On Thu, Apr 24, 2014 at 02:52:27PM +0200, Martin Pieuchot wrote:
On 24/04/14(Thu) 13:43, Henning Brauer wrote:
* Martin Pieuchot mpieuc...@nolizard.org [2014-04-24 13:24]:
This ifp pointer is only needed by rt_getifa() to find an address, so
make it a local variable.
The
On Thu, Apr 24, 2014 at 04:41:06PM +0200, Martin Pieuchot wrote:
in_localaddr() is used only once in our tree and only if the sysctl
net.inet.ip.mtudisc is set to 0.
It is used to optimize the size of the MSS if the forward address
correspond to a host on one of our subnets. Since it's an
On Thu, Apr 24, 2014 at 01:43:16PM +0200, Henning Brauer wrote:
* Martin Pieuchot mpieuc...@nolizard.org [2014-04-24 13:24]:
This ifp pointer is only needed by rt_getifa() to find an address, so
make it a local variable.
The rtrequest1(9) change might introduce a negligible slowdown
On Fri, Apr 25, 2014 at 09:09:03AM +0900, Ryan McBride wrote:
Part of the reason it's there is to make carp work properly for services
listening on the carp interface, in particular so that hosts in the
BACKUP state will reach the MASTER rather than trying and failing to
connect to their own
On Sat, Apr 26, 2014 at 05:36:45PM +0200, Florian Riehm wrote:
our IGMP packets don't contain router alert options.
According rfc 2236 (Internet Group Management Protocol, Version 2)
packets without this option have to be ignored. Some layer 3 switches
are blocking our igmp packets because of
On Wed, May 14, 2014 at 07:55:44PM +0200, J??r??mie Courr??ges-Anglas wrote:
Redirecting this to tech@
Consus has confirmed this fixed his issue. I plan to commit it this
week-end if I hear no objection.
j...@wxcvbn.org (J??r??mie Courr??ges-Anglas) writes:
Thanks for the detailed
On Wed, May 14, 2014 at 11:51:13PM +0200, Henning Brauer wrote:
don't kill the define, since this is userland visible, but there is
never ever an interface in our kernel with if_type == IFT_L2VLAN - see
my commit from 2 weeks ago or so. To clarify this once again, I didn't
remove the L2VLAN
On Tue, Jul 08, 2014 at 11:39:12PM -0400, Lawrence Teo wrote:
#ifdef INET6
case AF_INET6:
- if (divert6_packet(pd.m, pd.dir) == 0)
+ if (!divert6_packet(pd.m, pd.dir,
r-divert_packet.port))
*m0 = NULL;
On Sun, Jul 13, 2014 at 04:05:41PM +0200, Mark Kettenis wrote:
Some people have reported that apmd -A makes their machines hang.
Could those people try the diff below and see whether it helps?
I am running this diff and apmd -A on a thinkpad T430s. The machine
is idle, the X11 blank screen
Hi,
I have added functionality that allows syslogd to receive and send
UDP packets via inet6 sockets.
I will split this diff into smaller parts to make review and
discussion easier.
bluhm
Index: usr.sbin/syslogd/privsep.c
===
RCS
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Let's start with the easy part, fix trailing white spaces.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Replace manually written function names with __func__. This
will make renaming functions easier.
ok?
bluhm
Index: usr.sbin/syslogd/privsep.c
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
The exit codes in privsep.c seem to be the wrong way around. Fatal
errors should exit with 1, and regular shutdown should result in
exit with 0. I
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Replace gethostbyaddr(3) with getnameinfo(3).
Note that I remove the sigprocmask() that was added in rev 1.23
before privsep. It was necessary
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Rename priv_gethostserv() to priv_getaddrinfo() as this is what the
function does. Change the return code semantics to match getaddrinfo(3).
ok
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Send and receive UDP syslog packets on the IPv6 socket.
ok?
bluhm
Index: usr.sbin/syslogd/privsep.c
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Document square brackets for IPv6 addresses. From FreeBSD.
Index: usr.sbin/syslogd/syslog.conf.5
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
Instead of getting a nasty error message from privsep
syslogd: priv_getaddrinfo: overflow attempt in hostname
check the host and port length when
On Tue, Aug 19, 2014 at 01:59:42AM +0200, Alexander Bluhm wrote:
I will split this diff into smaller parts to make review and
discussion easier.
At the moment syslogd opens both IPv4 and IPv6 sockets unconditionally.
I can restrict it to a protocol family with -4 and -6 command line
switches
Hi,
When compiling syslogd with WARNINGS=yes gcc complains with many
warning: comparison between signed and unsigned.
I would like to fix them.
ok?
bluhm
Index: usr.sbin/syslogd/privsep.c
===
RCS file:
On Fri, Aug 22, 2014 at 06:43:47PM +0200, Alexander Bluhm wrote:
At the moment syslogd opens both IPv4 and IPv6 sockets unconditionally.
I can restrict it to a protocol family with -4 and -6 command line
switches. If the log server is a FQDN, DNS chosses wether to take
the IPv4 or IPv6 route
On Sat, Aug 23, 2014 at 01:10:52PM +0200, Alexander Bluhm wrote:
On Fri, Aug 22, 2014 at 06:43:47PM +0200, Alexander Bluhm wrote:
At the moment syslogd opens both IPv4 and IPv6 sockets unconditionally.
I can restrict it to a protocol family with -4 and -6 command line
switches. If the log
On Fri, Aug 22, 2014 at 09:14:33PM +0200, Alexander Bluhm wrote:
Hi,
When compiling syslogd with WARNINGS=yes gcc complains with many
warning: comparison between signed and unsigned.
I would like to fix them.
ok?
I still need an ok. Note that some checks got stricter.
The (size_t
On Fri, Aug 22, 2014 at 06:43:47PM +0200, Alexander Bluhm wrote:
At the moment syslogd opens both IPv4 and IPv6 sockets unconditionally.
I can restrict it to a protocol family with -4 and -6 command line
switches. If the log server is a FQDN, DNS chosses wether to take
the IPv4 or IPv6 route
Hi,
When writing my regression test for syslogd, I realized that with
LOG_CONS and LOG_PERROR trailing new lines are printed. Of course
Perl Sys::Syslog that I use for the tests has bugs and appends '\n'
in cases where it should not.
But then I found this sentence in our man 3 syslog:
A
Hi,
I am currently working on converting syslogd to libevent. Theo
recommended to do that before adding tcp and tls support.
With this diff all my regression tests for syslogd pass. I will
try to pull parts of the diff into separate changes to make review
easier. I have not tested the syslogc
On Tue, Jul 29, 2014 at 12:19:43AM +0200, Alexander Bluhm wrote:
Next I will try with this diff and without running apmd.
I was runnig with the diff and without apmd and used sysctl hw.setperf
manually. In this month my thinkpad never crashed.
So I have added apmd -A again to rc.conf now
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
I will try to pull parts of the diff into separate changes to make review
easier.
Let's start with an obvious bug. Do not call free() on an array
in the data section. Fortunately the code was not reached. No
binary change.
ok
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
I will try to pull parts of the diff into separate changes to
make review easier.
Move the handlers for the poll events into separate functions. They
will become the libevent callbacks later.
ok?
bluhm
Index: usr.sbin/syslogd
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
I will try to pull parts of the diff into separate changes to
make review easier.
The reapchild() signal handler collects all children. This can be
done easier by ignoring SIGCHLD.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
On Sun, Aug 31, 2014 at 09:44:11PM +0200, Alexander Bluhm wrote:
On Tue, Jul 29, 2014 at 12:19:43AM +0200, Alexander Bluhm wrote:
Next I will try with this diff and without running apmd.
I was runnig with the diff and without apmd and used sysctl hw.setperf
manually. In this month my
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
So I will write more tests before committing this.
My regression tests found a bug in syslogd. When adding the maximum
number of paths with the -a option, the arrays for unix domain
socket paths and the poll file descriptors
On Wed, Sep 03, 2014 at 03:53:34PM +0200, Martin Pieuchot wrote:
@@ -1078,7 +1079,7 @@ in6_purgeaddr(struct ifaddr *ifa)
void
in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
{
- int s = splnet();
+ splsoftassert(IPL_SOFTNET);
ifa_del(ifp, ia6-ia_ifa);
I
On Sun, Aug 31, 2014 at 10:46:50PM +0200, Alexander Bluhm wrote:
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
I will try to pull parts of the diff into separate changes to
make review easier.
Move the handlers for the poll events into separate functions
On Wed, Sep 03, 2014 at 04:34:47PM -0700, Doug Hogan wrote:
On Sun, Aug 31, 2014 at 10:46:50PM +0200, Alexander Bluhm wrote:
Move the handlers for the poll events into separate functions. They
will become the libevent callbacks later.
...
+ udp_read_handler(pfd
On Wed, Sep 03, 2014 at 06:46:26PM +0200, Alexander Bluhm wrote:
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
So I will write more tests before committing this.
My regression tests found a bug in syslogd. When adding the maximum
number of paths with the -a option
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
With this diff all my regression tests for syslogd pass. I will
try to pull parts of the diff into separate changes to make review
easier. I have not tested the syslogc feature yet. So I will write
more tests before committing
On Fri, Aug 29, 2014 at 11:25:52PM +0200, Alexander Bluhm wrote:
try to pull parts of the diff into separate changes to make review
easier.
Also in debug mode, close nullfd when it is not needed anymore.
ok?
bluhm
Index: usr.sbin/syslogd/privsep.c
2014 21:55:22 - 1.127
+++ usr.sbin/syslogd/syslogd.c 3 Oct 2014 23:09:30 -
@@ -50,6 +50,7 @@
* extensive changes by Ralph Campbell
* more extensive changes by Eric Allman (again)
* memory buffer logging by Damien Miller
+ * IPv6, libevent by Alexander Bluhm
*/
#define
On Thu, Sep 11, 2014 at 10:49:33AM +0200, Martin Pieuchot wrote:
--- netinet6/in6.c26 Aug 2014 21:44:29 - 1.140
+++ netinet6/in6.c11 Sep 2014 08:45:29 -
@@ -561,8 +560,10 @@ in6_control(struct socket *so, u_long cm
}
case SIOCDIFADDR_IN6:
+ s =
@@
* extensive changes by Ralph Campbell
* more extensive changes by Eric Allman (again)
* memory buffer logging by Damien Miller
+ * IPv6, libevent by Alexander Bluhm
*/
#defineMAXLINE 1024/* maximum line length */
@@ -81,6 +82,7 @@
#include ctype.h
#include errno.h
Hi,
As libevent provides safe signal callbacks instead of signal handlers,
the sigprocmask(2) protection is not necessary and can be removed.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===
RCS file:
Hi,
As libevent uses sigaction(2) with SA_RESTART, the code to handle
EINTR errors can be removed.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.128
diff -u
Hi,
Can we remove the #ifdef HAVE_SIGACTION from libevent? The only
reason to keep it, would be make merging with upstream easier. Do
we expect any new 1.X versions from upstream?
ok?
bluhm
Index: lib/libevent/evsignal.h
===
RCS
On Fri, Oct 24, 2014 at 10:40:55PM +0200, Alexander Bluhm wrote:
Here is the diff that applies to -current. I have compared it with
the perl git and with Data::Dumper on CPAN. It looks correct.
I have forgotten to cvs add dist/Data-Dumper/t/recurse.t
so here is the diff with the new test.
ok
Hi,
libevent has compatibilty wrappers in evutil. Our tree does not
use them anymore, but they are still part of libevent's interface.
I don't want to include them automatically, so I suggest to remove
evutil.h from event.h. A version bump should not be necessary as
the library itself does not
Hi,
Some performance measurements showed that socket splicing for TCP
can be made faster. The main slowdown was that tcp_output() got
called for every incomming packet. When copying through user-land
this cannot happen as the scheduler gets involved.
So my idea is to do the socket splicing for
On Thu, Oct 30, 2014 at 10:10:20PM +0100, Alexander Bluhm wrote:
I could try to put the splicing fields into a seperate struct
that gets only allocated when needed.
This way I can shrink struct socket from 472 to 392 bytes on amd64.
When splicing gets active, another 88 bytes are allocated
On Fri, Oct 31, 2014 at 02:50:00PM +1000, David Gwynne wrote:
so without splicing, the payloads from multiple tcp packets (at least all of
the ones in a single softnet run?) get bundled up into a buffer that userland
reads and then writes out again in a single go. right?
you're suggesting
On Thu, Oct 30, 2014 at 09:55:35PM -0400, Ted Unangst wrote:
On Thu, Oct 30, 2014 at 22:10, Alexander Bluhm wrote:
+
+ /* Avoid user land starvation. */
+ yield();
I think this is the responsibility of the taskq thread, not the
individual task.
I am not sure about this. Without
On Tue, Jul 02, 2013 at 12:27:54PM +0200, Jan Klemkow wrote:
Hi,
This diff implements the hashing of the carp password before using it
inside of the Kernel. It fix the problem that passwords like
12345678901234567890 and 12345678901234567890XXX are equal for carp.
But It breaks the
allow to use the whole 20 byte information of the passphrase.
Although I don't think that it is worth it.
bluhm
bye,
Jan
On Tue, Jul 02, 2013 at 01:04:49PM +0200, Alexander Bluhm wrote:
On Tue, Jul 02, 2013 at 12:27:54PM +0200, Jan Klemkow wrote:
Hi,
This diff implements
On Thu, Jul 04, 2013 at 06:39:03PM +0200, Stefan Fritsch wrote:
diff --git sys/netinet/ip_output.c sys/netinet/ip_output.c
index b59accf..43a0551 100644
--- sys/netinet/ip_output.c
+++ sys/netinet/ip_output.c
@@ -267,7 +267,7 @@ reroute:
if (mtag != NULL) {
#ifdef DIAGNOSTIC
Hi,
$ vmstat -M bsd.0.core -N bsd.0
vmstat: undefined symbols: _uvm_km_pages_free
There is no uvm_km_pages_free in our kernel. The corresponding
lines in dopool_sysctl() have been removed from vmstat.c revision
1.116. Remove uvm_km_pages_free from dopool_kvm() to allow analysing
a core
Hi,
ndp uses an int expire_time for time calculations. This should be
time_t.
The routing messages and IPv6 prefixes and default router also have
wrong expire time type. But this has to wait until ABI unlock.
ok?
bluhm
Index: usr.sbin/ndp/ndp.c
Hi,
Can we compile /sbin/route with -Wall enabled?
ok?
bluhm
Index: sbin/route/Makefile
===
RCS file: /data/mirror/openbsd/cvs/src/sbin/route/Makefile,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile
--- sbin/route/Makefile 4
Hi,
For 64 bit time_t the routing message rmx_expire field has to be
changed from u_int to int64_t. I will do that after ABI unlock.
I would like to prepare the /sbin/route source for this change.
ok?
bluhm
Index: sbin/route/route.c
Hi,
I found more int expire_time that should be time_t in arp and rarpd.
ok?
bluhm
Index: usr.sbin/arp/arp.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/arp/arp.c,v
retrieving revision 1.52
diff -u -p -u -p -r1.52 arp.c
Hi,
Enable gcc warnings for arp, rarpd, ndp and fix findings.
ok?
bluhm
Index: usr.sbin/arp/Makefile
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/arp/Makefile,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 Makefile
---
Hi,
Enable WARNINGS=Yes for route and fix findings. Avoid shadowing for
routing socket and use global variable af.
ok?
bluhm
Index: sbin/route/Makefile
===
RCS file: /data/mirror/openbsd/cvs/src/sbin/route/Makefile,v
retrieving
Hi,
For me it looks like tp is not accessed between the two assingments.
intotcpcb() is a define without side effects. So it should be safe
to use the same code for inet and inet6.
ok?
bluhm
Index: netinet/tcp_usrreq.c
===
RCS
Hi,
I have just removed a bunch of useless include netinet/in_var.h
from the machine independent drivers. I suspect that they are also
not needed in the architecture specific network drivers. Unfortunately
I don't have any of these machines. So if you have access to one
of
macppc mvme68k
Hi,
To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Currently
they are int or long, but expire should always be time_t. Move
vltime and pltime to u_int32_t everywhere. Sort struct fields by
size. Struct
On Thu, Aug 08, 2013 at 01:47:17PM +0200, Martin Pieuchot wrote:
On 08/08/13(Thu) 01:06, Alexander Bluhm wrote:
Hi,
To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Currently
they are int or long, but expire
Hi,
Remove dead code and useless #include and #ifdef from ndp.
No binary change.
ok?
bluhm
Index: usr.sbin/ndp/Makefile
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/ndp/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2
On Mon, Aug 05, 2013 at 10:28:57AM -0400, Lawrence Teo wrote:
Index: ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.244
diff -U5 -p -r1.244 ip_output.c
--- ip_output.c 31 Jul 2013
Hi,
On my ThinkPat T430s I am trying to debug multithreaded qemu by
attaching gdb. This crashes the kernel of the host system within
a few minutes. Luckily I managed to attach a serial over lan with
Intel AMT.
login: panic: kernel diagnostic assertion __mp_lock_held(sched_lock) == 0
failed:
Hi,
The ps flags are split between thread and process. It would be
useful if ddb shows both. I or them together in the ps overview
and list them explicitly for the specific thread.
ddb show all procs
PID PPID PGRPUID S FLAGS WAIT COMMAND
18514 1 18514 0
Hi,
In the common IPv4 and IPv6 file ip_carp.c an #ifdef INET6 is
missing. Especially the IN6_IS_ADDR_LINKLOCAL() macro should not
be necessary in IPv4 only code.
ok?
bluhm
Index: netinet/ip_carp.c
===
RCS file:
Hi,
I would like to replace the obsolete ioctl(SIOCGDRLST_IN6) interface
with sysctl(net.inet6.icmp6.nd6_drlist) in rtsold. Code copied
from ndp.
ok?
bluhm
Index: usr.sbin/rtsold/probe.c
===
RCS file:
Hi,
I would like to reduce the warnings when arp, rarp, ndp are compiled
with WARNINGS=yes. Let's start with this one.
warning: declaration of 'time' shadows a global declaration
No binary change.
ok?
bluhm
Index: usr.sbin/arp/arp.c
Hi,
After converting the last user of ioctl(SIOCGDRLST_IN6) to sysctl,
I would like to remove dead kernel ioctl code.
Is it save to just delete this?
ok?
bluhm
Index: netinet6/in6.c
===
RCS file:
On Wed, Aug 07, 2013 at 03:39:59AM +0200, Alexander Bluhm wrote:
Hi,
I have just removed a bunch of useless include netinet/in_var.h
from the machine independent drivers. I suspect that they are also
not needed in the architecture specific network drivers. Unfortunately
I don't have any
On Wed, Aug 28, 2013 at 03:28:18PM +0200, Martin Pieuchot wrote:
Like the previous diffs, when we already have the ifp and want one of
its addresses, iterate on the ifp list instead of the global one.
Tested with carp here. I appreciate any comment and oks.
I think the code is nicer and does
Hi,
The file netinet/in_var.h includes netinet6/in6_var.h. This creates
a bunch of useless dependencies. For an upcomming change in in6_var.h
I would like to split that up.
Is this a good idea? comments/ok?
Note that netinet/in.h includes netinet6/in6.h, but that is required
by RFC.
The
On Thu, Sep 05, 2013 at 10:54:53AM +0200, Martin Pieuchot wrote:
Diff below makes use of IFP_TO_IA() instead of rolling our own copy.
For now there's no functional change, but I'd like to get this in so
that once our multicast code can stop relying on global lists, we only
need to modify the
On Mon, Sep 02, 2013 at 12:43:51PM +0200, Martin Pieuchot wrote:
Diff below is just a small refactoring of two similar code chunks to
inform user processes that something changed regarding a route.
I'd like to get this in because it removes one use of rt_addrinfo in
netinet6.
There's no
Hi,
I have a core dump from a not quite OpenBSD 5.2 crash. There the
pointers to socket, inpcb, tcpcb on the stack of tcp_input() and
tcp_output() look very inconsistent. Especially the so-so_pcb is
NULL, which can only happen after the inp has been detached. The
whole thing reminds me of the
On Fri, Sep 06, 2013 at 11:02:14AM +0200, Martin Pieuchot wrote:
On 05/09/13(Thu) 19:28, Alexander Bluhm wrote:
On Thu, Sep 05, 2013 at 10:54:53AM +0200, Martin Pieuchot wrote:
Diff below makes use of IFP_TO_IA() instead of rolling our own copy.
For now there's no functional change
Hi,
IPv6 atomic fragments must not go the reassembly queue. I have
implemented this for the stack, but somehow forgot it for pf. With
this diff, pf steps over an atomic fragment header and handles the
packet like an unfragmented.
ok?
bluhm
Index: net/pf.c
On Fri, Sep 27, 2013 at 12:00:40PM -0400, Kenneth R Westerback wrote:
I'm not sure what the 'rule' is regarding ENOMEM and ENOBUFS, but
ENOMEN seems more appropriate to me.
man 2 errno
12 ENOMEM Cannot allocate memory. The new process image required more
memory than was
On Wed, Sep 18, 2013 at 12:01:10AM -0700, Loganaden Velvindron wrote:
Index: in6.c
===
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.118
diff -u -p -r1.118 in6.c
--- in6.c 26 Aug 2013 07:15:58 -
On Fri, Aug 23, 2013 at 12:47:10PM -0700, Loganaden Velvindron wrote:
Hi,
From NetBSD:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/udp6_output.c?rev=1.41content-type=text/x-cvsweb-markuponly_with_tag=MAIN
Under some circumstances, udp6_output() would call ip6_clearpktopts()
Hi,
By passing invalid rtm_flags and rtm_addrs values in the routing
message, I can crash the kernel from user land.
login: uvm_fault(0xfe800554b388, 0x4, 0, 1) - e
fatal page fault in supervisor mode
trap type 6 code 0 rip 812312d7 cs 8 rflags 246 cr2 4 cpl 5 rsp
839de8a0
On Mon, Oct 14, 2013 at 05:50:26PM +0200, Claudio Jeker wrote:
Ugh, that is horrible code that works around broken userland daemons.
Diff is OK but I would like to remove this check in the long run. What do
you think?
I have commited my quick fix. The comment speaks about older
version of
Hi,
Prepare the route command for using 64 bit route expire time and
fix the relative expire time calculations.
ok?
bluhm
Index: sbin/route/route.c
===
RCS file: /data/mirror/openbsd/cvs/src/sbin/route/route.c,v
retrieving
Hi,
Convert the route expire timestamp in kernel and routing message
to 64 bit. Add a small compatibility layer that allows to set
routes with old user land and new kernel.
ok?
bluhm
Index: net/route.h
===
RCS file:
Hi,
Ethernet drivers connected via USB might sleep when their multicast
group filter is modified. Unfortunately this happens from softclock
or softnet interrupt when IPv6 decides to unconfigure its addresses
automatically.
An obvious solution is to use a work queue. I have put the workq
Hi,
Our IPv6 stack scans all extension headers for routing header type
0 and drops the packet if it finds one. RFC 5095 demands to handle
a routing header type 0 like an unrecognised routing type. This
is enough to protect the own machine.
To protect a network as a firewall, we have pf which
=openbsd-techm=137571298511653w=2 ).
bluhm@ replied on tech@ with the following feedback:
On Fri, Aug 09, 2013 at 02:21:29AM +0200, Alexander Bluhm wrote:
On Mon, Aug 05, 2013 at 10:28:57AM -0400, Lawrence Teo wrote:
Index: ip_output.c
On Fri, Oct 18, 2013 at 01:00:25PM +0200, Martin Pieuchot wrote:
On 18/10/13(Fri) 12:45, Alexander Bluhm wrote:
Ethernet drivers connected via USB might sleep when their multicast
group filter is modified. Unfortunately this happens from softclock
or softnet interrupt when IPv6 decides
On Tue, Oct 15, 2013 at 12:43:16AM +0200, Alexander Bluhm wrote:
Convert the route expire timestamp in kernel and routing message
to 64 bit. Add a small compatibility layer that allows to set
routes with old user land and new kernel.
You can still config addresses with old ifconfig and new
On Thu, Oct 31, 2013 at 11:44:12AM +0200, Gregory Edigarov wrote:
On 10/15/2013 01:43 AM, Alexander Bluhm wrote:
Hi,
Convert the route expire timestamp in kernel and routing message
to 64 bit. Add a small compatibility layer that allows to set
routes with old user land and new kernel
On Thu, Oct 31, 2013 at 09:56:11AM +0100, Martin Pieuchot wrote:
On 30/10/13(Wed) 16:48, Alexander Bluhm wrote:
Now I use the if_index to detect that the interface is gone.
Do you know if the memory pointed by the imm pointer you're passing to
your workq can be freed before the task got
On Fri, Oct 18, 2013 at 08:45:02PM +0200, Alexander Bluhm wrote:
Our IPv6 stack scans all extension headers for routing header type
0 and drops the packet if it finds one. RFC 5095 demands to handle
a routing header type 0 like an unrecognised routing type. This
is enough to protect the own
On Thu, Nov 14, 2013 at 11:00:37AM -0700, Theo de Raadt wrote:
It was not shown to enough people. PERIOD.
My diff was on tech@ for one day during a hackathon before I commited it.
Not enough people discussed it back then. Fine. Let's discuss it now.
The reasons why I removed the check in the
On Thu, Nov 14, 2013 at 05:38:14PM -0700, Theo de Raadt wrote:
Beautiful.
I seems there was enough discussion. The Security argument is more
important than the others. The new diff has no performance impact
when pf is turned on.
So I need OKs.
bluhm
Index: net/pf.c
Hi,
Instead of stripping the IP options manually in icmp_reflect(),
just call ip_stripoptions(). Remove an unneeded parameter and
adjust the ip length in ip_stripoptions(). From FreeBSD.
ok?
bluhm
Index: netinet/ip_icmp.c
===
On Thu, Nov 14, 2013 at 12:03:21AM +0200, Alexey Suslikov wrote:
This is on 5.4-stable. vlan is only used to see what resulting prio is.
#match on { $int_if } inet proto icmp all icmp-type echoreq set prio 5
pass quick on { $ext_if, $int_if }
Can you test wether this diff matches your
Hi,
There is an awkward behaviour after we have diverted connections
to a socket. When the application removes the socket, the pf state
will persist. A new connection will not hit the divert rule as the
state grabs the packet.
This is bigger issue with connectionless protocols, but can also
1 - 100 of 2305 matches
Mail list logo
