Re: performace impact of excessive use of the "quick" keyword in pf.conf?

2016-07-20 Thread Henning Brauer
he cases pf is so efficient that it doesn't matter anyway, and the ruleset optimizer, skip steps et al do their job so that you can concentrate on a ruleset optimized for the human dealing with it, not the machine. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http:/

Re: OpenBGPD 5.4 - No route received when neighbor from a AS is down

2015-05-10 Thread Henning Brauer
considered valid, could be due to the nexthop. bgpctl show rib show nexthops should give clues. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer

Re: help with bgpd error messages

2015-05-06 Thread Henning Brauer
shutdown itself no matter what payload it gets? the later shutdown indeed shouldn't happen. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer

Re: How pf chooses nics on bridges?

2015-04-29 Thread Henning Brauer
are the same physical nic? it logs whatever teh receiving interface is, as set by the lower layers of the stack. why that is sometimes vether and sometimes the underlaying if I can't tell w/o code digging. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full

Re: help with bgp error messages

2015-04-28 Thread Henning Brauer
is severely broken. By definition, the first 16 bytes of a bgp packet have all bits set. this is not the case here. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully

Re: How pf chooses nics on bridges?

2015-04-28 Thread Henning Brauer
packets appear sometimes on fxp0 and sometimes on vether0? it's simply the interface the packet came in on. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed

Re: OpenBGPd Route Server

2015-04-25 Thread Henning Brauer
* Stuart Henderson s...@spacehopper.org [2015-04-16 22:41]: (filtering is just slow rather than buggy afaik; but then AIUI this wasn't supposed to be the final implementation of filters ;) amazing how long temporary solutions can last... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS

RIP Paul Schenkeveld

2015-03-30 Thread Henning Brauer
It is very sad to have to communicate that our friend, Paul Schenkeveld, has passed away. Just recently Paul held a tutorial at AsiaBSDcon 2015; as we know he enjoyed - or rather lived for - BSD conferences. He was particularily proud of the 2011 EuroBSDcon in Maarssen, for which he was the prime

Re: pflog0 showing traffic for rule with no logging requested

2015-03-18 Thread Henning Brauer
if defrag is turned off (on by default) and there is no rule specifically matching fragments. since these have no rule to refer to, they refer to the default rule, which happens to be a pass one. and that pass is shown. can admittedly be misleading. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org

Re: CPU criteria for OpenBSD firewall

2015-03-11 Thread Henning Brauer
to quite a lot of shared data structures (think routing table, pf state table, ...). For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: the latter. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full

Re: CPU criteria for OpenBSD firewall

2015-03-11 Thread Henning Brauer
* ML mail mlnos...@yahoo.com [2015-02-19 09:07]: I might also experiment if I should use bsd.mp or the standard non SMP bsd. you'll want amd64, not i386. MP vs SP should make little difference, I use the MP kernels these days. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web

Re: pf on 5.6: rule counter with proto esp not working

2015-03-10 Thread Henning Brauer
[ Evaluations: 47477 Packets: 2949816 Bytes: 1681517248 States: 1 ] [ Inserted: uid 0 pid 11764 State Creations: 12] -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers

Re: How to optimize PF queues handling?

2015-03-09 Thread Henning Brauer
assume ALTQ and thus the problem being gone :) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: How to optimize PF queues handling?

2015-03-09 Thread Henning Brauer
* Federico Giannici giann...@neomedia.it [2015-03-09 16:51]: On 03/09/15 15:24, Henning Brauer wrote: * Federico Giannici giann...@neomedia.it [2015-02-04 01:11]: I have done an experiment: I replaced in every rule the set queue XXX with tag XXX (XXX is always different so the PF optimizer

Re: pf queuing and dropped packets

2015-03-09 Thread Henning Brauer
% unrelated. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Mapping pf syslog rule numbers to lines in pf.conf

2015-03-09 Thread Henning Brauer
rulenum pfctl -vvsr is the usual way, shows all rules prefixed w/ the rule #, as well as some per-rule counters. Further details can be found in the man page. indeed :) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting

Re: [Tor-BSD] Recognizing Randomness Exhaustion

2015-03-04 Thread Henning Brauer
by the operator of IPredator, the highest-bandwidth Tor relay: https://ipredator.se/guide/torserver#performance My 800 KB/s exit node had up to 7,000 gettimeofday() calls a second, along with hundreds of clock_gettime() calls. those aren't all that cheap... -- Henning Brauer, h...@bsws.de, henn

Re: Shadow TCP stacks

2014-10-20 Thread Henning Brauer
, because OpenBSD is open source, or haven't you heard? OpenBSD being open source does not imply that you decide what we ship... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root

Re: NetMap in OpenBSD

2014-10-14 Thread Henning Brauer
between 0 and zero. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: NetMap in OpenBSD

2014-10-14 Thread Henning Brauer
* Mikael mikael.tr...@gmail.com [2014-10-14 14:57]: 2014-10-14 11:02 GMT+02:00 Henning Brauer hb-open...@ml.bsws.de: * Mikael mikael.tr...@gmail.com [2014-10-14 10:24]: NetMap (http://info.iet.unipi.it/~luigi/netmap/) in OpenBSD would be a great idea. We kinda like our stack

Re: NetMap in OpenBSD

2014-10-14 Thread Henning Brauer
* Mikael mikael.tr...@gmail.com [2014-10-14 16:35]: 2014-10-14 16:15 GMT+02:00 Henning Brauer hb-open...@ml.bsws.de: i.e. there's no way for a userland application to do high speed packet-level IO. there are plenty of methods actually. Like what? bpf, for example. but since you still

Re: NetMap in OpenBSD

2014-10-14 Thread Henning Brauer
* Henning Brauer hb-open...@ml.bsws.de [2014-10-14 20:52]: netmap is luigi's research framework, and he used it for some cool research an sure will do so more in the future. no more, no less. I should clarify: I am aware of a few use cases that profit enormously from netmap. Let's look at what

Re: NAT logging and limits using pf

2014-10-08 Thread Henning Brauer
separate log entries. nope, pflog has both the original and the rewritten address(es). -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting

Re: packet filter: question about parentheses around self

2014-10-08 Thread Henning Brauer
interfaces are actually changed? the latter, they are tables internally that get updated on changes. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer

Re: How does pkg_add know I'm tracking -stable?

2014-09-23 Thread Henning Brauer
for your packages, that's it. It looks like pkg_add references and uses the ports directory nope -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer

Re: Queueing examples on pf.conf man page

2014-09-22 Thread Henning Brauer
the man page be fixed for consistency? I honestly don't see the point. Commas are optional in most places and neither form (with/without) is preferred in any way. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail

Re: pf queue max bug

2014-09-16 Thread Henning Brauer
or min/target exceed max, all bets are off. fix your queue defs. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http

Re: Pointers/reference

2014-09-16 Thread Henning Brauer
to the Generalized Packet System. I would like to make this with OpenBSD, and I would like some pointers on where to look about the implementation to identify the model used. pf.conf(5) sys/net/hfsc.* sys/net/if.* sys/net/pf.c pf_ioctl.c sbin/pfctl/* -- Henning Brauer, h...@bsws.de, henn

Re: OpenBGPD not installing routes that happen to originate from the same ASN in another location into the RIB

2014-09-13 Thread Henning Brauer
* Gregory Edigarov ediga...@qarea.com [2014-09-12 20:28]: On 09/12/14 19:07, Henning Brauer wrote: * Paul S. cont...@winterei.se [2014-08-28 11:19]: Earlier today, however, I discovered that routes that I'm announcing under the same ASN (in another location) are being received and put

Re: pfsync and trunk

2014-09-13 Thread Henning Brauer
finishes. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: PF Tagging

2014-09-13 Thread Henning Brauer
to do at all... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: TCP checksum problems with NAT (maybe vlans/tun)

2014-09-13 Thread Henning Brauer
the tun interface to calculate the checksums the way to go? seems like you manage to hit a case where the %*#^(*@!^(_! bridge confuzzles interfaces. AGAIN. did I mention the bridge has to die? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full

Re: pf: reassemble tcp

2014-09-13 Thread Henning Brauer
* Sonic sonicsm...@gmail.com [2014-09-05 17:12]: On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: yeah, don't use reassemble tcp. it's not perfect. Isn't that default behavior? hell, no. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web

Re: pf: reassemble tcp

2014-09-13 Thread Henning Brauer
* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2014-09-06 00:50]: I'm asking about reassemble tcp. According to some 2010's threads in misc@ it used to cause problems to some users. I'm wondering what's the status now. unchanged. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS

Re: OpenBGPD not installing routes that happen to originate from the same ASN in another location into the RIB

2014-09-12 Thread Henning Brauer
supposed to be distributed via BGP but your IGP. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: pf block return sends rst through wrong interface

2014-09-12 Thread Henning Brauer
in this case)? pf-generated packets like these RSTs bypass the ruleset, thus never hit your reply-to. I'm not aware of a solution. (route-to and reply-to are stupid to begin with. Avoid at all cost.) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full

Re: Help, please, understanding AHCI error on amd64

2014-08-27 Thread Henning Brauer
of both, I don't really see a difference in reliability, but these numbers are too small for proper statistics and I haven't done any scientific examination, rather looking over our HDD tracking out of curiosity. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de

Re: etc56.tgz missing in SHA256[.sig]

2014-08-27 Thread Henning Brauer
. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: New queueing system and HZ value limits

2014-08-22 Thread Henning Brauer
on the same link will not. Yes/no? pretty much. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: named does not start?

2014-08-22 Thread Henning Brauer
* Christer Solskogen christer.solsko...@gmail.com [2014-08-22 08:20]: On Thu, Aug 21, 2014 at 7:41 PM, Henning Brauer hb-open...@ml.bsws.de wrote: named is even still in base in -current (atm at least), let alone 5.5. Okay? Are you sure about current? kidding? I've just upgraded the day

Re: New queueing system and HZ value limits

2014-08-22 Thread Henning Brauer
* Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces

Re: New queueing system and HZ value limits

2014-08-22 Thread Henning Brauer
* Stuart Henderson s...@spacehopper.org [2014-08-22 13:51]: On 2014-08-22, Henning Brauer hb-open...@ml.bsws.de wrote: * Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless

Re: named does not start?

2014-08-21 Thread Henning Brauer
is not in base anymore (I figured that out now) named is even still in base in -current (atm at least), let alone 5.5. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root

Re: openbgpd ipv6 nexthop

2014-08-20 Thread Henning Brauer
that. trying to do the same for IPv6, the set nexthop statement in the bgpd.conf has no effect. The cisco receives the prefixes with the non-carp IP of each firewall as nexthop. that smells like a bug. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full

Re: rc.local mystery executables

2014-08-19 Thread Henning Brauer
* Scott Bonds sc...@ggr.com [2014-08-19 02:28]: The funny thing is that I have a book on Snort on my reading list. Time to read it. or you use the time for something useful instead. did I say snake oil? ewps. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http

Re: Adding RPKI/ROA support to OpenBGPd

2014-08-15 Thread Henning Brauer
they are complete noops, no effect whatsoever), seem arbitary and break style by resulting in too long lines. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer

Re: Good thing

2014-08-11 Thread Henning Brauer
* Gustav Fransson Nyvell gus...@nyvell.se [2014-08-11 09:04]: Good thing OpenBSD didn't go down the multiple versions path. Good thing OpenBSD doesn't attract more idiots like you. Go away. Everybody else: don't feed the troll. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web

Re: hp proliant dl 320e gen 8 for openbsd 5.5 64 bit ?

2014-08-07 Thread Henning Brauer
with Software RAID? there is no hardware raid in your server, it is fake. the bios etc know the bare minimum to boot from it, the actual raid functionality is in the driver. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail

Re: Relationship Between VLANs and Physical Interfaces in PF

2014-08-06 Thread Henning Brauer
to apply queues to the VLAN interfaces at all? I can't see any. There's always an interface (or a stack of interfaces even) with a queue underneath, so THAT is the point to do the queueing. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP

Re: Relationship Between VLANs and Physical Interfaces in PF

2014-08-06 Thread Henning Brauer
* Giancarlo Razzolini grazzol...@gmail.com [2014-08-05 18:36]: On 05-08-2014 03:36, Henning Brauer wrote: the 90s are over. Yep, I know Henning. Vlan's are pretty secure. But they add complexity and if you use physical separation you can mitigate problems caused by misconfiguration. Either

Re: Relationship Between VLANs and Physical Interfaces in PF

2014-08-05 Thread Henning Brauer
it. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Relationship Between VLANs and Physical Interfaces in PF

2014-08-05 Thread Henning Brauer
* David Dahlberg david.dahlb...@fkie.fraunhofer.de [2014-08-05 10:17]: Am Dienstag, den 05.08.2014, 08:36 +0200 schrieb Henning Brauer: queueing on vlan is pretty meaningless. however, classification can happen anywhere, so assign queues on your vlan interface and create them

Re: pfctl: DIOCADDQUEUE: No such process

2014-08-02 Thread Henning Brauer
* Loïc Blot loic.b...@unix-experience.fr [2014-07-23 17:12]: pfctl: DIOCADDQUEUE: No such process that most likely means you're trying to create a queue on a nonexistant inmterface. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP

Re: carp setup firewall

2014-08-02 Thread Henning Brauer
. But we do not use bi-nat for our DMZ Servers. there really is nothing wrong with aliases on carp interfaces. you ahve to keep them in sync of course. just like the vhid and the passphrase... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP

Re: PF queuing max bandwidth

2014-07-16 Thread Henning Brauer
rather small bandwidth on - assumption here - rather high bandwidth interfaces. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-08 Thread Henning Brauer
* Franco Fichtner slash...@gmail.com [2014-07-08 10:48]: On 08 Jul 2014, at 04:55, Henning Brauer hb-open...@ml.bsws.de wrote: And the possible pf MP gains are drasticly overrated anyway. I'm not sure. Maybe that's a stance that fits OpenBSD well, but in networking as a whole that's

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-08 Thread Henning Brauer
todays (but hey, you can throw cores at it, make intel the power companies even richer, increase pollution, and whatnot), and making sure we can never take these changes back even if we wanted to. how bright! -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de

Re: libmessage (New crazy sh*t)

2014-07-08 Thread Henning Brauer
, some basic message passing, across the OS. It's implemented using sqlite3 which in my case is not good, ok, I stop reading here. Using a fickle rocket launcher to light a candle. That might be the main reason why software today is so miserable. -- Henning Brauer, h...@bsws.de, henn

Re: libmessage (New crazy sh*t)

2014-07-08 Thread Henning Brauer
area is a collection of poo. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-08 Thread Henning Brauer
* Franco Fichtner slash...@gmail.com [2014-07-08 11:20]: On 08 Jul 2014, at 09:58, Henning Brauer hb-open...@ml.bsws.de wrote: this has NOTHING to do with the problem or the question at hand. So then what has it to do with? You tell me I missed the obvious but don't provide your arguments

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-08 Thread Henning Brauer
* sven falempin sven.falem...@gmail.com [2014-07-08 14:16]: On Mon, Jul 7, 2014 at 11:55 PM, Henning Brauer hb-open...@ml.bsws.de wrote: * Franco Fichtner slash...@gmail.com [2014-07-06 00:29]: Missing SMP support is the fork in the road. The window of opportunity seems to be closing

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-08 Thread Henning Brauer
ever seen. wether it is the smartest i'm not certain. not judging here. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-07 Thread Henning Brauer
anyway. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Dragonflybsd's pf concurrent instead of single-threaded

2014-07-07 Thread Henning Brauer
+++-- sys/net/pf/pf_norm.c | 118 -- sys/net/pf/pfvar.h | 17 +- 7 files changed, 588 insertions(+), 323 deletions(-) http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3a0038bfb239dd522057809c52d7d23dd2134c38 -- Henning Brauer

Re: openssh

2014-07-03 Thread Henning Brauer
* Mihai Popescu mih...@gmail.com [2014-07-02 17:05]: Better buy a hardisk, copy your data and mail it abroad. Seriously. A truck full of harddisks is a transport link with fantastic bandwidth. Latency kinda sucks, tho. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH

Re: CARP without IP on the physical interfaces of carp group?

2014-06-30 Thread Henning Brauer
could this mode of operation have compared to the classic mode with IPs assigned? the backup node might not be able to reach the network on the carp if -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual

Re: CARP without IP on the physical interfaces of carp group?

2014-06-30 Thread Henning Brauer
, but is perfectly fine in many cases. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: CARP without IP on the physical interfaces of carp group?

2014-06-30 Thread Henning Brauer
wouldn't be surprised if the !carpdev case bites the bullet at some point, should we change/redesign basics. There's nothing up in that direction tho, call it a vague feeling. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting

Re: crowding out bsd using systemd?

2014-06-28 Thread Henning Brauer
* ian kremlin i...@kremlin.cc [2014-06-29 01:05]: due to its unportability (as it's written in pure C) that doesn't make the slightest sense. pure C can be and often is perfectly portable. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service

Re: LAN vs VLAN interface performance

2014-06-23 Thread Henning Brauer
with that kind of gear, but even those should get that right these days. The VLAN hopping bugs really were from the early days when vendors tried to quickly bolt-on vlan support after the fact, some screwed that up royally. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http

Re: LAN vs VLAN interface performance

2014-06-23 Thread Henning Brauer
for the kernel side, i. e. a pure packet forwarding firewall (no proxies) or a static-routing router won't really benefit. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully

Re: LAN vs VLAN interface performance

2014-06-23 Thread Henning Brauer
* Chris Cappuccio ch...@nmedia.net [2014-06-23 20:24]: Henning Brauer [lists-open...@bsws.de] wrote: * Chris Cappuccio ch...@nmedia.net [2014-06-21 20:05]: Right now all routers and firewalls should be on SP kernels or you will actually have worse performance. This is not true any

Re: LAN vs VLAN interface performance

2014-06-20 Thread Henning Brauer
* Boris Goldberg bo...@twopoint.com [2014-06-20 15:51]: There is no real security separation between vlans. sigh. stop spreading myths from the last century. Also OT - is OBSD handling 10 gigabit interfaces at full capacity already? yes -- Henning Brauer, h...@bsws.de, henn...@openbsd.org

Re: LAN vs VLAN interface performance

2014-06-19 Thread Henning Brauer
vlan_start/vlan_input. Should not make much of a difference in practice. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http

Re: libssl 25?

2014-06-19 Thread Henning Brauer
, then. brahe@quigon $ cat /usr/src/lib/libssl/ssl/shlib_version major=25 minor=0 This e-mail is confidential oh damn, I retract my answer then -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual

Re: 5.5 pf priority

2014-06-02 Thread Henning Brauer
, but OpenBSD has a lot more uses than just that - compromise) you have zero control over what gets dropped since the NIC does it already. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root

Re: 5.5 pf priority

2014-06-02 Thread Henning Brauer
with udp or non TCP data, i wonder why this Source quench is so poor and abandoned. I don't know what to say about this really... but I feel I have to, since others might think it made sense in any way. The only advice I can really give here: get a book on tcp/ip basics. -- Henning Brauer, h

Re: 5.5 pf priority

2014-05-30 Thread Henning Brauer
* Paco Esteban p...@onna.be [2014-05-29 12:11]: On Thu, 29 May 2014, Marko Cupać wrote: On Wed, 28 May 2014 21:40:58 +0200 Henning Brauer lists-open...@bsws.de wrote: I'm pretty damn sure I added reset prio if queueing is on thing. yes, in IF_ENQUEUE - hfsc_enqueue m

Re: 5.5 pf priority

2014-05-28 Thread Henning Brauer
in ALTQ-HFSC was an illusion really. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: 5.5 pf priority

2014-05-28 Thread Henning Brauer
* Marko Cupać marko.cu...@mimar.rs [2014-05-28 18:12]: On Wed, 28 May 2014 14:12:42 +0200 Henning Brauer lists-open...@bsws.de wrote: prio is ignored when bandwidth shaping is on. priority in ALTQ-HFSC was an illusion really. Hi Henning, knowing your role in pf development, I take

Re: bgpd/session.c+rde.c code explanation

2014-05-06 Thread Henning Brauer
be close()'d from main() in bgpd.c. well, rde_main and session_main fork()... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http

Re: bgpd/session.c+rde.c code explanation

2014-05-06 Thread Henning Brauer
are). With a report like that I had to go through large parts of code to ecventually maybe spot what you are referring to. That doesn't help, that just costs time. I appreciate the effort, but please make it easier to consume for us :) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services

Re: bgpd/session.c+rde.c code explanation

2014-05-06 Thread Henning Brauer
); ... at the end of session_main() in session.c. we tend to have explicit free()s in bgpd since that allows us to find memory leaks easier using instrumented alloc/free routines. so not freeing conf isn't a bug, but makes the leak finding harder. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web

Re: bgpd/session.c+rde.c code explanation

2014-05-06 Thread Henning Brauer
, requires a bit of work since a few free()s are missing for that to give real results, but shouldn't be much. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed

Re: pf multiple match rules

2014-05-06 Thread Henning Brauer
Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: pftop and systat with new queueing

2014-05-06 Thread Henning Brauer
* Marko Cupać marko.cu...@mimar.rs [2014-05-06 17:55]: Was nice to see those values in real time. Are they gone for good, or developers need some time to adjust them for new queueing mechanism? that's what it comes down to. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services

Re: event handling in OpenBGPd

2014-05-05 Thread Henning Brauer
imho unless we're potentially dealing with a very large number of sockets, in which case kqueue has advantages over poll. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root

Re: After the upgrade with the last snapshot all traffic flow only on default queue

2014-04-24 Thread Henning Brauer
* Atanas Vladimirov vl...@bsdbg.net [2014-04-23 21:30]: `pfctl -vvs queue` shows that traffic flow only on default queue. ewps... I feel stupid. repaired. sorry. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail

Re: pf/pfstat New Queue Reporting

2014-04-23 Thread Henning Brauer
* Daniel Melameth dan...@melameth.com [2014-04-23 17:56]: Anyone else seeing this? I also noticed pps and bps were missing from systat queues, but I assume this is expected hmm, no, that worked for me. did I forget to commit sth? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web

Re: systat queues pps and bps (was pf/pfstat New Queue Reporting)

2014-04-23 Thread Henning Brauer
* Daniel Melameth dan...@melameth.com [2014-04-23 18:27]: On Wed, Apr 23, 2014 at 9:58 AM, Henning Brauer lists-open...@bsws.de wrote: * Daniel Melameth dan...@melameth.com [2014-04-23 17:56]: Anyone else seeing this? I also noticed pps and bps were missing from systat queues, but I assume

Re: Question on queues

2014-04-22 Thread Henning Brauer
? yes. as in, it works but probably has no effect since shit is buffered after again. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer

Re: OpenBSD - Linux compatibility

2014-04-22 Thread Henning Brauer
then. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Virtual firewalls with OpenBSD and PF

2014-04-20 Thread Henning Brauer
from my iPhone fiddling with the pf rules on that PoS too? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: feature patch - replace /etc/crontab by /etc/cron.d/

2014-04-20 Thread Henning Brauer
/$hostname/etc/cron.d/modern/* easier. and now? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: NTP timeout question

2014-04-17 Thread Henning Brauer
reports: reply from 192.168.1.102: not synced (alarm), next query 3156s Is there a way to make ntpd ignore these alarms, or perhaps set them to a time less than fifty minutes (average)? not without changing code. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH

Re: pf and nat

2014-04-17 Thread Henning Brauer
, is using match rules, not pass. sez who? nat-to on pass rules is perfectly fine. using a match rule is just more practical in most scenarios. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated

Re: OPENBSD FUNDING SOLUTION -- COME AND PARTICIPATE

2014-04-09 Thread Henning Brauer
* Chris Cappuccio ch...@nmedia.net [2014-01-18 21:25]: Mike, [...], You were henning's roommate err, no. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed

Re: unreliable connections

2014-04-01 Thread Henning Brauer
step. found by, prodding ok naddy And if so was the next step taken and is this miscounting bug fixed? No this is just counting for statistics. and the next step has been taken right after. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org

Re: unreliable connections

2014-04-01 Thread Henning Brauer
resolution. I've seen that before, it was very obvious some L2 gear was to blame, but details escaped me by now. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed

Re: When are default 'set prio' priorities set?

2014-03-27 Thread Henning Brauer
by default. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

  1   2   3   4   5   6   7   8   9   10   >