)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Randal L. Schwartz mer...@stonehenge.com [2009-12-19 00:34]:
There's really no excuse for not knowing Perl and Python these days.
any excuse to not know python is a good and valid one. any.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP
* Floor Terra flo...@gmail.com [2009-12-19 16:47]:
But in my experience copy/paste of code in any language is dangerous.
[ ] you have ever seriously used C
heck, even perl.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting
* Floor Terra flo...@gmail.com [2009-12-19 19:10]:
On Sat, Dec 19, 2009 at 6:08 PM, Henning Brauer lists-open...@bsws.de wrote:
* Floor Terra flo...@gmail.com [2009-12-19 16:47]:
But in my experience copy/paste of code in any language is dangerous.
[ ] you have ever seriously used C
not expose the fact that
they use 4K blocks internally, they pretend to work with the
traditional 512byte blocks. And there is a trap there, as the original
article points out.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
.
That's a lot of IO for a soekris.
It's possible to kill CF cards doing builds or similar. The wear leveling
isn't that great.
hahahahahahahahaha
try it. on something recent. come back in 10 years when you suceeded.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http
that strips private AS out
of the path, but still advertises them, which isn't supported.
we really gotta fix that.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
. If I have missed something, someone
please chime in on how to configure pf to do this. Thanks.
correct.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
://sam.nipl.net/qemu.html
The short answer for OpenBSD networking in qemu:
config -ef /bsd
disable mpbios
quit
huh? many of us are using qemu on their laptops to hack on openbsd.
i'm not doing this, and i doubt any of the others does.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
the macaddr to prevent all the lazu copy pasters using
it :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
bother. I run GENERIC or GENERIC.MP, period. using -inet6 in
the hostname files and blocking all inet6 shit on the firewalls is
good enough.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
* Michiel van Baak mich...@vanbaak.info [2009-12-04 10:38]:
On 11:11, Fri 04 Dec 09, Ismail OZATAY wrote:
Can i use one my interfaces both some network and pfsync ?
If you run it over ipsec, yes.
and if you don't do so as well.
personally, I'd use vlans.
--
Henning Brauer, h...@bsws.de
that functionality (with pflow(4), of course) but no
good idea on how to do that yet.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
/OpenBSD/4.6/i386/install46.iso
please get the latest stable. this really looks like an issue i fixed
after release.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
* Joakim Aronius joa...@aronius.com [2009-12-01 15:54]:
* Henning Brauer (lists-open...@bsws.de) wrote:
* Alastair Johnson att...@googlemail.com [2009-12-01 12:00]:
Got the following error on 2 identical firewalls last night:
uvm_fault(0xd0891180, 0x0 0, 3) - e
kernel: page fault
* Derek Buttineau de...@csolve.net [2009-11-26 15:07]:
On 2009-11-25, at 6:23 PM, Henning Brauer wrote:
check ifconfig -g carp on both
Right now both are at:
carp: carp demote count 0
However, I did check that before I rebooted the backup unit and the master was
set to
carp
* Aaron Mason simplersolut...@gmail.com [2009-11-26 00:16]:
upgrade to 4.6, a number of enhancements in PF [...] since 4.1
a number, yes - somewhat close to has been rewritten
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting
* open...@e-solutions.re open...@e-solutions.re [2009-11-24 14:16]:
Using DHCP is not possible, pf block it
certainy not. dhc{p,lient} use bpf. outside pf. pf doesn't even see
those packets.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP
* AG computing.acco...@googlemail.com [2009-11-21 23:41]:
Depends on whether one trusts the NSA or not.
right, of course the NSA gets commit access and peer review rules
don't apply. right.
henn...@cvs:2$ finger nsa
finger: nsa: no such user.
hmm.
--
Henning Brauer, h...@bsws.de, henn
.
Thanks in advance
--
Ciao Ciao
_
-B- All Recycled Bytes Message ...
~
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
, a lot).
I won't paste an example here as reading the manpage bits about it
will enlighten you more :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
is seems.
The memory is used for caching the file contents in case you decide to
read those files again. It's reused for more useful things when it's
needed.
//art
Pete Vickers
p...@systemnet.no | +47 48 17 91 00
SystemNet AS
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
(or one rule per direction) or
the traffic may be blocked.
we could add a pass tagged FTPTAG rule in that case, or just
document the fact. the assumption is that you want to do something
with the packets afterwards if you are tagging, so i tend to just
document.
--
Henning Brauer, h...@bsws.de
* Bryan S. Leaman lea...@bitbytes.com [2009-11-13 17:37]:
Henning Brauer wrote:
* Bryan S. Leaman lea...@bitbytes.com [2009-11-13 01:12]:
I'm converting a pf ruleset to work with the new nat/rdr changes in 4.6
-current and I came across an issue that seems like a problem in the way
tagged
* Steve Shockley steve.shock...@shockley.net [2009-11-09 04:59]:
On 11/8/2009 7:40 PM, Henning Brauer wrote:
cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu2: Intel(R) Atom(TM) CPU 330
at most.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Didier Wiroth dwir...@gmail.com [2009-11-08 14:36]:
On Saturday 07 November 2009 18:51:03 Henning Brauer wrote:
supermicro has atom-based systems. i have such a board an am happy
with it.
Thank you very much for your feedback, it gave me a good overview!!!
This one looks really nice
OHCI root hub rev 1.00/1.00 addr 1
uplcom0 at uhub1 port 2 Prolific Technology Inc. USB-Serial Controller rev
1.10/3.00 addr 2
ucom0 at uplcom0
softraid0 at root
root on sd0a swap on sd0b dump on sd0b
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full
was wondering if some of you are using this type of low power
hardware at home?
Can you recommend such a rack-mount device?
Can you recommend a european online reseller?
supermicro has atom-based systems. i have such a board an am happy
with it.
--
Henning Brauer, h...@bsws.de, henn
?
they are not identical, they can serve the same purpose.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Eric Faurot e...@faurot.net [2009-11-06 10:43]:
On Fri, Nov 06, 2009 at 10:07:51AM +0100, Henning Brauer wrote:
* Robert Waite winstonwa...@gmail.com [2009-11-05 20:08]:
I have been on OBSD 4.4 for a bit and had not really messed with pf.conf
for
a while.
When I updated
to.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
yes, that is exactly the purpose of set loginterface.
pfctl -vvsI is what you're after.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
write them.
oh sorry - forgot the HOWTO:
1) get shell access
2) type man pf.conf
3) look for optimization
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
to upgrade php to 5.2.11, from -stable.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
ntpd
do? sit there forever?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
could run?
yes:
echo delete this pic of my ass: http:///; | mail -s asspic henning
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
There is no ldpd or ldpdctl program in OpenBSD. Maybe you mean ldp and
lpc?
they are not part of the regular builds yet since they aren't ready
really. you have to build them yourself from
/usr/src/usr.sbin/ldp{d,ctl}. manpages will be built then too.
--
Henning Brauer, h...@bsws.de, henn
flawed. many things can only properly or at all be done
at kernel level or with kernel support.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg
project, or would a portable OpenBGPd need to be a
separate project?
openssh style
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Vadim Zhukov persg...@gmail.com [2009-10-05 13:38]:
Currently pf accepts both rules with address family set to
AF_INET/AF_INET6 and to plain 0. It behaves correctly in both ways, but
I'm not sure, is it desired to have rules with address family
unspecified?
yes.
--
Henning Brauer, h
: 0 Bytes: 0 ]
In6/Block: [ Packets: 46 Bytes: 3312 ]
Out6/Pass: [ Packets: 2 Bytes: 136 ]
Out6/Block: [ Packets: 0 Bytes: 0 ]
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
stuff (route-to/reply-to/dup-to)
2. Is it OK if I'll hack it to make possible even crazy rule like this:
pass in on $if1 from $a to $b rdr-to $c \
route-to ($if3 $gt3) reply-to ($if2 $gt2) dup-to $if4
this doesn't work right now, see above, that soves it
--
Henning Brauer, h
* Tom Van Looy t...@ctors.net [2009-09-23 12:32]:
Henning Brauer wrote:
so, otto, tedu, matthieu, oga and myself went to eurobsdcon in
cambridge. to take the summary ahead, it was a very nice event.
Thanks you all for doing the presentations and sharing the
papers/slides. Awesome
events by submitting openbsd
talks (don't be afraid, you don't have to be a developer to speak,
this is how we use OpenBSD-style talks are fine too) and/or come as
attendee to these events.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP
does.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Robert rob...@openbsd.pap.st [2009-09-17 16:34]:
On Thu, 17 Sep 2009 11:16:58 +0200
Henning Brauer lists-open...@bsws.de wrote:
* Aaron Mason simplersolut...@gmail.com [2009-09-17 03:52]:
Would these drives by any chance be similar to the 1.8 ZIF drives
used in (*shudder*) 5th gen
the machines?
Again. OpenBSD really sucks at this one.
wut? trivial. takes me under 5 minutes usually.
Building from source is light years
more difficult than 'apt-get update apt-get upgrade, or 'yum upgrade' or
the
like.
so don't fucking do it, use releases and packages.
--
Henning
* - Tethys tet...@gmail.com [2009-09-16 17:37]:
On Wed, Sep 16, 2009 at 3:39 PM, Henning Brauer lists-open...@bsws.de
wrote:
Building from source is light years more difficult than
'apt-get update apt-get upgrade, or 'yum upgrade' or
the like.
so don't fucking do it, use releases
(failover was a PIII-750, which
showed a lot lower load, I think it was more the cache than the MHz).
i have a bgp machine forwarding 800MBit/s of real world generic
internet traffic. can handle at least twice that. enough of a
benchmark?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web
* Daniel Ouellet dan...@presscom.net [2009-09-15 16:21]:
Henning Brauer wrote:
* Nick n...@holland-consulting.net [2009-09-15 13:52]:
Yep. Most performance-oriented thing I've done with OpenBSD was
firewalling a 45Mbps T3 line. It did tax the machine a little bit,
but the primary firewall
router as well may well be very educating to many.
I don't know how up-to-date is, but it's a good reference:
http://www.bsws.de/en/technic/network.shtml
the router in question is not in that network.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full
* Florian Fuessl f...@degnet.de [2009-09-15 17:31]:
Hi Henning,
-Original Message-
From: owner-m...@[...] on Behalf
Of Henning Brauer
Sent: Tuesday, September 15, 2009 2:39 PM
Subject: Re: Defending OpenBSD Performance
* Nick n...@holland-consulting.net [2009-09-15 13:52
on this setup, it's not mine, we just run some
stuff for them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
this is working:
pass in quick log on vlan101 reply-to {(vlan101 a.b.c.14)}
http://www.openbsd.org/faq/current.html#20090902
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
* J.C. Roberts list-...@designtools.org [2009-09-03 19:12]:
On Wed, 2 Sep 2009 18:16:54 +0200 Henning Brauer
lists-open...@bsws.de wrote:
i don't see any connection to force10.
the successor of the 9000 line is the 8200zl and from all i can tell
(i never touched on of those myself) has
,
and the force10s are way way way more expensive. different league,
entirely.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
. test this as much as you can, to avoid
surprises in 4.7, and bugs showing up after release... we really want
to find them beforehands, right?
henning
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
for the slower archs a bit later... like always :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
done that from day #1
on, and there is no button to disable it. i actually had the flap
dampening in my first prototype that couldn't do anything with update
messages but drop them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure
consider harsh tone was very efficiently pointing you to
the problem, without useless chatter (like this mail).
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Nice Daemon nicedae...@googlemail.com [2009-08-14 13:08]:
The point was that Henning started insulting.
I didn't.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers
* Olivier Mehani sht...@ssji.net [2009-08-14 14:45]:
On Thu, Aug 13, 2009 at 05:31:39PM +0200, Henning Brauer wrote:
I'm suspecting that syntax b(interface)b in pf.conf only
resolves to the IPv4 addresses of the interface.
wrong.
Right, thanks for this terse answer Henning (:
I
the subnet in question.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
255.255.255.255.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Nice Daemon nicedae...@googlemail.com [2009-08-13 17:00]:
On Thu, Aug 13, 2009 at 4:46 PM, Henning Brauer lists-open...@bsws.dewrote:
* Nice Daemon nicedae...@googlemail.com [2009-08-13 16:33]:
inet xx.yyy.253.225 netmask 0xff00 broadcast 255.255.255.255 (this is
carp IP in upstream
* Olivier Mehani sht...@ssji.net [2009-08-13 17:28]:
I'm
suspecting that syntax b(interface)b in pf.conf only resolves to the
IPv4 addresses of the interface.
wrong.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
.
*sigh*
fork does not change uids. none of them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
showed a serious lack of understanding for tcp.
no I won't elaborate, using my time to code (in another area) is more
productive (and more fun) than using it to talk about code that won't
be written.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP
a ftp-proxy anchor.
it has userland helpers for the most relevant protocols.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Christiano Farina Haesbaert christiano...@gmail.com [2009-07-21 21:02]:
openbsd usually runs on small underpowered servers/routers
rright.
it's also slow, ya know.
and beer is dry.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP
state an identical existing state was found.
that should not happen, but the code deals fine with it.
in -current that message is a bit more verbose to allow diagnostics.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
is an Intel GM965 builtin (8086 2a03).
You are correct. However, xclock is part of the X.org project and thus
it would be best if you could report this bug upstream at
http://bugs.freedesktop.org.
if memory serves we changed the default locally tho.
--
Henning Brauer, h...@bsws.de, henn
* Owain Ainsworth zer...@googlemail.com [2009-07-14 18:33]:
On Tue, Jul 14, 2009 at 04:19:28PM +0200, Henning Brauer wrote:
* Owain Ainsworth zer...@googlemail.com [2009-07-14 16:12]:
On Tue, Jul 14, 2009 at 03:23:09PM +0200, Nido wrote:
According to the xclock man page, under options
* Sevan / Venture37 ventur...@gmail.com [2009-07-14 19:50]:
Still some time to go but wondering, who's going?
I'm very much looking forward to attending for the time.
otto, tedu and I will be speaking. enough incentive? :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
, DIOCXBEGIN, 0) ||
+ ioctl(dev, DIOCSETDEBUG, level) ||
+ pfctl_trans(dev, t, DIOCXCOMMIT, 0))
+ err(1, pfctl_debug ioctl);
+
if ((opts PF_OPT_QUIET) == 0) {
fprintf(stderr, debug level set to ');
switch (level) {
--
Henning
.
The obvious method of add them to a queue and
Using overload to block the source IP can
not be used (with the current 4.5 version of pf
since you cannot add a packet to a queue that
is blocked.
yes it'll work.
that doesn't mean it makes sense tho.
--
Henning Brauer, h...@bsws.de, henn
1.176
date: 2002/10/29 15:23:38; author: henning; state: Exp; lines: +16 -2
introduce
set require-order [yes|no]
default is yes.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Pete Vickers peter.vick...@gmail.com [2009-06-19 10:06]:
On 19. juni. 2009, at 00.10, Henning Brauer wrote:
* Pete Vickers p...@systemnet.no [2009-06-19 00:02]:
Actually, the sooner the IPv4 space gets used up the
better, then everyone will have to migrate to IPvShit, and be done
:-)
___
freebsd-sta...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full
* Pete Vickers p...@systemnet.no [2009-06-19 00:02]:
Actually, the sooner the IPv4 space gets used up the
better, then everyone will have to migrate to IPvShit, and be done with
it.
that doesn't solve a single problem.
in return, you get a plethora of new ones on top.
--
Henning Brauer, h
in advance.
no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
celeborn /bsd: pf: state key linking mismatch! dir=OUT,
if=bge0, stored af=2, a0: 10.136.248.119:42137, a1: 10.137.0.130:993,
proto=6, found af=2, a0: AAA.AAA.AAA.AAA, a1: BBB.BBB.BBB.BBB, proto=47.
fixed in -current and no need to worry really
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
carp.
Is this idea that I'm figuring out possible or have I missed something?
definately possible.
Has anyone set up such an architecture before?
ya
Any hints or suggestions for improvements?
do it :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
* Georg Kahest ge...@viatel.ee [2009-06-02 10:01]:
The rules look identical to me at the moment, but i will doublecheck
them, one thing thou i dont have same interface names at both boxes,
that is your problem.
checksum in pfctl -vsi must be identical.
--
Henning Brauer, h...@bsws.de, henn
.
Where I was wrong?
you don't have the changed pfvar.h in /usr/include/net/
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
queue it should use is at 8mbit.
that is expected with states without reference back to a rule. this
clearly proves your rulesets are not identical, because otherwise that
ref would have been there.
and in any case - current behaves differently, queueing info now lives
on the state.
--
Henning Brauer
* irix i...@ukr.net [2009-05-27 06:14]:
May be someone better to write in a kind of pseudo device ifb
may be someone better to do my laundry
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
the crap. re(4) cards are ok.
I would not exactly run my performance critical core routers on them,
but that is not their purpose. re is not rl.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated
be willing to review your code once you submit it
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
the MD5, this is a known issue not
easy to solve. could be some more shit still in the socket buffers
that gets sent out after bgpd already removed the SAs on its
shutdown.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
are free to do it
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
also has the diff attached
that is going to be written and committed.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
There is a shortage of adding dynamic queues and the completion of porting
cdnr
and may be add some queue disciplines from altqd like blue, JoBB, as
you think ?
we will certainly not add more disciplines, what for. we'd rather
remove cbq, since it can be expressed in hfsc.
--
Henning Brauer, h...@bsws.de
to use this card when
cryptography is necessary.
crypto accellerators are used automagically as far as they are
supported. no buttons.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
thing soon.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
than twice as fast as it was in
the 3.7 days and gained a lot more you don't wanna miss.
pf on !OpenBSD is the starter drug. no more.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
601 - 700 of 1518 matches
Mail list logo