Re: How to analyse excessive PF states?

Le Sat, 22 Oct 2016 18:12:37 +0200, Federico Giannici a écrit : > We have a firewall with OpenBSD 6.0 amd64 that handles about 1.5 Gbps > of traffic. > > I noticed that from a few weeks the number of states is increased > from around 250.000 to almost 2 millions (no change in PF config)! > > At

Re: pf, bridge and vether: interface with no group

Le Tue, 16 Feb 2016 13:05:51 +0100, Clemens Goessnitzer a écrit : Ok I think : the pf.conf rule ### rules for internal network ### pass inet proto { tcp, udp } from internal:network to port $udp_services is expanded to pass inet proto udp from 10.0.0.0/24 to any port = 22 pass inet proto udp

Re: pf, bridge and vether: interface with no group

Le Tue, 16 Feb 2016 00:10:41 +0100, Clemens Goessnitzer a écrit : > Hello misc, Hi ... > So, if I specify a group for re1, everything is working as expected. > However, if re1 is not a member of any group, DHCP request are blocked > by pf, as tcpdump shows. Is this intended behaviour? Or have

Re: Firewall cluster.

Le Wed, 09 Jul 2014 20:33:47 +0200, Mxher a écrit : Hello, > >> I'm doing few more tests and now I'm wondering if this is possible > >> to disallow CARP to have some resources on serverA and others on > >> serverB? You can use ifstated to implement your own logic. I have a pair of firewall, th

Re: unlink utility

Le Wed, 26 Mar 2014 12:19:25 +0100, "Dmitrij D. Czarkoff" a écrit : Hello, > For some reason POSIX X/Open Systems Interfaces option requires > 'unlink' utility to be present in operating system. Sure, it does > nothing that 'rm' doesn't already do, but given that 'unlink' is > already used in s

Re: Snmpd question

Le Wed, 12 Feb 2014 11:25:58 -0600, "Bales, Tracy" a écrit : Hello, > Is it possible to have a shell script modify the contents of a user > defined OID that is setup in snmpd.conf? > > I would like to have a cron event run a shell script and that script > modify the OID values so that a remote

Re: OpenBSD as a router on Oracle T5120

Le Mon, 20 Jan 2014 18:59:02 -0200, Eduardo Meyer a écrit : > hello, > > I am doing some basic testings on the above mentioned scenario and I > am stuck on some limits which I consider to be very low: I cannot get > more than 27Kpps and 200Mbit/s routing performance without starting > to loose p

Re: (5.3) load problem on em(4) MSI / interrupt ?

Le Mon, 09 Dec 2013 12:31:04 +, Stuart Henderson a écrit : Hello, > I don't think msi can be re-enabled for this part in OpenBSD, the > reason it's disabled is that there is a bug in the 82571/2 chips > (errata 63 in > http://www.intel.co.uk/content/dam/www/public/us/en/documents/specificati

Re: (5.3) load problem on em(4) MSI / interrupt ?

Le Tue, 1 Oct 2013 08:37:09 + (UTC), Stuart Henderson a écrit : Hello, > On 2013-10-01, Patrick Lamaiziere wrote: > > Hello, > > > > With OpenBSD 5.3, our firewall does not handle our network load > > well. We loose around 5% of packets and netstat shows a lot o

Re: OpenBSD and NetFlow

Le Tue, 03 Dec 2013 17:05:59 +0100, Alexis VACHETTE a écrit : > Hi everyone, Hello, > I would like to share an issue with one of my OpenBSD Firewall which > is present in my company. > > Everything was working fine until a server crash this last week-end. > > We have setup the netflow proto

(5.3) load problem on em(4) MSI / interrupt ?

Hello, With OpenBSD 5.3, our firewall does not handle our network load well. We loose around 5% of packets and netstat shows a lot of Ierr. That worked much better with 5.1. There was a change to not enable MSI on 82572 chipset on our Intel card ( "Intel PRO/1000 QP (82571EB)" rev 0x06) in 5.2 :

carp demote count in 5.3 (change since 5.1)

Hello, I'm upgrading our firewalls to OpenBSD 5.3 (with erratas) from 5.1 : As far I can see now, the firewall (without any problem) starts with a carp demote count = "33". On 5.1 the demote count was = 0 looks like the "33" comes with a pfsync bulk start Jul 29 13:51:01 ucop2 /bsd: carp: pfsync

Re: Management of pf.conf

Le Thu, 11 Jul 2013 13:18:13 +0200 (CEST), Jummo a écrit : > This works quiet good for me and my firewalls with one exception, my > big fat central router/firewall. This firewall has around 2000 lines > of pf.conf, is attached with 12 VLAN interfaces and get slowly > unmanageable with this concep

Re: PF sync doesn't not work very well

Le Wed, 03 Jul 2013 07:11:08 -0500, "Mark Felder" a écrit : > On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot > wrote: > > > Hello, > > no carp is used at this time. > > pfsync needs to be used with carp... without it you're just playing > whack-a-mole with your session table. I don't see w

Re: bad rule, or special filtering needed for bootp packets?

Le Wed, 27 Mar 2013 19:28:08 -0700, David Ruggiero a écrit : > Thanks! No, it didn't occur to me, so very appreciated. I didn't > remember that you could do that form of the table command to show > explicit members in a list, so that's also really helpful. > > FWIW, though..I would not have

Re: Why to use packages?

Le Sat, 16 Mar 2013 12:36:35 +0400, Alexander Nusov a écrit : Hello, > I'm trying to get why to use binary packages if they are not updated? I don't see any reason to use packages too (IMHO). > For example, this package confuses me: lighttpd > > ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/

Re: carp + 5.1/5.2 woes

Le Wed, 2 Jan 2013 13:39:25 +0100, Toni Mueller a écrit : Hello, > With this setup, carp1 will stay in BACKUP mode when I say "ifconfig > carp1 advskew 120" on A, while on B, it would go into MASTER > immediately. Hmm, did you check the value of the carp demote counter? # ifconfig -g carp (ju

Re: [5.1] pflow(4) flow with starttime *after* endtime

Le Fri, 27 Jul 2012 11:13:21 +0200, Hrvoje Popovski a écrit : > On 26.7.2012. 18:31, Patrick Lamaiziere wrote: > > Hello, > > > > We have just noticed that pflow (v5) sometime (but often) uses a > > StartTime value which is later than the EndTime. > &g

Re: OBSD51: using macros with reply-to

Le Thu, 1 Nov 2012 13:28:18 -0200, Fernando Braga a écrit : Hello, > pass in on $int_if from to ! route-to > $cosmo@$int_if > > However, when I issue a pfctl -sr, I get > > pass in on trunk1 inet from to ! flags S/SA > route-to 172.16.99.249@$int_if > > Shouldn't this @$int_if be translat

[PF 5.1] strange unreachable icmp reply from firewall

(openbsd 5.1/amd64) Hello, I filter icmp echoreq for one host, but on output. The rules are : pass in quick on $ext_if inet proto icmp from any to any icmp-type echoreq keep state (floating) block out quick on $int_if inet proto icmp from any to $host When I ping this $host from out, I see som

Re: Ports security updates in 5.1 or 5.2

Le Wed, 29 Aug 2012 09:59:46 +0200, Sebastien Marie a écrit : Hello, > I currently follow STABLE branch for openbsd (and so, for ports too), > which is OPENBSD_5_1. > > But, I saw that the last security updates for ports go to OPENBSD_5_2 > and not to OPENBSD_5_1. Any examples ? The probleme m

[5.1] pflow(4) flow with starttime *after* endtime

Hello, We have just noticed that pflow (v5) sometime (but often) uses a StartTime value which is later than the EndTime. So the duration is interpreted 4294966.29600 secondes. This confuses our collector (nfsen). (wireshark) pdu 19/30 SrcAddr: 194.57.169.116 (194.57.169.116)

Re: Broken pfctl ..... ? I not understand my

Le Thu, 26 Jul 2012 12:44:40 +0430, Bahador NazariFard a écrit : > "block in quick on msk0 proto tcp *to* port ssh" > whats this? > > "instead of above wrong statement, you can use "block in quick on msk0 > proto tcp from any to any port ssh" This is the same thing. The from is optional, and a

Re: [4.9-5.1] smtpd does not work anymore without resolver?

Le Tue, 24 Jul 2012 15:50:30 +0200, Gilles Chehade a écrit : Hello, > > That worked fine on 4.8, but with 4.9 the box does not send any > > mail : > > > > /var/log/mailog: > > smtpd[4269]:1317598201.5Tsv7GvPDRFc1Ozt:from=, > > size=6325, nrcpts=1, proto=ESMTP, relay=0@localhost [IPv6:::1] > >

[4.9-5.1] smtpd does not work anymore without resolver?

Hello, On 4.8 I was using smtpd to relay periodic mails. The box is a firewall and the resolver is not configured at all. smtp.conf # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. listen on lo0 map "aliases" { source db "/etc/mail/aliases.db"

Re: More bgpd problems

Le Wed, 30 May 2012 09:27:23 + (UTC), Matt Hamilton a icrit : Hello, > I'd be very interested to see your ifstated config and how you use > that to verify peers being up as we could do with some better > monitoring here. Here we use "bgpctl show summary terse" with a grep on the peer name a

Re: Router project on OpenBSD questions

Le Wed, 29 Feb 2012 13:13:30 +0100, Peter Hessler a icrit : Hello, > On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere > wrote: :OpenBSD is not perfect too, it would be nice that pflow > handles ipv6 > > pflow now handles ipv6 (in 5.1) That's cool! Thanks.

Re: Router project on OpenBSD questions

Le Mon, 27 Feb 2012 16:58:05 -0300, "Christiano F. Haesbaert" a icrit : Hello, > With a decent hardware, I think you can reach 1mpps (that's million > packets per second). I don't think. As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt.

Re: Router project on OpenBSD questions

Le Mon, 27 Feb 2012 19:38:45 +, Kaya Saman a icrit : Hello, > I have currently only used OpenBSD as a test vector setup on > VirtualBox and 2x Sun Fire V240's as a DNS server (master/slave) > using Bind9. So basically in short am an OpenBSD newbee :-) > > > Ok so here goes; > > I've been

Re: [PF] bug in port range.

Le Tue, 3 Jan 2012 17:54:18 +0100, Henning Brauer a icrit : Hello, > * Patrick Lamaiziere [2012-01-03 17:45]: > > I think there is a off-by-one error in Packet Filter port ranges, > > for example with an exclude boundary range : port1 >< port2 > > nope. > >

[PF] bug in port range.

Hello, happy new year. I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 >< port2 PF or pfctl does not check that port1 <= port2 and if port1 > port2 the port range is not correct. For example 82 >< 80 is not the same as 80 >< 8

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere a icrit : > (4.8/amd64) > I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a > firewall (one fiber and one copper). > > The problem is that we don't get more than ~320 Mbits/s of bandwith > be

Re: [5.0] pkg_add too many FTP connections

Le Wed, 30 Nov 2011 12:35:40 +0100, Marc Espie a icrit : > Fix your proxy/connection. pkg_add keeps one ftp connection alive, > not more, but it does interrupt connections brutally as soon as it > has the information it wants. > > All such problems come from stale ftp connections, there's someth

[5.0] pkg_add too many FTP connections

Hello, I'm trying to update packages with pkg_add via ftp : # pkg_add -ui Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' Error from ftp://ftp.irisa

Re: Multiple ISPs: send packets to the interface they came from

Le Tue, 08 Nov 2011 15:27:02 -0500, Guillaume Filion a icrit : > Hi all, Hello, > I also tried using pf route-to but that seems to only work with > NAT... No it does routing. I use it without nat. > So basically my question is how to tell OpenBSD to send packets to the > interface they came f

Re: PF.CONF - with DMZ and packet tagging example

Le Mon, 7 Nov 2011 16:58:29 -0500, "Bentley, Dain" a icrit : Hello, > block in on $ext from > #NAT INBOUND TO DMZ > pass in on $ext proto tcp from any to any port $web_services rdr-to > $webserver tag INET_TO_DMZ > pass in on $ext proto tcp from any to any port $mail_services rdr-to > $mailserv

Re: why "skip" is not shown in "pfctl -s rules" ?

Le Thu, 20 Oct 2011 15:41:51 +0600, PP;QQ P(P8P?P8QP8P= a C)crit : Hello, > but I do not find "skip" in "pfctl -s rules" output: Yes, you can check that the interface is skiped with # pfctl -vs Interfaces -i lo0 lo0 (skip) Regards.

[4.9] smtpd does not work anymore without resolver?

Hello, On 4.8 I was using smtpd to relay periodic mails. The box is a firewall and the resolver is not configured at all. smtp.conf # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. listen on lo0 map "aliases" { source db "/etc/mail/aliases.db"

Re: bgpctl shiw rib out displaying incorrect information

Le Wed, 31 Aug 2011 07:19:15 +0200, Tony Sarendal a C)crit : Hi, > current1# cat /etc/bgpd.conf > AS 65001 > network 10.0.1.0/24 > > current1# bgpctl show rib nei 172.29.1.52 out > flags: * = Valid, > = Selected, I = via IBGP, A = Announced > origin: i = IGP, e = EGP, ? = Incomplete > > flags

Re: Expected throughput in an OpenBSD virtual server

Le Tue, 23 Aug 2011 19:21:32 +0200, Per-Olov SjC6holm a C)crit : Hello, > > Here we reach 400 MBits/s with a CPU rate ~70% but we > > run OpenBSD 4.9. > How fast is your CPU ? cpu0: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz, 2261.30 MHz It's a Dell R610 with 4Go RAM.

Re: Expected throughput in an OpenBSD virtual server

Le Mon, 22 Aug 2011 20:04:50 + (UTC), Stuart Henderson a C)crit : Hello, > OpenBSD has another way to handle this, MCLGETI. Is there a documentation (for the human being, not the developer) about how MCLGETI works? (don't find a lot about it) Thanks, regards.

Re: Expected throughput in an OpenBSD virtual server

Le Mon, 22 Aug 2011 22:49:47 +0200, Per-Olov SjC6holm a C)crit : Hello, > Have not tried current, but will try current as soon as I can. > Also... I will try to do some laborations with CPU speed of the core > the OpenBSD virtual machine has. This to see how the interrupts and > throughput is rel

Re: carp issues

Le Tue, 09 Aug 2011 15:29:17 +0200, Michael Lechtermann a icrit : > Hi all, hello, > # ifconfig carp0 > carp0: flags=8843 mtu 1500 > lladdr 00:00:5e:00:01:0a > priority: 0 > carp: carpdev em0 advbase 1 balancing ip-stealth carppeer > 10.0.1.11 >

Re: fat32 interoperatibility issue

Le Mon, 01 Aug 2011 16:04:08 +0200, Daniel Gracia a icrit : > Yep! That's it, and I totally agree with the discusion there but, as > far as msdosfs is in OpenBSD for the very reason of portability -and > now I'm supposing-, I wonder if this would be an any welcomed patch. Well Windows itself all

Re: net-snmp in 4.9 : does it work for you ?

Le Wed, 22 Jun 2011 09:23:01 +0200, Patrick Lamaiziere a C)crit : > Hello, > > I've updated my two pf firewalls today from 4.8 to 4.9 (worked fine, > nice). But it looks there is a problem with net-snmp and the > traffic reported (IF-MIB). This is not correct anymore (like

net-snmp in 4.9 : does it work for you ?

Hello, I've updated my two pf firewalls today from 4.8 to 4.9 (worked fine, nice). But it looks there is a problem with net-snmp and the traffic reported (IF-MIB). This is not correct anymore (like 30 Mbits/s instead more than 150 Mbits/s). I've checked the interfaces indexes in the snmp tables an

Re: Need some input about: OpenBSD 4.9/amd64 and Dell PowerEdge Server R210,R410,R610,R710

Le Tue, 7 Jun 2011 20:49:50 -0700 (PDT), Stefan N a C)crit : > Hi All, Hello, > Have you ever tried to install OpenBSD 4.9/amd64 on the Dell > PowerEdge Server > R210,R410,R610,R710 (2.5" SAS Disk) with additional Intel. > Gigabit ET Quad Port > Server Adapter? If yes, are those servers fully

Re: serious security improvement in OpenBSD

Le Mon, 06 Jun 2011 15:06:54 +0300, Kapetanakis Giannis a icrit : > Who is this 'Charlie' guy anyway??? That is a good question. I've searched in the past looking old system passwd to find who decided this name for the root account but with no luck. Looks like "Charlie &" is a tribute to Charli

Re: Firewall sends wrong MAC address per ARP?

Le Tue, 22 Mar 2011 13:01:48 +0100, Marcus M|lb|sch a icrit : hello, > > carp3: flags=8843 mtu 1500 > > lladdr 00:00:5e:00:01:21 > > priority: 0 > > carp: carpdev bge0 advbase 1 balancing arp carppeer > > 192.168.3.3 state MASTER vhid 33 advskew 0 > > stat

(4.8) Missing pkg.conf in "see also" manual for pkg_add

Hello, Just noticed that pkg.conf(5) is missing in the "see also" section of pkg_add(1) and friends. Regards.

Re: network bandwith with em(4)

Le Sat, 26 Feb 2011 00:23:36 +0900, Ryan McBride a icrit : > > > > How about a _full_ dmesg, so someone can take a wild guess at > > > > what your machine is capable of? > > > > full dmesg : http://user.lamaiziere.net/patrick/dmesg-open48.txt > > > > The box is a Dell R610 server. > > This box

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere a icrit : > (4.8/amd64) > > Hello, > > I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a > firewall (one fiber and one copper). > > The problem is that we don't get more than ~320

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 13:51:32 +0100, Patrick Lamaiziere a icrit : > systat mbufs: > IFACELIVELOCKS SIZE ALIVE LWM HWM CWM What does these counters mean? Thanks.

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 13:51:32 +0100, Patrick Lamaiziere a icrit : (ooops, push the wrong button) > > How about a _full_ dmesg, so someone can take a wild guess at what > > your machine is capable of? full dmesg : http://user.lamaiziere.net/patrick/dmesg-open48.txt The box is a Dell

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 08:41:20 +0900, Ryan McBride a icrit : > On Wed, Feb 23, 2011 at 06:07:16PM +0100, Patrick Lamaiziere wrote: > > I log the congestion counter (each 10s) and there are at max 3 or 4 > > congestions per day. I don't think the bottleneck is pf. > &

Re: network bandwith with em(4)

Le Wed, 23 Feb 2011 22:09:18 +0100, Manuel Guesdon a icrit : > >| Did you try to increase the number of descriptor? > >| #define EM_MAX_TXD 256 > >| #define EM_MAX_RXD 256 > >| > >| I've tried up to 2048 (and with MAX_INTS_PER_SEC = 16000) but it > >looks | worth. > > Thank you ! I'll investig

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 10:22:16 -0800 (PST), "James A. Peltier" a icrit : > Those documents do not necessarily apply any more. Don't go tweaking > knobs until you know what they do. We have machines here that > transfer nearly a gigabit of traffic/s without tuning in bridge mode > non-the-less. >

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 19:13:48 +0100, Manuel Guesdon a icrit : Hello, > We've got same problems (on a routeur, not a firewall). Increasing > MAX_INTS_PER_SEC to 24000 increased bandwith and lowered packet loss. > Our cards are "Intel PRO/1000 (82576)" and "Intel PRO/1000 FP > (82576)". Did you t

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 11:19:26 -0600, Mark Nipper a icrit : > > The problem is that we don't get more than ~320 Mbits/s of bandwith > > beetween the internal networks and internet (gigabit). > > Have you already looked at: > --- > https://calomel.org/network_performance.html Yes thanks. I'v

network bandwith with em(4)

(4.8/amd64) Hello, I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). As far I can see, on load there is a number of

dump device

[4.8/amd64] Hello, Is there a way to change the dump device without rebuilding the kernel? That's not clear if "config(8) -e" is able to do this. Thanks, regards.

Re: PF: Route packets out specific interface with NAT

Le Mon, 31 Jan 2011 18:24:04 +0100, Joachim Tingvold a icrit : > Hi, Hello, > This does not work at all. If I change http://www.openbsd.org/faq/pf/carp.html#RulesetTips + Ruleset Tips Filter the physical interface. As far as PF is concerned, network traffic comes from the physical interface,

netflow and ipv6?

Hello, Are there some plans to implement netflow v9 in pflow(4) (to be able to trace ipv6 flows)? Without, which collector can I use in userland? And is the load introduced by such userland tool a concern with a network traffic passing the firewall around ~500Mb/s? Thanks, regards.

Re: Another carp problem.

Le Fri, 31 Dec 2010 18:09:40 +0100, Alessandro Baggi a icrit : > To exclude also pf rules problem, I've tried a rule set as: > > match...nat-to... > > pass all > > but the problem persists. > > Other Issue? Hmmm Ok, I don't know where is the problem. I've made recently a lot of tests with c

Re: Another carp problem.

Le Thu, 30 Dec 2010 19:58:21 +0100, Alessandro Baggi a icrit : > these are my pf rules for carp and pfsync: > > pass in quick proto pfsync > pass in quick proto carp > > .. > block in all > ... And in output?

Re: soekris + openbsd server buy question

Le Fri, 3 Dec 2010 08:44:43 -0500, "Adam M. Dutko" a icrit : > The specifications for the Soekris system you mentioned don't lead me > to be believe they'd be great for file server duty. When I think of > file servers I think of fast disk (5501 can use SATA so that's a > plus) On the net5501 th

Re: soekris + openbsd server buy question

Le Fri, 3 Dec 2010 19:28:19 +0800 (CST), shweg...@gmail.com a icrit : > Hello, I'm considering buying a Soekris net5501-70 and install > OpenBSD on it to make myself a small server and use it as a proxy > (ssh tunnel), it might serve as backup file sever as well. I guess at > the most there will b

ifconfig and carp demote count

(4.8/amd4) Hello, Looks like the carp "demote count" is limited to 255 but the max value in ifconfig is less or equal to 128. # ifconfig -g carp carp: carp demote count 0 # ifconfig -g carp carpdemote 100 # ifconfig -g carp carpdemote 100 # ifconfig -g carp carp: ca

Re: (4.8) OpenBGPd sometimes does not send the routes to the peer.

Le Mon, 8 Nov 2010 20:03:11 +0100, Claudio Jeker a icrit : > > Can you run a "bgpctl show rib detail 129.20.0.0/16" and a "bgpctl > > show table". For some reason none of the above routes got selected > > and so nothing is redistributed. It looks like the decision process > > is turned off. So i

Re: (4.8) OpenBGPd sometimes does not send the routes to the peer.

Le Mon, 8 Nov 2010 16:07:06 +0100, Claudio Jeker a icrit : > Have you checked if the networks were actaully added to the RIB? Do you mean bgpctl show rib ? No. Well, it takes some time but I'm able to reproduce this: # bgpctl show rib flags: * = Valid, > = Selected, I = via IBGP, A = Announced

Re: (4.8) quagga and tcp-md5 signature

Le Mon, 8 Nov 2010 15:14:49 +0100, David Coppa a icrit : > > Do you know if Quagga in OpenBSD 4.8 implements the tcp-md5 > > signature (for BGP) ? Looks like it does not work. > > Why using quagga when you have bgpd (which is in the tree and supports > md5 signatures as well)? Because: http://w

(4.8) quagga and tcp-md5 signature

Hello, Do you know if Quagga in OpenBSD 4.8 implements the tcp-md5 signature (for BGP) ? Looks like it does not work. Thanks, regards.

(4.8) OpenBGPd sometimes does not send the routes to the peer.

(4.8/amd64) Hello, I'm doing some tests with OpenBGPd and sometimes (but often), when I restart bgpd it does not send anymore the routes to the peer. The routes are static and configured into bgpd.conf How to repeat: # bgpd -d -v wait until the routes are sent to the peer. ^D shoot again After

PF set skip on interface group

Hello, (snaphot 4.8/amd64) I'm trying to use a "pf.conf" hardware independent using some interface groups. PacketFilter "Set skip" does not look to work fine with interface group. # ifconfig IFPFSYNC bnx0: flags=8843 mtu 1500 lladdr 00:22:19:5b:ad:da description: PFSYNC

(snapshot 4.8) acpi button (on/off) not found on Dell Poweredge R610.

Hello, I'm using a snapshot of 4.8/amd64 (october, 6) and I'm not able to shutdown properly the box using the power on/off button. The machine is a Dell PowerEdge R610: bios bios0: vendor Dell Inc. version "2.1.9" date 05/21/2010 bios0: Dell Inc. PowerEdge R610 full dmesg : http://user.lamaizie

Re: Carp Master / Backup

Le Fri, 15 Oct 2010 15:29:30 +0100, "Harrower Gary (NHS National Services Scotland)" a icrit : > Hi, > Any ideas why they were both trying to be master? did you set carp preemption on both machines?

carp and IPv6 "duplicate IP6 address"

Hello, (snapshot 4.8/amd64) I'm playing with carp in master/backup mode. When a server becomes inactive (from master to backup or from backup to master) there is a "dupplicate IP6 address". Is it bad doctor? By example on the master: Oct 15 15:34:27 ucop1 /bsd: carp1: state transition: MASTER ->