Re: ipv6 pf ruleset
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Are the encapsulated packets being allowd through wanif OK? Remember that the same packet will be IPv4 at some points, and IPv6 at others depending which side of encapsulation they're at. You'll probably need IPv4 rules on wanif and IPv6 rules on ip6if. Have you used pflog to see if anything is being blocked? Dunc Matt S wrote: Hello, Could someone tell me why, given the following ruleset, I cannot get to my machine from the outside on ipv6? Obviously, I just masked out the ipv6 address for security. Any insight would be much appreciated. Normally, I am decent with pf when it comes to ipv4. But, I am utterly lost. Perhaps I don't understand what the gif0 interface is truely doing. I know that I have it configured to encapsulate IPv6 traffic in IPv4 but I don't know how to troubleshoot it well. wanif=tun0 ip6if=gif0 intif=em0 intnet4=10.40.60.0/24 host=::X:XXX::1 tcp_services={ssh,domain,mail,ftp,http,https} udp_services={domain} set skip on {lo,$intif} block in all pass out all pass out on $wanif scrub (max-mss 1440) match out on $wanif inet from $intnet4 to any nat-to ($wanif) pass inet proto ipv6 from any to any pass in on $ip6if inet6 proto icmp6 icmp6-type {echoreq,unreach} pass in on $ip6if inet6 proto tcp from any to $host port $tcp_services pass in on $ip6if inet6 proto udp from any to $host port $tcp_services Thank you, Matt - -- Duncan Lockwood Principal Network Engineer The Bunker Secure Hosting Limited Ash Radar Station Marshborough Road Sandwich Kent CT13 0PL UNITED KINGDOM t: 01304 814 800 f: 01304 814 899 e: d...@thebunker.net w: www.thebunker.net PGP on Key Servers - This email and any attachments it may contain is confidential and solely intended for the use of the named addressee(s) only. Any views or opinions presented are solely those of the author and do not necessarily represent those of The Bunker. If you are not the intended recipient, be advised that you have received this email in error and that you should not rely on it or take any action based on it. You should not publish, use, disseminate, print, forward or copy this email as it is strictly prohibited. Please contact the sender if you have received this email in error and destroy it. - Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxCz9AACgkQOZKi9YO9TB6qjwCfbIIH64K4ZcS/tNtUeudsf6fl xbAAn1xP9blRoKAR8FUy7MVt+gq0xJMC =Naih -END PGP SIGNATURE-
code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC1ykACgkQvf41sEptMqCjTwCgisIxQB0fIOCQSrlfhIn7GShT JogAnAsqx2g5M+PyE0DZLNeSHF1luiYc =0LIw -END PGP SIGNATURE-
Re: code for fun
On 18/07/2010 12:27, Aaron Lewis wrote: Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? Kinda off-topic for here but whatever... Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of 11 bits. If the mantissa is all-ones, that will give a significant of 2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias (1023), it gives a maximum effective exponent of 1023, so that would give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308. What do you mean by precision? Firas
OT: Re: code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 06:56 PM, Firas Kraiem wrote: On 18/07/2010 12:27, Aaron Lewis wrote: Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? Kinda off-topic for here but whatever... Yeah , i'll put a OT here. Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of 11 bits. If the mantissa is all-ones, that will give a significant of 2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias (1023), it gives a maximum effective exponent of 1023, so that would give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308. Yep , right , but how you *get* it by a beautiful code , that could be really interesting. I mean , with a small code , c or c++ , printing the size out. What do you mean by precision? Kinda of significance digit. For example: A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) Doesn't matter if it's unsigned or signed , some ideas are cool enough. Still , use a small part of code , c or c++ , i'm just curious how to make it happen. Firas - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC4IkACgkQvf41sEptMqBN3wCeNNWj/cs9b1SB4hXwxqnJQrR4 gxsAoLKTzixeHSQzWHAeKTzgp6WDPn3I =McSS -END PGP SIGNATURE-
Re: OT: Re: code for fun
On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: B A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) http://en.wikipedia.org/wiki/Double_precision_floating-point_format Doesn't matter if it's unsigned or signed , some ideas are cool enough. I'd like to see your unsigned double! Still , use a small part of code , c or c++ , i'm just curious how to make it happen. What problem (i.e. homework assignment) are you trying to solve? -- Floor Terra flo...@gmail.com www: http://brobding.mine.nu/
Re: OT: Re: code for fun
Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of 11 bits. If the mantissa is all-ones, that will give a significant of 2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias (1023), it gives a maximum effective exponent of 1023, so that would give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308. Yep , right , but how you *get* it by a beautiful code , that could be really interesting. I mean , with a small code , c or c++ , printing the size out. Since you know the bit pattern that would yield the value, just make an union with an uint64_t and a double, set the uint to the desired bit-pattern, and printf the double: #include stdint.h #include stdio.h int main(void) { union intdouble { uint64_t foo; double bar; } maxdouble; maxdouble.foo = 0x7FEF; printf(%lf\n, maxdouble.bar); return 0; } What do you mean by precision? Kinda of significance digit. For example: A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) It depends on the exponent. If the exponent is large (as above), you won't get anything after the decimal point. The maximum you can get after the decimal point is when you have a denormalized number (exponent all-zeroes) and a mantissa of 000...1. That will give an exponent of -1022 and a significant of 2^(-52), yielding a value of 2^(-52)*2^(-1022) = 2^(-1074), roughly 10^(-324). Doesn't matter if it's unsigned or signed , some ideas are cool enough. IEEE floating-point numbers are always signed. Firas
Re: OT: Re: code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 08:04 PM, Floor Terra wrote: On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! See: http://en.wikipedia.org/wiki/Arithmetic_precision So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) http://en.wikipedia.org/wiki/Double_precision_floating-point_format Doesn't matter if it's unsigned or signed , some ideas are cool enough. I'd like to see your unsigned double! Sorry , they're all signed. Still , use a small part of code , c or c++ , i'm just curious how to make it happen. What problem (i.e. homework assignment) are you trying to solve? Come on , just for fun , someone asks me if i could print out the maximum number that can be stored in a double type , and the *precision* of a double type. For the first , maybe with some bit operations , no good idea from me. And the second , well i tried to divide 2 by 3 , see when i reaches 7 ( should be 0.667 ) , may not a clever way. - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC9EsACgkQvf41sEptMqD8CACfVFw2rSxQHBs1u8hLgltLIEr3 heUAniQgV+JEyy/WLr+IsV3mtIGUznM+ =xwd7 -END PGP SIGNATURE-
Re: OpenBSD users.
From Serbia On Sun, Jul 18, 2010 at 3:35 AM, Frank Bax f...@sympatico.ca wrote: Mateusz Gierblinski wrote: Hi misc@ I'm just wondering. Where are you OpenBSD users from? I'm from Belgium, anyone else? Take care There is an OpenBSD user in every country on this planet.
Re: OT: Re: code for fun
On Sun, Jul 18, 2010 at 2:32 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 08:04 PM, Floor Terra wrote: On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: B A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! See: http://en.wikipedia.org/wiki/Arithmetic_precision Yes. 12.340 has five significant digits. If you want to store it with just two significant digits you get 12. Come on , just for fun , someone asks me if i could print out the maximum number that can be stored in a double type , and the *precision* of a double type. The maximum number you can store in a IEEE double is +infinity of course. A 64 bit double has 52-bit mantissa, together with 1 sign bit it gives you almost 16 decimal significant digits. But like other things in life: It's not the size that maters, it's how you use it. (see math(3) and look for ULP) And the second , well i tried to divide 2 by 3 , see when i reaches 7 ( should be 0.667 ) , may not a clever way. Be careful converting your number to decimal if you want to keep maximum precision. -- Floor Terra flo...@gmail.com www: http://brobding.mine.nu/
Re: OpenBSD users.
Brazil!
Re: OpenBSD users.
Mixico On Sun, Jul 18, 2010 at 1:46 PM, VICTOR TARABOLA CORTIANO vt...@c3sl.ufpr.br wrote: Brazil! -- Hermes Ojeda Ruiz
Re: OpenBSD users.
Moscow/Russia -- Dmitrij D. Czarkoff
Re: OpenBSD users.
Calgary Alvaro On Sun, Jul 18, 2010 at 14:13, Dmitrij D. Czarkoff czark...@gmail.comwrote: Moscow/Russia -- Dmitrij D. Czarkoff
Re: OpenBSD users.
Mateusz Gierblinski mateusz.gierblin...@gmail.com writes: I'm just wondering. Where are you OpenBSD users from? Bergen, Norway - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD users.
On Sun, Jul 18, 2010 at 01:07:12AM +0200, Mateusz Gierblinski wrote: I'm just wondering. Where are you OpenBSD users from? Your mom's bedroom. -J.
Re: OpenBSD users.
On Sun, Jul 18, 2010 at 01:07:12AM +0200, Mateusz Gierblinski wrote: I'm just wondering. Where are you OpenBSD users from? The Netherlands!
Re: OpenBSD users.
On 2010-07-17, Mateusz Gierblinski mateusz.gierblin...@gmail.com wrote: Hi misc@ I'm just wondering. Where are you OpenBSD users from? I'm from Belgium, anyone else? Are you aware that by sending such useless mails you are transforming energy and contributing to global warming? Best regards, Jona -- Worse is better Richard P. Gabriel
Re: OpenBSD users.
Jona Joachim wrote: Are you aware that by sending such useless mails you are transforming energy and contributing to global warming? Oh, well in that case, hello, come here often? ;-) ...Canada, btw. -Bryan.
Re: OpenBSD users.
Russia/Sergiev Posad -- sergeyb@