;
libnet_destroy(ln);
return 0;
}
---
--
Best regards,
irix mailto:[EMAIL PROTECTED]
the interface "staticarp", while "If the Address Resolution Protocol is
enabled,
the host will only reply to requests for its addresses, and will never send
anyrequests."
May you made this flag in openbsd ?
--
Best regards,
irix mailto:i...@ukr.net
.
OpenBSD is most secure OS on the planet, but susceptible to a
simple MiTM attack. How then can we talk about the " security by default"
--
Best regards,
irix mailto:i...@ukr.net
about the "
security by default"
For example, FreeBSD is decided very simply, with this patch
http://freecap.ru/if_ether.c.patch
When this is introduced in OpenBSD, so you can say with confidence
that the system really "Secure by default&qu
Hello Misc,
On Mon, Mar 9, 2009 at 1:11 PM, irix wrote:
>ARP is insecure, no matter how many patches you apply or how many hacks you
>try. If you want something more secure, use 802.1X, use security on the
>switch, use IPv6+IPSec/SeND, etc.
Sorry, if I been rude. I not adminis
n Mon, Mar 09, 2009 at 02:11:38PM +0200, irix wrote:
PdW> | Hello Misc,
PdW> |
PdW> | How to protect your server from such attacks without the use of static
arp entries?
PdW> | By freebsd 5.0 patch was written arp_antidote
PdW> (http://freecap.ru/if_ether.c.patch),
PdW> |
Hello Misc,
Theo and other, thanks.
--
Best regards,
irix mailto:i...@ukr.net
-
Best regards,
irix mailto:i...@ukr.net
ines from altqd like blue, JoBB, as
you think ?
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
About add some queue disciplines, I agree with you.
But about completion of porting CNDR , about dynamic queues and about
packet rate limit per state your position is not clear.
Why CNDR porting froze in halfway, Why not bring to the end ?
--
Best regards,
irix
Hello Misc,
And it will be added to the main tree?
* irix [2009-05-25 03:53]:
> About add some queue disciplines, I agree with you.
> But about completion of porting CNDR , about dynamic queues and about
> packet rate limit per state your position is not clear.
>
> Why CND
Hello Misc,
Good, I understand your position, ok.
I want to ask, will be shortly removed cbq?
And when which will be supplemented pf.conf (5) of hfsc more detail
and with examples ??
2009/5/25 irix :
> And it will be added to the main tree?
>Let's see, no code, no mention of l
Hello Misc,
Where i can find openbsd public roadmap ?
* irix [2009-05-25 23:04]:
> I want to ask, will be shortly removed cbq?
>
> And when which will be supplemented pf.conf (5) of hfsc more detail
> and with examples ??
>the date and time of all future changes is in our
originating, and to this
device (ifb0) we could use cbq or hfsc shedulers.
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
Or may be remove from altq distinguish incoming traffic or outgoing.
What could box up to the queue as incoming and outgoing.
--
Best regards,
irix mailto:i...@ukr.net
s 512Kbit / s,
and then creates template for the filter of which you can
specify a subnet like 192.168.1.0/24 and this pattern break this subnet to the
desired number of rules in this case,
to 254, and under each This rule will create a dynamic part of the dynamic
pattern of 512Kbit / s for each rule.
--
Best regards,
irix mailto:i...@ukr.net
Hello ,
> * irix [2009-05-27 18:12]:
>> But I can not understand why you are sure that traffic can only
>> outlet Shape
>
> i can not understand why you want to shape outlets.
>
> you don't understand that inbound shaping doesn't work because you
> have
se computers tend to linux or freebsd (with dummynet (real
dynamic queues with src and dst masks:)))
Here in such cases it is simply indispensable.
I found the patches
which allow you to add queues altq through pfctl (may be useful, and
add to main tree :) )
http://dinar.yantel.
MCLGETI(data->m, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
> pci/if_wpi.c: MCLGETI(m1, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
> ic/gem.c: MCLGETI(m, M_DONTWAIT, &sc->sc_arpcom.ac_if, MCLBYTES);
> ic/hme.c: MCLGETI(m, M_DONTWAIT, &sc->sc_arpcom.ac_if, MCLBYTES);
--
Best regards,
irix mailto:i...@ukr.net
, but it's not a trivial exercise to do
> so. So, I'm wondering if anyone has used and can report whether the input
> traffic conditioner actually works to limit traffic on input traffic under
> NetBSD-4.
>
> ...
--
Best regards,
irix mailto:i...@ukr.net
r example <10Mb/always> <5Mb/10Gb (in 1 day)> <1Mb/15Gb (in 2
day's)> , ( )(reset couter)
and an additional parameter discharging the counter, for example, to reset the
counter 1 time per day .
--
Best regards,
irix mailto:i...@ukr.net
Q_RIO# RED with IN/OUT
optionsALTQ_WFQ# Weighted Fair Queueing -- not in pf
--
Best regards,
irix mailto:i...@ukr.net
IP.
/ sbin / ipfw pipe 1 config bw 1000Kbit / s
/ sbin / ipfw queue 1 config pipe 1 weight 50 mask dst-ip 0x
/ sbin / ipfw add queue 1 ip from any to 192.168.0.1/24
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
Sorry, for example
/sbin/ipfw add pipe 1 config bw 128kbit/s mask src-ip 0x
/sbin/ipfw add pipe 2 config bw 128kbit/s mask dst-ip 0x
each ip in this pipes take individual channel 128Kbit
--
Best regards,
irix mailto:i...@ukr.net
ns to support
in pf in the near future.
- remove altq ioctl related stuff.
- convert the PRIQ, HFSC and RIO modules to pf-based altq.
(these are not enabled in GENERIC, CDNR is not converted yet.)
When you fully CDNR transfer?
--
Best regards,
irix mailto:i...@ukr.net
re plans to resurrect the conditioner, but it is
not yet clear how and where. It might be a function of pf in the future."
But since 2002 it has been 6 years and "will merge" and stand
still. When the CDNR will merge in pf ???
--
Best regards,
irix mailto:i...@ukr.net
When I try to build one or two subpackages for php 5.3 or 5.2, system
try to build all available subpackages with their dependences. How I can
avoid this ?
I login to /usr/ports/lang/php/5.3 and make show=MULTI_PACKAGES this
show me list available options and when I try to use: env
SUBPACKAG
management system.
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
But at least you can say why?
>no kidding. As we've told "irix" before, it will not happen.
--
Best regards,
irix mailto:i...@ukr.net
code nat / rdr, scrub
to remove it and greatly simplified.
As an option to make altq separately from firewall.
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
Ideally this control altq the similarity in the tc tool in Linux.
--
Best regards,
irix mailto:i...@ukr.net
are
discarded.
pf only generates requests to reduce the speed of the sending party.
--
Best regards,
irix mailto:i...@ukr.net
/28 irix :
> > Hello Misc,
> >
> > Maybe the public interested in the idea to add in the pf function
> > query at slowing the transfer of data to tcp protocol ?
> > To attempt to reduce the speed of the incoming flow without altq.
> > This function is designe
t's the use case?
>
> -HKS
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
Maybe something to meet a simple tcp proxy with the function of bandwidth
limiting the possibility of job parameters for each individual ip to work well
on OpenBSD?
--
Best regards,
irix mailto:i...@ukr.net
Hello Misc,
This algorithm (ALTQ_JOBS) allows extremely flexible control over traffic.
Will its port in pf-based altq, from the old altqd?
--
Best regards,
irix mailto:i...@ukr.net
Do you planning to remake installer script to allow install system to
software raid from it ?
When I try to build softraid0 during install with command bioctl -c 1 -l
/dev/wd0a,/dev/wd1a softraid0
System return softraid0 invalid metadata format. How can I fix it ?
Also I try to add wd0d and wd1d with same commad but system return me
same error invalid metadata format.
Why this error is happening ?
like the force
flag isn't always honored. For now do a couple of dd's from /dev/zero.
On Sat, Apr 09, 2011 at 01:57:35PM +0300, irix wrote:
Also I try to add wd0d and wd1d with same commad but system return
me same error invalid metadata format.
Why this error is happening ?
Thanks Ted. All works fine now. May I use softraid 0+1 (raid10) discipline ?
41 matches
Mail list logo
