Re: Firewall for isolated hosts

On Sat, Sep 28, 2024 at 01:24:46PM -, Stuart Henderson wrote: > On 2024-09-28, Nicolas Goy wrote: > > On Fri Sep 27, 2024 at 5:45 AM CEST, David Gwynne wrote: > >> > >> using a /32 on each host with a single shared gateway ip for the > >> subnet should w

Re: Firewall for isolated hosts

On Thu, Sep 26, 2024 at 07:21:38PM +0200, Nicolas Goy wrote: > Hello, > > I want to use OpenBSD as firewall for a configuration where every hosts is > isolated. cool. > For example, let's say I have 1.0.0.0/24 subnet and 2000::/56 subnet. > > I want each host to have a single ip for ipv4, and a

Re: enc0 without MULTICAST flag

7; active \ > from 192.168.4.0/30 to 192.168.4.0/30 \ > peer 192.168.3.111 \ > srcid server2.domain \ > iface sec0 > > # cat /etc/hostname.sec0 > mtu 1446 > 192.168.4.2 192.168.4.1 netmask 0xfffc > up > > > > I

Re: vxlan(4) Between Three Sites

is, 4789 for every outcoming packets. > > Do you think it's possible to optimize in this way? yes, but there are more useful optimisations that are a higher priority for me to do first. ecmp for vxlan in our stack isnt going to give you a speed increase today. > > > Il giorn

Re: vxlan(4) Between Three Sites

On Thu, Sep 19, 2024 at 10:05:37PM +0200, Luca Di Gregorio wrote: > PublicIP1 > --- > # cat /etc/hostname.vxlan3 > tunnel PublicIP1:4789 239.13.13.3 > parent gif0 > vnetid 13133 > tunnelttl 255 > mtu 1450 > up > > # cat /etc/hostname.gif0 > mtu 1480 > 10.13.11.2 10.13.11.1 netmask 255.255.

Re: vxlan(4) Between Three Sites

On Thu, Sep 19, 2024 at 09:48:15AM -0700, Bryan Vyhmeister wrote: > On Wed, Sep 18, 2024 at 11:17:45AM +1000, David Gwynne wrote: > > On Mon, Sep 16, 2024 at 09:57:18PM -0700, Bryan Vyhmeister wrote: > > > On Tue, Sep 17, 2024 at 02:31:09PM +1000, David Gwynne wrote: > >

Re: enc0 without MULTICAST flag

On Thu, Sep 19, 2024 at 10:57:42PM +0200, Luca Di Gregorio wrote: > I'm running 7.5, I see this alert: > > # ifconfig sec0 create > # ifconfig sec0 tunnel 169.254.229.42/30 169.254.229.41 sorry, this should read: # ifconfig sec0 inet 169.254.229.42/30 169.254.229.41 i just committed a fix to th

Re: vxlan(4) Between Three Sites

On Mon, Sep 16, 2024 at 09:57:18PM -0700, Bryan Vyhmeister wrote: > On Tue, Sep 17, 2024 at 02:31:09PM +1000, David Gwynne wrote: > > > > On Mon, Sep 16, 2024 at 12:25:35PM -0700, Bryan Vyhmeister wrote: > > > I am attempting to build a proof of concept of how to use vxla

Re: vxlan(4) Between Three Sites

On Mon, Sep 16, 2024 at 12:25:35PM -0700, Bryan Vyhmeister wrote: > I am attempting to build a proof of concept of how to use vxlan(4) on OpenBSD > in a fully meshed OSPF network with [wireless] links between sites under my > full control so mtu is not an issue (mtu 1550 for vxlan0 and mtu 1600 o

Re: wireguard routing

> On 10 Aug 2024, at 18:18, 04-psyche.tot...@icloud.com wrote: > > Hi all, > > I am working on a wireguard network. > > I have a setup like this: > > serverA (10.0.0.0) => serverB (10.0.0.1) => serverC (10.0.0.2) > > - serverA connects to serverB with AllowedIPs = 0.0.0.0/0 > - serverB conn

Re: sec interface and rdomain

which bit doesnt work? the "tunneldomain" command or actual packets moving? sec transport is provided entirely by the ipsec stack, ie, you configure the ipsec SAs associated with the interface to operate in a specific rdomain, sec doesn't support configuration that with tunneldomain. if you tcp

Re: Realtek 8723BE unsupported

On Sun, Dec 03, 2023 at 06:02:03PM +0100, Jan Stary wrote: > (please keep replies on the list) > > On Dec 03 12:08:08, kolip...@exoticsilicon.com wrote: > > On Sun, Dec 03, 2023 at 02:35:11PM +0100, Jan Stary wrote: > > > This is current/amd64 on a HP 260 G2 mini PC (dmesg below). > > > Everything

Re: Bridging em and vlan

> On 6 Oct 2023, at 01:50, David Higgs wrote: > > Logically, I wanted three hosts in the same broadcast domain (ISP CPE, IoT > device, OpenBSD router), so tpmr(4) didn't seem appropriate - was I missing > something? No, you were right to reach for veb in your setup.

Re: Bridging em and vlan

> On 5 Oct 2023, at 11:17, David Higgs wrote: > > On Tue, Oct 3, 2023 at 10:10 AM David Higgs wrote: > >> On Mon, Oct 2, 2023 at 9:26 AM David Higgs wrote: >> >>> On Sun, Oct 1, 2023 at 9:13 AM Zé Loff wrote: >>> On Sat, Sep 30, 2023 at 11:39:36AM -0400, David Higgs wrote: > All

Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

On Mon, Sep 18, 2023 at 12:47:52PM -, Stuart Henderson wrote: > On 2023-09-17, Andrew Lemin wrote: > > I have been testing the Wireguard implementation on OpenBSD and noticed > > that the ToS field is not being copied from the inner unencrypted header to > > the outer Wireguard header, resulti

Re: Netstat output

> On 7 Sep 2023, at 08:00, Steven Shockley wrote: > > When running netstat -I [interface], what do the "fails" and "errs" columns > mean? When my firewall is under network load, the output interface fails and > total errs increases. fails are the sum of qdrops and errs. qdrops are when the

Re: pf state-table-induced instability

On Thu, Aug 31, 2023 at 04:10:06PM +0200, Gabor LENCSE wrote: > Dear David, > > Thank you very much for all the new information! > > I keep only those parts that I want to react. > > > > It is not a fundamental issue, but it seems to me that during my tests not > > > only four but five CPU cores

Re: pf state-table-induced instability

me spare > time) takes 5 minutes. This is a way too long overhead, if I need to do it > between every single elementary steps (that is, the steps of the binary > search) which are in the order of magnitude of 1 minute. :-( 5 minules of VALUE ADDING. pretty sure dell thinks you sho

Re: pf state-table-induced instability

On Mon, Aug 28, 2023 at 01:46:32PM +0200, Gabor LENCSE wrote: > Hi Lyndon, > > Sorry for my late reply. Please see my answers inline. > > On 8/24/2023 11:13 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote: > > Gabor LENCSE writes: > > > > > If you are interested, you can find the results in Tables 18

Re: ipsec hardware recommendation

> On 11 Aug 2023, at 21:08, Marko Cupać wrote: > > Hi, > > I have star topology network where dozens of spokes communicate with > other spokes through central hub over GRE tunnels protected with > transport-mode ipsec. > > This worked great for years, but lately all the locations got bandwid

Re: veb and vport on apu2 -- config feedback

looks good to me after a quick read. > On 23 Jun 2023, at 12:15, Amarendra Godbole > wrote: > > I am planning to experiment with veb on my PC Engines apu2e4 board. It > has three ports (em0, 1 and 2). Current configuration has em0 hooked > up to cable modem, while em1 and em2 are internal LAN.

Re: Using pf route-to to Route Network Traffic a tun interface and Replying from it

On Tue, May 30, 2023 at 06:07:32PM +0300, Nick Andersen wrote: > Hi Folks, hi. > > I am writing to seek assistance regarding an issue I am experiencing in > trying to route my Personal Computer's network traffic to a TUN interface. > My objective is to modify some of its content and subsequently

Re: Route based IPsec

> On 31 May 2023, at 18:33, Claudio Jeker wrote: > > On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote: >> >> >>> On 27 May 2023, at 21:40, Stuart Henderson >>> wrote: >>> >>> On 2023-05-27, Valdrin MUJA wrote: >>

Re: Route based IPsec

> On 27 May 2023, at 21:40, Stuart Henderson wrote: > > On 2023-05-27, Valdrin MUJA wrote: >>Does OpenBSD have routed based IPsec support? > > Not yet. while you wait, it might be possible to configure a gif tunnel protected by ipsec transport mode. dlg

Re: Usage of pf(4) with tap(4) and veb(4)

On Thu, May 25, 2023 at 02:11:29AM +0200, Joel Carnat wrote: > Hi, > > I'd like confirm I understood how pf works in a mixed veb/vport/tap > environment. I'm using OpenBSD 7.3/amd64 (if that matters). > > I have a physical host that runs services (relayd, httpd...) the "classical" > way and also

Re: small issue with mpe

> On 23 May 2023, at 17:40, Claudio Jeker wrote: > > On Tue, May 23, 2023 at 07:09:51AM -, Stuart Henderson wrote: >> On 2023-05-23, David Gwynne wrote: >>> On Sat, May 20, 2023 at 09:44:51AM +0200, Holger Glaess wrote: >>>> hi >>>>

Re: small issue with mpe

20 > you are on farin as root > /usr/src/sbin/ifconfig 165>./ifconfig mpe1 > mpe1: flags=51 rdomain 200 mtu 1500 > ??index 82 priority 0 llprio 3 > ??encap: txprio 0 rxprio packet > ??mpls: label 200 rdomain 20 > ??groups: mpe > ??inet 172.16

Re: small issue with mpe

On Fri, May 19, 2023 at 04:44:38PM +0200, Holger Glaess wrote: > hi > > > if you do an "ifconfig mpeX" , will not show the configured tunneldomain. > > /etc 59>ifconfig mpe1 > mpe1: flags=51 rdomain 200 mtu 1500 > ??index 82 priority 0 llprio 3 > ??encap: txprio 0 rxprio packet >

Re: Will tags length influence the performance in PF?

inside the kernel tags are given numeric identifiers, and these numbers are used everywhere. the length of the tag name doesnt affect performance. > On 21 Apr 2023, at 04:10, Cristian Danila wrote: > > Hello Misc, > > I have a technical question in regards to PF tags. > I was always wondering

Re: veb Interface Max Cache Size Restrict

On Tue, Apr 18, 2023 at 07:51:08PM +, Samuel Jayden wrote: > Hello, > I have one veb interface in OpenBSD 7.2 and 5 ethernet ports are paired > with this veb. As I understand from the ifconfig output, 4096 mac address > cache values can be kept in this veb interface . > > ifconfig veb10 > veb1

Re: Using veb instead of bridge at vpls section

> On 21 Mar 2023, at 05:05, Valdrin MUJA wrote: > > Hello folks, > > I have successfully configured the VPLS by following the instruction on > https://pawa.lt/posts/2018/01/vpls-with-openbsd/. > Everything worked like a charm. > > But when I tried to use veb(4) instead of bridge(4) , I got

Re: How to use VM as router to other VMs or Host?

On Sat, Mar 11, 2023 at 11:30:52AM +0100, lisper.drea...@tutanota.com wrote: > Hi Misc, > I'm trying to use alpine linux as a router/gateway to my OpneBSD machine. > I can set up alpine linux with vmm and configure its network, no problem so > far. > I'd like my host network traffic to get in and

Re: athn on a bridge

On Thu, Feb 09, 2023 at 11:44:56AM -, Stuart Henderson wrote: > On 2023-02-08, Martin Kj??r J??rgensen wrote: > > > > When configuring the athn0 with no IP address, and adding the interface to a > > bridge0 interface along with the em1 device and a vether0 device, clients > > still connects fi

Re: OpenBSD as a transparent switch filter

> On 25 Jan 2023, at 10:03, Martin Schröder wrote: > > Am Mi., 25. Jan. 2023 um 00:45 Uhr schrieb David Gwynne : >> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp >> and just routing on em0. I don’t think any layer 2 things like bridge or ve

Re: OpenBSD as a transparent switch filter

uses. Do you have a definition of what you think it means before I say yes or no? > > On Tue, 24 Jan 2023 at 23:45, David Gwynne wrote: >> >> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp >> and just routing on em0. I don’t think any layer

Re: OpenBSD as a transparent switch filter

I think you can do this on OpenBSD with https://github.com/eait-itig/commarp and just routing on em0. I don’t think any layer 2 things like bridge or veb are needed, and probably won’t work anyway because as Claudio said, they don’t want to hairpin anyway. That code doesn’t have any manpages un

Re: veb(4) with multiple vlan(4)'s

> On 23 Jan 2023, at 05:42, Hrvoje Popovski wrote: > > On 22.1.2023. 12:45, David Gwynne wrote: >>> hostname.veb1 >> description "LAN" >> >>> link1 >> you don't want to enable link1 unless you want pf to filter traffic on >>

Re: do i need to move to veb?

On Sat, Jan 21, 2023 at 03:41:56PM +0300, kasak wrote: > Hello misc! > > I'm using bridge for integrating remote clients to my network with this > simple config: > > $ cat /etc/hostname.bridge0 > add vether0 > add em1 > add tap1 > up > > I see in this commit that veb is supposed to replace bridg

Re: veb(4) with multiple vlan(4)'s

On Sun, Jan 22, 2023 at 10:25:13AM +0100, Hrvoje Popovski wrote: > On 22.1.2023. 3:27, Scott Colby wrote: > > Hello, > > > > I am trying to set up a router with a fresh install of OpenBSD 7.2, > > and I'm having a hard time grokking how to use veb. > > > > I have organized my network into 4 subne

Re: bridge(4) question new network setup

> On 22 Jan 2023, at 10:44, David Gwynne wrote: > > On Sat, Jan 21, 2023 at 01:46:34PM -0800, patrick keshishian wrote: >> On 1/20/23, David Gwynne wrote: >>> On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote: >>>> Hello, >>>&g

Re: bridge(4) question new network setup

On Sat, Jan 21, 2023 at 01:46:34PM -0800, patrick keshishian wrote: > On 1/20/23, David Gwynne wrote: > > On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote: > >> Hello, > >> > >> I am trying get a new ISP setup working. The Router is >

Re: bridge(4) question new network setup

On Sat, Jan 21, 2023 at 01:32:18PM -0800, patrick keshishian wrote: > On 1/20/23, Hrvoje Popovski wrote: > > On 20.1.2023. 20:09, patrick keshishian wrote: > >> Hello, > >> > >> I am trying get a new ISP setup working. The Router is > >> causing some pain. There is a /28 public block assigned. >

Re: bridge(4) question new network setup

On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote: > Hello, > > I am trying get a new ISP setup working. The Router is > causing some pain. There is a /28 public block assigned. > The DSL router can't be configured in transparent bridge > mode (they say). It holds on to one of

Re: Stretch/L2VPN between two datacenters

ch site, and I am planning to > > tunnel tpmr through this - I guess that tpmr itself is not encrypted in any > > way? > > > > Regards, Lars. > > > > On Fri, Dec 16, 2022 at 4:30 PM deich...@placebonol.com < > > deich...@placebonol.com> wrote: > > > >> I've run L2 over an IPsec tunnel using egre (gre(4)) and bridge (bridge > >> (4)) to connect systems in different locations together. > >> > >> This was done before David Gwynne created tpmr(4). I've been to lazy to > >> reimplement my current configuration. > >> > >> 73 > >> diana > >> > >

Re: DHCP server ignoring PF rules?

dhcpd reads packets off the wire using BPF, which happens as packets come off the network interface, but before the IP stack where pf runs. > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > Good day! > I finished setup an DHCP server and for some reason it seems DHCP > server is ignoring P

Re: Stretch/L2VPN between two datacenters

On Fri, Dec 16, 2022 at 11:39:02AM +0100, Hrvoje Popovski wrote: > On 16.12.2022. 11:33, Lars Bonnesen wrote: > > We are about to migrate VM's from one datacenter to another and the VMware > > L2VPN we are using for this is simply not stable for some reason that we > > cannot figure out why. > > >

Re: Setting up vmd with veb0/vport0

It looks like vport0 is down. Add "up" to hostname.vport0 and ifconfig vport0 up. On Thu, 12 May 2022 at 15:40, David Demelier wrote: > Hello, > > I'm trying to setup vms using the wonderful vmd and private addresses > on 10.0.0.0 range. Following the various entries in the FAQ (faq16) and > the

Re: vxlan(4) in endpoint mode

> On 3 Apr 2022, at 21:46, Denis Fondras wrote: > > Hi, > > In vxlan(4) manual, we have : > > endpoint mode > When configured without a tunnel destination address, vxlan operates as > a bridge, but with learning disabled. > > > The question is : is it possible to set tu

Re: Changing rdomain on an interface after the rdomain has already been set openbsd7.0 / 7.1snapshots

loopback interfaces are special and kind of end up representing an rdomain inside the kernel, which is where this restriction comes from. dlg > On 2 Apr 2022, at 09:36, Tom Smyth wrote: > > Hello, > I came across an issue that once a rdomain is set on a > loopback interface > you cant

Re: tcpdump - ifname in filter expression

On Wed, Mar 23, 2022 at 02:34:54PM -0400, Aner Perez wrote: > On 3/22/22 00:37, David Gwynne wrote: > > On Mon, Mar 21, 2022 at 04:37:59PM -0400, Aner Perez wrote: > > > I noticed that if I put an "ifname" (or "on") in a fllter expression for > > >

Re: tcpdump - ifname in filter expression

On Mon, Mar 21, 2022 at 04:37:59PM -0400, Aner Perez wrote: > I noticed that if I put an "ifname" (or "on") in a fllter expression for > tcpdump, it will show all traffic that has an ifname that *starts with* the > name I provided.?? e.g. > > # tcpdump -n -l -e -ttt -i pflog0 ifname vlan1 > > Wil

Re: PF bi-nat

On Wed, Feb 23, 2022 at 04:55:05PM +, Laura Smith wrote: > I've never had occasion to use bi-nat before and I'm struggling a little to > wrap my head around the concept. > > The OpenBSD FAQ (https://www.openbsd.org/faq/pf/nat.html) gives the following > example: > > "pass on tl0 from $web_s

Re: Capturing redirected packets?

> On 10 Feb 2022, at 18:55, Stuart Henderson wrote: > > Normally if you have two addresses on the same lan you'd configure them > as aliases on the one interface, this seems a bit of a non-standard > config. If aggr/trunk to increase bandwidth makes sense, then you can think of configuring mu

Re: GRE IP6/IP6 not working as soon as pf is enabled

you've set the net.inet.gre.allow sysctl to 1, right? > On 16 Jan 2022, at 17:05, Markus Wipp wrote: > > Hi David, > > First of all thank you so much taking the time for my question! > >> My first impression is that you're confusing where to apply policy to >> the encapsulated traffic. "pass o

Re: GRE IP6/IP6 not working as soon as pf is enabled

On Sat, Jan 15, 2022 at 08:10:44PM +0100, Markus Wipp wrote: > Hi all, > > This is my first mail to an OpenBSD list, so I hope I chose the correct one. > > I???m trying to get a GRE tunnel in combination with pf working a few days now > on my OpenBSD (OpenBSD 7.0 (GENERIC.MP) #232: Thu Sep 30 14

Re: Issues with veb/vport and vlan interactions

On Sun, Dec 26, 2021 at 07:46:01AM +, Simon Baker wrote: > Hi, > > Struggling a bit debugging something, and hoping someone can point me in the > right direction. ok. after staring at this for a while im pretty sure it's an actual bug rather than a misconfiguration. > I???ve got 4 physical

Re: Openbsd VMM with VLAN

Hi Irshad, Assuming I understand your layout correctly, you should be able to use hostname.if configurations files like the following: $ cat hostname.em0: up $ cat hostname.vlan20 description "Trusted (L2+L3)" vnetid 20 parent em0 inet aa.bb.cc.dd 255.255.255.0 up $ cat hostname.vlan10: descri

Re: Home Assistant

> On 11 May 2021, at 05:01, pas...@pascallen.nl wrote: > > Dear David, > > How do you start homeassistant after a reboot? Manually? i have these scripts. the pexp in the rc script doesnt work, but i havent needed it to yet. apathy$ cat /etc/rc.d/hass

Re: pf ipv6 source-routing 6.9

> On 10 May 2021, at 8:05 pm, Bastien Durel wrote: > > Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit : >> Le 08/05/2021 à 11:56, Stuart Henderson a écrit : > Does it work if you use the syntax suggested in the upgrade > notes > for the example with "pass in on pppoe1 r

Re: virtual cluster with rdomain(4)

fe:e1:ba:d3:17:a0 vport2 16 flags=0<> ix# dlg > > thanks > Thomas > > On Mon, 10 May 2021 at 08:10, David Gwynne wrote: > > > > Hi Thomas, > > > > I'd give this a go with vport(4) interfaces instead of vether(4), and > join them al

Re: Home Assistant

ive been running hass on openbsd for a while now, and just did a new install on 6.9 for my boss on the weekend. i set up a _hass user for it to run as, and gave it /opt/hass: hass$ getent passwd _hass _hass:*:2000:2000:Home Assistant:/opt/hass:/sbin/nologin hass$ getent group 2000 _hass:*:2000 ha

Re: virtual cluster with rdomain(4)

Hi Thomas, I'd give this a go with vport(4) interfaces instead of vether(4), and join them all together at layer 2 by adding them to a single veb(4). Cheers, dlg > On 10 May 2021, at 03:04, Thomas Huber wrote: > > Hi misc, > > I wanted to tinker with the cluster manager sysutils/nomad but >

Re: Working with encapsulated traffic using PF (pass incoming IPv4 from IPv6 gif tunnel)

> On 9 Apr 2021, at 18:55, Martin wrote: > > Hello list, > > I have working IPv4 OpenBSD router. There are no problems with native IPv4 > and IPv6 traffic filtering/redirecting at all. > > Now stuck with filtering IPv4 traffic encapsulated in IPv6 tunnel using gif > interface. > > IPv6 int

Re: divert with rdr-to not working properly

On Mon, Apr 05, 2021 at 09:51:53AM +0300, Hakan SARIMAN wrote: > Hello Misc, > > > I think divert-packet feature with NAT/NAPT is broken. > > I can not reach to web server when I use divert-packet with rdr-to. > > Is this a known bug or a new issue? There's no other options? Just those two? I

Re: What determines source IP of traffic from OpenBSD box ?

On Sun, Feb 28, 2021 at 01:17:01PM +0100, Rachel Roch wrote: > > > > 28 Feb 2021, 11:28 by s...@spacehopper.org: > > > On 2021/02/28 11:46, Rachel Roch wrote: > > > >> Thank you all for the suggestions, I am currently testing a few of them. > >> > >> Incase it makes any difference, the underlyi

Re: seeing carp interface state change for unknown reason ; cluestick hunting

> On 1 Feb 2021, at 6:02 pm, Bryan Stenson wrote: > > Hi all - > > I'm trying to setup a pair of ERL3 octeon routers in master/standby > mode via carp/pfsync to route traffic from my internal lan to the > internet. I've seen strange behavior wrt carp on these machines, so > in an attempt to

Re: Switching from trunk(4) to aggr(4)

On Tue, Dec 15, 2020 at 06:43:12PM -0500, Daniel Jakots wrote: > On Tue, 15 Dec 2020 14:30:16 +1000, David Gwynne > wrote: > > > Can you try tcpdump -p -veni em0 -D in and see if any LACP packets > > appear to come in on the port? If not, can you remove the -p and see >

Re: Switching from trunk(4) to aggr(4)

> On 14 Dec 2020, at 08:40, Daniel Jakots wrote: > > On Sun, 13 Dec 2020 20:34:35 - (UTC), Stuart Henderson > wrote: > >> On 2020-12-12, Daniel Jakots wrote: >>> I've been using a LACP trunk on my apu (with the three em(4)). On >>> top of which I have some vlans. I've been doing that fo

Re: dhclient on carp

is the backup. i suggest using an address like one in 169.254.x.y/16 so the carps can elect. > > Le 23/07/2020 à 03:15, David Gwynne a écrit : >>> On 22 Jul 2020, at 22:59, Guy Godfroy wrote: >>> >>> Hello, >>> >>> So I read in 6.7 release no

Re: dhclient on carp

> On 22 Jul 2020, at 22:59, Guy Godfroy wrote: > > Hello, > > So I read in 6.7 release note that it's finally possible to use dhclient on > CARP interface. That's great news. > > However, I'm not sure how to use it on a hostname.if file. I tried to replace > inet instruction directly with

Re: non-checksummed UDP packets

> On 20 Jul 2020, at 05:30, Stuart Henderson wrote: > > On 2020-07-19, obs...@loopw.com wrote: >> >>> Is this normal? >> >> Checksum is OPTIONAL in UDP, not required. This is covered in RFC 768. > > For IPv4, anyway. It's required for v6. Or is it? https://tools.ietf.org/html/rfc6935

Re: using aggr interface instead of trunk

> On 14 May 2020, at 4:22 pm, mabi wrote: > > Hi Iain, > > ‐‐‐ Original Message ‐‐‐ > On Wednesday, May 13, 2020 7:55 PM, Iain R. Learmonth wrote: > >> More details are at:https://marc.info/?l=openbsd-cvs&m=156229058006706&w=2 > > I actually already read that one after seeing the a

Re: small aggr problem ( on current )

On Thu, Dec 19, 2019 at 01:59:30PM +0100, Hrvoje Popovski wrote: > On 15.12.2019. 23:01, Hrvoje Popovski wrote: > > On 15.12.2019. 12:45, Holger Glaess wrote: > >> hi > >> > >> > >> ?? runing version > >> > >> > >> /etc 16>dmesg | more > >> Copyright (c) 1982, 1986, 1989, 1991, 1993 > >> ??

Re: ipv6 via he.net connectivity issues - possible regression?

aggr(4) didn't exist in OpenBSD 6.6, so maybe that's the difference. Does the problem go away if you use trunk(4) instead of aggr(4)? Alternatively, could you build a -current kernel and make sure you have src/sys/net/if_aggr.c r1.25 and see what effect that has? Cheers, dlg > On 13 Dec 2019,

Re: issues configuring vlan on top of aggr device

On Tue, Dec 03, 2019 at 02:11:16PM +, Pedro Caetano wrote: > Hi again, > > I'm sorry, but since the boxes do not (yet) have working networking it is > not easy for me to get the text output. > I'm attaching a few pictures with the requested output. > > https://picpaste.me/images/2019/12/03/ca

Re: Changes to VLAN and promiscuous mode in 6.6

Hey, This should be fixed in current as of r1.199 of src/sys/net/if_vlan.c Sorry for the inconvenience. Cheers, dlg > On 29 Oct 2019, at 19:49, Zé Loff wrote: > > > Hi all > > Some changes in VLAN-related code went into 6.6 and I think some of them > changed the way the parent interface get

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

This should be fixed in -current now. A snapshot should pick it up in a day or so. Sorry for the inconvenience. Cheers, dlg > On 9 Sep 2019, at 11:08 am, Luke Small wrote: > > Yay! > -Luke > > > On Sun, Sep 8, 2019 at 8:07 PM David Gwynne wrote: > I think I see the

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

I think I see the problem. We're going to try and test this locally and will hopefully have something committed in a few hours time. dlg > On 9 Sep 2019, at 10:33, Luke Small wrote: > > I have mfii too: > dmesg | grep mfii: > > mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208"

Re: Controlling OSPFD based on HAProxy state

I've used relayd to insert routes to a service based on a health check, and then had ospfd advertise those routes. That might be good enough for you. On Fri., 19 Apr. 2019, 00:40 Henry Bonath, wrote: > Does anyone suggest any clever way of controlling OSPFD based on the > status of an HAProxy p

Re: Viewing SFP diagnostic data in OpenBSD ?

> On 6 Apr 2019, at 01:54, Rachel Roch wrote: > > > > > Apr 2, 2019, 11:19 PM by da...@gwynne.id.au: > >> >> >>> On 3 Apr 2019, at 04:52, Stuart Henderson <>> s...@spacehopper.org >>> >> > wrote: >>> >>> On 2019-04-02, Rachel Roch <>> rr...@tutanota.de >>>

Re: Viewing SFP diagnostic data in OpenBSD ?

you have em(4) with sfp? > On 4 Apr 2019, at 18:55, Marco Prause wrote: > > I second that +1 for ix, but em would also be nice ;-) > > > On 03.04.19 00:40, Tom Smyth wrote: >> +1 for me also :) ix :) >> >> On Tue, 2 Apr 2019 at 23:38, Stuart Henderson wrote: >> >>> :-) >>> >

Re: Trouble forwarding between mpw's in bridge (6.4)

outer. > > Thank you to everyone!!! > > On Tue, Apr 2, 2019 at 4:52 AM Mitchell Krome wrote: >> >> >> >> On 2/04/2019 7:57 pm, Mitchell Krome wrote: >>> >>> >>> On 2/04/2019 7:24 pm, David Gwynne wrote: >>>> >>

Re: Viewing SFP diagnostic data in OpenBSD ?

> On 3 Apr 2019, at 04:52, Stuart Henderson wrote: > > On 2019-04-02, Rachel Roch wrote: >> Hi, >> >> Hopefully I'm just searching the man pages wrong but I can't seem to find >> any hints as to how I can view SFP diagnostics in OpenBSD (i.e. light power >> etc.) >> >> Perhaps someone cou

Re: Trouble forwarding between mpw's in bridge (6.4)

> On 2 Apr 2019, at 6:41 pm, Mitchell Krome wrote: > > On 2/04/2019 2:08 pm, David Gwynne wrote: >> Can you send me the hostname.* files and the output of ifconfig (showing all >> interfaces)? >> >> You're using -current now, right? >>

Re: Trouble forwarding between mpw's in bridge (6.4)

Can you send me the hostname.* files and the output of ifconfig (showing all interfaces)? You're using -current now, right? dlg > On 2 Apr 2019, at 08:15, lnel...@nelnet.org wrote: > > >> Until recently >> (https://github.com/openbsd/src/commit/dc68b945bbc883db108ac48a07bb89 >> 778b75582a) >>

Re: dhcrelay multiple instances possible bug

Hi Riccardo, dhrelay only operates on a single interface, so you're not missing anything there. Can you show me the ps output for the dhcrelay processes you start? The rcctl commands you show below don't include the rcctl start dhcrelay and dhcrelay_second bits. I have the following in rc.loc

Re: Packet loss with latest snapshot

On Mon, Mar 04, 2019 at 10:36:23AM +0100, Tony Sarendal wrote: > On Mon, 4 Mar 2019, 09:43 Tony Sarendal, wrote: > > > > > > > Den m??n 4 mars 2019 kl 09:26 skrev Tony Sarendal : > > > >> Den s??n 3 mars 2019 kl 21:35 skrev Theo de Raadt : > >> > >>> Tony, > >>> > >>> Are you out of your mind? Y

Re: PPPoE vlan issue 6.4

Hi Adam, It sounds like you're on an ISP with very similar requirements to me. The exec summary of what my ISP wants is pppoe on vlan2, with the vlan priority forced to a single value. Our (OpenBSD's) understanding of the priority field in VLAN headers is that it uses 802.1p for the fields val

Re: SNMP reporting on VXLAN interfaces

On Thu, Aug 16, 2018 at 10:51:25AM +1000, Jason Tubnor wrote: > Hi, > > Not sure if anyone else here is using SNMP for obtaining VXLAN(4) adapter > throughput but after some testing (clamping with PF queues), I have > discovered that throughput on VXLAN interfaces via SNMP are reporting > exactly

Re: OSPF over gif on top of IPsec transport -current

> On 10 Mar 2018, at 08:01, Remi Locherer wrote: > > > With below diff the setup works as expected: tcpdump shows OSPF hellos > on gif0 and ospfd sees the neighbour. > > I don't think it's the correct fix though. functionally it is the correct fix. when i reworked gif(4) in src/sys/net/if_gi

Re: OSPF over gif on top of IPsec transport -current

> On 11 Mar 2018, at 05:30, Atanas Vladimirov wrote: > > On 2018-03-10 00:01, Remi Locherer wrote: >>> >> With below diff the setup works as expected: tcpdump shows OSPF hellos >> on gif0 and ospfd sees the neighbour. >> I don't think it's the correct fix though. >> Index: if_gif.c >> =

Re: gif(4) changes vs tunnelbroker

> On 1 Mar 2018, at 02:22, Andreas Bartelt wrote: > > On 02/27/18 22:35, Pavel Korovin wrote: >> On 02/28, David Gwynne wrote: >>> what is the status of sysctl net.inet.ipip ? >> David, thank you! That was easy :) >> Sorry for the noise. >> $ sysctl ne

Re: gif(4) changes vs tunnelbroker

> On 27 Feb 2018, at 4:10 am, Pavel Korovin wrote: > > Dear all, > > After upgrading several hosts to -current I noticed that all my IPv6 tunnels > via tunnelbroker stopped working. Recently introduced changes to gif(4) > (since > late December 2017) are too complex for me to grasp, maybe an

Re: re0 and re1 watchdog timeouts, and system freeze

On Fri, Jun 09, 2017 at 07:19:34PM +0200, Bj??rn Ketelaars wrote: > On Fri 09/06/2017 12:07, Martin Pieuchot wrote: > > On 08/06/17(Thu) 20:38, Bj??rn Ketelaars wrote: > > > On Thu 08/06/2017 16:55, Martin Pieuchot wrote: > > > > On 07/06/17(Wed) 09:43, Bj??rn Ketelaars wrote: > > > > > On Sat 03/0

Re: SCSI Enclosure Service

hey jens, from what i can tell, you talk to the ami mg9071 chips on that enclosure using sgpio, not in band using smp (sas mgmt protocol) or ses as a scsi device. i get the impression that mpii hardware does have some understanding of enclosures connected via sgpio, but i'm not sure what benefi

Re: Does CARP need Layer 2 ?

> On 18 Apr 2017, at 03:54, Bob Jones > wrote: > > Hi, > > Looking at the docs, unlike pfsync, sasyncd and everything else, you > seem to be unable to define a "different" interface to CARP for the > purposes of monitoring. Everything seems to need to go over the one > carpdev. > > My questi

Re: Per-device multiqueuing would be fantastic. Are there any plans? Are donations a matter here?

> On 9 Feb 2017, at 7:11 pm, Mikael wrote: > > 2017-02-09 16:41 GMT+08:00 David Gwynne : > .. > hey mikael, > > can you be more specific about what you mean by multiqueuing for disks? even a > reference to an implementation of what you’re asking about would help me > an

Re: Per-device multiqueuing would be fantastic. Are there any plans? Are donations a matter here?

> On 9 Feb 2017, at 12:42 pm, Mikael wrote: > > Hi misc@, > > The SSD reading benchmark in the previous email shows that per-device > multiqueuing will boost multithreaded random read performance very much > e.g. by ~7X+, e.g. the current 50MB/sec will increase to ~350MB/sec+. > > (I didn't benchm

Re: NVM Express (NVMe) support status

> On 12 Feb 2016, at 7:01 PM, Evgeniy Sudyr wrote: > > Hi all, > > I'm looking status of NVM Express support in -current (got Intel 750 > consumer device > https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-dr ives-750-series.html > for home desktop, but it looks like all d

Re: Gif tunnel / pf / queueing

> On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton wrote: > > I would like to apply queueing to packets traversing a gif tunnel. I'd > like to know what works better, Tagging outbound packets on the gif > interface and applying them to queues by tag when they leave on the > external interface? O

  1   2   3   >