Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On Tue, 17 May 2016, Henning Brauer wrote: > > What about systems with net.inet6.ip6.v6only=0? > > Those haven't been taken into consideration by yours truly and might be > the compelling argument to have this code :) That sysctl isn't hooked up to anything, it should be removed. (compare

Re: update Mesa to 11.2.2

On Sun, May 15, 2016 at 11:52:18AM +0200, Matthieu Herrb wrote: > On Sun, May 15, 2016 at 06:45:54PM +1000, Jonathan Gray wrote: > > On Sun, May 15, 2016 at 10:01:49AM +0200, Matthieu Herrb wrote: > > > On Sat, May 14, 2016 at 01:30:08PM +1000, Jonathan Gray wrote: > > > > Still looking for some

[PATCH] www - Missing body tags and footer color

Add some missing body tags using the standard colors. Also set the background color in the footer table cell on the main page. Tim. Index: crypto.html === RCS file: /cvs/www/crypto.html,v retrieving revision 1.149 diff -u -p -r1.149

Re: Accept cnmac as a valid rootdev from uboot on octeon

On Tue, May 17, 2016 at 02:02:37AM +0200, Kim Lidström wrote: > Is this patch better? I have tested it by trying both cnmac0, cnmac1 and > cnmac2 as rootdev and it seems to work properly. > I also removed the outdated comment, changed the pointless text (Maybe > it'd be more appropriate to remove

uvideo patches: V4L2_BUF_FLAG_{DONE,QUEUED} [4/4]

4/4: I don't believe V4L2_BUF_FLAG_QUEUED and V4L2_BUF_FLAG_DONE flags are handled correctly in our uvideo driver. According to linuxtv.org Buffers Chap 3. Input/Output Table 3.4 Buffer Flags:

uvideo patches: endpoint address vs index 0 [2/4]

2/4: Assumption on endpoint index to use in uvideo_vs_open() vs actual saved endpoint address. Index: uvideo.c === RCS file: /cvs/obsd/src/sys/dev/usb/uvideo.c,v retrieving revision 1.185 diff -u -p -u -p -r1.185 uvideo.c ---

uvideo patches: Alternate Setting [3/4]

3/4: In uvideo_vs_set_alt(), according to the comment within while()-loop searches for an endpoint with requested bandwidth, or best match. An iterator index (int i) is used in the while()-loop, and eventually its value is used in usbd_set_interface(). Is the "matched"

uvideo patches: Overview [0/4]

Greetings, I have been looking at uvideo trying to model a new driver I'm attempting to port over and found a few issues (or what I precive as issues). Since the list likes separate diffs for easier discussion, Here is my attempt to break them up in four emails. I think, with exception of one,

[patch] daemon.3

The wording made it hard for me to understand at first. The "unless" "non-zero" seem like double negatives. Index: daemon.3 === RCS file: /cvs/src/lib/libc/gen/daemon.3,v retrieving revision 1.12 diff -u -p -u -r1.12 daemon.3 ---

Re: diff: httpd: add client side certificate checks + test

ping. Tested with current source status. On Tue, May 10, 2016 at 06:59:36PM +0200, Jan Klemkow wrote: > Hi, > > This diff adds client side certificate checks to httpd. Most parts are > straight forward. But, to transfer the whole certificate authority > store to the server process through the

cleanup pppd passwd check

Use crypt_checkpass. Note that this introduces a slight functional change. A user with a blank password will be allowed to login with a blank password. I think if you don't like that, you should give the user a password. Bonus: if the user is not found, hashing work is still performed to prevent

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> On 2016/05/17 08:27, Brent Cook wrote: > > This patch came by way of the openntpd github. Linux (and possibly others) > > will attempt to bind to 0.0.0.0 when binding to '::' and return an error if > > it can't, unless IPV6_V6ONLY is set. > > Do you see why they're doing this? > > In an OS

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> On 2016/05/17 15:01, Ted Unangst wrote: > > Theo de Raadt wrote: > > > From the beginning we were promised that modifying a program to use > > > IPv6 only required opening a 2nd socket using AF_INET6. Then the > > > recipes grew, and grew and grew. It went astray. > > > > > > 10,000 programs

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On 2016/05/17 08:27, Brent Cook wrote: > This patch came by way of the openntpd github. Linux (and possibly others) > will attempt to bind to 0.0.0.0 when binding to '::' and return an error if > it can't, unless IPV6_V6ONLY is set. Do you see why they're doing this? In an OS where IPV6_V6ONLY=0

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> On May 17, 2016, at 10:21 AM, Stuart Henderson wrote: > > On 2016/05/17 08:27, Brent Cook wrote: >> This patch came by way of the openntpd github. Linux (and possibly others) >> will attempt to bind to 0.0.0.0 when binding to '::' and return an error if >> it can't,

Re: [PATCH] Allow softraid crypto to work with write-protected keys

bytevolc...@safe-mail.net wrote: > > Index: sys/dev/softraid_crypto.c > === > RCS file: /cvs/src/sys/dev/softraid_crypto.c,v > retrieving revision 1.126 > diff -u -p -r1.126 softraid_crypto.c > --- sys/dev/softraid_crypto.c 12 Apr

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

Theo de Raadt wrote: > From the beginning we were promised that modifying a program to use > IPv6 only required opening a 2nd socket using AF_INET6. Then the > recipes grew, and grew and grew. It went astray. > > 10,000 programs don't follow the practice. If everyone has to follow > this

Re: iwm nitpicks

> Date: Tue, 17 May 2016 19:03:05 +0200 > From: Stefan Sperling > > This diff addresses some of my nitpicks in iwm: > > Move some declarations to if_iwmreg.h so we can use iwm_phy_db_* prototypes. > Remove redundant declaration of iwm_send_phy_db_data(). > Remove pointless

Re: iwm: rx dma init fix

> Date: Tue, 17 May 2016 18:34:19 +0200 > From: Stefan Sperling > > According to a comment in iwlwifi: > > * Clearing FH_MEM_RCSR_CHNL0_CONFIG_REG to 0 turns off Rx DMA. > * Driver should poll FH_MEM_RSSR_RX_STATUS_REG for > * FH_RSSR_CHNL0_RX_STATUS_CHNL_IDLE (bit 24)

iwm nitpicks

This diff addresses some of my nitpicks in iwm: Move some declarations to if_iwmreg.h so we can use iwm_phy_db_* prototypes. Remove redundant declaration of iwm_send_phy_db_data(). Remove pointless iwm_fw_alive(); just call iwm_post_alive() directly. Simplify iwm_prepare_card_hw() and

iwm: rx dma init fix

According to a comment in iwlwifi: * Clearing FH_MEM_RCSR_CHNL0_CONFIG_REG to 0 turns off Rx DMA. * Driver should poll FH_MEM_RSSR_RX_STATUS_REG for * FH_RSSR_CHNL0_RX_STATUS_CHNL_IDLE (bit 24) before continuing. We missed polling this bit in the init code path. Probably harmless, but can be

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> Theo de Raadt wrote: > > In general, I think -portable's should not add it back without really > > clear justification. The automatic tunnels are just as risky outside > > OpenBSD, because their packet filter tools encounter the same > > difficulty protecting against abuse. > > But in this

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

The problem here is that other operating systems contain an insecure default, and the IETF ``solution'' requires every application declare ``make my network safe''. So let's fix 1 program!! That'll sure help the world... What about the other 10,000 programs that also speak to the network? What

libfuse has moved to github

Also separate out the specification (does that count as a "standard"?) and the implementation. Index: fuse_main.3 === RCS file: /home/cvs/src/lib/libfuse/fuse_main.3,v retrieving revision 1.1 diff -u -p -r1.1 fuse_main.3 ---

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

Theo de Raadt wrote: > In general, I think -portable's should not add it back without really > clear justification. The automatic tunnels are just as risky outside > OpenBSD, because their packet filter tools encounter the same > difficulty protecting against abuse. But in this case, using the

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

The message subject is confusing - setting this ioctl to 1 is forcing OpenBSD-like behaviour everywhere and *disabling* the v4-in-v6 mapping. On 17 May 2016 16:58:56 BST, Theo de Raadt wrote: >> > But I doubt this justifies that we add the compat goo (which is >> >

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> > But I doubt this justifies that we add the compat goo (which is > > missing from all the other daemons as well). > > Whether it's in base or in portable it needs to go somewhere. Why -- to hurt people? ntpd (with UDP traffic) will be man-in-the-middle'd using the v4-over-v6 tunnel.

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> IPV6_V6ONLY and net.inet6.ip6.v6only have no effect in OpenBSD. The > setsockopt does fail if you try to set it to a different value than the > sysctl. So there is no additional risk here because OpenBSD denied early > on the double usage of IPv6 sockets for IPv4 connections. Correct. If

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On 17/05/16(Tue) 09:26, Theo de Raadt wrote: > > Does it need the ifdef? It's standard ipv6 api.. > > It is risk, all gigantic risk. > > Anyone who enables that will (not..) discover that their pf rulesets > are wrong. I don't understand, could you explain which risk you're talking about? It

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On 2016/05/17 17:42, Claudio Jeker wrote: > On Tue, May 17, 2016 at 09:26:58AM -0600, Theo de Raadt wrote: > > > Does it need the ifdef? It's standard ipv6 api.. > > > > It is risk, all gigantic risk. > > > > Anyone who enables that will (not..) discover that their pf rulesets > > are wrong. > >

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On Tue, May 17, 2016 at 09:26:58AM -0600, Theo de Raadt wrote: > > Does it need the ifdef? It's standard ipv6 api.. > > It is risk, all gigantic risk. > > Anyone who enables that will (not..) discover that their pf rulesets > are wrong. > IPV6_V6ONLY and net.inet6.ip6.v6only have no effect in

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

> Does it need the ifdef? It's standard ipv6 api.. It is risk, all gigantic risk. Anyone who enables that will (not..) discover that their pf rulesets are wrong.

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On 2016/05/17 08:27, Brent Cook wrote: > This patch came by way of the openntpd github. Linux (and possibly others) > will attempt to bind to 0.0.0.0 when binding to '::' and return an error if > it can't, unless IPV6_V6ONLY is set. See >

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

* Martin Pieuchot [2016-05-17 17:05]: > On 17/05/16(Tue) 16:16, Henning Brauer wrote: > > * Gilles Chehade [2016-05-17 15:56]: > > > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote: > > > > This patch came by way of the openntpd github. Linux (and

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On 17/05/16(Tue) 16:16, Henning Brauer wrote: > * Gilles Chehade [2016-05-17 15:56]: > > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote: > > > This patch came by way of the openntpd github. Linux (and possibly others) > > > will attempt to bind to 0.0.0.0 when

[patch] more macppc.html fixes

The iop(4) driver has been gone for two years and tpms(4) has been renamed to utpms(4) as well. Bryan Index: www/macppc.html === RCS file: /cvs/www/macppc.html,v retrieving revision 1.250 diff -u -p -r1.250 macppc.html ---

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On Tue, May 17, 2016 at 04:16:09PM +0200, Henning Brauer wrote: > * Gilles Chehade [2016-05-17 15:56]: > > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote: > > > This patch came by way of the openntpd github. Linux (and possibly others) > > > will attempt to bind to

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

* Gilles Chehade [2016-05-17 15:56]: > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote: > > This patch came by way of the openntpd github. Linux (and possibly others) > > will attempt to bind to 0.0.0.0 when binding to '::' and return an error if > > it can't, unless

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote: > This patch came by way of the openntpd github. Linux (and possibly others) > will attempt to bind to 0.0.0.0 when binding to '::' and return an error if > it can't, unless IPV6_V6ONLY is set. See >

[ntpd] Simultaneously listen on IPv4 and IPv6

This patch came by way of the openntpd github. Linux (and possibly others) will attempt to bind to 0.0.0.0 when binding to '::' and return an error if it can't, unless IPV6_V6ONLY is set. See https://github.com/openntpd-portable/openntpd-portable/issues/19 OK as an in-tree patch? OpenBSD seems to

arpcache()

Diff below moves the code that updates an ARP cache into its own function. The goal of this refactoring is to defer the insertion of a route entry to a serialized context: a task. Inserting a route might will possibly require the caller to sleep, so this function will be called in the hot path

Re: remove special vlan ioctls in ifconfig

On 17 May 2016 at 02:56, David Gwynne wrote: > the vlan ioctls have been superseded by the generic ifparent and > vnetid ioctls, and will eventually go away. > > this removes the vlan ioctl handling from ifconfig. however, to > continue to support existing vlan interface

Re: [PATCH] Allow softraid crypto to work with write-protected keys

I have also noticed that bioctl reports the key disk as incorrect. I initially thought it was my patch, but it seems to be wrong whether or not my patch is applied. In fact the contents of the disk do not change at all: # bioctl softraid0 Volume Status Size Device softraid0 0

Re: new optimisation in dpb

(if you don't have a specific interest in ports dependencies fun, you can stop reading now). Just as an example, my 25 most common dependencies + their deps end up as a list of 283 ports Here's the vars.log excerpt Most of these should be familiar to bulk builders. (which more or less means

new optimisation in dpb

People might be interested to know dpb has a new "permanent log". I've moved the "most common dependencies" into build-stats, so that dpb can use it from one run to the next. I hadn't done that before because it used to be a mixed bag of blessings: run LISTING quickly on some ports, then do a