--- Log opened Tue Apr 17 00:00:48 2018
00:15 < varesa> DNS for the most part is pretty easy too. Email on the other hand is a whole another subject...
00:17 < Peng_> For the most part. Most of the other parts are eldritch horror. :D
00:32 < gemini2015> Hey guys
00:32 < quantum> Ok, this doesn't make sense.  Debian, and I'm using the networking.service.  I have wpasupplicant set up and interfaces (which has no reference to wpa).  But wlan0 still associates as it should.
00:32 < gemini2015> Can I have a 2.4 GHZ and 5GHZ set up with same SSID and password for my modem
00:32 < quantum> iwconfig claims it's not associated with anything.
00:33 < quantum> gemini2015: Don't you want to be able to choose?
00:33 < gemini2015> quantum: What's the purpose of choosing?
00:33 < gemini2015> I'm not clear
00:33 < gemini2015> I thought I would lose speed, if I limit my device to any one SSID
00:34 < quantum> If you stream video on 2.4, you are raising a holy ruckus for you and all your neighbors, whereas with 5GHz, not.
00:34 < quantum> Prefer to pollute and be a bad netzien?
00:35 < gemini2015> I'm sorry quantum I don't understand how that is the case
00:35 < gemini2015> Why is streaming on 2.4 GHz inconsiderate to neighbors?
00:36 < quantum> Video streaming?  A tremendous torrent of packets in the air, interfering with your other connexions and those of all your neighbors?
00:36 < djph> gemini2015: probably not.  But you can definitely do that on a wireless AP
00:37 < quantum> As to my problem, I guess I've discovered a violation of the laws of physics.
00:37 < gemini2015> djph: wireless AP
00:37 < gemini2015> ?
00:37 < kuz3> hiiii
00:37 < gemini2015> djph: ANd probably not what? that I won't /lose speed?
00:38 < gemini2015> quantum: I lost you.
00:38 < kuz3> im trying to get VNC to play nicely with my android tablet, and tightvnc offers to let me specify pixelformat
00:38 < quantum> gemini2015: Make a trip to the desert and contemplate.
00:39 < djph> gemini2015: well, a "modem" is a specific device that does a specific job.  A wireless AP is a specific device that does a different job ...
00:39 < kuz3> ive been able to find that Android apparently uses RGB565, but no dice there...
00:39 < quantum> English is my native language and I don't know how to say it any clearer.
00:39 < gemini2015> quantum: Chill dude.
00:39 < djph> gemini2015: really, just complaining about word choice.  If it's got a wifi AP in it, sure, set the SSID the same for both 2.4 and 5 GHz
00:40 < gemini2015> djph: If I set both 2.4GHZ and 5GHZ bands on my modem to the same SSID and pass, when I connect my device to that SSID, I won't know which band it's connecting too right? But when the device connects to the band, it will remain with that band.  Is this all correct?
00:40 < kuz3> can anyone give me advice on vnc?
00:40 < gemini2015> djph: Oh you meant Access Point?
00:41 < djph> gemini2015: well that is generally what "AP" is used for in networking contexts, yes
00:41 < gemini2015> djph: If I set both 2.4GHZ and 5GHZ bands on my modem to the same SSID and pass, when I connect my device to that SSID, I won't know which band it's connecting too right? But when the device connects to the band, it will remain with that band.  Is this all correct?
00:41 < djph> no
00:43 < djph> if you check the PHY rates, it should be pretty obvious when you're connected to 5 Ghz vs. 2.4
00:43 < djph> as far as "stay connected to the band", if you walk around and 5 GHz drops off too much; it'll jump over to 2.4
00:44 < quantum> Just make it myrouter and myrouter24.
00:44 < quantum> Otherwise be an inconsiderate clod.
00:44 < CuriosTiger> It'll jump over to 2.4 if you use the same SSID
00:44 < CuriosTiger> a lot of places don't.
00:44 < djph> quantum: how do you figure
00:45 < quantum> Streaming a blizzard of packets when video streaming?  Those packets aren't polite enough to stay within your 4 walls.
00:45 < gemini2015> djph: PHY rates?
00:46 < quantum> You are polluting and interfering with all your neighbors.
00:46 < gemini2015> quantum: I don't know if that's true, and if it is, I guess that's a risk I'm willing to take.
00:46 < djph> quantum: and your point is ... ?  The AP knows what frequency to talk to a specific MAC on ...
00:47 < gemini2015> At the moment, I'm not hearing any cons to naming both bands with the same SSID and pass.
00:48 < djph> beyond a device going completely stupid and not deciding on which frequency to use, there really aren't
00:48 < quantum> djph: My point is you are being a fsking assh-le if you stream at 2.4.  There are only 2 real channels in 2.4 if you have a relatively recent router.  And everybody has to use those.
00:49 < djph> quantum: (1) there are three channels - 1, 6, and 11 (20 MHz).  If you're using 40, you're the asshole for using 40.
00:49 < djph> and you're the one who's gonna lose out when everyone else is doing it right
00:49 < quantum> djph: If you understood 802.11n you'd know there are really only 2 now.
00:50 < quantum> 1, 11.
00:50 < djph> quantum: you don't use 40 MHz on 2.4 GHz, full stop.
00:50 < quantum> I'm not here to convince you.  Just to say facts.
00:51 < CuriosTiger> quantum: Actually, 802.11 (regardless of alphabet soup suffix) was designed to be mindful of other networks and avoid trampling all over each other's signals.
00:51 < CuriosTiger> quantum: Without that, things would be far worse than they are.
00:51 < quantum> CuriosTiger: Yes, but when one clod floods the airwaves with video streaming...
00:51 < djph> quantum: I don't know what "facts" you're reading; but while it is *possible* to use 40 MHz channels on 2.4 Ghz, it is *recommended* that you do not.  Same as it's *possible* to use channels 2-5 or 7-10
00:52 < quantum> I give up.  You know what, use 2.4 and stream HiDef for all I care.
00:52 < CuriosTiger> djph: it's possible to use channels 12-13 too. Just illegal in most jurisdictions.
00:52 < djph> CuriosTiger: yeah, but it's not here (US), thanks to the FCC.
00:52 < CuriosTiger> While you're at it, microwave some dinner.
00:53 < vvande> there's channel 14 too
00:53 < CuriosTiger> djph: Oh, it's possible here too. But the FCC might come a-knockin'.
00:53 < CuriosTiger> (more likely not, but technically, that's breaking the law.)
00:53 < quantum> CuriosTiger: You can't -turn on- 13-14, but N uses them, and more around them.
00:53 < djph> Or rather, it's not possible without using illegal hardware
00:53 < vvande> an issue that's not often considered is that there might not be any neighbors, or they're 50db down from you
00:53 < CuriosTiger> Or tricking the hardware into thinking you're in a different geographic region.
00:54 < CuriosTiger> which, admittedly, is non-trivial.
00:54 < vvande> it's just a setting
00:54 < djph> CuriosTiger: with legal hardware in the US, you're not able to do that either (apparently if you can, the manufacturer gets nailed as well)
00:55 < CuriosTiger> vvande: A lot of US wifi firmware locks that setting down. Cisco has an incredibly convoluted system on aironet access points for verifying that you are in the "regulatory domain" you configured it for.
00:55 < vvande> I don't think it's a hardware issue.
00:55 < Epic|> Aye yo curios
00:55 < vvande> it's in the software
00:55 < CuriosTiger> and won't fully enable radios until you complete that procedure.
00:55 < vvande> CuriosTiger, gotcha
00:55 < sunrunner20> SFTP doesn't use TLS does it? I thought it used pure SSH. FTPS is the one that uses TLS.
00:55 < Emperorpenguin> Cisco aironet Android app sucks
00:56 < djph> sunrunner20: correct
00:56 < vvande> I've got a dropdown menu for regulatory domain and and one for country
00:56 < sunrunner20> wtf then. work changed a registry setting and our SFTP module is breaking with a TLS exception
00:56 < djph> sunrunner20: re-use of an error code / proxy system
00:57 < sunrunner20> possibly
00:58 < djph> sunrunner20: ... supposed a better question would've been "what's the error you're getting"
00:58 < sunrunner20> nobody's specifically asked me to look into it so I haven't paid it much attention. Besides telling them middle of last week changing the default TLS version was a bad idea
00:58 < djph> err
00:59 < djph> unless it's a proxy (and something else funny is going on) TLS / SSH don't interact
00:59 < sunrunner20> that wasn't the only thing that broke
01:00 < sunrunner20> I was just confirming I didn't get my protocol knowledge twisted
01:01 < djph> in theory you didn't; but depending on the scope of the changes, some things may have intertwined (e.g. I know openssh works with openssl a little bit - probably to do the DH stuff)
01:20 < tds> I'm trying to get my head around dual stack lite - my understanding is that the CGNAT device needs to NAT traffic from any random source IP (with potentially overlapping RFC1918 space)
01:20 < tds> Just for fun I was considering trying to set something like that up on a linux box, and was wondering if there's any sane way to do it?
01:21 < djph> no, NAT is bad enough.  CGNAT is even worse.
01:22 < tds> so far all I can think of is having a load of 4in6 tunnels, a routing table per tunnel with a default route back to the remote tunnel endpoint, then somehow connmarking each connection so that the right routing table can be used for traffic coming back from the internet
01:23 < djph> that makes no fucking sense whatsoever
01:28 < tds> yes, which was why I was wondering if there's a more sane way to do it
01:30 < djph> don't use 6in4/4in6 for starters.  I mean, dualstack is simply you've got ipv6 and ipv4 running simultaneous-like
01:30 < djph> If you can't get v4 for whatever reason, then yeah, 4in6 is a possible solution
01:30 < wiresharked> djph: I think you meant 4to6
01:32 < wiresharked> And 802.11ax will support OFDMA
01:32 < djph> wiresharked: you would be wrong --> https://en.wikipedia.org/wiki/4in6
01:33 < wiresharked> djph: Oh, sorry I thought that you typed that wrong
01:34 < djph> nope
01:34 < tds> my understanding is that dual stack lite uses 4in6 between the CGNAT appliance and a standard home router, is that right?
01:34 < wiresharked> djph: Do you know about OFDMA?
01:35 < djph> I know it's brainbending
01:36 < wiresharked> djph: Not really, it's just allowing channels to be divided into several subdivisions of a frequency, instead of just one
01:36 < djph> wiresharked: for multiple USERS
01:36 < wiresharked> djph: So it's only good for MU-MIMO?
01:38 < djph> I never said that - but it's probably going to lean heavily into making the multi-user thing better
01:38 < wiresharked> Correct, because MU-MIMO in ax is updated for both upstream and downstream connections
01:59 < cthulchu> I'd tell you a joke about UDP, but you probably wouldn't get it.
02:18 < beingjohnm> Looking to setup a wireless bridge with ethernet at both ends. I've heard good things about Ubiquiti. Do you just need to nanostations to implement?
02:19 < beingjohnm> I watched a Youtube video that seems to indicate that but the ubiquity product page is a bit confusing as to what I would like to achieve.
02:23 < jim> hi... in linux, can the ip program be made to just display interface names?
02:23 < jim> (without feeding to cut etc)
02:25 < rewt> i doubt it
02:26 < rewt> ip a | grep -Po '^\d+: \K[^:@]+'
02:26 < jim> yeah, after looking at the man page for ip-link, I do too :/ oh well, I'll do it another way
02:26 < forgotten> ip link is shorter?
02:26 < jim> well try em and see
02:27 < jim> I want to parse the output of ip to get several different results
02:28 < jim> can an interface name have spaces in it?
02:28 < rewt> i doubt it
02:28 < rewt> but maybe
02:29 < jim> I notice the output of ip link has alternating lines, the first of each pair starts with a number of digits followed by a colon... then two spaces, the interface name and another colon
02:30 < rewt> i only have 1 space after the 1st colon before the interface name
02:31 < jim> maybe there's a better way...
02:31 < rewt> what's wrong with:  ip link | grep -Po '^\d+: +\K[^:@]+'
02:31 < jim> are the interfaces listed in /proc or /sys?
02:32 < rewt> /sys/class/net/ has them
02:34 < jim> that might be good... let's see
02:35 < catern> bah
02:36 < catern> where can I ask complicated academic questions about software-defined networking?
02:37 < Spice_Boy> this should be fun
02:37 < jim> academic?
02:38 < jim> well you can try here of course, with the understanding your milage may vary :)
02:38 < vvande> not sure about complicated questions though
02:39 < jim> "yes, I'll take 'things no one knows' for $100"
02:40 < xamithan> No one is going to help with your homework =/
02:40 < forgotten> jim so like... ip -o link show | awk -F': ' '{print $2}'
02:40 < forgotten> works good for me..
02:41 < jim> what's the -o?
02:41 < catern> okay, I'm looking for an SDN library that provides an API for detailed modeling of the network to the user, with a pluggable backend (which supports a purely "observational" SDN, where I merely model what I expect/want to happen, and I can check that against fed-in information about the state of the network)
02:41 < forgotten> jim: oneline
02:42 < jim> ohh :)
02:42 < catern> many high-level networking projects (like overlay networks/service meshes/SDN in general) have internal models of the network, but they don't provide that as an API that a user can program against
02:42 < catern> and even if they provide that as an API that a user can program against, they aren't modular enough to work in a no-op, observational mode
02:42 < forgotten> everything should have an API! everything! my toaster needs an API!
03:07 < tds> hmm, after fighting with conntrack a bit, that stupid idea actually seems to work
03:45 < forgotten> anyone know of a website, or thing you could setup that would just generically accept random get / post requests no matter the content?
03:51 < Criggie> forgotten: why?  Just for testing ?
03:55 < forgotten> Criggie: ya to test like payload content for snort rules
03:56 < forgotten> i know there is like "Scappy" for packet generation, but where i work i dont / cant have that
03:57 < forgotten> so im forced to do things like... "invoke-webrequest -uri "http://somesite.com" -usebasicparsing -usebasiccredentials -Method POST -Body "Some payload"
04:02  * linux_probe grabs some mums to test his payload
04:16 < forgotten> someone suggested httpbin.org in #security . pretty much exactly what i need :)
04:22 < dogbert2> hey forgotten
04:32 < forgotten> hey dogbert2 whats up
04:33 < dogbert2> my newest linux box3n :)
04:33 < forgotten> oooo
04:33 < forgotten> tell me moreee
08:17 < voidstar> what steps can I take to determine if a network is blocking my attempt to vpn back to my home network? I can use a vpn provider so I think their firewall is blocking my host
08:19 < voidstar> using openvpn on port 1194 and 1195
08:19 < detha> traceroute and see where it stops
08:19 < voidstar> ah right
09:24 < vvande> voidstar, I do think that some will block 1195 because it's a common VPN port - they can't block 443 though.
09:24 < vvande> not as fast, but more likely hidden
09:32 < aditya7400> theres a fiber switch in front of my house my isp uses to deliver ethernet to the neighbourhood
09:32 < aditya7400> a politician is visiting the area
09:32 < shtrb|laptop> Anyone have a clue why access point are branded with 802.11i ready ? (trying to connect to Access Point and just noticed it on it's box)
09:32 < aditya7400> so a bunch of government poeple were sent in to clean the thing
09:32 < aditya7400> the neighbourhood
09:32 < aditya7400> and someone decided that box was dirty
09:32 < aditya7400> and they opened it up
09:32 < aditya7400> pulled out the switch
09:32 < aditya7400> cut all the wires
09:32 < aditya7400> washed the switch with water
09:33 < aditya7400> then tied the fiber into a know
09:33 < aditya7400> knot*
09:33 < aditya7400> and expected everything to work
09:33 < shtrb|laptop> aditya7400, is that some kind of joke ?
09:33 < aditya7400> shtrb|laptop: im not even kidding
09:33 < aditya7400> i am waiting outside for the ISP right now
09:33 < shtrb|laptop> :D
09:34 < aditya7400> at least the labour costs in india are basically nonexistant
09:34 < aditya7400> it wont cost the ISP much
09:34 < aditya7400> but holy shit man
09:34 < shtrb|laptop> shit happens
09:34 < aditya7400> im just glad
09:34 < aditya7400> they didnt do that
09:34 < aditya7400> to the nearby electric failover panel
09:35 < aditya7400> or that would have ended more... deadly
09:35 < shtrb|laptop> now why the #%@%@ iwlist wlan0 scan doesn't list the damn 802.11i ready Access Point
09:36  * aditya7400 shrugs
09:36 < grawity> "802.11i ready" – is that from back when WPA2 just got released?
09:36 < aditya7400> what finger do you press the backspace key with?
09:37 < grawity> also `iw wlan0 scan`
09:37 < shtrb|laptop> aditya7400, some electrical devices are goverment workers friendly, look for the double square
09:37 < aditya7400> shtrb|laptop: ^^^^^^^^^^^^^
09:37 < cluelessperson> hey all
09:37 < aditya7400> shtrb|laptop: double square?
09:37 < shtrb|laptop> grawity, I have no idea it list many routers but not that fancy ap
09:37 < shtrb|laptop> grawity, but google says it 802.11i is pre wpa2
09:38 < grawity> no, that seems to be exactly wpa2
09:38 < cluelessperson> can you help me decipher these? https://i.imgur.com/Aa1S9YD.png
09:38 < shtrb|laptop> grawity, it has some squigly signlans (Thai?) and 802.11i ready on the box :-(
09:42 < shtrb|laptop> grawity, iw  wlan0 scan |grep -i ssid doesn't show the expected ssid it :-(
09:43 < xmonkee_>  can someone tell me why these rules aren't working for me? as soon as I apply them I cannot ssh into it anymore https://hastebin.com/pohocusagi.sql
09:44 < xmonkee_> i may have these backward
09:46 < shtrb|laptop> aditya7400, this http://www.pat-testing-course.com/blog/wp-content/uploads/2012/10/class2.gif
09:46 < shtrb|laptop> "double insulated" (square inside a squre or double square)
09:47 < aditya7400> huh
09:47 < aditya7400> i dont see anything like that
09:48 < aditya7400> although i suspect the big thick wires were a giveaway
09:48 < aditya7400> they see small wires and think "can destroy"
09:48 < shtrb|laptop> in that case you should have http://www.pat-testing-course.com/blog/wp-content/uploads/2012/10/class1.gif (which is plug the device correctly or you will be nicly fried)
09:57 < aditya7400> i have convinced my isp to jump from yellow arrow and install it at red arrow https://tinyimg.io/i/bgOOBzj.png
09:58 < shtrb|laptop> I went to google to search for what does yellow and red arrow mean
09:58 < aditya7400> hahahaha
09:58 < aditya7400> then you checked the image :D
09:58 < shtrb|laptop> yes
09:59 < shtrb|laptop> btw it's a bad place if the area is prone to rain
10:00 < shtrb|laptop> it's near a drain and bellow a facility that will have leakage in the least time you expect it
10:01 < aditya7400> shtrb|laptop: red arrow is slightly innaccurate
10:01 < aditya7400> actual location is a bit inside
10:01 < aditya7400> theres good shade there
10:01 < aditya7400> and no chance of water leakage onto the thing
10:01 < aditya7400> although as long as the box isnt breached water was never an issue in the form of rain
10:02 < aditya7400> so the correct lication is if you move red arrow back in the depth axis
10:02 < shtrb|laptop> It's not a sewage pipe ? the green leaves mean there is enough water for it to grow nicly
10:02 < aditya7400> location*
10:02 < aditya7400> shtrb|laptop: its a drain for when my mom waters the plants
10:02 < aditya7400> not actual sewage anyway
10:02 < aditya7400> those plants are my mom's garden
10:19 < rampant> hey all
10:20 < rampant> i have a fortigate 100D firewall, and i have 2 WAN links - 1 being a PPPoE and the other being a router given to me by my ISP that has a /29 public IP range
10:22 < rampant> the ISP router has a point to point link to their side of the network, and 1 IP address on the CPE side for the public IP access to the same router.
10:23 < rampant> i have managed to set my server vlan to use outgoing traffic from the firewall interface (using an IP from the public ip pool), but I cannot ping the firewall using the same address.
10:24 < rampant> my policies are the same as that being used by the firewall for the PPPoE connection, and i can ping the firewall by the same, but cannot ping the second static ip interface that I have assigned the firewall.
10:26 < anoncvs> eddy it's been a while
10:27 < anoncvs> funny how these old dreams float
10:27 < rampant> but I am able to access the internet from the servers using the static (public) ip in NAT, im just not able to ping this interface (i have enabled ping on the interface)
10:27 < anoncvs> and the memory hits clear as crystal
10:28 < anoncvs> eddy it did lighten my heart for a moment
10:29 < anoncvs> wearing a rythm or algorythm and cast it off like old garments
10:30 < anoncvs> Mike11: are you alive or is this a replay like a picture of a goldfish tank
10:31 < Mike11> no, I am alive thankfully
10:31 < anoncvs> !
10:31 < anoncvs> suprising! a reply!
10:32 < mrtnt> Am I correct that "window size" is "receive window" for the sender of the TCP segment and it will become "send window" for the receiver of the segment?
10:34 < anoncvs> Mike11: privmsg for shell pin
10:34 < anoncvs> <- this can be your account
10:35 < ne2k> anyone use fasthosts dedicated servers? I cannot get the eRIC IP KVM card's Virtual Media feature to work
10:36 < AlexeyX> Hi there!
10:37 < AlexeyX> Can you check - www.forticlient.com ? Is it works?
10:38 < rampant> AlexeyX: yes
10:38 < AlexeyX> So sad( I have an error(
10:38 < rampant> you can use www.isitdownrightnow.com/ to check
10:38 < rampant> what's the error
10:38 < AlexeyX> The connection has timed out
10:39 < rampant> 1. is your date/time settings right? 2. check your hosts file, 3. try pinging, if it works, you have a DNS issue
10:39 < rampant> 35.185.210.211 is the IP address that shows for forticlient.com
10:40 < rampant> if the IP address ping works, check your DNS settings.
10:40 < AlexeyX> 1 yes; 2 clear;
10:40 < AlexeyX> 3 - ping doesn't work, but IP is 35.185.210.211
10:40 < rampant> tracert it
10:41 < AlexeyX> After my isp - nothing....
10:42 < roxlu> hi, just coming back to the question from yesterday... so I created a very simple program that receive UDP packets. I create 4 threads that receive data from 4 cameras (UDP,RTP/H264). We are experiencing packet loss in my program but when we inspect with Wireshark we can see all packets are there. I've turned off all processing in my op, I only check for a sequence number if we're losing packets.
10:42 < roxlu> I just tried something else where I start 4 instances of my program where each instance connects to only 1 camera and now we have zero packet loss. CPU usage in both cases is ~0.5%.
10:43 < rampant> ask your friends if they can access: 1. if not, then the ISP is blocking it for whatever reason. 2. if they can, and you can't, check your policies
10:43 < rampant> @AlexeyX
10:43 < roxlu> Does someone have any idea why running 4 instances that connect to 1 camera has no loss, but one instance that connects to 4 cameras has a huge amount of loss? ("connects" -> receives from)
10:43 < AlexeyX> rampant, thank you!
10:44 < rampant> AlexeyX: by friends, i mean people using a different internet connection - office/home. yw
10:45 < anoncvs> AlexeyX: Is that dark sarcasm?
10:46 < rampant> anoncvs: i hope not
10:46 < anoncvs> could you have said "google it" about the same depth?
10:47 < rampant> anoncvs: nothing better than a lil human touch
10:47 < rampant> i'd want somebody to help me rather than saying "google it"
10:48 < anoncvs> is linus on freenode?
10:50 < AlexeyX> Where is dark sarcasm? OO
10:50 < AlexeyX> everything is ok, without dark or not dark sarcasm
10:51 < ne2k> roxlu, so the only difference is threads vs processes? what are you using for threads? what OS is this?
10:51 < anoncvs> even when it strips human rights from indifference?
10:53 < roxlu> ne2k: Yeah that's probably the biggest difference atm. We are testing on Windows now
10:53 < ne2k> roxlu, I don't know about how Windows threads work
10:54 < ne2k> roxlu, how are the streams differentiated? are these unsolicited streams, i.e. the cameras just spray no matter what?
10:54 < roxlu> ne2k: if it was linux would you know about something that could cause this?
10:54 < anoncvs> this is an interesting trap line
10:54 < ne2k> roxlu, not specifically, but I was going to suggest trying a select()-based version too
10:54 < ne2k> anoncvs, what on earth are you talking about?
10:55 < anoncvs> my connection
10:55 < roxlu> ne2k: I am actually using select() with an timeout of 3 sec (sorry I should have described that)
10:55 < anoncvs> looks like I picked up a broken trap
10:55 < anoncvs> Mike11: do you care for a pin or not
10:55 < anoncvs> before switching lines
10:56 < ne2k> roxlu, so are you using a single select and then passing off the received data to other threads for processing, or using a select in each thread?
10:56 < anoncvs> thankful for life, pleasurable company
10:56 < ne2k> I didn't know whether Windows had select(); I thought it was POSIX
10:57 < ne2k> anoncvs, any chance you can stop wittering?
10:57 < roxlu> Using select in each thread. Basically each thread creates one socket, receives data (using select) and when there is data it's processed by the same thread). I thought that processing could cause this, but I removed almost all processing and that didn't change anything. Currently I'm only decoding the first 12 bytes of each packet.
10:57 < anoncvs> the pin is yours if you send a privmsg
10:57 < anoncvs> notice it was not offered to dark sarcasm
10:58 < ne2k> roxlu, I think it would be worthwhile trying it with a single select
10:58 < ne2k> roxlu, that is, after all, the purpose of select, to listen for data on multiple FDs
10:59 < roxlu> ne2k: yeah, good idea
11:00 < AlexeyX> oh.. forticlient.com banned... so sad :|
11:00 < roxlu> ne2k: is there anything that makes you think this is causing the issue?
11:02 < rampant> AlexeyX: by your ISP right
11:03 < AlexeyX> no, by our government :)
11:04 < shtrb|laptop> what did that do to your goverment ?
11:04 < rampant> :D
11:04 < regdude> Hi! What is this syntax called? "\\x00\\x41\\x41" ?
11:04 < djph> regdude: hex?
11:05 < regdude> yes, but doesn't it have a special name? Like MAC addresses in a packet dump are in a hex stream, doesn't this have a special name since it has a backslash?
11:05 < shtrb|laptop> explicit unicode literals ?
11:06 < shtrb|laptop> regdude, ask in #C++-general and #C++
11:06 < shtrb|laptop> they might know better
11:07 < AlexeyX> I think it does nothing to our government, but our government is blocking telegram now
11:07 < shtrb|laptop> found the middle eastren :)
11:09 < shtrb|laptop> I remeber that there where free dial-in destinations in EU during the Egyptian revolution (they might be still active) (long distance calls )
11:10 < rampant> shtrb|laptop: could be russia too :)
11:12 < shtrb|laptop> thinking about it, If I would ever need to do a long distance dialup internet I would probably fail to setup (because where can I get a phone that work with my speakers / mic
11:12  * shtrb|laptop went to google that shit up
11:13 < cluelessperson> I can't seem to get prefix delegation for ipv6 to work on my unifi gateway for a second network
11:13 < cluelessperson> it has the same settings, but prefix id 2 instead
11:14 < AlexeyX> international dialup could be so expensive Oo
11:14  * shtrb|laptop is so sheltered he didn't even think about it
11:20 < ychaouche> Hello ##networking
11:21 < ychaouche> Any good link that explains what are the differenet connexion states and their meanings ? I'm looking for terms like ESTABLISHED, RELATED, etc.
11:21 < shtrb|laptop> context ?
11:22 < ychaouche> firewall
11:22 < ychaouche> but I'm sure it will also help me understand output from iptraf, netstat, lsof -i etc.
11:22 < shtrb|laptop> conntrack
11:23 < ychaouche> !conntrack
11:23 < shtrb|laptop> :-/
11:23  * ychaouche googling
11:23 < djph> ychaouche: wikipedia for conntrack
11:23 < djph> or perhaps iptables
11:24 < ychaouche> djph: I prefer other sources
11:24 < regdude> invalid,new,established,related,untracked - should be easy to find if not self explanitory
11:24 < shtrb|laptop> here are the states (with human readable meaning ) https://www.linuxtopia.org/Linux_Firewall_iptables/x1347.html
11:24 < djph> ychaouche: well, then you can buy a book on conntrack / iptables
11:24 < djph> regdude: one would think that anyway
11:24 < shtrb|laptop> no need to buy, the source is free
11:24 < regdude> though untracked is tricky, those are packets that were accepted in raw
11:24 < ychaouche> thanks for the suggestion
11:24 < shtrb|laptop> ychaouche, here are the states (with human readable meaning ) https://www.linuxtopia.org/Linux_Firewall_iptables/x1347.html
11:25 < ychaouche> got it twice, thanks
11:26 < ychaouche> Although I think I should be starting here : https://www.linuxtopia.org/Linux_Firewall_iptables/c1265.html
11:27 < shtrb|laptop> I wonder why i couldn't find it on tldp
11:28 < ychaouche> I thought tldp was dead
11:29 < ychaouche> it reminds me of the how-tos erra
11:29 < shtrb|laptop> AlexeyX, google says that Russia and Khazhstan share the same prefix , maybe if there is a free access point in Khazhstan it wouldn't be long distance call cost
11:29 < shtrb|laptop> ychaouche, it's state is Z :D
11:30 < ychaouche> shtrb|laptop: I'll get back to you in a couple days, after I finish reading about conntrack and be able to get the joke :)
11:30 < shtrb|laptop> ychaouche, process state Z is zombie
11:30 < ychaouche> ah :)
11:31 < shtrb|laptop> or less known defunct
11:54 < cluelessperson> sup
11:59 < cluelessperson> How do you fix Ubuntu's routing so that it can ping out of each interface?
11:59 < cluelessperson> or handle routing over multipl einterfaces?
11:59 < cluelessperson> sanely?
12:01 < djph> you ping a device attached to the other network interface(s)
12:06 < grawity> cluelessperson: policy routing, so that it picks a different default route based on the source IP address
12:07 < cluelessperson> why doesn't it do that by default?
12:07 < grawity> ¯\_(ツ)_/¯
12:07 < grawity> for ipv6, it could
12:08 < grawity> some people don't want to add any new features to the ipv4 support
12:08 < grawity> that said
12:08 < Phil-Work> cluelessperson, what's the actual problem?
12:08 < grawity> latest NetworkManager is able to set up policy routing automatically, if you enable it in the config
12:08 < Phil-Work> I don't think Ubuntu's routing is any worse than any other device
12:09 < cluelessperson> Phil-Work: I'm connected on two interfaces.  I need to test pinging different routes.   Ethernet is required to access management vlan,  wifi can hope between and test routes and/or firewall
12:09 < grawity> hmm
12:10 < cluelessperson> Phil-Work: Because it doesn't have default policy routing, it seems, I cannot do say,   ping -I wifi_interface google.com
12:10 < cluelessperson> ping -I wifi_interface RESTRICTED_INTERNAL_SUBNET
12:10 < grawity> is ethernet purely for management vlan, or does it provide a default route as well?
12:10 < cluelessperson> grawity: it apparently provides a default route as well, not sure how ot turn that off
12:11 < cluelessperson> but I will still need to test between multiple interfaces that do have default routes eithe rway
12:11 < Phil-Work> cluelessperson, yeh - that's fairly standard across all devices
12:11 < Phil-Work> you need to tell it which route table to use
12:11 < Phil-Work> so you need a table per interface (i.e. policy based routing)
12:11 < grawity> Phil-Work: some OSes are smarter in that regard
12:11 < grawity> i.e. if you have two default routes, and a socket is bound to a specific interface, it'll pick the matching route
12:12 < grawity> I think Windows, FreeBSD do that
12:12 < Phil-Work> AWS do it on their EC2 instances, but they just change the default ip rules
12:13 < Phil-Work> which you can do on Ubuntu, if you so please
12:13 < grawity> the part you missed is "smarter defaults"
12:14 < cluelessperson> Phil-Work: grawity   well, the hard part is setting that up without statically entering stuff
12:14 < cluelessperson> This is my mobile computer, I hop between all sorts of interfaces all the time
12:27 < ShapeShifter499> hi
12:29 < ShapeShifter499> I'm somehow getting duplicate IPv6 addresses and I don't know why, how, or from where.     Messages like these are popping up.   "IPv6: usb0: IPv6 duplicate address <IPv6-address> detected!"
12:29 < ShapeShifter499> does anyone have any ideas?
12:31 < Phil-Work> ShapeShifter499, how are the IPs assigned?
12:31 < ychaouche> There's something I don't understand about SNAT : if a gateway forwards a packet to a NATed destination host w/o doing the SNAT, what will the NATed destination host see in the incoming packet : the original IP address or the gateway's address ?
12:31 < Phil-Work> SLACC?
12:32 < Phil-Work> ychaouche, what makes it a "NATed destination host"?
12:32 < Phil-Work> DNAT?
12:32 < ychaouche> Phil-Work: yes
12:33 < Phil-Work> then yes - if you don't do SNAT then the source IP will be whatever it was when you router doing the DNAT receives it
12:33 < ShapeShifter499> I'm not sure Phil-Work
12:33 < ychaouche> then why do SNAT at all ?
12:33 < ShapeShifter499> My router should be doing all the work
12:34 < Phil-Work> ychaouche, sometimes its useful to change the source IP
12:34 < Phil-Work> such as when you are sending traffic outbound from a device with a private IP to the Internet
12:34 < ychaouche> yes that makes sense.
12:35 < Phil-Work> doing DNAT and SNAT together isn't so common, but it can be useful
12:35 < Phil-Work> for example, if you need to force reply traffic back out the same interface as it came in
12:35 < ShapeShifter499> Phil-Work: I have what appears to be a local address fe80       and two addresses starting with fd52
12:35 < ShapeShifter499> for one device
12:35 < ychaouche> Phil-Work: I was mislead by an answer on quora which apparently suggests that DNAT and SNAT are done at the same time, SNAT to change the router's address to the real source address.
12:36 < Phil-Work> ychaouche, not normally - you'd usually see DNAT on inbound traffic and SNAT on outbound
12:36 < ychaouche> that makes much more sense, thanks Phil-Work
12:37 < ShapeShifter499> Phil-Work: the devices in question are raspberry pi zeros that are bridged
12:38 < Phil-Work> ShapeShifter499, SLACC works by providing the device with a prefix and allowing it to generate its own IP using its MAC address
12:38 < Phil-Work> so if the MAC addresses are the same, you'll get duplicate IPs
12:38 < djph> if the mac addresses are the same, you've got other problems
12:38 < Phil-Work> yes, that ^^
12:40 < Phil-Work> I've never used DHCPv6 but I suspect that if it's issuing IPs also based on Mac address and you have devices behind a bridge then you'll also get duplicates as the DHCPv6 server sees all traffic originating from the MAC of the bridge device closest to it
12:40 < ShapeShifter499> I fixed the duplicate MAC address issue
12:44 < ShapeShifter499> Phil-Work: I guess SLACC is enabled, one IPv6 has the MAC address I set, but the other is appears to only be duplicated through the pi zeros
12:49 < ShapeShifter499> Phil-Work: I'm going to reboot the router to see if that fixes anything.  I had fixed the MAC issue but maybe the router is still choking
12:49 < ShapeShifter499> brb
12:59 < ychaouche> Phil-Work: to recap :
12:59 < ychaouche>   - SNAT takes place when packets go out of the router, so that they can reach back to it rather than to the unroutable original sender's LAN IP.
12:59 < ychaouche>   - DNAT takes place when packets get into the router, so they can reach the original sender.
13:01 <+catphish> that latter part is technically DNAT, but is not usually called DNAT
13:02 <+catphish> most people would just consider it handing the replies as part of the SNAT
13:03 <+catphish> DNAT more commonly refers to new connections coming in from outside and being directed to an internal host with a private IP
13:03 <+catphish> technically that's the same tough :)
13:04 < ShapeShifter499> Phil-Work: didn't work
13:05 < ShapeShifter499> new address was given but it still got duplicated across all the Pi Zeros
13:12 < ychaouche> catphish: thanks, it's good to know what's the common parlance is.
13:13 <+catphish> ShapeShifter499: your question was unhelpfully redacted - which IP is duplicated?
13:13 < ShapeShifter499> catphish: IPv6: usb0: IPv6 duplicate address fd52:d962:9b9a::1a5 detected!
13:16 <+catphish> ShapeShifter499: ok, that's ULA, not SLAAC
13:17 <+catphish> so i'd say dhcpv6, which means either you have duplicate MACs, or something is messing with your MACs en-route
13:17 <+catphish> you mentioned a bridge, are you trying to bridge wired clients onto a wireless network? if so that doesn't work well
13:17 <+catphish> and would cause this
13:18 < ShapeShifter499> catphish: I'm trying to bridge 4 Pi Zeros in usb ethernet gadget mode to a wired ethernet port
13:25 < ShapeShifter499> catphish: any special forwarding I should have set up?    sysctl variables?
13:30 <+catphish> ShapeShifter499: that should work i'd have thougt
13:30 <+catphish> as long as its not wifi it should be ok
13:31 < mawk> no need for ip forwarding ShapeShifter499
13:31 < mawk> so no sysctl variables, nothing fancy
13:32 < mawk> just ip link add br0 type bridge; ip link set br0 up state up; for iface in pi1 pi2 pi3 pi4; dk ip link
13:32 < mawk> just ip link add br0 type bridge; ip link set br0 up state up; for iface in pi1 pi2 pi3 pi4; do ip link set $iface master br0; done
13:33 < mawk> you can force routing force some frames using ebtables
13:33 < mawk> filter them as well
13:33 < mawk> iptables can do it for you too with the right sysctl parameter
13:35 < ShapeShifter499> mawk: I'm able to connect fine it seems, but my connection drops after some time.  I feel like it's the duplicate IPv6 that's screwing me up
13:36 < ShapeShifter499> catphish: mawk https://gist.github.com/ShapeShifter499/c6b863bc8d922e84f3ce67628c2fb608     this is my current config for the bridge
13:36 < mawk> then it's not a problem with bridging
13:36 < mawk> unless you're filtering NDP
13:36 < mawk> config ? there should be no config to make, or very minimal
13:36 < mawk> yeah ok
13:37 < mawk> well it's likely not a problem with your bridging then
13:37 < mawk> you have a RA daemon running ?
13:37 < ShapeShifter499> mawk: I don't think so
13:37 < mawk> use tcpdump to track icmpv6 messages on the bridge
13:38 < mawk> how do you autoconfigure ipv6 then ?
13:39 <+catphish> unless those USB NICs actually all have the same MAC, i don't know how they're allocated
13:39 < mawk> yeah
13:40 < mawk> and duplicated ipv6 address just marks them as duplicated with default settings
13:40 < mawk> it doesn't delete them
13:40 < mawk> but it sure will mess up the neighbor tables
13:41 < mawk> ip addr should say dad-failed for the duplicates
13:41 < mawk> see that on the Pis
13:41 < ShapeShifter499> it does show that
13:41 < mawk> and the addresses are the same ?
13:42 < ShapeShifter499>     inet6 fd52:d962:9b9a::1a5/128 scope global dadfailed tentative noprefixroute        valid_lft forever preferred_lft forever
13:42 < mawk> and the mac addresses as well
13:42 < ShapeShifter499> no I fixed that
13:42 < mawk> then reload ipv6
13:42 < ShapeShifter499> it has two IPv6 addresses
13:42 < mawk> to get new LL addresses
13:42 < mawk> yes
13:42 < mawk> normal
13:42 < ShapeShifter499> I tried rebooting everything even the router
13:42 < mawk> just the Pis is enough
13:42 < mawk> when do you change the MACs ?
13:43 < mawk> maybe too late
13:43 < mawk> try sysctl -w net.ipv6.conf.all.disable_ipv6=1; sysctl -w net.ipv6.conf.all.disable_ipv6=0
13:43 < mawk> on the Pis
13:43 < mawk> after the MAC change
13:45 < mawk> fd00::/8 isn't routable is it ? don't you have a real ipv6 block ?
13:46 < ShapeShifter499> I'm changing it on the command line mawk
13:46 < mawk> fc00::/7 rather maybe
13:46 < mawk> yeah then you're doing it too late
13:46 < ShapeShifter499> oh
13:46 < mawk> toggle the interface/the ipv6 after that
13:46 < mawk> off and on
13:47 < ShapeShifter499> er no I meant the kernel command line
13:47 < ShapeShifter499> sorry
13:48 < mawk> ah
13:48 < mawk> can't be too late then
13:48 < mawk> but just do it to be sure
13:48 < mawk> the fd00::/8 addresses are all the same right ?
13:48 < mawk> which is the problem
13:49 < mawk> the fe80::/16 addresses are also the same ?
13:49 < ShapeShifter499> no
13:49 < mawk> no to all ?
13:49 < ShapeShifter499> fe80 contains the correct MAC address
13:50 < mawk> ah
13:50 < mawk> just fd00::/8
13:50 < mawk> if you don't have SLAAC or DHCP how do you configure these addresses then ?
13:50 < mawk> manually ?
13:50 < djph> "incorrectly" ?
13:50 < mawk> in the dhcpcd.conf of the Pis for instance
13:50 < mawk> lol
13:57 < ShapeShifter499> mawk: it should be dhcp
13:57 < mervin> hey folks
14:01 < mawk> should ?
14:01 < mawk> then flush the dhcp leases
14:02 < mawk> and try again
14:03 < ShapeShifter499> mawk: didn't rebooting do that?
14:03 < mawk> not always, no
14:04 < mawk> especially since the leases aren't in temporary storage
14:04 < ShapeShifter499> oh
14:04 < mawk> but usually in /var/lib
14:04 < ShapeShifter499> I actually don't know how to flush leases
14:04 < mawk> me neither
14:04 < mawk> lol
14:04 < mawk> but why are you using dhcp ?
14:04 < mawk> it's aweful with ipv6
14:04 < mawk> use SLAAC
14:05 < mawk> you'll achieve true happiness through autoconfiguration
14:07 < qman> with ipv4 and dhclient, you'd do dhclient -r
14:07 < qman> probably similar if not the same for ipv6
14:07 < qman> but yes, if it suits your situation, SLAAC is the way to go
14:08 < qman> it has some limitations though, and might not meet your needs
14:09 < ShapeShifter499> my goal is to allow the Pi Zeros access to IPv6 services and allow the outside access to the Pi Zeros over IPv6
14:09 < qman> if you have an entire /64 to use, then SLAAC can do that
14:10 <+catphish> ShapeShifter499: by the way, you haven't mentioned any real IP addresses in any of this, only private ones
14:10 <+catphish> ShapeShifter499: you will of course need a real /64
14:10 < qman> you'd need dynamic DNS though, but you'd need the same thing with DHCP
14:11 < ShapeShifter499> I know I'm getting a IPv6 from comcast
14:11 < ShapeShifter499> starts with 2001
14:11 <+catphish> good start
14:11 < ShapeShifter499> Maybe I haven't set up things correctly in my LEDE router
14:11 <+catphish> you need to get that to your PIs
14:12 < ShapeShifter499> LEDE/Openwrt
14:13 < Yami_> Hello! I'm a really big noob in everything related to network, and I'm struggling to access my VM webserver through my host browser (I dunno if I'm in the right chan to ask questions like that)
14:16 < ShapeShifter499> catphish: qman mawk ok on my router under LAN settings > DHCP > IPv6 Settings.      I have the following set.      "Router Advertisement-Service: Server mode",  "DHCPv6-Service: Server mode", "NDP-Proxy: Disabled"    and  "DHCPv6-Mode: Stateless + Statefull"
14:17 < mawk> yes
14:17 < ShapeShifter499> *stateful
14:17 < mawk> release the leases on clients now
14:17 < ShapeShifter499> mawk: this is what I had on my router this whole time
14:17 < mawk> yes it's fine
14:17 < Yami_> I've got a Debian VM running in VirtualBox, with one NAT adapter (with default settings), and a host only adapter (I changed the Promiscuous mode to Allow all), I rebooted the vm multiple times but each time I do a ifconfig, my IP is still "10.0.2.15" an I can't access it through my host browser (I've got apache working on the VM)
14:18 < mawk> you should have two IPs in the vm Yami_
14:18 < mawk> one on each adapter
14:18 < mawk> and it's the host only adapter IP you should use from the host to access the vm
14:19 < Yami_> ifconfig only shows me "enp0s3" and "lo"
14:19 < mawk> then something is wrong with your host only adapter
14:20 < mawk> did you create a new network adapter in the VM settings ?
14:20 < mawk> and assign it to the host-only net
14:20 < Yami_> I just followed the step listed here : https://gist.github.com/odan/48fc744434ec6566ca9f7a993f4a7ffb
14:21 < mawk> show a screenshot of the network section in the vm configuration
14:21 < mawk> for both tabs
14:23 < Yami_> https://imgur.com/a/SLeVK
14:26 < mawk> good
14:26 < mawk> then something's weird
14:26 < mawk> did you reboot the VM ?
14:26 < mawk> show output of ip addr show
14:26 < mawk> in the vm
14:26 < mawk> and on the host
14:26 < mawk> you can use ip -c for nice colors, and take a screenshot
14:27 < ninja111> Hi
14:29 < ninja111> Anyone here? I have an issue with my client. It says socket closed by remote peer
14:29 < light> someone shut your socket bro
14:30 < ninja111> I knew it!
14:30 < ninja111> It was probably one of my friends...or I thought he was
14:30 < ninja111> How do I get it back?
14:31 < djph> you re-initiate the connection
14:31 < ninja111> I tried it didn’t work
14:31 < ninja111> I did it several times
14:31 < ninja111> When you say re-initiate the connection you mean by trying to reconnect right?
14:31 < djph> then figure out what you're doing to the poor peer such that it's closing your socket
14:32 < ninja111> I didn’t do anything
14:32 < ninja111> Why is he a poor peer
14:33 < djph> because you keep doing somethign that makes the peer puke and close the socket
14:33 < Yami_> I rebooted the VM (with sudo shutdown, and via the "Power off the machine" of VirtualBox)
14:34 < ninja111> Okay well should I do that too?
14:34 < ninja111> Why would they pull my socket
14:34 < Yami_> And here is my ifconfig output : https://imgur.com/a/ozLzD
14:35 < ninja111> Thanks Yami_
14:35 < ne2k> ninja111, what on earth are you talking about?
14:35 < djph> ne2k: you beat me to it
14:35 < ninja111> Whoops nvm
14:35 < ninja111> I got confused
14:37 < mawk> I said ip Yami_
14:38 < mawk> but maybe it's not different
14:38 < mawk> more interfaces in ip addr ?
14:39 < Yami_> Here's the output of ip a (and my /etc/network/interfaces file)
14:39 < Yami_> https://imgur.com/a/vmn2W
14:46 < ninja111> Now it says invalid password wtf...I know someone’s messing with me. Someone’s definitely behind this
14:46 < djph> PEBCAK
14:56 < MJCDoffice> im having a bad time
14:56 < MJCDoffice> networking on linux is blergh
14:57 < djph> set the beancounter's computer on fire
14:57 < MJCDoffice> its just in a VM too
14:57 < MJCDoffice> but I cant get net access
14:57 < djph> bridged or NAT'd interfaces?
14:57 <+catphish> "just a vm"
14:58 < MJCDoffice> I set it to bridged - also forced it to get an ipv4 address -
14:58 < MJCDoffice> then I checked in windows the wifi adaptor
14:58 <+catphish> you can't bridge to wifi
14:58 <+catphish> that's likely the problem
14:58 < MJCDoffice> and the bridging protocol was turned off
14:58 < MJCDoffice> oh really?
14:59 < MJCDoffice> why is that
14:59 <+catphish> wifi only supports one MAC address per physical client
14:59 <+catphish> it assumes the MAC of the client is the physical address of the radio
14:59 <+catphish> so you can't stack additional devices with different MACs behind it
14:59 < MJCDoffice> well lucky for me im not doing any of that lol
15:00 <+catphish> it may work sometimes, to an extent, but not properly
15:00 < MJCDoffice> yeah I should be able to get internet
15:00 <+catphish> i don't understand
15:00 < MJCDoffice> a network adaptor is a network adaptor
15:00 < MJCDoffice> whether its wifi is only coincidentally true
15:01 <+catphish> what do you mean by that
15:01 < MJCDoffice> check this out
15:01 < MJCDoffice> http://prntscr.com/j6f1vx
15:01 <+catphish> what i'm getting at is that you can't bridge behind wifi, so a bridged VM likely won't work, if you just want internet access use a NAT adapter
15:01 < djph> catphish: it means he doesn't get the concept that you just said
15:01 < MJCDoffice> well what im trying to say is it shouldnt care about wifi
15:02 <+catphish> MJCDoffice: are you using wifi?
15:02 <+catphish> if so, it obviously matters
15:02 < MJCDoffice> hm I suppose I could use a NAT adaptor
15:02 < MJCDoffice> like, just have both
15:02 < MJCDoffice> ones gonna work
15:02 <+catphish> if you use a NAT adapater it will likely work
15:03 < MJCDoffice> yeah
15:03 <+catphish> but a bridged adapter usually won't work with wifi
15:03 < MJCDoffice> alright ill give it a go, thanks for explaining that clearly
15:03 <+catphish> good luck
15:05 < mawk> Yami_ didn't spot the new interface in ip a
15:05 < mawk> too bad for him
15:18 < conall> Hi. How do I add a permanent static route on a systemctl based distro, to be activated regardless of whether or not the interfact is connected?
15:19 < conall> I have tried the "route-iface" files as well as "static-routes" file but it does not work
15:20 < shtrb|laptop> systemd-networkd is there ?
15:20 < conall> yes
15:20 < conall> its centos7
15:21 < shtrb|laptop> don't know about centos (didn't touch it for a while) , but you can setup it up against an interface (set match and scope=link in your route part)
15:23 <+catphish> conall: you normally do it against an interface, ie in /etc/sysconfig/network-scripts/route-eth0
15:24 <+catphish> you might even be able to configure it against lo so it's always configured, not sure
15:24 < shtrb|laptop> I take my words back , this will not be loaded if the interface is down (because it's down)
15:24 < ychaouche> do I get it right ? https://imgur.com/gallery/BOowO
15:25 < conall> catphish: I tried that but I think that this will only work if there is something plugged into that iface
15:25 <+catphish> conall: i don't think it matters if its plugged in or not, just whether it's configured, however you could try doing it on lo which is always up, or... just add the route in /etc/rc.local
15:26 <+catphish> that will always work :)
15:26 < dogbert2> normally you do that with rc.local (old style init.d)...that script always gets run after everything else is finished
15:26 < shtrb|laptop> rc.local is dead long live The project that shall not be named services
15:26 < shtrb|laptop> sorry systemD
15:26 < dogbert2> systemD <bleh>
15:27 < tds> ychaouche: I guess it's worth considering that snat/dnat doesn't necessarily rely on mapping source/destination ports (eg you can do plain snat/dnat on proto 41 traffic), but otherwise that looks pretty accurate :)
15:27 < shtrb|laptop> yeh, sorry I have auto replace setup correctly to avoid intellectually chalenged feces like systemD
15:28 < nobody> hi :)
15:28 < dogbert2> https://askubuntu.com/questions/886620/how-can-i-execute-command-on-startup-rc-local-alternative-on-ubuntu-16-10 (good way to do what you're asking)
15:28 < conall> catphish: interesting.. it seems to be overwritten then, or not read at all. Is there a way to check (in logs etc) if the route-iface file has been read?
15:30 <+catphish> conall: i'm not sure :(
15:30 < pzn> Need to know how cellphone network montly data usage is counted... does it count the IP/TCP/UDP headers or does it count only the payload? Is there any GSM/GPRS network headers that encapsulate IP and count on montly data usage?
15:31 < djph> counts the payload
15:31 < djph> or rather, it counts what leaves the provider's network
15:32 < dogbert2> hey djph
15:32 < ychaouche> tds: I want to know more about that.
15:32 < djph> yo
15:33 < shtrb|laptop> pzn, depending on your system but normally it count the PDP size
15:33 < shtrb|laptop> in case of LTE and MMS it count the internal size reported by the switch
15:35 < shtrb|laptop> pzn, your cell phone tower / access point asks the provider can my client use X mib please charge him ,and let you use it after a timespan or after you used it again it ask to charge again , when you disconnect or change a service it will refund your account
15:36 < shtrb|laptop> pzn , If I remeber correctly in the end you will be charged for the ppp package length , provider for the next encapsulated level
15:37 < MJCDoffice> catphish, awesome, now I just have one with nat and one bridged, it uses the one that gets to the internet haha
15:37 < MJCDoffice> so it will work here, as well as remotely
15:38 <+catphish> it'll work anywhere
15:38 < MJCDoffice> here being literally on/near the server
15:38 < MJCDoffice> yeah
15:39 < pzn> shtrb|laptop, 3 bytes (payload information, yes just 3 bytes from a sensor) + 4 bytes (UDP header) + 20 bytes (IP header) + PPP header... wow... the overhead payment will be too much :-) thanks for the info shtrb|laptop
15:40 < shtrb|laptop> pzn, the charge may very if you have retransmits (you pay for that) or QOS or if you have 3G over WiFi
15:42 < shtrb|laptop> Honestly as a 3G/LTE user for data I never went to surprise between the charge and what I had seen in vnstat
15:43 < easy_ref123> anyone with experience configuring net-tools' snmptrapd?
15:45 < shtrb|laptop> what is pdpc ?
15:46 < ychaouche> tds: would that be a static kind of NAT ?
15:46 < pzn> shtrb|laptop, for the datarate/datavolume I need, an old 2G connection would be enough. a single payload of 3 bytes per 5 minutes per equipment :-) but about 100 equipments. I'm making this estimatives because operators have "shared plans" and maybe it is cheaper I buy a shared plan and share between 100 simcards...
15:47 < shtrb|laptop> don't touch 2G if you can , UMTS (3G to HSPA) if you wish to reduce the overhead
15:47 < pzn> ok, got the point. they don't use PPP as 2G does
15:47 < tds> ychaouche: yes, you'd need to set specific static rules, rather that just being able to snat any outgoing traffic and then do the inverse on the way back in
15:47 < shtrb|laptop> pzn, check if you have facebook zero or other "free" 3g packages
15:48 < tds> but it can be useful if you need to use certain protocols behind nat (like proto 41) forwarded to a specific host, or for a 1-to-1 nat mapping system
15:48 < shtrb|laptop> pzn, I do not know about 2G but I expect it to provide ppp interface (don't know 2G sorry)
15:50 < shtrb|laptop> pzn, if you are an area where facebook zero exist you can setup a friend with a facebook account and setup a tun interface on both sides and to tunnel data over ppp over tun over facebook zero over 3g
15:52 < pzn> shtrb|laptop, that is an interesting network encapsulation method ;-) but no facebook zero here
15:55 < shtrb|laptop> pzn , A shared account has the same problems as shared netflix account someone is going to ruin your setup / quota
15:57 < pzn> shtrb|laptop, there are no "real person" using this shared account. just a hundred of telemetry equipments. very previsible the rate. I don't see any problem in using shared account for this case
15:58 < shtrb|laptop> pzn , in such case if you are allowed having an M2M local network would be less expensive (even zigbee+GSM9000)
16:00 < shtrb|laptop> pzn, you can take any modem (just strap it over arduino/raspberi pi/router) to interact with external network
16:01 < pzn> shtrb|laptop, ok, I'll take a look about that! Thanks for the hiht!
16:01 < shtrb|laptop> If you are lucky you can ever join some city wide mesh network to use it as your backbone
16:08 < jim> hi... can I get an interface's assigned ipv4 address by digging through /sys/class/net/aninterface?
16:09 < jim> so far haven't found anything
16:09 <+catphish> i don't think so, there's another api, but its complicated
16:09 < djph> jim: why not just "ip addr ifname" ?
16:10 < jim> I could probably do that
16:11 < jim> catphish, what's the name of this api so I can look at it closer later?
16:11 < shtrb|laptop> why not /proc/ ?
16:11 <+catphish> jim: it's called netlink http://man7.org/linux/man-pages/man7/netlink.7.html
16:12 <+catphish> specifically "NETLINK_ROUTE Receives routing and link updates and may be used to modify the routing tables (both IPv4 and IPv6), IP addresses, link parameters..."
16:13 <+catphish> it's kinda daunting, but not *that* hard to get a list of IPs if you know how to use a linux API
16:14 < jim> also, can I get ip to output in something like xml, so I can parse it unambiguously?
16:14 < shtrb|laptop> jim , /proc/net had nice stuff (/proc/net/tcp can give you some nice results )
16:15 < jim> I'll take a look at that too
16:15 < shtrb|laptop> local_address in that field is the ... well local address
16:18 < s7r> how to fix the ICMP ping duplicate reply ?
16:19 < ||cw> jim: the oneline option is just whitespace delimited, should be easy to parse
16:23 < aaa_> question this is possible to distinguish https from ircs or ftps...?
16:24 < aaa_> without the ports of course
16:24 < shtrb|laptop> yes
16:25 < jim> ||cw, keep forgetting about that -o
16:25 < aaa_> how ?
16:25 < shtrb|laptop> aaa_, by looking inside :) MITMing or proxying
16:25 < jim> how which?
16:26 < jim> oh nm
16:26 < shtrb|laptop> aaa_ as long as HSTS is not setup the client is unaware of stuff
16:27 < shtrb|laptop> aaa_ that is how fortinet gatware / firewall work (it blocks the bad site) and you allow it to inspect your data
16:28 < aaa_> something similar as hsts exist for other protocols like irc ..?
16:29 < ||cw> hell you could probably infer the protocol just from traffic patterns
16:30 < aaa_> ah nice idea
16:30 < shtrb|laptop> ||cw , with fortinet it's much easier they give you a ca cert you need to install
16:30 < aaa_> lol^^
16:30 < ||cw> irc is going to be mostly in, but in occasional small bursts.  ftp is going to be small outs followed but a larger in followed but a very large in on a different port.  https is going to be varying size sets of bursts
16:31 < shtrb|laptop> and netspark , oh I love netspark
16:31 < ||cw> shtrb|laptop: sure, assuming it can do it to all ssl traffic
16:31 < shtrb|laptop> ||cw , worked "fine" with facebook messanger , IMAPs and HTTPS
16:32 < ||cw> isn't facebook messenger https now?
16:32 < shtrb|laptop> it is
16:33 < ||cw> I'd expect it to also work with ftps, but irc is not so common,
16:33 < ||cw> and what about ssh/sftp?
16:33 < shtrb|laptop> blocked
16:33 < aaa_> and do you know other way to distinguish them ?
16:33 < aaa_> lol
16:34 < aaa_> where do you do that ?
16:34 < shtrb|laptop> netspark even allow whatsapp (acording to their site)
16:34 < aaa_> you block this where ?
16:35 < shtrb|laptop> aaa_ , acdemic facility
16:35 < aaa_> lol
16:35 < shtrb|laptop> it's a whitelist
16:35 < shtrb|laptop> I'm a simple user not the admin
16:36 < shtrb|laptop> netspark can even (acording to the site) handle whatsapp
16:38 < aaa_> ok
16:38 < shtrb|laptop> If your ISP or uni has that switch or use your own provider
16:39 < shtrb|laptop> svn and git need to be specially requested (for each domain) , oh you wish to have hg forget it
16:43 < aaa_> no other way to distinguish themù ??
16:44 < shtrb|laptop> other than usage patterns, and full read what more do you need ?
16:45 < shtrb|laptop> setup tcpdump do some irc/ https / ftps traffic  , export into a nice doc and let weka train over it
16:45 < ||cw> what are you trying to do?
16:45 < shtrb|laptop> the output is a good start for binary identification for usage type for that types
16:46 < shtrb|laptop> aaa_ , https://www.cs.waikato.ac.nz/ml/weka/
17:06 < s7r> i have 2 gateways on the same interface, one for the host os and one for the virtual machines. when i ping any destination from inside a vm i get a duplicate icmp reply from the host's gateway. how to fix this
17:07 < ne2k> dawhu
17:07 < ne2k> you have a gateway on an interface?
17:07 < ne2k> what does that even mean
17:08 < alexkaren> Anyone here decent at redistributing OSPF/RIP/EIGRP? I'm having a really garbage time with it
17:09 < ne2k> alexkaren, I know a bit about OSPF on RouterOS
17:09 < ne2k> alexkaren, what are you trying to achieve?
17:10 < alexkaren> I need to redistribute ospf and RIP into EIGRP. My RIP net and OSPF net know about each other and they both know about my EIGRP net. But my EIGRP net doesnt know the paths back
17:10 < ne2k> alexkaren, which OS?
17:11 < alexkaren> Its IOS so its cisco
17:11 < ne2k> alexkaren, I don't know about Cisco specifically, sorry. but typically, you'd be looking for a setting like "redistribute other x" in the EIGRP settings
17:12 < alexkaren> yeah. I have the command to do it but its not functioning correctly
17:13 < ne2k> what is the command?
17:13 < alexkaren> under Router EIGRP it would be
17:14 < ne2k> I can see eigrp stub connected static in the docs for connected and static, but don't see anything specifically for ospf
17:15 < ne2k> do you need to use the distribute-list ?
17:15 < s7r> ne2k: i am sorry for miswriting the question. i have one interface, one gateway, 2 public ip addresses (one for the host, one to act as a gateway for all the other vms on this host)
17:15 < ne2k> s7r, and those two addresses are in the same subnet? why would you do that?
17:16 < s7r> they are not in the same subnet. this is how my provider allocated. 1 main IP and other failover secondary ips
17:16 < ne2k> s7r, surely the VMs should either use bridging and use the actual gateway, or they should be on a separate network and use the host as the gateway, with an address on a separate network
17:16 < ne2k> s7r, oh
17:17 < ne2k> s7r, are they on the same interface?
17:17 < ne2k> I am highly confused about the setup and what you're trying to achieve
17:18 < alexkaren> redistribute ospf 1 (this is the process list number) metric <bandwidth in KB> <delay in 10s of microseconds> <reliability where 255 is 100 percent> <load where 255 is 100% load> <MTU which is the minimum MTU of the path>. all the variables are mandatory.
17:19 < s7r> ne2k, yes, 2 public ip addresses in different subnets on the same interface on the host.
17:19 < s7r> the second ip address of the host is the gateway of al virtual machines
17:19 < s7r> guests.
17:19 < s7r> internet is working, but i get duplicate icmp replies.
17:20 < s7r> i get duplicate reply from the gateway of the host
17:20 < ne2k> s7r, and what range are the VMs' addresses coming from?
17:20 < ne2k> this has a really bad smell about it
17:21 < Mandrake> join #linux
17:21 < s7r> ne2k: host interface: main IP: 200.74.245.65, netmask 255.255.255.0, gw 200.74.245.65. secondary IP: 212.36.252.201, netmask 255.255.255.255
17:22 < ne2k> how can it use itself as the gateway?
17:22 < s7r> ne2k: vm IP: 212.36.252.202, netmask 255.255.255.252, gateway 212.36.252.201
17:22 < s7r> sorry gw with .1 at the end not .65
17:22 < s7r> and netmask for secondary ip is .252 at the end not .255
17:23 < ne2k> I have seriously no idea what the point of that is
17:23 < s7r> me too :(
17:23 < ne2k> very wasteful of IPv4 addresses
17:23 < s7r> if i just leave it like this... how bad it is if i get duplicate icmp replies?
17:24 < s7r> will it affect tcp / udp traffic or performance ?
17:30 < ne2k> s7r, what traffic are you sending, and what messages are you getting back?
17:30 < s7r> i am trying to ping google.com
17:30 < s7r> and i get a duplicate replies, from the gateway 200.74.245.1
17:31 < s7r> which is not configured as gateway or anything at all in the virtual machine
17:31 < s7r> this happens when i ping something from the virtual machine, not from the host. from the host all goes well
17:31 < ne2k> s7r, why would you get a reply from the gateway when pinging google?
17:31 < ne2k> the gateway isn't google.com
17:32 < s7r> let me copy paste just one line
17:33 < Kremator> guys, usually the "PING" program/implementation does measure the time taken to a packet to go to destination, or the time taken returning home aswell?
17:33 < ne2k> Kremator, have a think about that for a minute
17:33 < Kremator> ne2k, ?
17:33 < ne2k> Kremator, the answer should be self-evident
17:34 < waydot> Kremator: the measured time is called "round trip time"
17:34 < s7r> ne2k: From 212.36.252.201 (212.36.252.201): icmp_seq=10 Redirect Network(New nexthop: 200.74.245.1 (200.74.245.1)
17:34 < waydot> Kremator: so, the latter
17:34 < ne2k> s7r, right, so it is not a duplicate reply, it is a redirect
17:34 < s7r> 10 packets transmitted, 10 received, +4 duplicates, 0% packet loss, time 9043ms
17:34 < ne2k> s7r, what is the netmask on 212.36.252.201 and 212.36.252.202
17:35 < s7r> 64 bytes from waw02s14-in-f14.1e100.net (172.217.16.46): icmp_seq=10 ttl=55 time=32.1 ms (DUP!)
17:35 < s7r> ne2k: it is 255.255.255.252
17:36 < ne2k> s7r, it's because your forwarding back out the same interface
17:36 < ne2k> you're
17:36 < waydot> Kremator: and also time spent processing the packet locally at the destination ;)
17:36 < Kremator> waydot, ne2k is there an implementation, program that does measure only one way or another?
17:36 < s7r> ne2k: what do you mean?
17:36 < Kremator> waydot, well true, btu thats virtually 0
17:37 < ne2k> s7r, are 212.36.252.201 and 200.74.245.65 assigned to the same interface?
17:38 < s7r> ne2k: no. .201 is assigned to the interface of the host (where the vms are running on virtualization software) and .202 is assigned to the vm, which uses bridged networking to the host
17:38 < waydot> Kremator: not necessarily
17:38 < s7r> .202 is inside the vm
17:39 < waydot> Kremator: anyway, your second question: cisco's ip sla has one-way delay measurements
17:39 < waydot> Kremator: but, depending on the actual delay on the network, it may require really good time synchronization, not to foul the results too much
17:39 < ne2k> s7r, re-read my question
17:40 < s7r> ne2k: i guess yes, if i understand the question right. there is only one physical interface on this server
17:41 < ne2k> s7r, I would suggest putting 212.36.252.201 on a separate bridge and connecting the VMs to that, not to a bridge with the main host NIC on it
17:42 < s7r> ne2k: so build another as a router with .201?
17:42 < ne2k> another what?
17:42 < s7r> what gateway should 212.36.252.201 have ?
17:43 < s7r> another virtual machine
17:43 < ne2k> s7r, no, I said put the address 212.36.252.201 on to a seprate bridge interface on the host
17:44 < ne2k> not the bridge with the main NIC in it
17:44 < ne2k> I really don't understand the point of this setup at all, but this would seem to be the more sensible way to go about implementing what you appear to have
17:47 < s7r> this is what they recommend... and to setup a bridge i see i need to select 2 connections
17:47 < s7r> i have one
17:47 < ne2k> what OS is the host?
17:48 < ne2k> and what is the provider?
17:49 < ne2k> are the addresses you gave me fake?
17:49 < mmlj4> I'm looking for a mini-PCIe MIMO dual-antenna AC job that'll do hostapd, and ISN'T made in china.. do I have any options?
17:50 < djph> nope
17:50 < djph> ... well, Intel *may* be Taiwan
17:51 < ne2k> mmlj4, you'll struggle to find anything that isn't /made/ in china, but as for company ownership, you could try MikroTik, they have the https://mikrotik.com/product/R11e-5HacD
17:51 < mmlj4> I can gander at it
17:51 < ne2k> atheros chipset, USD $49
17:51 < mmlj4> but I'm really, really not wanting anything trojaned by the people's army
17:53 < mmlj4> I found something labelled industrial, big fanycy heat sink... $200
17:53 < mmlj4> fancy
17:55 < waydot> o.O
17:56 < s7r> ne2k, host is windows
17:56 < mniip> hello there
17:57 < s7r> ne2k: thank you for your support. i will open a ticket with them and see what they say since they only advised me to enable ip forwarding
17:57 < ne2k> s7r, are you sure you can't set up the vms to just use the main gateway as the gateway, with point-to-point addressing?
17:57 < ne2k> it seems retarded to waste three addresses just to get you one on a VM
17:58 < mniip> I'm trying to setup L2TP over IPSec usnig various online guides, and it bothers me that I've never told l2tpd (xl2tpd) to use IPSec. Is that normal?
17:58 < brutuz> anyone has experience in nexus 5k?
17:58 < s7r> they said that could be done too, but to use the .201 ip with 255.255.255.255 netmask instead of .252 but that doesn't work. and i need to make some kind of a static route to the main ip subnet
17:59 < ne2k> s7r, what is the guest?
17:59 < s7r> debian
18:01 < ne2k> s7r, try ip addr add dev eth0 212.36.252.201/32; ip r add 200.74.245.1/32 dev eth0; ip r add default ga 200.74.245.1;
18:03 < s7r> and should i remove .201 from the HOST interface?\
18:04 < mniip> worse it looks like the client is sending data over IPSec, but the L2TP server is trying to respond over regular UDP?
18:04 < ne2k> yes
18:04 < ne2k> s7r, well, try 202 on the guest first
18:04 < ne2k> if this works, you should be able to use 200, 201, 202 and 203 for guests
18:11 < Dan0maN> does anyone remember the parody site that had celebrities explaining networking?
18:14 < mtdms> i cant open my port 80 for using web server, i mean i wanna do nat
18:14 < mtdms> i already open ports in my router
18:14 < mtdms> maybe is because some firewall?
18:14 < ne2k> mtdms, significantly more information required
18:15 <@pppingme> mtdms is the router giving you an error when you try or what happens?
18:15 < mtdms> i have an arris router, i wanna open port 80, for accesing to my local computer from public ip
18:15 < kbaegis> Hi all. Anyone here using keepalived? I'm having an issue with the lvs_sync_daemon_interface config
18:15 < kbaegis> I'd like to be able to use one interface for the VRRP and the VIP on another
18:16 <@pppingme> mtdms ok, so what happens when you try?
18:17 < mtdms> when i use portchecktool.com i get this:
18:18 < mtdms> Problem!  I could not see your service on 189.216.104.104 on port (80).
18:18 < mtdms> Reason: Connection timed out.
18:19 < ne2k> mtdms, in general, you usually need to DNAT /and/ ALLOW in the filter
18:20 < kbaegis> Anyone know if this is possible?
18:20 < kbaegis> I'm uncomfortable with sending VRRP packets (auth or no) across unsecured network segments
18:20 < kbaegis> Much better to handle it on another interface
18:21 < kbaegis> Does keepalived even support this?
18:25 < mtdms> i wanna learn more about networking some good book do you recommend?
18:25 < ne2k> mtdms, did you read the message from Chanserv when you joined?
18:26 < kbaegis> nvm. Figured it out
18:26 < Demos[m]> anyone know if whitebox blades are a thing?
18:27 < kbaegis> Demos[m]: I don't think so. Most of the time the board format and networking interconnect are proprietary
18:27 < kbaegis> Demos[m]: If you find an emerging standard, please let me know!
18:29 < Demos[m]> yeah. Like it would be sweet to have something more standard. Like even just power connections then have everything else in blade
18:29 < Demos[m]> power and maybe mgmt
18:29 < Demos[m]> like would be great for little things that need a metal server and don't need expensive hardware
18:29 < Demos[m]> also interested in any current ARM based blades
18:30 < tds> I seem to remember there were blades as part of the open compute project a while ago, so I don't know if any standards were written then
18:31 < ne2k> Demos[m], https://www.techworm.net/wp-content/uploads/2018/03/Build-your-own-Supper-Computer-with-Raspberry-pi-3-Cluster.png ;-)
18:31 < ne2k> https://newatlas.com/bitscope-raspberry-pi-lanl-supercomputer/52359/ haha
18:32 < Demos[m]> lol no
18:37 < Demos[m]> OCP looks like a good start
18:37 < Demos[m]> thanks for reminding me of em!
19:00 < Apachez> hugge: any comments on this? your network is being used by evil russians ;)  https://twitter.com/leifnixon/status/986211944687439872
19:04 < linux_probe> Shitsno
19:05 < TV`sFrank> Classy
19:06 < linux_probe> it's all swiss cheese, nothing is secure never has been
19:06 < linux_probe> it's a game of whack-a-mole more or less
19:25 < kbaegis> Anyone know of a utility that allows you to replicate NAT pinning from one linux host to another?
19:26 < kbaegis> I route through a vip between two servers. I'd like clients to the network to have a seemless transition when one host goes down
19:27 < kbaegis> For example, to avoid relogging into IRC when simulating an outage :)
19:27 < Demos[m]> oh my god the marketing speak
19:28 < Demos[m]> "World's first platform archetected for composable infrastructure, an adaptable IT engine built for todays workloads and tomorrow's disrupters"
19:28 < Demos[m]> notice how I still don't know what the fuck this product is
19:28 < tds> kbaegis: you probably want conntrackd
19:28 < nullv4lue> wht stef murky
19:29 < kbaegis> tds: ty
19:30 < tda> because you are not a disrupter
19:32 < djph> Demos[m]: sounds like a pad of paper. Probably graph
19:34 < Demos[m]> yeha
19:34 < Demos[m]> probably only works with vendor specific pens
19:44 < kbaegis> Demos[m]: Just FYI, mgmt is pretty standardized. It's extremely common for blades and traditional rackmount equipment to have IPMI over an OOB interface
19:45 < kbaegis> The trouble there is that the interconnect is usually proprietary. UCS, for example, has a massive "Fabric interconnect". Others have open source openvswitch/ONS switches
19:45 < Demos[m]> right "pretty standardized" doesn't really cut iot
19:46 < Demos[m]> :D
19:47 < kbaegis> Demos[m]: IPMI v1.2 https://www.intel.com/content/www/us/en/servers/ipmi/information-storage-definition-rev-1-2.html
19:47 < kbaegis> Dell has their own management crap, but it's still compliant with that spec ^^
19:48 < kbaegis> I haven't stepped into a datacenter to perform a reboot or bios reconfig in years
19:49 < ||cw> kbaegis: nat pinning as in the client's tricking conntrack to open ports?  maybe conntrack-tools can help?
19:50 < kbaegis> Demos[m]: Pretty easy to get a serial over lan connection to set up the networking OOB- <node.ipmi>='printf "\npassword: ";read -s PASS;ipmitool -I lanplus -H <fqdn> -U <user> -P $PASS -p <ipmi port> sol activate'
19:51 < kbaegis> ||cw: ty :) ^^
19:51 <+catphish> hey :)
19:52 < kbaegis> Are you a real catphish?
19:52 <+catphish> yes
19:52 < kbaegis> lol
19:55 < skyroveRR> Mm I miss zapotah..... and his constant mocking on idiots :P
19:55 <+catphish> but this is a nice place now
19:56 < rootanaaa> Is there any whatsapp group?
19:57 <+catphish> err
20:11 < panda81> hi, I understand wenb url encodes ' ' to %20. Is there anything special with '///'?
20:12 < panda81> or in other words, what characters were replaced to '///'?
20:14 < ||cw> panda81: https://en.wikipedia.org/wiki/Percent-encoding
20:19 < panda81> ||cw: Thanks let me elaborate. A program is converting path names, usually from 'c:\program files\test\test.exe' to 'c:/program%20files/test.exe'. But on this one computer I dont have access to, it converts 'e:\program files\test\test.exe' to '///e:/program%20files/test.exe'
20:20 < panda81> I'm baffled at why it wants to insert '///' to the front. Could that computer's e drive have some special property?
20:21 < ||cw> it should be file:///drive:/path
20:21 < ||cw> so it looks like it's dropping the file:
20:25 < drac_boy> hi
20:27 < drac_boy> any of you know of any router that can be customized with a rule that lan port2 is active if wan0 is in use but otherwise cut off (equal to as if it was physically plugged) if wan0's down and so wan1 backup is in use?
20:32 < Phil-Work> drac_boy, depends what that router is
20:32 < Phil-Work> anything that supports scripting (Cisco, Juniper, Linux based, etc.) would do it
20:33 < linux_probe> why in the heck would you want a port disabled as such
20:34 < panda81> ||cw: sorry I mistyped. You are right there is 'file:'. Ordinarily, it converts 'c:\program files\test\test.exe' to 'file:c:/program%20files/test/test.exe'. The other case converts 'e:/program files/test/test.exe' to 'file:///e:/program%20files/test/test.exe'. I'm trying to track down why the former file loads but the latter doesn't
20:35 < kbaegis> I don't have any Sync { } block on my conntrackd example config
20:36 < drac_boy> phil-work hmm scripting..I forgot to think about that...thanks for the mention btw
20:36 < ||cw> panda81: you'd need to look into the app then
20:37 < drac_boy> cisco..hmm..I think that was more than $500 last I tried shop but I'll recheck again as its been a few months so maybe not as expensive now
20:37 < ||cw> drac_boy: you're going to find features like that in a cheap webui router
20:38 < ||cw> you can find older used cisco gear for relatively heap though
20:39 < drac_boy> Linux_probe due to lack of throughput on wan1 so better just knock it offline as to keep some cooperation on the other ports
20:39 < panda81> ||cw: thanks. I was also curious if e could be a network drive?
20:39 < ||cw> panda81: should not matter
20:40 < ||cw> to be a proper browser URI it needs protocol://host/path.  for local paths the host is empty string, that's why there's 3
20:41 < kbaegis> Cisco: marginally easier to configure than linux
20:41 < kbaegis> :)
20:42 < ||cw> drac_boy: why not just set that port with a lower QoS priority in general?
20:45 < panda81> ||cw: gotcha. So e is 100% a local drive? ok then the only other clue is that it's e drive rather than c. Maybe I'll install a VM to test that
20:46 < drac_boy> iicw except that qos would still cut it off anyway as wan1 doesn't have the bandwidth for it
20:47 < Rafaga2k> hi!, how can i test multicast conectivity in a IP-MPLS network ?
20:58 < ||cw> panda81: no, it's a local path.  nothing in this makes any distinction of network drives or not
20:59 < ||cw> drac_boy: uh, no, that's not how qos works
21:02 < drac_boy> iicw well how else do you explain a 14KB/s-bare-minimum device trying to not hog the 5KB/s-max connection?
21:03 < drac_boy> and either way geeze I'm sure I'
21:03 < drac_boy> I'm probably in the wrong category for cisco but they wanted $950 for a router that would work for my network*
21:03 < tda> cisco wants all the money yes
21:03 < The_Shadows> Hello, does anyone know how to see sfp information on comware swtich?
21:04 < Phil-Work> 950 for a Cisco?
21:04 < Phil-Work> that's missing a few 0s
21:04 < drac_boy> tda yeah, the datasheet quotes 50 users recommended so that's somewhat a small router too
21:05 < Peng_> 5 KB is also missing a few zeros?
21:05 < drac_boy> tda oh and btw its 891f if you were wondering which one I had price-checked for online
21:05 < drac_boy> peng..nope its really 5KB on wan1
21:09 < ||cw> drac_boy: it's a 56K modem?
21:10 < ||cw> what does this device do when it doens' tget the bandwidth it wants?
21:10 < kbaegis> Is there a way to increase the logging on conntrackd?
21:13 < drac_boy> yep it is and well that depends which load is running .. if its voice it'll never be able to fail to voicemail properly because it still thinks its connected but theres no way to stuff the codec through that
21:13 < drac_boy> tda at least its a good thing I have zero interest in 'certain' cars .. a bentley for example :p
21:15 < ||cw> guess you need to start building a linux or bsd based router then
21:16 < ||cw> it's going to be easier to block the IP or connection than to turn off the switch port anyway
21:21 < drac_boy> hm I'll think about it but may have to try talk to the supreme court instead due to that being the easiest thing
21:21 < drac_boy> thanks anyhow -_-
21:23 < drac_boy> anyway have to go to an apt soon so might be back early night
21:44 < quint> So I just created a TXT record, accidentally set the TTL to 4 hours, and saved it. Then I re-entered a new TTL of 1 second. Am I going to have to wait 4 hours?
21:44 < ||cw> quint: or purge your local caches, yes
21:45 < ||cw> TTL only really applies to those have queried it already
21:47 < xamithan> How do you clear that on *nix anyway
21:47 < ||cw> xamithan: depends on distro and dns config
21:48 < xamithan> Oh you just restart the service?
21:48 < xamithan> hehe
21:59 < Peng_> Often you're forwarding to other DNS servers, which you may not be able to clear.
22:00 < quint> Yeah in this particular case I'm going to have to wait. It hasn't even propagated fully yet. New domain.
22:01 < quint> I can get it from home, just not a 3rd party that needs to verify the record
22:03 < tds> new domains should propagate pretty much instantly (assuming the name servers involved have all updated), provided nobody has queried for the domain before it existed and got an nxdomain response cached
22:06 < Peng_> If and when aggressive NSEC3 is deployed, it will also matter if people have queried other nearby domains.
22:07 < Peng_> well, aggressive NSEC exists now, but not many TLDs use NSEC
22:10 < tds> ah, I was initially thinking that nsec wouldn't affect it, aggressive nsec seems like a neat idea
23:22 < hugge> Apachez: that seems reasonable since we have like 10 million ip-addresses
23:38 < roxlu> ||cw: I changed my code today. It seems that the issue was related to having 4 threads with each using `select()`.
23:43 < wiresharked> So what is the difference between PXE and RPL?
23:49 < wiresharked> So again with 802.11ax, it has longer guard interval durations. This sounds to me like it's the only thing that will actually slow down performance, because of all of the error correction
23:55 < Sircle__> What does 32 means in 58.218.198.170/32
23:55 < wiresharked> Sircle_: That is the subnet mask
23:55 < Sircle__> yes, its a range but what is it
23:55 < Sircle__> I just forgot
23:55 < wiresharked> Sircle__: That is the subnet mask
23:56 < Sircle__> 58.218.198.170/32 means 58.218.198.*
23:56 < S_SubZero> its one address.
23:57 < Sircle__> how to  58.218.198.*
23:57 < Peng_> Sircle__: You could read some documentation
23:57 < S_SubZero> a /24 I would reckon
23:57 < Sircle__> k
23:58 < wiresharked> Sircle__: Or 255.255.0.0
23:58 < Sircle__> ?
23:58 < wiresharked> That is a class B subnet mask
23:58 < Peng_> wiresharked: That's a /16
23:58 < wiresharked> Oh sorry, I meant 255.0.0.0
23:59 < wiresharked> Peng_: Correct
23:59 < lupine> the internet is classless dudes
23:59 < wiresharked> lupine: Well, yes, that's true with IPV6
--- Log closed Wed Apr 18 00:00:49 2018