2010/10/15, Henning Brauer lists-open...@bsws.de:
this way queue foo will exist on all interfaces. the assignment can be
done inbound if the packet is forwarded and doesn't go through a
userland proxy.
A little bit off-topic question: Would it be too stupid to extend
divert_output() with a way
2010/10/12, Xavier Beaudouin k...@oav.net:
Our idea is to have all our system to be IPv6 only native and when an IPv4
wants to access to an IPv6 service, IVI can do the translation (this is not
magic, but the idea is to provide specific IPv6 hosts to be visible
Does OpenBSD has somewhat
2010/10/11, Claudio Jeker cje...@diehard.n-r-g.com:
CPU consumed by the kernel is not accounted by the scheduler. All the
work done by urandom is system time.
And for the curious people who can't see the obvious: why is that?
--
Martin Pelikan
Giving up, my old curses code is too gross... better sent it to /dev/null.
The only usable thing would be this piece, wrappers for
adding/deleting ipv4/6 addresses. Might be useful even for python
people, if they change err() for something they'd like.
2010/10/7, Jona Joachim j...@hcl-club.lu:
On 2010-10-07, Christiano F. Haesbaert haesba...@haesbaert.org wrote:
Why not make a curses GUI ? I find it much more useful than gtk/qt (IMHO).
What would be really nice IMHO is to expose an API that gives access to
ifconfig functionality so
2010/10/6, Fabio Almeida mente...@gmail.com:
Is there a chance this messy setup can work?
Has anyone configured some setup like that in Bridge mode (not ECMP)?
I don't have access to any of the UBNT's we use right now, but any
mode except WDS seems not to be fully L2 transparent, hence it might
2010/10/3, Daniel Browning-Weber weber...@gmail.com:
Okay, and the divert (4) man page says that outbound packets,
after being reinjected, are processed directly by the relevant
IP/IPv6 output function, so I probably can't get pf to take
another look at them so that route-to will apply.
If I
2010/9/22, Beavis pfu...@gmail.com:
I would like to ask if someone has done routing via pf(4) (non-NAT
rules). My idea is to be able to route packets from one interface to
the other. say from tun0 to rl0. I've been googling a lot and most of
the rules im seeing have something to do with NAT
2010/9/10, Stuart Henderson s...@spacehopper.org:
these affect traffic sourced from the box itself, *not* routed through it.
We had to do quite extensive link testing because of strange packet
loss on the SDH circuit. The buffer sizes really mattered :-) But
thanks to the information as the link
2010/9/10, Andy Bradford
amb-sendok-1286721307.iadidoklmfcciicnc...@bradfords.org:
Why would you need 65k UDP for DNS? Almost all UDP based DNS responses
are under 512 bytes, those that are larger are required to set the
truncated bit and the client restart the query using TCP.
We have
2010/9/9, Claudio Jeker cje...@diehard.n-r-g.com:
And a new flag to struct in6_ifextra?
Nope, it will be part of ifnet-if_xflags.
Actually, it's already in in6_ifextra-nd_ifinfo-flags, named
ND6_IFF_ACCEPT_RTADV and controlled by the ndp -i command. However,
ifconfig autoconfprivacy uses
2010/9/10, Chris Cappuccio ch...@nmedia.net:
Stop using ALTQ on your DNS server, perhaps? That may be what is causing
the back-pressure that you're seeing.
Why do you think it would help? Those lots of packets would arrive
anyway, only the decent user will wait longer for his website to load.
2010/9/8, Joe Warren-Meeks joe.warren.me...@gmail.com:
I've had a weird problem happen twice now. It seems after about 4 - 6
weeks of running very happily, both servers lock up completely at the
same time. Both consoles show no error messages, but the cursor is
blinking away happily. Neither
2010/9/9, Joe Warren-Meeks joe.warren.me...@gmail.com:
Well, the machine has 6Gb of RAM and is only pushing 10Mbit/s of
traffic at peak. It does need to maintain a largeish state table, as
it is predominatly web traffic, but I've run much much larger and
busier sites behind much smaller
2010/9/7, Claudio Jeker cje...@diehard.n-r-g.com:
As soon as you spilt a /64 into something smaler you left IPv6 land end
entered something that looks like IPv6 but isn't. Sure it is possible but
by doing it you make every IPv6 disciple scream in agony (which is
probably a good thing anyway).
2010/9/6, Claudio Jeker cje...@diehard.n-r-g.com:
Only if you plan to use NAT in the near future. /64 is like a /32 in IP.
Not enough in most cases.
Why? You can always use DHCPv6 and split the rank further... I haven't
much studied the protocol itself, but in practice the only system that
has
2010/9/5, Simon Comeau Martel si...@comeau.info:
I am trying to figure out why OpenBSD won't let me activate
net.inet6.ip6.accept_rtadv and net.inet6.ip6.forwarding at the same
time.
/usr/src/sys/netinet6/in6_proto.c:int ip6_accept_rtadv = 0; /*
enabling forwarding and rtadv concurrently
2010/8/29, Denis Fondras open...@ledeuns.net:
I have a problem with uplcom(4). Whenever I connect to a remote terminal
with cu -l /dev/ttyU0, it hangs after a few seconds (usually under 2
minutes).
I've seen way too many faulty/misbehaving uplcom's. Have you tried
different piece of hardware?
2010/8/27, Henning Brauer lists-open...@bsws.de:
find that #define (I forgot its name and location), increase,
recompile.
We use such setup with HFSC limit raised up from 64 ten times, so far
without any problems (core i3, 2G RAM, em(4) gigabit desktop nics,
12-15k pps on average).
Is there a
Hello list,
I just updated my IPv6 address calculator and thought it might find
its use in OpenBSD. It shouldn't contain any security risk, is small
enough not to bloat the tree and handy enough to help admins visualize
and plan their network's addressing or set those crazy PTRs properly.
As
2010/8/20, Daniel Ouellet dan...@presscom.net:
I don't really know
much about how the smart drive suppose to be any good monitoring works
to alerts of up coming hard drive failures.
Neither do I, but I've noticed that the measurement units across
different HD vendors (I've only worked with
2010/8/17, Jiri B. ji...@live.com:
what's up with vpn and samba?
who goes around, comes around...
--
Martin Pelik an
2010/7/29, Chris Cappuccio ch...@nmedia.net:
I bet the IBM ath cards are probably an older chip than AR5413. Maybe
AR52xx ?
Yes, mine is 5213. And so are CM9's. The 5413 is only in the Mikrotik AP.
The ath driver has never worked well with the newer stuff in my
experience. But these days,
Hello everyone.
I have a AP with AR5413 with RouterOS and several OpenBSD clients. IBM
notebooks using ath(4), iwi(4) and rum(4) work perfectly. The problem
happens when I try to connect my alix board (4.7-release, i386) with
Wistron Neweb CM9 (with unlocked all channels, cos we use 5500-5700
Hello everyone.
Yesterday I compiled some stuff from ports, when my i386 -current (about
two days old) paniced (onproc was one of those cc(1)):
Debugger(), panic(),
mtx_enter+0x5a(d0a2fc20, d2bae000, d2baf000, 0, 0)
uvm_pseg_release+0x6b
uvm_swap_allocpages+0x8d9
uvm_swap_get+0x38
2010/7/18, Matt S maschwa...@gmail.com:
Hello,
Could someone tell me why, given the following ruleset, I cannot get to my
machine from the outside on ipv6?
Because you didn't allow neighbor discovery?
pass in on $ip6if inet6 proto icmp6 icmp6-type \
{echoreq,unreach,neighbrsol,neighbradv}
2010/7/13, jackwssp q jackw...@gmail.com:
Who knows anything about the secret keys in the packet filter(pf), such as
way only for developers.
You can actually read the code yourself, find them and write paper
about them... Don't forget to mail misc@ about it.
--
MP
2010/7/13, Ted Wynnychenko ted@comcast.net:
the network card will be the same, since it's moving too
Actually, it doesn't have to; its number might change due to different
motherboard layout (happened to me on one crappy ECS). Then you end up
playing with config(8).
--
Martin Pelikan
2010/7/12, Paolo Aglialoro paol...@gmail.com:
Unfortunately the question was meant for a dual boot P3-M 256MB laptop, so
BTW: I can hardly think of a person I know who used XFS on laptop and
didn't lose at least subset of his data there. My suggestion: run,
before it's too late. Ext3fs works for
2010/6/18, Rioux, Christophe cri...@viseo.net:
Hi
We tried to implemant a monitoring on a OpenBSD 4.4; I get an error message:
index not found (monitoring via Cacti, means net-snmp). My Cacti server is
hosted on another server.
So do we, our cacti is 0.8.7e, from some redhat repository quite
Hi,
this you might already know, but good rule of thumb is to set the
levels manually for each source (according to its dynamics), having
peaks around -6dB to -10dB. If you have manual volume/gain control on
your recording device/preamp, I'd set all levels in the computer to
80% of the scale and
Hello misc@, claudio@,
I've noticed that when I propagate subnet of size /63 on our ospf-v3
network (unfortunately on routeros), ospf6d not only marks the ASE
update as invalid, but also refuses to move on with the rest, ending
up filling logs with nonsense in endless loop.
This diff only makes
Hello misc,
I tried to set up relayd on internet gateway to handle our web
requests this way:
- site.org, www.site.org and intranet.site.org forward to our
main web server
- *.site.org forward to the secondary web server (handling all those domains)
At this time the site.org requests go to the
2010/5/22, dontek don...@gmail.com:
Yes, thanks, I've read the man pages. I've even made the proposed
connection
work both ways. (less the DHCP working) What I was hoping for was a few
that
have more experience than I do to share their experiences and tell me some
of
the potential
2010/5/22, Don Reis reisd...@gmail.com:
I have the idea that to make DHCP work over IPSec on my VPN gateway, I have
to make dhcpd listen on lo0, and then have dhcrelay listen on enc0 and relay
to lo0. (dhcpd runs on same machine)
Why doesn't dhcrelay find enc0? And Is this the proper way to
Hi
did you actually read any piece of documentation about the topic?
Manual pages like ipsec(4) for overview, ipsec.conf(5) for
configuration and isakmpd(8) + keynote(3,4,5) + openssl(1) + authpf(8)
for possible ways of authenticating your warriors.
I've found many examples via Google. Some are
If your firewall has to run in not so hostile conditions like sub-zero
temperatures or large temp differences over short time (typically
right under the roof), consider using flash memory (CF-ATA converters
being available around 20 USD) instead of hard disk + eventually mfs
for some logging or
Is it possible that you have multiple addresses on $ext_if? You NAT it
to the first one (:0), but tunnel established using FQDNs could try to
send stuff to another IP that doesn't match your NAT table. Have you
actually seen anything going out of the external boxes on your
firewall? Pflog and
2010/5/11, Chris Smith obsd_m...@chrissmith.org:
Maybe I'm missing something:
You might want something like this:
# mkdir /var/log/rd ; chmod 700 /var/log/rd ; chown _pflogd:_pflogd
/var/log/rd
# echo 'pflogd_flags=-f /var/log/rd/pflog ' /etc/rc.conf.local
# echo 'swap /var/log/rd/ mfs
Hi,
my guess would be somewhere about line 2803 in pf.c:
when the rule matches for the first time, it reaches the if (af !=
AF_INET6) which is isn't (pfctl's parse.y sets it to 0 when AF
omitted). There's also a subtle name inconsistency between use of 'af'
and 'pd-af' (compare ICMP4 vs 6 cases),
Hi,
I've recently written czech keyboard layout to the console. It's
basically standard cz_qwertz layout with every character that
one might need from the us layout hidden under AltGr in the standard
way (as in X.org).
I don't know what's wrong about 29th layout in the kernel to get me
banned from
41 matches
Mail list logo