Re: supermicro 5019D-FTN4 server with AMD EPYC 3251 SoC Processor

2021-06-30 Thread Denis Fondras
Le Tue, Jun 29, 2021 at 07:46:55PM +0200, EdaSky a écrit : > Good day everyone > > Does anyone use supermicro 5019D-FTN4 server with AMD EPYC 3251 SoC > Processor? > > https://www.supermicro.com/Aplus/system/Embedded/AS-5019D-FTN4.cfm > > Experience and dmesg would be perfect. > Experience is

Re: pflow on PE router

2021-05-30 Thread Denis Fondras
Le Fri, May 28, 2021 at 03:30:58PM -0700, Chris Cappuccio a écrit : > You might try "set state-defaults pflow, sloppy", also in some scenarios you > might need "set state-policy floating" > > If "sloppy" fixes it, there may be some bugs to hunt. > "sloppy" seems to fix the issue. I will do more

Re: pflow on PE router

2021-05-16 Thread Denis Fondras
Here are some more infos : >- does running pf(4) without pflow(4) cause issue? Yes, the issue is linked to pf(4) being enabled. >- can you confirm you were running with pf(4) disabled prior to enabling > pflow(4)? I do confirm. I never enable pf(4) on edge routers, it bit in the past

pflow on PE router

2021-05-14 Thread Denis Fondras
Hello, I used OpenBSD as a PE router on my network. The router is connected to an IX, a transit and multiple peers with OpenBGPd. Earlier this week, I enabled pflow(4) to track traffic usage. Unfortunately enabling pf(4) on a edge router does not seems like a good idea. Some peers called in to

Re: DHCPd - option capwap (code 138)

2021-05-06 Thread Denis Fondras
Le Thu, May 06, 2021 at 10:48:55AM +0200, Radek a écrit : > Hello, > I want to use dhcpd server to push Wireless Controller's IP address to the > APs. > > According to this: > http://systemnetworksecurity.blogspot.com/2013/02/adding-custom-options-in-isc-dhcpds.html >

Re: Impact of 002_icmp6.patch

2020-10-30 Thread Denis Fondras
On Fri, Oct 30, 2020 at 11:58:41AM +0100, Martin Schröder wrote: > Am Fr., 30. Okt. 2020 um 11:54 Uhr schrieb Denis Fondras > : > > Please, fix your tweet. The default install answer for IPv6 is 'none'. > > This borders on "switch off v6 for security reasons",

Re: Impact of 002_icmp6.patch

2020-10-30 Thread Denis Fondras
On Fri, Oct 30, 2020 at 11:36:33AM +0100, js-openbsd-m...@webkeks.org wrote: > To close this thread, I found this: > https://twitter.com/m00nbsd/status/1321524807473782784 > Please, fix your tweet. The default install answer for IPv6 is 'none'.

Re: Source address selection algorithm w/ bgp

2020-05-28 Thread Denis Fondras
On Thu, May 28, 2020 at 08:09:25AM -0600, Theo de Raadt wrote: > A few tools have options like -s, but it is a problem. > > I'm also frustrated by this solution, and working on a better method. > > Pierre Emeriaud wrote: > > > What is the current canonical way to tweak source address

Re: net.inet.ip6.forwarding=1 ?

2020-05-19 Thread Denis Fondras
On Tue, May 19, 2020 at 08:36:56PM +0200, Harald Dunkel wrote: > Hi folks, > > congrats to the new release. > > Question about https://www.openbsd.org/faq/upgrade67.html: > Shouldn't it be > > net.inet.ip.forwarding=1 > net.inet6.ip6.forwarding=1 > > Thats what I found in my sysctl.conf

Re: OSPF lsa_check issue

2020-05-05 Thread Denis Fondras
On Tue, May 05, 2020 at 09:07:34AM +0100, Richard Chivers wrote: > Another 5 or so seconds later the same LS-Update comes in with the same seq > number. This appears to continue indefinitely. Our only fix appears to be > restarting ospfd on the routers. > > Does anyone have an idea what is going

Re: VLAN syntax in hostname.vlanxxx

2020-04-29 Thread Denis Fondras
On Wed, Apr 29, 2020 at 09:58:27PM +0200, Lars Bonnesen wrote: > On an obsd 6.6, I use the vmx device, but the syntax: > inet 172.18.11.9 255.255.255.252 NONE vlandev vmx2 description VLAN703 > vlandev is not supported any more. You have to use parent and vnetid, check man ifconfig.

Re: Contributing to spamd

2020-04-03 Thread Denis Fondras
On Fri, Apr 03, 2020 at 08:54:22AM -0400, Aisha Tammy wrote: > Hi devs and all, > I have been using spamd for quite a while and have been loving it. > I've seen that spamd currently only supports ipv4 and have been > wondering if it was possible to extend it to ipv6. I know that workforce > is

Re: ifconfig behavior

2020-01-08 Thread Denis Fondras
On Tue, Jan 07, 2020 at 10:19:36PM +, Pedro Caetano wrote: > Hi misc@ happy new year! > > While running snapshot #584 on amd64 I noticed setting addresses using > ifconfig is not consistent for ipv4 and ipv6. > > Is this expected behavior? I wasn't able to find anything in the FAQ. > It

Re: route an IPv4 /32 to a different interface

2019-12-16 Thread Denis Fondras
On Sun, Dec 15, 2019 at 08:29:42PM +, Tom Smyth wrote: > Hi Denis, > > ok ..I hadnt read your email fully sorry about that... > > what are you trying to achieve here? > > you have a 172.16.0.249/30 address on em3 which includes > 172.16.0.248-127.16.0.251 > > and then you have a

route an IPv4 /32 to a different interface

2019-12-15 Thread Denis Fondras
Hi, I have this setup : em3: flags=8843 mtu 1500 lladdr index 4 priority 0 llprio 3 media: Ethernet autoselect (1000baseSX full-duplex) status: active inet6 fe80::aa9:b803:8a7a:ca72%em3 prefixlen 64 scopeid 0x4 inet 172.16.0.254 netmask 0xff00

Re: bgpctl sho ri nei terse output vs man page discrepancy

2019-09-22 Thread Denis Fondras
On Sun, Sep 22, 2019 at 02:08:50PM +0200, Rachel Roch wrote: > Hi, > > Hopefully I'm not missing something silly here but I've read the paragraph in > the man page and it only lists 15 variables: > > "The printed numbers are the sent and received open, > sent and received notifications, sent

Re: IPv6 problems

2019-08-15 Thread Denis Fondras
On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote: > Hi, > > EDIT: > > I have taken a look at the website of my hosting provider. > > My IPv6 gateway would be fe80::1. > > When trying to add the route manually i get "network unreachable". > Did you specify the output interface ? With LL

Re: IPv6 problems

2019-08-14 Thread Denis Fondras
On Wed, Aug 14, 2019 at 08:36:45PM +0200, list wrote: > Hello, > > thanks alot for your suggestions! I really appreciate it. > > Unluckily that didn't work out. > > My hostname.vio0 now looks like this: > >         inet6 alias /64 > >         !route add -inet6 default

Re: IPv6 problems

2019-08-13 Thread Denis Fondras
On Tue, Aug 13, 2019 at 05:25:43PM +0200, list wrote: > Hi, > > I have been trying to set up IPv6 on my OpenBSD machine. > > It is running on stable branch.  > > The interface I am trying to configure IPv6 on is "vio". > > My hostname.vio0 looks like this: > > > dhcp > > inet6 alias

Re: Moving from Bird to OpenBGPD

2019-07-14 Thread Denis Fondras
On Sat, Jul 13, 2019 at 09:44:28PM -0700, BSD user wrote: > Hello, > > My apologies for sending this email multiple times. > > I was so mortified by Tutanota's awful text formatting that I created a > new mail account that supported IMAP so that I could load it up in > Thunderbird with text only

Re: Static IPv6, router tries to reach system with unknown fe80 address

2019-07-13 Thread Denis Fondras
On Sat, Jul 13, 2019 at 12:15:30PM +0200, Stefan Hagen wrote: > Hello, > > I have a question regarding the IPv6 behavior of OpenBSD compared to > Linux/FreeBSD. I tried to configure a static IPv6 address on my VPS. > > From my provider, I got the following data: > > IP Address:

bgpd : route in FIB, not in kernel route table

2019-05-10 Thread Denis Fondras
Hi, I had a weird problem today that I can't explain when I tried to add a peer (185.22.129.11) to bgpd. The prefix was accepted, shows up in RIB as valid, installed in FIB according to bgpctl but kernel could not find a route. Group "liopen" provides a fullview. OpenBSD-current from May 8th. I

Re: When will be created a great desktop experience for OpenBSD?

2019-05-07 Thread Denis Fondras
> user-friendly and easy-to-use > Sounds like the exact description of current OpenBSD...

Re: eBGP routes are not reannounced

2019-04-22 Thread Denis Fondras
> I don't understand how to use "allow from group" > Sorry, I responded too fast. You already receive the prefixes from $spamASN and you want to redistribute them. There is no filtering in the (old) versions you use IIRC. > Yes I use 6.0, 6.1 and 5.8 on these machines. I'm waiting for 6.5 to

Re: eBGP routes are not reannounced

2019-04-22 Thread Denis Fondras
On Mon, Apr 22, 2019 at 10:07:52AM +, Mik J wrote: > Hello, > > I'm trying to set up openbgpd. > > On site 2, I'm peering with us.bgp-spamd.net and eu.bgp-spamd.net sucessfully. > The problem is that these routes are not in the bgp table on site 3. The BGP > peerings are up. > From site 3 I

Re: packet loss when > 1000 clients connect

2019-04-16 Thread Denis Fondras
On Tue, Apr 16, 2019 at 11:07:47AM +0200, Torsten wrote: > Hi! > > Problem description: > In a customers network more than 2k clients connect to a server and > perform https requests. When in the morning more and more clients become > active, the number of connections rises until more and more

Re: openbgpd; strip private ASNs from bgp updates

2019-03-26 Thread Denis Fondras
On Tue, Mar 26, 2019 at 02:54:38PM +0100, open...@kene.nu wrote: > Hello, > > Is there a way to make openbgpd strip private ASNs from updates it > sends to certain neighbors? > I am using openbgpd on my edge routers and distribute routes generated > internally to the rest of the world. However,

Re: Block/allow outgoing traffic by user or application?

2019-02-24 Thread Denis Fondras
On Sun, Feb 24, 2019 at 01:43:08PM +0700, Frank Beuth wrote: > Is it possible to restrict network access on a per-user or per-application > (rather than per-port) basis? > > pf does not seem to have any capability to do this, maybe I missed something. > Don't know what you are aiming to do but

Re: Keeping track of MAC addresses

2019-02-20 Thread Denis Fondras
On Wed, Feb 20, 2019 at 01:05:59PM -0700, j...@bitminer.ca wrote: > > > > did you take a look at net/arpwatch? > > Too many emails; email to root is not a useful mechanism for me. > And net/arpwatch does not handle IPv6. I'll use the route message ABI if I had to do what you are looking for.

Re: bgplg doesn't work with wildcard httpd servers

2019-01-11 Thread Denis Fondras
On Fri, Jan 11, 2019 at 10:50:21AM -0600, Adam Thompson wrote: > Running 6.4 (-stable, via openup/mtier). > I have bgpd(8) talking to my border router, acting as a route collector. > That part seems fine. > I now have httpd(8) configured trivially to run bgplg(8) (per the bgplg(8) > manpage) but

Re: Error output from ndp -an

2018-12-28 Thread Denis Fondras
On Thu, Dec 27, 2018 at 01:39:33PM -0600, Aaron Riekenberg wrote: > I'm using OpenBSD 6.4 on a pcengines apu2 box as a router/firewall for a > CenturyLink DSL (pppoe) connection. > > Today I set up rd6 for ipv6 for the first time, similar to what is > described here: >

Re: OpenBGPD as route server - correct filter syntax ?

2018-08-30 Thread Denis Fondras
On Thu, Aug 30, 2018 at 03:29:50PM +, Bob Smith wrote: > Hi, > > I'm trying to figure out the most suitable config params transform OpenBGPD > into a route server. > > So far I have : > route-collector yes If you are configuring a route server, you don't want "route-collector yes". Or if

Re: OpenBSD on EdgeRouter 4

2018-08-20 Thread Denis Fondras
On Mon, Aug 20, 2018 at 10:22:58PM +, r303 wrote: > Has anyone installed OpenBSD on an EdgeRouter 4? > If so, can you share a quick rundown of the installation steps? > The tutorial for the EdgeRouter Lite doesn't seem to match up with the ER-4. >

Re: Adding New Commands to BGP Looking Glass?

2018-07-23 Thread Denis Fondras
> Do you see where I might've gone wrong? I know that my definition in the .h > file is wrong, but I'm trying to get this working in baby steps, and perhaps > I was mistaken but I thought that having a duplicated function would still > make it appear in the bgplg menu. Is there anything obvious

Re: Adding New Commands to BGP Looking Glass?

2018-07-20 Thread Denis Fondras
> If you need specifics I can certainly supply screenshots or code snippets. > It's probably something obvious that I'm just not seeing, but any help would > be greatly appreciated. > Can you show some diff and detailed steps please ?

Re: rtadvd bug ?

2018-06-17 Thread Denis Fondras
On Mon, Jun 11, 2018 at 10:13:36AM +0200, Bastien Durel wrote: > Because it's lower than RTP_CONNECTED and I don't know what it is. The > /* local address routes (must be the highest) */ comment makes me think > it MAY be 127.0.0.0/8 or ::1/128 (useless for rtadvd then), but it may > be related to

Re: Interest in new network protocols

2018-06-14 Thread Denis Fondras
Hi, > I've been doing some light reading on the topic of new(er) networking > protocols, and I've come across Locator/Identifier Seperation Protocol (LISP) > (RFC6830 and onwards) and Identifier/Locator Network Protocol (ILNP) (RFC6740 > and onwards). > > There appear to be implementations of

Re: rtadvd bug ?

2018-06-09 Thread Denis Fondras
On Thu, Jun 07, 2018 at 04:02:34PM +0200, Bastien Durel wrote: > shouldn't it check the rtm_priority to be RTP_LOCAL or RTP_CONNECTED ?? > it make no sense to start advertising prefix on an interface if the > prefix is over a gateway. > Why RTP_LOCAL ?

Re: Confusing IPv6 route(8) results

2018-05-24 Thread Denis Fondras
On Thu, May 24, 2018 at 08:43:30PM +0200, Sebastian Benoit wrote: > Denis Fondras(de...@openbsd.org) on 2018.05.24 17:57:19 +0200: > > On Thu, May 24, 2018 at 07:04:04AM -0400, David Higgs wrote: > > > But shouldn???t the answer be the same, since I have a valid de

Re: Confusing IPv6 route(8) results

2018-05-24 Thread Denis Fondras
On Thu, May 24, 2018 at 07:04:04AM -0400, David Higgs wrote: > But shouldn’t the answer be the same, since I have a valid default route? > It should but that's not how route(8) works for now :) Barely tested diff, assumes that no netmask means /128 (similar to IPv4 handling where no netmask

Re: Confusing IPv6 route(8) results

2018-05-24 Thread Denis Fondras
Hi, On Wed, May 23, 2018 at 10:34:19PM -0400, David Higgs wrote: > I am using route(8) in a script but found some odd behavior when > querying routes for some IPv6 addresses - lookups seem to fail if the > trailing address bytes are zero (implicit or explicitly) as shown > below. However, the

Re: spamd and IPv6

2018-02-14 Thread Denis Fondras
> does anyone can tell me what the state of spamd and IPv6 is? I would > have expected it to work but I can't set for exampe ::1 or [::1] as a > listening address (neither alone or together with 127.0.0.1). > Unsupported yet. phessler@ has a diff for it.

Re: OpenBSD Foundation on HTTPS

2018-02-06 Thread Denis Fondras
> If you actually donate and click on any links there you would see it > bring you to a secure page. > But is this the right link ? Can I update the value of "hosted_button_id" and send you to my Paypal account ? Denis

Re: vmd: routing problem

2017-07-20 Thread Denis Fondras
> What would be the difference to your version where i use vether instead of > an alias? Or did i missunderstand you? > The difference is broadcast trafic won't be sent over your provider network.

Re: vmd: routing problem

2017-07-20 Thread Denis Fondras
Hello, > Can you people see something that i might missed? The easy way would be enable forwarding, add a vether(4) on the host, bridge it with tap0 and configure it with an IP in the 136.243.186.160/29 subnet. Use that IP as the gateway in your VMs.

Re: Relayd 2 domains on 2 seperate vm

2017-04-26 Thread Denis Fondras
> I dont want loadbalancing here! I need to seperate the hosting of the domain > to diffrent machines because of som software that is running on one of the > machines but is not needed on the other one. > Something like that ? # cat /etc/relayd.conf ext_addr="185.xxx.xxx.xxx" table {

Remove socppc from 61.html

2017-03-07 Thread Denis Fondras
Hello, I noticed socppc has not been built since 5.8. I guess we can consider it dead and remove it from 61.html. While at it, delete the duplicate mention of hppa. Denis Index: 61.html === RCS file: /cvs/www/61.html,v retrieving

Re: From SHA1 to SHA256 in dhcpd sync

2017-02-27 Thread Denis Fondras
> It does also need some notice to users that old+new aren't compatible. > But as far as I'm aware SHA1 and even MD5 are still considered suitable > for HMAC aren't they? > You are right Stuart.

From SHA1 to SHA256 in dhcpd sync

2017-02-25 Thread Denis Fondras
Hi, A patch to get away from SHA1 in dhcpd Index: sync.c === RCS file: /cvs/src/usr.sbin/dhcpd/sync.c,v retrieving revision 1.23 diff -u -p -r1.23 sync.c --- sync.c 13 Feb 2017 23:04:05 - 1.23 +++ sync.c 25 Feb

From SHA1 to SHA256 in spamd sync

2017-02-25 Thread Denis Fondras
Hi, A patch to get away from SHA1 in spamd Index: sync.c === RCS file: /cvs/src/libexec/spamd/sync.c,v retrieving revision 1.12 diff -u -p -r1.12 sync.c --- sync.c 20 Oct 2016 21:09:46 - 1.12 +++ sync.c 25 Feb

Re: How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-27 Thread Denis Fondras
> Thanks. I see the concept when you are in a LAN. But with a WAN, I can't see > how you can accomplish this. For example: ip public source address is 1.1.1.1, > destination public ip address is 2.2.2.2 and attacker ip public address is > 3.3.3.3. To establish communications between these three

Re: isakmpd set up

2017-01-02 Thread Denis Fondras
> ike from egress to 192.102.11/24 peer 192.102.11.1 srcid kwaccessability.ca > dstid thinkage.ca tag ipsec-kwa > ike from 192.168.254/24 to 192.102.11/24 peer 192.102.11.1 srcid > kwaccessability.ca dstid thinkage.ca tag ipsec-kwa > Have you tried to replace 192.102.11/24 with 192.102.11.0/24

BGPd / Update Large-Communities Attribute number

2016-10-27 Thread Denis Fondras
Hello, Here is a patch to update the large communities attribute value. IANA has changed it from 30 to 32. (https://mailarchive.ietf.org/arch/msg/idr/nKnJVQfsJyAKu6k7ppaFh1GX5ig) Denis Index: rde.h === RCS file:

openbsd/socppc

2016-09-01 Thread Denis Fondras
Hello, socppc is mentionned in 60.html but I can't find a build of it. Denis

ifconfig(8) display aliases by default

2016-08-15 Thread Denis Fondras
Hello, Is there any reason why ifconfig(8) do not display IPv4 aliases by default ? If there isn't, I can send a patch to make it the default behaviour. Denis

Re: [OT] Cloud storage accessible via sftp or rsync/ssh?

2016-07-21 Thread Denis Fondras
Hi John, > Can anybody recommend a good cloud storage provider that has access via sftp > or rsync tunneled through ssh? Everything I have found seems targeted at > Windows, Linux, phones etc. with no platform-agnostic interface. > French hoster Online.net has a new storage service called C14.

Re: Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

2016-05-07 Thread Denis Fondras
> I'd like to acquire confident working knowledge in OpenBSD. If no > such manuals exist, then I'm wondering how did you or other expert > users learn how to use and administrate the system, what the best > programming practices are, etc. and have confidence that what they're > doing is what they

Re: [patch] bgpctl more info in terse format

2016-05-06 Thread Denis Fondras
On Mon, Apr 18, 2016 at 08:09:50PM +0200, Claudio Jeker wrote: > The idea of terse is that you don't need to parse. So in a way I agree > with the diff. What I don't like is the inclusion of the number of > prefixes. That count requires a roundtrip to the RDE to find and sometimes > this takes a

Re: [patch] bgpctl more info in terse format

2016-04-19 Thread Denis Fondras
On Mon, Apr 18, 2016 at 08:09:50PM +0200, Claudio Jeker wrote: > The idea of terse is that you don't need to parse. So in a way I agree > with the diff. What I don't like is the inclusion of the number of > prefixes. That count requires a roundtrip to the RDE to find and sometimes > this takes a

Re: [patch] bgpctl more info in terse format

2016-04-18 Thread Denis Fondras
> If you do that, then you can also just parse the output of "bgpctl show > sum", no? > Of course but I would have to parse day/hour/minute/second. It is simpler if bgpd can give me the value straight. Denis

[patch] bgpctl more info in terse format

2016-04-17 Thread Denis Fondras
Hello, When monitoring my bgpd, I need to check the session duration and the number of prefixes. Here is a patch that add these informations to "bgpctl show sum terse" Before : # bgpctl show sum terse 10.20.30.254 65003 Established After : # bgpctl show sum terse 10.20.30.254 65003 Established

Re: Ipsec from OpeBSD to StrongSwan/Linux

2016-03-29 Thread Denis Fondras
> --- > r...@openbsd.test.local:~ # route -n show -encap > route: botched keyword: -encap > usage: route [-dnqtv] [-T tableid] command [[modifiers] args] > commands: add, change, delete, exec, flush, get, monitor, show >

Re: Ipsec from OpeBSD to StrongSwan/Linux

2016-03-29 Thread Denis Fondras
Hi, > Am I doing something wrong? Or is there any thing I missed? > Any help would be really appreciated. > Are the packets reaching the Linux box ? Can you see them pass through enc0 ? What does "route -n show -encap" show ?

Re: openbgpd puts wrong nexthop in FIB

2016-01-21 Thread Denis Fondras
> network inet connected is broken in 5.6, 5.8 and -current. > Restarting bgpd is required when making interface changes. > Thank you very much Tony.

openbgpd puts wrong nexthop in FIB

2016-01-20 Thread Denis Fondras
Hello, I'm using -current as a BGP router and "sometimes" it won't put the right nexthop in FIB. The only thing I played with is the interface that support IP 185.1.2.12 (ifconfig up/down/delete ip /add ip). Anybody can reproduce ? # bgpctl sh rib 185.22.131.1 flags: * = Valid, > = Selected,

How to disable hwfeatures CSUM_TCPv4 on em(4) ?

2016-01-10 Thread Denis Fondras
Hi, Can anyone tell me how to disable CSUM_TCPv4 on em(4) please ? Thank you in advance, Denis

Re: sVLAN and IPv6 duplicates

2016-01-09 Thread Denis Fondras
Hi, > I tried to duplicate the configuration on a machine with rl(4) interface and I > cannot reproduce... em(4) issue perhaps ? > When I untag the switch port, I can add the interface and IPv6 address. Re-tagging the port and everything is fine after that.

sVLAN and IPv6 duplicates

2016-01-08 Thread Denis Fondras
Hello, I am using svlan(4) and when I add a new svlan(4) interface after the system has booted I always get a duplicated IPv6 and the new interface is not usable. If I add a /etc/hostname.svlan file and I reboot, everything is fine. Any idea why ? Thanks, Denis Example (after boot) : # ifconfig

Re: sVLAN and IPv6 duplicates

2016-01-08 Thread Denis Fondras
I tried to duplicate the configuration on a machine with rl(4) interface and I cannot reproduce... em(4) issue perhaps ? On Fri, Jan 08, 2016 at 07:08:26PM +0100, Denis Fondras wrote: > Hello, > > I am using svlan(4) and when I add a new svlan(4) interface after the system > ha

Re: Intel S5000PSL with recent OpenBSD

2016-01-03 Thread Denis Fondras
> Is it possible to disable extra cores in the BIOS ? > There was a thread on tech@ where someone had a boot issue with a Xeon CPU : > http://marc.info/?l=openbsd-tech=145150510526745=2 > Thank you for the thread, I saw it and tried but without luck. Anyway I have resolved the problem. It was

Intel S5000PSL with recent OpenBSD

2016-01-02 Thread Denis Fondras
Hello, I have 2 servers with an Intel S5000PSL motherboard and dual Intel Xeon L5420 CPU. When I boot a "recent" OpenBSD (>4.4) it hangs on "wskbd0 at pckbd0: console keyboard, using wsdisplay1". I tried to disable xhci and acpi without luck. I have the latest BIOS. Anything I could try ? Thank

Re: text-mode gui

2015-12-24 Thread Denis Fondras
> Merry Xmas everyone. I want Santa to take over the project :) > We already get the gifts in may and november ;)

Re: OpenSMTPD/mail stuck in queue with incorrect relay

2015-11-21 Thread Denis Fondras
> How to I tell smtpd to re-route massages currently in the queue to the > smarthost at smtp.pvt.example.com? > I haven't checked lately but it was not possible last time I asked.

Re: Because Theo and various users told them that the projects GnoBSD and Comixwall were worthless and that they weren't contributing to OpenBSD?

2015-10-18 Thread Denis Fondras
> Both, however, ended up shutting down after Theo and various users told them > that their projects were worthless and that they weren't contributing to > OpenBSD. > I guess they didn't strongly believe in their added value if they cancelled the project after someone told them it was not worth.

Bulkget & snmpd

2015-10-07 Thread Denis Fondras
Hello, I'm using snmpd from base on 5.8 and while playing with snmpbulkget (from net-snmp), I noticed a weirdness. * 'snmpbulkget -v2c -c public 10.100.200.19 iso.3.6.1.2.1.1' is ok * 'snmpbulkget -v2c -c public 10.100.200.19 iso.3.6.1.2.1.31.1.1' is ok By "ok", I mean it returns the correct

Re: dig and DNSSEC

2015-09-26 Thread Denis Fondras
> dig and nslookup will remain in base. Go look in our tree at the contortions > required to keep them there, since ISC has created a mess of their own > libraries > and makes the 800 lines of nslookup and 7000 lines of dig use them. Hold your > nose when you look, ok? > As Unbound/nsd are in

Re: Can't ping IPv6

2015-09-16 Thread Denis Fondras
On Wed, Sep 16, 2015 at 07:28:48AM +0200, Remi Locherer wrote: > Strange notation with "-". Never seen such an output from "routei show" or > "netstat -rn" command. > Guess it is a rdns. > You don't have a default route set for IPv6. > I second that :)

Re: IPv6 transport for pflow(4)

2015-09-14 Thread Denis Fondras
Hi, Is anyone working to add sFlow support to PF ? Denis

Re: OpenBGPd and ARIN allocations smaller than /24

2015-09-11 Thread Denis Fondras
On Fri, Sep 11, 2015 at 05:10:42PM +0200, Peter Hessler wrote: > I just committed an example configuration line to the sample OpenBGPd > filter set: > > allow from any inet prefix 23.128.0.0/10 prefixlen 24 - 28 > With OpenBSD5.7 amd64, adding this filter results in : # bgpd -dnv ...

Re: Thinkpad spyware

2015-08-26 Thread Denis Fondras
In light of what Lenovo has been doing to its customers by installing spyware like superfish and now installing crapware using Microsoft's Windows Platform Binary Table at the BIOS level. Do people still plan on purchasing laptops from them going forward. If so whats your reasoning behind

Re: IPv6 source addresse selection

2015-08-21 Thread Denis Fondras
On Thu, Aug 20, 2015 at 08:28:53AM +, Stuart Henderson wrote: You should be able force it to not be used by doing 'inet6 2001:7f8:81::6:983:1 pltime 0' (just applies to automatic selection, you can still set it manually for IXP peerings), but the behaviour you describe doesn't sound quite

IPv6 source addresse selection

2015-08-19 Thread Denis Fondras
Hi, I have an OpenBSD5.7 router with IPv6 enabled. I have multiple IPv6 addresses : - em0 : 2a00:6060::1/64 - em1 : 2001:7f8:81::6:983:1/64 - gif0 : 2001:470:11:c8::2/128 IPv6 access is provided by HurricaneElectric tunnel with BGP. When I try to reach 2001:7a8:b5ad::1, 2001:7f8:81::6:983:1 is

Re: Update to /etc/services

2015-07-27 Thread Denis Fondras
BTW your diff was line-wrapped, and the BFD entries used spaces instead of tabs, so I hand applied it. Thank you. Sorry for the BFD entries, I copied/pasted from the IANA document and missed that. BTW, what is the prefered way to send diff with lines longer than 80 characters ? I use mutt,

Re: elementary opensmtpd setting on rental server

2015-07-23 Thread Denis Fondras
so , accordingly i rewrite /etc/mail/smtpd.conf listen on lo0 listen on em0 port 587 Tell me if I'm wrong but you don't listen on port 25 or 465.

Re: elementary opensmtpd setting on rental server

2015-07-23 Thread Denis Fondras
buti cannot send mails to x...@gmail.com x...@gmx.com . Do you have any error code or message ?

Re: elementary opensmtpd setting on rental server

2015-07-22 Thread Denis Fondras
Please don't. This will allow people from the outside to send mail to other people not on your machine using your server as a relay. This is most certainly not what you want. Use something like You should re-read the manual :) If from is not specified, from local is assumed.

Updating SSH fingerprints for anoncvs.fr.openbsd.org

2015-05-17 Thread Denis Fondras
Hi, Because I had to check them. Index: build/mirrors.dat === RCS file: /cvs/www/build/mirrors.dat,v retrieving revision 1.421 diff -u -p -r1.421 mirrors.dat --- build/mirrors.dat 13 May 2015 03:01:42 - 1.421 +++

Re: OpenBSD 5.7 release -- CD2 issues

2015-05-15 Thread Denis Fondras
This will be shipped out to everyone, and will be inserted into the orders not yet shipped. If shipping to everyone costs money to the project, I don't want to receive mine. I will burn a CD and keep my non-working set :) Denis

Re: davical on openbsd

2015-04-18 Thread Denis Fondras
the UI is a bit dated (but who needs it besides admin?) That's why I use https://github.com/ledeuns/davical-cmdlnut :)

Re: slow to no throughout on ral

2015-03-06 Thread Denis Fondras
On Thu, Mar 05, 2015 at 08:48:49PM +0200, Lars Nooden wrote: Thanks. I'll investigate that route. Would a weak or dying power supply also affect the throughput on the wireless? It is highly plausible. I discovered it the hard way with my PCI ADSL card. The thoughput has been low until

Re: openbsdstore: enable javascript and buy something or gtfo

2014-10-03 Thread Denis Fondras
Here it is for your convenience: If you wish to contact us by phone, please call +44 (0) 115 986 8786, Monday to Friday 10am-2:30pm - Linda Bramley Email: ord...@openbsdstore.com Address: OpenBSD Store Zednax Limited 241 Wellington Road South Stockport SK2 6NG

Re: Adding RPKI/ROA support to OpenBGPd

2014-08-15 Thread Denis Fondras
Hi, Here is the first patch towards adding RPKI/ROA support to OpenBGPd. It aims at renaming variables functions to prepare the ground for bigger changes. Is it OK ? Denis diff -u bgpd.orig/control.c bgpd/control.c --- bgpd.orig/control.c Fri Aug 15 18:21:53 2014 +++ bgpd/control.c Fri

bgpctl manual has duplicate

2014-08-14 Thread Denis Fondras
Hi, I noticed bgpctl manpage has some duplicate information : --- bgpctl.8.orig Thu Aug 14 18:46:21 2014 +++ bgpctl.8Thu Aug 14 18:46:41 2014 @@ -359,12 +359,6 @@ Multiple options can be used at the same time and the .Ar neighbor filter can be combined with other filters. -.It Cm

anoncvs.fr.openbsd.org down ?

2014-08-09 Thread Denis Fondras
Hi all, I can't seem to reach anoncvs.fr.openbsd.org. Any known incident on this server ? Denis

Re: Not able to pass BIOS drive check with OpenBSD drive attached

2014-07-31 Thread Denis Fondras
Hi, My questions to you are: Has anybody ran into similar issues and was able to resolve them? Do you think this is a OpenBSD related issue and actually solveable (in a reasonable amount of time)? I had the same issue with an Intel NUC D54250WYK. After installing OpenBSD5.5, no way to

Re: CARP cluster: howto keep pf.conf in sync?

2014-07-28 Thread Denis Fondras
Hi, here is my script to sync via rsync. Couldn't rdist(1) help ? Denis

calloc and set var to NULL

2014-07-06 Thread Denis Fondras
Hello all, If I understand correctly calloc(), allocated space is already initialized to zero. So setting var to NULL is not needed. Is it alright or should it be kept just in case ? Regards, Denis --- parse.y.origSun Jul 6 17:51:59 2014 +++ parse.y Sun Jul 6 17:52:15 2014 @@

Re: calloc and set var to NULL

2014-07-06 Thread Denis Fondras
Le 06/07/2014 18:50, Otto Moerbeek a écrit : Please use cvs diff, whcih includes more context. Now we have no idea which parse.y you are patching. Sorry for this oversight and thank you for the mention of cvs diff. Index: parse.y

Re: calloc and set var to NULL

2014-07-06 Thread Denis Fondras
Le 06/07/2014 18:56, Chris Cappuccio a écrit : This is technically correct. So are you, but only because NULL and zero happen to be the same value. They don't necessarily have to be, it is implementation-defined. (Of course there would be fireworks everywhere if they weren't, since lots of

Adding RPKI/ROA support to OpenBGPd

2014-06-08 Thread Denis Fondras
Hello all, I am in the process of adding RPKI/ROA (RFC 6810/RFC 6811) support to OpenBGPd. I have an almost working PoC but I'd like to hear your opinion and discuss implementation details with misc@ before going further. First of all, here is what RPKI-enabled bgpd.conf looks like :

  1   2   >