Re: poll(2) vs kqueue(2) performance

[Edwin Eyan Moragas]

On Sat, Apr 19, 2008 at 5:43 PM, Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
> "Edwin Eyan Moragas" <[EMAIL PROTECTED]> wrote:
>
>
> > the question is, which one is more useful when writing new servers?
>  > kqueue or poll?
>
>  poll is more portable, while kqueue should be more performant (at
>  least, that's why it was invented). If your app only needs to run on
>  OpenBSD, NetBSD and FreeBSD, you're just fine with kqueue, otherwise
>  use poll. Generally, I think it's better to use poll and sacrifice that
>  unnoticable performance gain.

thank you Jonathan. it seems poll's the way to go.
>
>  --
>  Jonathan
>



-- 
garnet:jasmin:beryllium:gluon
90-12264
90-B

Installation problem

[hogo hogo]

Hello, I experience troubles during instalation onto a new pc.
At the beginning of the installation on the stage of hardware initialization
the core prints
few strings "Unknown Device", then 2 "Unconfigured Device" and then once again
"Unknown Device".
These strings appear during USB devices initialization.
After that, hardware initialization process halts completely, no more strings
appear on the screen,
I waited for an hour, but the install programm didn't run. It halts for some
reason during hardware initialization.
Can you suggest anything useful how to solve that problem?
I enclose an EVEREST report of my hardware, and in detail concerning USB
devices.

And the second question for today, dows openbsd 4.2 support 42-bit LBA?
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[ Summary 
]-



Computer:

  Computer Type ACPI Multiprocessor PC



Motherboard:

  CPU Type  QuadCore Intel Core 2 
Quad Q6600, 2400 MHz (9 x 267)

  Motherboard Name  Asus P5K SE  (2 PCI, 3 
PCI-E x1, 1 PCI-E x16, 4 DDR2 DIMM, Audio, Gigabit LAN)

  Motherboard Chipset   Intel Bearlake P35

  BIOS Type AMI (10/31/07)

  Communication PortCommunications Port 
(COM1)



Storage:

  IDE ControllerIntel(R) ICH9 2 port 
Serial ATA Storage Controller 1 - 2921

  IDE ControllerIntel(R) ICH9 2 port 
Serial ATA Storage Controller 2 - 2926

  Storage ControllerMarvell 61xx Marvell 
RAID Controller

  Disk DriveSAMSUNG HD403LJ  (400 
GB, 7200 RPM, SATA-II)

  SMART Hard Disks Status   OK



Peripherals:

  Printer   Microsoft XPS Document 
Writer

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB1 Controller   Intel 82801IB ICH9 - 
USB Universal Host Controller

  USB2 Controller   Intel 82801IB ICH9 - 
USB2 Enhanced Host Controller

  USB2 Controller   Intel 82801IB ICH9 - 
USB2 Enhanced Host Controller

  USB DeviceUSB Human Interface 
Device



DMI:

  DMI BIOS Vendor   American Megatrends Inc.

  DMI BIOS Version  0604

  DMI System Manufacturer   System manufacturer

  DMI System ProductP5K SE

  DMI System VersionSystem Version

  DMI Motherboard Manufacturer  ASUSTeK Computer INC.

  DMI Motherboard Product   P5K SE

  DMI Motherboard Version   Rev 1.xx

  DMI Chassis Manufacturer  Chassis Manufacture

  DMI Chassis Version   Chassis Version

  DMI Chassis Type  Desktop Case

  DMI Total / Free Memory Sockets   4 / 2





[ Windows Devices 
]-



  [ Devices ]



Computer:

  ACPI Multiprocessor PC5.1.2600.0



Disk drives:

  SAMSUNG HD403LJ   5.1.2535.0



Display adapters:

  NVIDIA GeForce 8800 GT6.14.11.6921



DVD/CD-ROM drives:

  ATAPI DVD A  DH20A3H SCSI CdRom Device5.1.2535.0



Human Interface Devices:

  HID Non-User Input Data Filter1.0.0.0

  USB Human Interface Device5.1.2600.0



IDE ATA/ATAPI controllers:

  Intel(R) ICH9 2 port Serial ATA Storage Controller 1 - 29218.3.0.1011

  Intel(R) ICH9 2 port Serial ATA Storage Controller 2 - 29268.3.0.1011

  Primary IDE Channel   5.1.2600.0

  Primary IDE Channel   5.1.2600.0

  Secondary IDE Channel 

Re: Crash with acpi enabled

[Unix Fan]

Steve Shockley wrote:

> No problem.  Presumably acpidump will work on a kernel with acpi disabled?



Yes, The command opens /dev/mem and dump the raw ACPI tables...







-Nix Fan.

Re: timeouts on http connects outbound

[Moe Sizlak]

To followup on this question I have updated my sysctl settings, changed
pf.conf and added the scrub out line recommended.

Also my dist is 4.3 openbsd flashdist. (not 4.2)


Result of all changes proposed:  No change.

Pages like http://marc.info etc still time out.


updated settings are:

#   $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="pppoe0"
int_if1="vr1"
int_if2="vr2"
int_if3="vr3"
out_net="192.168.11.0/16"

# Private networks, we are going to block incoming traffic from them
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

netbios_ports = "{ 135, 137, 138, 139, 445, 1433 }"
#table  persist
#table  persist

set block-policy return

scrub in all
scrub out on pppoe0 max-mss 1440

nat on $ext_if from $int_if1:network to any -> ($ext_if)
nat on $ext_if from $int_if2:network to any -> ($ext_if)
nat on $ext_if from $int_if3:network to any -> ($ext_if)


#
block all

# block incoming traffic from private networks on external interface
block drop in quick on $ext_if from $priv_nets to any

# block outgoing traffic to private networks on external interface
block drop out quick on $ext_if from any to $priv_nets

pass quick on lo0 all

pass out on $ext_if proto tcp all keep state
pass out on $ext_if proto { udp, icmp } all keep state

pass in inet proto icmp all icmp-type echoreq  keep state
pass out inet proto icmp all icmp-type echoreq  keep state

pass in on $int_if1 from $int_if1:network to any keep state
pass in on $int_if2 from $int_if2:network to any keep state
pass in on $int_if3 from $int_if3:network to any keep state
pass out on $int_if1 from any to $int_if1:network keep state
pass out on $int_if2 from any to $int_if2:network keep state
pass out on $int_if3 from any to $int_if3:network keep state

#
#DEFAULT openbsd flashdist sysctl values
#
sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet.tcp.mssdflt=512
sysctl -w net.inet.tcp.recvspace=16384
sysctl -w net.inet.tcp.sendspace=16384
sysctl -w net.inet.udp.recvspace=41600
sysctl -w net.inet.udp.sendspace=9216
---
MISC STARTUP SCRIPT
---

pfctl -d
ifconfig pppoe0 inet 0.0.0.0 netmask 255.255.255.255 broadcast 0.0.0.1pppoedev
vr0 \
 authproto pap authname USERNAME authkey PASSWORD up
route add default 0.0.0.1
echo pppoe setup done
#
#nics
#
ifconfig vr0 up
ifconfig vr1 inet 10.0.0.1 netmask 255.255.255.0
ifconfig vr2 inet 172.16.0.1 netmask 255.255.255.0
ifconfig vr3 inet 1.2.3.1 netmask 255.255.255.0

Re: Is there a "badblocks"-equivalent for OpenBSD?

[ropers]

On 19/04/2008, ropers <[EMAIL PROTECTED]> wrote:
> On 18/04/2008, Calomel <[EMAIL PROTECTED]> wrote:
>  > Ropers,
>  >
>  >  You can find the badblocks utility prepackaged in "e2fsprogs".
>
>
> THANK YOU! :) I had wondered why I couldn't find badblocks among
>  OpenBSD's packages. This explains it. I will say in my defense ;-)
>  that badblocks is not ext2-specific, so while I have now seen that
>  it's part of these tools, possibly for historic reasons, that's not
>  necessarily a logical place for it to be.

Shame on me. I must be blind. Turns out it says right on the badblocks man page:

> AVAILABILITY
> badblocks is part of the e2fsprogs package and is available from
> http://e2fsprogs.sourceforge.net.

Geez, I'm an eejit.

Travers Buda wrote:
> I don't know if anyone brought this up, and I hate to state the
>  obvious, but if you're getting bad blocks then the hard drive has
>  exhausted its ability to deal with them on its own and should be
>  replaced.  Otherwise you'll see data loss/corruption and a higher
>  probability of a total drive failure.

Agreed. I see 3 usage areas for badblocks -svn:
- To intermittently proactively check whether my existing HDDs are dying.
- To intermittently check if my remaining floppies have still
survived. (I keep 2 copies of each floppy and chuck out the ones that
have gone bad, and make a new copy, so unless both copies go bad in
the same interval, I'm good.)
- To check whether any old HDDs that I'm given for free / that I pick
up off the kerb / that I pull out of a skip are still usable.
And yes, once badblocks complains, it's time to toss the disk.

On 19/04/2008, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008-04-19, ropers <[EMAIL PROTECTED]> wrote:
>  > Looking at the package contents (
>  > http://www.openbsd.org/4.2_packages/i386/e2fsprogs-1.27p5.tgz-contents.html
>  > ), I've also figured out how to search for stuff like this in the
>  > future:
>  >
>  > 
> http://www.google.ie/search?q=badblocks+inurl%3Aopenbsd.org+inurl%3Acontents.html&btnG=Search
>
>
> Alternatively, you can use pkg_mklocatedb(1).

Ah! Thanks for that! :)

Thanks and regards,
--ropers

Re: pf and hosts.deny

[Lars Noodén]

Ok. I'm slow enough writing that others have started to answer also...

Vikas N Kumar wrote:
> ... I have set maximum number
> of tries to just 2, I would like to be able to note down the IP address
> (after say 10 unsuccessful login attempts) from where the attacks are coming
> in and then dynamically add them to hosts.deny for the next few days or
> permanently...

Working with hosts.deny is not a pf feature, but it might be glued
together.

Curt Micol wrote:
> I think this is what you want:
> http://home.nuug.no/~peter/pf/en/bruteforce.html

As Curt just answered, PF tables are an option.  See also
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf

I am getting good mileage out of "The Book of PF", and tables are
covered there pp 67-71 and pp 31-32.  Maybe using PF's tables is enough
for you.

There are at least four pieces that might be useful if you really want a
script to add to hosts.deny.
1) pf.conf
2) pfctl
3) sshd_config
4) /var/log/authlog

Henri Salo wrote:
> There was a topic in a misc 2008-04-16 with subject "PF ssh bruteforce
> logging and blocking". You should read it.

Basically, you can have the blocked addresses exported from the PF
table.  From there they can be imported via a script into hosts.deny or
anywhere else you might want.  The tool for that is pfctl with the "-t"
and "-T show" options:
http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl

However, PF only logs the connections attempts.  The sshd_config keyword
"MaxAuthTries" will specifically log failed attempts to log in, per
connection, if they exceed 1/2 the maximum number of tries for that
connection.
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
However, if each attempt is on a new connection, then that's not
necessarily a help for you.

The failed attempts will also show up in /var/log/authlog, regardless.

e.g.Apr 16 17:13:27 +gateway sshd[12708]: Failed password
for root from 218.106.52.91 port 58224 ssh2

And that can be parsed for addresses.

Regards,
-Lars

Looking for someone with a Sierra Wireless 3G USM modem 875U

[Felix Kronlage]

hi,

I am looking for someone who has a 875U modem from Sierra Wireless. 
This is a external usb-attached HSDPA / UMTS modem[1].
If anyone has this, please contact me off list.

thanks,
felix

[1] http://www.sierrawireless.com/product/ac875U.aspx>
-- 
GPG/PGP:   D9AC74D0 / 076E 1E87 3E05 1C7F B1A0  8A48 0D31 9BD3 D9AC 74D0
http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc  - 
FKR-RIPE
https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas

Re: pf and hosts.deny

[Henri Salo]

On Sat, 19 Apr 2008 10:02:50 -0400
"Vikas N Kumar" <[EMAIL PROTECTED]> wrote:

> Hi
> 
> I have OpenBSD 4.2 on a Pentium II laptop running fine, with its ssh
> port 22 open to the web. However, there are a lot of attacks on that
> port from various IP addresses across the globe. Even though I have
> set maximum number of tries to just 2, I would like to be able to
> note down the IP address (after say 10 unsuccessful login attempts)
> from where the attacks are coming in and then dynamically add them to
> hosts.deny for the next few days or permanently.
> 
> Can pf do this ? I read the manual but could not find such a feature.
> 
> I can always write a cron script that reads the messages log file and
> does this sort of thing, but I was hoping that if such a feature
> pre-exists I wouldn't have to do it.
> 
> Any help will be appreciated.
> 
> Thanks & Regards
> Vikas

There was a topic in a misc 2008-04-16 with subject "PF ssh bruteforce
logging and blocking". You should read it.

-- 
Henri Salo  +358407705733
GPG ID: 2EA46E4F  fp: 14D0 7803 BFF6 EFA0 9998  8C4B 5DFE A106 2EA4 6E4F

Re: Crash with acpi enabled

[Steve Shockley]

Stuart Henderson wrote:

If you (and anyone else) want to follow http://spacehopper.org/acpi.txt
I'll collect acpidump from broken systems and put them in one place for
any developers who want to look (cvs:~sthen/acpi).


No problem.  Presumably acpidump will work on a kernel with acpi disabled?

Re: pf and hosts.deny

[Curt Micol]

On Sat, Apr 19, 2008 at 10:02 AM, Vikas N Kumar
<[EMAIL PROTECTED]> wrote:
>  Can pf do this ? I read the manual but could not find such a feature.

I think this is what you want:
http://home.nuug.no/~peter/pf/en/bruteforce.html

-- 
# Curt Micol

pf and hosts.deny

[Vikas N Kumar]

Hi

I have OpenBSD 4.2 on a Pentium II laptop running fine, with its ssh port 22
open to the web. However, there are a lot of attacks on that port from
various IP addresses across the globe. Even though I have set maximum number
of tries to just 2, I would like to be able to note down the IP address
(after say 10 unsuccessful login attempts) from where the attacks are coming
in and then dynamically add them to hosts.deny for the next few days or
permanently.

Can pf do this ? I read the manual but could not find such a feature.

I can always write a cron script that reads the messages log file and does
this sort of thing, but I was hoping that if such a feature pre-exists I
wouldn't have to do it.

Any help will be appreciated.

Thanks & Regards
Vikas

Re: CARP LAN outgoing IP address

[Gábri Máté]

Ezzel a datummal: Saturday 19 April 2008 10.39.29 Claer ezt mrta:
> On Fri, Apr 18 2008 at 32:21, G?bri M?t? wrote:
> > Ezzel a datummal: Friday 18 April 2008 21.29.18 ezt mrta:
> > > On Fri, Apr 18, 2008 at 11:48 AM, Gabri Mati <[EMAIL PROTECTED]>
wrote:
> > > >  This is normal, but is there a way to make the outgoing package to
> > > > have the internal CARP device's address as source IP?
> > >
> > > What would this accomplish?  If one of the nginx machines goes down,
> > > the TCP sessions won't be able to failover to the other carp peer.
> > > I'd prefer to see in my logs which proxy a request came from so I can
> > > better diagnose if a particular machine is misbehaving.
> >
> > You're right, but we need the carp'd IP for statistics on the web
> > servers. If one of the machines goes down then the user just have to hit
> > the refresh button and she has access to the content again.
>
> Did you try to NAT the LAN interface with the carp address ? It should
> work for self outgoing traffic too. The problem is, if the connection is
> issued from the backup firewall you will lost the connection. To bypass
> this limitation, you can use ifstated and pf tables.
>
> - If the LAN interface is in master mode : add the carp address to
>   the NAT table
>
> - If the LAN interface is in backup mode : remove the carp address from
>   the nat table
>
> Claer

Thank You for all your help!

It seems that we found a workaround for this problem and we don't have to
temper with the firewall.
Mod_rpaf on the webservers will rewrite the incoming IP address.

--
Gabri Mate
[EMAIL PROTECTED]
http://www.duosol.hu
Tel: 20/589-5456

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc ]

Re: Beep-media-player and esd

[Nicolas Letellier]

Landry Breuil a icrit :
> On Sat, Apr 19, 2008 at 01:19:50PM +0200, Nicolas Letellier wrote:
>> Hello ports@
>>
>> I upgraded to 4.3-current (from 4.3-stable) and I installed 
audio/beep-media-player and I see it requires esound be launched. Why?
>> So, I must launch esd before (and esd play a sound at the 
beginning). I don't remember I had to do this before... 
Beep-media-player worked perfectly without I had to launch esound.

>
> 4.3-stable doesn't really exist at the moment.. and audio/bmp hasn't
> changed since months, so i suppose it's a local problem.
>
Yes, 4.3-stable does not really exists... I use a system built from 
OPENBSD_4_3 if you prefer...
I saw that audio/bmp has not changed, but audio/esound yes. But I don't 
think it is the problem... I don't understand why now I must launch esd.


>> Is there a possibility to launch esound automatically (with Xfce for 
example).

>
> Settings -> autostarted applications
>
Ok, I will try.
I would like to know if users who use bmp have to launch esd to play music?

Thanks.

 - Nicolas.

Re: wpa now in current?!

[bofh]

oops, meant to send to misc

On Sat, Apr 19, 2008 at 8:50 AM, bofh <[EMAIL PROTECTED]> wrote:

> OK, I need some help please.  I've already bought 2 pci wireless cards
> that had their chipsets changed between my checking the i386 page and having
> the darn things in my hand.
>
> Can anyone point me to a pci wireless card that they bought within the
> past 2 months, from a US retailer/mail order place, that works, and is one
> of "bwi(4) ,
> malo(4) ,
> ral(4) ,
> iwn(4) ,
> wpi(4) ,
> ural(4) ,
> rum(4) ,
> upgt(4) , and
> zyd(4) " ??  I
> really appreciate it.  Thank you very much in advance.
>


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity." --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted." -- Gene Spafford
learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

Re: Crash with acpi enabled

[Stuart Henderson]

On 2008-04-18, Steve Shockley <[EMAIL PROTECTED]> wrote:
> I'm setting up an HP d530 desktop with 4.3-release.  With acpi enabled,
> it crashes during boot (after install), with it disabled it seems to
> work okay.  Below is the dmesg/trace/ps when it crashes, below that is a 
> successful boot with acpi disabled.

If you (and anyone else) want to follow http://spacehopper.org/acpi.txt
I'll collect acpidump from broken systems and put them in one place for
any developers who want to look (cvs:~sthen/acpi).

Re: hoststated/relayd and Linux's tcp_tw_recycle option

[Stuart Henderson]

On 2008-04-18, Denis Doroshenko <[EMAIL PROTECTED]> wrote:
> google quickly gives a url
>
> http://kbase.redhat.com/faq/FAQ_80_6180.shtm
>
> where it is said "It is likely an artifact of having
> tcp_tw_recycle and tcp_tw_reuse enabled in the
> sysctl settings."

"Work is underway at the moment to suppress these messages in further
releases of Red Hat Enterprise Linux but is not a high priority
because of the messages' benign nature."

Oh so clever.

Re: poll(2) vs kqueue(2) performance

[Jonathan Schleifer]

"Edwin Eyan Moragas" <[EMAIL PROTECTED]> wrote:

> the question is, which one is more useful when writing new servers?
> kqueue or poll?

poll is more portable, while kqueue should be more performant (at
least, that's why it was invented). If your app only needs to run on
OpenBSD, NetBSD and FreeBSD, you're just fine with kqueue, otherwise
use poll. Generally, I think it's better to use poll and sacrifice that
unnoticable performance gain.

-- 
Jonathan

Re: timeouts on http connects outbound

[Stuart Henderson]

On 2008-04-19, Moe Sizlak <[EMAIL PROTECTED]> wrote:
>  Recently I moved from freebsd 6 to openbsd 4.2 but have had some problems.
>
> I get a lot of timeouts on web pages with a high number of hops and I think
> it may be something to do with either pf and/or sysctl.
>
> Any help in diagnosing these timeouts much appreciated.

> ext_if="pppoe0"
> scrub in all

Read "MTU/MSS ISSUES" in pppoe(4). This is most likely your problem,
but I'll continue with some other things in case it doesn't:

> sysctl -w net.inet.tcp.mssdflt=1452
> sysctl -w net.inet.tcp.recvspace=131072
> sysctl -w net.inet.tcp.sendspace=131072
> sysctl -w net.inet.udp.recvspace=139264
> sysctl -w net.inet.udp.sendspace=32768

Does it work any better if you don't touch the knobs?

> block in quick on $ext_if inet proto tcp from any to any flags FUP/FUP
> block in quick on $ext_if inet proto tcp from any to any flags SF/SFRA
> block in quick on $ext_if inet proto tcp from any to any flags /SFRA
> block in quick on $ext_if inet proto tcp from any to any flags F/SFRA
> block in quick on $ext_if inet proto tcp from any to any flags U/SFRAU
> block in quick on $ext_if inet proto tcp from any to any flags P/P

These are already covered by "block all", not your problem but
they're redundant.

> pass out on $ext_if proto tcp all modulate state flags S/SA
> pass in inet proto icmp all icmp-type echoreq  keep state
etc.

"keep state" and "flags S/SA" are set by default now, not your problem
but leaving them out makes for an easier-to-read ruleset. 

If you still have problems after fixing MTU then try "keep state"
rather than "modulate state". if you still have problems after that,
pfctl -x misc, and look at the logs.

Re: Is there a "badblocks"-equivalent for OpenBSD?

[Stuart Henderson]

On 2008-04-19, ropers <[EMAIL PROTECTED]> wrote:
> Looking at the package contents (
> http://www.openbsd.org/4.2_packages/i386/e2fsprogs-1.27p5.tgz-contents.html
> ), I've also figured out how to search for stuff like this in the
> future:
>
> http://www.google.ie/search?q=badblocks+inurl%3Aopenbsd.org+inurl%3Acontents.html&btnG=Search

Alternatively, you can use pkg_mklocatedb(1).

Re: CARP LAN outgoing IP address

[Claer]

On Fri, Apr 18 2008 at 32:21, G?bri M?t? wrote:
> Ezzel a datummal: Friday 18 April 2008 21.29.18 ezt mrta:
> > On Fri, Apr 18, 2008 at 11:48 AM, Gabri Mati <[EMAIL PROTECTED]> wrote:
> > >  This is normal, but is there a way to make the outgoing package to have
> > > the internal CARP device's address as source IP?
> >
> > What would this accomplish?  If one of the nginx machines goes down,
> > the TCP sessions won't be able to failover to the other carp peer.
> > I'd prefer to see in my logs which proxy a request came from so I can
> > better diagnose if a particular machine is misbehaving.
> 
> You're right, but we need the carp'd IP for statistics on the web servers. If
> one of the machines goes down then the user just have to hit the refresh
> button and she has access to the content again.
> 
Did you try to NAT the LAN interface with the carp address ? It should
work for self outgoing traffic too. The problem is, if the connection is
issued from the backup firewall you will lost the connection. To bypass
this limitation, you can use ifstated and pf tables. 

- If the LAN interface is in master mode : add the carp address to 
  the NAT table

- If the LAN interface is in backup mode : remove the carp address from
  the nat table

Claer

Re: poll(2) vs kqueue(2) performance

[Edwin Eyan Moragas]

Hi Eric,

On Sat, Apr 19, 2008 at 4:17 PM, Eric Faurot <[EMAIL PROTECTED]> wrote:
>  > the question is, which one is more useful when writing new servers?
>  > kqueue or poll?
>
>  The more useful is event(3).

i've been looking also at libevent and libev, both of which are excellent
libraries. however, i'm more interested in simpler system calls rather
than the libraries.

thank you for pointing this out. interesting that openbsd has libevent
as a standard library.

>
>  Eric.
>



-- 
garnet:jasmin:beryllium:gluon
90-12264
90-B

Re: poll(2) vs kqueue(2) performance

[Eric Faurot]

On Sat, 19 Apr 2008 13:27:34 +0800
"Edwin Eyan Moragas" <[EMAIL PROTECTED]> wrote:

> Hi all,
> 
> been reading the select(2) man pages and it mentions poll(2)
> being more efficient in most cases. this makes it obvious to
> discard the use of select(2) in writing new servers.
> 
> i've come across some performance benchmarks which is trying
> to use kqueue(2).
> 
> the question is, which one is more useful when writing new servers?
> kqueue or poll?

The more useful is event(3).

Eric.