Re: quiz(6): update european countries

[Daniel Dickman]

On Sat, Jul 2, 2022 at 9:26 PM Ben Fuller  wrote:
>
> I noticed Montenegro doesn't have an entry. Presumably this file hasn't
> been updated since before 2006!

These files could use a big overhaul and are very dated.

In the below, make sure to keep the file sorted.

In the Europe file there are other issues. For example I think
Macedonia is now North Macedonia, etc.

There are many issues in the other files. For example africa doesn't
have Eswatini, etc, etc.

Do you want to take a stab at doing a bigger update of the 4 quiz
files? africa, america, europe, asia?

>
> diff --git games/quiz/datfiles/europe games/quiz/datfiles/europe
> index 83af7320713..fec2746c3b2 100644
> --- games/quiz/datfiles/europe
> +++ games/quiz/datfiles/europe
> @@ -27,6 +27,7 @@ Luxembourg:Luxembourg
>  Malta:Valletta
>  Moldova:Chisinau|Kishinev
>  Monaco:Monaco
> +Montenegro:Podgori[ca|tsa]
>  Netherlands|Holland:The Hague|'sGravenhage|den Haag|Amsterdam
>  Norway:Oslo
>  Poland:Wars[aw|zawa]
> @@ -41,4 +42,4 @@ Sweden:Stockholm
>  Switzerland:Bern{e}
>  Turkey:Ankara
>  Ukraine:Kiev|Kyiv
> -Yugoslavia:Belgrade|Beograd
> +Serbia:Belgrade|Beograd
>

Re: Bug in iked

[Tobias Heider]

On Wed, Jun 22, 2022 at 01:02:17PM +, Sibar Soumi wrote:
> Dear OpenBSD developers
> 
>  
> 
> I would like to report an error in iked.
> 
>  
> 
> The error occurs with the processing logic in case of simultaneous Child SA 
> rekeying. That is, by simultaneous rekeying, two Child SAs are created and 
> “the SA created with the lowest of the four nonces used in the two exchanges 
> SHOULD be closed by the endpoint that created it” (RFC7296 section 2.8.1).
> 
>  
> 
> This decision is made in the iked implementation in ikev2.c in the if block 
> from L4390 
> 
>   until L4407 
> 
>  .
> 
>  
> 
> But nr is not set to the minimum nonce for exchange initiated by peer but by 
> us, and ni which comes from sa->sa_simulat is already set to the minimum 
> nonce for exchange initiated by peer.
> 
>  
> 
> Therefore, the comment in line 4393 shall be corrected and the comparison in 
> line 4402 shall be “ikev2_nonce_cmp(nr, ni) < 0” instead of 
> “ikev2_nonce_cmp(ni, nr) < 0” because the SA that has just been created by us 
> shall be deleted, if nr 
>  
> 
> Best regards
> 
>  
> 
>  
> 
> Sibar Soumi
> 
> Software Developer
> 
>  
> 
> achelos GmbH | Vattmannstraße 1 | 33100 Paderborn | GERMANY 
> 
> sibar.so...@achelos.de   | www.achelos.de 
>   | www.iot.achelos.com 
>   | Follow us: LinkedIn 
>   | XING 
>    | YouTube 
>  
> 
>  
> 
> Die achelos GmbH ist nach ISO 9001 und ISO 27001 zertifiziert. | achelos GmbH 
> is certified according to ISO 9001 and ISO 27001.
> 
> Geschäftsführung | Executive Board: Kathrin Asmuth, Thomas Freitag
> 
> Registergericht | register court: Paderborn, HRB 8817 | USt-IdNr. | VAT ID 
> number: DE260414872
> 
>  
> 
> Diese Mitteilung ist vertraulich. Wenn Sie nicht der beabsichtigte Empfänger 
> sind, ist jegliche Verwendung, Beeinträchtigung, 
> 
> Offenlegung oder Vervielfältigung dieses Materials unautorisiert und 
> verboten. Bitte informieren Sie uns umgehend und 
> 
> vernichten Sie die E-Mail. | This communication is confidential. If you are 
> not the intended recipient, any use, interference with, 
> 
> disclosure or copying of this material is unauthorised and prohibited. Please 
> inform us immediately and destroy the email.
> 

Hi Sibar,

thanks for the report!
It looks like you are right, the current comparison is indeed wrong.
I think the best fix would be to switch ni and nr, which I think was the
original intention here. ni should be the nonce for the exchange where
we are initiator, nr is where we are responder.
RFC7296 says that when our nonce < peer nonce we delete our simultaneously
proposed child SA, so this should fix the comparsion below at

4402 if (ikev2_nonce_cmp(ni, nr) < 0) {
4403 ret = ikev2_childsa_delete_proposed(env, sa,
4404 >sa_proposals);

Below is my proposed fix.

ok?

Index: ikev2.c
===
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.347
diff -u -p -r1.347 ikev2.c
--- ikev2.c 28 May 2022 18:51:16 -  1.347
+++ ikev2.c 3 Jul 2022 12:20:33 -
@@ -4387,14 +4387,14 @@ ikev2_init_create_child_sa(struct iked *
sa->sa_rnonce = msg->msg_nonce;
msg->msg_nonce = NULL;
 
-   if (csa && (ni = sa->sa_simult) != NULL) {
+   if (csa && (nr = sa->sa_simult) != NULL) {
log_info("%s: resolving simultaneous CHILD SA rekeying",
SPI_SA(sa, __func__));
-   /* set nr to minimum nonce for exchange initiated by peer */
+   /* set ni to minimum nonce for exchange initiated by us */
if (ikev2_nonce_cmp(sa->sa_inonce, sa->sa_rnonce) < 0)
-   nr = sa->sa_inonce;
+   ni = sa->sa_inonce;
else
-   nr = sa->sa_rnonce;
+   ni = sa->sa_rnonce;
/*
 * If the exchange initated by us has smaller nonce,
 * then we have to delete our SAs.

Re: netstart: create virtual interfaces upfront when passing specific ones

[Klemens Nanni]

On Sun, Jul 03, 2022 at 01:55:44PM +0200, Alexander Hall wrote:
> On Sun, Jul 03, 2022 at 09:59:21AM +, Klemens Nanni wrote:
> > ...
> > _ifs seems like idiomatic way in our shell code, i.e. assign function
> > arguments to local variables, but $@ is a bit special.
> > 
> > In fact, "$@" is `set -u' clean whereas "${_ifs[@]}" is not.
> > netstart does not use `set -u', but it's still an argument for the $@:
> > 
> > $ set -u
> > $ set -A _ifs -- "$@"
> > $ echo "$@"
> > 
> > $ echo "${_ifs[@]}"
> > ksh: _ifs[@]: parameter not set
> 
> FWIW, this would work if $@ had any parameters. IIRC,
> `set -A  --` with no additional parameters is essentially the
> same as unset.
> 
> $ set -u
> $ set -A a -- 1 2 3
> $ echo ${a[@]}  
> 1 2 3
> $ set -A a --   
> $ echo ${a[@]} 
> ksh: a[@]: parameter not set
> 
> > 
> > 
> > This works like a charm for me and behaviour only differs if I actually
> > pass interfaces:
> > 
> > # sh /etc/netstart -n > old
> > # sh /usr/src/etc/netstart -n > new
> > # diff -u old new ; echo $?
> > 0
> > 
> > # sh /etc/netstart -n pair1 pair2 > old-ifs
> > # sh /usr/src/etc/netstart -n pair1 pair2 > new-ifs
> > # diff -u old-ifs new-ifs
> > --- old-ifs Sun Jul  3 13:54:51 2022
> > +++ new-ifs Sun Jul  3 13:54:45 2022
> > @@ -1,4 +1,6 @@
> >  { ifconfig pair1 || ifconfig pair1 create; }
> > +{ ifconfig pair2 || ifconfig pair2 create; }
> > +{ ifconfig pair1 || ifconfig pair1 create; }
> >  ifconfig pair1 inet 192.0.0.4/29
> >  ifconfig pair1 patch pair2
> >  { ifconfig pair2 || ifconfig pair2 create; }
> > 
> > 
> > Feedback? Objection? OK?
> 
> OK halex@, with two minor nits, free to ignore, below.

Thanks.

> > Index: netstart
> > ===
> > RCS file: /cvs/src/etc/netstart,v
> > retrieving revision 1.218
> > diff -u -p -r1.218 netstart
> > --- netstart26 Jun 2022 09:36:13 -  1.218
> > +++ netstart3 Jul 2022 09:46:05 -
> > @@ -11,6 +11,17 @@ usage() {
> > exit 1
> >  }
> >  
> > +# Test the first argument against the remaining ones, return success on a 
> > match.
> > +isin() {
> > +   local _a=$1 _b
> > +
> > +   shift
> > +   for _b; do
> > +   [[ $_a == "$_b" ]] && return 0
>  ^ Superfluous but, well... :)

I won't change the function here as it is shared and synced code.
If at all, all copies should be adapted.

> > +   done
> > +   return 1
> > +}
> > +
> >  # Echo file $1 to stdout. Skip comment lines. Strip leading and trailing
> >  # whitespace if IFS is set.
> >  # Usage: stripcom /path/to/file
> > @@ -94,7 +105,8 @@ ifcreate() {
> >  }
> >  
> >  # Create interfaces for network pseudo-devices referred to by hostname.if 
> > files.
> > -# Usage: vifscreate
> > +# Optionally, limit creation to given interfaces only.
> > +# Usage: vifscreate [if ...]
> >  vifscreate() {
> > local _vif _hn _if
> >  
> > @@ -106,6 +118,10 @@ vifscreate() {
> > # loopback for routing domain is created by kernel
> > [[ -n ${_if##lo[1-9]*} ]] || continue
> >  
> > +   if (($# > 0)) && ! isin $_if "$@"; then
> > +   continue
> > +   fi
> 
> A simple && chain would follow the loopback exception syntax above.
> 
>   (($# > 0)) && ! isin $_if "$@" && continue

Which is a bit too close to

(($# > 0)) && isin $_if "$@" || continue

which reads the same but will also `continue' if $# is zero, a common
pitfall with &&/||, hence why I opted for the explicit if/then around
combined conditions.

> > +
> > if ! ifcreate $_if; then
> > print -u2 "${0##*/}: create for '$_if' failed."
> > fi
> > @@ -313,7 +329,11 @@ $PRINT_ONLY || [[ ! -f /etc/soii.key ]] 
> >  
> >  # If we were invoked with a list of interface names, just reconfigure these
> >  # interfaces (or bridges), add default routes and return.
> > +# Create virtual interfaces upfront to make ifconfig commands depending on
> > +# other interfaces, e.g. "patch", work regardless of in which order 
> > interface
> > +# names were specified.
> >  if (($# > 0)); then
> > +   vifscreate "$@"
> > for _if; do ifstart $_if; done
> > defaultroute
> > return
> 
> /Alexander
> 

Re: netstart: create virtual interfaces upfront when passing specific ones

[Alexander Hall]

On Sun, Jul 03, 2022 at 09:59:21AM +, Klemens Nanni wrote:
> ...
> _ifs seems like idiomatic way in our shell code, i.e. assign function
> arguments to local variables, but $@ is a bit special.
> 
> In fact, "$@" is `set -u' clean whereas "${_ifs[@]}" is not.
> netstart does not use `set -u', but it's still an argument for the $@:
> 
>   $ set -u
>   $ set -A _ifs -- "$@"
>   $ echo "$@"
> 
>   $ echo "${_ifs[@]}"
>   ksh: _ifs[@]: parameter not set

FWIW, this would work if $@ had any parameters. IIRC,
`set -A  --` with no additional parameters is essentially the
same as unset.

$ set -u
$ set -A a -- 1 2 3
$ echo ${a[@]}  
1 2 3
$ set -A a --   
$ echo ${a[@]} 
ksh: a[@]: parameter not set

> 
> 
> This works like a charm for me and behaviour only differs if I actually
> pass interfaces:
> 
>   # sh /etc/netstart -n > old
>   # sh /usr/src/etc/netstart -n > new
>   # diff -u old new ; echo $?
>   0
> 
>   # sh /etc/netstart -n pair1 pair2 > old-ifs
>   # sh /usr/src/etc/netstart -n pair1 pair2 > new-ifs
>   # diff -u old-ifs new-ifs
>   --- old-ifs Sun Jul  3 13:54:51 2022
>   +++ new-ifs Sun Jul  3 13:54:45 2022
>   @@ -1,4 +1,6 @@
>{ ifconfig pair1 || ifconfig pair1 create; }
>   +{ ifconfig pair2 || ifconfig pair2 create; }
>   +{ ifconfig pair1 || ifconfig pair1 create; }
>ifconfig pair1 inet 192.0.0.4/29
>ifconfig pair1 patch pair2
>{ ifconfig pair2 || ifconfig pair2 create; }
> 
> 
> Feedback? Objection? OK?

OK halex@, with two minor nits, free to ignore, below.

> 
> 
> Index: netstart
> ===
> RCS file: /cvs/src/etc/netstart,v
> retrieving revision 1.218
> diff -u -p -r1.218 netstart
> --- netstart  26 Jun 2022 09:36:13 -  1.218
> +++ netstart  3 Jul 2022 09:46:05 -
> @@ -11,6 +11,17 @@ usage() {
>   exit 1
>  }
>  
> +# Test the first argument against the remaining ones, return success on a 
> match.
> +isin() {
> + local _a=$1 _b
> +
> + shift
> + for _b; do
> + [[ $_a == "$_b" ]] && return 0
 ^ Superfluous but, well... :)

> + done
> + return 1
> +}
> +
>  # Echo file $1 to stdout. Skip comment lines. Strip leading and trailing
>  # whitespace if IFS is set.
>  # Usage: stripcom /path/to/file
> @@ -94,7 +105,8 @@ ifcreate() {
>  }
>  
>  # Create interfaces for network pseudo-devices referred to by hostname.if 
> files.
> -# Usage: vifscreate
> +# Optionally, limit creation to given interfaces only.
> +# Usage: vifscreate [if ...]
>  vifscreate() {
>   local _vif _hn _if
>  
> @@ -106,6 +118,10 @@ vifscreate() {
>   # loopback for routing domain is created by kernel
>   [[ -n ${_if##lo[1-9]*} ]] || continue
>  
> + if (($# > 0)) && ! isin $_if "$@"; then
> + continue
> + fi

A simple && chain would follow the loopback exception syntax above.

(($# > 0)) && ! isin $_if "$@" && continue

> +
>   if ! ifcreate $_if; then
>   print -u2 "${0##*/}: create for '$_if' failed."
>   fi
> @@ -313,7 +329,11 @@ $PRINT_ONLY || [[ ! -f /etc/soii.key ]] 
>  
>  # If we were invoked with a list of interface names, just reconfigure these
>  # interfaces (or bridges), add default routes and return.
> +# Create virtual interfaces upfront to make ifconfig commands depending on
> +# other interfaces, e.g. "patch", work regardless of in which order interface
> +# names were specified.
>  if (($# > 0)); then
> + vifscreate "$@"
>   for _if; do ifstart $_if; done
>   defaultroute
>   return

/Alexander

Re: netstart: create virtual interfaces upfront when passing specific ones

[Klemens Nanni]

On Sun, Jul 03, 2022 at 09:05:28AM +0200, Alexander Hall wrote:
> On Sat, Jul 02, 2022 at 08:12:29PM +, Klemens Nanni wrote:
> > On Sat, Jul 02, 2022 at 03:00:00PM +0200, Alexander Hall wrote:
> > > On Thu, Jun 30, 2022 at 03:35:05PM +, Klemens Nanni wrote:
> > > > On Tue, Dec 07, 2021 at 08:15:41PM +, Klemens Nanni wrote:
> > > > > On Tue, Nov 23, 2021 at 01:17:14AM +, Klemens Nanni wrote:
> > > > > > On Tue, Nov 16, 2021 at 11:09:40PM +, Klemens Nanni wrote:
> > > > > > > Run on boot without arguments, netstart(8) creates all virtual
> > > > > > > interfaces *for which hostname.if files exist* before configuring 
> > > > > > > them.
> > > > > > > 
> > > > > > > This prevents ordering problems with bridges and its members, as 
> > > > > > > dlg's
> > > > > > > commit message from 2018 reminds us.
> > > > > > > 
> > > > > > > But it also helps interface types like pair(4) which pair one 
> > > > > > > another
> > > > > > > in whatever way the user says:
> > > > > > > 
> > > > > > >   $ cat /etc/hostname.pair1
> > > > > > >   patch pair2
> > > > > > >   $ cat /etc/hostname.pair2
> > > > > > >   rdomain 1
> > > > > > > 
> > > > > > > On boot this works, but `sh /etc/netstart pair1 pair2' won't work
> > > > > > > because pair2 does not exist a creation time of pair1 because 
> > > > > > > netstart
> > > > > > > does not create virtual interfaces upfront.
> > > > > > > 
> > > > > > > I just hit this exact use case when setting up gelatod(8) (see 
> > > > > > > ports@).
> > > > > > > 
> > > > > > > To fix this, pass the list of interfaces to vifscreate() and make 
> > > > > > > it
> > > > > > > create only those iff given.
> > > > > > > 
> > > > > > > Regular boot, i.e. `sh /etc/netstart', stays uneffected by this 
> > > > > > > and
> > > > > > > selective runs as shown work as expected without requring users 
> > > > > > > to know
> > > > > > > the order in which netstart creates/configures interfaces.
> > > > > > > 
> > > > > > > The installer's internal version of netstart doesn't need this at 
> > > > > > > all;
> > > > > > > neither does it have the selective semantic nor does vifscreate() 
> > > > > > > exist.
> > > > > > 
> > > > > > Anyone?
> > > > > > 
> > > > > > It seems only logical to treat subsets of interfaces the same way as
> > > > > > a full `sh /etc/netstart'.
> > > > > > 
> > > > > > A pair of pair(4) is one example, I'm certain there are more 
> > > > > > scenarios
> > > > > > where you craft interfaces with `ifconfig ...' in the shell, then 
> > > > > > set up
> > > > > > the hostname.* files and test them with `sh /etc/netstart bridge0 
> > > > > > ...'
> > > > > > where pseudo interfaces are involved.
> > > > > 
> > > > > Anyone?
> > > > > 
> > > > > This is really practical and fixes things at least for me when I 
> > > > > destroy
> > > > > interfaces, reconfigure and recreate them together, for example like 
> > > > > so:
> > > > > 
> > > > >   # ifconfig pair2 destroy
> > > > >   # ifconfig pair1 destroy
> > > > >   ... edit hostname.*
> > > > >   # sh /etc/netstart pair1 pair2
> > > > >   ifconfig: patch pair2: No such file or directory
> > > > >   add net default: gateway 192.0.0.1
> > > > > 
> > > > > (redoing it because who knows what failed due to the order problem and
> > > > > what didn't...)
> > > > > 
> > > > >   # ifconfig pair2 destroy
> > > > >   # ifconfig pair1 destroy
> > > > >   # sh /usr/src/etc/netstart pair1 pair2
> > > > >   add net default: gateway 192.0.0.1
> > > > > 
> > > > > Feedback? Objection? OK?
> > > > 
> > > > One last ping with the same diff on top of -CURRENT.
> > > > 
> > > > 
> > > > Index: etc/netstart
> > > > ===
> > > > RCS file: /cvs/src/etc/netstart,v
> > > > retrieving revision 1.218
> > > > diff -u -p -r1.218 netstart
> > > > --- etc/netstart26 Jun 2022 09:36:13 -  1.218
> > > > +++ etc/netstart30 Jun 2022 14:48:46 -
> > > > @@ -94,9 +94,11 @@ ifcreate() {
> > > >  }
> > > >  
> > > >  # Create interfaces for network pseudo-devices referred to by 
> > > > hostname.if files.
> > > > -# Usage: vifscreate
> > > > +# Optionally, limit creation to given interfaces only.
> > > > +# Usage: vifscreate [if ...]
> > > >  vifscreate() {
> > > > -   local _vif _hn _if
> > > > +   local _vif _hn _if _ifs
> > > > +   set -A _ifs -- "$@"
> > > >  
> > > > for _vif in $(ifconfig -C); do
> > > > for _hn in /etc/hostname.${_vif}+([[:digit:]]); do
> > > > @@ -106,6 +108,9 @@ vifscreate() {
> > > > # loopback for routing domain is created by 
> > > > kernel
> > > > [[ -n ${_if##lo[1-9]*} ]] || continue
> > > >  
> > > > +   ((${#_ifs[*]} > 0)) && [[ ${_ifs[*]} != 
> > > > *${_if}* ]] &&
> > > > +   continue
> > > 
> > > My gut feeling says this is wrong.
> > > I suspect `netstart 

Re: dig(1): SVCB and HTTPS RR types

[Otto Moerbeek]

On Sun, Jul 03, 2022 at 07:47:27AM +0200, Florian Obser wrote:

> anyone?

Looks good and works for me, ok.

-Otto

> 
> On 2022-06-25 13:15 +02, Florian Obser  wrote:
> > See https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/
> >
> > $ ./obj/dig @8.8.8.8 +norec _dns.resolver.arpa svcb
> >
> > ; <<>> dig 9.10.8-P1 <<>> @8.8.8.8 +norec _dns.resolver.arpa svcb
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21245
> > ;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 4
> >
> > ;; QUESTION SECTION:
> > ;_dns.resolver.arpa.IN  SVCB
> >
> > ;; ANSWER SECTION:
> > _dns.resolver.arpa. 86400   IN  SVCB1 dns.google. alpn="dot"
> > _dns.resolver.arpa.  86400 IN SVCB 2 dns.google. alpn="h2,h3"
> > dohpath="/dns-query{?dns}"
> >
> > ;; ADDITIONAL SECTION:
> > dns.google. 86400   IN  A   8.8.8.8
> > dns.google. 86400   IN  A   8.8.4.4
> > dns.google. 86400   IN  2001:4860:4860::
> > dns.google. 86400   IN  2001:4860:4860::8844
> >
> > ;; Query time: 11 msec
> > ;; SERVER: 8.8.8.8#53(8.8.8.8)
> > ;; WHEN: Sat Jun 25 13:08:21 CEST 2022
> > ;; MSG SIZE  rcvd: 224
> >
> > $ ./obj/dig +dnssec cloudflare.com https
> >
> > ; <<>> dig 9.10.8-P1 <<>> +dnssec cloudflare.com https
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22508
> > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;cloudflare.com.IN  HTTPS
> >
> > ;; ANSWER SECTION:
> > cloudflare.com.  217 IN HTTPS 1 . alpn="h3,h3-29,h2"
> > ipv4hint=104.16.132.229,104.16.133.229
> > ipv6hint=2606:4700::6810:84e5,2606:4700::6810:85e5
> > cloudflare.com.  217 IN RRSIG HTTPS 13 2 300 20220626120906
> > 20220624100906 34505
> > cloudflare.com. PbQwTGVBW2MIXubouK2vUo92UNvlJ874KCrqah/Or21Jo2oDxfgI15jA
> > 8z/Q6mseLPWIlTxex+KoIqv9y+FNjg==
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Sat Jun 25 13:10:29 CEST 2022
> > ;; MSG SIZE  rcvd: 221
> >
> > OK?
> 
> diff --git lib/dns/include/dns/types.h lib/dns/include/dns/types.h
> index 63ea8d67f51..7085ce29f2e 100644
> --- lib/dns/include/dns/types.h
> +++ lib/dns/include/dns/types.h
> @@ -139,6 +139,8 @@ enum {
>   dns_rdatatype_openpgpkey = 61,
>   dns_rdatatype_csync = 62,
>   dns_rdatatype_zonemd = 63,
> + dns_rdatatype_svcb = 64,
> + dns_rdatatype_https = 65,
>   dns_rdatatype_spf = 99,
>   dns_rdatatype_unspec = 103,
>   dns_rdatatype_nid = 104,
> diff --git lib/dns/rdata.c lib/dns/rdata.c
> index c27409efc3c..d731eb3a846 100644
> --- lib/dns/rdata.c
> +++ lib/dns/rdata.c
> @@ -775,6 +775,7 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, 
> isc_textregion_t *source) {
>   {"gpos",27},
>   {"hinfo",   13},
>   {"hip", 55},
> + {"https",   65},
>   {"ipseckey",45},
>   {"isdn",20},
>   {"ixfr",251},
> @@ -822,6 +823,7 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, 
> isc_textregion_t *source) {
>   {"spf", 99},
>   {"srv", 33},
>   {"sshfp",   44},
> + {"svcb",64},
>   {"ta",  32768},
>   {"talink",  58},
>   {"tkey",249},
> @@ -1006,6 +1008,10 @@ dns_rdatatype_totext(dns_rdatatype_t type, 
> isc_buffer_t *target) {
>   return (isc_str_tobuffer("CSYNC", target));
>   case 63:
>   return (isc_str_tobuffer("ZONEMD", target));
> + case 64:
> + return (isc_str_tobuffer("SVCB", target));
> + case 65:
> + return (isc_str_tobuffer("HTTPS", target));
>   case 99:
>   return (isc_str_tobuffer("SPF", target));
>   case 100:
> diff --git lib/dns/rdata/in_1/https_65.c lib/dns/rdata/in_1/https_65.c
> new file mode 100644
> index 000..23d80f8d352
> --- /dev/null
> +++ lib/dns/rdata/in_1/https_65.c
> @@ -0,0 +1,48 @@
> +/*
> + * Copyright (C) 2022 Florian Obser 
> + *
> + * Permission to use, copy, modify, and/or distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
> + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 
> MERCHANTABILITY
> + * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
> + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING 
> FROM
> + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
> + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE 

Re: netstart: create virtual interfaces upfront when passing specific ones

[Alexander Hall]

On Sat, Jul 02, 2022 at 08:12:29PM +, Klemens Nanni wrote:
> On Sat, Jul 02, 2022 at 03:00:00PM +0200, Alexander Hall wrote:
> > On Thu, Jun 30, 2022 at 03:35:05PM +, Klemens Nanni wrote:
> > > On Tue, Dec 07, 2021 at 08:15:41PM +, Klemens Nanni wrote:
> > > > On Tue, Nov 23, 2021 at 01:17:14AM +, Klemens Nanni wrote:
> > > > > On Tue, Nov 16, 2021 at 11:09:40PM +, Klemens Nanni wrote:
> > > > > > Run on boot without arguments, netstart(8) creates all virtual
> > > > > > interfaces *for which hostname.if files exist* before configuring 
> > > > > > them.
> > > > > > 
> > > > > > This prevents ordering problems with bridges and its members, as 
> > > > > > dlg's
> > > > > > commit message from 2018 reminds us.
> > > > > > 
> > > > > > But it also helps interface types like pair(4) which pair one 
> > > > > > another
> > > > > > in whatever way the user says:
> > > > > > 
> > > > > > $ cat /etc/hostname.pair1
> > > > > > patch pair2
> > > > > > $ cat /etc/hostname.pair2
> > > > > > rdomain 1
> > > > > > 
> > > > > > On boot this works, but `sh /etc/netstart pair1 pair2' won't work
> > > > > > because pair2 does not exist a creation time of pair1 because 
> > > > > > netstart
> > > > > > does not create virtual interfaces upfront.
> > > > > > 
> > > > > > I just hit this exact use case when setting up gelatod(8) (see 
> > > > > > ports@).
> > > > > > 
> > > > > > To fix this, pass the list of interfaces to vifscreate() and make it
> > > > > > create only those iff given.
> > > > > > 
> > > > > > Regular boot, i.e. `sh /etc/netstart', stays uneffected by this and
> > > > > > selective runs as shown work as expected without requring users to 
> > > > > > know
> > > > > > the order in which netstart creates/configures interfaces.
> > > > > > 
> > > > > > The installer's internal version of netstart doesn't need this at 
> > > > > > all;
> > > > > > neither does it have the selective semantic nor does vifscreate() 
> > > > > > exist.
> > > > > 
> > > > > Anyone?
> > > > > 
> > > > > It seems only logical to treat subsets of interfaces the same way as
> > > > > a full `sh /etc/netstart'.
> > > > > 
> > > > > A pair of pair(4) is one example, I'm certain there are more scenarios
> > > > > where you craft interfaces with `ifconfig ...' in the shell, then set 
> > > > > up
> > > > > the hostname.* files and test them with `sh /etc/netstart bridge0 ...'
> > > > > where pseudo interfaces are involved.
> > > > 
> > > > Anyone?
> > > > 
> > > > This is really practical and fixes things at least for me when I destroy
> > > > interfaces, reconfigure and recreate them together, for example like so:
> > > > 
> > > > # ifconfig pair2 destroy
> > > > # ifconfig pair1 destroy
> > > > ... edit hostname.*
> > > > # sh /etc/netstart pair1 pair2
> > > > ifconfig: patch pair2: No such file or directory
> > > > add net default: gateway 192.0.0.1
> > > > 
> > > > (redoing it because who knows what failed due to the order problem and
> > > > what didn't...)
> > > > 
> > > > # ifconfig pair2 destroy
> > > > # ifconfig pair1 destroy
> > > > # sh /usr/src/etc/netstart pair1 pair2
> > > > add net default: gateway 192.0.0.1
> > > > 
> > > > Feedback? Objection? OK?
> > > 
> > > One last ping with the same diff on top of -CURRENT.
> > > 
> > > 
> > > Index: etc/netstart
> > > ===
> > > RCS file: /cvs/src/etc/netstart,v
> > > retrieving revision 1.218
> > > diff -u -p -r1.218 netstart
> > > --- etc/netstart  26 Jun 2022 09:36:13 -  1.218
> > > +++ etc/netstart  30 Jun 2022 14:48:46 -
> > > @@ -94,9 +94,11 @@ ifcreate() {
> > >  }
> > >  
> > >  # Create interfaces for network pseudo-devices referred to by 
> > > hostname.if files.
> > > -# Usage: vifscreate
> > > +# Optionally, limit creation to given interfaces only.
> > > +# Usage: vifscreate [if ...]
> > >  vifscreate() {
> > > - local _vif _hn _if
> > > + local _vif _hn _if _ifs
> > > + set -A _ifs -- "$@"
> > >  
> > >   for _vif in $(ifconfig -C); do
> > >   for _hn in /etc/hostname.${_vif}+([[:digit:]]); do
> > > @@ -106,6 +108,9 @@ vifscreate() {
> > >   # loopback for routing domain is created by kernel
> > >   [[ -n ${_if##lo[1-9]*} ]] || continue
> > >  
> > > + ((${#_ifs[*]} > 0)) && [[ ${_ifs[*]} != *${_if}* ]] &&
> > > + continue
> > 
> > My gut feeling says this is wrong.
> > I suspect `netstart vlan0` will create an0.
> 
> Sorry, I don't follow;  how would it chop leading chars?
> 
> Maybe you meant that somehow `sh /etc/netstart an0' would attempt
> creating an0 since *an0* would match e.g. "lo0 em0 vlan0" or so?

Yeah, along those lines, but my example was bogus as $_if would never
be "an0" here.

However, `sh /etc/vetstart egre0 # (or even whatevergre0)` would create
gre0 if /etc/hostname.gre0 existed.