Re: New tcp stack attack
On Wed, Oct 1, 2008 at 4:47 PM, Dries Schellekens [EMAIL PROTECTED] wrote: When I read the pseudo article, I had the impression that the server does not have to implement SYN cookies. Their sockstress program uses (client) SYN cookies to estabilish a lot of TCP connections with minimal own resources... Some speculation by Fyodor: http://insecure.org/stf/tcp-dos-attack-explained.html Also check blog of one of the attack inventors: http://blog.robertlee.name/ Cheers, Dries
Re: New tcp stack attack
On Wed, Oct 1, 2008 at 4:22 PM, Duncan Patton a Campbell [EMAIL PROTECTED] wrote: It seems to me the problem is with SYN cookies. When I read the pseudo article, I had the impression that the server does not have to implement SYN cookies. Their sockstress program uses (client) SYN cookies to estabilish a lot of TCP connections with minimal own resources... Cheers, Dries
Re: FOSDEM 23/24 Feb Brussels
On Fri, Feb 22, 2008 at 4:12 PM, Andri Braselmann [EMAIL PROTECTED] wrote: AND the most signifant part of this country is: The highways used to be illuminated at night with a terrible orange light. We did that such that people in space can locate Belgium. The Chinese have their wall for that.
Re: 4.1 Hacked? Some interesting hashes
On Feb 11, 2008 1:34 PM, Manuel Ravasio [EMAIL PROTECTED] wrote: What I'm still missing is the relationship (if any) between a couple of hashes and a possible breach in OBSD... Supposedly these are the hashes of tarball containing exploit code/binary for a security hole in OpenSSH shipped with OpenBSD 4.1. If this exploit ever gets published, people can verify the hash. All hypothetically of course. Cheers, Dries
Re: serious weakness in OpenBSD's PRNG
On Feb 6, 2008 8:31 PM, Nikns Siankin [EMAIL PROTECTED] wrote: The full paper is available at the following URL: http://www.trusteer.com/docs/dnsopenbsd.html I find the the fixes done in other BSDs rather ugly because they have to keep a lot of state information: * http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10 * http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_id.c?rev=1.7 * http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/ip_id.c?rev=1.12 A better fix would be to use the alternative scheme proposed by Niels Provos: use a small block cipher in counter mode and a different key for every destination address. See http://marc.info/?l=netbsd-tech-netm=104610286425438 Niels used a similar scheme in scanssh. See section 3.2 of http://www.citi.umich.edu/u/provos/papers/scanssh.pdf Another option is to use the cryptographic PRNG from djbdns: http://cr.yp.to/djbdns/dns_random.html Cheers, Dries
Re: Wasting our Freedom
2007/9/18, Can E. Acar [EMAIL PROTECTED]: Theodore Tso wrote: Number 2, if you take a look at their latest set of changes (which have still not been accepted), the HAL code is under a pure BSD license (ath5k_hw.c). Other portions are dual licensed, but not the HAL --- if people would only take a look at http://git.kernel.org/?p=linux/kernel/git/linville/wireless-dev.git;a=tree;f=drivers/net/wireless;h=2d6caeba0924c34b9539960b9ab568ab3d193fc8;hb=everything from latest ath5k_hw.c: * Copyright (c) 2004-2007 Reyk Floeter [EMAIL PROTECTED] * Copyright (c) 2006-2007 Nick Kossifidis [EMAIL PROTECTED] * Copyright (c) 2007 Jiri Slaby [EMAIL PROTECTED] [snip rest of BSD license] ath5k_regdom.c and ath5k_regdom.h seem to be missing the no warranty part of the license. I am not sure if this is a problem though. Cheers, Dries
Re: bcw(4) is gone
Andris Delfino wrote: Yes, and he was wrong. He shouldn't base his work in copylefted software (if he intend to release the result as non-copylefted). Licenses are licenses. Yes, Marcus made a mistake. But not the mistake this GPL zealots seem to think (not knowing that copying GPL code is not allowed). He should have waited to commit his code to the public CVS until he had properly rewriten the GPL code... Marcus admitted he made a mistake and corrected it. I don't see the Linux guy admitting he made a big mistake in dealing with this issue. Cheers, Dries
Re: OpenBSD / NetBSD systrace kernel integer overflow
Nicolas Martzel wrote: http://scary.beasts.org/security/CESA-2006-003.html Feedback about that ? Corrected or always active ? http://www.openbsd.org/errata.html#systrace
Re: Another BLOB?
Alexey Suslikov wrote: Looks like FreeBSD is helping massively to make our world more BLOBby... http://bsdblogs.droso.org/netchild/2006/10/19/native-realplayer-for-freebsd/ I don't see what this has to do by blobs in drivers? There is nothing wrong the closed source software. You can even systrace it if you don't want it to misbehave... Cheers, Dries
Re: update automaticly
sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . You are forcing ksh do execute a csh script. Either you rewrite it to ksh; so using export instead of setenv. Either you execute the script differently. Make it executable and run it without the sh in front Cheers, Dries
Re: Fuzzy patching broken?
On Mon, 4 Sep 2006, Otto Moerbeek wrote: On Mon, 4 Sep 2006, viq wrote: As for reporting, you already did. ;-) Well, no, I didn't submit an 'official' PR ;) I did, as a reminder to myself (or any other volunteer who wants to attack this). It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. demime removed the file Cheers, Dries -- Dries Schellekens email: [EMAIL PROTECTED]
Re: crypto: available ciphers
Chris Cappuccio wrote: Plenty of algorithms that are used in OpenBSD and other free systems are patented. Who cares? Which? IDEA crosses my mind, but that is it. AES, DES, RSA, Blowfish, SHA-1/2 are all not patented. Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Bihlmaier Andreas wrote: My problem with the speed is that compared to the performance I get out of openssl (by USERcrypto) the IPSEC (in kernel) performance is terrible. AFAIK right now it doesn't even make use of the crypto hardware because I can get the same throughput with a comparable fast CPU (without crypto hardware). This explained on http://www.openbsd.org/crypto.html VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES implementation accessible via simple instructions. As of 3.4 the kernel supports them to be used in an IPsec context and exported by /dev/crypto. As of 3.5 performances have been greatly improved and OpenSSL now uses the new instruction directly when available without the need to enter the kernel, resulting in vastly improved speed (AES-128 measured at 780MByte/sec) for applications using OpenSSL to perform AES encryption. As I say earlier, the hardware is working, but the performance bottleneck is elsewhere (presumably kernel crypto framework). Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Dries Schellekens wrote: As I say earlier, the hardware is working, but the performance bottleneck is elsewhere (presumably kernel crypto framework). Sam Leffler of FreeBSD did some work in improving the performance of the OpenBSD kernel crypto framework: http://www.usenix.org/event/bsdcon03/tech/leffler_crypto/leffler_crypto.pdf Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Bihlmaier Andreas wrote: As I say earlier, the hardware is working, but the performance bottleneck is elsewhere (presumably kernel crypto framework). I'm sorry, I didn't get it the first time, but I get it know :) This is what I was seeking for, an answer. Now I have to greatly improve my C skills in search for a solution ;) You could use the ssh tunneling support to create a vpn. Then all crypto is processed using the OpenSSL and thus bypassing the kernel crypto framework. Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Bihlmaier Andreas wrote: ## openssl speed aes-128-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128 cbc 17311.15k18319.00k18569.35k18893.09k 18765.02k ## openssl speed aes-256-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256 cbc 13658.21k14272.24k14446.41k14594.65k 14587.05k This is AES running in software. ## openssl speed -evp aes-128-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 50807.21k 181629.43k 493014.94k 823907.91k 1029947.70k ## openssl speed -evp aes-256-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 50317.60k 179579.03k 426484.45k 655755.44k 777427.43k This is AES running on the VIA hardware accelerator. Just compare AES-128 on 8192 bytes: 18765.02k vs 1029947.70k That is more than 50 times quicker. Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Bihlmaier Andreas wrote: I dont mean to offend you, but ... Doh, I know that and these are VERY nice figures, BUT my problem is that I have to slow (== no acceleration) speed in IPSEC. I thought that OPenBSD would just make use of it (again in IPSEC) if it detects it. IPSEC always uses the kernel crypto API. So it *is* being used. The performance bottle neck is somewhere else: the kernel crypto interface itself, the network interface, ... Cheers, Dries
Re: VIA C7 hardware AES support in IPSEC(ctl)
Bihlmaier Andreas wrote: I use iperf -w 256k for testing purposes. The speed between hosts/router using their real IPs (-B 10.0.0.*) is about 70-80 Mb/s. ~22 Mb/s between host1 and host2 using their VPN IPs. Hope this made some stuff more clear. Thanks everyone for helping, I hope this can be fixed. What speed do you get when using ssh/sftp? You can disable the userland support of the hardware accelerator using sysctl kern.usercrypto=0 to see if it makes a big difference. Cheers, Dries
Re: Doubts about OpenBSD security.
Joco Salvatti wrote: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. He can also boot from cdrom or usb and then install everything you described. He can also remove the hard drive and mount it in a laptop. He can install a hardware key logger. etc. Nonce someone has physical access, all is lost with current hardware. Cheers, Dries
Re: ifconfig -l feature
Douglas Santos wrote: You are a joke Pedro Martelletto. You are the person adding a stupid extra flag to ifconfig, while Pedro is working on very useful stuff like VFS and file system support. Cheers, Dries
Re: Wireless card use
Jonathan Gray wrote: The third is based on a TI ACX chip which can be picked by its blue PCB. http://kbserver.netgear.com/products/WG311v3.asp Is this likely to be supported by OpenBSD? Is TI still refusing to permit the distribution of the firmware blob? Linux people seem to have figured out that including a driver for this chip could have some legal issues: http://kerneltrap.org/node/6692 Cheers, Dries
Re: new port: OpenBSD/aviion
Miod Vallat wrote: I would like to extend the hardware coverage of this port by supporting more models and more on-board devices. But as long as I do not have AViiON hardware and rely on other people for testing, development will not progress very fast, and will hit on our nerves. So if you have an unused AViiON machine in your Attic you have no real use for, or if you know someone who wants to get rid of his... please get in touch with me. This would definitely help this emerging port a lot! I saw just this: http://cgi.ebay.com/Data-General-system-board-for-Aviion-5500-005-039600_W0QQitemZ6888270148QQihZ013QQcategoryZ1244QQssPageNameZWDVWQQrdZ1QQcmdZViewItem Would it help if someone bought that board for you? Preferrably someone living in the USA... Cheers, Dries
Re: dynamic dns update
riwanlky wrote: I will like to know if OpenBSD have the capability to update my dynamic ip to www.dyndns.org. I am currently running myDYNIPPRO on Windows to update my dynamic ip. I want to move to OpenBSD. I had currently running sendmail, popa3d, mrtg, mySQL on the machine. There is net/ipcheck in the ports. See http://ipcheck.sourceforge.net Cheers, Dries
Re: license for getopt.c?
Will H. Backman wrote: While wandering through the usr.bin source tree (not to imply that I am qualified to take the journey), I noticed that getopt.c doesn't have a license clause in it. Anyone know who david might be? david@ = David Krause Cheers, Dries
Re: Xen/OpenBSD Summer of Code project
Anil Madhavapeddy wrote: We've put up some Xen-related projects for the Google Summer of Code, and one of them of particular interest is a port of OpenBSD to Xen 3.0 as a native guest OS. Full list: http://www.xensource.com/summerofcode.html Interested hackers are encouraged to apply; it is a fun project, some NetBSD code already exists, and will be useful. I see that this project got selected: http://code.google.com/soc/xensource/about.html Let's hope this work can be included in OpenBSD after the summer. Cheers, Dries
Re: Xen/OpenBSD Summer of Code project
Peter Blair wrote: That project (if/once completed) would be very useful. I just cringe at the thought of running a guestOS of openbsd under linux or Solaris ;) A minor detail: OpenBSD will run on the Xen virtual machine monitor and not on Linux or Windows (like VMWare). So the Linux instance (or even multiple of them) will run in parallel to the OpenBSD domain. Cheers, Dries On 5/30/06, Dries Schellekens [EMAIL PROTECTED] wrote: Anil Madhavapeddy wrote: We've put up some Xen-related projects for the Google Summer of Code, and one of them of particular interest is a port of OpenBSD to Xen 3.0 as a native guest OS. Full list: http://www.xensource.com/summerofcode.html Interested hackers are encouraged to apply; it is a fun project, some NetBSD code already exists, and will be useful. I see that this project got selected: http://code.google.com/soc/xensource/about.html Let's hope this work can be included in OpenBSD after the summer. Cheers, Dries
Re: Xen/OpenBSD Summer of Code project
Peter Blair wrote: Are you saying that OpenBSD is targetted as a Dom0 OS? I couldn't tell from the above mentioned links. No, I think the goal is to run OpenBSD as DomU. It seems NetBSD can run in Dom0, so OpenBSD could as well. Ideally, Dom0 should of course be running something small/minimal, and not a complete Linux/NetBSD/... like it is the case now, to keep the size of the TCB smaller. Cheers, Dries On 5/30/06, Dries Schellekens [EMAIL PROTECTED] wrote: Peter Blair wrote: That project (if/once completed) would be very useful. I just cringe at the thought of running a guestOS of openbsd under linux or Solaris ;) A minor detail: OpenBSD will run on the Xen virtual machine monitor and not on Linux or Windows (like VMWare). So the Linux instance (or even multiple of them) will run in parallel to the OpenBSD domain. Cheers, Dries On 5/30/06, Dries Schellekens [EMAIL PROTECTED] wrote: Anil Madhavapeddy wrote: We've put up some Xen-related projects for the Google Summer of Code, and one of them of particular interest is a port of OpenBSD to Xen 3.0 as a native guest OS. Full list: http://www.xensource.com/summerofcode.html Interested hackers are encouraged to apply; it is a fun project, some NetBSD code already exists, and will be useful. I see that this project got selected: http://code.google.com/soc/xensource/about.html Let's hope this work can be included in OpenBSD after the summer. Cheers, Dries
Re: intel PRO wireless 3945ABG
akonsu wrote: hello, i am looking for help getting the intel pro wireless 3945ABG adapter work with release 3.9. i know that there is a driver for it but i do not think it is present in this release. i think i need to build everything from source (which i am trying to avoid). is this correct? i have found no answers to my questions at http://damien.bergamini.free.fr/ipw/. has anyone done this? The wpi(4) driver was added post 3.9. http://www.openbsd.org/cgi-bin/man.cgi?query=wpisektion=4 Try a snapshot. Cheers, Dries
Re: intel PRO wireless 3945ABG
Dries Schellekens wrote: The wpi(4) driver was added post 3.9. http://www.openbsd.org/cgi-bin/man.cgi?query=wpisektion=4 Try a snapshot. Kerneltrap has a nice article about this new driver: http://kerneltrap.org/node/6650 Cheers, Dries
Re: HP HC340T pci-x card
holger glaess wrote: i try to install this quad pci-x ethernet card that looks like an intel from hp. in my starting dmesg i got ppb3 at pci3 dev1 function 0 unknown vendor 0x12d8 product 0x01a7 rev 0x01 pci 4 at ppb3 bus 4 vendor Intel, unknown product 0x10b5 (class network subclass ethernet, rev 0x03) at pci4 dev 4 function 0 no configured vendor Intel, unknown product 0x10b5 (class network subclass ethernet, rev 0x03) at pci4 dev 4 function 1 no configured vendor Intel, unknown product 0x10b5 (class network subclass ethernet, rev 0x03) at pci4 dev 6 function 0 no configured vendor Intel, unknown product 0x10b5 (class network subclass ethernet, rev 0x03) at pci4 dev 6 function 1 no configured can someone help me to fixup this driver problem ? Try the latest snapshot. Support for this card was added post-3.9 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pcidevs.diff?r1=1.1043r2=1.1044 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_em.c.diff?r1=1.110r2=1.111 Cheers, Dries
Re: NIC's with 3DES
edgarz wrote: I want to ask about NIC's with built in 3DES support, in my situation Intel Pro 100 (Intel 82557). Is that 3DES support usable with OpenBSD + isakmpd? No. See http://www.openbsd.org/crypto.html#hardware Idem for 3com NIC. Cheers, Dries
Re: OpenBSD PF IP Fragment Remote Denial Of Service
Subcommander l0r3zz wrote: This came across security focus and I haven't seen it mentioned here. THey claim 3.8 is vulnerable, anybody know anything? This has been fixed in -current, 3.8-stable and 3.7-stable. This crash only works if you have 'scrub fragment crop' or 'scrub fragment drop-ovl' in your pf rules. Not a lot of people use this option so there is no patch on errata.hml Cheers, Dries
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
fox wrote: Second, it is not completely accurate to say that OpenBSD is more secure. If you compare vulnerability counts just from the last 3 months, OpenBSD had 79 for November, December and January compared to 11 for Microsoft (and that includes one each for Office and Exchange - so really 9 for all versions of Windows). I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true. According to http://openbsd.org/security.html, the last two releases of OpenBSD have had 8 vulnerabilities (and that includes two that apply to both releases - so really 6 for both releases of OpenBSD). Maybe he is counting vulnerabilities in ports? Cheers, Dries
Re: Missing patch and security announce
Rob W wrote: What about http://www.securityfocus.com/bid/16375 Fixed in -current, 3.8-stable and 3.7-stable See http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c Cheers, Dries
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
Rob W wrote: What about http://www.securityfocus.com/bid/16375 and http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 (Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce - http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) Fixed in -current, 3.8-stable and 3.7-stable. Is there other bugs that haven't made it to the errate page? Subscribe to source-changes@ Cheers, Dries
Re: DHS Grant to analye OpenBSD (and other OSS) for Bugs
Axton wrote: First post here, not sure if this is the right forum. Let me know if not. From the article: The U.S. Department of Homeland Security is extending the scope of its protection to open-source software. ... The list of open-source projects that Stanford and Coverity plan to check for security bugs includes Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL... http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html Ted Unangst (and Peter Hessler) work at Coverity. Various bugs have allready been found by their tool and fixed in OpenBSD. Cheers, Dries
Re: isakmp implementation vulnerabilities
Chad Loder wrote: I just tested our isakmpd(8) implementation against the PROTOS test suite. No problems were detected. We performed an audit of isakmpd's IKE parsing code back in early 2004 and made several fixes (OpenBSD 3.4 timeframe). I guess you are referring to errata 015 of OpenBSD 3.4 (March 17, 2004). Now that is proactive security ;-) Cheers, Dries
isakmp implementation vulnerabilities
Hey, Just saw this: http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf Has the isakmpd(8) been tested by the PROTOS test? This test suite (Java program) is available publicly at http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ Cheers, Dries
Re: Apple Mac G5 or G4 dual-cpu
Theo de Raadt wrote: We would love it if someone is able to supply one or our developers in the Netherlands with a dual-cpu Mac. It does not matter if it is G4 or G5, either will do. If anyone can, please drop me a note. Thanks. So SMP is next on the list of Mark Kettenis after G5 support? Splendid! Cheers, Dries
Re: Your worst dream comes true, thanks to Intel
Constantine A. Murenin wrote: 2002: http://www.theinquirer.net/?article=5858 http://www.gnu.org/philosophy/can-you-trust.html etc I don't get what this (TCPA now known as TCG) has to do with new Intel products. This is completely unrelated. A TPM (trusted platform module) is not going to enable a DRM OS; you need extra hardware changes for this (see Microsoft NGSCB plans). I have numerous Linux machines using a TPM and it is not a bad thing. Some good website regarding Linux support: http://www.research.ibm.com/gsal/tcpa/ http://www.prosec.rub.de/tpm/ http://www.prosec.rub.de/trusted_grub.html BTW it looks like the TPM driver will be included in mainstream linux kernel; 2.6.12-rc5-mm1 allready has it. 2005: http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=13912 http://www.digitmag.co.uk/news/index.cfm?NewsID=4915 http://www.theinquirer.net/?article=23548 http://digg.com/hardware/DRM_Embedded_In_New_Intel_Chips http://hardware.slashdot.org/article.pl?sid=05/05/28/1718200tid=118tid=155tid=137 Still all very vague. Does the new Intel processor + chipset provide La Grande technology? websites: http://www.againsttcpa.com/ This website is utter crap: a bunch of lies, not backuped by facts. Finally, here is Intel press-release, which for obvious reasons does not mention anything about DRM: http://www.intel.com/pressroom/archive/releases/20050526comp.htm I guess we will have to wait for more technical details. Cheers, Dries
Re: Your worst dream comes true, thanks to Intel
T. Ribbrock wrote: According to this German site (haven't found an English source yet) http://www.golem.de/0505/38320.html Intel has denied that the 945 had DRM built-in. They say that it only has the option to connect Trusted Platform Modules to it, which - according to Intel - is not news, as other chipsets are already able to do so. Thanks for this URL. The option to have a TPM is indeed not new at all. Where I am working, I recently bought a Intel motherbord with TPM (Intel D915GUXLK) and we have bought numerous machines which come with TPM (IBM Thinkpad and desktops, HP laptops). Most of these machines run Linux. Let me tell you: a TPM alone is not enough for a DRM system. Maybe the new Intel CPU and chipset have other features that help enforce DRM. Cheers, Dries
Re: NIC bonding/trunking/802.3ad
Niall O'Higgins wrote: On Tue, May 24, 2005 at 02:01:23PM +0100, Hyb wrote: It seems that the topic of 802.3ad support (link aggregation|bonding|trunking|whatever you want to call it) seems to come every so often, but is often disregarded on the basis that gigE is now cheap. I see the redudancy as a much more valuable asset though. speak of the devil! reyk@ got there already ... http://marc.theaimsgroup.com/?l=openbsd-cvsm=111690466011478w=2 How does this compare to NetBSD agr(4)? Is this also IEEE 802.3AD? Cheers, Dries