Re: TCP intercept?
In cisco terminology, 'tcp intercept' is what the 'ip and tcp reassembly' part of ipnat does (without port/address rewriting). For example, a router in the middle which is doing the intercept will have to buffer/reassemble tcp stream and only forward packets after they are confirmed good. Example: packets with a wrong sequence number will be bounced at the router. On ciscos, tcp-intercept can also rate-limit syn packets... I'm not sure if it can be enabled in ipnat separately, but hell, if someone wants to do it... On Sun, 22 Apr 2001, Andrew R. Reiter wrote: > > What's TCP intercept? > > On Mon, 23 Apr 2001, E.B. Dreger wrote: > > > Greetings all, > > > > I'm no kernel hacker, and trying to think of useful little projects to > > change that. ;-) > > > > AFAIK, FreeBSD lacks support for TCP intercept. Is anyone already working > > on this? Would it be of interest to anyone? My initial thoughts are that > > it should be implemented in the same neighborhood as stateful firewall > > code, as the two are rather closely related. > > > > > > Eddy > > > > --- > > > > Brotsman & Dreger, Inc. > > EverQuick Internet / EternalCommerce Division > > > > Phone: (316) 794-8922 > > > > --- > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-hackers" in the body of the message > > > > *-. > | Andrew R. Reiter > | [EMAIL PROTECTED] > | "It requires a very unusual mind > | to undertake the analysis of the obvious" -- A.N. Whitehead > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: TCP intercept?
What's TCP intercept? On Mon, 23 Apr 2001, E.B. Dreger wrote: > Greetings all, > > I'm no kernel hacker, and trying to think of useful little projects to > change that. ;-) > > AFAIK, FreeBSD lacks support for TCP intercept. Is anyone already working > on this? Would it be of interest to anyone? My initial thoughts are that > it should be implemented in the same neighborhood as stateful firewall > code, as the two are rather closely related. > > > Eddy > > --- > > Brotsman & Dreger, Inc. > EverQuick Internet / EternalCommerce Division > > Phone: (316) 794-8922 > > --- > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > *-. | Andrew R. Reiter | [EMAIL PROTECTED] | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: adduser bikeshed
>From: Alfred Perlstein <[EMAIL PROTECTED]> >To: Adrian Chadd <[EMAIL PROTECTED]> >CC: [EMAIL PROTECTED] >Subject: Re: adduser bikeshed >Date: Fri, 20 Apr 2001 05:29:31 -0700 > >* Adrian Chadd <[EMAIL PROTECTED]> [010420 05:22] wrote: > > > > http://www.freebsd.org/~adrian/adduser.patch > > > > It adds an option which enables the password that is created. > > "enabling" means "don't put a * in front". Its aimed for accounts > > which will use non-password authentication (eg RSA/DSA). > > Its also aimed at sysadmins who want to create accounts but have > > them automatically disabled (think university admins who create > > shell accounts for users but want them to do training BEFORE > > enabling said account..) > > > > Now, the bikeshed: what should the option be? > > "Enable account at creation" isn't very descriptive and can be > > confusing. > >I requested this feature and I'm thinking that the > "Use passwords (y/n) [y]: " > >should be changed to: > "Use password based authentication and enable account? (y/n)" > if "n" > "Do you wish to disallow password passed authentication? (y/n)" This sounds like just knowing the account ID is enough to get you into the computer. Why not ask (more positively) "Do you wish to use a query/response system?" or some such thing? > if "n" > "Use an empty password? (y/n)" > if "y" > "Are you damn sure you want to do that? (n/n)" > >heh, thanks for doing this btw. > > >-- >-Alfred Perlstein - [[EMAIL PROTECTED]] >http://www.egr.unlv.edu/~slumos/on-netbsd.html > >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe freebsd-hackers" in the body of the message _ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
TCP intercept?
Greetings all, I'm no kernel hacker, and trying to think of useful little projects to change that. ;-) AFAIK, FreeBSD lacks support for TCP intercept. Is anyone already working on this? Would it be of interest to anyone? My initial thoughts are that it should be implemented in the same neighborhood as stateful firewall code, as the two are rather closely related. Eddy --- Brotsman & Dreger, Inc. EverQuick Internet / EternalCommerce Division Phone: (316) 794-8922 --- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
timmer for SYN
I just need to make sure that I understand the code correctly in the TCP stack. (We are trying to see how long the system waits before a SYN gets retransmitted.) When a SYN is sent, a keepalive timer is set with using the TCPTV_KEEPALIVEINTVL = 75hz (??ms - escapes me at the moment). So an ack must be received in this time frame??? This isnot the usual dynamic tretransmission timmer which might make sense for SYN packts. It seems like a retransmission timer should be set?? That's why I'm posing the question. Alwyn Goodloe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Click on to meet someone you Click with
Title: Click on to meet someone you Click with Click on to meet someone you Click with Introsearch does not condone unsolicited Bulk Emailing - Our source email lists comprise only of email addresses which have been obtained through correct legal channels from users who have at some stage authorised third party organisations to contact them via email regarding products or services which the customer may find interesting. To be removed from our mailing list, please send an email to [EMAIL PROTECTED] with the word 'remove' in the subject line Introsearch.com is one of the fastest growing introduction systems on the Internet and you can join online now at a fraction of the cost. Are you looking for a change in your life, or just to busy to find the right person, Introsearch.com has all the answers. Take a look at some of the benefits below that are on offer to all our members. Twelve months membership Powerful matching system For all age groups Picture upload facility Voice upload facility Video upload facility Members chat rooms Members forums Private emailing system Local party nights Members have complete control Confidentiality assured Join today for an annual membership of only £14:50 (21:00 us dollars) and receive all the benefits above and much much more with introsearch.com. Yes that's an amazing 28p per week. This is a special promotional offer and valid from 2nd April 2001 to finish on or before the last day of June 2001. Click on the link below and start meeting new friends today. http://www.introsearch.com Click on to meet someone you Click with Introsearch.com is a member of the Data Protection Act 1974 License Number Z4788975 (c) 2001 Introsearch. All Rights Reserved If you have any further issues with our advertising policy, contact Introsearch at Tel: +44 (0)1772 798071 or by Post to: INTROSEARCH, ENGLAND (Use Correct Postage - No letters or correspondence without postage affixed will be opened) PLEASE NOTE: This address is a licensed Royal Mail Postage Address and WILL be received. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Click on to meet someone you Click with
Title: Click on to meet someone you Click with Click on to meet someone you Click with Introsearch does not condone unsolicited Bulk Emailing - Our source email lists comprise only of email addresses which have been obtained through correct legal channels from users who have at some stage authorised third party organisations to contact them via email regarding products or services which the customer may find interesting. To be removed from our mailing list, please send an email to [EMAIL PROTECTED] with the word 'remove' in the subject line Introsearch.com is one of the fastest growing introduction systems on the Internet and you can join online now at a fraction of the cost. Are you looking for a change in your life, or just to busy to find the right person, Introsearch.com has all the answers. Take a look at some of the benefits below that are on offer to all our members. Twelve months membership Powerful matching system For all age groups Picture upload facility Voice upload facility Video upload facility Members chat rooms Members forums Private emailing system Local party nights Members have complete control Confidentiality assured Join today for an annual membership of only £14:50 (21:00 us dollars) and receive all the benefits above and much much more with introsearch.com. Yes that's an amazing 28p per week. This is a special promotional offer and valid from 2nd April 2001 to finish on or before the last day of June 2001. Click on the link below and start meeting new friends today. http://www.introsearch.com Click on to meet someone you Click with Introsearch.com is a member of the Data Protection Act 1974 License Number Z4788975 (c) 2001 Introsearch. All Rights Reserved If you have any further issues with our advertising policy, contact Introsearch at Tel: +44 (0)1772 798071 or by Post to: INTROSEARCH, ENGLAND (Use Correct Postage - No letters or correspondence without postage affixed will be opened) PLEASE NOTE: This address is a licensed Royal Mail Postage Address and WILL be received. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: mozilla package dumps core
> On Sat, 21 Apr 2001 18:25:04 -0700 (PDT) > Ian Kallen <[EMAIL PROTECTED]> said: spidaman> Anyone noticed the mozilla-0.8.1 package core dumping on 4.2-RELEASE and spidaman> have a fix for it? You should upgrade your box to 4.3-RELEASE. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: thttpd hack for sendfile and accept filters.
On Sat, Apr 21, 2001 at 03:19:02PM -0700, Kris Kennaway wrote: > http://people.freebsd.org/~kris/thttpd-2.19+kq.patch Commit them to the port! :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: thttpd hack for sendfile and accept filters.
On Sat, Apr 21, 2001 at 07:42:26PM -0700, David O'Brien wrote: > On Sat, Apr 21, 2001 at 03:19:02PM -0700, Kris Kennaway wrote: > > http://people.freebsd.org/~kris/thttpd-2.19+kq.patch > > Commit them to the port! :-) Yeah, I should. I should also submit them back to the author :-) Kris PGP signature
Upgrading OpenSSL/OpenSSH
Somebody can help me, how to upgrade OpenSSL/OpenSSH to latest version at FreeBSD 4.2 / 4.3 ? Thank's. Q -- Email ini dikirim oleh PlasaCom : http://www.plasa.com Cepat di-download via TelkomNet Instan http://www.plasa.com/instan Rindukah Anda bertemu dengan ex teman-teman satu sekolah dulu ? Kunjungilah mereka (47.033 anggota) di KSI : http://ksi.plasa.com -- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
mozilla package dumps core
Anyone noticed the mozilla-0.8.1 package core dumping on 4.2-RELEASE and have a fix for it? Here's the gdb output: Program received signal SIGSEGV, Segmentation fault. 0x48158f9a in nsThreadPoolRunnable::Run () from /usr/X11R6/lib/mozilla/./libxpcom.so cheers, -Ian -- Ian Kallen <[EMAIL PROTECTED]> | AIM: iankallen | efax: (415) 354-3326 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: thttpd hack for sendfile and accept filters.
On Sat, 21 Apr 2001, Kris Kennaway wrote: > On Sat, Apr 21, 2001 at 07:42:26PM -0700, David O'Brien wrote: > > On Sat, Apr 21, 2001 at 03:19:02PM -0700, Kris Kennaway wrote: > > > http://people.freebsd.org/~kris/thttpd-2.19+kq.patch > > > > Commit them to the port! :-) > > Yeah, I should. I should also submit them back to the author :-) > > Kris Might not be necessary now. An excerpt from the 2.21 changelog: - kqueue support, from Niels Provos. - Use accept filtering if available. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message