obfs4proxy-0.0.14 in packages for 7.2 (amd64)?
Hello I note the updated package in snapshots/packages, and wonder if the "fixes of important obfusction bugs" that are in obfs4proxy 0.0.14 will also appear in 7.2/packages? Best regards -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Rad conf option
> Hello
> I think the "nameserver" option of rad (router advertisement daemon) should
> be
> able to support a keyword like "self" to refer the router itself as a
> nameserver also, similar to the "self" keyword in PF.
> This could be a reference in the global configuration and/or specific
> interfaces
> conf'.
> I think this could be beneficial in term of conf' simplicity and avoiding
> mistakes (especially if the router has to deal with frequent renumbering).
> example :
> Currently:
> interface re0
> dns {
> nameserver 2a06:a4:7d:20::1 2600::1
> }
> interface re1
> dns {
> nameserver 2a06:a4:7d:30::1
> }
> ---
> wish:
> dns {
>nameserver self
> }
> interface re0
> interface re1
just keep in mind that "self" can be not one address, but several. for example,
i have four(1 ipv4 + 3 ipv6) of them- will they all be available to the client?
Re: Locking network card configuration
Theo de Raadt wrote:
> Thomas Bohl wrote:
>
> > Hello,
> >
> > > I suppose there is some argument that we should support hostname.MAC
> > > files
> >
> > Maybe a function in netstart right before vifscreate could be enough
> > to achieve this? I creates this diff, against stable for now though,
> > as a test.
> >
> > Create a /etc/hostname.MAC file like you would create a
> > /etc/hostname.if file. (MAC = lladdr as shown with ifconfig. Like
> > /etc/hostname.08:00:27:14:26:0d)
> > /etc/netstart than creates a symbolic link to the corresponding
> > hostname.if. If there is a hostname.if file it is not overwritten. The
> > rest works the same.
> >
> >
> > --- netstartTue Sep 27 19:39:43 2022
> > +++ netstartTue Nov 22 03:39:49 2022
> > @@ -104,6 +104,21 @@ ifcreate() {
> > fi
> > }
> >
> > +# Symlink hostname.MAC to hostname.if.
> > +# Existing hostname.if-file (no symlink) wins.
> > +link_MAC_to_if() {
> > + local _hn _mac _if
> > +
> > + for _hn in /etc/hostname.??:??:??:??:??:??; do
> > + _mac=`echo $_hn | cut -c 15-31`
> > + _if=`ifconfig | grep -B 1 $_mac | head -n 1 | awk -F ": "
> > '{print $1}'`
Oh, except that using grep, head, or awk. That breaks NFS diskless
machines, because they are in /usr, which may not be mounted yet.
So this has to be done using shell features or commands in /bin and /sbin.
You will see these interesting hacks in other parts of rc and netstart.
Re: Locking network card configuration
Thomas Bohl wrote:
> Hello,
>
> > I suppose there is some argument that we should support hostname.MAC
> > files
>
> Maybe a function in netstart right before vifscreate could be enough
> to achieve this? I creates this diff, against stable for now though,
> as a test.
>
> Create a /etc/hostname.MAC file like you would create a
> /etc/hostname.if file. (MAC = lladdr as shown with ifconfig. Like
> /etc/hostname.08:00:27:14:26:0d)
> /etc/netstart than creates a symbolic link to the corresponding
> hostname.if. If there is a hostname.if file it is not overwritten. The
> rest works the same.
>
>
> --- netstart Tue Sep 27 19:39:43 2022
> +++ netstart Tue Nov 22 03:39:49 2022
> @@ -104,6 +104,21 @@ ifcreate() {
> fi
> }
>
> +# Symlink hostname.MAC to hostname.if.
> +# Existing hostname.if-file (no symlink) wins.
> +link_MAC_to_if() {
> + local _hn _mac _if
> +
> + for _hn in /etc/hostname.??:??:??:??:??:??; do
> + _mac=`echo $_hn | cut -c 15-31`
> + _if=`ifconfig | grep -B 1 $_mac | head -n 1 | awk -F ": "
> '{print $1}'`
> + # Only create a symlink if /etc/hostname.$_if is not a normal
> file.
> + if [[ -h /etc/hostname.$_if ]] || [[ ! -e /etc/hostname.$_if
> ]]; then
> + ln -fs /etc/hostname.$_mac /etc/hostname.$_if
> + fi
> + done
> +}
> +
This part of your diff to discover the hostname.##:##:##:##:##:##
files is quite nice, but symbolic linking them is pretty nasty. I think
they will get left behind and create confusion, and someone will try to
delete them, and accidentally delete others.
I think the ifstart() function which parses a 'xx0' file, should be split up,
so that the 2nd half of the function can be used to process either type of
file.
Opensearch can't start if memory is ore than 4g
Hello, Starting opensearch fails if memory is 4G or more.My VM has 12Gb memory # sysctl -a... hw.physmem=17161977856hw.usermem=17161961472 # vmstat procs memory page disks traps cpu r s avm fre flt re pi po fr sr sd0 cd0 int sys cs us sy id 1 49 31M 14347M 6076 0 0 0 0 0 64 0 48 1738 1364 16 5 80 I also added in /etc/login.confopensearch:\ :openfiles=65536:\ :tc=daemon: /etc/opensearch/jvm.options...-Xms3g -Xmx3g Works /etc/opensearch/jvm.options...-Xms4g -Xmx4g Works Does anyone understand why I can get up to 4gb ? Regards
Re: Locking network card configuration
Hello,
I suppose there is some argument that we should support hostname.MAC
files
Maybe a function in netstart right before vifscreate could be enough to
achieve this? I creates this diff, against stable for now though, as a test.
Create a /etc/hostname.MAC file like you would create a /etc/hostname.if
file. (MAC = lladdr as shown with ifconfig. Like
/etc/hostname.08:00:27:14:26:0d)
/etc/netstart than creates a symbolic link to the corresponding
hostname.if. If there is a hostname.if file it is not overwritten. The
rest works the same.
--- netstartTue Sep 27 19:39:43 2022
+++ netstartTue Nov 22 03:39:49 2022
@@ -104,6 +104,21 @@ ifcreate() {
fi
}
+# Symlink hostname.MAC to hostname.if.
+# Existing hostname.if-file (no symlink) wins.
+link_MAC_to_if() {
+ local _hn _mac _if
+
+ for _hn in /etc/hostname.??:??:??:??:??:??; do
+ _mac=`echo $_hn | cut -c 15-31`
+ _if=`ifconfig | grep -B 1 $_mac | head -n 1 | awk -F ": "
'{print $1}'`
+ # Only create a symlink if /etc/hostname.$_if is not a normal
file.
+ if [[ -h /etc/hostname.$_if ]] || [[ ! -e /etc/hostname.$_if
]]; then
+ ln -fs /etc/hostname.$_mac /etc/hostname.$_if
+ fi
+ done
+}
+
# Create interfaces for network pseudo-devices referred to by
hostname.if files.
# Optionally, limit creation to given interfaces only.
# Usage: vifscreate [if ...]
@@ -356,6 +371,9 @@ if ifconfig lo0 inet6 >/dev/null 2>&1; then
else
ip6kernel=NO
fi
+
+# Symlink hostname.MAC to hostname.if.
+link_MAC_to_if
# Create all the pseudo interfaces up front.
vifscreate
В ответ на: OpenIKE2 question
Ok, seems to be achieved by PF rules on server side (for the VPN net) and StrongSwan settings on the client side (Android) -- i.e. blocking all traffic other than VPN and setting DNS servers in client config. VPN FAQ covers the rest. Thanks to the authors!! Works fine :))) Отправлено из Yahoo Почты для Android вс, 20 нояб. 2022 в 10:47 Kostya Berger написал(-а): Hello everyone.I'm planning to use OpenIKEv2 not just for VPN tunnel, but also to give client Internet access through that tunnel (none other for that client). Is it possible? Do I need additional config options or will default gateway become available on the system once connected to VPN? Thank you With kindest regards, Kostya Berger
Rad conf option
Hello
I think the "nameserver" option of rad (router advertisement daemon) should be
able to support a keyword like "self" to refer the router itself as a
nameserver also, similar to the "self" keyword in PF.
This could be a reference in the global configuration and/or specific
interfaces
conf'.
I think this could be beneficial in term of conf' simplicity and avoiding
mistakes (especially if the router has to deal with frequent renumbering).
example :
Currently:
interface re0
dns {
nameserver 2a06:a4:7d:20::1 2600::1
}
interface re1
dns {
nameserver 2a06:a4:7d:30::1
}
---
wish:
dns {
nameserver self
}
interface re0
interface re1
Regards, Stéphane
pfr_get_astats: corruption detected
Hi, Can someone explain messages of type /bsd: pf: pfr_get_astats: corruption detected (2) in /var/log/messages? thanks, G
Re: less prints superfluous characters with --no-init
On Mon, Nov 21, 2022 at 08:51:36AM +0100, Jan Stary wrote: > On Nov 21 01:38:41, rto...@ceti.pl wrote: > > I guess it would not be very hard to just add few more *roff hacks > > Stop right here. My horses froze hanging in the air... :-) -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com **
Re: slaacd, MTUs, and pledge
On Sun, Nov 20, 2022 at 05:28:06PM -0500, Stefan R. Filipek wrote:
> My router advertises its MTU over ICMPv6 router advertisements. It's
> somewhat large (9216), and exceeds the hardware capabilities of my
> OpenBSD system's rge interface (9194). This results in a bunch of
> noisy log messages of:
>
> > slaacd[...]: failed to set MTU: Invalid argument
>
> And the obvious outcome where slaacd doesn't actually adjust the MTU
> to something larger.
>
> I thought I'd be helpful and make a patch where slaacd clamps to the
> maximum hardware capability before attempting to set the MTU. However,
> I got blocked by pledge: There currently is no pledge that gives
> access to SIOCGIFHARDMTU.
>
> So, some questions arise:
> 1. Does it make sense to add SIOCGIFHARDMTU (and maybe SIOCGIFMTU too)
> to pledge("route")?
> 2. Should slaacd clamp at all or or have some additional settings for
> MTU control?
You announce an MTU that is larger than the interface can handle. In other
words you may end up with packet loss. The only sane fix for your issue is
to lower your RA's mtu from 9216 down to the max of what all your hardware
on that segment can handle. If rge(4) has the lowest MRU then it has to be
9194. Else a system may try to send a 9200 byte packet to your rge(4)
which will fail and it will take a lot of time and resources to figure out
why.
I see no reason to change anything right now for this. Maybe the error
message could include the number it tries to set. But slaacd should fail
as hard as possible in this case because you can't properly connect this
this network.
--
:wq Claudio
Re: UNIX manual volume 2 (Supplementary Documents) Re: less prints superfluous characters with --no-init
> [heres if(3p) for some reason.] the fact that `man if' goes to a whole man page about a perl thing rather than just the sh(1) page, is a bit silly i think. i mean, perl isnt the default shell. why does perl `if' get its own man page, whereas the following are missing: * `man type' for `man sh' * volume 2, supplementary documents, for example: - UNIX tutorials and references - C reference - vi reference and tutorial * all the text, HTML, PDF docs that man can neither find nor show * all the docs and refs that never find their way out of various sources more to the point, how can anyone pretend OpenBSD has a great manual? its far better than ??apple sure, but it aint BSD UNIX good. im grateful for OpenBSD sure, but not for the FUD aimed at the weenies. > [% command] csh(1) would be bells and whistles. how about the default sh(1)? > [ssh command] you would type `ssh blah sshcommand'. the `command' is `ssh'. whereas i can use the `type' command without ever typing `sh'. > [@outlook.com] yeah, i should have run OpenSMTPD with its morris-worm era bug.
