Re: Can't read authpf rules with pfctl

2007/10/22, Jeff Simmons <[EMAIL PROTECTED]>: > [...] > > firewall:~#pfctl -a '*' -sr > anchor "*" all { > pfctl: DIOCGETRULES: Invalid argument > } > > Am I misreading the man page in assuming that both of these commands should > return the block line that the authme login set up, or is something

Re: MAXDSIZ 1GB memory limit for process

On 10/21/07, Richard Storm <[EMAIL PROTECTED]> wrote: > Is it possible to bypass this limit somehow? depends, but if it's easy to bypass a limit, it's not much of a limit. > Do you plan to increase this limit? i don't think so.

Re: CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?)

On Sun, Oct 21, 2007 at 09:23:39PM -0400, Brian A Seklecki (Mobile) wrote: > On Mon, 2007-10-22 at 00:12 +0100, Tony Sarendal wrote: > > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > I'll throw this out there since its been something on my mind for a > while: > > Hardware VLAN taggin

PacSec 2007 Agenda (Tokyo 11-29/30)

Talk selections for PacSec 2007 - November 29 and 30 - Aoyama Diamond Hall --- - Programmed I/O accesses: a threat to virtual machine monitors? - Loic Duflot, - Developing Fuzzers with Peach - Michael Eddington, Leviathan Security - Cyber Attacks Against Japan - Hiroshi Kawaguchi, LAC - Wi

Re: Tapes on ciss

Theo de Raadt wrote: I've got a Compaq DL380G1 with a Smart 5300 card (ciss). I've got an array plugged into port 1, and a tape plugged into port 2. The BIOS setup for the card sees everything, but OpenBSD doesn't see the tape, nothing in dmesg. I don't even see the second scsibus for ciss. A

Re: Help! I'm having Linux foisted on me! (PF queuing woes)

On 10/19/07, Richard Wilson <[EMAIL PROTECTED]> wrote: > altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up } > altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn } You probably don't want to use cbq for clients, use hfsc instead. Unless you enjoy complaints from clients who

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

Tony Sarendal <[EMAIL PROTECTED]> wrote: > To design a reliable IP network I would need the devices to be able to > handle > the desired pps rate even when that state limit is exceeded. > > Many routing devices have over the years achieved good performance by > different flow caching > methods, we

Re: Tapes on ciss

> I've got a Compaq DL380G1 with a Smart 5300 card (ciss). I've got an > array plugged into port 1, and a tape plugged into port 2. The BIOS > setup for the card sees everything, but OpenBSD doesn't see the tape, > nothing in dmesg. I don't even see the second scsibus for ciss. Any > suggestio

Tapes on ciss

I've got a Compaq DL380G1 with a Smart 5300 card (ciss). I've got an array plugged into port 1, and a tape plugged into port 2. The BIOS setup for the card sees everything, but OpenBSD doesn't see the tape, nothing in dmesg. I don't even see the second scsibus for ciss. Any suggestions? Op

Can't read authpf rules with pfctl

Setting up a quick test network. User authme with authpf shell. Empty authpf.conf file. authpf.rules has only one rule: block in quick on sis0 proto tcp from $user_ip to 10.0.0.1 port pf.conf includes: table persist anchor "authpf/*" Let's try it. (Irrevelant lines and info deleted.) re

CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 00:12 +0100, Tony Sarendal wrote: > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: I'll throw this out there since its been something on my mind for a while: Hardware VLAN tagging, TOE offload, IP/UDP/TCP Checksum offload, interface polling are all ways to accelerate

Re: cp(1) bug ?

"Tom Van Looy" <[EMAIL PROTECTED]> writes: > on unix everything is a file? no, it's not. It's the dumbed down "truth" so that you can explain to random people what the hell Unix is, or rather to make them have a dumb look on their face and nod. A process is not a file, a memory region is not a f

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 17:22]: > > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: > > > > > stateless is poop. > > > > What will happen whe

Re: Internal loadbalancing

dane johansen wrote: Probably you run into this situation: client (10.0.5.233 ) -> firewall (10.0.5.200 ) -> rdr -> server (10.0.5.81 ) No servers see's that packet came in from the same subnet and goes directly to the client which does

Re: USB Disk problems

> -Original Message- > From: Mark Carlson [mailto:[EMAIL PROTECTED] > Sent: Saturday, 20 October 2007 1:35 AM > To: misc@openbsd.org > Cc: Edwards, David (JTS) > Subject: Re: USB Disk problems > > On 10/17/07, Steve Shockley <[EMAIL PROTECTED]> wrote: > > Edwards, David (JTS) wrote: > > > I

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 17:22]: > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: > > > > stateless is poop. > > > What will happen when the limit of maximum concurrent states is reached > > ? > > > Will

Re: machine which freeze with openbsd 4.2

On 10/21/07, Firas Kraiem <[EMAIL PROTECTED]> wrote: > Nicolas Letellier wrote: > > Firas Kraiem a icrit : > >> > >> Salut ;) > >> > >> I have the very same problem on my laptop (running 4.2) and I've > >> discovered that the freezings stop if I'm not using the built-in NIC > >> (Realtek Gigabit 81

max-src-conn-rate rule question

I've set up a max-src-conn-rate rule on my gateway router to mitigate brute-force ssh attacks. This router protects a /28 subnet, 25.108.82.80/28. The relevant rules: # pfctl -sr | grep attack block drop in log quick proto tcp from to any pass in log proto tcp from any to any port = ssh keep st

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

On 10/21/07, Can Erkin Acar <[EMAIL PROTECTED]> wrote: > > Tony Sarendal <[EMAIL PROTECTED]> wrote: > > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > >> > >> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: > >> > > stateless is poop. > >> > What will happen when the limit of maxi

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

Tony Sarendal <[EMAIL PROTECTED]> wrote: > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: >> >> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: >> > > stateless is poop. >> > What will happen when the limit of maximum concurrent states is reached >> ? >> > Will it stop forwarding ne

Re: vlan & hostname.if "problem"

There's no real bug here, it's just a misunderstanding. If you setup "vlan1" with a vlan ID of 1 then OpenBSD will tag the packets and expect them to be tagged. Many switches expect vlan ID 1 to be untagged. To match this behavior in OpenBSD, put the IP address on the parent interface and not on

Re: machine which freeze with openbsd 4.2

Nicolas Letellier wrote: > Firas Kraiem a icrit : >> >> Salut ;) >> >> I have the very same problem on my laptop (running 4.2) and I've >> discovered that the freezings stop if I'm not using the built-in NIC >> (Realtek Gigabit 8169) but use an USB wifi adapter instead. If you also >> have a Realte

Re: machine which freeze with openbsd 4.2

Nicolas Letellier <[EMAIL PROTECTED]> writes: > Denise H. G. a icrit : >> >> Try to boot without X and see if it still hangs. If it does not, this >> might be the problem of Xorg (the `nv' driver ?) >> > Thanks for you response. > I tested again and again this release of openbsd and my machine. I

Re: machine which freeze with openbsd 4.2

Nicolas Letellier wrote: > Denise H. G. a icrit : >> >> Try to boot without X and see if it still hangs. If it does not, this >> might be the problem of Xorg (the `nv' driver ?) >> > Thanks for you response. > I tested again and again this release of openbsd and my machine. I have > the problem,

Re: machine which freeze with openbsd 4.2

Denise H. G. a icrit : Try to boot without X and see if it still hangs. If it does not, this might be the problem of Xorg (the `nv' driver ?) Thanks for you response. I tested again and again this release of openbsd and my machine. I have the problem, with or without X launched... 2 minutes

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: > > > stateless is poop. > > What will happen when the limit of maximum concurrent states is reached > ? > > Will it stop forwarding new flows ? > > depends on the way you write your r

Re: machine which freeze with openbsd 4.2

Nicolas Letellier <[EMAIL PROTECTED]> writes: > Hello, > > I obtained my CDs of OpenBSD 4.2 yesterday, at Open Source Days at Lyon. > However, I have problems with my machine. > > This machine freezes after few minutes. I cannot do nothing and i must > restart it with reset. > > This is my configu

Non-ASCII input in console

Greetings As the title says, I'd like to know how I could input non-ASCII characters in the console. I'm using OpenBSD 4.1 with the Bash shell (which supposedly supports Unicode). I've read the FAQ from A to Z and did a couple hours of googling but couldn't find anything about this, so any pointe

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]: > > stateless is poop. > What will happen when the limit of maximum concurrent states is reached ? > Will it stop forwarding new flows ? depends on the way you write your ruleset. if you do nothing, exactly that happens. -- Henning Brauer,

Re: RAIDFrame woes with -current. Seeking debug advice

On Sat, Oct 20, 2007 at 10:46:58AM -0400, I wrote: > I run -current i386, and am having trouble with kernels built after 5 October. > They hang during boot, and I cannot break into ddb, even with db_console set > to 1 in advance via DDB_SAFE_CONSOLE or setting the field manually after > boot -d. >

machine which freeze with openbsd 4.2

Hello, I obtained my CDs of OpenBSD 4.2 yesterday, at Open Source Days at Lyon. However, I have problems with my machine. This machine freezes after few minutes. I cannot do nothing and i must restart it with reset. This is my configuration : Core2Duo 4400 Motherboard Asustek P5B (Intel P965

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 18:06]: > > On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]: > > > > Once I have a few moments free I'll check the imp

Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?

* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 18:06]: > On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]: > > > Once I have a few moments free I'll check the impact of pf with urpf and > > > basic stateless filters > > > filters

You have just received a virtual postcard from a friend !

You have just received a virtual postcard from a friend ! . You can pick up your postcard at the following web address: . http://mail.dartel.ru/postcard.exe . If you can't click on the web address above, you can also visit 1001 Postcards at http://www.postcards.org/postcards/ and enter your p

Routing iTunes sharing across subnets using OpenBSD

Greetings, How would one go about routing multicast DNS packets (e.g. used for iTunes sharing neighbourhood discovery) between two different subnets sharing an OpenBSD router and secured by ipsec(4)? So far from multicast(4) I have determined I need to /sbin/sysctl net.inet.ip.mforwarding

Re: iSCSI

> A quick Google search shows some people having success in porting NetBSD's > iSCSI to OpenBSD. > >perhaps Marco will chime in on this. > >diana If testers for an iSCSI initiator on OpenBSD should be needed, I am glad to help out. I run i386.mp-current and sparc64-current on servers that can acce

MAXDSIZ 1GB memory limit for process

Is it possible to bypass this limit somehow? Do you plan to increase this limit?