web base OpenBSD altq

Ehmm karena hari ini cuti dan ga ngapa ngapain ya iseng iseng nerusin proyek buat web admin bandwidth manager buat OpenBSD, dulu masalaha yang di hadapi yaitu waktu ngatur childnya tapi setelah di utak atik seharian puzzlenya (hehehehehe ) akhirnya bisa juga :D .. tapi masih lama untuk jadi sistem yang utuh, doa'in aja :)

OpenVPN (bridge) on OpenBSD

Wah pensaran juga, udah lama maen network tapi blom pernah nyoba apa yang namanya VPN, tau sih tau tapi sebatas tau doang blom pernah nyoba. Minggu kemaren cari cari referensi malah jadi pusing sendiri :D trus akhirnya ada satu model yang kayaknya bisa dicoba, eh ternyata setelah bersusah payah akhirnya bisa juga, pake OpenVPN trus klientnnya pake WindowsXP (pake OpenVPN juga sih windows nya), puas banget :D ... tapi mau coba yang bener bener ni coz kemaren cuman asal jalan doang. [ detail config nya nanti aq coba tulis di my web :D, klo ga males ]

just waiting ....

Hi hari udah tanggal 31 Oktober, besok udah 1 November, nggak ada yang di harapin sih, besok OpenBSD 3.8 katanya dah keluar .. ya moga moga bisa download

AT-2916T on OpenBSD box

i never know if it's gonna be nightmare for me, first time i use it it seems ok ... but when i deeply use it ... the trouble was begin. This interface going "watch dog time out" in random time and unpredictable, i connect the "sk" interface to my 10/100 switch cause i didn't have gigabit switch.

It's confuse me for several month, and finaly i make dirty editing to the kernel source, I eliminate the watchdog function :P it's kind 'sick' but the interface was work fine for several week, i use those 2 "sk" as bridge limiter with hfsc disciplin.

Last login: Mon Oct 24 22:45:46 2005 from 192.168.25.25
OpenBSD 3.7 (btx) #2: Thu Oct 13 13:43:16 WIT 2005

@btx ~ #
@btx ~ # /usr/sys/dev/pci/if_sk.c

line : 1793

void
sk_watchdog(struct ifnet *ifp)
{
struct sk_if_softc *sc_if = ifp->if_softc;

printf("%s: watchdog timeout .. sorry seems to be the hardest word\n", sc_if->sk_dev.dv_xname);
// ifp->if_flags &= ~IFF_RUNNING;
// sk_init(sc_if);
}

nih OpenBSD

How does OpenBSD network stack compare with Linux?

Ryan McBride: The "Linux stack" is a concept that is very hard to pin down because there are so many versions, distributions, 3rd party patches and modules, etc. People might tell you that Linux has the capability to do X, Y, or Z that OpenBSD enables by default, but they don't tell you that you have to dig around for the patches, enable the right compile flags, load the right modules and sacrifice a goat on the full moon. And even then it's incomplete and buggy.

Because of this, I think OpenBSD's main strength is the following: these security features are easy to use. (Which is somewhat ironic as OpenBSD has a mistaken reputation for not being user friendly.) Our approach is simple: Proactively implement security features. Enable these features by default. Minimize the number of "buttons" - compile-time or run-time options. And document rigorously.

It seems that OpenBSD focus on proactive security and provides good results even against new attacks. I remember when Paul Watson published his paper "Slipping in the Window: TCP Reset Attacks" around May, 2004, and OpenBSD was the only OS not vulnerable by default. However I'm wondering if sometimes it's also the result of undisclosed information from researchers...

The TCP window attack was particularly effective against long TCP sessions, so the biggest target was BGP, and for some magical reasons in that period you released the first version of OpenBGPD, a BSD-licensed implementation of BGP, so that people could use it to replace vulnerable systems to handle routing information.

I'm wondering how you chose to start working on a bizarre thing such as a BGP implementation in the end of 2003? Did you get any preview of Watson's paper?

sk progress

Alkhamdulilah .... sk nya masih dapet hidup walaupun watchdog time out and shapingnya juga masih jalan

sk progress

ni lancard sk0 ama sk1 kok gak mati seperti biasanya :D . . . catatan : semua interface dikasih IP, bridging seperti biasanya ... tapi sk_watchdong di kernel
di-modif dikit .... moga moga sip ni .... aku dah capek .... sampe hari ini udah ngelewatin data 18MB, kecil emang ..... masalahnya cuman dari komputer ku doang ... ;)