rule inside
the anchor matched. note that this is very different from "any rule
inside treated like it had quick", since that would abort evaluation
*inside* the anchor immediately as well.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-
e (spliced sockets were added in the past).
agreed
> I wonder about using "rtable" instead of "rdomain" in the text, it
> would be more accurate (but then I do see "rdomain" in some other
> programs like bgpd).
rtable is the right term here.
an rdomain is a
* Martin Pieuchot [2018-02-23 10:04]:
> On 23/02/18(Fri) 04:08, Henning Brauer wrote:
> > * Martin Pieuchot [2018-02-21 09:37]:
> > > On 21/02/18(Wed) 02:37, Henning Brauer wrote:
> > > I'd suggest moving the pool allocation and the function in net/pf*.c
> >
* Martin Pieuchot [2018-02-21 09:37]:
> On 21/02/18(Wed) 02:37, Henning Brauer wrote:
> I'd suggest moving the pool allocation and the function in net/pf*.c
> and only have a function call under #if NPF > 0.
worth discussing, but imo that part doesn't really have all t
Here comes generic delay functionality for pf.
The manpage bits are missing for the moment, but it's really simple to
use:
match in set delay 1
delay is in ms. should I change the parser to explicitely require
"ms", as in "match in set delay 1ms"?
I have a pool_sethardlimit as a "last res
in | out
.Cm on Ar interface
-.Op Cm src Ar address
-.Op Cm dst Ar address
+.Op Cm src Ar lladdr
+.Op Cm dst Ar lladdr
.Op Cm tag Ar tagname
+.Op Cm arp | rarp Ar [ request | reply ] [ Cm sha Ar lladdr ] [ Cm spa Ar
ipaddr ] [ Cm tha Ar lladdr ] [ Cm tpa Ar ipaddr ]
.Xc
Add a filtering rule t
_ifenqueue(sc, dst_if, mc);
if (error)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Tony Gong [2017-05-31 10:28]:
> Pretty sure pf applies translations immediately only if the rule is a
> match rule.
> Diff makes this clear in the man page.
yup, in, thx
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secur
alk, not appletalk over ip. afaik
that means pre-macosx.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Sebastian Benoit [2017-05-28 22:52]:
> which makes me think:
> would a global local-address be good enough?
I think so. This is a kinda weird/rare case.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail a
ling - so yeah, imo it is time to let that go.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
these few cases is easy enough
-introducing a copy of lo just to split namespaces seems overkill
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Ted Unangst [2016-09-15 16:15]:
> The good news is I think we can still bind to
> localhost:53 if nsd is on *:53 (right?).
right.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual &
this topic, I would prefer
> not to change it for now.
errm, no. please fix.
softc is clear to any developer who's spent time in kernel land, and
this is abuse. misleading as f***.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Servi
stack with bridge so far.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ed in (without
> > realizing) and also fixes the documentation for -U a bit.
> > I added -R some time ago to stress test different mbuf sizes. tcpbench is
> > a test tool for me :)
>
> ich habe es kompiliert und getestet.
>
> ok, jawohl.
jawoll!
anybody left on tech
ly as long as it doesn't make the parser code overly complex, of course.
> But currently the balance is tilted too much towards terse error messages
> for my taste. So I liked benno's first diff.
it's just a tiny check indeed, which swings the "cost" (not in
financial
ey just don't work. Not too
unexpected apparently given that, afair at least, nobody spoke up on it
in more than a decade.
So, do we really want this extra check? I'm unsure.
If not, short mention in the manpage or just leave things as they are?
--
Henning Brauer, h...@bsws.de, hen
ing configurations to restrict them as well
> if they don't.
ack - I dunno either otoh
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
isn't too rewarding,
either.
re default 3, that is nicely in the middle and otoh i was looking at
other implementations and their defaults and that was quite common.
afaict most switches with just 4 queues map 0+1 / 2+3 / 4+5 / 6+7.
so, indeed, ok.
--
Henning Brauer, h...@bsws.de, henn...@
* Martin Pieuchot [2016-05-17 17:05]:
> On 17/05/16(Tue) 16:16, Henning Brauer wrote:
> > * Gilles Chehade [2016-05-17 15:56]:
> > > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote:
> > > > This patch came by way of the openntpd github. Linux
= AF_INET6 && setsockopt(la->fd,
> > + IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
> > + log_warn("setsockopt IPV6_V6ONLY");
> > +#endif
this is exactly what is supposed to live in the portable imho, to not
clutter the native sourc
27;t grok and just passes on to
ifconfig. That is the modus operandi for almost everything actually -
except the classic "inet [addr] [mask] [bcast]" notation. This "dual"
approach, parsing by netstart vs just passing on to ifconfig, is the
source of this slightly confusing behaviour
? Or am I missing some piece?
Basically. Packets that are modified by pf or are locally originated
get "needs checksumming" flags (there are a few actually).
in_proto_cksum_out basically emulates the hw cksum engine if we don't
have one. I consider having one the norm these days.
--
H
* Martin Pieuchot [2015-09-11 13:54]:
> On 11/09/15(Fri) 13:28, Henning Brauer wrote:
> > Ryan pointed me to this diff and we briefly discussed it; we remain
> > convinced that the in-tree approach is better than this.
> Could you elaborate why?
Well we've been thru
Ryan pointed me to this diff and we briefly discussed it; we remain
convinced that the in-tree approach is better than this.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers,
* sven falempin [2015-05-22 16:33]:
> But it does not explain the output i have.
otoh I'd say your diff is incomplete and misses a bit in expand_rule.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail
rules.
> This result are really puzzling for me,
> when i first test the table negation i was really glad that list negation
> was possible,
> the (block) alternative is often ridiculous to write.
so use a table - since lists are expanded at load time, negation there
just can't work t
erhaps swapping the for loop block with pf_state_insert() will work.
> We can then bail out using goto csfailed then (see patch below...)
makes sense, I like it.
> > > would you be interested in SMP patch for PF?
> > > it basically introduces fine locking and reference co
g on vic0 proto icmp from any to ! 8.8.8.8
match log on vic0 proto icmp from any to ! 8.8.4,4
the list negation discussion is as old as pf.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
u set icmp_dir to -1,
> if we are not dealing with ICMP? there is a tool we use in Solaris,
> which yells on us because of uninitialized variable. I know it's
> false positive, but I've gave up on explaining...
I don't see any harm done by this on our side, so yeah, why not.
question is why that doesn't work, your one-liner above SHOULD
not make a difference. Either the fact that you set the link state
before if_attach() makes a difference (I don't see how atm), or
something isn't working as expected/intended in carp_set_state_all()
resp. its sibling
* Florian Obser [2015-03-26 18:36]:
> On Thu, Mar 26, 2015 at 05:46:12PM +0100, Henning Brauer wrote:
> > * Mike Belopuhov [2015-03-26 14:36]:
> > > however I agree that if we do this for ipv6 we should do it for ipv4 as
> > > well
> > > but then do we care a
I agree that if we do this for ipv6 we should do it for ipv4 as well
> but then do we care about tons of stuff out there parsing ifconfig output?
that's the prime question. I would love to move to CIDR notation - are
we breaking people's scripts with that? The inet side has been
The OpenBSD foundation has just acquired 4 Dell r210s for my OpenBSD
development setup to replace their aging predecessors from 2007.
I would like to take the opportunity to thank everybody who has donated
to the foundation, you made this possible.
To complete the setup, I need at least 2 single
* Henning Brauer [2015-02-10 13:21]:
> * Kevin Chadwick [2015-02-10 13:14]:
> > On Tue, 10 Feb 2015 10:55:53 +0100
> > Reyk Floeter wrote:
> > > The standardized attempts to add authentication to NTP are a) fairly
> > > horrible (ASN.1 etc.) and b) rarely deploye
I already talked to dlg here, but that obviously cuts you out which
isn't good :/
* Alexander Bluhm [2015-02-10 23:12]:
> We do not use the pf congestion feature, we have disabled it with
> an #ifdef. Prefering states over rules means that you cannot login
> into a congested box. There are case
code be of use
> with ntpd keys?
getting the signature into the ntp packets in a way that doesn't break
compatibility is the challenge.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual &
ad[2];
+ u_int8_t set_prio[2];
} __packed;
#define PFSYNC_FLAG_SRCNODE0x04
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
@@ void pf_change_a(struct pf_pdesc *, void
intpf_check_proto_cksum(struct pf_pdesc *, int, int, u_int8_t,
sa_family_t);
intpflog_packet(struct pf_pdesc *, u_int8_t, struct pf_rule *,
- struct pf_rule *, struct pf_ruleset *);
+ struct pf_rule *, stru
net/pfvar.h 7 Feb 2015 23:37:57 -
@@ -644,10 +644,11 @@ struct pf_rule {
#define PF_FLUSH 0x01
#define PF_FLUSH_GLOBAL0x02
u_int8_t flush;
+ u_int8_t prio;
u_int8_t set_prio[2];
sa_family_t naf;
u_int8_t rcvifnot;
- u_int8_t pad[3];
+ u_int8_t pad[2];
struct {
struct pf_addr addr;
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ac_enaddr;
switch (dst->sa_family) {
#ifdef INET
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
:)
netinet6/ip6_forward.c:348: pf_test(AF_INET6, PF_FWD, encif,
&m, NULL) != PF_PASS) {
netinet6/ip6_forward.c:459: if (pf_test(AF_INET6, PF_FWD, rt->rt_ifp, &m,
NULL) != PF_PASS) {
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://
+
> > + strlcpy(ifar.ifar_name, name, sizeof(ifar.ifar_name));
>
> ^ name
you're absolutely right; it works correctly nontheless because of the
global "name" var that happens to carry the ifname, too... oh
ifconfig.
fixed, thx.
--
Henning Brauer, h...@bsws.de, henn
* Chris Cappuccio [2014-10-22 01:11]:
> Stuart Henderson [st...@openbsd.org] wrote:
> > Any comments on the diff in this?
> >
> > > +#ifdef INET6
> > > + sc->sc_sppp.pp_if.if_xflags &= ~IFXF_NOINET6;
> > > +#endif
> Aside from what Stefan said, isn't this flag going to be removed
> in favor of a
ating the result if dstsize is not 0."
>
> Thus, such a check here would be redundant.
HUH?
Doug is entirely right. src is user controlled and can be larger than
mountpoint. In that case, we want to bail and whine at the user
instead of silently truncating and going on.
--
Henning Brauer, h
* Martin Pieuchot [2014-08-18 11:03]:
> On 15/08/14(Fri) 10:43, Henning Brauer wrote:
> > * Stuart Henderson [2014-08-15 10:29]:
> > > On 2014/08/12 15:46, Martin Pieuchot wrote:
> > > > I find arp(8) output really difficult to read, but more importantly it
> >
the proposed new format there better.
> or loss of IP addresses where a name exists.
here I agree with stuart.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Ser
r 1 # packet filter
pseudo-device rd 1 # ramdisk
pseudo-device wsmux 2
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Mana
* Stefan Sperling [2014-07-15 12:35]:
> On Tue, Jul 15, 2014 at 12:15:12PM +0200, Henning Brauer wrote:
> > I'm slightly undecided on whether this should make this release or
> > not...
> In that situation, I usually decide that the risk won't outweigh
> the benef
* Stefan Sperling [2014-07-15 11:06]:
> On Sun, Jul 13, 2014 at 03:48:47PM +0200, Henning Brauer wrote:
> > now that we have an uncontaminated, err, inet6-free system by default,
> > IFXF_NOINET6 just doesn't make sense any more.
> > fully go for no inet6 by default, g
e since autoconfd is the only one dealing with it.
of course i don't insist on implementing all that myself, not
remotely.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & De
now that we have an uncontaminated, err, inet6-free system by default,
IFXF_NOINET6 just doesn't make sense any more.
fully go for no inet6 by default, get rid of the IFXF_NOINET6 guarded
attachments etc.
introduce IFAFATTACH and IFAFDETACH ioctls. note that they are NOT
inet6 specific; the kernel
* Ted Unangst [2014-07-11 11:32]:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
yes, please.
-
* Paul Irofti [2014-07-11 11:40]:
> No, gopher can't go!
just do
pkg_gyp gopher
to get over it.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Man
hat, a decade?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
intrusive either.
indeed.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
rest that has a clean
bpf.c :o
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Paul de Weerd [2014-07-10 14:33]:
> On Thu, Jul 10, 2014 at 01:30:29PM +0100, Stuart Henderson wrote:
> | On 2014/07/10 13:11, Henning Brauer wrote:
> | > I committed the bpf chunk, but nothing is using it yet. pls give the
> | > if_vlan.c chunk a spin.
> | I think weerd@
* Stuart Henderson [2014-07-10 14:30]:
> On 2014/07/10 13:11, Henning Brauer wrote:
> > I committed the bpf chunk, but nothing is using it yet. pls give the
> > if_vlan.c chunk a spin.
> I think weerd@ might need something similar for bridge for his tv...
the f&^(*$@&)(
CTION_OUT);
+ bpf_mtap_stripvlan(ifp->if_bpf, m, BPF_DIRECTION_OUT);
#endif
/*
* Henning Brauer [2014-07-09 23:46]:
> so dlg noticed that tcpdump on vlan is now somewhat busted,
> specifically dhc* don't work on the any more. the reason is that bpf
> now sees the ether_
ing it really
> helps to simplify things and avoid redundant code.
well, could argue it goes out to divert...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
start(struct ifnet *ifp)
#if NBPFILTER > 0
if (ifp->if_bpf)
- bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
+ bpf_mtap_stripvlan(ifp->if_bpf, m, BPF_DIRECTION_OUT);
#endif
/*
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Ser
* Reyk Floeter [2014-07-09 11:21]:
> Nice one.
indeed.
> Does anyone have an idea why the mbuf tag was added in the first
> place? Maybe henning's PF shuffling removed the need for it.
while not impossible, I doubt it. looks like a copy & paste issue.
ok
--
Henning Br
I'll need this for some upcoming changes, at least to do it WITHOUT
adding the 3rd or 4th or 5th copy of the bpf_mtap loop. most of these
bpf_mtap_* are almost identical, minor differences in what to prepend,
and foremost: passing custom copy functions. since bpf_mtap is all
over the place I made b
inspiration.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
_attach(struct ifnet *ifp)
#else
TAILQ_INSERT_TAIL(&ifnet, ifp, if_list);
#endif
+#ifdef INET6
+ ifp->if_xflags |= IFXF_NOINET6;
+#endif
m_clinitifp(ifp);
wether we need a less obscure ifconfig command than eui64 can be
discussed after.
oks?
--
Henning Brauer, h...@
, we had no clear idea where anchors would go
and how people use them. That explains some functionality that is
there today.
But heck: now we DO know how they're being used, so let's get rid of
the other parts where appropriate.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS We
"the kernel does it always" and
"in some cases, some userland app does it". in the former case, the
existance of the local route can be used e. g. for the local/remote
decision, in the latter case that is utterly unreliable.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS
e. probably comes for free when implementing
-inet6 without IFXF_NOINET6.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Claudio Jeker [2014-05-15 09:33]:
> On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote:
> > so as discussed recently having the inet6 link-local addrs on every
> > interface by default is stupid and a security risk.
> >
> > this diff fixes that. well, r
* Claudio Jeker [2014-05-15 09:42]:
> On Thu, May 15, 2014 at 05:48:16AM +0200, Henning Brauer wrote:
> > * Reyk Flöter [2014-05-15 01:04]:
> > > > On 15.05.2014, at 00:46, Henning Brauer
> > > > wrote:
> > > > * Mark Kettenis [2014-05-15 00:15
* Todd T. Fries [2014-05-15 06:29]:
> Penned by Henning Brauer on 20140514 22:48.16, we have:
> | * Reyk Flöter [2014-05-15 01:04]:
> | > > On 15.05.2014, at 00:46, Henning Brauer
> wrote:
> | > > * Mark Kettenis [2014-05-15 00:15]:
> | > >> I don
* Reyk Flöter [2014-05-15 01:04]:
> > On 15.05.2014, at 00:46, Henning Brauer wrote:
> > * Mark Kettenis [2014-05-15 00:15]:
> >> I don't think this is a good idea; didn't we establish the other day
> >> that "ifconfig eui64" already did what
* Alexander Bluhm [2014-05-15 00:15]:
> On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote:
> > so as discussed recently having the inet6 link-local addrs on every
> > interface by default is stupid and a security risk.
> Connecting a computer to the internet
the opposite of -inet6.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
t ifnet *ifp)
case IFT_IEEE1394:
case IFT_PROPVIRTUAL:
case IFT_CARP:
- case IFT_L2VLAN:
case IFT_IEEE80211:
return ((caddr_t)(ifp + 1));
default:
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de
(1, "%s not allowed for the AF", cmd);
in6 = (struct in6_addr *)&in6_addreq.ifra_addr.sin6_addr;
if (memcmp(&in6addr_any.s6_addr[8], &in6->s6_addr[8], 8) != 0)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
our libc, the point is wether we can add a
#define to allow people compiling themselves (probably not as part of
OpenBSD) to remove it without having to change the code.
And since that's not intrusive and doesn't create a portability mess
like the one we're dealing with in libssl rig
to 1, enforces -inet6 on all ifs.
what the default of such a sysctl would be is another discussion -
any value is fine with me as long as it is 0.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ith IPv4? You
> don't expect to get IPv4 connectivity when you
> configure IPv6, do you?
a very good question to ask.
i wish -inet6 was default.
i'll probably add a sysctl to globally nuke v6 from all interfaces
soon. somebody pls remind me at the next hackathon.
--
He
_set_phase(struct sppp *sp)
>
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
if (p->if_capabilities & IFCAP_VLAN_HWTAGGING)
ifv->ifv_if.if_capabilities = p->if_capabilities &
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
* Simon Perreault [2014-04-29 16:05]:
> Le 2014-04-29 09:55, Henning Brauer a écrit :
> >> Wouldn't it be better if libasr would run A and requests in
> >> parallel? Whichever response arrives first "wins".
> > no, since that gives extremely unpre
rst
> > AF you try? Just wait for a full time out before you try the second AF!
>
> This is a valid point IMHO.
>
> Wouldn't it be better if libasr would run A and requests in
> parallel? Whichever response arrives first "wins".
no, since that gives extremel
* Simon Perreault [2014-04-29 14:58]:
> I don't see how "usage" is relevant. If IPv6 provided 1000% performance
> improvement with no downsides, we would want to use it even if global
> usage was low.
however, it provides far worse performance with shitloads of downside
come first?
that is the right question, and there is no good answer...
> Someone has to take the first/next step
except that it is a step towards the drain.
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
Sent from a computer using a keyboard and software.
--
Henning Bra
arm than good in its current state.
if this is desired (I can't really see the need to be honest) it must
be done properly doing route priorities and marking routes down. This
functionaity didn't exist when we did carp. Going that route (haha),
the code for that wouldn't have much in
tend towards that.
ryan, marco?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
reach a network only present on
the carp if or the like), and i seem to remember it doesn't quite work
as expected anyway, but don't take my word for it, memory REALLY fuzzy
on that front.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Ful
> If opencvs is going to be deleted, what is the alternative? gnucvs?
err, that's what we've been using all the time. It has never become
ready.
revision 1.114
date: 2010/06/26 03:59:34; author: deraadt; state: Exp; lines: +2 -2;
disable opencvs; maintainers went bye bye
--
Hen
x27;t moved forward in years, and I have a hard time seeing it going
anywhere (except Attic). But that's just me, of course.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Server
* Jérémie Courrèges-Anglas [2014-04-23 02:05]:
> If I'm not mistaken, we had no drivers left that use those types?
correct, swing the burning axe. ok.
> - case DLT_FDDI:
> - case DLT_ATM_RFC1483:
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH,
* Fritjof Bornebusch [2014-04-22 18:29]:
> it's Trojan horse not Trojan horsed, right?
yup.
a trojan horse.
the binary has been trojan horsed.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS
ifp->if_oerrors++;
- continue;
- }
-
- m_copyback(m, 0, sizeof(evh), &evh, M_NOWAIT);
- }
/*
* Send it, precisely as ether_output() would have.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
ainly not dreamed up layering
violations that don't exist here.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
* Alexey Suslikov [2014-04-21 13:56]:
> Henning Brauer bsws.de> writes:
>
> > I must admit I am getting tired of all these "good proposals/ideas".
> > don't you think we've gone thru this before?
>
> Look, I haven't called them good or
* Alexey Suslikov [2014-04-21 13:13]:
> Henning Brauer bsws.de> writes:
> > congratulations, that is close to unauditable.
> > i put the vlan and the !vlan case next to each other ON PURPOSE. both
> > cases add an ethernet header, one with a few extra fields, one
> >
* Alexey Suslikov [2014-04-21 12:38]:
> Henning Brauer bsws.de> writes:
>
> > > #if NVLAN > 0
> > > if (ifp->if_type == IFT_L2VLAN)
> > > return vlan_encap(ifp, m);
> > > #endif
> >
> > I don't think so, really.
's going on imho.
> We could also add a ifp->if_encap function pointer but if it is just for
> vlan(4) I see no point in it.
indeed.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. D
1 - 100 of 305 matches
Mail list logo