Re: PATCH: rtsol support for RA DNS options

Charles Musser(cmus...@sonic.net) on 2014.09.20 14:44:45 -0700: + /* + * XXX validate that domain name only contains valid characters + * for two reasons: 1) correctness, 2) we do not want to pass + * possible malicious, unescaped characters like `` to a script + * or

Re: Fix to diskless(8) manpage: add amd64 and i386 to the list of clients that needs rpc.bootparamd(8)

Mark Kettenis(mark.kette...@xs4all.nl) on 2013.07.14 17:06:24 +0200: Date: Sun, 14 Jul 2013 14:09:26 +0200 From: Henning Brauer lists-openbsdt...@bsws.de * Rafael Neves rafaelne...@gmail.com [2013-07-14 11:01]: Amd64 and i386 diskless(8) setups need rpc.bootparamd(8) no, they

Re: relayd: crash with two listen on (one is ssl)

This has been commited, thanks! Erik Lax(e...@halon.se) on 2013.11.19 22:40:38 +0100: Hi, In relayd, if a relay is configured with two listen on directives, one with ssl and one without. In the relay_inherit function the ssl pointers (cert and key) are copied to the latter, and used/freed

Re: pflow(4) with optional flowsrc

this has been commited, thanks! Nathanael Rensen(nathanael.open...@list.polymorpheus.com) on 2014.01.18 23:49:26 +0800: Some time ago I proposed a diff to allow pflow(4) to determine the src IP address based on the route table if flowsrc was not specified. That diff was not accepted because

relayd imsg race

Hi, I have a relayd config with two tables webhosts and web9k containing the same hosts and with two redirects on different ports using these tables. ext_addr=10.12.33.59 webhost1=10.12.77.10 webhost2=10.12.77.11 #interval 2 #timeout 500 log all table webhosts { $webhost1

possible problem with vr(4) in -current?

Hi, i have a soekris 5501. after an update from 4.9 to -current (#115: Sun Dec 11) yesterday i saw errors like these this morning: Dec 17 08:48:22 intern-gw rtadvd[23145]: sendmsg on vr3: No route to host Dec 17 08:49:31 intern-gw ospfd[18212]: send_packet: error sending packet on inerface vr0:

netflow v9/ipfix for pflow

--- sys/net/if_pflow.c 25 Nov 2011 12:52:10 - 1.18 +++ sys/net/if_pflow.c 21 Dec 2011 11:19:16 - @@ -1,6 +1,8 @@ /* $OpenBSD: if_pflow.c,v 1.18 2011/11/25 12:52:10 dlg Exp $ */ /* + * Copyright (c) 2011 Florian Obser flor...@narrans.de + * Copyright (c) 2011 Sebastian

pf.conf.5: document self keyword (Re: PF rule match only packets for local machine)

from misc: Rafal Bisingier(ra...@man.poznan.pl) on 2012.01.05 09:21:16 +0100: Just replace to any to to self. Should do what you want. I have read PF manual but not found any possibility to tell pf to LOCAL-HOST. I have search with google but no relevant articles found, maybe I have

Re: iwn0 firmware errors

Edd Barrett(vex...@gmail.com) on 2012.02.11 11:57:34 +: Hi, I have just upgraded from a thinkpad x60s to an x61s. The machine came with an iwn wireless card (no suprise really). After installing the firmware with fw_update, you can start using the card but very shortly start to see

ssl certificate chains (in relayd)

Hi, i did not find a place where it is documented explicitly how to use a certificate chain with relayd. Should this be documented? Or maybe in ssl(8)? /Benno Index: relayd.conf.5 === RCS file:

Re: How to have more than 15 pflog interfaces?

Henning Brauer(henn...@openbsd.org) on 2012.04.13 10:10:41 +0200: if nobody tests this beyond my extremely light tests (try actually USING the pflog interfaces to log to, I didn't), I can't get this in :) works somewhat. destroying an interface breaks things: # ifconfig pflog17 create

relayd.conf(5): relay mode hash/loadbalance documentation

Hi, i think the manpage of relayd has the description in the mode ... paragraphs a little wrong. The patch below changes mode hash Balances the outgoing connections across the active hosts based on the hashed name of the table. Additional input can be fed into the hash by looking at

ipv6 /sbin/route prefixlen annoyance

Consider route add -inet6 -prefixlen 64 2a00:cafe::: -prefixlen 56 ::1 This currently works (sets the route with /56), as does route add -inet6 -prefixlen 56 2a00:cafe::: ::1 (sets the route with /64). patch: * dissallow use of argument -prefixlen twice * when -prefixlen is

typo in dhcrelay comment

subject says it all. ok? diff --git dhcrelay.c dhcrelay.c index a2f39d0..4782f65 100644 --- dhcrelay.c +++ dhcrelay.c @@ -380,7 +380,7 @@ got_response(struct protocol *l) if ((result = recv(l-fd, u.packbuf, sizeof(u), 0)) == -1 errno != ECONNREFUSED) { /* -

Re: re(4)/atom freezes (was Re: [SOLVED] Re: OpenBSD 4.8 freezes on certain activities)

Mark Kettenis(mark.kette...@xs4all.nl) on 2010.11.27 20:12:14 +0100: Date: Fri, 12 Nov 2010 14:39:41 -0700 From: Theo de Raadt dera...@cvs.openbsd.org commit. someone will eventually fix MCLGETI, since it is in the tree. The problem is that re(4) has a forever loop from which we only

relayd: exec program on gateway change

Hi, i am using relayd in router mode for a cable-modem link that sometimes does not work. I need to run a programm to load/unload pf-rules and to restart a proxy with a different config whenever this happens. Here is a patch that adds an exec option to the router section like this: router

bgpd: fix error message enforce remote-as enabled

Hi, the configuration option in bgpd.conf is called enforce neighbor-as, not enforce remote-as. /Benno --- rde.c.orig Thu Jan 27 17:02:08 2011 +++ rde.c Thu Jan 27 17:02:51 2011 @@ -921,7 +921,7 @@ if (peer-conf.remote_as !=

Re: feed l4 information into trunk(4) hash

Stuart Henderson(st...@openbsd.org) on 2014.12.11 23:52:44 +: I'm wondering what reception this will get. It feeds TCP/UDP port numbers into the hash for trunk(4) load balancing, so connections between a single pair of hosts will get distributed across NICs. Taken from FreeBSD r232629,

route show -priority n

Hi, this adds a -priority argument to route show to filter on routes of a certain priority. With this you can see all ospf routes route -n show -priority 32 or any other priority. You can also name some common priorities: route -n show -priority bgp This is useful on a router with a full

Re: Byte range implementation for httpd(8)

Florian Obser(flor...@openbsd.org) on 2015.05.03 12:39:02 +: On Sun, May 03, 2015 at 01:46:56PM +0200, Sunil Nimmagadda wrote: On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote: Sorry for the very late reply, I'm currently very busy :/ Thank you for taking time to review

Re: pfctl -ss -R

Mike Belopuhov(m...@belopuhov.com) on 2015.06.09 16:23:04 +0200: Hi, Any idea why don't we support filtering the show states output by the associated rule number? indeed, why not? Diff below works fine here, OK? ok! Index: pfctl.c

Re: syslogd in foreground

Alexander Bluhm(alexander.bl...@gmx.net) on 2015.06.12 01:07:57 +0200: Hi, I need a syslogd running in foreground for a project. FreeBSD also uses the option -F for that. Do we want this feature in OpenBSD? i dont see why not, and -d does obviously too much. -F is fine, nobody else has

Re: [PATCH] Enable -f in ndp(8)

There is no reason to remove this in arp. As for ndp/ipv6, i'm not sure. Is there anyone adding large numbers of ndp entries? Why? /Benno Dimitris Papastamos(s...@2f30.org) on 2015.07.25 21:11:41 +0100: On Sat, Jul 25, 2015 at 09:20:18PM +0200, Martin Pieuchot wrote: On 13/07/15(Mon) 14:04,

Re: [PATCH] Enable -f in ndp(8)

Martin Pieuchot(m...@openbsd.org) on 2015.08.02 16:20:15 +0200: On 02/08/15(Sun) 14:24, Sebastian Benoit wrote: There is no reason to remove this in arp. Does that mean you use it? If yes, could you take care of the first diff? i used arp -f in the past. i'm not sure where you need

Re: enable unbound-control in default config

ok Stuart Henderson(st...@openbsd.org) on 2015.07.19 17:55:00 +0100: In the past, the only option for unbound-control was a TCP socket using SSL/TLS, but nowadays it also supports unix domain sockets, so it seems like it would be reasonable to enable it by default in our configuration so that

Re: [PATCH] Fix ospfd segmentation fault on startup

Johan Ymerson(johan.ymer...@transmode.com) on 2015.07.20 21:32:20 +: On Mon, 2015-07-20 at 22:58 +0200, Martin Pieuchot wrote: On 20/07/15(Mon) 19:10, Johan Ymerson wrote: On 2015-07-18 16:03:00, Martin Pieuchot wrote: Committed! Thanks and sorry for the delay. Hi! You

Re: [PATCH] Fix ospfd segmentation fault on startup

commited, thx for your diff. /Benno Johan Ymerson(johan.ymer...@transmode.com) on 2015.07.20 21:32:20 +: On Mon, 2015-07-20 at 22:58 +0200, Martin Pieuchot wrote: On 20/07/15(Mon) 19:10, Johan Ymerson wrote: On 2015-07-18 16:03:00, Martin Pieuchot wrote: Committed! Thanks and

Re: [patch] tcpdump segfault on invalid DECnet packet

Stuart Henderson(st...@openbsd.org) on 2015.10.20 16:37:58 +0100: > On 2015/10/14 11:11, Kevin Reay wrote: > > Thanks for the review and feedback. > > Updated patch with removed whitespace changes included. > > This is fine with me. Any OKs to commit it? yes, ok > > Index: print-decnet.c > >

Re: The router doesn't know the size of the internet...

Alexander Bluhm(alexander.bl...@gmx.net) on 2015.10.24 17:21:27 +0200: > On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote: > > ...at least better than OpenBSD's source code. > > > > This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit. > > Alexander verified that

Re: route6d: another pidfile() removal

ok! J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2015.10.25 23:15:12 +0100: > > Following the recent discussions, here's another pidfile(3) removal. > route6d(8) doesn't document it. > > ok? > > Index: Makefile > === > RCS

Re: calloc -> malloc in get_data() and get_string()

Michael McConville(mm...@mykolab.com) on 2015.10.28 12:05:24 -0400: > Relayd, httpd, and ntpd define the functions get_data() and > get_string(). Both call calloc and then immediately memcpy. Calloc's > zeroing isn't optimized out. These functions are called in network data > paths in at least a

Re: Kill rtable_mpath_match

Martin Pieuchot(m...@openbsd.org) on 2015.10.25 16:14:27 +0100: > Diff below merges the guts of rtable_mpath_match() into rtable_lookup(). > As for the previous rtable_mpath_* diff this is a step towards MPATH by > default. > > This diff introduces a behavior change for RTM_GET. If multiple

Re: tcpbench pledge

David Hill(dh...@mindcry.org) on 2015.11.10 11:44:39 -0500: > Hello - > > pledge starts after getopt because of setrtable. > > rpath needed incase -k (kvm_openfile) > proc needed for drop_gid (setresgid) > > I believe I've hit every code path. More eyes are welcome. Hi, two changes -T at

Re: pledge route(8) with '-n' flag

Ricardo Mestre(ser...@helheim.mooo.com) on 2015.11.13 18:00:11 +: > Hello, > > If '-n' argument is used on route(8) then nflag will be active and dns > transactions won't be needed, am I correct? please find out yourself. at least the pledge call in monitor will fail with -n and your diff,

pledge newsyslog

hi, this is pledge() in newsyslog. please check & test... and is someone using monitormode, please say so ;) (oh, and oks?) diff --git usr.bin/newsyslog/newsyslog.c usr.bin/newsyslog/newsyslog.c index 761da36..acfd871 100644 --- usr.bin/newsyslog/newsyslog.c +++ usr.bin/newsyslog/newsyslog.c

Re: Exclude invalid sensors from the sensors MIB

ok Stuart Henderson(st...@openbsd.org) on 2015.11.17 11:33:50 +: > On 2015/11/17 11:47, Gerhard Roth wrote: > > Sensors marked as invalid should be excluded by snmpd(8) from the sensors > > MIB just as sysctl(8) excludes them from the 'hw.sensors' tree. > > Agreed - any OKs to commit? > >

relayd: improving sessions distribution across hosts in hash mode

Hi, relayd (when running relays) will distribute client sessions over hosts using various algorithms. Some of them generate a hash from different data and calculate modulo rlt->rlt_nhosts to find the host the session should go to. If this host is down, the current algorithm simply selects the

Re: pair(4) + pf(4): reset all state on "reinjected" packets

Reyk Floeter(r...@openbsd.org) on 2015.10.30 19:25:28 +0100: > On Fri, Oct 30, 2015 at 06:16:53PM +0100, Sebastian Benoit wrote: > > > > i think it should be documented ;) > > > > otherwise ok > > > > Ooops, good point, I missed the manpage. > >

Re: pair(4) + bridge(4): use stp to prevent bridge loops

i like this. ok Reyk Floeter(r...@openbsd.org) on 2015.10.30 11:34:39 +0100: > Hi, > > as documented below, pairs in bridges can lead to a loop. > > I looked at "fixing" it but came to the conclusion a) there is no > satisfying way with mbuf flags/tags to prevent the loop, b) it would > limit

Re: pair(4) + pf(4): reset all state on "reinjected" packets

i think it should be documented ;) otherwise ok Index: mbuf.9 === RCS file: /cvs/src/share/man/man9/mbuf.9,v retrieving revision 1.91 diff -u -p -u -r1.91 mbuf.9 --- mbuf.9 8 Oct 2015 14:09:34 - 1.91 +++ mbuf.9

Re: make iked not static

Christian Weisgerber(na...@mips.inka.de) on 2015.10.20 20:46:12 +: > On 2015-10-20, Reyk Floeter wrote: > > > For historical reasons, isakmpd and iked are compiled static: > > people used NFS over ipsec. > > > > Is anyone still using this? Is it more than one person? > > >

Re: doas closefrom

ok, but in other places we have closefrom(STDERR_FILENO + 1) Ted Unangst(t...@tedunangst.com) on 2015.09.17 12:11:26 -0400: > doas doesn't need any other open files and should probably shut them all. > > > Index: doas.c > === > RCS

relayd maintainance diff for OpenBSD 5.7

OpenBSD 5.7 errata: http://www.openbsd.org/errata57.html#015_relayd 015: RELIABILITY FIX: September 28, 2015 All architectures Various problems were identified in relayd and merged back from current to 5.7 in this maintanance update. This patch is for 5.7 only, it fixes reliability problems

Re: doas closefrom

Ted Unangst(t...@tedunangst.com) on 2015.09.17 21:12:28 -0400: > Sebastian Benoit wrote: > > ok, but in other places we have closefrom(STDERR_FILENO + 1) > > is that really more clear? it only makes sense if you know stderr is 2. sure, but writing closefrom(3) requires the sam

Re: [patch] tame.2 documentation about systrace.4

Sebastien Marie(sema...@openbsd.org) on 2015.09.20 14:27:01 +0200: > Hi, > > Mentions that using systrace(4) isn't possible when a program has called > tame(2). > > Comments ? OK ? > -- > Sebastien Marie > > Index: lib/libc/sys/tame.2 >

Re: Merge rt_use counters

Claudio Jeker(cje...@diehard.n-r-g.com) on 2015.09.22 16:01:34 +0200: > On Tue, Sep 22, 2015 at 03:14:18PM +0200, Martin Pieuchot wrote: > > Instead of incrementing the rt_use counter when a rtalloc(9) call > > succeeds, let's do it inside ralloc(9). > > > > The route(8) regress tests will need

Re: Purge route entries when an address is removed

Martin Pieuchot(m...@openbsd.org) on 2015.09.13 16:08:50 +0200: > On 13/09/15(Sun) 15:51, Alexander Bluhm wrote: > > On Sun, Sep 13, 2015 at 11:15:50AM +0200, Martin Pieuchot wrote: > > > This makes the kernel simpler as it no longer try to find a new ifa > > > when a route with a stale address is

Re: ping(8) / ping6(8) source address

ok Florian Obser(flor...@openbsd.org) on 2015.11.29 14:07:24 +: > Inspired by the traceroute / traceroute6 merge. > At least reduces the diff in the option parser :) > OK? > > diff --git ping/ping.c ping/ping.c > index f5ccaca..4944f77 100644 > --- ping/ping.c > +++ ping/ping.c > @@ -110,7

Re: relayd patch - delayed failover

the group. i believe i committed the correct one, i just replied to the wrong mail here on the list. Here is what i put in: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/relayd/pfe.c.diff?r1=1.82=1.83=date /Benno > Sebastian Benoit skrev den 2015-12-03 17:43: > >thanks, comm

Re: relayd patch - delayed failover

thanks, commited Brian S. Vangsgaard(b...@avalanic.dk) on 2015.10.01 13:27:12 +0200: > Hi, > > Problem: > If a client have a state entry in the relayd anchor, and the target > server goes down, the client will be unable to "failover" for 10 sec + > (10 sec - elapsed time since last SLA check).

Re: fuser(1): Fix pledge when `u' flag is used

Michael Reed(m.r...@mykolab.com) on 2016.01.01 22:29:08 -0500: > Hi, > > `fuser -u -c /' doesn't seem to work for me: > > fuser(28663): syscall 33 "getpw" > > The patch below fixes my issue. The pledge condition was already a bit > long, so I just switched to snprintf(3); not sure what's

Re: ferror in ntpd (Re: bugs in printf(3))

as jca@ says, the clearerr() should be out of the loop, so ok benno@ too. J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2015.12.29 19:18:55 +0100: > "Todd C. Miller" writes: > > > On Tue, 29 Dec 2015 13:25:16 +0100, > > =?utf-8?Q?J=C3=A9r=C3=A9mie_Courr=C3=A8ges- >

Re: Fix netstat(1) -P

ok, see nit below Martin Pieuchot(m...@openbsd.org) on 2015.12.29 11:52:34 +0100: > The "-P" option does not need to read routing table symbols, so there's > no reason to bail if we cannot find them. > > Index: main.c > === > RCS

dead assignements in usr.bin/systat

an earlier commit today prompted florian@ to run clang, these fixes are a result of issues found. ok? [PATCH 1/4] remove unused variable cur. code probably c from print_bar_title(). diff --git usr.bin/systat/engine.c usr.bin/systat/engine.c index 51c0b7f..bc9f6ef 100644 ---

Re: Remove unused variable in usr.bin/systat/main.c

thanks, committed evh(e...@riseup.net) on 2016.01.02 15:34:50 +0100: > int ms in cmd_count is unused as of 1.63 > > Index: main.c > === > RCS file: /cvs/src/usr.bin/systat/main.c,v > retrieving revision 1.63 > diff -u -p -r1.63

ferror in ntpd (Re: bugs in printf(3))

Todd C. Miller(todd.mil...@courtesan.com) on 2015.12.28 10:46:08 -0700: > On Fri, 25 Dec 2015 00:30:29 +0100, Ingo Schwarze wrote: > > > Besides, i don't see the point in messing with FILE flags at all > > in case of encoding errors. As opposed to fgetwc(3) and fputwc(3), > > the manual doesn't

Re: vlan(4): better checks for valid vlan ids

David Gwynne(da...@gwynne.id.au) on 2015.12.22 11:06:21 +1000: > the spec says vlan 0 and vlan 4095 are reserved, so we probably > shouldnt use them. > > this tweaks the vlan tag check only allow valid ids per the spec. > > ok? code reads ok however, this could be tweaked in ifconfig too:

Re: [patch] uname(1) tweaks

frit...@alokat.org(frit...@alokat.org) on 2015.12.24 14:45:51 +0100: > On Thu, Dec 24, 2015 at 02:19:36PM +0100, Theo Buehler wrote: > > On Thu, Dec 24, 2015 at 01:52:56PM +0100, frit...@alokat.org wrote: > > > Hi tech@, > > > > > > here are some tweaks about uname(1): > > > > > > - change the

Re: ifconfig: remove undocumented -carpdev

Fabian Raetz(fabian.ra...@gmail.com) on 2015.12.30 13:32:54 +0100: > On Wed, Dec 30, 2015 at 07:24:01AM -0500, Ted Unangst wrote: > > Fabian Raetz wrote: > > > Hi, > > > > > > please find below a patch to remove the undocumented -carpdev command from > > > ifconfig(8). > > > > wouldn't it make

Re: [nc] rename sun to s_un (for building on Solaris)

Brent Cook(bust...@gmail.com) on 2015.11.22 16:32:49 -0600: > > Finally getting around to trying out nc on some more platforms for > LibreSSL-portable, and ran into Sun/Oracle's silly definition of 'sun' > in the system headers. OK to rename the local sockaddr_un variables? ok benno@ >

Re: use ping6(8)'s engine in ping(8)

ok Florian Obser(flor...@openbsd.org) on 2015.11.29 15:57:34 +: > This shoves a round peg into a square hole with considerable force... > I was only concerned with moving the functionality over from ping6, > further cleanup will happen on top of this. > > OK? > > diff --git ping.c ping.c >

Re: Memory corruptions in bc(1)

ok Otto Moerbeek(o...@drijf.net) on 2015.11.20 14:22:12 +0100: > On Fri, Nov 20, 2015 at 11:52:16AM +0100, Otto Moerbeek wrote: > > > On Thu, Nov 19, 2015 at 05:52:39PM -0500, Michael McConville wrote: > > > > > I'm already cache-thrashing with all of my side projects, so if anyone's > > >

Re: bgpd: print AS range

hei, thanks! i forgot that we print the config. ok benno@, with whitespace fixed. Denis Fondras(open...@ledeuns.net) on 2016.06.05 10:06:29 +0200: > > This didn't quite work, as log_as will override itself when used twice > > in the same printf. > > > > I should not have sent this late at

Re: bgpd: add format attributes

Martin Pieuchot(m...@openbsd.org) on 2016.06.05 20:06:17 +0200: > On 04/06/16(Sat) 18:33, Sebastian Benoit wrote: > > Add format attributes to the proper functions and then fix the warning in > > session.c. > > Shouldn't you introduce a log.h instead an make sure all dae

Re: using srp inside art

Jonathan Matthew(jonat...@d14n.org) on 2016.06.06 17:14:53 +1000: > We've finally got srp and art to the point where we can use srp to manage the > internal links in the art data structures. This allows us to do route lookups > without holding any locks, which is kind of nice. > > As we're not

Re: using srp inside art

Martin Pieuchot(m...@openbsd.org) on 2016.06.08 20:50:29 +0200: > On 08/06/16(Wed) 19:51, Sebastian Benoit wrote: > > [...] > > i dont see why this would be a problem > > > > however: > > > > + ... if we were going to use > > +

Re: ssl(8) kill "generating dsa server certificates"

ok! Stuart Henderson(s...@spacehopper.org) on 2016.06.06 13:40:00 +0100: > I don't think we should be encouraging anyone to do this...ok? > > Index: ssl.8 > === > RCS file: /cvs/src/share/man/man8/ssl.8,v > retrieving revision 1.63

bgpd: add format attributes

Add format attributes to the proper functions and then fix the warning in session.c. ok? diff --git bgpd.h bgpd.h index 5fa046e..eaf93e6 100644 --- bgpd.h +++ bgpd.h @@ -989,15 +989,24 @@ struct in6_addr *prefixlen2mask6(u_int8_t prefixlen); /* log.c */ voidlog_init(int); void

ospfd: add format attributes

In ospfd, add format attributes to the proper functions and then fix the warning in rde.c. ok? diff --git log.h log.h index e0034e8..a682f67 100644 --- log.h +++ log.h @@ -23,13 +23,21 @@ void log_init(int); void log_verbose(int); -void logit(int, const char *, ...); -void vlog(int,

ospf6d: add format attributes

In ospf6d, add format attributes to the proper functions and then fix the warning in rde.c ok? diff --git log.h log.h index 0cc7403..8cccd8f 100644 --- log.h +++ log.h @@ -23,14 +23,22 @@ voidlog_init(int); voidlog_verbose(int); -voidlogit(int, const char *, ...); -void

Re: bgpd: filter as path with operators

Claudio Jeker(cje...@diehard.n-r-g.com) on 2016.05.31 08:10:22 +0200: > On Mon, May 30, 2016 at 10:43:49PM +0200, Sebastian Benoit wrote: > > Hi, > > > > this allows to have > > > > allow from any AS 64512 - 65534 ... > > allow from any AS > 100

Re: kdump relative timestamps

ok Ted Unangst(t...@tedunangst.com) on 2016.06.01 13:41:01 -0400: > Relative timestamps are much easier to decipher than absolute, when attempting > to determine a program's behavior. Most of the time I care about how long > since the last time. However, if I grep the output, then I lose the

Re: bgpd: filter as path with operators

with feedback from florian, sthen and claudio: - i removed operators < <= > >= - i kept != and = for symmetry. - i thought about just using ! , but then it would be different from the prefix operators. Willing to change it if you want that. - i left the forth argument to aspath_match(), as its

Re: dhclient reboot interval

Yes please. I played with lower values in the past too and saw no problems. And if we notice problems, we can fine tune it further. ok. Ted Unangst(t...@tedunangst.com) on 2016.06.01 15:37:53 -0400: > Is there a reason the reboot timeout is so long? > > Here's what I observe. I connect to one

Re: netcat service lookup

Bob Beck(b...@openbsd.org) on 2016.05.31 23:25:47 -0600: > Honestly, I care little about the incompatibility because we are > already different. > > However I do not think this is any "easier" - I never use > /etc/services because frankly I can't > predict what other non-openbsd systems will have

bgpd: filter as path with operators

Hi, this allows to have allow from any AS 64512 - 65534 ... allow from any AS > 100 etc in bgpd.conf. Ignore the example file for now, i will commit that seperatly anyway. One obvious improvment would be to be able to use this in bgpctl to restrict the output of "show rib" a bit more.

Re: nd6 timers vs ticks

David Gwynne(da...@gwynne.id.au) on 2016.05.30 17:16:24 +1000: > llinfo_nd6 thinks its expiry may extend beyond a timeout interval. > > so it keeps track of the number of ticks it really wants via ln_ntick > in llinfo_nd6 and schedules multiple timeouts to reach it. > > i think this is a waste

Re: add mirror discovery to pkg_add

Ted Unangst(t...@tedunangst.com) on 2016.06.22 12:25:04 -0400: > Marc Espie wrote: > > This would allow pkg_add to auto-configure a mirror, for the case where > > PKG_PATH was not specified and where pkg.conf does not exist. > > > > It only triggers when a location ends up empty and when run in

Re: pf.conf macro with space

Henning Brauer(hb-openbsdt...@ml.bsws.de) on 2016.06.21 13:11:16 +0200: > * Stefan Sperling [2016-06-21 11:15]: > > Generally, I would appreciate more detailed error messages from the pf.conf > > parser. I recall several occasions where pfctl threw "syntax error" and more > >

Re: pf.conf macro with space

o name cannot contain whitespace"); + YYERROR; + } if (symset($1, $3, 0) == -1) err(1, "cannot store variable %s", $1); free($1); Sebastian Benoit(be...@openbsd.org) on 2016.0

Re: pf.conf macro with space

Stefan Sperling(s...@stsp.name) on 2016.06.21 10:23:13 +0200: > On Tue, Jun 21, 2016 at 10:14:52AM +0200, Sebastian Benoit wrote: > > > > same thing without a stupid helper function, pointed out by henning. > > > > diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y

bgpd logging nexthop valid

i would like to make bgpd a bit more quiet. This type of message bgpd[59424]: nexthop 1.2.3.4 now valid: via 192.168.0.1 happens quite often depending on your upstreams. This makes it a debug message only. ok? diff --git usr.sbin/bgpd/bgpd.c usr.sbin/bgpd/bgpd.c index 8e0031e..8925086 100644

Re: af-to on pass out should be a parser error

Mike Belopuhov(m...@belopuhov.com) on 2016.06.20 00:11:03 +0200: > On Sun, Jun 19, 2016 at 23:43 +0200, Sebastian Benoit wrote: > > manpage documents that af-to does not work on pass out rules, but the > > pf.conf parser allows it, which leads a non working configuration b

af-to on pass out should be a parser error

manpage documents that af-to does not work on pass out rules, but the pf.conf parser allows it, which leads a non working configuration being loaded. this changes the parser to make pass out .. af-to an error. ok? diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y index 934438c..0fecba8 100644

Re: af-to on pass out should be a parser error

Mike Belopuhov(m...@belopuhov.com) on 2016.06.20 00:01:28 +0200: > On Sun, Jun 19, 2016 at 23:43 +0200, Sebastian Benoit wrote: > > manpage documents that af-to does not work on pass out rules, but the > > pf.conf parser allows it, which leads a non working configuration b

Re: ascii.7: use standard name for ASCII LF and FF

Christian Weisgerber(na...@mips.inka.de) on 2016.01.30 17:45:14 +0100: > From a similar FreeBSD commit: > Use standard name for ASCII LF and FF control codes. > > Only overdue by a few decades. OK? ok > Index: ascii.7 > === >

Re: ntpd: really enable debug messages

in relayd we use -v for that, so you need to run -d to get lots of output. check main() there? i think thats more intuitive, but maybe i'm just used to it. Brent Cook(bust...@gmail.com) on 2016.01.20 06:31:44 -0600: > Since the relatively recent logging unification, log_init needs a > debug

Re: Print ifindex in ifconfig(8)

Christian Weisgerber(na...@mips.inka.de) on 2016.04.12 14:43:50 +: > On 2016-04-12, Martin Pieuchot wrote: > > > Relying on the "scopeid" field is not a viable long-term solution. I'm > > spending too much time these days trying to figure out which interface > > correspond

Re: Print ifindex in ifconfig(8)

Martin Pieuchot(m...@openbsd.org) on 2016.04.12 16:25:36 +0200: > On 12/04/16(Tue) 14:03, Stuart Henderson wrote: > > On 2016/04/12 14:18, Claudio Jeker wrote: > > > On Tue, Apr 12, 2016 at 01:47:53PM +0200, Stefan Sperling wrote: > > > > On Tue, Apr 12, 2016 at 12:27:10PM +0100, Stuart Henderson

route(4) diff

add missing RTF_CONNECTED. remove ESIS (End System to Intermediate System Protocol), ann NDP in comment. add information about RTF_FMASK. ok? diff --git share/man/man4/route.4 share/man/man4/route.4 index 7c1402c..d17dbf3 100644 --- share/man/man4/route.4 +++ share/man/man4/route.4 @@ -356,23

Re: [patch] login_yubikey: delete keys

Hi Fritjof, frit...@alokat.org(frit...@alokat.org) on 2016.03.31 11:43:58 +0200: > Wipe out the key from "user.key". > > --f. > > Index: login_yubikey.c > === > RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v >

Re: [PATCH] Proposal to remove -f for arp(8) and ndp(8)

ok Jeremie Courreges-Anglas(j...@wxcvbn.org) on 2016.03.31 19:16:14 +0200: > Jeremie Courreges-Anglas writes: > > > Mike Belopuhov writes: > > > >> Good day, Dimitris. > >> > >> Long time ago in a galaxy far far away I've been using this > >> alongside the

Re: use libtls in ldapd

Jonathan Matthew(jonat...@d14n.org) on 2016.04.18 07:17:55 +1000: > On Sun, Apr 10, 2016 at 04:36:15PM +1000, Jonathan Matthew wrote: > > A while back (s2k15?), reyk@ suggested I take a look at converting ldapd to > > use > > libtls rather than the openssl api. Today I finally got around to it,

Re: [patch] login_yubikey: delete keys

frit...@alokat.org(frit...@alokat.org) on 2016.03.31 23:43:54 +0200: > On Thu, Mar 31, 2016 at 10:17:45PM +0200, Sebastian Benoit wrote: > > Hi Fritjof, > > > > frit...@alokat.org(frit...@alokat.org) on 2016.03.31 11:43:58 +0200: > > > Wipe out the key fro

Re: netstat -W counters for 11n

ok benno@ Stefan Sperling(s...@stsp.name) on 2016.04.27 13:36:51 +0200: > I'd like to add some 802.11n-related counters to netstat -W output. > > The first diff below is for the kernel, the second for netstat. > > ok? > > Index: ieee80211_input.c >

Re: bioctl errx

ok Ted Unangst(t...@tedunangst.com) on 2016.05.13 15:00:22 -0400: > overzealous use of errx() hides useful information about the error. > > > Index: bioctl.c > === > RCS file: /cvs/src/sbin/bioctl/bioctl.c,v > retrieving revision

Re: ndp(8) CPPFLAGS

ok J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2016.05.02 13:21:51 +0200: > > ndp.c doesn't have any #ifdef INET6 preprocessor directive, I can't see > how keeping that in CPPFLAGS changes anything. While here, -I${.CURDIR} > isn't needed either. Verified with sha256(1). > > ok? > >

Re: changelist: adds iked pub/private key ?

Sebastien Marie(sema...@openbsd.org) on 2016.04.20 08:38:40 +0200: > Hi, > > I noted that iked(8) default key (generated at boot time by rc(8) if it > doesn't exist yet) aren't present in changelist(5), whereas the same > keys for isakmpd(8) are. > > Does adding /etc/iked/local.pub and

Re: Alternative control socket location in ripd

reads ok benno@ Jeremie Courreges-Anglas(j...@wxcvbn.org) on 2016.08.02 13:48:11 +0200: > Nima GHOTBI writes: > > > please try the attachments > > > > On Sun, Jul 31, 2016 at 7:27 PM, Jeremie Courreges-Anglas > > wrote: > > > >> Nima GHOTBI

fix usermod -Z / -S

I am locking an account with # doas usermod -Z foobar after that, i want to remove the user from all groups: # doas usermod -S '' foobar usermod: Invalid password: `*$2b$09$Pp.mDUEORDRbCUUy4D.Vf.EhvxVA.B1u0T7VAlsKN7sU7wqhs0l3W' This happens in -current and is caused by

  1   2   3   4   5   6   7   8   >