search for: habets

...#39;'external'' one and eth[1-4] are supposed to be limited to 128Kbit/s each. The interfaces eth[1-4] each have a C-class net, 192.168.[1-4].0/24. Thanks for any and all help. linux 2.4.0-test9 debian 2.2 (potato) --------- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomas@habets.pp.se" }; char kernel[] = { "Linux 2.2" }; char *pgpKey[] = { "finger -m thompa@darkface.pp.se" }; char pgpfinger[] = { "6517 2898 6AED EA2C 1015 DCF0 8E53 B69F 524B B541" }; char coolcmd[] = { &q...

> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? Stephen

...he contents of /tmp/u2f-key.pub to your authorized_keys file on the server. >From now on, you should be prompted to touch the registered U2F security key after successful publickey authentication. In case you want to register another U2F security key, just repeat the process. Thanks to Thomas Habets, Christian Svensson and Axel Wagner for their support in implementing/discussing/testing this feature. [1] https://fidoalliance.org/ [2] http://googleonlinesecurity.blogspot.ch/2014/10/strengthening-2-step-verification-with.html [3] https://www.noname-ev.de/w/File:C14h-u2f-how-security-keys-work.p...

Since OpenSSH has PKCS11 support nowadays that means it should work with a TPM chip, right? Has anyone done it and would like to share instructions for setting it up? Something like this but for SSH: http://blog.habets.pp.se/2012/02/TPM-backed-SSL -- typedef struct me_s { ?char name[] ? ? ?= { "Thomas Habets" }; ?char email[] ? ? = { "thomas at habets.pp.se" }; ?char kernel[] ? ?= { "Linux" }; ?char *pgpKey[] ? = { "http://www.habets.pp.se/pubkey.txt" }; ?char pgp[] = { &q...

At this point it should be obvious, but let me state that I don?t have motivation/time to spend on this right now, given that upstream shows 0 interest in this at all :(. Hence, any help on this is welcome. On Sat, Dec 27, 2014 at 1:53 AM, Thomas Habets <thomas at habets.se> wrote: > On 24 December 2014 at 18:57, Michael Stapelberg > <stapelberg+openssh at google.com> wrote: > > In case you?re interested, please feel free to try the patch. I?m happy > for > > any feedback. All you need is libu2f-host installed and...

The intent of this option is similar to "tls-auth" in openvpn[1]: To refuse to talk to anyone who doesn't know the shared secret. You could compare this to port knocking, in that it solves a similar problem. This also prevents RST attacks from killing an existing connection, even when attacker can sniff sequence numbers. This feature doesn't work through NAT, since the source

On Sun, Dec 24, 2017 at 9:54 PM, David Newall <openssh at davidnewall.com> wrote: > On 25/12/17 00:11, John Devitofranceschi wrote: >> >> Besides ssh.com?s PrivX product, has anyone created a web service that can >> be used to issue temporary certkeys to authenticated users? >> >> Any pointers appreciated! > > > I expect that what I'm about to

On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: > > The socket option is enabled *after* connection establishment, thus > > doesn't protect against SYN floods. This is because server doesn't > > know (in userspace) what the address of the peer is until they > > connect. Again because signed addresses. > So could they exchange a secret

On Fri, Jan 15, 2016 at 1:07 PM, Alex Bligh <alex at alex.org.uk> wrote: > On 15 Jan 2016, at 11:44, Thomas ? Habets <habets at google.com> wrote: >> On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: [snip] > 3. Server compares supplied address/port pair with what it sees > (to detect DNAT like Amazon elastic IPs), and if they are the > same, it waits for the TC...

On Wed, Nov 27, 2019 at 03:11:51PM +0000, Martin Habets wrote: > Your @work correctly identifies that the drivers/net/ethernet/sfc drivers need patching, but the actual patches for them are missing. > Please add those. Makes me wonder if any other files are missing patches. > > Martin Good point, pattern was missing _ in variable name. Wil...

...erdict after the comment. Subash Abhinov Kasiviswanathan (1): xtables: Add an interval option for xtables lock wait Tejun Heo (3): libxt_cgroup: prepare for multi revisions libxt_cgroup2: add support for cgroup2 path matching extensions: libxt_cgroup: add unit test Thomas Habets (1): iptables-save: exit with error if unable to open proc file Thomas Woerner (1): ip6tables: Warn about use of DROP in nat table Vishwanath Pai (3): extensions: libxt_NFLOG: nflog-range does not truncate packets extensions: libxt_hashlimit: Prepare libxt_hashlimit.c for...

A bunch of drivers want to know which tx queue triggered a timeout, and virtio wants to do the same. We actually have the info to hand, let's just pass it on to drivers. Note: tested with an experimental virtio patch by Julio. That patch itself isn't ready yet though, so not included. Other drivers compiled only. Michael S. Tsirkin (3): netdev: pass the stuck queue to the timeout

A bunch of drivers want to know which tx queue triggered a timeout, and virtio wants to do the same. We actually have the info to hand, let's just pass it on to drivers. Note: tested with an experimental virtio patch by Julio. That patch itself isn't ready yet though, so not included. Other drivers compiled only. Michael S. Tsirkin (3): netdev: pass the stuck queue to the timeout

Em qua., 27 de nov. de 2019 ?s 12:12, Martin Habets <mhabets at solarflare.com> escreveu: > > Your @work correctly identifies that the drivers/net/ethernet/sfc drivers need patching, but the actual patches for them are missing. > Please add those. Makes me wonder if any other files are missing patches. Since, I'm adding new stuff...

...ces which actually call ndo_tx_timeout. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> Acked-by: Heiner Kallweit <hkallweit1 at gmail.com> Acked-by: Jakub Kicinski <jakub.kicinski at netronome.com> Acked-by: Shannon Nelson <snelson at pensando.io> Reviewed-by: Martin Habets <mhabets at solarflare.com> changes from v7: fixup leftovers from v3 change changes from v6: fix typo in rtl driver changes from v5: add missing files (allow any net device argument name) changes from v4: add a missing driver header changes from v3: change queue # to unsigned Cha...

...ces which actually call ndo_tx_timeout. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> Acked-by: Heiner Kallweit <hkallweit1 at gmail.com> Acked-by: Jakub Kicinski <jakub.kicinski at netronome.com> Acked-by: Shannon Nelson <snelson at pensando.io> Reviewed-by: Martin Habets <mhabets at solarflare.com> changes from v9: more leftovers from v3 change changes from v8: fix up a missing direct call to timeout rebased on net-next changes from v7: fixup leftovers from v3 change changes from v6: fix typo in rtl driver changes from v5: add missing fil...

...ces which actually call ndo_tx_timeout. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> Acked-by: Heiner Kallweit <hkallweit1 at gmail.com> Acked-by: Jakub Kicinski <jakub.kicinski at netronome.com> Acked-by: Shannon Nelson <snelson at pensando.io> Reviewed-by: Martin Habets <mhabets at solarflare.com> changes from v8: fix up a missing direct call to timeout rebased on net-next changes from v7: fixup leftovers from v3 change changes from v6: fix typo in rtl driver changes from v5: add missing files (allow any net device argument name) changes from v4: add...

This series add two important features. One of them changes the .ndo_tx_timeout to include an extra parameter to identify the stuck queue. Many drivers are using a nester loop to identify which queue is stooped/stucked. This is a redundant work since dev_watchdog is doing exactly the same thing. This is so interesting for other drivers to in terms of code optimization. The second part (second

This series add two important features. One of them changes the .ndo_tx_timeout to include an extra parameter to identify the stuck queue. Many drivers are using a nester loop to identify which queue is stooped/stucked. This is a redundant work since dev_watchdog is doing exactly the same thing. This is so interesting for other drivers to in terms of code optimization. The second part (second

A bunch of drivers want to know which tx queue triggered a timeout, and virtio wants to do the same. We actually have the info to hand, let's just pass it on to drivers. Note: tested with an experimental virtio patch by Julio. That patch itself isn't ready yet though, so not included. Other drivers compiled only. Michael S. Tsirkin (3): netdev: pass the stuck queue to the timeout