Re: what happened to the encap address_family

2015-05-15 Thread Michał Koc 
Tank You for the authoritative answer,

so we will have to get used to the, let say new, ipsecctl output.

Also good to know that monitoring tools have to look some elsewhere to 
see VPN and routing is up :)
Instead of waking 12 people at 1:00 AM :)

Anyway, in my opinion this king of exercises are healthy :)
Than we can have a beer at 8:00 AM and have working day behind LOL

Good news that OpenBSD is following best practices - as always :)

Seriously - good job as always - users have to adapt - evolution or death

Best regards and good luck
Micha³ Koc

-- Wiadomo¶æ oryginalna --
*Temat: *Re: what happened to the encap address_family
*Nadawca: *Theo de Raadt dera...@cvs.openbsd.org
*Adresat: *Micha³ Koc m...@dclog.pl
*Kopia: *Fred open...@crowsons.com, Boris Goldberg 
bo...@twopoint.com, misc@openbsd.org
*Data: *2015-05-16 01:04
 Let me repeat myself: anyone CAPABLE to answer (and understand the
 question) ?

 I really admire and appreciate your (misc) commitment.
 netstat was largely rewritten to not use kvm snooping.  It now
 only gets information from the kernel via sysctl.  The result is
 that it does not race against the kernel in uncomfortable ways,
 shows atomic data, and loses a setgid bit.

 A few pieces of functionality went away.  I believe ipsecctl will
 show you what you need.





-- 
Micha³ Koc
Head of System Development

Mobile: +48 886 566 357
E-mail: m...@dclog.pl
WWW:http://www.dclog.pl/


perl -e 
'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m'



*DCLOG Sp. z o.o.*
03-934 Warszawa, ul. W±chocka 1M
NIP 1132851126, REGON 145879741
KRS 401936 S±d Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy
Kapita³ zak³adowy spó³ki: 75.000 z³ op³acony w ca³o¶ci


Informacja ta jest poufna i mo¿e zawieraæ materia³y objête prawem 
autorskim. Ostrzegamy, i¿ kopiowanie lub dystrybucja tej wiadomo¶ci s± 
dozwolone tylko przez adresata. Je¶li nie s± Pañstwo adresatami tej 
informacji, prosimy o szybkie poinformowanie o tym nadawcy poczt± 
elektroniczn± lub telefonicznie pod nr +48 886 566 357 i skasowanie 
wiadomo¶ci.

Re: what happened to the encap address_family

2015-05-15 Thread Fred 

On 05/15/15 21:13, Michał Koc wrote:

Hello misc,

anyone capable to answer ?

Best regards
Michał Koc

-- Wiadomość oryginalna --
*Temat: *what happened to the encap address_family
*Nadawca: *Boris Goldberg bo...@twopoint.com
*Adresat: *misc@openbsd.org
*Data: *2015-05-14 18:14

Hello misc,

   The encap address_family isn't in the netstat man page anymore (BTW, there
is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current).
The netstat -nrf encap gives an error, the netstat -nr doesn't have the
Encap section.
Don't see anything about netstat nor about encap at
http://www.openbsd.org/57.html, the google also didn't help.

How do I check VPN related routing besides ipsecctl -s flow (which
isn't exactly the strait way) ?






do you mean:

man 4 enc

as in:
port:fred ~ ifconfig enc
enc0: flags=0
priority: 0
groups: enc
status: active

Re: what happened to the encap address_family

2015-05-15 Thread Michał Koc 
Hi misc,

Let me repeat myself: anyone CAPABLE to answer (and understand the 
question) ?

I really admire and appreciate your (misc) commitment.

Best regards
Michał Koc
-- Wiadomość oryginalna --
*Temat: *Re: what happened to the encap address_family
*Nadawca: *Fred open...@crowsons.com
*Adresat: *Michał Koc m...@dclog.pl, Boris Goldberg 
bo...@twopoint.com, misc@openbsd.org
*Data: *2015-05-16 00:25
 On 05/15/15 21:13, Michał Koc wrote:
 Hello misc,

 anyone capable to answer ?

 Best regards
 Michał Koc

 -- Wiadomość oryginalna --
 *Temat: *what happened to the encap address_family
 *Nadawca: *Boris Goldberg bo...@twopoint.com
 *Adresat: *misc@openbsd.org
 *Data: *2015-05-14 18:14
 Hello misc,

The encap address_family isn't in the netstat man page anymore 
 (BTW, there
 is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just 
 current).
 The netstat -nrf encap gives an error, the netstat -nr doesn't 
 have the
 Encap section.
 Don't see anything about netstat nor about encap at
 http://www.openbsd.org/57.html, the google also didn't help.

 How do I check VPN related routing besides ipsecctl -s flow 
 (which
 isn't exactly the strait way) ?




 do you mean:

 man 4 enc

 as in:
 port:fred ~ ifconfig enc
 enc0: flags=0
 priority: 0
 groups: enc
 status: active





-- 
Michał Koc
Head of System Development

Mobile: +48 886 566 357
E-mail: m...@dclog.pl
WWW:http://www.dclog.pl/


perl -e 
'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m'



*DCLOG Sp. z o.o.*
03-934 Warszawa, ul. Wąchocka 1M
NIP 1132851126, REGON 145879741
KRS 401936 Sąd Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy
Kapitał zakładowy spółki: 75.000 zł opłacony w całości


Informacja ta jest poufna i może zawierać materiały objęte prawem 
autorskim. Ostrzegamy, iż kopiowanie lub dystrybucja tej wiadomości są 
dozwolone tylko przez adresata. Jeśli nie są Państwo adresatami tej 
informacji, prosimy o szybkie poinformowanie o tym nadawcy pocztą 
elektroniczną lub telefonicznie pod nr +48 886 566 357 i skasowanie 
wiadomości.

Re: what happened to the encap address_family

2015-05-15 Thread Theo de Raadt 
 Let me repeat myself: anyone CAPABLE to answer (and understand the 
 question) ?
 
 I really admire and appreciate your (misc) commitment.

netstat was largely rewritten to not use kvm snooping.  It now
only gets information from the kernel via sysctl.  The result is
that it does not race against the kernel in uncomfortable ways,
shows atomic data, and loses a setgid bit.

A few pieces of functionality went away.  I believe ipsecctl will
show you what you need.

Re: what happened to the encap address_family

2015-05-15 Thread Christian Weisgerber 
On 2015-05-14, Boris Goldberg bo...@twopoint.com wrote:

  The encap address_family isn't in the netstat man page anymore.
 The netstat -nrf encap gives an error, the netstat -nr doesn't have the
 Encap section.

Yes, this has been excised from netstat(1).

   How do I check VPN related routing besides ipsecctl -s flow (which
 isn't exactly the strait way) ?

That's exactly the intended way.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: what happened to the encap address_family

2015-05-15 Thread Michał Koc 
Hello misc,

anyone capable to answer ?

Best regards
Michał Koc

-- Wiadomość oryginalna --
*Temat: *what happened to the encap address_family
*Nadawca: *Boris Goldberg bo...@twopoint.com
*Adresat: *misc@openbsd.org
*Data: *2015-05-14 18:14
 Hello misc,

   The encap address_family isn't in the netstat man page anymore (BTW, there
 is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current).
 The netstat -nrf encap gives an error, the netstat -nr doesn't have the
 Encap section.
Don't see anything about netstat nor about encap at
 http://www.openbsd.org/57.html, the google also didn't help.

How do I check VPN related routing besides ipsecctl -s flow (which
 isn't exactly the strait way) ?



-- 
Michał Koc
Head of System Development

Mobile: +48 886 566 357
E-mail: m...@dclog.pl
WWW:http://www.dclog.pl/


perl -e 
'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m'



*DCLOG Sp. z o.o.*
03-934 Warszawa, ul. Wąchocka 1M
NIP 1132851126, REGON 145879741
KRS 401936 Sąd Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy
Kapitał zakładowy spółki: 75.000 zł opłacony w całości


Informacja ta jest poufna i może zawierać materiały objęte prawem 
autorskim. Ostrzegamy, iż kopiowanie lub dystrybucja tej wiadomości są 
dozwolone tylko przez adresata. Jeśli nie są Państwo adresatami tej 
informacji, prosimy o szybkie poinformowanie o tym nadawcy pocztą 
elektroniczną lub telefonicznie pod nr +48 886 566 357 i skasowanie 
wiadomości.

what happened to the encap address_family

2015-05-14 Thread Boris Goldberg 
Hello misc,

 The encap address_family isn't in the netstat man page anymore (BTW, there
is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current).
The netstat -nrf encap gives an error, the netstat -nr doesn't have the
Encap section.
  Don't see anything about netstat nor about encap at
http://www.openbsd.org/57.html, the google also didn't help.

  How do I check VPN related routing besides ipsecctl -s flow (which
isn't exactly the strait way) ?

-- 
Best regards,
 Boris  mailto:bo...@twopoint.com