pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 | vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 | wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) | wsdisplay0: screen 1-5 added (80x25, vt100 emulation) | agp0 at vga1: aperture at 0xf000, size 0x800 | drm at vga1 unsupported | uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 | uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 | uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 | ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 10 | usb0 at ehci0: USB revision 2.0 | uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
Re: Does the iwi driver support wpa encryptition ?
Hi I have a intel pro/wireless 2200 card in my laptop, and the man page for iwi don't say if it support wpa. Now, i'm doing this. $ sudo ifconfig iwi0 nwid mywireless wpa-psk 0xmywpapskwkey $ sudo dhclient iwi0 no link Regards. --- --- ficovh - http://bsdguy.net In the beginning God created the heavens and the earth. Gen. 1:1 WPA support was added after 4.4; you'll have to run -current instead. -- Joe Gidi j...@entropicblur.com
DCBSDCon 2009 Registration is Open!
We are proud to announce the opening of registration for DCBSDCon 2009! DCBSDCon 2009 will be held February 5th and 6th at the Marriott Wardman in Washington, DC. This is the inaugural event, but we already have an awesome lineup of speakers and events. If you haven't already, check out the details at http://www.dcbsdcon.org/. For those registering before February 5, registration is only $75. Registration at the day of the event (if there are any slots left) will increase to $125. Many of you are also following along as we reveal our speakers. Every Monday and Thursday, from now through January, we're releasing details on a new speaker. Just yesterday we announced our 3rd speaker, Chris Buechler of the pfSense project. It's like Christmas or Hannukkah, without the mess! Subscribe to our feed at http://blog.dcbsdcon.org/. Register online: http://www.dcbsdcon.org/register.html Hope to see you there! -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Loja21.com - As prendas de Natal mais originais e os melhores preços esta semana no seu Espaço Tecnológico!
caso nco visualize correctamente este e-mail, clique aqui Outras fantasticas sugestues para as suas PRENDAS DE NATAL: Encomende ja online, por telefone ou por e-mail www.loja21.com|214 151 490 |ap...@loja21.com Morada: Alameda Antsnio Sirgio, Ed. Empresarial, n: 7, 2:B 2795-023 Linda-a-Velha. Horario: 2* a 6* feira das 10h00 `s 19h00. Este e-mail promocional foi enviado para o enderego misc@openbsd.org Caso nco deseje voltar a receber a nossa newsletter, por favor clique aqui. [demime 1.01d removed an attachment of type image/jpeg which had a name of loja21.jpg]
Loja21.com - As prendas de Natal mais originais e os melhores preços esta semana no seu Espaço Tecnológico!
caso nco visualize correctamente este e-mail, clique aqui Outras fantasticas sugestues para as suas PRENDAS DE NATAL: Encomende ja online, por telefone ou por e-mail www.loja21.com|214 151 490 |ap...@loja21.com Morada: Alameda Antsnio Sirgio, Ed. Empresarial, n: 7, 2:B 2795-023 Linda-a-Velha. Horario: 2* a 6* feira das 10h00 `s 19h00. Este e-mail promocional foi enviado para o enderego misc@openbsd.org Caso nco deseje voltar a receber a nossa newsletter, por favor clique aqui. [demime 1.01d removed an attachment of type image/jpeg which had a name of loja21.jpg]
Re: openbsd igmp v3 proxy?
Henning Brauer wrote: I am not aware of anyone actively working on any igmp-related stuff, the lack of v3 comes probably down to nobody did it. well written diffs in reasonably small chunks will certainly be considered. Thought it was a licensensing issue. After posting my message here I did further research and found this posting on the kame list: ftp://ftp.kame.net/pub/mail-list/snap-users/9555 As far as I can see from the sources, igmpv3 support was already there via the KAME patches, at least for (much) older versions of OpenBSD. cheers tobias
