--- Log opened Fri Jun 30 00:00:28 2017
00:08 -!- K`Tetch [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has joined #se2600
00:08 -!- K`Tetch [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has quit [Changing host]
00:08 -!- K`Tetch [~no@unaffiliated/ktetch] has joined #se2600
00:08 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has quit [Quit: Leaving.]
00:12 -!- K`Tetch_ [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has quit [Ping timeout: 268 seconds]
05:33 -!- rhia [~rhia@2601:601:4000:adae:82ee:73ff:fe64:1308] has quit [Ping timeout: 276 seconds]
05:45 -!- rhia [~rhia@2601:601:4480:678e:82ee:73ff:fe64:1308] has joined #se2600
05:45 -!- mode/#se2600 [+o rhia] by ChanServ
05:56 -!- rhia [~rhia@2601:601:4480:678e:82ee:73ff:fe64:1308] has quit [Ping timeout: 240 seconds]
05:58 -!- _Synx [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
06:01 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 240 seconds]
06:02 -!- rhia [~rhia@2601:601:4480:678e:82ee:73ff:fe64:1308] has joined #se2600
06:02 -!- mode/#se2600 [+o rhia] by ChanServ
06:43 <@Dolemite> mr0ning, be0tches and h0ez!
07:29  * aestetix hugs Dolemite 
07:58  * Shadow404 pounces both aestetix and Dolemite 
08:43 -!- _Synx is now known as Synx_hm
08:43 -!- Synx_hm [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has quit [Changing host]
08:43 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has joined #se2600
09:03 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has joined #se2600
09:21 < Synx_hm> any of you'alls programed raw networking on BSD/freeBSD?
09:21 < Synx_hm> having a hell of time figuring out socket syscall api with AF_LINK vs PF_LINK (as its described in the fucking manpage)
09:21 < Synx_hm> need raw access to ethernet frames
09:22 <@Dolemite> Not in over a decade
09:22 <@Dolemite> Closer to 2 decades
09:22 <@Corydon76> AF = Address family; PF = Protocol family
09:23 <@Corydon76> As in, if you're doing this at the IP level, you want AF_ constants, but if you're doing it at the TCP/UDP level, you want PF_ constants
09:23 <@Corydon76> Whenever I'm doing network coding, I typically pull out the W Richard Stevens books
09:23 < Synx_hm> k, the manpage describes PF_ descriptors but not AF, either way it compiles with AF_LINK however it doesn't like my passing 0 as the protocol init
09:24 < Synx_hm> ya im considering purchasing it :)
09:24 <@Corydon76> Protocol init?
09:24 < Synx_hm> socket(domain, typ, proto int)
09:25 <@Corydon76> Yeah, 0 won't work.  You want the values returned from getproto(), I think
09:25 < Synx_hm> k
09:25 < Synx_hm> i did try ETH_P_ALL
09:25 < Synx_hm> and that nukes it
09:28 <@Corydon76> What version of FreeBSD?
09:29 <@Corydon76> Some interesting bits here: https://wiki.freebsd.org/SOCK_RAW
09:29 < PigBot> Title: SOCK_RAW - FreeBSD Wiki (at wiki.freebsd.org) http://tinyurl.com/yavn37ps
09:31 <@Corydon76> Proto argument should be IPPROTO_RAW
09:36 < Synx_hm> thanks!
09:36 < Synx_hm> v 10
09:36 < Synx_hm> trying to write some Go app to proxy 802.1x auth between two interfaces on pfSense
09:37 <@Corydon76> See the note that on 10, the packet is mangled
09:37 < Synx_hm> ya im a bit concerned about that may need to investigate doing this through bpf
09:40 < Synx_hm> hrm
09:40 < Synx_hm> syscall.Socket(syscall.AF_LINK, syscall.SOCK_RAW, syscall.IPPROTO_RAW)
09:40 < Synx_hm> returns address family not supported by protocol family
09:42 -!- strages [uid11297@gateway/web/irccloud.com/x-mebhawgwdvwfusem] has joined #se2600
09:42 <@Corydon76> What happens if you change that to AF_INET?
09:46 <@Corydon76> https://forums.freebsd.org/threads/30370/
09:46 < PigBot> Title: Are PF_LINK sockets supported? | The FreeBSD Forums (at forums.freebsd.org) http://tinyurl.com/y7j2oefe
09:47 < Synx_hm> AF_INET returns file descriptor ha
09:47 <@Corydon76> Next question, does it do what you want?
09:47 < Synx_hm> maybe ive misunderstood AF_INET but i thought it abstracted the data link layer out so no ethernet frames
09:48 < Synx_hm> end goal is to open raw socket access on two different interfaces
09:49 < Synx_hm> filtered by ethertype 0x888e (EAPoL 802.1x) and have any traffic that hits int interface be sent out external interface and same for responses coming back from external
09:49 <@Corydon76> So basically, you're building a bridge?
09:50 < Synx_hm> i have example c and python code that does exactly this however they only work on linux and possibly other OS but not BSD based os
09:50 < Synx_hm> basically bridge only for 802.1x auth
09:51 <@Corydon76> I agree that you probably need to be using the bpf interface
09:51 < Synx_hm> ok, quite a bit more reading is instore then
09:51 <@Corydon76> It looks like swaths of the BSD networking code don't work
09:52 <@Corydon76> Or rather, are unimplemented
09:52 <@Corydon76> Remember the story of ping?
09:52 < Synx_hm> ya ha my googling was turning up some interesting (ya not going to work on bsd use bpf) ha
09:56 <@Corydon76> The guy who originally wrote the ping utility originally intended it to be a quick test of the network.  It wasn't working, though, and he discovered that the kernel facility for the packets he wanted to use was unimplemented.  So he spent all night writing the implementation into the kernel, so his ping utility would work.
10:00 < Synx_hm> haha
10:01 < Synx_hm> what fucking mythical creature is bpf, all ive discovered so far is how to generate the byte code with tcpdump
10:01 < Synx_hm> i assume i do some sort of compile and run and get a file descriptor that i can hook into in C or GO and listen/write?
10:02 <@Corydon76> Well, it's a device, first of all
10:02 < Synx_hm> dont feel compelled to walk me through this just more or less curious if ive even understood how the fucking thing works
10:02 <@Corydon76> bpf has a level 4 manual page, which indicates it is a kernel device, similar to en or whatever your Ethernet interface is named
10:03 <@Corydon76> So it should be visible as /dev/bpf*
10:03 < Synx_hm> ya, each bpf program i run generates a new device right and that can be hooked to for read/write?
10:04 <@Corydon76> See the manpage for bpf(4).  It states what you have to do
10:04 < Synx_hm> wilco
10:05 < Synx_hm> thanks much Corydon76! somehow i always manage to eat up your time with odd network/asterisk shit
10:05 <@Corydon76> The funny thing is that the reason I either know or know where to look on socket crap is Asterisk
10:08 <@Corydon76> I assume for your bridging that you're going to code it threaded?
10:10 < Synx_hm> ok full disclosure, im not a Golang dev, i dont have any fucking clue how to read python, and while i have mosting good knowledge of ethernet/and layers above i am pecking in the dark here, i've found example code of exactly what i want to do but it only runs on other devices and i really want to run this in pfSense so im just investigating if ill even be able to learn enough to do it
10:10 < Synx_hm> threading is totally foreign to me, all my dev experience is x86 asm and embedded platforms with asm and C, OOP is a confusing mess and i dont understand the first thing about threading applications
10:10 < Synx_hm> ;)
10:11 <@Mirage> what the hell are you trying to do?
10:11 < Synx_hm> fucking ATT does 802.1x on their DSL and Fiber services, so if you dont use their HORRIBLE router gateway you dont get on their network
10:12 < Synx_hm> ive hacked around it for now doing vlan swapping on my managed switch after the 802.1x auth is completed to keep up the l1 link to the ONT so i can use the router of my choice (pfSense) but id very much like to automated that so incase of power outtage etc i dont have to manual do vlan swaps to get my WAN link back
10:13 <@Dagmar> dafuq are you talking about
10:14 < Synx_hm> hahaha, why do my "projects" always unravel into a discussion on the insanity of what it is that im trying to accomplish
10:15 <@Dagmar> No, I'm talking about the AT&T bit specifically.  Pretty much everything but oh-so-trusting DOCSIS requires a login that represents the customer
10:15 <@Mirage> and ppp can't login to the service?
10:15 <@Dagmar> Considering I don't feel like fucking with multicast routing of IPTV, I just leave their damn gateway in place
10:16 < Synx_hm> i have ATT gigapower FTTH, if you dont plug in their shitty 2wire router gateway (which has no bridge mode) you dont get on the link, they do 802.1x EAPoL auth using private key/cert that is in the att router gateway firmware
10:16 <@Mirage> pfsense is bsd based..and I know for a fact that I used the ppp daemon on OpenBSD to connect and login to Butler's DSL
10:16 < Synx_hm> ya i dont have IPTV from them so that uncomplicated that bit
10:16 < Synx_hm> att isn't doing pppoe
10:17 < Synx_hm> just extensible authentication protocol over lan, similar to how many corp networks auth their wireless clients using certs
10:18 <@Dagmar> Yeah but if it does it, why do you care?
10:18 <@Dagmar> If it fucks up all the time, call AT&T and bitch every time
10:18 < Synx_hm> because the gateway is a pile of shit
10:18 <@Mirage> The TV stuff is easy, just allow IGMP through your firewall to the IPs you assign the "cable" boxes.
10:18 < Synx_hm> it has not bridge mode, and in DMZ mode its passing all of yoru traffic through a NAT table that fills quickly
10:19 <@Dagmar> So it _fails_ frequently is what you're saying?
10:19 <@Dagmar> That would be a reason to call AT&T and complain, _every single time_
10:19 < Synx_hm> basically, and is a performance turd, and that would put my pfSense firewall behind a 1:1 NAT table
10:19 < Synx_hm> i prefer to just remove the equipment from the picture, and i already have that part working
10:20 < Synx_hm> just not automated ;)
10:20 <@Dagmar> I take a more pragmatic approach
10:20 <@Mirage> Synx_hm: when I was on ATT after I first moved out here to TX the router ran some fucked up custom firmware with a hosed ARP stack.. It would only allow mapping one MAC to one IP.   This was a huge issue for me (until I worked around it) because I normally have my firewall present all the public IPs I have and then NAT/Bi-NAT them to the correct internal host
10:21 <@Dagmar> ...that I have surge protection for _my_ equipment, and I'm not about to spend it on theirs.
10:21 <@Dagmar> If lightning strikes the pole outside, their router will blow up, I will call them and tell them to send a new one.
10:22 < Synx_hm> Mirage, ya its a botch job for sure they done a great job of fucking up the networkstack on the thing, and whats better then even expect business customers to use it BWAHAHA
10:22 <@Mirage> Synx_hm: last time I talked to one of their engineers (because the normal ppl on the phone have no clue wtf you're talking about when you start talking about ARP, etc), they claimed taht issue was fixed.
10:22 <@Dagmar> I'm not goign to go buy a separate surge suppressor for the DSL line
10:22 < Synx_hm> i dont have dls ;)
10:22 < Synx_hm> unless lightning can jump the air gap and ride on fiber
10:22 <@Dagmar> Well they're not smart enough to run any fiber here
10:22 < Synx_hm> dsl
10:22 <@Dagmar> I'm actually about to go back to Comcast
10:23 < Synx_hm> Dagmar, i cant remember are you not local to Nash?
10:23 <@Dagmar> I'm just north of it in Goodlettsville now.
10:23 <@Dagmar> Practically on the far side of Rivergate
10:23 < Synx_hm> Mirage, they are clueless, only in the past few weeks have then been migrating their ipv6 6rd setup to native dual stack, on 6rd it was so fucked up it was near useless form routing perspective and peering
10:24 <@Dagmar> The AT&T connection here is 18mbps up, except their equipment does a shit job of managing high loads, so should you actually be _uploading_ something, throughput goes to hell
10:24 <@Dagmar> That's the sort of shit that'll make me call up Comcast
10:24 <@Evilpig> Mirage: they haven't fixed that issue.  my dad just moved off att to comcast two weeks ago and when I had his shit set up to pass the ip off, I was getting double ping replies from him
10:25 < Synx_hm> ha
10:25 < Synx_hm> and you are all asking me why i want to remove their horrid equipment from my stack
10:44 <@Evilpig> I'm not questioning.  Then again I've recently given up tweaking my network stuff by hand and adopted an off the shelf router
10:46 < Synx_hm> :) pfSense is kinda mostly off the shelf, just buy one of the oh so sweet netgate boxes or provide your own hardware
10:53 <@Evilpig> I went ubiquiti
10:58 < dc0de[m]> I went pfsense years ago, 2009?, and haven't done anything I like better/priced
11:00 <@Mirage> back, bunch of pussies..  Just build your own with OpenBSD
11:00 <@Mirage> er, s/back/bah/
11:00  * Mirage is poorly multitasking
11:02 < _NSAKEY> Mirage: I actually considered rolling my own with Alpine Linux.
11:04 < Synx_hm> Evilpig, i do like their edgerouter stuff and i use their uap's but last i looked it was too pricy to get 1gbps wan routing performance
11:05 < Synx_hm> Corydon76, if you are curious here is the python code i found to do this very thing but on linux, https://github.com/ShadwDrgn/eap_proxy/blob/master/eap_proxy.py
11:05 < PigBot> Title: eap_proxy/eap_proxy.py at master · ShadwDrgn/eap_proxy · GitHub (at github.com) http://tinyurl.com/y927q8bx
11:05 <@Corydon76> I still haven't learned Python
11:06 < Synx_hm> i dont understand all of it but it seems simple enough i think i get the system calls its making to make it work
11:07 < Synx_hm> pfSense has python2.7 at least with the packages im using but alas no AF_PACKET or PF_PACKET exists in BSD
11:14 <@Evilpig> Synx_hm: I am using their USG,  I put one at my house, one at my mom's and one at my dad's and then setup site-to-site vpn's for all of them back to me
11:15 <@Evilpig> now when I need to fix their printer or something I just do it directly
11:15 < Synx_hm> sweet
11:15 <@Evilpig> at mom's I put in two of their mesh access points to connect mom's house to grandpa's as well
11:15 < Synx_hm> how do you like the mesh gear?
11:16 <@Evilpig> It works well.  It does not update well
11:16 <@Evilpig> I cannot push a remote code update at all
11:16 < Synx_hm> :(
11:16 < Synx_hm> you running the mgmt tool full time?
11:16 <@Evilpig> I think that's just a bug in their software that I need to report
11:16 <@Evilpig> yeah I have it running on one of my virtual hosts
11:16 < Synx_hm> cool
11:17 <@Evilpig> I get emails when either of their internet goes down and if I start getting repeat notices I just call the internet company for them and get whatever fixed
11:21 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has quit [Quit: Leaving.]
11:39 <@Corydon76> Evilpig: I assume that you've seen that Ubiquiti's software is just rebranded Linux, right?
11:40 <@Corydon76> I'm curious whether we might be able to update their firmware from the command line
11:57 < Synx_hm> at lest with the UAP's you can SSH in and i believe provide firmware bins to its stripped down shell
11:57 < Synx_hm> but that nukes its config/provisioning so the controller software needs to get back to it
11:58 < Synx_hm> perhaps use a cloud controller on a ipsec tunnel running in a free instance of amazon e2c?
12:05 <@Evilpig> Corydon76: I've been in the command line and seen that myself
12:06 <@Evilpig> It's just like getting a synology nas appliance.  still linux under the hood with a nice user friendly ui
13:32 < aestetix> you know you're getting really into the classics when you can tell how good a book will be because you recognize the translator
13:51 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has joined #se2600
14:18 -!- _Synx [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
14:19 -!- K`Tetch_ [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has joined #se2600
14:22 -!- xray [~xray@c-73-43-4-206.hsd1.ga.comcast.net] has quit [Quit: Ping timeout (120 seconds)]
14:22 -!- K`Tetch [~no@unaffiliated/ktetch] has quit [Ping timeout: 255 seconds]
14:22 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 255 seconds]
15:24 <@rattle> https://www.usnews.com/news/articles/2017-06-21/intelligence-database-worker-illegally-looked-up-edward-snowden-others-hundreds-of-times
15:24 < PigBot> Couldn't snarf url: HTTP Error 403: Forbidden. http://tinyurl.com/yb2su7vz
15:42 -!- _Synx [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has quit [Quit: Leaving]
15:50 -!- crashcartpro [uid29931@gateway/web/irccloud.com/x-wtzajgovpuqckgqp] has quit [Quit: Connection closed for inactivity]
15:54 <@Mirage> Dagmar: You might like this.   (current background not 100% SFW) https://www.youtube.com/watch?v=L20jby2Jzrw
15:54 < PigBot> Title: EDM, Trap Music, Gaming Music 24/7 Live Stream Radio - YouTube (at www.youtube.com) http://tinyurl.com/y8vvq8tq
21:09 <@Catonic> arg, this is hard-headed stuff
21:10 <@Catonic> $proggie absolutely wants to bind to $outside IP, but I want to tunnel between $host1 and $host2 on port $special
21:20 < dc0de[m]> Socks proxy the port?
21:42 <@Catonic> would that I could convince it to
21:42 <@Catonic> idk, I'm going to engage the developer and see if I can communicate it. I think there are some hinks about the protocol I'm not seeing
21:49 -!- xray [~xray@c-73-43-4-206.hsd1.ga.comcast.net] has joined #se2600
--- Log closed Sat Jul 01 00:00:31 2017