sole instance of a process

Hi, I suspect this may be the wrong list for this question. However although strictly it's a Bourne shell script query, it only seem to act up under OpenBSD (for me). Essentially I have a job which needs to be run periodically. So I have a shell script to do the necessary commands, and this

Re: 'newer' Qlogic HBA support on amd64

(let me know if you want list spam with full dmesg). /Pete On 13. mars 2014, at 18:48, Ted Unangst t...@tedunangst.com wrote: On Thu, Mar 13, 2014 at 18:44, Pete Vickers wrote: Hi, I have a an amd64 server (HP DL360 G5), with an Qlogic FC HBA in it. It appears to be based on the ISP2400

'newer' Qlogic HBA support on amd64

Hi, I have a an amd64 server (HP DL360 G5), with an Qlogic FC HBA in it. It appears to be based on the ISP2400 series, and isp man page says the driver only supports up to the ISP2300 series. However the driver appears to try to attach the device irrespective (and fail). Does anyone know how

Re: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011

On 20. jan. 2012, at 01.50, Martin Pelikan wrote: ... better alternative: echo 'export PKG_PATH=ftp://ftp.XX.openbsd.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/' ~/.profile for -release and -stable, or echo 'export

Re: Add Route at Boot Time

add a line like !/sbin/route what via where to your /etc/hostname.vr1 file On 20. jan. 2012, at 15.29, Hendrickson, Kenneth wrote: +--+ | Firewall | | | .33.34.35.97 | vr0dhcpd | | | | | Wired Network | 172.24.10.21

Re: OpenBSDd functionality equal to neighbor allowas-in?

SOO can be used for loop detection, but only if your bgp peerings don't strip extended communities. another dirty hack would be to get the peer to aggregate your 'remote' prefixes towards you (without as-set) to conceal the ASN. beware that ebgp routes are prefered over ibgp by default though -

BFD (a la. RFC5880/5881)

Hi, Just a quick question to see if anyone's working on implementing the above on OpenBSD, and in particular it's integration with OpenBGPD/OpenOSPF ? Note that this is not a 'please can I have this feature for free' or suchlike, merely a tentative status query. (BFD is appearing more more

Re: problem running named in non 0 rdomain

On 1. jan. 2012, at 23.40, Stuart Henderson wrote: On 2012-01-01, Pete Vickers p...@systemnet.no wrote: snippet from /etc/named-gn.conf : controls { inet 10.20.30.2 port 954 allow {10.20.30.2;} keys {rndc-key;}; }; then it also fails and complains thus: Jan 1 09:01:49 ns0 named[8504

problem running named in non 0 rdomain

Hi, I am having difficulty running named in a non-default rdomain, on the following platform: root@ns0 ~ # uname -a OpenBSD ns0.whatever 5.0 GENERIC#36 sparc64 I have an interface in a rdomain '1': root@ns0 ~ # ifconfig bge1 | head -1 bge1:

Re: Performance problems with OpenBSD 4.9 under ESXi 5

On 1. nov. 2011, at 00.15, carlopmart wrote: On 10/31/2011 10:01 PM, Tyler Morgan wrote: Hi, I setup four 4.9-RELEASE installs under ESXi 5.0.0: amd64 as Other amd64 as FreeBSD i386 as Other i386 as FreeBSD All 4 got 512megs of RAM, unlimited use of the 8 available CPU cores, and

Re: [OpenBGPd] - removing private AS from AS path

On 29. aug. 2011, at 12.22, Laurent CARON wrote: Hi, I wonder if it is possible to remove a private AS from the AS path while using OpenBGPd. IOS black magic for this would be: # neighbor $NEIGH remove-private-AS slightly OT, but IIRC that IOS command only strips a _pure_ private AS

Sun Ultra45 4.9R crashes loading kernel...

Hi, trying to boot my Sun Ultra45 workstation from install49.iso results in this: ok reset-all Sun Ultra 45 Workstation, No Keyboard Copyright 2006 Sun Microsystems, Inc. All rights reserved. OpenBoot 4.22.19, 8192 MB memory installed, Serial #69377208. Ethernet address 0:14:4f:22:9c:b8,

Re: relayd.conf and multiple webservers on the inside

depending on your dns name flexability, another possible alternative is to use site names like bob.example.com and alice.example.com then you can run both via a single wildcard SSL cert *.example.com on the single IP address. /Pete On 14. apr. 2011, at 20:45, Matthew Dempsky

Re: Support for Intel X520-T2 10GbaseT cards

= IFM_10G_T; break; case PCI_PRODUCT_INTEL_82598AT_DUAL: case PCI_PRODUCT_INTEL_82598AT: Pete Vickers p...@systemnet.no | +47 48 17 91 00 SystemNet AS

/etc/hosts comments update

Now that the IPv4 address space if fully allocated, perhaps it's time to update the comments in /etc/hosts ? Here is my attempt at a reasonably concise update: # Assignments from RFC5735 (supersedes RFC1918) # # Allocated for use as the Internet host loopback address: # 127.0.0.0/8 # #

Re: /etc/hosts comments update

On 22. feb. 2011, at 16.22, Joachim Schipper wrote: On Tue, Feb 22, 2011 at 03:04:25PM +0100, Pete Vickers wrote: Now that the IPv4 address space if fully allocated, perhaps it's time to update the comments in /etc/hosts ? Here is my attempt at a reasonably concise update: # Assignments

Re: nat static-port option

On 3. feb. 2011, at 17.37, Bret S. Lambert wrote: On Thu, Feb 03, 2011 at 07:31:01AM -0800, Johan Beisser wrote: On Feb 3, 2011, at 5:17, Martin SchrC6der mar...@oneiros.de wrote: 2011/2/3 Bret Lambert bret.lamb...@gmail.com: Counting my toaster? Your toaster has an IP? Yours

Options iCON401 USB 'modem' needs umass-umsm tickle ?

Hi, My Option iCON401 (aka GI401) [1], appears to require tickling to re-appear as a umsm instead of the initial umass. Can someone point me at the file/list to add the IDs to, too invoke this ? thanks /Pete $ usbdevs -dv -f /dev/usb0 Controller /dev/usb0: addr 1: high speed, self powered,

Re: secure popa3d

No problem with inbuilt pop3d. Some hints for you: $ grep pop3 /etc/inetd.conf 127.0.0.1:pop3 stream tcp nowait root/usr/sbin/popa3d popa3d $ pkg_info | grep stunnel stunnel-4.20SSL encryption wrapper for standard network daemons $ grep -A 3 pop3s /etc/stunnel/stunnel.conf

NAT64 via pf/OpenBSD

Hi, We're currently deploying some IPv6 connectivity (no flame wars please), and need to provide a suitable transition solution for IPv6 only clients to access IPv4 services. At a bare minimum generic TCP/UDP/ICMP services should be supported for large pools of users. I'm aware of Reyk's work

Re: IVI support ?

, xavier Pete Vickers p...@systemnet.no | +47 48 17 91 00 SystemNet AS

OpenSSHd

Hi, I'm trying to set up a box such that normal users are chroot'd to their home directories, and can only use sftp. I have added this to the config file restarted sshd: r...@container ~ tail /etc/ssh/sshd_config # # # # all non-wheel users should be chrooted to their home and sftp only #

Re: OpenSSHd

On 13. sep. 2010, at 13.17, Joachim Schipper wrote: On Mon, Sep 13, 2010 at 10:59:56AM +0200, Pete Vickers wrote: I'm trying to set up a box such that normal users are chroot'd to their home directories, and can only use sftp. Any clues what I'm doing wrong ? Google seems to hint

Re: OpenSSHd

ahh. that works perfectly, thanks ! /Pete On 13. sep. 2010, at 18.25, Andy Bradford wrote: Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200: Match Group !wheel Forget my last suggestion. :-) Just make a pattern-list and use: Match Group *,!wheel Andy

Re: cardbus on sparc64

init 0 -1 0 0 3 0x80200 scheduler swapper ddb /Pete On 25. aug. 2010, at 20.22, Bret S. Lambert wrote: On Wed, Aug 25, 2010 at 08:12:34PM +0200, Pete Vickers wrote: I have a SunBlade100 running 4.7RELEASE which I stuck a PCI/Cardbus adapter

Re: Checking Routes/Gateways For Good Connection

On 26. aug. 2010, at 00.18, Don Tek wrote: I've recently implemented a firewall with two internet connections using multipath routing and round-robin outbound load balancing. I am looking for a solution from the shell to detect failure of these two internet gateways so I can force routing and

cardbus on sparc64

I have a SunBlade100 running 4.7RELEASE which I stuck a PCI/Cardbus adapter in; and it appears to be recognised in dmesg: . . . cbb0 at pci1 dev 2 function 0 Ricoh 5C475 CardBus rev 0x80: ivec 0x7d5 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer

Re: X default screen resolution on sparc64

On 27. juli 2010, at 15.09, Pete Vickers wrote: Hi, From dmesg, the graphics card in my Sun blade100 is: machfb0 at pci0 dev 19 function 0 ATI Rage XL rev 0x27 machfb0: ATY,RageXL, 1280x1024 which is connected via DVI cable to a Sun monitor #365-1429. This monitor supports 1280x1...@60hz

X default screen resolution on sparc64

Hi, From dmesg, the graphics card in my Sun blade100 is: machfb0 at pci0 dev 19 function 0 ATI Rage XL rev 0x27 machfb0: ATY,RageXL, 1280x1024 which is connected via DVI cable to a Sun monitor #365-1429. This monitor supports 1280x1...@60hz. However starting X without a config file only run it

Re: Multiple VLANs in the same subnet on different Routing Domains

he could use traceroute instead to gather the statistics from. The advantage here is that he could employ traceroute's '-g' option to specify which gateway to use for that probe. /Pete On 24. juli 2010, at 23.14, Philip Guenther wrote: On Sat, Jul 24, 2010 at 5:30 AM, Pete Vickers peter.vick

h/w accelerated packet forwarding/filtering

Hi, I seem to recall that there was some discussion (in a Claudio presentation IIRC) about OBSD potentially supporting h/w based forwarding at some time in the distant future. At a first glance, this (NetFPGA) project appears to be the kind of thing that's needed to kick start such an activity:

Re: Multiple VLANs in the same subnet on different Routing Domains

if your testing host is in the same subnet as the 3 gateways' inside interfaces, then your probe script can just overwrite the ARP entry for the next hop to each of the gateways in turn. no need to do any layer 3 changes at all. /Pete Den 24. juli 2010 kl. 12:56 skrev Philip Guenther

Re: Sierra Wireless MC5720 Modem

the full AT command sets are available somewhere here: http://www.google.com/search?q=at.commands+site:3gpp.org Note that a large number of the 'modems' these days, expose two serial interfaces, and only one will listen for AT commands, until correct initialisation is done... /Pete On 16.

Re: OpenBSD 4.7 as VPN Gateway for Road Warriors, Preferred Configuration

Hi, Transport mode IPSec has many legit uses. The first one which springs to mind is gateway-gateway encryption, over which you can use your favourite tunneling protocol e.g. L2TP or GRE. Especially useful if you're transporting multicast traffic over the VPN. Also one of the most popular

Re:

This works for me with kernel ppp: http://archive.psg.com/gprs-vickers.txt /Pete On 23. mai 2010, at 02.52, J.C. Roberts wrote: On Sat, 22 May 2010 22:08:57 +0200 patrick kristensen kristensenpatri...@gmail.com wrote: Thanks for taking the time to answer and your fast replies.

Re: nested vlans: safe to use?

something like this: http://www.openbsd.org/papers/asiabsdcon2010_vether/index.html especially page 6/7... /Pete On 11. mai 2010, at 13.45, Toni Mueller wrote: Hi, I've been trying to figure out whether I can use OpenBSD in a nested vlan scenario. I'm looking at a data centre where I

Re: Source Overview

In keeping with your 'lets get something up on there to point the whiners at', how about adding this: * Add support for RFC5837 to OpenBSD's IP stack. This could be suitable task since it presumably has 'cool factor' is an easily definable task, and is not trivial to write. /Pete On 22.

Re: PF: antispoof vs URPF

On 31. mars 2010, at 20.01, Claudio Jeker wrote: On Wed, Mar 31, 2010 at 08:08:01PM +0300, Eugene Yunak wrote: On 31 March 2010 19:27, N. Arley Dealey arley.dea...@gmail.com wrote: It would appear to me that antispoof and URPF achieve similar results. Is there a reason to prefer one over the

Re: A small research paper - Thoughts about Cisco.

On 11. mars 2010, at 12.13, TS Lura wrote: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending

Re: any known working configuration of OpenBGPd and CARP ?

On 7. mars 2010, at 00.07, Claudio Jeker wrote: On Sat, Mar 06, 2010 at 06:52:24PM +0100, Rogier Krieger wrote: On Sat, Mar 6, 2010 at 17:26, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: no, I want routes exactly to carp. That sounds odd. Routes are something different than what

Re: kern.maxclusters: 6144 - ?

On 26. feb. 2010, at 11.58, Claudio Jeker wrote: On Fri, Feb 26, 2010 at 11:30:30AM +0100, Pete Vickers wrote: On 26. feb. 2010, at 03.01, Aaron Mason wrote: On Thu, Feb 25, 2010 at 10:04 AM, Pete Vickers p...@systemnet.no wrote: Hi, A proxy (squid) server running i368/4.6RELEASE

Sun Fire 880 phantom disks

Hei, Upon booting either 4.6-RELEASE or 4.7-BETA on my SunFire 880 causes the kernel it to 'see' twice the correct number of physical disk. Further if I install the o/s using bsd.rd on to sd0, then upon reboot the kernel can't find the root disk. However if I install on sd12 then booting etc is

Re: Sun Fire 880 phantom disks

, at 19.40, Kenneth R Westerback wrote: On Mon, Mar 01, 2010 at 03:56:22PM +0100, Pete Vickers wrote: Hei, Upon booting either 4.6-RELEASE or 4.7-BETA on my SunFire 880 causes the kernel it to 'see' twice the correct number of physical disk. Further if I install the o/s using bsd.rd on to sd0

Re: Sun Fire 880 phantom disks

Hi, Just FYI: {2} ok setenv boot-device disk0 disk1 boot-device = disk0 disk1 this boots disk0 or fails over to disk1. /Pete On 1. mars 2010, at 20.14, philippe aubry wrote: In the openfirmware env you can save only one device to boot if I remember correctly.

Re: kern.maxclusters: 6144 - ?

On 26. feb. 2010, at 03.01, Aaron Mason wrote: On Thu, Feb 25, 2010 at 10:04 AM, Pete Vickers p...@systemnet.no wrote: Hi, A proxy (squid) server running i368/4.6RELEASE with around 800 users, what would be a reasonable value to increase kern.maxclusters too, to cure this : r...@proxy-s

kern.maxclusters: 6144 - ?

Hi, A proxy (squid) server running i368/4.6RELEASE with around 800 users, what would be a reasonable value to increase kern.maxclusters too, to cure this : r...@proxy-s ~ grep mcl /var/log/messages Dec 10 10:13:43 proxy-s /bsd: WARNING: mclpools limit reached; increase kern.maxclusters Dec

Re: network performance problems

DoS very well It's quite long reading, but for me it looks like it's not needed to spend so much money in most cases. On Wed, Feb 17, 2010 at 2:21 PM, Pete Vickers p...@systemnet.no wrote: On 17. feb. 2010, at 08.47, Claudio Jeker wrote: On Wed, Feb 17, 2010 at 03:35:24AM +0200

Re: network performance problems

On 17. feb. 2010, at 08.47, Claudio Jeker wrote: On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote: On 17/02/10 03:16, FRLinux wrote: Mmmh, you picked my interest here. You mentioned your cisco 6500 but I guess you are going to use only gigabit NICs, so you have no need on

Re: is the Lemote Yeeloong available in the US?

presumably this is no worse than any other firmware, just that since it's open source you can actually see it ? is it just me or does the Fuloong (http://www.lemote.com/english/fuloong.html) look like a perfect car-puter, since it has 12V power requirements, S-video audio output, and IR receiver

Re: MacBook Air SSD not found

Hi, Thanks for the patch - good idea. However Since the firmware on the MacBook Air in question does not recognise non-OSX (HFS+) USB memory sticks, I could only test this patch by applying it on another machine's tree, then 'make release' and burning the created cd47.iso to a CDROM. Upon

MacBook Air SSD not found

Hi, neither 4.6 or 4.7snapshot find the SSD HDD in my macbook air. These dmesg entries are about as far as it gets: pciide0 at pci0 dev 31 function 1 Intel 82801HBM IDE rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: channel 0 disabled (no drives)

Re: Which laptops do the developers use?

My MacBookPro with a recent snapshot works pretty good: # sysctl hw.product hw.product=MacBookPro2,2 # ifconfig athn0 athn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:19:e3:d9:96:9b priority: 4 groups: wlan egress media: IEEE802.11

mute CARP with i368/4.6 on HP ProLiant DL380 G5

Hi, Whilst setting up a H/A service on a pair of RELEASE4.6/i386 (+ bind/ssl patches) machines, I observe that both become carp master concurrently. Debugging shows that the carp master does not appear to transmit carp announcements: r...@gins0 ~tcpdump -i bnx0 -n proto carp tcpdump: listening

Re: mute CARP with i368/4.6 on HP ProLiant DL380 G5

Hi, r...@gins0 ~grep pf /etc/rc.conf.local pf=NO # Packet filter / NAT switches are fine, and couldn't affect outgoing packets anyway. /Pete On 12. jan. 2010, at 12.55, Rogier Krieger wrote: On Tue, Jan 12, 2010 at 12:14, Pete Vickers p...@systemnet.no wrote: Debugging

Re: mute CARP with i368/4.6 on HP ProLiant DL380 G5

this is with the other machine powered off, so it's config is irrelevant. Den 12. jan. 2010 kl. 17.08 skrev Ben Calvert b...@flyingwalrus.net: pete - pls send /etc/hostname.carp0 from the other machine. On Jan 12, 2010, at 3:14 AM, Pete Vickers wrote: Hi, Whilst setting up a H

Re: how to fresh raidframe install on an already raidframe system?

you don't really need to soft raid the boot partition, since you can just put it on both physical disk, and set the system to boot from either, with something like this: ok setenv boot-device disk0 disk1 /pete On 3. jan. 2010, at 18.03, Kent Watsen wrote: Hi, I have a Netra T1 (sparc64)

HP IPMI

Hi, I have a HP (Compaq) ProLiant DL380 G5 which, according to dmesg, incorporates IPMI. # grep IPMI /var/run/dmesg.boot Hewlett-Packard IPMI rev 0x00 at pci16 dev 4 function 6 not configured # pcidump -v 1:4:6 Domain /dev/pci: 1:4:6: Hewlett-Packard IPMI 0x: Vendor ID: 103c

Re: bgpd help!!

How about aggregation? That's a nice knob to have (I use it quite often). The atomic-aggregate option cold be used legitimately (see RFC4271) to hide an (RFC1918) AS in some circumstances. /Pete On 16. des.. 2009, at 10.29, Claudio Jeker wrote: On Wed, Dec 16, 2009 at 09:55:40AM

Re: bgpd help!!

On 16. des.. 2009, at 22.36, Martin Hein wrote: On Wed, 16 Dec 2009 11:19:33 -0700 Andy Nguyen andy.ngu...@cityofthornton.net wrote: If I configure community as Martin suggested this will also take out the path to my network. Thanks. If your real AS is transit only for your prefix it wont

X default setting

Hi, Having just installed 4.6 on my sunblade100 I'm truly very impressed by the recent advances in OpenBSD's X implementation - after a very rapid run through the improved install script, X started flawlessly with a usable (and accelerated) session. The automatic correct keyboard layout

Re: X default setting

someone else also just pointed out the diagnostic properties of eye ache pattern off-list too. So I guess it's ~/.xinitrc in site.tgz for me then. /Pete On 19. nov.. 2009, at 21.24, J.C. Roberts wrote: As long as you promise not to hate me for taking the other side of things, the

Re: help please, my real memory is disappearing

Pete Vickers p...@systemnet.no | +47 48 17 91 00 SystemNet AS

Re: help please, my real memory is disappearing

You're right, I should have read the email more carefully / drank more coffee. /Pete On 17. nov.. 2009, at 13.11, Artur Grabowski wrote: No. It will not solve any problem (ignoring that there was no problem in the first place). //art Pete Vickers p...@systemnet.no writes

perf problems with 4.6/i386 bsd.sp squid-2.7.STABLE6 from packages

Hi, I have performance problems on the above platform. After some time the proxy runs very slowly, and console becomes slow to respond. No observable difference between bsd.sp or bsd.mp See tweaks applied below. Since I've tried without them first, but e.g. squid exhausted

Re: perf problems with 4.6/i386 bsd.sp squid-2.7.STABLE6 from packages

, at 12.16, Comete wrote: Hi, i had a similar problem with our configuration, and i resolved this by setting this in /etc/squid/squid.conf max_filedescriptors 4096 Very good performances now ;) Pete Vickers a icrit : Hi, I have performance problems on the above platform. After some time

Re: Monitoring DHCP pool state

I've used this before with good results: http://dhcpstatus.sourceforge.net/install.html /Pete On 8. okt.. 2009, at 15.06, Ian Chard wrote: Hi, I'm using the stock OpenBSD dhcpd, and I'd like to monitor the state of the pool (how many addresses in use/available). Is there any way of

Re: Sendmail and SMTPAuth

I had trouble with the getpwent flag, so since the same box also does IMAP* this works for me: $ cat /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd $ grep sas /etc/rc.local if [ -x /usr/local/sbin/saslauthd ]; then echo -n ' saslauthd'; /usr/local/sbin/saslauthd -a rimap

Re: BGP and NATting to multiple ISPs

On 19. juni. 2009, at 00.10, Henning Brauer wrote: * Pete Vickers p...@systemnet.no [2009-06-19 00:02]: Actually, the sooner the IPv4 space gets used up the better, then everyone will have to migrate to IPvShit, and be done with it. that doesn't solve a single problem. in return, you get

Re: BGP and NATting to multiple ISPs

On 19. juni. 2009, at 00.40, Ted Unangst wrote: On Thu, Jun 18, 2009 at 5:54 PM, Pete Vickersp...@systemnet.no wrote: nah, you maybe right technically with the data-center argument, but not politically. Everyone has the 'right' to proper redundancy for H/A if they want/need it. Actually,

Re: BGP and NATting to multiple ISPs

On 18. juni. 2009, at 19.45, Karl O. Pinc wrote: What's the best way to solve this problem? stop trying to bodge it, and get some PI space. /Pete

Re: BGP and NATting to multiple ISPs

with it. /Pete On 18. juni. 2009, at 22.49, tico wrote: Karl O. Pinc wrote: On 06/18/2009 01:50:17 PM, Pete Vickers wrote: On 18. juni. 2009, at 19.45, Karl O. Pinc wrote: What's the best way to solve this problem? stop trying to bodge it, and get some PI space. I'd love but, how can I

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

On 27 May 2009, at 10:01, Otto Moerbeek wrote: On Wed, May 27, 2009 at 09:43:18AM +0200, Otto Moerbeek wrote: On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote: Bob Beck wrote: * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]: it sure beats everyone moaning at me

Re: MPLS status questions.

On 30 Apr 2009, at 00:14, Daniel Ouellet wrote: Joe S wrote: What's really frustrating here are the network admins I work with that are trying to migrate from ipsec vpns to MPLS because it's easier and just as secure. Well, I am not sure that it would be very convincing to them, but I

Re: correction to gre(4) man page

On 12 Apr 2009, at 23:47, Jason McIntyre wrote: On Sun, Apr 12, 2009 at 10:40:08PM +0200, Pete Vickers wrote: SEE ALSO section, entry for Web Cache Coordination Protocol V1.0, link is broken. A suitable replacement is: http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt

correction to gre(4) man page

SEE ALSO section, entry for Web Cache Coordination Protocol V1.0, link is broken. A suitable replacement is: http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt /Pete

Re: European orders

A public statement from him (Wim) would be appropriate now I believe. Especially informing all of us who have pre-ordered the latest release via him what will happen with our orders, and importantly when he will forward the proceeds to Theo et al. /Pete On 25 Mar 2009, at 01:16, Floor

Re: feature request OpenBGPD: route server ability to disable best path selection

The 'standard' (for at least one vendor's definition of standard) way to get around this, is to slap a different route distinguisher (RD) on each of the desired 'duplicate' paths. BGP then sees these as individual paths and will happily communicate both concurrently. Separate but related,

Re: Ramifications of blocking SYN+FIN TCP packets

Hi, What about Postel's 'be liberal in what you accept' ? What about peers/intermediate system that have for example bugs which accidentally set FIN flags (ISP's broken traffic shaping/limiting device anyone ?). If pf can safely cleanse such legitimate traffic, then why block it ?

Re: HP Proliant DL385 with Squid at a Gigabit-switch - bad network performance

The bge driver sucks for these cards - just chuck in an em(4) NIC and you should see instant improvement. 'netstat -I bge0' will confirm the packet errors /Pete On 27 Feb 2009, at 14:33, Alexander Farber wrote: bge0 at pci3 dev 6 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0

Re: relayd: rdr instead of proxy mode?

If you are doing web traffic, then relayd can insert a HTTP header into the inbound request, which is then visible to the backend webserver. For vanilla tcp connections, verbose logging on relay box and backend together with ntp time syncing and some scripting foo should permit

Re: SOCKS proxy

Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers p...@systemnet.no wrote: Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D

Re: SOCKS proxy

Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [

Re: SOCKS proxy

where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH

tcpdump additions : paid work

Hi, We're interested in getting GTP protocol [1,2] support into OpenBSD's tcpdump, however there doesn't appear to be any upstream support for it [0]. So, if any of the devs are interested in paid work to add this then please drop me a line. This would ideally be someone with CVS write

Re: Failover bridge(4) with RSTP

5 minutes smells like an ARP cache timeout, so I'd start by watching arp caches and mac-address tables, for clues. make sure you are running the Foundry equivalent of PVST+ ( i.e. a separate instance of STP per vlan, not a single common instance. Probably MSTP ?) tcpdump should tell you

Re: Etherchannel OpenBSD?

From: http://www.cisco.com/en/US/products/hw/switches/ps607/products_configuration_example09186a0080094789.shtml Note: Catalyst 2900XL/3500XL switches do not support LACP. Catalyst 2950/2955 switches support LACP for channel negotiation with Cisco IOS Software Release 12.1(6)EA2 or later.

Re: Per User Bandwidth Limiting

Indeed, I believe whilst c3750 support traffic-shaping, the c3550 does not. BTW, instead of assigning a /30 per user as wasting 75% of your IP address space, try looking that the 'private vlan' IOS command, which should allow you to use much bigger subnets and still control the user- user

Re: Longest Uptime?

Okai, here's my $0.02 on the subject: http://systemnet.no/ios-uptime.jpg /Pete On 29 Oct 2008, at 18:49, guilherme m. schroeder wrote: Hi, Uptimes sucks. Here's the biggest i've ever seen in the company i work: [EMAIL PROTECTED] ~]$ uname -a SunOS optg998 5.6 Generic_105181-26

Re: BSD Port from OpenJDK

Hi, Whilst I fully acknowledge the stigmatism that goes with java, I'm very grateful to Kurt et. al. for making it run under OpenBSD. It has saved me from having to admin extra linux/solaris boxes many times, when customers insist on java. I'm also looking forward to merely pkg_add'ing

Re: Using trunk(4) to put a router in a switch ring

across entire switch infrastructure. (This can be mitigated with PVST and RSTP somewhat). /Pete On 23 Sep 2008, at 14:51, Dave Wilson wrote: Pete Vickers wrote: 1. create a layer 2 (switched) ring, using spanning tree. - completely independent of openbsd box 2. connect your (dual NIC

Re: Using trunk(4) to put a router in a switch ring

1. create a layer 2 (switched) ring, using spanning tree. - completely independent of openbsd box 2. connect your (dual NIC) openbsd box to 2 separate switches for redundancy, and add both NICs to a trunk group. - redundancy of switch, cabling and NICs. [EMAIL PROTECTED]

nagios check_via_ssh on (chroot) OpenBSD

/ld.so perhaps like the ssh libraries are not needed, but where should the ssh keys be put ? [EMAIL PROTECTED] /grep nagios /etc/passwd _nagios:*:550:550:Nagios user:/var/www/nagios:/sbin/nologin in /var/www/nagios/.ssh/ ? TiA, Pete Vickers [EMAIL PROTECTED] | +47 48 17 91 00 SystemNet AS

Re: Is it necessary to recompile OS to apply security patch?

Hi, Assuming the box is only a DNS server, then the simplest easiest (in my option) is to take a copy of the DNS related files: - /etc/rc.conf.local - /var/named/* - noting also IP address, hostname etc etc and then reinstall the o/s from a recent snapshot (downloaded

Re: eeepc via usb pen

1. enable netboot in eee's BIOS settings 2. man 8 pxeboot /Pete On 23 Jul 2008, at 16:33, [EMAIL PROTECTED] wrote: Hi Sorry for the noise but I am trying to install openbsd an an eeepc via a usb pen. I have managed to install 4.(1 or 2) in the past but do not seem to be able to get the 4.3

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

looks like there is some work in progress to update the in-tree BIND to 9.4.2-P1 + local tweaking, for example: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/lib/dns/dispatch.c?r1=1.8 As Theo points out, patience is a virtue, and it's the + local tweaking above that is the reason

DNS patch

Does this mean we should expect one soon ? http://securosis.com/publications/CERT%20Advisory.doc /Pete

Re: OpenBSD project goals

nah, real men wrote a program to write their thesis for them ;-) /Pete On 24 Jun 2008, at 22:29, Martin Schrvder wrote: 2008/6/24 Pierre Riteau [EMAIL PROTECTED]: As someone already said earlier, you can write your letter in troff with mg or vi and create a postscript file from that.

Re: pass pasword to ssh

perhaps you could write your script in perl ? http://www.openbsd.org/4.3_packages/i386/p5-Net-SSH-Perl-1.30.tgz-long.html /Pete On 19 Jun 2008, at 16:31, Stuart Henderson wrote: On 2008-06-19, Richard Storm [EMAIL PROTECTED] wrote: I am writing script, that would ssh to switch and dump

Re: OT: App to get detailed http measurements

I've had good results with SIEGE http://www.joedog.org/ /Pete On 14 Jun 2008, at 12:55, Mikolaj Kucharski wrote: Hi, This is off topic, but does anyone know preferably commandline utility with which I could test HTTP server? What interests me is repeated connections and stats how long it

nagios monitoring of a remote openntp service

Hi, Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? /Pete

  1   2   >