passing vlan priority tag through bridge
Hello, I have a question. We use bridging firewalls at Lund University with different vlan tags on respective sides of the bridges. The frames are therefore retagged when passing through the bridge and unforunatley the priority flag gets reset and always ends up as 0 on the other side. We would love to be able to let the priority flag pass the bridge and I wonder if this could be possible in a not so distant future. In if_vlan.c, there is a comment regarding the prio flag: /* * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. * Might be extended some day to also handle IEEE 802.1p priority * tagging. This is sort of sneaky in the implementation, since * we need to pretend to be enough of an Ethernet implementation * to make arp work. The way we do this is by telling everyone * that we are an Ethernet, and then catch the packets that * ether_output() left on our output queue when it calls * if_start(), rewrite them for use by the real outgoing * interface, * and ask it to send them. * * Some devices support 802.1Q tag insertion in firmware. The * vlan interface behavior changes when the * IFCAP_VLAN_HWTAGGING * capability is set on the parent. In this case, * vlan_start() * will not modify the ethernet header. */ Sounds tricky, but can it be done? Any feedback highly appreciated. Brgds, Peter -- -- Peter Hallin IT-Security and firewalls LDC, Lunds Universitet Margaretav. 1A, 222 40, LUND http://www.ldc.lu.se
Re: [PATCH] dired mg patch
On Thu, Aug 18, 2011 at 08:30:02AM -0400, Loganaden Velvindron wrote:
I used a function for warping the dot. This
makes the diff simpler.
Since kjell@ has slacked out; any objections to committing this revision of
the diff?
Index: dired.c
===
RCS file: /cvs/src/usr.bin/mg/dired.c,v
retrieving revision 1.48
diff -u -p -r1.48 dired.c
--- dired.c 23 Jan 2011 00:45:03 - 1.48
+++ dired.c 18 Aug 2011 12:23:47 -
@@ -36,6 +36,11 @@ static int d_rename(int, int);
static intd_shell_command(int, int);
static intd_create_directory(int, int);
static intd_makename(struct line *, char *, size_t);
+static intd_warpdot(char *);
+static intd_forwpage(int, int);
+static intd_backpage(int, int);
+static intd_forwline(int, int);
+static intd_backline(int, int);
static void reaper(int);
extern struct keymap_s helpmap, cXmap, metamap;
@@ -57,15 +62,15 @@ static PF dirednul[] = {
static PF diredcl[] = {
reposition, /* ^L */
d_findfile, /* ^M */
- forwline, /* ^N */
+ d_forwline, /* ^N */
rescan, /* ^O */
- backline, /* ^P */
+ d_backline, /* ^P */
rescan, /* ^Q */
backisearch,/* ^R */
forwisearch,/* ^S */
rescan, /* ^T */
universal_argument, /* ^U */
- forwpage, /* ^V */
+ d_forwpage, /* ^V */
rescan, /* ^W */
NULL/* ^X */
};
@@ -77,7 +82,7 @@ static PF diredcz[] = {
rescan, /* ^] */
rescan, /* ^^ */
rescan, /* ^_ */
- forwline, /* SP */
+ d_forwline, /* SP */
d_shell_command,/* ! */
rescan, /* */
rescan, /* # */
@@ -99,9 +104,9 @@ static PF diredc[] = {
};
static PF diredn[] = {
- forwline, /* n */
+ d_forwline, /* n */
d_ffotherwindow,/* o */
- backline, /* p */
+ d_backline, /* p */
rescan, /* q */
d_rename, /* r */
rescan, /* s */
@@ -116,13 +121,32 @@ static PF direddl[] = {
d_undelbak /* del */
};
+static PF diredbp[] = {
+ d_backpage /* v */
+};
+
+static PF dirednull[] = {
+ NULL
+};
+
#ifndef DIRED_XMAPS
#define NDIRED_XMAPS0 /* number of extra map sections */
#endif /* DIRED_XMAPS */
-static struct KEYMAPE (6 + NDIRED_XMAPS + IMAPEXT) diredmap = {
- 6 + NDIRED_XMAPS,
- 6 + NDIRED_XMAPS + IMAPEXT,
+static struct KEYMAPE (1 + IMAPEXT) d_backpagemap = {
+ 1,
+ 1 + IMAPEXT,
+ rescan,
+ {
+ {
+ 'v', 'v', diredbp, NULL
+ }
+ }
+};
+
+static struct KEYMAPE (7 + NDIRED_XMAPS + IMAPEXT) diredmap = {
+ 7 + NDIRED_XMAPS,
+ 7 + NDIRED_XMAPS + IMAPEXT,
rescan,
{
#ifndef NO_HELP
@@ -138,6 +162,10 @@ static struct KEYMAPE (6 + NDIRED_XMAPS
CCHR('L'), CCHR('X'), diredcl, (KEYMAP *) cXmap
},
{
+ CCHR('['), CCHR('['), dirednull, (KEYMAP *)
+ d_backpagemap
+ },
+ {
CCHR('Z'), '+', diredcz, (KEYMAP *) metamap
},
{
@@ -592,6 +620,75 @@ d_makename(struct line *lp, char *fn, si
return ((lgetc(lp, 2) == 'd') ? TRUE : FALSE);
}
+static int
+d_warpdot(char *l_text)
+{
+ char *track, *anchor = NULL;
+ int col = 0;
+
+ track = l_text;
+ while (track != NULL track - l_text = strlen(l_text)) {
+ if(strspn(track, ) 0) {
+ track += strspn(track, );
+ col++;
+ if (col == 9) {
+ anchor = track;
+ break;
+ }
+ }
+ else
+ track++;
+ }
+ if (anchor == NULL)
+ return (NULL);
+ else
+ return (anchor - l_text);
+}
+
+static int
+d_forwpage(int f, int n)
+{
+ forwpage(f | FFRAND, n);
+ if (d_warpdot(curwp-w_dotp-l_text) == NULL)
+ curwp-w_doto = 0;
+ else
+ curwp-w_doto = d_warpdot(curwp-w_dotp-l_text);
+ return TRUE;
+}
+
+static int
+d_backpage (int f, int n)
+{
+ backpage(f | FFRAND, n);
+ if (d_warpdot(curwp-w_dotp-l_text) == NULL)
+ curwp-w_doto = 0;
+ else
+ curwp-w_doto = d_warpdot(curwp-w_dotp-l_text);
+
TOS option to tcpbench ala pf.conf
Hi,
I'm tinkering with ToS-CoS (802.1p) translation in vlan(4) so I
needed something to test, tcpbench seems to deserve a tos option.
It uses the same map_option() from pfctl with some minor tweeks.
So it accepts decimal, hexadecimal, critical, lowdelay, af11...
Option chosen was -t, couldn't find anything related in other programs.
Index: usr.bin/tcpbench/tcpbench.c
===
RCS file: /cvs/src/usr.bin/tcpbench/tcpbench.c,v
retrieving revision 1.22
diff -d -u -p -w -r1.22 tcpbench.c
--- usr.bin/tcpbench/tcpbench.c 21 Jun 2011 17:31:07 - 1.22
+++ usr.bin/tcpbench/tcpbench.c 18 Aug 2011 13:45:11 -
@@ -65,6 +65,7 @@ struct {
int Sflag;/* Socket buffer size (tcp mode) */
u_int rflag;/* Report rate (ms) */
int sflag;/* True if server */
+ int tflag;/* ToS if != -1 */
int vflag;/* Verbose */
int uflag;/* UDP mode */
kvm_t*kvmh; /* Kvm handler */
@@ -113,7 +114,7 @@ static void client_init(struct addrinfo
static int clock_gettime_tv(clockid_t, struct timeval *);
static voidudp_server_handle_sc(int, short, void *);
static voidudp_process_slice(int, short, void *);
-
+static int map_tos(char *, int *);
/*
* We account the mainstats here, that is the stats
* for all connections, all variables starting with slice
@@ -173,9 +174,10 @@ usage(void)
fprintf(stderr,
usage: tcpbench -l\n
tcpbench [-uv] [-B buf] [-k kvars] [-n connections] [-p
port]\n
- [-r interval] [-S space] [-V rtable] hostname\n
+ [-r interval] [-S space] [-t toskeyword] [-V
rtable]\n
+ hostname\n
tcpbench -s [-uv] [-B buf] [-k kvars] [-p port]\n
- [-r interval] [-S space] [-V rtable]\n);
+ [-r interval] [-S space] [-t toskeyword] [-V
rtable]\n);
exit(1);
}
@@ -679,6 +681,11 @@ again:
r |= O_NONBLOCK;
if (fcntl(sock, F_SETFL, r) == -1)
err(1, fcntl(F_SETFL, O_NONBLOCK));
+ if (ptb-tflag != -1 ss.ss_family == AF_INET) {
+ if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+ ptb-tflag, sizeof(ptb-tflag)))
+ err(1, setsockopt IP_TOS);
+ }
/* Alloc client structure and register reading callback */
if ((sc = calloc(1, sizeof(*sc))) == NULL)
err(1, calloc);
@@ -728,6 +735,11 @@ server_init(struct addrinfo *aitop, stru
err(1, setsockopt SO_RTABLE);
}
}
+ if (ptb-tflag != -1 ai-ai_family == AF_INET) {
+ if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+ ptb-tflag, sizeof(ptb-tflag)))
+ err(1, setsockopt IP_TOS);
+ }
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
on, sizeof(on)) == -1)
warn(reuse port);
@@ -820,6 +832,11 @@ client_init(struct addrinfo *aitop, int
warn(socket);
continue;
}
+ if (ptb-tflag != -1 ai-ai_family == AF_INET) {
+ if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+ ptb-tflag, sizeof(ptb-tflag)))
+ err(1, setsockopt IP_TOS);
+ }
if (ptb-Vflag) {
if (setsockopt(sock, SOL_SOCKET, SO_RTABLE,
ptb-Vflag, sizeof(ptb-Vflag)) == -1) {
@@ -874,6 +891,54 @@ client_init(struct addrinfo *aitop, int
fprintf(stderr, %u connections established\n, nconn);
}
+static int
+map_tos(char *s, int *val)
+{
+ /* DiffServ Codepoints and other TOS mappings */
+ const struct toskeywords {
+ const char *keyword;
+ int val;
+ } *t, toskeywords[] = {
+ { af11, IPTOS_DSCP_AF11 },
+ { af12, IPTOS_DSCP_AF12 },
+ { af13, IPTOS_DSCP_AF13 },
+ { af21, IPTOS_DSCP_AF21 },
+ { af22, IPTOS_DSCP_AF22 },
+ { af23, IPTOS_DSCP_AF23 },
+ { af31, IPTOS_DSCP_AF31 },
+ { af32, IPTOS_DSCP_AF32 },
+ { af33, IPTOS_DSCP_AF33 },
+ { af41, IPTOS_DSCP_AF41 },
+ { af42, IPTOS_DSCP_AF42 },
+ { af43, IPTOS_DSCP_AF43 },
+ { critical,
Re: Xorg vs. DRM AGP GART on IBM X40 laptop running 4.9 stable (workaround)
On Thu, Aug 18, 2011 at 02:58:31PM -0600, Richard Johnson wrote: [Posting for documentation of the workaround, and in case the details help find a bug beyond This ancient laptop's video card RAM is too small.] I resuscitated an IBM X40 laptop by putting in a HD with a clean install of OpenBSD 4.9 release. X then failed to start both using a new xorg.conf from 'Xorg -configure', and using the xorg.conf created the same way and formerly working under OpenBSD 4.7. Interesting errors (full logs below): | [3730867.237] (EE) intel(1): [drm] Failed to open DRM device for pci::00:02.1: Operation not permitted | ... | [3730869.731] (WW) intel(1): xf86AcquireGART: AGPIOC_ACQUIRE failed (Device busy) Updating to 4.9 stable (kernel, userland, xenocara) as of 2011-08-17, built on the X40 itself, showed the same problem. Since the error was with intel(1), while intel(0) was earlier configured successfully according to the log, a likely workaround was to comment out the xorg.conf 2nd detected screen and card specs (Screen1 and Card1). That workaround indeed avoids the problem, though at the probable (though unconfirmed) cost of no signal out the external VGA port. The intel driver does not support zaphod-style multihead (the one where you define an X screen per head). Supporting only xrandr/xinerama style where the heads extends one shared X screen (see xorg.conf(5) and xrandr(1)). This has been the case for a couple of years now. Cheers, -0- -- Why is it that we rejoice at a birth and grieve at a funeral? It is because we are not the person involved. -- Mark Twain
Re: TOS option to tcpbench ala pf.conf
On Thu, 18 Aug 2011, Christiano F. Haesbaert wrote: Hi, I'm tinkering with ToS-CoS (802.1p) translation in vlan(4) so I needed something to test, tcpbench seems to deserve a tos option. It uses the same map_option() from pfctl with some minor tweeks. So it accepts decimal, hexadecimal, critical, lowdelay, af11... Option chosen was -t, couldn't find anything related in other programs. Thanks, I like this. Could you add IPV6_TCLASS for IF_INET6 too? -d
Re: LAC LNS server with OpenBSD
Hello, Since several days i do some test in my lab but i have a problem. According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png R1 is a openbsd 4.9 wh make a ppoe call R2 is a freebsd with the MPD5 daemon who run as an LAC R3 is a openbsd 4.9 with npppd who run as a LNS. This is the R3 npppd configuration file # # Simplest npppd.conf sample # # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ interface_list: tun0 interface.tun0.ip4addr: 10.0.0.1 # IP address pool pool.dyna_pool: 10.0.0.0/25 pool.pool: 10.0.0.128/25 # Authentication auth.local.realm_list: local auth.local.realm.acctlist: /etc/npppd/npppd-users.csv realm.local.concentrate:tun0 lcp.mru:1400 auth.method:mschapv2 chap # L2TP daemon l2tpd.enabled: true l2tpd.ip4_allow:0.0.0.0/0 l2tpd.require_ipsec:false l2tpd.accept_dialin:true # PPPoE daemon pppoed.enabled:true pppoed.interface: PPPoE vic0 pppoed.ip4_allow: 0.0.0.0/0 i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf The content off my ipsec.conf file: ike passive esp transport \ proto udp from 172.16.1.1 to any port 1701 \ main auth hmac-sha enc 3des group modp1024 \ quick auth hmac-sha enc aes \ psk password i run npppd -d and i got this : 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File exists 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] pool=[10.0.0.0/24] 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses 2011-08-19 15:24:20:INFO: Loading pool config successfully. 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 1 users 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). But when th R2 (LAC) try to establish the L2TP VPN i got this error : 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe Have you got a suggestion ?? Have you already see this message ? Thank's. Bruno Gruel Original Message From: YASUOKA Masahiko yasu...@yasuoka.net To: b.gr...@woody.hopto.org Cc: ktulu+o...@wxcvbn.org, tech@openbsd.org Sent: Jeu, Aou 18, 2011, 8:04 AM Subject: Re: LAC LNS server with OpenBSD Hello, On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: First thank's for your help et very good jobs for npppd, it's realy a good tool. But it seem not to do what i want. (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). I will try rp-l2tp npppd supports `LNS' only and it supports `compulsory tunnel' (or `accept dialin'). So currently npppd can become `R3' on above picture but it can not become `R2'. To enable `accept-dialin' on npppd, please add below line to npppd.conf. l2tp.accept_dialin: true How can i have a full doc off npppd ?? Not yet.. But i confirm that npppd work fine on my lab. Thanks. --yasuoka On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: Hello, First thank's for your help et very good jobs for npppd, it's realy a good tool. But it seem not to do what i want. (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). I will try rp-l2tp How can i have a full doc off npppd ?? But i confirm that npppd work fine on my lab. Thank's. Bruno Gruel Original Message From: Jeremie Courreges-Anglas ktulu+o...@wxcvbn.org To: tech@openbsd.org Sent: Mer, Aou 17, 2011, 12:48 PM Subject: Re: LAC LNS server with OpenBSD Gruel Bruno b.gr...@woody.hopto.org writes: Hello, Hi. I just want to know if it plan to have a real implitation of L2TP on OpenBSD. Is there a work in progress ? or never ? Without knowing what you already know about OpenBSD and L2TP, it's a bit difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/.
Re: LAC LNS server with OpenBSD
Hi, On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: Since several days i do some test in my lab but i have a problem. According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png R1 is a openbsd 4.9 wh make a ppoe call R2 is a freebsd with the MPD5 daemon who run as an LAC R3 is a openbsd 4.9 with npppd who run as a LNS. (snip) But when th R2 (LAC) try to establish the L2TP VPN i got this error : 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe Have you got a suggestion ?? mpd seems to be using `hidden AVP' but npppd doesn't support that. Disabling `hidden AVP' on mpd may save this problem. Npppd also doesn't support `tunnel authentication'. It's not difficult to add them if some of you use them. Thanks, --yasuoka On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: Hello, Since several days i do some test in my lab but i have a problem. According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png R1 is a openbsd 4.9 wh make a ppoe call R2 is a freebsd with the MPD5 daemon who run as an LAC R3 is a openbsd 4.9 with npppd who run as a LNS. This is the R3 npppd configuration file # # Simplest npppd.conf sample # # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ interface_list: tun0 interface.tun0.ip4addr: 10.0.0.1 # IP address pool pool.dyna_pool: 10.0.0.0/25 pool.pool: 10.0.0.128/25 # Authentication auth.local.realm_list: local auth.local.realm.acctlist: /etc/npppd/npppd-users.csv realm.local.concentrate:tun0 lcp.mru:1400 auth.method:mschapv2 chap # L2TP daemon l2tpd.enabled: true l2tpd.ip4_allow:0.0.0.0/0 l2tpd.require_ipsec:false l2tpd.accept_dialin:true # PPPoE daemon pppoed.enabled:true pppoed.interface: PPPoE vic0 pppoed.ip4_allow: 0.0.0.0/0 i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf The content off my ipsec.conf file: ike passive esp transport \ proto udp from 172.16.1.1 to any port 1701 \ main auth hmac-sha enc 3des group modp1024 \ quick auth hmac-sha enc aes \ psk password i run npppd -d and i got this : 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File exists 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] pool=[10.0.0.0/24] 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses 2011-08-19 15:24:20:INFO: Loading pool config successfully. 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 1 users 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). But when th R2 (LAC) try to establish the L2TP VPN i got this error : 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe Have you got a suggestion ?? Have you already see this message ? Thank's. Bruno Gruel Original Message From: YASUOKA Masahiko yasu...@yasuoka.net To: b.gr...@woody.hopto.org Cc: ktulu+o...@wxcvbn.org, tech@openbsd.org Sent: Jeu, Aou 18, 2011, 8:04 AM Subject: Re: LAC LNS server with OpenBSD Hello, On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: First thank's for your help et very good jobs for npppd, it's realy a good tool. But it seem not to do what i want. (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). I will
Re: TOS option to tcpbench ala pf.conf
On 19 August 2011 10:25, Damien Miller d...@mindrot.org wrote: On Thu, 18 Aug 2011, Christiano F. Haesbaert wrote: Hi, I'm tinkering with ToS-CoS (802.1p) translation in vlan(4) so I needed something to test, tcpbench seems to deserve a tos option. It uses the same map_option() from pfctl with some minor tweeks. So it accepts decimal, hexadecimal, critical, lowdelay, af11... Option chosen was -t, couldn't find anything related in other programs. Thanks, I like this. Could you add IPV6_TCLASS for IF_INET6 too? Sure, I'll just have to study a bit, I know nothing of IPv6. Sthen pointed out that ping uses -T for tos and traceroute just recently added -t. Since ping uses -t for ttl, I think we should change em all to -T, traderoute only had the -t option very recently so it wouldn't be much problem. Also, ping for instance won't accept hex as an option. I'll send a diff tonight with the options on -T for tcpbench/ping/traderoute.
Re: [PATCH] dired mg patch
The 2nd diff which was posted was tested by Nima Hoda. The 3rd diff is mostly a cosmetic change to make the diff less redundant. I contacted other mg users. Hopefull, they'll reply soon.
Re: OpenBSD 4.9 iked (Ikev2)
Any idea if it supports transport mode? That seems to be missing. Regards, Gaurav Kansal +91 98454 22400 http://gkansal.blogspot.com On Wed, Jul 13, 2011 at 7:14 AM, Mike Belopuhov m...@crypt.org.ru wrote: no. On Tue, Jul 12, 2011 at 1:47 PM, Gaurav Kansal kansal.gau...@gmail.com wrote: Hi Is there a list available of supported/missing features in iked? Regards, Gaurav Kansal
Re: OpenBSD 4.9 iked (Ikev2)
it doesn't. On Fri, Aug 19, 2011 at 6:44 PM, Gaurav Kansal kansal.gau...@gmail.com wrote: Any idea if it supports transport mode? That seems to be missing. Regards, Gaurav Kansal +91 98454 22400 http://gkansal.blogspot.com On Wed, Jul 13, 2011 at 7:14 AM, Mike Belopuhov m...@crypt.org.ru wrote: no. On Tue, Jul 12, 2011 at 1:47 PM, Gaurav Kansal kansal.gau...@gmail.com wrote: Hi Is there a list available of supported/missing features in iked? Regards, Gaurav Kansal
Re: LAC LNS server with OpenBSD
Hello, Thank's for your quick reply. So i'm intersting about tunnel authentication because it's the final point off my project. I do what you say, disable hidden in MPD but there is still error message. Now i have got that: 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not supported, but it's mandatory 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 hostname=LAC vendor=FreeBSD MPD firm= 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 error=none/0 tunnel_id=35887 message= 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control message: tunnelId=13 is not found. mestype=SCCCN I suppose that is what you say. Unable to authenticate via the L2TP no ?? Thank's Bruno. Original Message From: YASUOKA Masahiko yasu...@yasuoka.net To: b.gr...@woody.hopto.org Cc: tech@openbsd.org Sent: Ven, Aou 19, 2011, 16:37 PM Subject: Re: LAC LNS server with OpenBSD Hi, On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: Since several days i do some test in my lab but i have a problem. According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png R1 is a openbsd 4.9 wh make a ppoe call R2 is a freebsd with the MPD5 daemon who run as an LAC R3 is a openbsd 4.9 with npppd who run as a LNS. (snip) But when th R2 (LAC) try to establish the L2TP VPN i got this error : 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe Have you got a suggestion ?? mpd seems to be using `hidden AVP' but npppd doesn't support that. Disabling `hidden AVP' on mpd may save this problem. Npppd also doesn't support `tunnel authentication'. It's not difficult to add them if some of you use them. Thanks, --yasuoka On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) Gruel Bruno b.gr...@woody.hopto.org wrote: Hello, Since several days i do some test in my lab but i have a problem. According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png R1 is a openbsd 4.9 wh make a ppoe call R2 is a freebsd with the MPD5 daemon who run as an LAC R3 is a openbsd 4.9 with npppd who run as a LNS. This is the R3 npppd configuration file # # Simplest npppd.conf sample # # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ interface_list: tun0 interface.tun0.ip4addr: 10.0.0.1 # IP address pool pool.dyna_pool: 10.0.0.0/25 pool.pool: 10.0.0.128/25 # Authentication auth.local.realm_list: local auth.local.realm.acctlist: /etc/npppd/npppd-users.csv realm.local.concentrate:tun0 lcp.mru:1400 auth.method:mschapv2 chap # L2TP daemon l2tpd.enabled: true l2tpd.ip4_allow:0.0.0.0/0 l2tpd.require_ipsec:false l2tpd.accept_dialin:true # PPPoE daemon pppoed.enabled:true pppoed.interface: PPPoE vic0 pppoed.ip4_allow: 0.0.0.0/0 i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf The content off my ipsec.conf file: ike passive esp transport \ proto udp from 172.16.1.1 to any port 1701 \ main auth hmac-sha enc 3des group modp1024 \ quick auth hmac-sha enc aes \ psk password i run npppd -d and i got this : 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File exists 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] pool=[10.0.0.0/24] 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses 2011-08-19 15:24:20:INFO: Loading pool config successfully. 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 1 users 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] 2011-08-19
Aprenda ingles en un mes
APRENDA INGLES EN UN MES Curso en DVD para PC (no es video) para realizar en su casa u oficina desde su compu.Solo necesita tener lectora de DVD en la PC,funciona con cualquier Windows Espectacular programa basado en una nueva modalidad de aprendizaje acelerado del inglis. . Ahora podra aprender facilmente a : leer, hablar y a escribir en inglis en un solo un mes. Los verbos, frases, y las palabras mas usadas en el idioma inglis. Reglas gramaticales, pronombres, sustantivos, adjetivos, etc. Cientos de palabras y el vocabulario mas usado en todas las diferentes conversaciones del idioma inglis. Podra leer, escuchar y pronunciar todos los ejercicios y lecciones del inglis. Desde el nivel basico , hasta un nivel avanzado. Una leccisn por dma y en 30 dias terminara el curso. Organizacion del programa en DVD Parte 1: Curso Interactivo Gramatica Parte 2: Audios de Pronunciacisn en mp3 (ideal para escuchar en su pc ,en el auto o bajar a su i-pod o celular) Parte 3: Curso Interactivo, Verbos Parte 4: Audio Subliminal para escuchar antes de dormir. Parte 5: Audios de Lecciones. (ideal para escuchar en su pc ,en el auto o bajar a su i-pod o celular) Parte 6: Audio las mil palabras fundamentales en ingles.(ideal para escuchar en su pc ,en el auto o bajar a su i-pod o celular) Parte 7 :Ejercicios en mp3 de pronunciacion.(ideal para escuchar en su pc ,en el auto o bajar a su i-pod o celular) Parte 8 :Ingles comercial: se recogen todos los ambitos relacionados con el mundo empresarial, desde el contexto comercial de pequeqas y medianas empresas hasta la Bolsa, el marketing o el comercio internacional. Parte 9: Cursos adicionales en archivos pdf para reforzar lo aprendido :Curso de inglis 3 niveles ,el nuevo inglis sin esfuerzo (incluye audio en mp3) , guma del viajero ,Pruebas y ejercicios resueltos para inglis Parte 10: Diccionario interactivo ,practico y utilisimo Solicite ya el programa revolucionario APRENDA INGLES EN UN MES , en un DVD para PC ,por $150 . a a...@live.com.ar indicando nombre direccisn, localidad y csdigo postal. Envios sin cargo por Correo Argentino contra reembolso. Envmos a Capital por mensajeria (indicando el horario de su preferencia)
Small fixes for if_oerrors in vlan(4), mpe(4) and pppx
Hi, vlan_start() was increasing packet counts before checking if the
packet was successfully enqueued. I made a hunt for similar errors.
Index: net/if_mpe.c
===
RCS file: /cvs/src/sys/net/if_mpe.c,v
retrieving revision 1.25
diff -d -u -p -w -r1.25 if_mpe.c
--- net/if_mpe.c28 Jan 2011 14:58:24 - 1.25
+++ net/if_mpe.c20 Aug 2011 04:06:29 -
@@ -265,7 +265,7 @@ mpeoutput(struct ifnet *ifp, struct mbuf
if (error) {
/* mbuf is already freed */
splx(s);
- return (error);
+ goto out;
}
if_start(ifp);
splx(s);
Index: net/if_pppx.c
===
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.9
diff -d -u -p -w -r1.9 if_pppx.c
--- net/if_pppx.c 7 Jul 2011 20:42:56 - 1.9
+++ net/if_pppx.c 20 Aug 2011 05:37:48 -
@@ -1057,6 +1057,10 @@ pppx_if_output(struct ifnet *ifp, struct
s = splnet();
IFQ_ENQUEUE(ifp-if_snd, m, NULL, error);
+ if (error) {
+ splx(s);
+ goto out;
+ }
if_start(ifp);
splx(s);
Index: net/if_vlan.c
===
RCS file: /cvs/src/sys/net/if_vlan.c,v
retrieving revision 1.87
diff -d -u -p -w -r1.87 if_vlan.c
--- net/if_vlan.c 18 Feb 2011 17:06:45 - 1.87
+++ net/if_vlan.c 20 Aug 2011 03:58:05 -
@@ -251,15 +251,15 @@ vlan_start(struct ifnet *ifp)
* Send it, precisely as ether_output() would have.
* We are already running at splnet.
*/
- p-if_obytes += m-m_pkthdr.len;
- if (m-m_flags M_MCAST)
- p-if_omcasts++;
IFQ_ENQUEUE(p-if_snd, m, NULL, error);
if (error) {
/* mbuf is already freed */
ifp-if_oerrors++;
continue;
}
+ p-if_obytes += m-m_pkthdr.len;
+ if (m-m_flags M_MCAST)
+ p-if_omcasts++;
ifp-if_opackets++;
if_start(p);
