Re: smtpd: simplify internal io api

Eric Faurot writes: > The api user should not have to care about normalizing the io input > buffer (i.e. resetting the read/write pos in the buffer). > Do it internally when reloading the io event. > > Eric. Ok sunil@ > > Index: bounce.c >

only free pool pages from the gc task

at the moment pages can be freed on a pool_put call and from the gc. it is a bit unfair that pool_get may end up doing the heavy lifting of allocating a pool page and pool_put wont have to do an equivalent free, but we should try and minimise the amount of work done in these hot paths. ok?

small indentation and spelling diff

Hi tech@, Here's an indentation fix for libcrypto (the while in the context is actually a do/while) and a spelling fix for a comment in pf. Index: lib/libcrypto/bn/bn_sqrt.c === RCS file: /cvs/src/lib/libcrypto/bn/bn_sqrt.c,v

Re: reloading pf through ansible easy hook

On Mon, Nov 21, 2016 at 05:34:35PM -0500, sven falempin wrote: > Ansible is already managing pkg and service of openBSD , cool > > If one want to manage pf with it, and push or modify a few files, > on must run - command: /sbin/pfctl -f {{ dank.config }} > > Yet - service could be use, if this

Re: cwm ptrmove keybindings

Thu, 17 Nov 2016 17:00:52 +0200 li...@wrant.com > Thu, 17 Nov 2016 09:20:56 -0500 Okan Demirmen > > On Thu 2016.11.17 at 03:30 +0200, li...@wrant.com wrote: > > > Fri, 11 Nov 2016 20:47:49 +0200 li...@wrant.com > > > > Fri, 11 Nov 2016 10:42:42 -0500 Okan Demirmen

Re: pf af-to route output

On 21 November 2016 at 22:38, Alexandr Nedvedicky wrote: > I don't have my test bed ready to play with NAT-64 + PBR. The only think > I've > tried is the parser and it seems to me NAT-64 + PBR is problematic: > > echo 'pass in on net1 inet af-to

Re: pf af-to route output

On Mon, Nov 21, 2016 at 07:11:23PM +0100, Mike Belopuhov wrote: > On Mon, Nov 14, 2016 at 16:38 +0100, Alexander Bluhm wrote: > > Hi, > > > > The !r->rt case is only used by af-to. pf_route6() calls ip6_output() > > to do the work while pf_route() has some custom implementation for > > that. It

Re: smtpd: simplify internal io api

On Mon, Nov 21, 2016 at 08:46:32PM +0100, Eric Faurot wrote: > The api user should not have to care about normalizing the io input > buffer (i.e. resetting the read/write pos in the buffer). > Do it internally when reloading the io event. > yes please, ok gilles@ > Index: bounce.c >

smtpd: simplify internal io api

The api user should not have to care about normalizing the io input buffer (i.e. resetting the read/write pos in the buffer). Do it internally when reloading the io event. Eric. Index: bounce.c === RCS file:

Re: ifioctl, pr_ctlinput, pr_slowtimo & pr_fasttimo

On Mon, Nov 21, 2016 at 11:35:07AM +0100, Martin Pieuchot wrote: > These are more entry points that I'd like to always call at IPL_SOFTNET. > > With that we can get rid of most of the splsoftnet() dances in our tree. > > ok? NFS hits you again. nfs_boot_init() calls ifioctl(). Perhaps put the

Re: pf af-to forward

On Mon, Nov 21, 2016 at 18:16 +0100, Alexander Bluhm wrote: > Hi, > > Path MTU discovery and traceroute does not always work with pf > af-to. If an incoming packet is directly put into the output path, > sending the icmp error packet is never done. As this is basically > forwarding, calling

Re: pf af-to route output

On Mon, Nov 14, 2016 at 16:38 +0100, Alexander Bluhm wrote: > Hi, > > The !r->rt case is only used by af-to. pf_route6() calls ip6_output() > to do the work while pf_route() has some custom implementation for > that. It is simpler to call ip_output() or ip6_output() from > pf_test() directly. >

pf af-to forward

Hi, Path MTU discovery and traceroute does not always work with pf af-to. If an incoming packet is directly put into the output path, sending the icmp error packet is never done. As this is basically forwarding, calling ip_forward() for such packets does everything that is needed. ok? bluhm

doas: add message "permit persist" to checkconfig()

Dear tech, I guessed it better to add the message "permit persist" to checkconfig(). For example, $ cat doas.conf.test permit nopass puffy as root cmd pkg_add permit persist puffy as root cmd adduser permit puffy as root cmd mg $ doas -C doas.conf.test pkg_add permit nopass $ doas -C

Re: pf overlapping IPv6 fragments

On Mon, Nov 21, 2016 at 10:58:43AM +0100, Alexander Bluhm wrote: > On Fri, Nov 18, 2016 at 11:33:33PM +0100, Alexandr Nedvedicky wrote: > > how about using 'goto free_ipv6_frag' ? It better explains, what's > > going to happen. > > makes sense thanks a lot, I'm O.K. with it. regards

Re: so{s,g}etopt()

On Mon, Nov 21, 2016 at 04:03:51PM +0100, Martin Pieuchot wrote: > On 21/11/16(Mon) 15:17, Alexander Bluhm wrote: > > [...] > > There are a bunch of calls to sosetopt() in bfd and nfs that are > > not protected by splsoftnet(). > > Indeed. Then I believe putting the splsoftnet() inside

Re: so{s,g}etopt()

On 21/11/16(Mon) 15:17, Alexander Bluhm wrote: > [...] > There are a bunch of calls to sosetopt() in bfd and nfs that are > not protected by splsoftnet(). Indeed. Then I believe putting the splsoftnet() inside sosetopt() is a better solution. Index: kern/uipc_socket.c

Re: so{s,g}etopt()

On Mon, Nov 21, 2016 at 12:29:04PM +0100, Martin Pieuchot wrote: > @@ -1034,8 +1036,11 @@ sys_getsockopt(struct proc *p, void *v, > goto out; > } else > valsize = 0; > - if ((error = sogetopt(fp->f_data, SCARG(uap, level), > - SCARG(uap,

so{s,g}etopt()

Previously reported by bluhm@, the code paths in so{s,g}etopt() also need to be executed at IPL_SOFTNET in order to get rid of the recursive splsoftnet/splx dances in other places. ok? Index: kern/uipc_syscalls.c === RCS file:

ifioctl, pr_ctlinput, pr_slowtimo & pr_fasttimo

These are more entry points that I'd like to always call at IPL_SOFTNET. With that we can get rid of most of the splsoftnet() dances in our tree. ok? Index: kern/sys_socket.c === RCS file: /cvs/src/sys/kern/sys_socket.c,v

Re: pf af-to route output

On Sat, Nov 19, 2016 at 09:07:11PM +1300, Richard Procter wrote: > Note, pf_route() calls pf_test() only if (pd->kif->pfik_ifp != ifp). > (I read this as 'pf changed the packet's interface'.) This check was added in the commit: revision 1.218 date: 2002/06/07

Re: pf overlapping IPv6 fragments

On Fri, Nov 18, 2016 at 11:33:33PM +0100, Alexandr Nedvedicky wrote: > how about using 'goto free_ipv6_frag' ? It better explains, what's > going to happen. makes sense bluhm Index: net/pf_norm.c === RCS file:

Re: kill rtioctl()

On Mon, Nov 21, 2016 at 10:35:58AM +0100, Martin Pieuchot wrote: > This stub exists since the original import, time to kill it? ok jsg@ There was a #ifndef COMPAT_43 here added in '88 and removed in '93 for back when there was no routing socket. ifndef removed in commit

kill rtioctl()

This stub exists since the original import, time to kill it? Index: net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision 1.338 diff -u -p -r1.338 route.c --- net/route.c 15 Nov 2016 10:09:28 - 1.338 +++

Re: per cpu counters for rtstat

On 18/11/16(Fri) 17:26, David Gwynne wrote: > On Fri, Nov 18, 2016 at 03:30:48PM +1000, David Gwynne wrote: > > i didnt even know these existed. > > > > turns out you can see them with netstat -sr > [...] > @@ -191,6 +191,8 @@ TAILQ_HEAD(rt_labels, rt_label) rt_label > void > route_init(void)