Re: pf queues

On Thu, 2023-11-30 at 15:55 +0300, 4 wrote: > "cbq can entirely be expressed in it" ok. so how do i set priorities > for queues in hfsc You stack HFSC with link-share service curves with linkshare criterion 1:0 - or in pf.conf(5) terms: "bandwidth 1" and "bandwidth 0". Or you do not configure

Re: Recover partition table/FFS2 after overwrite?

On Mon, 2021-09-06 at 12:57 -0400, gwes wrote: > This doesn't happen often but... maybe a page somewhere online? http://akpoff.com/archive/2017/that_time_i_nuked_the_disklabel_and_recovered_the_disk.html Cases are often slightly different depending on how you destroyed your disk layout. But the

Re: unexpected behavior with pf queues (bandwidth allocations seemingly ignored)

Please try first to remove „min“. „Min“ makes it a „real-time service curve“ in HFSC terminology, which may react … „unexpectedly“ when exceeded. And you do not want „real-time“ properties for file transfer anyways. > Am 24.07.2021 um 00:21 schrieb Scott Lewandowski : > > I am attempting to

Re: pf question: IPv6 prefix changed, how to tell pf?

On Fri, 2021-07-23 at 08:21 +0200, Harald Dunkel wrote: > Deutsche Telekom gives me a new /56 prefix for my internal net and > a new /64 prefix for the external connection on every reboot of my > modem. The old internal prefix is not routed anymore. Question is, > how can I tell pf to use the new

Re: .profile not being loaded (ksh) when opening shell in X

On Wed, 2021-04-28 at 06:20 +, David Dahlberg wrote: > I noticed the effect that the OP described ($PWD and $HOME/.profile > being ignored) too After some testing of different WM/DE (Xenodm to FVWM, CWM, Xfce, Lumina, Mate) and terminal emulators, I have to conclude, that the effect

Re: .profile not being loaded (ksh) when opening shell in X

On Tue, 2021-04-27 at 09:37 +0200, Alexandre Ratchov wrote: > If you're using a display manager (xenodm or whatever), you've to > include your .profile in your session login script (X equivalent of > shell's ~/.profile concept), so the envoronment (and other global > login settings) from your

X hangs on 3d accel'd desktop (X1C3)

Hi all, I am not sure, whether this is a problem of a graphics driver (for bugs@) or whether I messed up my config (ports@). So I am asking here, where I am definitively off-topic: Starting with a sysupgrade and pkg_add -u to last weeks -snapshot, GDM became unresponsive. Symptoms: * I see the

Re: Pass, gpg2, gpg

Am Freitag, den 07.12.2018, 16:33 +0100 schrieb Lucas López: > I like https://www.passwordstore.org/ and I am so gratefull to have it > in OpenBSD as a package! Please do not ask questions that have nothing to do with OpenBSD in misc@. If it is about the port itself, you may contact the

Re: vlan without IP address not working (parent not in promisc mode)

> On 2018-05-22, Sigi Rudzio wrote: > > With this configuration, the parent interface on router 2 (sk0) > > isn't in > > promiscous mode and no traffic can pass into the vlan interface Sounds pretty much like the same problem that I had:

Re: iwm performance (was: Re: how would you troubleshoot your wifi?)

Am Freitag, den 22.07.2016, 11:36 +0200 schrieb Stefan Sperling: > I've already been told about iwm performance regressions compared to > 5.9, > so I'd like to make a statement (not just directed at you, Andreas, > but > at everyone). JFYI: A temporary workaround which works for me (on a X1C3)

Re: serial & console access

Am Dienstag, den 26.04.2016, 23:42 -0700 schrieb jungle Boogie: > I would like to connect to a laptop via serial [..] > Unexpectedly to me, I could not see the machine actually boot up until > it went to the login prompt. > Is there an /etc/boot.conf option I can set to support both console > and

Re: Cannot Cleanly Exit FVWM / X Windows System

Am Mittwoch, den 03.02.2016, 15:29 -0500 schrieb Samir Parikh: >  I am running version 5.8 (amd64) on a Lenovo Thinkpad T450s  > with a fairly default installation. The T405s is a Broadwell. > I have a few issues to sort out but my first concern is that I cannot  > exit out of FVWM.  I launch it

Re: Configure NTP servers from DHCP response?

Am Dienstag, den 15.12.2015, 08:23 + schrieb Stuart Henderson: > On 2015-12-14, Mark Carroll wrote: > > I'm guessing that wanting to set ntpd's servers based > > on what the DHCP server told the system is a fairly typical use case > > I don't think there's an easier way

Re: Remove "flags S/SA keep state" for tcp packets

Am Dienstag, den 15.12.2015, 09:24 + schrieb C. L. Martinez: >  I am trying to remove "flags S/SA keep state" for tcp packets inside > pf.conf and use "keep state" only, as it can do with udp and icmp. > >  According to pf.conf man page, this is possible inserting "no state" > in tcp rule,

Re: OpenBSD 5.7-stable/OpenSMTPD 5.4.4 error: client did not present certificate

Am Mittwoch, den 25.11.2015, 18:51 +0100 schrieb Gianluca D.Muscelli: > Hi, if i use verify in /etc/smtpd.conf sometimes I reciveerrors like > this: [..] > Nov 25 16:33:05 server smtpd[12808]: smtp-in: Disconnecting session > 95548f7f974b7523: client did not present certificate > > Any suggestion

Re: queueing example on pf.conf man page

Am Mittwoch, den 04.11.2015, 13:37 +1100 schrieb Jason Tubnor: > While pf(4) will let you define and load queues that exceed the parent > (top > level) queue, when you start to load up your queues, you'll get > congestion > defeating the purpose of queuing.  To what point, depends on your >

Re: queueing example on pf.conf man page

Am Mittwoch, den 04.11.2015, 10:09 +0800 schrieb Glenn Faustino: > I notice that under queueing section of the pf.conf man page the total > child queues bandwidth exceed what's defined in the parent. Oops, now I found the /other/ example #| > Can the bandwidth on the child queues exceed what's

Re: Suggested 1000BASE-LX adapter

Am Dienstag, den 27.10.2015, 13:01 +0100 schrieb Federico Giannici: > I have to install in an OpenBSD 5.8 amd64 a PCI-E ethernet card > supporting 1000BASE-LX (i.e. 1Gbps with Single Mode Fiber). > > Usually we use Intel cards (em driver) but I found that the only Intel > LX card has a PCI-X

Re: match rules and priorities

Am Freitag, den 09.10.2015, 07:56 +0300 schrieb Kimmo Paasiala: > On Thu, Oct 8, 2015 at 4:26 PM, Christer Solskogen > > I boiled the rule down to this: > > match proto tcp to port { http https } set prio 7 > > > > But I still can't see that it does anything useful, as I don't see > > any > >

Re: match rules and priorities

Am Donnerstag, den 08.10.2015, 15:26 +0200 schrieb Christer Solskogen: > I boiled the rule down to this: > match proto tcp to port { http https } set prio 7 > > But I still can't see that it does anything useful, as I don't see any > better speed on http with or without that rule. > What have I

Re: Adding zombies to a pf table?

am not sure whether the "synproxy state" or the "rdr-to 127.0.0.1 port 9" part of the rule did the trick. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: rookie questions about flavors

to understand these points in order to > keep > things clean. Well, usually there are two paths: To follow -current: * Use -snapshots * Update to -current (CVS) when you require it (e.g. to test some new code). To follow -stable(ish): * Install a -release * Update from CVS * OR use errat

Re: bluetooth keyboard [was:Re: Intel Edison]

and bluetooth mouse. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: Recommended Industrial PCs?

Am Donnerstag, den 27.08.2015, 09:42 +0200 schrieb Martin Haufschild: Can you recommend specific models (maybe you had good experience with)? Compact models would be preferred. NEXCOM NISE 3600E2: http://www.nexcom.com/Products/industrial-computing-solutions/industrial

Re: Recommended Industrial PCs?

to to with it, what are your requirements? In the past, I have made good experiences with various Nexcom devices -- and Shuttle if you would consider them IPCs, too. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany

Re: redirect nor vpn (as I know it) solves this problem

to me (inbound nat-to). Alternatively, beam yourself into that network using some kind of L2 VPN. Possibilities would be EtherIP (gif(4)) or vxlan(4) over IPsec(4) or OpenVPN respectively. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845

Re: smtpd.conf.5 relay tls | verify

and verify options are mutually exclusive and should only be used in private networks as they will prevent proper relaying on the Internet. - Note that the tls and verify options are mutually exclusive and + Note that the tls and tls verify options ? -- David Dahlberg

New: colortree

A port for Steve Baker's tree program. As we have already a simpler, BSD-licenced alternative in ports, I used the gnugetopt/coreutils/colorls approach and renamed to colortree, which is the author's preference. Cheers, David [demime 1.01d removed an attachment of type

Re: New: colortree

Am Sunday, den 19.07.2015, 16:13 +0200 schrieb David Dahlberg: A port for Steve Baker's tree program. Wrong list. Sorry.

Re: SOHO IPv6 router problems

Am Dienstag, den 30.06.2015, 20:27 +0200 schrieb Patrik Lundin: We start out by enabling autoconf on em0 to get a default route via fe80: === # ifconfig em0 inet6 autoconf === The interface configuration now looks like this: [...] em0:

Re: ThinkPad X1 Carbon Gen3

Am 27.06.2015 um 05:37 schrieb Masao Uebayashi uebay...@tombiinc.com: - ZZZ - Disabling TPM doesn't help hibernation. - I tried disabling various devices (iwm, em, xhci, ehci, ...). Didn't help instability of hibernation. - Most failures are not recognizing hibernation (`/ was not

Re: dnssec-signzone and NSEC3

Am Freitag, den 26.06.2015, 09:53 +0200 schrieb Peter J. Philipp: I can't find the -3 - option to generate NSEC3 RR's with dnssec-signzone. Am I reading the manual page wrong or is this a missing feature? If it is I'll probably leave NSEC3 out. That's because old OpenBSD used an old version

Re: nsd configuration problem

Am Mittwoch, den 24.06.2015, 18:02 +0100 schrieb Graham Stephens: I've tried to set up nsd on 5.7 x64 and it's not working as it should, but I'm lost as to where to look to correct the issue. I was hoping for some pointers. :) Okay. First of all, I hope you are aware of the difference

Re: Any books about OpenBSD ARM programming?

Am Mittwoch, den 24.06.2015, 17:26 +0200 schrieb Piotr Kubaj: I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? Additionally to what the others did say, you probably should have a look into the (code of the)

Re: nsd configuration problem

Am Donnerstag, den 25.06.2015, 11:42 +0100 schrieb Graham Stephens: I'm trying to replace several boxes (firewall, file server, mail server) with one virtualized one. [..] So actually you do not want to serve names of a domain (say thestephensdomain.com) to the Internet, but you want the

Re: Thinkpad E550

Am Monday, den 22.06.2015, 09:13 + schrieb David Dahlberg: I have one the newer iwm's at home. Checking whether it is one of those that you were addressing was on my TODO list, but unfortunately it seems to have fallen off :-( (BCC to self as a reminder). Sorry for alerting you

Re: Thinkpad E550

]. As a workaround for the freezing X server, jcs@ advised me to kill the the X server by putting the following line into /etc/X11/xdm/xdm -config: DisplayManager.*.resetSignal: 9 [1] http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/Broad wellBoxes/ -- David Dahlberg Fraunhofer

Re: when SSDs are not so solid or why no TRIM support can be a good thing :)

disk safeguards contents] - would you use softraid here? No. If you use a RAID1, you'll get the performance of the worse of both disks. To support multiple disks with different characteristics and to get the most out of it was AFAIK one of motivations for Matthew Dillon to write HAMMER. -- David

System hangs on exiting X (Lenovo X1C3)

Hi, I am experiencing regular hangups (display freezes, switching to console not possible, does not respond to power button) when exiting X on a brandnew Lenovo X1 Carbon Gen. 3 (Type 20BB). I can reproduce this behaviour on freshly installed systems (5.7 and -snapshot): Start fvwm (XDM or

Re: System hangs on exiting X (Lenovo X1C3)

Von: joshua stein j...@openbsd.org -- Gesendet: 2015.05.29 - 19:00 It is probably not the whole system hanging, but X with the VESA driver seems to have some trouble exiting cleanly so you just get a hung X server that won't respond to switching back to the console (or allow XDM to

Re: 5.7 upgrade question

or until you received your CD set. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: IPSec and Cisco peers

in isakmpd.conf (you want to have it always on anyways). Cheers David -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: Help needed: pkg_add dropps connections

the connection terminates. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: Full disk encryption and keyboard

for softraid and set tty com0 in the mailinglist archives. -dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: Any experience running OpenBSD 5.6 or current on a Shuttle DS437?

a recovery console, I will connect on the COM port anyway as carrying a laptop and a serial cable is IMHO easier than carrying keyboard and monitor. Cheers David -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg

Re: DNS over IPSec weirdness

command. Feed them into tcpdump with -E espalg:espkey (please read the man page, before you do so). Wireshark may also decrypt your stream via the ESP protocol settings. -dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr

Re: simple way to block one word domains?

Am Dienstag, den 09.12.2014, 11:01 -0500 schrieb Ted Unangst: Curious if anyone knows a simple way to prevent resolution of one word hostnames. Maybe I just think to simple here, but how about just switching on DNSSEC (auto-trust-anchor-file in unbound.conf)? David -- David Dahlberg

Re: PF rules loading bug on OpenBSD 5.6

is indeed correct if read on it's own, but something else in the current state of pf leads to a different result of a line than you might expect. In my case, usually flushing the queues before reloading them from pf.conf helps. -dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication

Re: nsd_flags

daemon_flags=${_rcflags} (the rc.conf manpage implies this behaviour) or the manpage should be changed accordingly. Regards David -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228

Re: IPv6 nonfunctional after upgrade from 5.5 to 5.6

-- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: hang at syncing disks... done

-dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: openbgpd ipv6 nexthop

0 FIB? -dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: hp proliant dl 320e gen 8 for openbsd 5.5 64 bit ?

mentioned type of hardware RAID is really nothing else than software RAID with a BIOS flag, you may as well go with standard software RAID, which has even the advantage, that you may monitor it with standard OS tools. Cheers David -- David Dahlberg Fraunhofer FKIE, Dept

Re: Relationship Between VLANs and Physical Interfaces in PF

. do not send me more than 2Mbit, even if the physical connection is 1GE). But of course, one may realize that with several (non-sharing) queues on the physical interface and the right selectors, as Henning suggested. David -- David Dahlberg Fraunhofer FKIE, Dept. Communication

Re: IPSEC with redundant remote peer address

)/keepalives (Cisco). Cheers David -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277

Re: Relationship Between VLANs and Physical Interfaces in PF

. Please tell me, what the above config actually does. Will the first line silently add a vlan33q to re0 that still does what it is intended? OTOH, adding a queue to a GRE interface does not work indeed. Regards David -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM