Q: Threads Support in ssl(8)?

Hello list, Is there any specific reason, such as for example concerns about security or about stability, why THREADS support is not turned on in OpenBSD's OpenSSL by default? (Apparently, it isn't neither in FreeBSD nor in NetBSD.) Or, was there so far simply no need for THREADS support to be

dmesg amd64-current on Sun Fire X4600 M2

Thanks for all posts with dmesgs from Sun Fire X2100 / X4100 / X4200 (although most without M2 suffix). They helped us in our purchasing decision of several such servers with M2 suffix. Please find below the dmesg of amd64.mp-current (snapshot 23-Aug-2007) on a Sun Fire X4600 M2 which is equipped

dmesg amd64-current with ACPI on Sun Fire X4200 M2

Currently, this brand new X4200 M2 only has one of its two sockets equipped with a dual-core Opteron. Some observations: 1. amd64 bsd-snapshot of 28. Aug (single core, without ACPI) appears to run stable; 2. amd64 bsd.mp-.snapshot of 28. Aug (dual core, without ACPI) crashes during/shortly after

Re: unstable and multiple reboot for 4.2 on Sun X4100 M2 with ACPI enable on AMD64 bsd.mp with SAS RAID 1 setup.

I did observe similar behaviour on four X4100 M2 as well (two with one socket dual-core, two with two sockets dual-core Opterons) using amd64 bsd.mp snapshots from 23 and 28 Aug.. Currently, amd64 bsd.mp snapshot 28. Aug is running stable on those four servers, although using a single SAS disk

Re: unstable and multiple reboot for 4.2 on Sun X4100 M2 with ACPI enable on AMD64 bsd.mp with SAS RAID 1 setup.

The latest snapshot (13. Sept). of amd64 bsd.mp with ACPI enabled runs stable on two X4100 M2 which are identically configured (single SAS disk only, no RAID-1 yet, with current BIOS/SP/SAS Firmware from Sun). As Daniel already observed with a snapshot that is two days older, booting is much

dmesg of i386 on Virtual Iron 4.0.5

Virtual Iron (VI) is a commercial virtualisation product based on Xen 3.1 dom0 which boots unmodified bsd.rd i386 and installs in a domU. As you can see from the dmesg below, it occasionally complains about timeouts on re0, and the virtual console gets cluttered in the later stages of the install.

hoststated: throws Undefined error: 0 in i386 -current

This simple configuration file for hoststated below is syntactically correct (and semantically, too), however apparently only if its file mode bits are 600 (which makes sense). Somehow, I ended up with mode bits being set to 644, upon which hoststated refused to accept it but throws an Undefined

Re: iSCSI

A quick Google search shows some people having success in porting NetBSD's iSCSI to OpenBSD. perhaps Marco will chime in on this. diana If testers for an iSCSI initiator on OpenBSD should be needed, I am glad to help out. I run i386.mp-current and sparc64-current on servers that can access

Debugging pxeboot on WRAP

pxeboot from OpenBSD3.8 (but also from 3.5, 3.6. and 3.7) fails to PXE boot WRAP appliances with BIOS 1.08 which supports PXE using etherboot (see www.pcengines.ch): PC Engines WRAP.1C/1D/1E v1.08 640 KB Base Memory 130048 KB Extended Memory 01F0 - no drive found ! ROM segment 0xe000 length

Re: Debugging pxeboot on WRAP

On 12/26/05, J.C. Roberts [EMAIL PROTECTED] wrote: 01F0 - no drive found ! snip My /tftpboot/bsd should be ok as the same kernel file boot ok from a CompactFlash card. Should we assume you have removed the CompactFlash device? Yes, the CF card is removed, as someone trying PXE on Soekris

Re: Debugging pxeboot on WRAP

On 12/26/05, J.C. Roberts [EMAIL PROTECTED] wrote: Have you tried bsd.rd ? Just tried it, but pxeboot does not continue to boot either. tcpdump on the TFTP server reveals that the WRAP's PXE client actually requests and loads the pxeboot file, but does not get that far where it would request

Re: Debugging pxeboot on WRAP

After inserting some printf() debug statements into /sys/arch/i386/stand/libsa/pxe.c I found that the call to the assembler subroutine pxe_call(PXENV_GET_CACHED_INFO); never returns. It looks like either there is something wrong with that call, or with the PXE code from Etherboot. Rolf

Re: Debugging pxeboot on WRAP

The posting http://www.monkey.org/openbsd/archive2/bugs/200503/msg1.html is interesting, as it points out that there has already been a problem with pxe_call. single-stepping back into pxeboot. Five instructions later, I hit the lockup point at 4012:403c. The instruction causing the

Re: Debugging pxeboot on WRAP

Ah yes, according to CVS log http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/stand/libsa/pxe_call.S that real/protected mode problem should be patched since v1.2. But did current v1.3 eventually break it again? Replacing pxe_call.S v1.3 by v1.2 does unfortunately not solve the

Re: Debugging pxeboot on WRAP

On 12/26/05, Tom Cosgrove [EMAIL PROTECTED] wrote: You could find out if pxe_call works at all on the WRAP in its current implementation by putting a printf() after it, and seeing if there' any output. Look in pxe.c:pxe_init(). Thanks, did that and definitely pxe_call() never returns. And it

Re: Debugging pxeboot on WRAP

Another OpenBSD on WRAP user wrote to me saying that pxeboot works. Also, I found http://www.ultradesic.com/?section=43 which descripbes PXE booting OpenBSD for the Soekris plattform which is very similar to WRAP. Both encouraged me to dig deeper: a) pxeboot finds both labels '!PXE' and 'PXENV'

Re: Debugging pxeboot on WRAP

Good news - my WRAPs now pxeboot OpenBSD as expected! The culprit was not pxeboot, but the etherboot PXE code 5.3.12 in BIOS 1.08 and 1.10, as supplied by PCengines. After building an etherboot 5.4.1 binary on rom-o-matic.org, merging it into the BIOS and flashing the WRAPs, network boot of

OpenBGP / OpenBSD 3.8 on WRAP and VMware 5.5.1

OpenBGP really rocks - shall send a few six packs to Sechelt rapids for your next Hackaton there - thanks guys! My upstream IP transit provider was a bit surprised when he learned that his shining Cisco 7xxx is eBGP peering - incl. MD5 sums! - since about one month to a mighty old Compaq desktop

OpenBSD-style Templates for MagicPoint Presentations

Hello list, so far I have been unsuccessful in locating templates (and fonts?) for MagicPoint presentations in OpenBSD-style, such as used in for example: http://openbsd.org/papers/ven05-henning/index.html http://openbsd.org/papers/opencon06-network/index.html

Re: ath(4) testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode

My new miniPCI with AR2413 in 11b mode is recognized under -current on a WRAP, but it fails to associate and sometimes locks up the entire system, as implictly warned by Reyk in his commit for src/sys/dev/ic/ath.con 19 Sept 2006. This ath(4) device is a wlm54g23 Compex WLM54G 200mW Atheros

Slides of Talk about OpenBGPD at DE-CIX

Bernhard Krvnung of DE-CIX recently gave a talk about OpenBGPd at SwiNOG 14: http://www.swinog.ch/meetings/swinog14/070530-openbgpd-swinog-bk-en.pdf A comitter might want to add it to the collections in events.html and/or in papers/index.html . Thanks, Rolf

GENERIC -current kernel requires modification to boot on ALIX

Hello, I found that GENERIC -current (from latest snapshot) fails to boot on ALIX (see A) below), whereas the same kernel boots fine on WRAP. For my tests, I simply swap the same 1GB CF card, from the WRAP to ALIX on which I installed OpenBSD from the latest snapshots. After disabling 'pciglxb'

Re: GENERIC -current kernel requires modification to boot on ALIX

On Jan 12, 2008 1:11 PM, Rolf Sommerhalder [EMAIL PROTECTED] wrote: I do not yet understand if the problem comes from the timer / watchdog / GPIO which glxpcib activates, or if I should try to do a BIOS upgrade of the ALIX board to the latest revision. The problem seems to occurs while

Re: GENERIC -current kernel requires modification to boot on ALIX

On Jan 12, 2008 5:00 PM, Rolf Sommerhalder [EMAIL PROTECTED] wrote: The problem seems to occurs while the function glxpcib_attach() in src/sys/arch/i386/pci/glxpcib.c attaches the watchdog timer. If I comment out the lines Upgrading the ALIX firmware from 0.98 to the latest BIOS v0.99 solved

Re: Need some guidance booting OpenBSD on an ALIX device

Any other suggestion ? It looks as if your ALIX booted through all stages and successfully loaded the kernel /bsd, but fails to start this kernel. Maybe check out http://www.openbsd.org/faq/faq14.html#Boot386 , notably item 4., to help with diagnosis and repair. Are you sure that the kernel /bsd

Re: Need some guidance booting OpenBSD on an ALIX device

On Jan 12, 2008 10:44 PM, Limaunion [EMAIL PROTECTED] wrote: Well, I finally got it booting. As suggested I upgraded the BIOS to release 0.99 and configured the device to work at 9k6bps. Now the problem is that it gets stuck just before having the login prompt, after printing the date and

Re: Need some guidance booting OpenBSD on an ALIX device

On Jan 12, 2008 10:44 PM, Limaunion [EMAIL PROTECTED] wrote: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 Also note that you are using a kernel that is over four months old and it obviously does not yet contain the extensions that were added to glxpcib(4) to support the hardware

Re: GENERIC -current kernel requires modification to boot on ALIX

On Jan 12, 2008 9:01 PM, Jan Stary [EMAIL PROTECTED] wrote: I was testing the watchdog-enabled kernel on my ALIX.1C in October for Marc Balmer ([EMAIL PROTECTED]) - he's the guy you want to contact. ... basically, the timer got correctly detected, but didn't really work - both before and

reboot(8) fails on Sun Fire X4100 M2 with latest i386.mp snapshot

Hello misc, after a successful upgrade of a X4100 M2 to the latest snapshot, the server fails to reboot after having issued the reboot(8) command as root. This was working fine before with the snapshot which was from early December (also i386 .mp, ACPI enabled manually back then, which is now

Re: reboot(8) fails on Sun Fire X4100 M2 with latest i386.mp snapshot

On Jan 19, 2008 5:04 AM, Jonathan Gray [EMAIL PROTECTED] wrote: Try this diff: Great, that fixed it, thank you. Now, will you commit it so that it will be included in a next snapshot?

Regression: Latest i386 Snapshot fails to boot on WRAP, OK on ALIX

The kernel 4.3 GENERIC#662 i386 from the latest snapshot fails to boot on WRAP, whereas it boots fine on ALIX and on other i386 machines. Whereas the kernel from the previous snapshot 4.3 GENERIC#661 i386 boots fine on WRAP and others, such as ALIX. PC Engines WRAP.1C/1D/1E v1.11 640 KB Base

Re: Regression: Latest i386 Snapshot fails to boot on WRAP, OK on ALIX

I couldn't find a copy of #662 but I don't see this with #663 on my WRAP... I confirm that #663 also boots on my WRAP (and it also does on ALIX). The snapshot with #663 has not yet made it to the mirrors in Europe, thus I pulled just the kernel file bsd from the fan out server. Thanks for your

glxpcib: tiny bug fix

Without the fix below, reading back the state of the impulse switch (GPIO24) on my ALIX always returned '0' (e.g. switch is pressed). Now it returns '1' if depressed, and '0' only while pressing it, as expected. As AMD5536_GPIO_READ_BACK was already #defined but so far unused, I assume it was

Re: relayd layer 7 http proxy and filtering questions

As a test, the URL or path filtering can allow /, *.html and *.jpg. We are unable to figure out how to get relayd to allow only these types of files, and deny any other access. Same question here as I was unable to find answers yet either, after studing the man pages, trial-and-error testing

No Watchdog with Current snapshot/i386/ on Nokia IP120

Hello, The current snapshot/i386 installed and runs successfully on a Nokia IP120 appliance with a 10 GB harddisk where I have overwritten its original IPSO/Checkpoint firewall image, see dmesg below. However, I find that no watchdog is available, as geodesc (Geode SC1100/SCx200 IAOC driver)

Re: No Watchdog with Current snapshot/i386/ on Nokia IP120

On 9/17/06, Stuart Henderson [EMAIL PROTECTED] wrote: Reboot may be easier. Looking at /usr/src/sys/arch/i386/i386/machdep.c, there's a Geode-specific reset operation used, but there's a chance it is an SC1100-only function that won't work on a plain Geode system. If that's the case, and seeing

Re: asus eee ethernet and 4.3

I have observed the same problem with lii(4) not linking up running the latest i386 snapshot, and using a 10 meter patch cable to the switch. However, when trying a short 1 m cable to the same switch port the link comes up! A fresh kernel build this past weekend from CVS exhibits the same

Re: asus eee ethernet and 4.3

Just found that my previous analysis was flawed. The problem is not related to the length of the patch cable. lii(4) comes up correctly if the eeePC is connected to the switch at the time when the eeePC is powered on. However, if the eeePC is not plugged in to the switch at powerup, then there

dhcpd sync

After updating my home firewall cluster (two ALIX boards) to the i386 snapshot two days ago, I proceeded to try the great new sync feature of dhcpd. Before, each of the cluster node was running its independent instance of dhcpd, each dishing out from non-overlapping IP address ranges, independent

memory leak with filtering bridges in i386 snapshot

The weekend before the hackaton started, I updated my 2-stage firewall clusters at home, where the outer stage is setup as a filtering bridge cluster, and the inner stage is setup as a filtering router cluster. Both clusters are currently operating in active-passive mode, using pfsync, carp,

Setting priority on interface fails in latest snapshot

After updating my i386 firewall cluster to the latest snapshot (16 Jul, 22:15) # ifconfig vr0 priority 2 ifconfig: priority: bad value Is this a regression, or did the syntax change since my last update about one week ago? I did re-read the man page and also looked through the CVS commits, but

Re: Setting priority on interface fails in latest snapshot

cjeker wrote: This diff got removed from the latest snaps. Thanks for prompt reply. That's bad news, as I am using it on the firewall cluster to resolve a problem in connection with default routes and dhclient, as per your previous recommendation. Is this removal just a temporary measure until

ldattach dies after gpsd starts

Hello, since a few i386 snapshot, and also in the latest GENERIC#1012 i386, I observe that # /sbin/ldattach -p -s 4800 -t dcd nmea tty00 dies once I start # /usr/local/sbin/gpsd -N -D 2 /dev/ttyp1 This was working fine still with GENERIC#936 from mid January, shortly after mbalmer@ added the

Re: ldattach dies after gpsd starts

Do you see this as well when you use ldattach on cua00? Yes the same, no change/improvement. from /var/log/messages: ldattach[23199]: eof during read from device: Undefined error: 0 ldattach[20370]: eof during read from device: Input/output error

msk(4) with SK-9S91: Can not set 1000baseSX Single Mode Fiber Media Type

Hello misc, Two identically configured SUN V210, each equipped with a SK-9S91 PCI NIC (single port, single mode fiber 1 Gbit/s), run -current snapshot dated 20 Jan 07 The kernel detects those fiber NICs, besides the four on-board bge, see dmesg below. After boot, the msk0 come up in autoselect

Re: msk(4) with SK-9S91: Can not set 1000baseSX Single Mode Fiber Media Type

On 1/30/07, Siegbert Marschall [EMAIL PROTECTED] wrote: try media 1000baseT mediaopt full-duplex , 1G fiberlinks should be always fullduplex, rest ist not relevant since it's purely a hardware- question. wonder how the thing got it's head on 100BaseTX... apart from that it's a good idea to

Re: msk(4) with SK-9S91: Can not set 1000baseSX Single Mode Fiber Media Type

Hi Mark Most likely something is not quite right with the eephy(4) driver. eephy_status() in sys/dev/mii/eephy.c seems to be a candidate for closer examination. It appears to fall through the if() clause and does the else part, although we have a NIC with MIIF_IS_1000X :

High Interrupt Load cased by pciide with sparc64 on SUN V210

Hello misc, After having installed 4.0-current on two identically configured SUN V210 (see dmesg below), I found that their performance was unusually bad, notably with disk I/O. top reveals a permanent interrupt load of between 30 to over 50% !? # top load averages: 0.09, 0.17, 0.08

Re: vpn bridge misbehavior

Hi, On 2/2/07, Jonathan Whiteman [EMAIL PROTECTED] wrote: I'd like to get into a detailed explanation of the network topology I'm working with here but I don't want to scare off anyone by opening with a 3 page email. Your subject implies that you built a layer-2 LAN-to-LAN bridge over an

Re: msk(4) with SK-9S91: Can not set 1000baseSX Single Mode Fiber Media Type

Both boxes and fiber NICs work fine under Solaris 9 using Syskonnect's proprietary skge driver and a short cross-over fiber patch. So it is definitely not an issue with with the hardware setup, but with OpenBSD. I'll have the fiber NICs for another 10 days before I'll deploy them in a customer's

Re: High Interrupt Load cased by pciide with sparc64 on SUN V210

The high interrupt load vanished after removing the CD-ROM drives from both V210, as suggested by Mark Kettenis. Now the CPU load is down to 0%, as one expects, and the systems are much more performant and responsive than before :-) # iostat -w 1 ttycd0 sd0

Re: msk(4) with SK-9S91: Can not set 1000baseSX Single Mode Fiber Media Type

Hi Mark On 2/3/07, Mark Kettenis [EMAIL PROTECTED] wrote: Regarding the high interrupt load on the v210; try disconnecting the CD-ROM/DVD-ROM. Removing the CD drives silenced the interrupts, and the CPU load dropped to 0%, thanks. Can you try the attached diff? It has some debug printf's

Re: Testing in a virtual environment

OpenBSD i386-current works fine in VirtualIron http://www.virtualiron.com/, which is an attractive Xen-based alternative to VMware ESX. I have not tried to run amd64 as a guest in VirtualIron yet. Nor have I checked if VItools have been ported to OpenBSD since I last looked into its source one

NAT64 sample config

Maybe you are interested in giving NAT64 a try which has been committed to the tree a few weeks ago. In my first test I found it works great. Thanks to the developers for their hard work! Eventually, the following sample config saves you some time while the man pages are in the works, although

Re: OT: 10GbE Physical Network Taps

I need to collect raw throughput statistics without increasing latency or reducing bandwidth on 10GbE fiber links, so most of the typical methods are out of the question After re-reading your post(s) and the thread, I am still unsure what level of detail you need, e.g. what you mean by collect

Re: OT: 10GbE Physical Network Taps

(There is/was a voice/video recording if the session, but I can find it right now.) Here is the link to the presentation Arien held a year later, and this one has pointers to videos of his talk: 10GE monitoring live! How to find that special one out of millions

OTi Thunderbird USB Bridge in cdce(4)

In an attempt to stack ALIX boards using their USB interfaces (actually to emulate an MPLS core in the lab with three ALIX boards connected in a triangle as P routers over 480 Mbit/s USB core links), I picked up a USB to USB bridge at the local supermarket. This 20$ USB bridge is branded

Web GUI for named(8) ?

Hello list, Can you recommend any GUI that enables junior IT staff to maintain basic DNS Resource Records (such as for ex.. A, PTR, CNAME,...) for BIND 9 running on OpenBSD? Also, I will consider alternatives to named(8), provided that they support an authoritative, split DNS server and some

Virtual pseudo-device 'vwire()' anyone?

Recently, developers added the pseudo-device vether(4). Such virtual switch ports can be member of bridges. An additional pseudo-device 'vwire' would come in handy to interconnect two or more switches in a virtualized environment, without necessarily bridging to a physical switch port as well. In

Re: Virtual pseudo-device 'vwire()' anyone?

Have you ever looked at http://vde.sourceforge.net/ ? Thanks Chris for your hint, which triggered me to take a look at the VDE project on Sourceforge. Before posting, I was actually reading the documentation WIki of Virtual Square (V^2) at http://wiki.virtualsquare.org . Currently, V^2 and

Re: Virtual pseudo-device 'vwire()' anyone?

On Fri, Dec 25, 2009 at 2:37 PM, Csaba Szip css...@gmail.com wrote: OpenBSD has some network virtualization (not yet fully ready?) stuff in the tree called rdomain. I reading the current documentation, but i dont find any solution to interconnect two rdomain. I create two vether interface in

Re: gcc4,amd64 - mk.conf?

Does it make any difference having it in mk.conf or not? At the moment, I am looking into the same question. Yesterday, I went through the compiler upgrade steps on an i386-current machine. Probably, I have ended up with a gcc3-compiled gcc4 on my i386 system, although I had thought I had

OpenBSD on Freescale QorIQ ?

Is anyone working on moving macppc or socppc to the Freescale QorIQ (e500 PowerQICC core)? Although I have no hardware / evaluation board yet myself, I am looking into supporting this low-power architecture as a hobby project, in order to brush up my low level programming skills a bit. Rolf

Re: gcc4,amd64 - mk.conf?

if this solves the compile error I had encoutered while building the userland, Yes, it did. After setting COMPILER_VERSION=gcc4 in /etc/mk.conf, re-compiling gcc4 with itself just to be on the safe side, then the builds of the kernel, userland, and finally xenocara were successful. This just

MPLS: Disable Penultimate Hop Popping?

Dear list, Is there an way to disable PHP, e.g. to prevent ldpd on the last P router from stripping/popping the label before it reaches the PE router? In my little test network that runs -current as of 03 June, I observe from ldpd's lfib on the last P router that it pops the label on the ingress

Re: MPLS: Disable Penultimate Hop Popping?

Thanks Claudio for your speedy reply. Have a look at the route -n show -mpls output and check the input counter for label 20. It happily counts and confirms what tcpdump shows on the ingress interface: [r...@p2:root]# route -n show -mpls Routing tables MPLS: In label Out label Op Gateway

Re: MPLS: Disable Penultimate Hop Popping?

Yeah, the packets are dropped in the POP case of mpls_input.c that's how far I got until now. I started with a fix but my magic is not strong enough for now. After taking a look at the source, I essentially backed out changes done in rev. 1.10 /src/usr.sbin/ldpd/kroute.c . Now my test setup

Re: MPLS: Disable Penultimate Hop Popping?

Here is a fix for the PHP issue. Great, it fixes the problem. Thank you very much. The test setup works now, although I had no time yet for in-depth testing with other traffic than just ICMP pings. But pings from pe11 to pe21 make it now back to pe11 while p1 and p2 both do PHP. However, in a

Re: MPLS: Disable Penultimate Hop Popping?

What kind of HW do you use? The MPLS test setup is made from five ALIX boards, three as P routers in the core connected in a triangle, and two as PE routers. I do my tests with little soekris boxes and there the RTT is in the range of 4-5ms and indistinguishable from non MPLS operation.

hoststated(8): DNS Relay uses unexpected source IP address

Hello list, using the excellent hoststated(8), I have build a reverse proxy yellow with the snapshot from around November 3rd on an i386 box which is connected to white (another OpenBSD host) on the left via fxp2, and to orange (a Linux host) to its right via fxp3. (white.fxp3) and (fxp2.yellow)

Re: hoststated(8): DNS Relay uses unexpected source IP address

On Nov 17, 2007 4:01 PM, Rolf Sommerhalder [EMAIL PROTECTED] wrote: This unexpected behaviuor of the DNS/UDP relay then causes routing problems as the white server is by default unaware of a route for the source address (yellow.fxp3). So DNS responses from white do not get routed back

Re: hoststated(8): DNS Relay uses unexpected source IP address

On Nov 17, 2007 4:58 PM, Rolf Sommerhalder [EMAIL PROTECTED] wrote: Still, I am unsure if the DNS/UDP relay actually behaves correctly, and if this work-around does make sense. After a deep dive into the sources of hoststated, my current understanding is that this is not a problem caused

Re: hoststated(8): DNS Relay uses unexpected source IP address

On Nov 18, 2007 8:04 AM, Theo de Raadt [EMAIL PROTECTED] wrote: Oh, one does that by calling bind() beforehands, with the specific local address one which uses use, instead of 0.0.0.0. With udp this Thanks Theo for your hint. I look into this in the context of hoststated. What still puzzles

Re: hoststated(8): DNS Relay uses unexpected source IP address

On Nov 19, 2007 6:35 PM, Reyk Floeter [EMAIL PROTECTED] wrote: please try to configure the following: ... so the proposed solution is to always use listen on 0.0.0.0 port 53 with DNS relays for now. Your proposal indeed solves the problem in my multi-homed setup, and makes my work-around with

How to track down a suspected memory leak?

Hello list, I am looking for suggestions how to identify the source(s) of what appears to be a memory leak of approx. 10 MByte/day on a clustered pair of filtering bridges. These bridges are running i386 -current snapshot from Nov 2nd. They form outer, Internet-facing stage of a two stage

Re: How to track down a suspected memory leak?

On Nov 25, 2007 5:22 PM, David Higgs [EMAIL PROTECTED] wrote: Is this possibly the same memory leak mentioned below? http://marc.info/?l=openbsd-miscm=119572453509542w=2 Thanks David for this pointer. It may very well be the same issue. Even though the two bridged interfaces are em(4) (1

IP over Simulated Radio/Satellite Channels

In an effort to port a Performance Enhancing Proxy (PEP, see scps.org) to OpenBSD, I am looking at ways to simulate radio channels at IP level with loss rate, delay and jitter. Has anyone worked on, for example, extending ALTQ to add delay and/or jitter capability to OpenBSD? Would I waste my

Re: How to track down a suspected memory leak?

On Nov 25, 2007 5:22 PM, David Higgs [EMAIL PROTECTED] wrote: Is this possibly the same memory leak mentioned below? http://marc.info/?l=openbsd-miscm=119572453509542w=2 Thanks for your pointer! Indeed, this patch/errata appears to have sqashed the memory leak. A patched kernel did not loose

Running dhclient on CARP interfaces

While trying to transpose a working two-stage active-passive firewall from an enterprise network with a _fixed_ public Internet address to a much smaller home setup that must live with a _dynamic_ public IP address assigned by the DHCP server of my ISP, I observe that running dhclient(8) on

Re: Running dhclient on CARP interfaces

The really cool combination of CARP and ifstated enabled a nice work-around. The attached ifstated.conf works great in my active-passive firewall cluster setup. At least it survived all violent testing conducted over the past few hours. But it still needs to prove itself in the longer term.

Re: MPLS VPN on OpenBSD

Have you noticed the paper which Claudio Jeker had presented at EuroBSDCon 2011? http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf Althought the talk is listed at http://www.openbsd.org/events.html it is missing at http://www.openbsd.org/papers/

carp(4) requires carpdev in OpenBSD 5.7

After upgrading a firewall cluster from 5.6 to 5.7, I observed that carpX interfaces failed to come up with their settings. A manual start 'sh /etc/netstart carpX' ran without errors, although carpX still did not get its settings from hostname.carpX. However, 'ifconfig carpX 10.0.8.1 vhid 108'

Re: bridge fails to broadcast ARP from gif tunnel

After adding static ARP entries 'arp -s 172.16.1.5 ' to the ARP tables on each end HostA and HostB respectively, ping (and tcpbench) work fine end to end through the gif tunnels, from both sides. Thus my problem appears to be limited to ARP Requests resp. their Ethernet broadcasts not being

bridge fails to broadcast ARP from gif tunnel

Using the simple Layer-2 bridge setup below, an ICMP Ping 172.17.1.5 from HostA does not get to HostB while using EtherIP encapsulation with gif(4) at its tunnel end points. The Ping's initial Ethernet broadcasts with the ARP Requests make it through the gif tunnel to BridgeB, to both its bridge0

Re: bridge fails to broadcast ARP from gif tunnel

Looking at the source in sys/netinet/ip_ether.c of void etherip_decap(struct mbuf *, int); which calls etherip_getgif(struct mbuf *m) first, and then clears these flags of the _inner_ Ethernet header: ... /* Reset the flags based on the inner packet */ m->m_flags &=

Re: bridge fails to broadcast ARP from gif tunnel

Hi Goda, On Tue, Dec 1, 2015 at 10:07 AM, Kazuya GODA wrote: > It seems to bridge doesn't forward broadcast/multicast frames from gif. > This pathc will fix this problem, so would you try it? Indeed, your patch fixes the problem! Excellent, thank you very much. Now, I will go

Install from snapshot unable boot

The current snapshot fails to install from .iso at the very last step at writing the boot info to disk on VirtualBox. http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/i386/BUILDINFO Build date: 1448569476 - Thu Nov 26 20:24:36 UTC 2015 Using "the same procedure", install from an older i386

Re: Install from snapshot unable boot

On Fri, Nov 27, 2015 at 9:01 AM, Antoine Jacoutot wrote: > Yeah, that's because of pledge(2): > installboot(19095): syscall 54 "ioctl" Thank for your confirmation. I did not spot the error message above, but saw a commit from Theo last night related to installboot. So I

pair(4) + pf(4) and ipsec(4)

Hi, On a rainy/snowy Sunday, I am trying to "renovate" an ancient but working Layer-2 Ethernet bridge over IPsec over wireless LAN setup that I had implemented using isakmpd (IKEv1) in OpenBSD 4.3 on WRAP boards from PC Engines, and bring it up to date with iked (IKEv2) using latest crypto