Charles Musser(cmus...@sonic.net) on 2014.09.20 14:44:45 -0700:
+ /*
+ * XXX validate that domain name only contains valid characters
+ * for two reasons: 1) correctness, 2) we do not want to pass
+ * possible malicious, unescaped characters like `` to a script
+ * or
Mark Kettenis(mark.kette...@xs4all.nl) on 2013.07.14 17:06:24 +0200:
Date: Sun, 14 Jul 2013 14:09:26 +0200
From: Henning Brauer lists-openbsdt...@bsws.de
* Rafael Neves rafaelne...@gmail.com [2013-07-14 11:01]:
Amd64 and i386 diskless(8) setups need rpc.bootparamd(8)
no, they
This has been commited, thanks!
Erik Lax(e...@halon.se) on 2013.11.19 22:40:38 +0100:
Hi,
In relayd, if a relay is configured with two listen on directives, one
with ssl and one without. In the relay_inherit function the ssl pointers
(cert and key) are copied to the latter, and used/freed
this has been commited, thanks!
Nathanael Rensen(nathanael.open...@list.polymorpheus.com) on 2014.01.18
23:49:26 +0800:
Some time ago I proposed a diff to allow pflow(4) to determine the src IP
address based on the route table if flowsrc was not specified. That diff
was not accepted because
Hi,
I have a relayd config with two tables webhosts and web9k containing the
same
hosts and with two redirects on different ports using these tables.
ext_addr=10.12.33.59
webhost1=10.12.77.10
webhost2=10.12.77.11
#interval 2
#timeout 500
log all
table webhosts { $webhost1
Hi,
i have a soekris 5501. after an update from 4.9 to -current (#115: Sun Dec
11) yesterday i saw errors like these this morning:
Dec 17 08:48:22 intern-gw rtadvd[23145]: sendmsg on vr3: No route to host
Dec 17 08:49:31 intern-gw ospfd[18212]: send_packet: error sending packet on
inerface vr0:
--- sys/net/if_pflow.c 25 Nov 2011 12:52:10 - 1.18
+++ sys/net/if_pflow.c 21 Dec 2011 11:19:16 -
@@ -1,6 +1,8 @@
/* $OpenBSD: if_pflow.c,v 1.18 2011/11/25 12:52:10 dlg Exp $ */
/*
+ * Copyright (c) 2011 Florian Obser flor...@narrans.de
+ * Copyright (c) 2011 Sebastian
from misc:
Rafal Bisingier(ra...@man.poznan.pl) on 2012.01.05 09:21:16 +0100:
Just replace to any to to self. Should do what you want.
I have read PF manual but not found any possibility to tell pf to
LOCAL-HOST. I have search with google but no relevant articles found,
maybe I
have
Edd Barrett(vex...@gmail.com) on 2012.02.11 11:57:34 +:
Hi,
I have just upgraded from a thinkpad x60s to an x61s.
The machine came with an iwn wireless card (no suprise really).
After installing the firmware with fw_update, you can start using the
card but very shortly start to see
Hi,
i did not find a place where it is documented explicitly how to use a
certificate chain with relayd.
Should this be documented? Or maybe in ssl(8)?
/Benno
Index: relayd.conf.5
===
RCS file:
Henning Brauer(henn...@openbsd.org) on 2012.04.13 10:10:41 +0200:
if nobody tests this beyond my extremely light tests (try actually
USING the pflog interfaces to log to, I didn't), I can't get this in :)
works somewhat.
destroying an interface breaks things:
# ifconfig pflog17 create
Hi,
i think the manpage of relayd has the description in the mode ...
paragraphs a little wrong. The patch below changes
mode hash
Balances the outgoing connections across the active hosts based on the
hashed name of the table. Additional input can be fed into the hash by
looking at
Consider
route add -inet6 -prefixlen 64 2a00:cafe::: -prefixlen 56 ::1
This currently works (sets the route with /56), as does
route add -inet6 -prefixlen 56 2a00:cafe::: ::1
(sets the route with /64).
patch:
* dissallow use of argument -prefixlen twice
* when -prefixlen is
subject says it all.
ok?
diff --git dhcrelay.c dhcrelay.c
index a2f39d0..4782f65 100644
--- dhcrelay.c
+++ dhcrelay.c
@@ -380,7 +380,7 @@ got_response(struct protocol *l)
if ((result = recv(l-fd, u.packbuf, sizeof(u), 0)) == -1
errno != ECONNREFUSED) {
/*
-
Mark Kettenis(mark.kette...@xs4all.nl) on 2010.11.27 20:12:14 +0100:
Date: Fri, 12 Nov 2010 14:39:41 -0700
From: Theo de Raadt dera...@cvs.openbsd.org
commit. someone will eventually fix MCLGETI, since it is in the tree.
The problem is that re(4) has a forever loop from which we only
Hi,
i am using relayd in router mode for a cable-modem link that sometimes
does not work.
I need to run a programm to load/unload pf-rules and to restart a
proxy with a different config whenever this happens.
Here is a patch that adds an exec option to the router section like this:
router
Hi,
the configuration option in bgpd.conf is called enforce neighbor-as, not
enforce remote-as.
/Benno
--- rde.c.orig Thu Jan 27 17:02:08 2011
+++ rde.c Thu Jan 27 17:02:51 2011
@@ -921,7 +921,7 @@
if (peer-conf.remote_as !=
Stuart Henderson(st...@openbsd.org) on 2014.12.11 23:52:44 +:
I'm wondering what reception this will get. It feeds TCP/UDP port
numbers into the hash for trunk(4) load balancing, so connections
between a single pair of hosts will get distributed across NICs.
Taken from FreeBSD r232629,
Hi,
this adds a -priority argument to route show to filter on routes of a
certain priority.
With this you can see all ospf routes
route -n show -priority 32
or any other priority. You can also name some common priorities:
route -n show -priority bgp
This is useful on a router with a full
Florian Obser(flor...@openbsd.org) on 2015.05.03 12:39:02 +:
On Sun, May 03, 2015 at 01:46:56PM +0200, Sunil Nimmagadda wrote:
On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote:
Sorry for the very late reply, I'm currently very busy :/
Thank you for taking time to review
Mike Belopuhov(m...@belopuhov.com) on 2015.06.09 16:23:04 +0200:
Hi,
Any idea why don't we support filtering the show states output
by the associated rule number?
indeed, why not?
Diff below works fine here, OK?
ok!
Index: pfctl.c
Alexander Bluhm(alexander.bl...@gmx.net) on 2015.06.12 01:07:57 +0200:
Hi,
I need a syslogd running in foreground for a project. FreeBSD
also uses the option -F for that.
Do we want this feature in OpenBSD?
i dont see why not, and -d does obviously too much.
-F is fine, nobody else has
There is no reason to remove this in arp.
As for ndp/ipv6, i'm not sure.
Is there anyone adding large numbers of ndp entries? Why?
/Benno
Dimitris Papastamos(s...@2f30.org) on 2015.07.25 21:11:41 +0100:
On Sat, Jul 25, 2015 at 09:20:18PM +0200, Martin Pieuchot wrote:
On 13/07/15(Mon) 14:04,
Martin Pieuchot(m...@openbsd.org) on 2015.08.02 16:20:15 +0200:
On 02/08/15(Sun) 14:24, Sebastian Benoit wrote:
There is no reason to remove this in arp.
Does that mean you use it? If yes, could you take care of the first
diff?
i used arp -f in the past. i'm not sure where you need
ok
Stuart Henderson(st...@openbsd.org) on 2015.07.19 17:55:00 +0100:
In the past, the only option for unbound-control was a TCP socket
using SSL/TLS, but nowadays it also supports unix domain sockets,
so it seems like it would be reasonable to enable it by default
in our configuration so that
Johan Ymerson(johan.ymer...@transmode.com) on 2015.07.20 21:32:20 +:
On Mon, 2015-07-20 at 22:58 +0200, Martin Pieuchot wrote:
On 20/07/15(Mon) 19:10, Johan Ymerson wrote:
On 2015-07-18 16:03:00, Martin Pieuchot wrote:
Committed! Thanks and sorry for the delay.
Hi!
You
commited, thx for your diff.
/Benno
Johan Ymerson(johan.ymer...@transmode.com) on 2015.07.20 21:32:20 +:
On Mon, 2015-07-20 at 22:58 +0200, Martin Pieuchot wrote:
On 20/07/15(Mon) 19:10, Johan Ymerson wrote:
On 2015-07-18 16:03:00, Martin Pieuchot wrote:
Committed! Thanks and
Stuart Henderson(st...@openbsd.org) on 2015.10.20 16:37:58 +0100:
> On 2015/10/14 11:11, Kevin Reay wrote:
> > Thanks for the review and feedback.
> > Updated patch with removed whitespace changes included.
>
> This is fine with me. Any OKs to commit it?
yes, ok
> > Index: print-decnet.c
> >
Alexander Bluhm(alexander.bl...@gmx.net) on 2015.10.24 17:21:27 +0200:
> On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote:
> > ...at least better than OpenBSD's source code.
> >
> > This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit.
> > Alexander verified that
ok!
J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2015.10.25 23:15:12 +0100:
>
> Following the recent discussions, here's another pidfile(3) removal.
> route6d(8) doesn't document it.
>
> ok?
>
> Index: Makefile
> ===
> RCS
Michael McConville(mm...@mykolab.com) on 2015.10.28 12:05:24 -0400:
> Relayd, httpd, and ntpd define the functions get_data() and
> get_string(). Both call calloc and then immediately memcpy. Calloc's
> zeroing isn't optimized out. These functions are called in network data
> paths in at least a
Martin Pieuchot(m...@openbsd.org) on 2015.10.25 16:14:27 +0100:
> Diff below merges the guts of rtable_mpath_match() into rtable_lookup().
> As for the previous rtable_mpath_* diff this is a step towards MPATH by
> default.
>
> This diff introduces a behavior change for RTM_GET. If multiple
David Hill(dh...@mindcry.org) on 2015.11.10 11:44:39 -0500:
> Hello -
>
> pledge starts after getopt because of setrtable.
>
> rpath needed incase -k (kvm_openfile)
> proc needed for drop_gid (setresgid)
>
> I believe I've hit every code path. More eyes are welcome.
Hi,
two changes
-T at
Ricardo Mestre(ser...@helheim.mooo.com) on 2015.11.13 18:00:11 +:
> Hello,
>
> If '-n' argument is used on route(8) then nflag will be active and dns
> transactions won't be needed, am I correct?
please find out yourself.
at least the pledge call in monitor will fail with -n and your diff,
hi,
this is pledge() in newsyslog.
please check & test...
and is someone using monitormode, please say so ;)
(oh, and oks?)
diff --git usr.bin/newsyslog/newsyslog.c usr.bin/newsyslog/newsyslog.c
index 761da36..acfd871 100644
--- usr.bin/newsyslog/newsyslog.c
+++ usr.bin/newsyslog/newsyslog.c
ok
Stuart Henderson(st...@openbsd.org) on 2015.11.17 11:33:50 +:
> On 2015/11/17 11:47, Gerhard Roth wrote:
> > Sensors marked as invalid should be excluded by snmpd(8) from the sensors
> > MIB just as sysctl(8) excludes them from the 'hw.sensors' tree.
>
> Agreed - any OKs to commit?
>
>
Hi,
relayd (when running relays) will distribute client sessions over hosts
using various algorithms. Some of them generate a hash from different data
and calculate modulo rlt->rlt_nhosts to find the host the session should go
to. If this host is down, the current algorithm simply selects the
Reyk Floeter(r...@openbsd.org) on 2015.10.30 19:25:28 +0100:
> On Fri, Oct 30, 2015 at 06:16:53PM +0100, Sebastian Benoit wrote:
> >
> > i think it should be documented ;)
> >
> > otherwise ok
> >
>
> Ooops, good point, I missed the manpage.
>
>
i like this.
ok
Reyk Floeter(r...@openbsd.org) on 2015.10.30 11:34:39 +0100:
> Hi,
>
> as documented below, pairs in bridges can lead to a loop.
>
> I looked at "fixing" it but came to the conclusion a) there is no
> satisfying way with mbuf flags/tags to prevent the loop, b) it would
> limit
i think it should be documented ;)
otherwise ok
Index: mbuf.9
===
RCS file: /cvs/src/share/man/man9/mbuf.9,v
retrieving revision 1.91
diff -u -p -u -r1.91 mbuf.9
--- mbuf.9 8 Oct 2015 14:09:34 - 1.91
+++ mbuf.9
Christian Weisgerber(na...@mips.inka.de) on 2015.10.20 20:46:12 +:
> On 2015-10-20, Reyk Floeter wrote:
>
> > For historical reasons, isakmpd and iked are compiled static:
> > people used NFS over ipsec.
> >
> > Is anyone still using this? Is it more than one person?
> >
>
ok, but in other places we have closefrom(STDERR_FILENO + 1)
Ted Unangst(t...@tedunangst.com) on 2015.09.17 12:11:26 -0400:
> doas doesn't need any other open files and should probably shut them all.
>
>
> Index: doas.c
> ===
> RCS
OpenBSD 5.7 errata:
http://www.openbsd.org/errata57.html#015_relayd
015: RELIABILITY FIX: September 28, 2015 All architectures
Various problems were identified in relayd and merged back from current to
5.7 in this maintanance update.
This patch is for 5.7 only, it fixes reliability problems
Ted Unangst(t...@tedunangst.com) on 2015.09.17 21:12:28 -0400:
> Sebastian Benoit wrote:
> > ok, but in other places we have closefrom(STDERR_FILENO + 1)
>
> is that really more clear? it only makes sense if you know stderr is 2.
sure, but writing closefrom(3) requires the sam
Sebastien Marie(sema...@openbsd.org) on 2015.09.20 14:27:01 +0200:
> Hi,
>
> Mentions that using systrace(4) isn't possible when a program has called
> tame(2).
>
> Comments ? OK ?
> --
> Sebastien Marie
>
> Index: lib/libc/sys/tame.2
>
Claudio Jeker(cje...@diehard.n-r-g.com) on 2015.09.22 16:01:34 +0200:
> On Tue, Sep 22, 2015 at 03:14:18PM +0200, Martin Pieuchot wrote:
> > Instead of incrementing the rt_use counter when a rtalloc(9) call
> > succeeds, let's do it inside ralloc(9).
> >
> > The route(8) regress tests will need
Martin Pieuchot(m...@openbsd.org) on 2015.09.13 16:08:50 +0200:
> On 13/09/15(Sun) 15:51, Alexander Bluhm wrote:
> > On Sun, Sep 13, 2015 at 11:15:50AM +0200, Martin Pieuchot wrote:
> > > This makes the kernel simpler as it no longer try to find a new ifa
> > > when a route with a stale address is
ok
Florian Obser(flor...@openbsd.org) on 2015.11.29 14:07:24 +:
> Inspired by the traceroute / traceroute6 merge.
> At least reduces the diff in the option parser :)
> OK?
>
> diff --git ping/ping.c ping/ping.c
> index f5ccaca..4944f77 100644
> --- ping/ping.c
> +++ ping/ping.c
> @@ -110,7
the group.
i believe i committed the correct one, i just replied to the wrong mail here
on the list. Here is what i put in:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/relayd/pfe.c.diff?r1=1.82=1.83=date
/Benno
> Sebastian Benoit skrev den 2015-12-03 17:43:
> >thanks, comm
thanks, commited
Brian S. Vangsgaard(b...@avalanic.dk) on 2015.10.01 13:27:12 +0200:
> Hi,
>
> Problem:
> If a client have a state entry in the relayd anchor, and the target
> server goes down, the client will be unable to "failover" for 10 sec +
> (10 sec - elapsed time since last SLA check).
Michael Reed(m.r...@mykolab.com) on 2016.01.01 22:29:08 -0500:
> Hi,
>
> `fuser -u -c /' doesn't seem to work for me:
>
> fuser(28663): syscall 33 "getpw"
>
> The patch below fixes my issue. The pledge condition was already a bit
> long, so I just switched to snprintf(3); not sure what's
as jca@ says, the clearerr() should be out of the loop, so ok benno@ too.
J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2015.12.29 19:18:55 +0100:
> "Todd C. Miller" writes:
>
> > On Tue, 29 Dec 2015 13:25:16 +0100,
> > =?utf-8?Q?J=C3=A9r=C3=A9mie_Courr=C3=A8ges-
>
ok, see nit below
Martin Pieuchot(m...@openbsd.org) on 2015.12.29 11:52:34 +0100:
> The "-P" option does not need to read routing table symbols, so there's
> no reason to bail if we cannot find them.
>
> Index: main.c
> ===
> RCS
an earlier commit today prompted florian@ to run clang, these fixes are a
result of issues found.
ok?
[PATCH 1/4] remove unused variable cur. code probably c from
print_bar_title().
diff --git usr.bin/systat/engine.c usr.bin/systat/engine.c
index 51c0b7f..bc9f6ef 100644
---
thanks, committed
evh(e...@riseup.net) on 2016.01.02 15:34:50 +0100:
> int ms in cmd_count is unused as of 1.63
>
> Index: main.c
> ===
> RCS file: /cvs/src/usr.bin/systat/main.c,v
> retrieving revision 1.63
> diff -u -p -r1.63
Todd C. Miller(todd.mil...@courtesan.com) on 2015.12.28 10:46:08 -0700:
> On Fri, 25 Dec 2015 00:30:29 +0100, Ingo Schwarze wrote:
>
> > Besides, i don't see the point in messing with FILE flags at all
> > in case of encoding errors. As opposed to fgetwc(3) and fputwc(3),
> > the manual doesn't
David Gwynne(da...@gwynne.id.au) on 2015.12.22 11:06:21 +1000:
> the spec says vlan 0 and vlan 4095 are reserved, so we probably
> shouldnt use them.
>
> this tweaks the vlan tag check only allow valid ids per the spec.
>
> ok?
code reads ok
however, this could be tweaked in ifconfig too:
frit...@alokat.org(frit...@alokat.org) on 2015.12.24 14:45:51 +0100:
> On Thu, Dec 24, 2015 at 02:19:36PM +0100, Theo Buehler wrote:
> > On Thu, Dec 24, 2015 at 01:52:56PM +0100, frit...@alokat.org wrote:
> > > Hi tech@,
> > >
> > > here are some tweaks about uname(1):
> > >
> > > - change the
Fabian Raetz(fabian.ra...@gmail.com) on 2015.12.30 13:32:54 +0100:
> On Wed, Dec 30, 2015 at 07:24:01AM -0500, Ted Unangst wrote:
> > Fabian Raetz wrote:
> > > Hi,
> > >
> > > please find below a patch to remove the undocumented -carpdev command from
> > > ifconfig(8).
> >
> > wouldn't it make
Brent Cook(bust...@gmail.com) on 2015.11.22 16:32:49 -0600:
>
> Finally getting around to trying out nc on some more platforms for
> LibreSSL-portable, and ran into Sun/Oracle's silly definition of 'sun'
> in the system headers. OK to rename the local sockaddr_un variables?
ok benno@
>
ok
Florian Obser(flor...@openbsd.org) on 2015.11.29 15:57:34 +:
> This shoves a round peg into a square hole with considerable force...
> I was only concerned with moving the functionality over from ping6,
> further cleanup will happen on top of this.
>
> OK?
>
> diff --git ping.c ping.c
>
ok
Otto Moerbeek(o...@drijf.net) on 2015.11.20 14:22:12 +0100:
> On Fri, Nov 20, 2015 at 11:52:16AM +0100, Otto Moerbeek wrote:
>
> > On Thu, Nov 19, 2015 at 05:52:39PM -0500, Michael McConville wrote:
> >
> > > I'm already cache-thrashing with all of my side projects, so if anyone's
> > >
hei,
thanks! i forgot that we print the config.
ok benno@, with whitespace fixed.
Denis Fondras(open...@ledeuns.net) on 2016.06.05 10:06:29 +0200:
> > This didn't quite work, as log_as will override itself when used twice
> > in the same printf.
> >
>
> I should not have sent this late at
Martin Pieuchot(m...@openbsd.org) on 2016.06.05 20:06:17 +0200:
> On 04/06/16(Sat) 18:33, Sebastian Benoit wrote:
> > Add format attributes to the proper functions and then fix the warning in
> > session.c.
>
> Shouldn't you introduce a log.h instead an make sure all dae
Jonathan Matthew(jonat...@d14n.org) on 2016.06.06 17:14:53 +1000:
> We've finally got srp and art to the point where we can use srp to manage the
> internal links in the art data structures. This allows us to do route lookups
> without holding any locks, which is kind of nice.
>
> As we're not
Martin Pieuchot(m...@openbsd.org) on 2016.06.08 20:50:29 +0200:
> On 08/06/16(Wed) 19:51, Sebastian Benoit wrote:
> > [...]
> > i dont see why this would be a problem
> >
> > however:
> >
> > + ... if we were going to use
> > +
ok!
Stuart Henderson(s...@spacehopper.org) on 2016.06.06 13:40:00 +0100:
> I don't think we should be encouraging anyone to do this...ok?
>
> Index: ssl.8
> ===
> RCS file: /cvs/src/share/man/man8/ssl.8,v
> retrieving revision 1.63
Add format attributes to the proper functions and then fix the warning in
session.c.
ok?
diff --git bgpd.h bgpd.h
index 5fa046e..eaf93e6 100644
--- bgpd.h
+++ bgpd.h
@@ -989,15 +989,24 @@ struct in6_addr *prefixlen2mask6(u_int8_t prefixlen);
/* log.c */
voidlog_init(int);
void
In ospfd, add format attributes to the proper functions and then fix the
warning in rde.c.
ok?
diff --git log.h log.h
index e0034e8..a682f67 100644
--- log.h
+++ log.h
@@ -23,13 +23,21 @@
void log_init(int);
void log_verbose(int);
-void logit(int, const char *, ...);
-void vlog(int,
In ospf6d, add format attributes to the proper functions and then fix the
warning in rde.c
ok?
diff --git log.h log.h
index 0cc7403..8cccd8f 100644
--- log.h
+++ log.h
@@ -23,14 +23,22 @@
voidlog_init(int);
voidlog_verbose(int);
-voidlogit(int, const char *, ...);
-void
Claudio Jeker(cje...@diehard.n-r-g.com) on 2016.05.31 08:10:22 +0200:
> On Mon, May 30, 2016 at 10:43:49PM +0200, Sebastian Benoit wrote:
> > Hi,
> >
> > this allows to have
> >
> > allow from any AS 64512 - 65534 ...
> > allow from any AS > 100
ok
Ted Unangst(t...@tedunangst.com) on 2016.06.01 13:41:01 -0400:
> Relative timestamps are much easier to decipher than absolute, when attempting
> to determine a program's behavior. Most of the time I care about how long
> since the last time. However, if I grep the output, then I lose the
with feedback from florian, sthen and claudio:
- i removed operators < <= > >=
- i kept != and = for symmetry.
- i thought about just using ! , but then it would be different from the
prefix operators. Willing to change it if you want that.
- i left the forth argument to aspath_match(), as its
Yes please.
I played with lower values in the past too and saw no problems.
And if we notice problems, we can fine tune it further.
ok.
Ted Unangst(t...@tedunangst.com) on 2016.06.01 15:37:53 -0400:
> Is there a reason the reboot timeout is so long?
>
> Here's what I observe. I connect to one
Bob Beck(b...@openbsd.org) on 2016.05.31 23:25:47 -0600:
> Honestly, I care little about the incompatibility because we are
> already different.
>
> However I do not think this is any "easier" - I never use
> /etc/services because frankly I can't
> predict what other non-openbsd systems will have
Hi,
this allows to have
allow from any AS 64512 - 65534 ...
allow from any AS > 100
etc in bgpd.conf.
Ignore the example file for now, i will commit that seperatly anyway.
One obvious improvment would be to be able to use this in bgpctl to restrict
the output of "show rib" a bit more.
David Gwynne(da...@gwynne.id.au) on 2016.05.30 17:16:24 +1000:
> llinfo_nd6 thinks its expiry may extend beyond a timeout interval.
>
> so it keeps track of the number of ticks it really wants via ln_ntick
> in llinfo_nd6 and schedules multiple timeouts to reach it.
>
> i think this is a waste
Ted Unangst(t...@tedunangst.com) on 2016.06.22 12:25:04 -0400:
> Marc Espie wrote:
> > This would allow pkg_add to auto-configure a mirror, for the case where
> > PKG_PATH was not specified and where pkg.conf does not exist.
> >
> > It only triggers when a location ends up empty and when run in
Henning Brauer(hb-openbsdt...@ml.bsws.de) on 2016.06.21 13:11:16 +0200:
> * Stefan Sperling [2016-06-21 11:15]:
> > Generally, I would appreciate more detailed error messages from the pf.conf
> > parser. I recall several occasions where pfctl threw "syntax error" and more
> >
o name cannot contain whitespace");
+ YYERROR;
+ }
if (symset($1, $3, 0) == -1)
err(1, "cannot store variable %s", $1);
free($1);
Sebastian Benoit(be...@openbsd.org) on 2016.0
Stefan Sperling(s...@stsp.name) on 2016.06.21 10:23:13 +0200:
> On Tue, Jun 21, 2016 at 10:14:52AM +0200, Sebastian Benoit wrote:
> >
> > same thing without a stupid helper function, pointed out by henning.
> >
> > diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y
i would like to make bgpd a bit more quiet.
This type of message
bgpd[59424]: nexthop 1.2.3.4 now valid: via 192.168.0.1
happens quite often depending on your upstreams. This makes it a debug
message only.
ok?
diff --git usr.sbin/bgpd/bgpd.c usr.sbin/bgpd/bgpd.c
index 8e0031e..8925086 100644
Mike Belopuhov(m...@belopuhov.com) on 2016.06.20 00:11:03 +0200:
> On Sun, Jun 19, 2016 at 23:43 +0200, Sebastian Benoit wrote:
> > manpage documents that af-to does not work on pass out rules, but the
> > pf.conf parser allows it, which leads a non working configuration b
manpage documents that af-to does not work on pass out rules, but the
pf.conf parser allows it, which leads a non working configuration being
loaded.
this changes the parser to make pass out .. af-to an error.
ok?
diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y
index 934438c..0fecba8 100644
Mike Belopuhov(m...@belopuhov.com) on 2016.06.20 00:01:28 +0200:
> On Sun, Jun 19, 2016 at 23:43 +0200, Sebastian Benoit wrote:
> > manpage documents that af-to does not work on pass out rules, but the
> > pf.conf parser allows it, which leads a non working configuration b
Christian Weisgerber(na...@mips.inka.de) on 2016.01.30 17:45:14 +0100:
> From a similar FreeBSD commit:
> Use standard name for ASCII LF and FF control codes.
>
> Only overdue by a few decades. OK?
ok
> Index: ascii.7
> ===
>
in relayd we use -v for that, so you need to run -d to get lots of
output. check main() there?
i think thats more intuitive, but maybe i'm just used to it.
Brent Cook(bust...@gmail.com) on 2016.01.20 06:31:44 -0600:
> Since the relatively recent logging unification, log_init needs a
> debug
Christian Weisgerber(na...@mips.inka.de) on 2016.04.12 14:43:50 +:
> On 2016-04-12, Martin Pieuchot wrote:
>
> > Relying on the "scopeid" field is not a viable long-term solution. I'm
> > spending too much time these days trying to figure out which interface
> > correspond
Martin Pieuchot(m...@openbsd.org) on 2016.04.12 16:25:36 +0200:
> On 12/04/16(Tue) 14:03, Stuart Henderson wrote:
> > On 2016/04/12 14:18, Claudio Jeker wrote:
> > > On Tue, Apr 12, 2016 at 01:47:53PM +0200, Stefan Sperling wrote:
> > > > On Tue, Apr 12, 2016 at 12:27:10PM +0100, Stuart Henderson
add missing RTF_CONNECTED.
remove ESIS (End System to Intermediate System Protocol), ann NDP in
comment.
add information about RTF_FMASK.
ok?
diff --git share/man/man4/route.4 share/man/man4/route.4
index 7c1402c..d17dbf3 100644
--- share/man/man4/route.4
+++ share/man/man4/route.4
@@ -356,23
Hi Fritjof,
frit...@alokat.org(frit...@alokat.org) on 2016.03.31 11:43:58 +0200:
> Wipe out the key from "user.key".
>
> --f.
>
> Index: login_yubikey.c
> ===
> RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
>
ok
Jeremie Courreges-Anglas(j...@wxcvbn.org) on 2016.03.31 19:16:14 +0200:
> Jeremie Courreges-Anglas writes:
>
> > Mike Belopuhov writes:
> >
> >> Good day, Dimitris.
> >>
> >> Long time ago in a galaxy far far away I've been using this
> >> alongside the
Jonathan Matthew(jonat...@d14n.org) on 2016.04.18 07:17:55 +1000:
> On Sun, Apr 10, 2016 at 04:36:15PM +1000, Jonathan Matthew wrote:
> > A while back (s2k15?), reyk@ suggested I take a look at converting ldapd to
> > use
> > libtls rather than the openssl api. Today I finally got around to it,
frit...@alokat.org(frit...@alokat.org) on 2016.03.31 23:43:54 +0200:
> On Thu, Mar 31, 2016 at 10:17:45PM +0200, Sebastian Benoit wrote:
> > Hi Fritjof,
> >
> > frit...@alokat.org(frit...@alokat.org) on 2016.03.31 11:43:58 +0200:
> > > Wipe out the key fro
ok benno@
Stefan Sperling(s...@stsp.name) on 2016.04.27 13:36:51 +0200:
> I'd like to add some 802.11n-related counters to netstat -W output.
>
> The first diff below is for the kernel, the second for netstat.
>
> ok?
>
> Index: ieee80211_input.c
>
ok
Ted Unangst(t...@tedunangst.com) on 2016.05.13 15:00:22 -0400:
> overzealous use of errx() hides useful information about the error.
>
>
> Index: bioctl.c
> ===
> RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
> retrieving revision
ok
J??r??mie Courr??ges-Anglas(j...@wxcvbn.org) on 2016.05.02 13:21:51 +0200:
>
> ndp.c doesn't have any #ifdef INET6 preprocessor directive, I can't see
> how keeping that in CPPFLAGS changes anything. While here, -I${.CURDIR}
> isn't needed either. Verified with sha256(1).
>
> ok?
>
>
Sebastien Marie(sema...@openbsd.org) on 2016.04.20 08:38:40 +0200:
> Hi,
>
> I noted that iked(8) default key (generated at boot time by rc(8) if it
> doesn't exist yet) aren't present in changelist(5), whereas the same
> keys for isakmpd(8) are.
>
> Does adding /etc/iked/local.pub and
reads ok benno@
Jeremie Courreges-Anglas(j...@wxcvbn.org) on 2016.08.02 13:48:11 +0200:
> Nima GHOTBI writes:
>
> > please try the attachments
> >
> > On Sun, Jul 31, 2016 at 7:27 PM, Jeremie Courreges-Anglas
> > wrote:
> >
> >> Nima GHOTBI
I am locking an account with
# doas usermod -Z foobar
after that, i want to remove the user from all groups:
# doas usermod -S '' foobar
usermod: Invalid password:
`*$2b$09$Pp.mDUEORDRbCUUy4D.Vf.EhvxVA.B1u0T7VAlsKN7sU7wqhs0l3W'
This happens in -current and is caused by
1 - 100 of 747 matches
Mail list logo