Hi David,
Here are all the outputs you mentioned. Hopefully something will improve
our understanding of this story.
David Gwynne writes:
> Ofails are the sum of output errors and queue drops. Can you figure
> out which one it is with netstat -I igc0 -e and netstat -I igc0 -d?
% netstat -I
Thus said Theo de Raadt on Wed, 30 Nov 2022 19:44:09 -0700:
> It makes ssh safer for people who don't use the fancy features,
> because the ssh client cannot perform a vast number of system calls if
> it gets fooled.
Got it, makes sense now; and as you say my understanding was backwards.
On Wed, 30 Nov 2022, Theo de Raadt wrote:
> >> It allows a much tighter pledge in the client, so less attack surface
> >> against a bad server.
> >
> >So it's to prevent a malicious SSH server from exploiting a client who
> >choses to use ~C to open up the ssh> prompt and create or
>> It allows a much tighter pledge in the client, so less attack surface
>> against a bad server.
>
>So it's to prevent a malicious SSH server from exploiting a client who
>choses to use ~C to open up the ssh> prompt and create or destroy
>tunnels?
No.
It makes ssh safer for people who
Thus said Stuart Henderson on Wed, 30 Nov 2022 16:13:36 +:
> It allows a much tighter pledge in the client, so less attack surface
> against a bad server.
So it's to prevent a malicious SSH server from exploiting a client who
choses to use ~C to open up the ssh> prompt and create or
On Wed, Nov 30, 2022 at 07:48:35PM +0100, Theo Buehler wrote:
> On Wed, Nov 30, 2022 at 07:05:25PM +0100, Claudio Jeker wrote:
> > Change ometric_set_int_with_label() to ometric_set_int_with_labels().
> > In rpki-client I need to add more than one extra label and extending this
> > interface seems
struct uvm_map's .addr is protected by the map's lock and .{min,max}_offset
are immutable.
uvm_map_inherit() locks the VM map upon entry, sets the desired inheritance
mode for the given address range (validated outside the lock) and unlocks
the map itself.
fork(2), i.e. uvm_mapent_forkcopy(),
On Wed, Nov 30, 2022 at 07:05:25PM +0100, Claudio Jeker wrote:
> Change ometric_set_int_with_label() to ometric_set_int_with_labels().
> In rpki-client I need to add more than one extra label and extending this
> interface seems to be the least ugly solution.
> I use C99 compound literals to make
Follow up on how in6_ioctl() does it: grab the kernel lock in all the
ioctl specific functions, where needed and not earlier, i.e. exactly where
the net lock is currently taken/released.
Like in6_ioctl_get(), in_ioctl_get() simply grabs a net lock protected
interface address, may check net lock
ok mvs@
> On 30 Nov 2022, at 20:50, Klemens Nanni wrote:
>
> First the right address is picked from the net lock protected if_addrlist.
> Then all ioctls just copy out the address, nothing requires the kernel lock.
>
> SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
>
Change ometric_set_int_with_label() to ometric_set_int_with_labels().
In rpki-client I need to add more than one extra label and extending this
interface seems to be the least ugly solution.
I use C99 compound literals to make this less ugly and wrapped that magic
into the macro EV(). IMO this is
First the right address is picked from the net lock protected if_addrlist.
Then all ioctls just copy out the address, nothing requires the kernel lock.
SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
SIOCGIFALIFETIME_IN6 computes lifetimes which only need the address.
Users of these
On Wed, Nov 30, 2022 at 08:55:45AM -0700, Todd C. Miller wrote:
> On Wed, 30 Nov 2022 09:20:26 -0600, Scott Cheloha wrote:
>
> > Couple related things:
> >
> > - Use err(3) everywhere.
> >
> > For many of these errors we are not currently printing the errno
> > string. Is there any reason
On 2022/11/30 08:53, Andy Bradford wrote:
> Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
>
> > A new "enablecommandline" configuration option re-enables those
> > particular features, and the diff later on will show why we feel these
> > features should be optional.
>
>
On Wed, 30 Nov 2022 09:20:26 -0600, Scott Cheloha wrote:
> Couple related things:
>
> - Use err(3) everywhere.
>
> For many of these errors we are not currently printing the errno
> string. Is there any reason not to do so? The errno string is
> useful.
OK
> - Set ifile/ofile to
Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
> A new "enablecommandline" configuration option re-enables those
> particular features, and the diff later on will show why we feel these
> features should be optional.
Glad that the option is being retained as optional
Couple related things:
- Use err(3) everywhere.
For many of these errors we are not currently printing the errno
string. Is there any reason not to do so? The errno string is
useful.
- Set ifile/ofile to "stdin"/"stdout" if the user passes in
"-" to make the err(3) message a little
> On 30 Nov 2022, at 14:36, Greg Steuck wrote:
>
> Greg Steuck writes:
>
>> The watched kettle never boiled. No more crashes in over two weeks
>> (instead of two in the first week). I tried a loop of alternating iperf3
>> tcp and udp to no ill effect. I still see the growth in the metrics I
On Wed, Nov 30, 2022 at 11:01:01AM +0100, Theo Buehler wrote:
> On Wed, Nov 30, 2022 at 10:36:08AM +0100, Claudio Jeker wrote:
> > I want to use the bgpctl ometric.c code in rpki-client to implement a
> > metrics output. Currently ometric_output_all() just dumps to stdout but
> > that does not
On Wed, Nov 30, 2022 at 10:36:08AM +0100, Claudio Jeker wrote:
> I want to use the bgpctl ometric.c code in rpki-client to implement a
> metrics output. Currently ometric_output_all() just dumps to stdout but
> that does not work for rpki-client. Instead pass a FILE pointer to
>
On Wed, Nov 30, 2022 at 12:24:32AM +, Klemens Nanni wrote:
> On Wed, Nov 30, 2022 at 02:25:46AM +0300, Vitaliy Makkoveev wrote:
> > I like to have current "error =" notation for both mrt6_ioctl()
> > and in6_ioctl() within in6_control().
>
> Alright.
>
> > Also, `data’ passed to
I want to use the bgpctl ometric.c code in rpki-client to implement a
metrics output. Currently ometric_output_all() just dumps to stdout but
that does not work for rpki-client. Instead pass a FILE pointer to
ometric_output_all() and also return -1 if an error occured. With this
ometric usage
22 matches
Mail list logo