How correctly build php subpackages from ports ?

[irix]

When I try to build one or two subpackages for php 5.3 or 5.2, system 
try to build all available subpackages with their dependences. How I can 
avoid this ?


I login to /usr/ports/lang/php/5.3  and make show=MULTI_PACKAGES this 
show me list available options and when I try to use: env 
SUBPACKAGE=-fpm make install

System build and all subpackages. Iwas very puzzled by this behavior.

Re: install on softraid

[irix]

Try to use dd with dev/zero on wd0d and wd1d it was successed. But 
bioctl return same error invalid metadata format.


10.04.2011 04:30, Marco Peereboom P?P8QP5Q:

There is some garbage in the location where softraid looks for metadata.
I got recently inspired to look at this because it looks like the force
flag isn't always honored.  For now do a couple of dd's from /dev/zero.

On Sat, Apr 09, 2011 at 01:57:35PM +0300, irix wrote:

Also I try to add wd0d and wd1d with same commad but system return
me same error invalid metadata format.
Why this error is happening ?

Re: install on softraid

[irix]

Thanks Ted. All works fine now. May I use softraid 0+1 (raid10) discipline ?

Re: install on softraid

[irix]

Also I try to add wd0d and wd1d with same commad but system return me 
same error invalid metadata format.

Why this error is happening ?

install on softraid

[irix]

Do you planning to remake installer script to allow install system to 
software raid from it ?

Re: install on softraid

[irix]

When I try to build softraid0 during install with command bioctl -c 1 -l 
/dev/wd0a,/dev/wd1a softraid0

System return softraid0 invalid metadata format. How can I fix it ?

Re: traffic management

[irix]

Hello Misc,

  All of a sudden started talking about some fixes. Have I mentioned somewhere 
that something needs to be corrected,
   or that something is not working? I just said about remaking to simplify the 
code.
 Alternatives queue was initially conceived as framework in which you can with 
minimal effort to connect disciplines
  to develop. With the existing code in the form pf/altq add a new discipline 
has been a daunting task, you need a heap of places to dopiski indicate the new 
variables need to finish the new syntax.
  I simply asked why the code altq not do the same as the code nat / rdr, scrub 
to remove it and greatly simplified.
   As an option to make altq separately from firewall.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: traffic management

[irix]

Hello Misc,

  Ideally this control altq the similarity in the tc tool in Linux.

-- 
Best regards,
 irix  mailto:i...@ukr.net

traffic management

[irix]

Hello Misc,

Are there any plans have changed in the system of traffic control?
For example removal of code altq from pf and make a separate management 
interface traffic other than pf.
Or replace altq to something else, more fast,
simple and functional. Or revision of an existing traffic management system.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: traffic management

[irix]

Hello Misc,

 But at least you can say why?

no kidding.  As we've told irix before, it will not happen.

-- 
Best regards,
 irix  mailto:i...@ukr.net

JoBS - altq prototype implementation

[irix]

Hello Misc,

  This algorithm (ALTQ_JOBS) allows extremely flexible control over traffic.
   Will its port in pf-based altq, from the old altqd?

-- 
Best regards,
 irix  mailto:i...@ukr.net

tcp proxy

[irix]

Hello Misc,

Maybe something to meet a simple tcp proxy with the function of bandwidth 
limiting the possibility of job parameters for each individual ip to work well 
on OpenBSD?

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf feature request

[irix]

Hello Misc,

It was a great number of disputes about shaping the incoming flow. This 
function is a solution to this dispute,
 she realizes that may be implemented according to RFC.
And need it for example if you have a single ftp server and you want it to one 
of the ip on it to fill the data did not say
 faster than 2Mbit, and all the others at full speed. (without tunning
ftpd)
Or you have a narrow channel, for example in 128Kbit, and you are one of the 
SMTP server attempts to transmit e-mail to 200 megabytes,
with all your feed traffic taken from smtp server, but this feature you can ask 
the remote server to send you e-mail is slower to have
been free of the canal and you can open a http page. In doing so, no shaping, 
and queuing is organized and not over the coming traffic no action is performed.
This option is apply is only for tcp traffic, according to rfc.


 Why? What's the use case?

 -HKS


-- 
Best regards,
 irix  mailto:i...@ukr.net

pf feature request

[irix]

Hello Misc,

  Maybe the public interested in the idea to add in the pf function
  query at slowing the transfer of data to tcp protocol ?
  To attempt to reduce the speed of the incoming flow without altq.
  This function is designed exclusively for the tcp protocol, and must work 
under the rfc.

  Can I suggest an example of rule

  pass in on $ ext_if proto tcp from $ inetrnet to any port ftp keep state 
tcprequester 5Mb

  When an incoming tcp stream reach in 5Mbit, pf starts to ask the remote side 
to reduce speed.
  But at the same time, no queues are not being built, and no packets are 
discarded.
  pf only generates requests to reduce the speed of the sending party.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,

And then you're going to add a dropper ?

 we already do some mitigation for that in certain drivers.

 $ cd /sys/dev; grep MCLGETI pci/* ic/*
 pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, BGE_JLEN);
 pci/if_bnx.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_em.c:MCLGETI(m, M_DONTWAIT, sc-interface_data.ac_if, MCLBYTES);
 pci/if_iwn.c:   MCLGETI(data-m, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
 pci/if_iwn.c:   MCLGETI(m1, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
 pci/if_ix.c:MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, size);
 pci/if_msk.c:   MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, 
 sc_if-sk_pktlen);
 pci/if_sis.c:   MCLGETI(m_new, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_sk.c:MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, SK_JLEN);
 pci/if_vic.c:   MCLGETI(m0, M_DONTWAIT, NULL, 
 m-m_pkthdr.len);
 pci/if_vic.c:   MCLGETI(m, M_DONTWAIT, sc-sc_ac.ac_if, pktlen);
 pci/if_wpi.c:   MCLGETI(data-m, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
 pci/if_wpi.c:   MCLGETI(m1, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
 ic/gem.c:   MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES);
 ic/hme.c:   MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES);


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,

Today I felt CDNR in NetBSD-5
Works fine. No claims.

Why write that does not work, I can not even guess. I use in NetBSD-2, and 
NetBSD-5.
It works without reproach.

interface pvc1
conditioner pvc1 ef_cdnr tbmeter 6M 64K passdrop
filter pvc1 ef_cdnr 0 0 172.16.4.176 0 0


 so, let's look at FreeBSD's manpage.

  ALTQ_CDNR   Build the traffic conditioner.  This option is meaningless at
  the moment as the conditioner is not used by any of the
  available disciplines or consumers.

 or a fairly recent NetBSD list post:

 The input limiter absolutely doesn't work under NetBSD-3, it seems,
 and I've found some other posts on the web that seem to confirm this.
 [...]   I have a NetBSD-4 build of this box, which is an embeded system, which
 I could deploy in this application, but it's not a trivial exercise to do
 so.  So, I'm wondering if anyone has used and can report whether the input
 traffic conditioner actually works to limit traffic on input traffic under
 NetBSD-4.  

 ...


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,


In  addition  CDNR  still has the 3 color marker, which, if slightly
reworked,you   can   get   a   different   dynamic   shaper. For each color 
would be to set a speed,
and switch between the colors would be implemented through traffic past in the 
ends of time.
For  example  10Mb/always  5Mb/10Gb  (in  1  day)  1Mb/15Gb (in 2
day's) flush 1 day,  (green yellow red)(reset couter)
 and an additional parameter discharging the counter, for example, to reset the 
counter 1 time per day .


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,


 But under dynamic queues, I understand, the creation of a large number of
 dynamic patterns.
 For example creates template for the queue with an indication of the speed
 such as 512Kbit / s,
 and then creates template for the filter of which you can
 specify a subnet like 192.168.1.0/24 and this pattern break this subnet to
 the desired number of rules in this case,
 to 254, and under each This rule will create a dynamic part of the dynamic
 pattern of 512Kbit / s for each rule.

 On 2009-05-27, (private) HKS hks.priv...@gmail.com wrote:
 What?


 If you want to throttle all your clients to, say, 512Kb/sec, you need a
 stack of separate queues, and a stack of match rules for them. You can set
 them up individually via pfctl/pf.conf but it's a bit messy, you'd probably
 want to do part of it via some script or preprocessor. (I think using a
 shell script to generate a file to include would be viable though).

 Real dynamic queues would be created and destroyed on-the-fly which
 could help it scale a bit further, but I don't know how useful it would
 be, the first thing that comes to mind is memory use, but each extra
 queue doesn't use _all_ that much from the pool unless it's actively
 in-use. There might be problems other than memory when using a huge
 number of queues, I don't know, never used more than a handful here...
 something for someone who has a big setup to look at and profile, really.

Similar  constructions  shaper  frequently uses in local area networks
ISP (in russia,ukraine),
where  one  powerful  computer can be up to 6-7 thousand clients.
Use  of  these  computers tend to linux or freebsd (with dummynet (real
dynamic queues with src and dst masks:)))

Here in such cases it is simply indispensable.

I found the patches
which  allow  you to add queues altq through pfctl (may be useful, and
add to main tree :) )
http://dinar.yantel.ru/patches/openbsd/merge/

And this patch remove altq when interface is destroy

http://dinar.yantel.ru/patches/openbsd/altq/patch_pf_if.c
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

 since queueing only happens at output, that's going to be totally
 useless. it's not just a question of how altq distinguishes traffic,
 you're asking to totally change how altq works.

Okey,  i  see.  But I can not understand why you are sure that traffic
can only outlet Shape , You can say that's silly to try to Shape traffic that 
came,
but  if  it works it's worse than outgoing (if only for tcp) it is not
stupid ?

Assume that you are right and the traffic can Shape only outlet for what 
purpose then in other projects (freebsd, linux, netbsd)
including  the original altqd opportunity for shaping incoming traffic
via CDNR has been included?

This is not the presentation of claims or something else, I want to understand 
why you uperlis and
do not want to see nothing else.


 if you have some requirement for features that altq+pf doesn't have
 at the moment, you have a few choices:

 - use different software that already does what you want.

 - pay someone to code the features.

 - code the features yourself. (if you don't code, this will require
 learning how to do that first, obviously).

I did.
But it pains me to see the obvious defects in my favorite system,
and complete indifference on the part of developers to the obvious defects.


 but, unless you want to use altq on a server (rather than a router),
 there isn't really a problem with the queuing happening only on output.
 just give the queues on both interfaces the same name, then you can
 assign in both directions with a single rule.

 stupid example ruleset. not actually tested, but I have others like
 it, and it should be enough to give you the general idea.

 -- -- -- -- --
 altq on bge0 cbq bandwidth 4000Kb queue { normal, slow, fast }
 altq on vlan5 cbq bandwidth 2Kb queue { normal, slow, fast }
 altq on vlan9 cbq bandwidth 1000Kb queue { normal, slow, fast }

 queue normal bandwidth 40% priority 4 cbq(default borrow)
 queue slow bandwidth 10% priority 1
 queue fast bandwidth 50% priority 7

 pass 
 pass in proto icmp queue (slow)
 pass in proto tcp to port 22 queue (fast)
 -- -- -- -- --

 (I think some people just look at a couple of example configs which
 use different queue names on interfaces and assume that it's necessary,
 but it isn't).

Thanks, for this example. I did not know this.

But under dynamic queues, I understand, the creation of a large number of 
dynamic patterns.
For example creates template for the queue with an indication of the speed such 
as 512Kbit / s,
and then creates template for the filter of which you can
specify a subnet like 192.168.1.0/24 and this pattern break this subnet to the 
desired number of rules in this case,
to 254, and under each This rule will create a dynamic part of the dynamic 
pattern of 512Kbit / s for each rule.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,


 * irix i...@ukr.net [2009-05-27 18:12]:
 But I can not understand why you are sure that traffic can only
 outlet Shape

 i can not understand why you want to shape outlets.

 you don't understand that inbound shaping doesn't work because you
 have obviously no idea how the network stack works. there is no
 suitable queue inbound to do any queueing on. the ipintrq is way too
 early. so to do any inbound shaping you had to insert another queueing
 step, which is as clever as drinking water from the dead sea when
 you're thirsty. or maybe one could rape the ipintrq somehow. but i
 don't and won't rape.

by  shaping  the  incoming  traffic,  I  mean  simple  dropper  without
constructing  queues. All that the above specified speed dropped until
the  flow becomes less than or equal to specified speed. That actually
makes CDNR, which arrears.



 But it pains me to see the obvious defects in my favorite system,

 interestingly, in the 6 years since I did the altq/pf merge, you're
 the only one to see that obvious defect

 and complete indifference on the part of developers to the obvious defects.

 obviously the developers have no clue about what they are doing, and
 the milestones they have to meet by the contract they have with you

 understood the joke. Funny
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

  May  be  someone better to write in a kind of pseudo device ifb (The
  Intermediate Functional Block device) like in linux,
  so you can cheat altq. Redirect incoming traffic from the physical device 
(fxp0) to a device (ifb0)
and that it passed altq traffic considered as originating, and to this
device (ifb0) we could use cbq or hfsc shedulers.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

  Or may be remove from altq distinguish incoming traffic or outgoing.
  What could box up to the queue as incoming and outgoing.
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

And it will be added to the main tree?

  * irix i...@ukr.net [2009-05-25 03:53]:
 About  add some queue disciplines, I agree with you.
 But about  completion of porting CNDR , about dynamic queues and about
 packet rate limit per state your position is not clear.
 
 Why CNDR porting froze in halfway, Why not bring to the end ?

you are free to do it

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam



-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

Good, I understand your position, ok.

I want to ask, will be shortly removed cbq?

And  when  which  will be supplemented pf.conf (5) of hfsc more detail
and with examples ??

  2009/5/25 irix i...@ukr.net:
 And it will be added to the main tree?

Let's see, no code, no mention of license, and no demonstration that
it actually solves a/your problem.  How can your question possibly be
answered?


Philip Guenther


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

Where i can find openbsd public roadmap ?

  * irix i...@ukr.net [2009-05-25 23:04]:
 I want to ask, will be shortly removed cbq?
 
 And  when  which  will be supplemented pf.conf (5) of hfsc more detail
 and with examples ??

the date and time of all future changes is in our public roadmap, with
precision to the second. each roadmap entry also has the diff attached
that is going to be written and committed.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam


-- 
Best regards,
 irix  mailto:i...@ukr.net

pf, altq, packet rate

[irix]

Hello Misc,

  I was wondering when i can't find packet rate limiting per state in pf.
  Number of state's per src ip, found. State rate limiting found.
  And  packet  rate limiting per one state (or packet rate limiting at
  all) don't found.

  This function will be added ?

  The  altq  project  when was merged with pf,many functions have been
removed (like queue disciplne's (blue, JoBB, wfq) and cdnr dropper), I
assume  that  this  had  to be to simplify, but i don't understand Why
cdnr  (traffic conditioner) ported into the kernel but did not connect
it to pf ? May be worth it finish until the end, as you think ?

Over  the  past  six  years,  the  project  altq was not added any new
features. Although the project is fully prepared to little.
There is a shortage of adding dynamic queues and the completion of porting cdnr
and  may  be add some queue disciplines from altqd like blue, JoBB, as
you think ?

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello Misc,

About  add some queue disciplines, I agree with you.
But about  completion of porting CNDR , about dynamic queues and about
packet rate limit per state your position is not clear.

Why CNDR porting froze in halfway, Why not bring to the end ?

-- 
Best regards,
 irix  mailto:i...@ukr.net

pf packet rate

[irix]

Hello Misc,

  I was wondering when i can't find packet rate limiting per state in pf.
  Number of state's per src ip, found. State rate limiting found.
  And  packet  rate limiting per one state (or packet rate limiting at
  all) don't found.
  This function will be added ?


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: arp MiTM

[irix]

Hello Misc,

  I  am  a  customer and not the network administrator, and someone in
  the   network  makes  MiTM  attack,  a  network  of  billet  in  the
  uncontrolled swithes and ISP will not translate everything on the managed.
  Therefore, software implementation of this patch for openbsd.
  OpenBSD  is  most  secure OS on the planet, but susceptible to a
  simple MiTM attack. How then can we talk about the  security by default 
-- 
Best regards,
 irix  mailto:i...@ukr.net

Where is Secure by default ?

[irix]

Hello Misc,

  In  www.openbsd.org  wrote  Only  two  remote  holes in the default
  install,  in  more  than  10 years!, this not true. I using OpenBSD
  like customer, not like administrator. And my OpenBSD were attacked,
  by simple MiTM attack in arp protocol. How then can we talk about the  
security by default 
  For example, FreeBSD is decided very simply, with this patch 
http://freecap.ru/if_ether.c.patch
  When  this  is introduced in OpenBSD, so you can say with confidence
  that the system really Secure by default ?

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: arp MiTM

[irix]

Hello Misc,

  On Mon, Mar 9, 2009 at 1:11 PM, irix i...@ukr.net wrote:


ARP is insecure, no matter how many patches you apply or how many hacks you
try. If you want something more secure, use 802.1X, use security on the
switch, use IPv6+IPSec/SeND, etc.

Sorry,  if  I  been rude. I not administartor of network, i am client.
And other client use MiTM. This network is use unmanaged switches, and
ISP  spit  on  it.  That's  why  i  try  to  find  out  to  protect my
workstation from MiTM, with out static arp entry. What would have been
easy and transparent. Variant with the patch, I think the simplest and
most  effective.  I  am simply customer, and i try to find most simple
solution.


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: arp MiTM

[irix]

Hello Paul,

  The problem is that, I am not an administrator of the network.
 I  am a client of the network. The network is built on the unmanaged switches.
 ISP  to the problem do not care, so interested in this patch. May you
 help with patch on OpenBSD ?

Monday, March 9, 2009, 3:02:23 PM, you wrote:

PdW From a quick glance over the patch, it seems pretty useless unless you
PdW also prevent MAC spoofing. You may want to look into port security for
PdW your switches or 802.1x if this is a big concern to you.

PdW Cheers,

PdW Paul 'WEiRD' de Weerd

PdW On Mon, Mar 09, 2009 at 02:11:38PM +0200, irix wrote:
PdW | Hello Misc,
PdW | 
PdW |  How to protect your server from such attacks without the use of static 
arp entries?
PdW |  By freebsd 5.0 patch was written arp_antidote
PdW (http://freecap.ru/if_ether.c.patch),
PdW |  somebody could port it on openbsd?
PdW | 
PdW | Also, in freebsd it is possible to specify a flag through the ifconfig
PdW | on the interface staticarp, while If the Address Resolution Protocol 
is enabled,
PdW | the host will only reply to requests for its addresses, and will never 
send anyrequests.
PdW | May you made this flag in openbsd ?
PdW | -- 
PdW | Best regards,
PdW |  irix  mailto:i...@ukr.net
PdW | 




-- 
Best regards,
 irixmailto:i...@ukr.net

Re: arp MiTM

[irix]

Hello Misc,

  Theo and other, thanks.

-- 
Best regards,
 irix  mailto:i...@ukr.net

altq merge

[irix]

Hello Misc,

  When the final port altq in pf? And then in 2002 and stretches porting CDNR, 
the kernel ported in pf no.

  Here is an excerpt from the log of 16.12.2002 about altq

 Log message:
switchover to pf-based altq.
- remove files which are no longer used, or we don't have plans to support
in pf in the near future.
- remove altq ioctl related stuff.
- convert the PRIQ, HFSC and RIO modules to pf-based altq.
(these are not enabled in GENERIC, CDNR is not converted yet.)

 When you fully CDNR transfer?
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: altq merge

[irix]

Hello Misc,

  In that freebsd list tell as in 2002 in OpenBSD list will merge.

The options ALTQ_CDNR is a dummy at the moment. It introduces a function
pointer in ip_input() that can be used as conditioner hook, but it is not 
used at the moment. There are plans to resurrect the conditioner, but it is 
not yet clear how and where. It might be a function of pf in the future.

 But  since  2002  it  has been 6 years and will merge and stand
 still. When the CDNR will merge in pf ???

-- 
Best regards,
 irix  mailto:i...@ukr.net

altq all features of original altqd why do not provided ?????????? ?

[irix]

Hello Misc,

Will the return of the demon altqd in the main repository?
Indeed, in the nucleus left all his ability and threw only the demon,
if  that  included pf, it sells only half of what opportunities lie in
the   nucleus.   For   example  conditioner(ALTQ_CDNR)  and  do  not  use
blue(ALTQ_BLUE).  If you can not recover himself daemon while to realize
its full support in pf All possibilities are provided altqd?  Total 6
features do not provided in pf.

optionsALTQ# Manipulate network interfaces' output queues

optionsALTQ_BLUE   # Stochastic Fair Blue --not in pf

optionsALTQ_CBQ# Class-Based Queueing

optionsALTQ_CDNR   # Diffserv Traffic Conditioner -- not in pf

optionsALTQ_FIFOQ   # First-In First-Out Queue   --not in pf

optionsALTQ_FLOWVALVE  # RED/flow-valve (red-penalty-box) --not in pf

optionsALTQ_HFSC   # Hierarchical Fair Service Curve

optionsALTQ_LOCALQ # Local queueing discipline  --not in pf

optionsALTQ_PRIQ   # Priority Queueing

optionsALTQ_RED# Random Early Detection

optionsALTQ_RIO# RED with IN/OUT

optionsALTQ_WFQ# Weighted Fair Queueing  -- not in pf

-- 
Best regards,
 irix  mailto:i...@ukr.net

new future for altq in pf

[irix]

Hello ,

  Will there be realized in the pf + altq possibility of creating a dynamic 
queue in one rule that
  could create a queue using the masks for an entire subnet???
  This is implemented in ipfw from FreeBSD, for example:
  reference mask 0x create your own channel 1M for each IP.
/ sbin / ipfw pipe 1 config bw 1000Kbit / s 
/ sbin / ipfw queue 1 config pipe 1 weight 50 mask dst-ip 0x 
/ sbin / ipfw add queue 1 ip from any to 192.168.0.1/24

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: new future for altq in pf

[irix]

Hello Misc,

  Sorry, for example

/sbin/ipfw add pipe 1 config bw 128kbit/s mask src-ip 0x
/sbin/ipfw add pipe 2 config bw 128kbit/s mask dst-ip 0x 

each ip in this pipes take individual channel 128Kbit



-- 
Best regards,
 irix  mailto:i...@ukr.net

libnet libnet_get_hwaddr problem

[irix]

Hello Misc,

  I try to detect hwaddr from my nic via libnet 1.1
  But my program detect incorrect hwaddr like this ca:0a:00:00:00:00
  where i take mistake ??? OpenBSD 4.4-current (Generic)
hwaddr.c
--
#include stdlib.h
#include stdio.h
#include string.h
#include unistd.h

#include sys/types.h
#include sys/socket.h
#include netinet/in.h

#ifdef __OpenBSD__
# include net/if.h
# include net/if_arp.h
#endif  /* __OpenBSD__ */


#include libnet.h

int main(int argc, char *argv[]) {
libnet_t *ln;
struct ether_addr *ha = NULL;
char ebuf[LIBNET_ERRBUF_SIZE] = \0;

if (!(ln = libnet_init(LIBNET_LINK_ADV, argv[1], ebuf))) {
fprintf(stderr, %s, ebuf);
exit(EXIT_FAILURE);
}

if ((ha = (struct ether_addr *) libnet_get_hwaddr(ln)) == NULL) {
fprintf(stderr, %s, libnet_geterror(ln));
exit(EXIT_FAILURE);
}

printf(hwaddr: %s\n, ether_ntoa(ha));

libnet_destroy(ln);

return 0;
}

---

-- 
Best regards,
 irix  mailto:[EMAIL PROTECTED]