On Tue, Feb 04, 2014 at 07:44:42PM +0100, Ole Myhre wrote:
Small patch that make carp send na with router flag set when
net.inet6.ip6.forwarding=1. Otherwise clients will lose the default
gateway during failover if it was learned from ra.
I think the patch is correct, OK bluhm@
Note that a
Hi,
Our dd always prints these status lines to stderr after transfer.
2+0 records in
2+0 records out
1024 bytes transferred in 0.000 secs (39384615 bytes/sec)
The output is annoying in some situations, so people redirect stderr
to /dev/null. This approach also suppresses the error messages
On Sun, Feb 09, 2014 at 12:21:35PM +0100, Mark Kettenis wrote:
Date: Sun, 9 Feb 2014 12:08:04 +0100
From: Alexander Bluhm alexander.bl...@gmx.net
I would like to get rid of some 2/dev/null.
Do we want the status=... feature in OpenBSD?
As a general rule we don't want these non
On Sun, Feb 09, 2014 at 01:51:30PM +0100, Mark Kettenis wrote:
Perhaps we should ask ourselves the question why this gets printed on
stderr instead of stdout?
Per default dd writes the file data to stdout already.
On Tue, Feb 11, 2014 at 03:53:24PM +0100, Martin Pieuchot wrote:
When a carp node sends a neighbor advertisement, because its status
switch from BACKUP to MASTER for example, it does it using a wrong
mac address: the one from its real associated interface (carpdev).
Because of this, a hack
On Tue, Feb 11, 2014 at 09:07:04PM +0100, Florian Riehm wrote:
Hi tech@,
I'm using the ospfd with redistribute rtlabel statements.
If I add new addresses to interfaces with a route label, ospfd will
not notice it, because the route messages don't contain the route
label. Please have a look
On Tue, Feb 11, 2014 at 04:00:25PM +0100, Martin Pieuchot wrote:
On 04/02/14(Tue) 10:50, Martin Pieuchot wrote:
Diff below removes an old comment about bsdi4 and make it clear that
netmasks are not needed for routes to host.
ok?
OK bluhm@
Anybody?
Index: net/route.c
On Wed, Feb 12, 2014 at 10:10:36AM -0800, Loganaden Velvindron wrote:
Hi All,
based on a similar change from FreeBSD:
Change the return error from EACCES to EPERM as it is not a file.
According to errno(2) EACCES is for file access permissions, so
EPERM seems more apporiate.
A grep for
OK bluhm@
On Sun, Mar 02, 2014 at 05:45:15AM -0800, Loganaden Velvindron wrote:
On Wed, Feb 12, 2014 at 09:11:41PM +0100, Alexander Bluhm wrote:
On Wed, Feb 12, 2014 at 10:10:36AM -0800, Loganaden Velvindron wrote:
Hi All,
based on a similar change from FreeBSD:
Change
On Wed, Feb 02, 2011 at 04:14:01PM +0100, Mike Belopuhov wrote:
hi, in pf_translate, when we're changing addresses for the icmp messages
there's an unjustified fallthrough in the IPPROTO_ICMPV6 case. in fact
this doesn't seem to harm anything because default case performs the
same operation.
On Sat, Feb 05, 2011 at 03:24:11PM +0100, Henning Brauer wrote:
* Alexander Bluhm alexander.bl...@gmx.net [2011-02-05 14:56]:
Somebody could send us such a packet.
I'm pretty damn sure we catch that way earlier.
Yeah, it panics right away if nat/rdr is used with unusual protocol.
panic
On Sat, Feb 05, 2011 at 07:51:27PM +0100, Henning Brauer wrote:
indeed. and as much as i'm all for defensive programming, pf_test_rule
will never be called from anything but pf_test[6] - at least without
heavy heavy major super duper changes, besides there not being a reson
to. thus:
I
Here is a diff that reassembles IPv6 fragments in pf. In the forward
case, it refragments the packets with the same size to allow Path-MTU
discovery.
With route-to and pf-sync there are still some issues regarding
IPv6 fragments. Everything else including nat and redirect should
work.
Please
This diff implements socket splicing for relayd. Instead of copying
data in userland from one TCP socket into another, the kernel is
told to move the data himself.
The environment variable RELAY_NOSPLICE works like EVENT_NOKQUEUE
from libevent. It can be used to easily turn it on and off for
I just relized that I did send out an outdated diff. This one has
an additional check for F_SSL and F_SSLCLIENT to avoid splicing ssl
connections.
The RELAY_NOSPLICE environment variable is only for testing and
will be removed in the final version.
bluhm
Index: usr.sbin/relayd/parse.y
On Sun, Mar 06, 2011 at 09:12:41AM +0100, Reyk Floeter wrote:
this diff will break chunked encoding and keep-alive connections where
we need to enable splicing for a specified amount of data only and
return for the next HTTP header.
I don't think so. I only set F_SPLICE for RELAY_PROTO_TCP
On Mon, Mar 07, 2011 at 04:23:08PM -0700, Theo de Raadt wrote:
I do not think splice should be an option that is exposed to
users.
That makes the diff much smaller.
ok?
Index: usr.sbin/relayd/relay.c
===
RCS file:
On Tue, Mar 08, 2011 at 01:00:48AM +0100, Alexander Bluhm wrote:
On Mon, Mar 07, 2011 at 04:23:08PM -0700, Theo de Raadt wrote:
I do not think splice should be an option that is exposed to
users.
That makes the diff much smaller.
Hmm, perhaps too small. There is a session timeout
Hi,
In IPv4 we log a message when someone is spoofing our arp cache.
Mar 9 01:03:51 q0 /bsd: arp info overwritten for 10.188.50.10 by
00:01:02:03:04:05 on ne3
Do we want a similar message for IPv6 neighbor discovery protocol?
Mar 9 01:03:30 q0 /bsd: ndp info overwritten for
Hi,
When relaying unidirectional tcp traffic, relayd handles session
timeouts in a strange way.
A connection that is constantly sending data from the client to the
server will always trigger the session timeout. In contrast, if
the data is only transfered from the server to the client, the
Hi,
There exists a race when a process is trying to read from a spliced
socket. soreceive() releases splsoftnet for uiomove(). In that
moment, somove() can pull the mbuf from the receive buffer. After
that, soreceive will remove the mbuf again. The corrupt length
accounting will result in a
Hi,
I have two more socket splicing fixes.
When a process reads from a spliced socket that already got an
end-of-file but still has data in the receive buffer, soreceive()
should block until all data has been moved. Note that (so-so_rcv.sb_cc
== 0) can only be false, if splicing is active.
On Tue, Mar 08, 2011 at 02:11:31AM +0100, Alexander Bluhm wrote:
Hmm, perhaps too small. There is a session timeout and relayctl
show sessions idle time. Relayd does not realize when the kernel
is transferring data automatically. It should check the splice
data length with getsockopt
Hi,
When the kernel runs out of mbuf clusters, the hme receive ring may
become empty. In that case, the hme driver cannot recover as the
ring is only filled after receiving data. My fix is to fill an
empty receive ring every second.
ok?
bluhm
Index: dev/ic/hme.c
On Wed, Mar 23, 2011 at 08:17:11AM +0100, Mark Kettenis wrote:
From: David Gwynne l...@animata.net
Date: Wed, 23 Mar 2011 14:21:19 +1000
makes sense to me.
While it is a potential solution for the problem at hand (and one I
didn't consider yet) can we step back and think whether this
On Mon, Mar 28, 2011 at 04:45:52PM +0200, Matthieu Herrb wrote:
Hi,
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org 2011/03/22 18:59:49
Modified files:
usr.sbin/rtsold: if.c rtsold.8 rtsold.c rtsold.h
Log message:
Print a warning when
On Sat, Apr 02, 2011 at 02:49:09PM +0200, Henning Brauer wrote:
lo has that link1 wankery where it kind of replies to all addresses in
the subnet, except that it doesn't really - it is very halfbaked and
gets in the way. unless somebody has a VERY convincing reason to keep
this it'll be gone
On Mon, Apr 04, 2011 at 08:06:57PM +0200, Pascal Stumpf wrote:
net/pf.c: pf_addr_compare (was probably ok before r1.729)
The current implementation has been discussed. See also:
http://www.greenend.org.uk/rjk/2003/03/inline.html
The function should be inline within pf.c and callable from
On Mon, Apr 11, 2011 at 04:52:23PM +0200, Mike Belopuhov wrote:
currently there's no way to figure out what rdomain the diverted
connection came from. this diff introduces a neat hack that reyk
and i have invented. from the programmer's perspective this is
as simple as calling
On Mon, Apr 11, 2011 at 07:18:35PM +0200, Mike Belopuhov wrote:
On Mon, Apr 11, 2011 at 7:08 PM, Alexander Bluhm
alexander.bl...@gmx.net wrote:
On Mon, Apr 11, 2011 at 04:52:23PM +0200, Mike Belopuhov wrote:
currently there's no way to figure out what rdomain the diverted
connection came
Hi,
Here is my double linkage feature between pf states and sockets.
Henning has already implemented much of it.
The additional part is:
- The pf state lookup for outgoing packets is optimized by using
mbuf-inp-state when possible.
- Outgoing packets from sockets transfer their inp in the
Hi,
Can we get rid of those casts in relayd by not declaring a void
pointer for struct rsession? That way the compiler can do its job
and enforce correct types.
ok?
bluhm
Index: usr.sbin/relayd/relay.c
===
RCS file:
Hi,
In ipsec_common_input() the packet can be either IPv4 or IPv6. So
pass it to the correct raw ip input function if IPsec is disabled.
ok?
bluhm
Index: netinet/ipsec_input.c
===
RCS file:
Hi,
We accept more TCP reset packets in pf, if fragment reassembly is
turned off. That does not make sense to me. It came into the tree
here:
revision 1.443
date: 2004/04/27 18:28:07; author: frantzen; state: Exp; lines: +9 -6
validate the sequence numbers on TCP resets are an exact match.
On Fri, May 20, 2011 at 11:54:09AM +0200, Camiel Dobbelaar wrote:
I'll spend some more time on this, but maybe there's an IPv6 guru that
can lend a hand? :-)
Just removing the check seems wrong to me. This would allow ::1
addresses from the wire. Also the goto hbhcheck would get lost.
A
On Fri, Aug 05, 2011 at 02:00:21PM +0200, Florian Fuessl wrote:
Feature or bug?
Sounds like a bug, but I cannot reproduce it.
Latest snapshot /bsd kernel (03. Aug. 11) does not react to neighbor
discovery requests for inet6 address on carp master interface, here.
With this kernel
On Sat, Aug 06, 2011 at 12:47:27AM +0200, Alexander Bluhm wrote:
To trigger the bug, you need two adresses in the same network on
the carp and on the parent interface. One of them has the route,
the other cannot do ndp.
The bridge has the same problem there, bridge and carp can be fixed
On Sun, Aug 07, 2011 at 04:02:32AM +0200, Florian Fuessl wrote:
Alexander Bluhm alexander.bl...@gmx.net wrote Sat., Aug. 06, 2011
On Sat, Aug 06, 2011 at 12:47:27AM +0200, Alexander Bluhm wrote:
To trigger the bug, you need two adresses in the same network on
the carp and on the parent
On Tue, Aug 30, 2011 at 01:18:12PM +0200, Henning Brauer wrote:
--- pf.c 30 Aug 2011 00:40:47 - 1.771
+++ pf.c 30 Aug 2011 11:14:19 -
@@ -2762,9 +2762,6 @@ pf_test_rule(struct pf_rule **rm, struct
u_int16_tvirtual_type, virtual_id;
u_int8_t
On Wed, Aug 31, 2011 at 05:02:01PM +0200, Henning Brauer wrote:
@@ -5679,6 +5665,13 @@ pf_setup_pdesc(sa_family_t af, int dir,
m, *off, pd, a, ruleset, *hdrlen);
if (*action != PF_PASS)
REASON_SET(reason,
Hi,
The relayd used the CHECK_TIMEOUT for connect and ssl handshake.
This is 200 milliseconds and too short. Instead use the 600 seconds
session timeout that is used for accepted sessions everywhere else.
While there, make flag handling in relay_ssl_transaction() consistent
to the other
Hi,
Especially with SSL and short data transfers, it could happen that
the client closed before the connection to the server has been
established. Then the relay closed immediately before transferring
any data. The solution is to delay the close until the other side
has an event buffer.
ok?
Hi,
During socket splicing the relayd session timeouts could not be
measured exactly in user land. Use the new idle timeout for socket
splicing in the kernel to make it correct.
ok?
bluhm
Index: usr.sbin/relayd//parse.y
===
RCS
On Sat, Sep 03, 2011 at 02:25:37AM +0200, Alexander Bluhm wrote:
During socket splicing the relayd session timeouts could not be
measured exactly in user land. Use the new idle timeout for socket
splicing in the kernel to make it correct.
I think, I got the flag handling wrong. Make sure
Hi,
I found strange behavior in relayd when it comes to content-length
and transfer-encoding chunked.
When the server sends a Content-Length: 0 relayd got confused and
passed all data without reading the http header anymore. To fix
this, I need more state and converted toread from size_t to
Hi,
If a user configures logging explicitly in relayd.conf, we should
do it regardlessly of debugging mode and compile switch.
ok?
bluhm
Index: usr.sbin/relayd/relay.c
===
RCS file:
Hi,
Instead of hand crafted code, use the macros TAILQ_FOREACH(_SAFE)
and TAILQ_EMPTY for accessing the nd_defrouter list. No functional
change.
ok?
bluhm
Index: netinet6/nd6.c
===
RCS file:
Hi,
Remove dead code from #if 0:
We do not have an ipsrcchk_rt anywhere else.
From FreeBSD
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.34
diff -u -p
Hi,
The hand crafted-queue for fragmented IPv6 packets is hard to read.
Can we replace it with a TAILQ?
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.34
Hi,
Replace the hand-crafted queue for IPv6 fragments with LIST.
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.36
diff -u -p -r1.36 frag6.c
---
Hi,
Remove the IPv6 fragment overlapping length adjustment code. It
was already #if 0 and will never come back. Remove unused fragment
struct fields and sort the others.
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file:
Hi,
In ip_slowtimo() we flush the ipforward_rt cache every 500 ms. For
IPv6 we have similar code but it is #if 0. In our test environment,
where we only communicate with single machines, this resulted in
wrong local address checks and packet forwarding. I see no reason
for this useful route
Hi,
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.39
On Tue, Jan 10, 2012 at 07:51:03PM -0300, Fernando Gont wrote:
On 01/10/2012 01:20 PM, Alexander Bluhm wrote:
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
FWIW, you may be interested in this one, too:
http://tools.ietf.org/id/draft
Hi,
Robert's issues are still discussed, so let's fix the obvious first:
Simplify the #if CARP and if (IFT_CARP) dance in nd6_ns_input().
Fix a white space bug while there.
No functional change.
ok?
bluhm
Index: netinet6/nd6_nbr.c
On Thu, Jan 12, 2012 at 05:31:00AM -0300, Fernando Gont wrote:
I'd argue that you should drop all the constituent fragments as soon
as you receive them.
Since there's no legitimate reason of overlapping fragments, get rid of
them asap. And if there were more fragments (for the same packet)
On Fri, Jan 13, 2012 at 11:01:43AM -0300, Fernando Gont wrote:
On 01/12/2012 04:04 PM, Alexander Bluhm wrote:
I have reconsidered it and drop the fragments immediately. The
packet to be reassembled will be dropped after timeout.
Sorry: immediately, or after a timeout?
We have a list
On Fri, Jan 13, 2012 at 02:13:09PM -0300, Fernando Gont wrote:
If there was a fragment overlap, there was malicious activity, and
you're certainly not going to get any legitimate fragment reassembled.
Therefore, IMO, it doesn't make sense to tie resources (i.e., keep
state) for that.
If you
On Fri, Jan 13, 2012 at 11:44:20AM -0700, Theo de Raadt wrote:
I have to drop them all, including those not yet received.
That last bit is crazy. You cannot maintain state until the potential
packets fall out of the fragment cache.
After discussion with deraadt@ it came clear that dropping
On Fri, Jan 13, 2012 at 11:44:20AM -0700, Theo de Raadt wrote:
I have to drop them all, including those not yet received.
That last bit is crazy. You cannot maintain state until the potential
packets fall out of the fragment cache.
This is also true for the reassembly implementation in the
On Wed, Mar 14, 2012 at 03:32:08PM +0900, YASUOKA Masahiko wrote:
Hi,
In ip_input(), there is a filter to disable all packets to 127.0.0.0/27.
That filter drops a packet that was a transport-mode ESP packet and
that has been redirected to 127.0.0.1 with pf `rdr-to' rule.
Below diff will
On Thu, May 10, 2012 at 09:38:39PM +0200, Henning Brauer wrote:
I'm looking for oks on this diff to commit it.
I think this is not correct.
@@ -6951,12 +6953,12 @@ done:
struct pf_rule_item *ri;
if (pd.pflog PF_LOG_FORCE || r-log PF_LOG_ALL)
-
Comments inline:
On Mon, Jul 09, 2012 at 02:04:27PM +0200, Jan Klemkow wrote:
Index: cmds.c
===
RCS file: /cvs/src/usr.bin/ftp/cmds.c,v
retrieving revision 1.70
diff -u -p -r1.70 cmds.c
--- cmds.c5 May 2009 19:35:30 -
On Fri, Jul 13, 2012 at 03:23:26AM +0200, Jan Klemkow wrote:
+ char *cmd, *tp, *xargv[] = {argv[0], NULL, NULL};
Put spaces inside {}: { argv[0], NULL, NULL }
It took me a while to figure out what that code does, so I think the
comments are usefull for everybody who tries to read it.
On Sun, Jul 15, 2012 at 02:54:31PM +0200, Jan Klemkow wrote:
+ if (!mflag)
+ continue;
+ if (depth == max_depth)
+ continue;
This breaks the non recursive case. There depth and max_depth are
On Sat, Jul 28, 2012 at 10:02:05PM +0200, Jan Klemkow wrote:
+ if (stat(*cpp, filestat) != 0) {
+ warn(NULL);
warn(local: %s, *cpp);
So the user can see which file causes trouble.
+ continue;
+ }
On Mon, Sep 17, 2012 at 02:52:42PM +0200, YASUOKA Masahiko wrote:
ok to commit?
OK bluhm@
comment?
On Fri, 07 Sep 2012 16:13:53 +0900
UMEZAWA Takeshi umez...@iij.ad.jp wrote:
Hello,
I have added IPV6_RECVDSTPORT socket option, which enables us to get
original (= before divert)
On Fri, Sep 07, 2012 at 01:43:29PM +0900, UMEZAWA Takeshi wrote:
I have added send(2) MSG_DONTWAIT support, which enables us to choose
nonblocking or blocking for each send(2) call.
I think this diff is OK.
Does anyone know why SS_NBIO and MSG_DONTWAIT are not used identically
in sosend() and
Hi,
I have changed relayd so that it uses socket splicing also for
persistent http connections. Before it spliced the incomming and
outgoing tcp streams only if the data should go unmodified through
the kernel until the end of stream.
With this diff, relayd can give the kernel a maximum splice
Hi,
benno@ triggered a crash in with previous relayd splicing diff, so
here is the fixed version for -current.
bluhm
Index: usr.sbin/relayd/relay.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving
Hi,
Here is my kernel diff to expand socket splicing to UDP. The
advantage for relaying applications is that they can forward the
data without copying it to user space. Currently relayd uses socket
splicing for TCP connections only.
The idea of my implementation is to merge the code relevant
Hi,
I have discovered a bad interaction between the pf.statekey in the
mbuf header and UDP socket splicing. When the packet gets spliced,
it uses this key in ip_output() although it went through two sockets
in the meantime. To avoid this, I reset the pf.statekey in the
mbuf after udp_input()
Hi
I think pf sequence number tracking is too strict by one octet.
The bug is triggered by a TCP packet with the FIN bit set and
containing data that fits exactly into the announced window.
This packet announces a window of 1024 octets as scaling factor is 3:
00:58:30.250388 10.188.50.50.45397
Hi,
Some years ago reyk@ mentioned that the current socket splicing
semantics is suboptimal. When used with persistent http connections,
the kernel does not inform user land when the maximum splicing
lenght has been reached. The file descriptor does not get active
when the last byte within the
Hi,
Here is an updated relayd socket splicing diff that uses the new
EFBIG feature of maximum splicing lenght. This way relayctl show
sessions displays an updated idle counter immediately after the
whole http content has been transferred.
bluhm
Index: usr.sbin/relayd/relay.c
updated diff, merged with -current
Index: usr.sbin/relayd/relay.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.161
diff -u -p -r1.161 relay.c
--- usr.sbin/relayd/relay.c 17 Jan 2013
On Wed, Feb 20, 2013 at 01:11:10AM +, Stuart Henderson wrote:
Someone trying to replace some latvian boxes with bgpd/npppd mentioned
a problem with v6 on carp interfaces in 'backup' state where their
address was used as source address, despite there being an address
on the carpdev which
On Wed, Feb 20, 2013 at 12:36:13AM -0600, Todd T. Fries wrote:
The source address selection mechanism in IPv4 is to my understanding:
the first address on the interface associated with the route
to the remote host
The source address selection mechanism in IPv6 is to my understanding:
Hi tech@,
Calculating the IP header checksum on Realtek 8168 is broken when the
packet has IP options.
FreeBSD mentions only the 8168C and 8168C_SPIN2 but the 8168CP is the
one we have.
http://svnweb.freebsd.org/base/stable/8/sys/dev/re/if_re.c?r1=219112r2=219114
Solution is to disable IP
Hi,
The call to in_pcballoc() in user request attach is handled in three
different ways. Use the same code in udp_usrreq() and rip_usrreq()
and rip6_usrreq(). Also put an splsoftassert() into in_pcballoc()
for safety.
If I understand the code correctly, this also fixes a pcb and socket
leak in
Hi,
Restrict protocol numbers for raw sockets to the range from 0 to 255.
ok?
bluhm
Index: netinet/raw_ip.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.62
diff -u -p -r1.62 raw_ip.c
---
Hi,
Do not transfer diverted packets into IPsec processing. They should
reach the socket that the user has specified in pf.conf.
ok?
bluhm
Index: netinet/ipsec_input.c
===
RCS file:
Hi,
Make the SO_BINDANY socket option also work for raw IPv6 sockets.
ok?
bluhm
Index: netinet6/raw_ip6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.50
diff -u -p -r1.50 raw_ip6.c
---
Hi,
There is no IPv6 default scope in OpenBSD. Remove leftovers.
No binary change.
ok?
bluhm
Index: netinet6/raw_ip6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.50
diff -u -p -r1.50
Hi,
Allow raw IPv6 sockets for IPsec protocols.
ok?
bluhm
Index: netinet6/in6_proto.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.65
diff -u -p -r1.65 in6_proto.c
---
Hi,
Can we merge the duplicate IPv4 and IPv6 checksum checking code in
udp_input() into one block?
ok?
bluhm
Index: netinet/udp_usrreq.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision
Hi,
This makes icmp6 ready for 64 bit time_t by adding a range check
and an explicit cast.
ok?
bluhm
Index: netinet6/icmp6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.123
diff -u -p
On Sat, Jun 01, 2013 at 02:19:26AM +0200, Stefan Sperling wrote:
-NLS= C.msg Pig.msg da.msg de.msg es.msg fi.msg fr.msg nl.msg no.msg ru.msg
sv.msg it.msg
+NLS= C.msg Pig.msg da-ISO8859-1.msg da-UTF-8.msg de-ISO8859-1.msg \
+ de-UTF-8.msg es-ISO8859-1.msg es-UTF-8.msg
On Sun, Jun 09, 2013 at 06:34:27PM +0200, Christopher Zimmermann wrote:
inet 172.26.153.50 0xff00 NONE mtu 1398
in6_unlink_ifa: interface address 0x80624a00 has no prefix
in6_unlink_ifa: interface address 0x80624a00 has no prefix
The error message is triggered by ifconfig
On Wed, Jun 12, 2013 at 12:19:30PM +0100, Stuart Henderson wrote:
3. the reason for in6_unlink_ifa being called at all is because
in6_ifattach_loopback automatically tries to add in6addr_loopback to a
newly created lo interface, which is the wrong thing to do in the case
of multiple lo(4)
Hi,
We have an Supermicro MBD-X8DTH-6 mainboard here. It has an
additional PCI bus behind the pchb0 host bridge. This diff from
mikeb@ makes OpenBSD detect the pci1 bus.
bluhm
Index: arch/i386/pci/pchb.c
===
RCS file:
On Fri, Dec 03, 2010 at 01:12:57PM +0100, Claudio Jeker wrote:
Window size scaling is disabled when an application is issuing a
setsockopt() changing SO_SNDBUF or SO_RCVBUF.
tcp_update_sndspace() still rounds up to tp-t_maxseg even if
SO_SNDBUF has been set.
I was always wondering why the code
On Sun, Nov 16, 2014 at 09:23:49PM +0100, Tobias Stoeckmann wrote:
p_filesize is of type long, but we assign an off_t. Before assignment,
check if it will fit.
Can we change p_filesize type to off_t instead?
bluhm
On Thu, Nov 13, 2014 at 03:42:07PM +0100, Martin Pieuchot wrote:
It also increments rt_use counters for the local routes, (say yeah!).
We have in net/route.h
u_int64_t rmx_pksent; /* packets sent using this route */
#define rt_use rt_rmx.rmx_pksent
So the comment implies that
On Wed, Nov 26, 2014 at 12:58:35PM +0100, Martin Pieuchot wrote:
@@ -761,7 +754,17 @@ report:
error = EDQUOT;
goto flush;
}
- ifa = info.rti_ifa;
+ /*
+
On Tue, Nov 25, 2014 at 04:39:38PM +0100, Martin Pieuchot wrote:
3 places where we don't need any struct route. ok?
OK bluhm@
Index: netinet/ip_icmp.c
===
RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
retrieving revision
On Wed, Nov 26, 2014 at 03:09:08PM +0100, Martin Pieuchot wrote:
While debugging the recent route change regression I found various
bugs in the code handling IPv6 addresses. The most ugly one, because
it leaves you with a null ifp pointer in your routing table, is fixed
by the diff below.
On Wed, Nov 26, 2014 at 03:21:43PM +0100, Martin Pieuchot wrote:
@@ -5459,7 +5448,6 @@ pf_routable(struct pf_addr *addr, sa_fam
/* Perform uRPF check if passed input interface */
ret = 0;
- rt = ro.ro_rt;
do {
if
On Thu, Nov 27, 2014 at 10:04:59PM +0100, Tobias Stoeckmann wrote:
On Thu, Nov 27, 2014 at 09:52:29PM +0100, Tobias Stoeckmann wrote:
On Thu, Nov 27, 2014 at 01:29:48PM -0700, Todd C. Miller wrote:
I think it would be better for decode() to just return -1 in this
case.
I think that
On Mon, Dec 08, 2014 at 12:04:58PM +0100, Martin Pieuchot wrote:
Is it ok?
OK bluhm@
Index: net/pf.c
===
RCS file: /home/ncvs/src/sys/net/pf.c,v
retrieving revision 1.896
diff -u -p -r1.896 pf.c
--- net/pf.c 20 Nov 2014
101 - 200 of 2305 matches
Mail list logo