on the system for every packet.
nah. we get calls from the interface subsystem when interfaces show up
or go. just a few lines of code missing to deal with skip.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS
happilly adopt FHS if you guys make it match hier(7).
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
that on a 32 bit machine. or a big endian one.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
checksum verified */
#defineM_IPV4_CSUM_IN_BAD 0x0010 /* IPv4 checksum bad */
#defineM_TCP_CSUM_IN_OK0x0020 /* TCP/IPv4 checksum verified */
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
* Henning Brauer henn...@openbsd.org [2011-04-05 18:22]:
- if (m-m_pkthdr.csum_flags M_IPV4_CSUM_OUT)
+ if (m-m_pkthdr.csum_flags M_IP_CSUM_OUT)
err. minus this of course.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full
same here, please help by testing so i can go on
* Henning Brauer henn...@openbsd.org [2011-04-02 17:39]:
so now that the loopback link1 crap is out of the way - use the rb
tree for local address lookup in ip_input instead of traversing the
list of interfaces traversing the list of addresses
++;
} else
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Alexander Bluhm alexander.bl...@gmx.net [2011-04-03 19:38]:
On Sat, Apr 02, 2011 at 02:49:09PM +0200, Henning Brauer wrote:
lo has that link1 wankery where it kind of replies to all addresses in
the subnet, except that it doesn't really - it is very halfbaked and
gets in the way. unless
Index: rde_decide.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde_decide.c,v
retrieving revision 1.60
diff -u -p -r1.60 rde_decide.c
--- rde_decide.c3 May 2010 13:09:38 - 1.60
+++ rde_decide.c3 Apr 2011 22:39:19
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
{
error = EADDRNOTAVAIL;
break;
}
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
if memory
serves)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
it'll be a bit, but the previous 0.13.something was oh so much worse
than 0.9.x.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
for that matter)?
Somebody could send us such a packet.
I'm pretty damn sure we catch that way earlier.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Camiel Dobbelaar c...@sentia.nl [2011-02-04 13:21]:
With hundreds of (vlan) interfaces, a shutdown takes quite a while.
Fix below.
hmm. this relies on all carp interfaces being in the carp interface
group. while that is the default, it is not necessarily so.
--
Henning Brauer, h...@bsws.de
* Camiel Dobbelaar c...@sentia.nl [2011-02-04 15:30]:
On 4-2-2011 15:06, Stuart Henderson wrote:
On 2011/02/04 14:37, Camiel Dobbelaar wrote:
On 4-2-2011 13:32, Henning Brauer wrote:
* Camiel Dobbelaar c...@sentia.nl [2011-02-04 13:21]:
With hundreds of (vlan) interfaces, a shutdown takes
pppoeX - pppoe group
and so on
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Tobias Weingartner weing...@tepid.org [2011-02-04 20:19]:
On Friday, February 4, Henning Brauer wrote:
i don't think there is is special treatment for the carp group. but
memory is fuzzy. we might very well forget to clean up when a group
becomes empty.
There is a bit of an inconsistency
is verboten, period. use a workq or sth. rtsol
has been fixed that way, pppoe apparently still needs that fix.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
a different interface the next time i run it?
seriously, the first is fine and covers almost all cases. don't
overengineer.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers
3). apparently we missed a few cases of the old ones (misc,
loud etc).
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
| floating ) ]
[ state-defaults state-opts ]
# Han
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
had found the time
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
creation;
I might be mistaken but I think this will break compatibility with
the pfsync wire format used by earlier versions.
you are - we don't send pf_state over the wire any more but use a
seperate pfsync_state.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
* Brynet bry...@gmail.com [2010-10-30 11:12]:
All I was trying to communicate is that the exposure of a users home
directory is something that must be dealt with by system administrators
or preferably by the individual users themselves.
[ ] you grok sane defaults
--
Henning Brauer, h
to agree here.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
I received a fair number of positive test reports and would like to
commit this, aka looking for oks.
* Henning Brauer lists-openbsdt...@bsws.de [2010-09-28 11:48]:
hello?
* Henning Brauer lists-openbsdt...@bsws.de [2010-09-24 10:35]:
I'd really like more and heacy testing on this. has
so just pad the header to be a mutiple of 8 bytes, makes pflogd happy
on 64bit archs
Index: if_pflog.h
===
RCS file: /cvs/src/sys/net/if_pflog.h,v
retrieving revision 1.17
diff -u -p -r1.17 if_pflog.h
--- if_pflog.h 21 Sep 2010
for 64bit platform. will
dig asap, but now i need to get ready to leave for eurobsdcon ;)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
I'd really like more and heacy testing on this. has the potential for
a great speedup on boxes with many IPs.
* Henning Brauer lists-openbsdt...@bsws.de [2010-09-23 13:51]:
oups, one superfluous check forgotten to remove.
note to self: in main tree on anakin (ryan sez it's the next level
those freaking code pathes for stateless are annoying as hell and tend
to be buggy since everybody does stateful anyway...
so here's the deal: always get us a state back when we actually pass
the packet, but don't link it into the state table. late in pf_test
throw it away if we want stateless.
that someone
might be able to circumvent tun device file permissions without the admin's
consent, for whatever reason.
ridiculous.
if someone is able to circumvent file system permisions without the
admin's consent, for whatever reason we have way bigger problems than
tun.
--
Henning Brauer, h
in_ifaddr *);
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
*, int);
+ struct in_ifaddr *, struct sockaddr_in *, int, int);
struct in_multi *in_addmulti(struct in_addr *, struct ifnet *);
void in_delmulti(struct in_multi *);
void in_ifscrub(struct ifnet *, struct in_ifaddr *);
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web
so, eventually i want to move us to use an rb tree for interface
addresses instead of a stupid list which is linerily walked. the
basics have been discussed, there is no downside for the one real
interface with one real IP usage case, but the lots of addresses in
the system case would eventually
sigh. whoever wrote that co^Wmess^Wdesaster better never gets close to
me, physically.
the below doesn't break on 0.0.0.0 any more. problem found by sthen
with pppoe.
note to self: diff is in the main tree on luke
Index: net/if.c
,
+ ntohs(hdr-dport));
+ }
}
af = hdr-af;
length -= hdrlen;
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Stuart Henderson s...@spacehopper.org [2010-09-21 02:31]:
On 2010/09/20 11:10, Henning Brauer wrote:
oh and when the snaplen is too small i
don't do the rewrite and pass out the packet unmodified... not sure
what else we could do but dropping, which would
* Theo de Raadt dera...@cvs.openbsd.org [2010-09-21 02:36]:
On 2010/09/20 11:10, Henning Brauer wrote:
oh and when the snaplen is too small i
don't do the rewrite and pass out the packet unmodified... not sure
what else we could do but dropping, which
and now that this is in, here's the almost trivial dif to move the
logging inline, as in, when hitting a match log rule, we log
immediately and with the adresses/ports as pf sees them at that very
same moment.
i think this is quite awesome :)
match in log on re0 inet proto tcp to port
* Mattieu Baptiste mattie...@gmail.com [2010-09-06 09:43]:
This sync /etc with recent ECDSA changes.
it has been decided to let ecdsa settle a bit before doing this.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
you might have noticed an increase of diffs from openbsd devs on this
list. this is a result of a policy change, partially in response to
the belgian prick leaking our private list.
the policy we, the active OpenBSD developers, for our private list
decided for is now: membership is tightly
* Gregory Edigarov g...@bestnet.kharkov.ua [2010-08-25 15:54]:
why only nsd to the base, and not unbound?
hasn't been done yet. as simple as that.
neither has bind been removed yet.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure
what problem does that solve?
specifically, what problem does this solve that is not solved by
interface groups?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers
our standard
schema is when using vlans (e.g. freebsd-style bge0.1700 creating a vlan
with tag 1700 on bge0), but not really wanted it badly enough to do
anything about it...
same here actually :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service
for example.
without interface renaming you will end up rewriting the whole seciton
of your interface configuration script, while with it - you will only
have to change one line:
ifconfig bge0 name ether0
your what?
mv hostname.em2 hostname.em3 is not black magic.
--
Henning Brauer, h...@bsws.de, henn
weird for a module to depend on code in the ssl
module, but whatever.
that may be weird but is reality.
not necessarily for these functions, but i ran into this trap before.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
* Romey Valadez romey.vala...@gmail.com [2010-01-15 00:53]:
this patch apply to OpenBSD v4.6 -stable
we really don't care much for diffs to -stable.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
here instead of sending any response on ident port.
(silent fw)
doctor, doctor, it hirts when i push a knife in my eye!
then don't do it.
your agenda is stupid, and there is no excuse to support it.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service
.
these are NOT mutually exclusive, not at all, this is even the most
common case for many usage scenarios :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
when fixing the log flag abuse
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Claudio Jeker cje...@diehard.n-r-g.com [2009-08-05 19:04]:
This needs a bit more work and maybe it would make sense to switch away
from poll to kqueue or libevent. poll() gets inefficient when handling
large ammount of fds. But that's maybe for later.
that is DEFINATELY for later if it all.
.
pf_qname2qid()?
to write code, you have to read a lot of code first.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
201 - 256 of 256 matches
Mail list logo