Re: dhclient ignore
Ted Unangst wrote:
>[...] I just want to say "pretend this option did not arrive."
>
>Diff below adds a little support for an ignore keyword. Like
>supersede, except don't actually use the supplied value.
Put another way, dhclient has a "default permit" policy (it will use
any nameserver information sent by the dhcp server even when you
didn't ask the server for that information in the first place), and
you want to add a blacklist on top of that (in other words, manually
enumerate badness in /etc/dhclient.conf). I think it would be much
better for dhclient to have a "default deny" policy (always ignore any
information coming from the server that you didn't ask for) and use
what is actually requested by dhclient from the server as a whitelist.
See here http://marc.info/?l=openbsd-tech&m=131302612614702&w=2 for a
previous message of mine on that topic, and here
http://marc.info/?l=openbsd-misc&m=131914644924795&w=2 for another
discussion.
Brynet wrote:
>I was under the impression that if you added an "request" statement
>excluding the 'domain-name-servers' option the server would honour that and
>only offer the options you've explictly requested..
No, in practice many dhcp servers will send you nameserver information
even when you don't ask for it (I guess it's ISPs' way of saying they
think they know better than their users what's good for them...)
>Does something like this work for you?
>
>interface "em0" {
> request subnet-mask, broadcast-address, routers, domain-name-servers;
>}
>
>interface "em1" {
> request subnet-mask, broadcast-address, routers;
>}
This would work if dhclient were using a "default deny" policy.
Unfortunately it doesn't, so your suggestion doesn't work.
Philippe
Re: dhclient ignore
One can set a dhclient-script to ignore things and then call
the real dhclient-script, but I like this diff better.
Penned by Kenneth R Westerback on 20120726 21:43.39, we have:
| I like this on first read. In fact I thought this already existed.
| I'll actually look more closely at the code tomorrow.
|
| Ken
|
| On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
| > I have a system with two network interfaces (em0 and em1), running dhcp
| > on both. Both dhcp servers provide me with a nameserver, but only one
| > of them works (I can't fix this). There is a config file for dhclient
| > I can use, but it only supports the supersede keyword. I don't want
| > to statically configure a nameserver override for em1, because the
| > whole point is that the good nameserver on em0 can change. I just
| > want to say "pretend this option did not arrive."
| >
| > Diff below adds a little support for an ignore keyword. Like
| > supersede, except don't actually use the supplied value.
| >
| > Index: clparse.c
| > ===
| > RCS file: /cvs/src/sbin/dhclient/clparse.c,v
| > retrieving revision 1.38
| > diff -u -p -r1.38 clparse.c
| > --- clparse.c 10 Dec 2011 17:15:27 - 1.38
| > +++ clparse.c 27 Jul 2012 01:59:10 -
| > @@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
| > if (code != -1)
| > config->default_actions[code] = ACTION_SUPERSEDE;
| > return;
| > + case TOK_IGNORE:
| > + code = parse_option_decl(cfile, &config->defaults[0]);
| > + if (code != -1)
| > + config->default_actions[code] = ACTION_IGNORE;
| > + return;
| > case TOK_APPEND:
| > code = parse_option_decl(cfile, &config->defaults[0]);
| > if (code != -1)
| > Index: conflex.c
| > ===
| > RCS file: /cvs/src/sbin/dhclient/conflex.c,v
| > retrieving revision 1.14
| > diff -u -p -r1.14 conflex.c
| > --- conflex.c 10 Dec 2011 17:36:40 - 1.14
| > +++ conflex.c 27 Jul 2012 01:15:19 -
| > @@ -337,6 +337,7 @@ static const struct keywords {
| > { "filename", TOK_FILENAME },
| > { "fixed-address", TOK_FIXED_ADDR },
| > { "hardware", TOK_HARDWARE },
| > + { "ignore", TOK_IGNORE },
| > { "initial-interval", TOK_INITIAL_INTERVAL },
| > { "interface", TOK_INTERFACE },
| > { "lease", TOK_LEASE },
| > Index: dhclient.c
| > ===
| > RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
| > retrieving revision 1.146
| > diff -u -p -r1.146 dhclient.c
| > --- dhclient.c 9 Jul 2012 16:21:21 - 1.146
| > +++ dhclient.c 27 Jul 2012 01:59:35 -
| > @@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
| > if (config->defaults[i].len) {
| > if (lease->options[i].len) {
| > switch (config->default_actions[i]) {
| > + case ACTION_IGNORE:
| > + /* handled below */
| > + break;
| > case ACTION_DEFAULT:
| > dp = lease->options[i].data;
| > len = lease->options[i].len;
| > @@ -1588,6 +1591,9 @@ supersede:
| > len = lease->options[i].len;
| > dp = lease->options[i].data;
| > } else {
| > + len = 0;
| > + }
| > + if (len && config->default_actions[i] == ACTION_IGNORE) {
| > len = 0;
| > }
| > if (len) {
| > Index: dhclient.conf.5
| > ===
| > RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
| > retrieving revision 1.21
| > diff -u -p -r1.21 dhclient.conf.5
| > --- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
| > +++ dhclient.conf.5 27 Jul 2012 02:05:28 -
| > @@ -244,6 +244,14 @@ in the
| > .Ic supersede
| > statement.
| > .It Xo
| > +.Ic ignore No { Op Ar option declaration
| > +.Oo , Ar ... option declaration Oc }
| > +.Xc
| > +If for some set of options the client should always ignore the
| > +value supplied by the s
Re: dhclient ignore
On Fri, Jul 27, 2012 at 00:42, Brynet wrote:
> On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
>> I have a system with two network interfaces (em0 and em1), running dhcp
>> on both. Both dhcp servers provide me with a nameserver, but only one
>> of them works (I can't fix this). There is a config file for dhclient
>> I can use, but it only supports the supersede keyword. I don't want
>> to statically configure a nameserver override for em1, because the
>> whole point is that the good nameserver on em0 can change. I just
>> want to say "pretend this option did not arrive."
>>
>> Diff below adds a little support for an ignore keyword. Like
>> supersede, except don't actually use the supplied value.
>
> Not commenting on the diff or the feature, which could indeed be the
> corect solution, if maybe only to work around some strict/broken servers.
>
> I was under the impression that if you added an "request" statement
> excluding the 'domain-name-servers' option the server would honour that and
> only offer the options you've explictly requested..
>
> Does something like this work for you?
>
> interface "em0" {
> request subnet-mask, broadcast-address, routers, domain-name-servers;
> }
>
> interface "em1" {
> request subnet-mask, broadcast-address, routers;
> }
Oh, nice, I hadn't thought of that. On the downside, if I add another
interface that works normally, I've made a mess of dhclient.conf. I'd
much prefer to blacklist interfaces instead of relying on an endless
series of whitelists.
That said, the part about the server should honor this is sadly not
true. In a quick test, the server still sent back domain-name-servers
even though it wasn't requested, and the way the dhclient code is
written, it will accept unrequested options. I'm not convinced this
is a bug in either server or client, I can justify both behaviors,
even if they frustrate me atm.
Re: Reduce IPI traffic from signals
On Mon, 23 Jul 2012 20:45:17 +0400 Alexander Polakov wrote: > This diff reduces IPI traffic for a case when process A is sending > a lot of signals to process B running on a different CPU. userret() > delivers all process signals at once, so there is no need to send > an interrupt for every signal. > > The problem was noticed by rtorrent 0.9.2 users, which does exactly > this, which led to process/system hangs and slowness. > > Tested and known to help on amd64 by me and dcoppa@. Hi Alexander and tech, I've tried this on i386-current built July 25, building ports of rtorrent 0.9.2 and libtorrent 13.2 (instead of the reverted versions). With upload and download rates between 40-50k in each direction, systat reports ipi between 13 and 5696 prior to this patch being applied (on a June 25th -current). The ipi sits between 10 and 82 with this patch. The keyboard navigation in the rtorrent ncurses interface seems a bit more responsive, too. Brett.
Re: dhclient ignore
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
> I have a system with two network interfaces (em0 and em1), running dhcp
> on both. Both dhcp servers provide me with a nameserver, but only one
> of them works (I can't fix this). There is a config file for dhclient
> I can use, but it only supports the supersede keyword. I don't want
> to statically configure a nameserver override for em1, because the
> whole point is that the good nameserver on em0 can change. I just
> want to say "pretend this option did not arrive."
>
> Diff below adds a little support for an ignore keyword. Like
> supersede, except don't actually use the supplied value.
Not commenting on the diff or the feature, which could indeed be the
corect solution, if maybe only to work around some strict/broken servers.
I was under the impression that if you added an "request" statement
excluding the 'domain-name-servers' option the server would honour that and
only offer the options you've explictly requested..
Does something like this work for you?
interface "em0" {
request subnet-mask, broadcast-address, routers, domain-name-servers;
}
interface "em1" {
request subnet-mask, broadcast-address, routers;
}
-Bryan.
Re: dhclient ignore
I like this on first read. In fact I thought this already existed.
I'll actually look more closely at the code tomorrow.
Ken
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
> I have a system with two network interfaces (em0 and em1), running dhcp
> on both. Both dhcp servers provide me with a nameserver, but only one
> of them works (I can't fix this). There is a config file for dhclient
> I can use, but it only supports the supersede keyword. I don't want
> to statically configure a nameserver override for em1, because the
> whole point is that the good nameserver on em0 can change. I just
> want to say "pretend this option did not arrive."
>
> Diff below adds a little support for an ignore keyword. Like
> supersede, except don't actually use the supplied value.
>
> Index: clparse.c
> ===
> RCS file: /cvs/src/sbin/dhclient/clparse.c,v
> retrieving revision 1.38
> diff -u -p -r1.38 clparse.c
> --- clparse.c 10 Dec 2011 17:15:27 - 1.38
> +++ clparse.c 27 Jul 2012 01:59:10 -
> @@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
> if (code != -1)
> config->default_actions[code] = ACTION_SUPERSEDE;
> return;
> + case TOK_IGNORE:
> + code = parse_option_decl(cfile, &config->defaults[0]);
> + if (code != -1)
> + config->default_actions[code] = ACTION_IGNORE;
> + return;
> case TOK_APPEND:
> code = parse_option_decl(cfile, &config->defaults[0]);
> if (code != -1)
> Index: conflex.c
> ===
> RCS file: /cvs/src/sbin/dhclient/conflex.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 conflex.c
> --- conflex.c 10 Dec 2011 17:36:40 - 1.14
> +++ conflex.c 27 Jul 2012 01:15:19 -
> @@ -337,6 +337,7 @@ static const struct keywords {
> { "filename", TOK_FILENAME },
> { "fixed-address", TOK_FIXED_ADDR },
> { "hardware", TOK_HARDWARE },
> + { "ignore", TOK_IGNORE },
> { "initial-interval", TOK_INITIAL_INTERVAL },
> { "interface", TOK_INTERFACE },
> { "lease", TOK_LEASE },
> Index: dhclient.c
> ===
> RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
> retrieving revision 1.146
> diff -u -p -r1.146 dhclient.c
> --- dhclient.c9 Jul 2012 16:21:21 - 1.146
> +++ dhclient.c27 Jul 2012 01:59:35 -
> @@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
> if (config->defaults[i].len) {
> if (lease->options[i].len) {
> switch (config->default_actions[i]) {
> + case ACTION_IGNORE:
> + /* handled below */
> + break;
> case ACTION_DEFAULT:
> dp = lease->options[i].data;
> len = lease->options[i].len;
> @@ -1588,6 +1591,9 @@ supersede:
> len = lease->options[i].len;
> dp = lease->options[i].data;
> } else {
> + len = 0;
> + }
> + if (len && config->default_actions[i] == ACTION_IGNORE) {
> len = 0;
> }
> if (len) {
> Index: dhclient.conf.5
> ===
> RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
> retrieving revision 1.21
> diff -u -p -r1.21 dhclient.conf.5
> --- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
> +++ dhclient.conf.5 27 Jul 2012 02:05:28 -
> @@ -244,6 +244,14 @@ in the
> .Ic supersede
> statement.
> .It Xo
> +.Ic ignore No { Op Ar option declaration
> +.Oo , Ar ... option declaration Oc }
> +.Xc
> +If for some set of options the client should always ignore the
> +value supplied by the server, these values can be defined in the
> +.Ic ignore
> +statement.
> +.It Xo
> .Ic prepend No { Op Ar option declaration
> .Oo , Ar ... option declaration Oc }
> .Xc
> Index: dhcpd.h
> ===
> RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
> retrieving revision 1.76
> diff -u -p -r1.76 dhcpd.h
> --- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
> +++ dhcpd.h 27 Jul 2012 01:18:18 -
> @@ -130,6 +130,7 @@ struct client_config {
> struct option_data defaults[256];
> enum {
> ACTION_DEFAULT,
> + ACTION_IGNORE,
> ACTION_SUPERSEDE,
> ACTION_PREPEND,
> ACTION_APPEND
> Index:
dhclient ignore
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say "pretend this option did not arrive."
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Index: clparse.c
===
RCS file: /cvs/src/sbin/dhclient/clparse.c,v
retrieving revision 1.38
diff -u -p -r1.38 clparse.c
--- clparse.c 10 Dec 2011 17:15:27 - 1.38
+++ clparse.c 27 Jul 2012 01:59:10 -
@@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
if (code != -1)
config->default_actions[code] = ACTION_SUPERSEDE;
return;
+ case TOK_IGNORE:
+ code = parse_option_decl(cfile, &config->defaults[0]);
+ if (code != -1)
+ config->default_actions[code] = ACTION_IGNORE;
+ return;
case TOK_APPEND:
code = parse_option_decl(cfile, &config->defaults[0]);
if (code != -1)
Index: conflex.c
===
RCS file: /cvs/src/sbin/dhclient/conflex.c,v
retrieving revision 1.14
diff -u -p -r1.14 conflex.c
--- conflex.c 10 Dec 2011 17:36:40 - 1.14
+++ conflex.c 27 Jul 2012 01:15:19 -
@@ -337,6 +337,7 @@ static const struct keywords {
{ "filename", TOK_FILENAME },
{ "fixed-address", TOK_FIXED_ADDR },
{ "hardware", TOK_HARDWARE },
+ { "ignore", TOK_IGNORE },
{ "initial-interval", TOK_INITIAL_INTERVAL },
{ "interface", TOK_INTERFACE },
{ "lease", TOK_LEASE },
Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.146
diff -u -p -r1.146 dhclient.c
--- dhclient.c 9 Jul 2012 16:21:21 - 1.146
+++ dhclient.c 27 Jul 2012 01:59:35 -
@@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
if (config->defaults[i].len) {
if (lease->options[i].len) {
switch (config->default_actions[i]) {
+ case ACTION_IGNORE:
+ /* handled below */
+ break;
case ACTION_DEFAULT:
dp = lease->options[i].data;
len = lease->options[i].len;
@@ -1588,6 +1591,9 @@ supersede:
len = lease->options[i].len;
dp = lease->options[i].data;
} else {
+ len = 0;
+ }
+ if (len && config->default_actions[i] == ACTION_IGNORE) {
len = 0;
}
if (len) {
Index: dhclient.conf.5
===
RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
retrieving revision 1.21
diff -u -p -r1.21 dhclient.conf.5
--- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
+++ dhclient.conf.5 27 Jul 2012 02:05:28 -
@@ -244,6 +244,14 @@ in the
.Ic supersede
statement.
.It Xo
+.Ic ignore No { Op Ar option declaration
+.Oo , Ar ... option declaration Oc }
+.Xc
+If for some set of options the client should always ignore the
+value supplied by the server, these values can be defined in the
+.Ic ignore
+statement.
+.It Xo
.Ic prepend No { Op Ar option declaration
.Oo , Ar ... option declaration Oc }
.Xc
Index: dhcpd.h
===
RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
retrieving revision 1.76
diff -u -p -r1.76 dhcpd.h
--- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
+++ dhcpd.h 27 Jul 2012 01:18:18 -
@@ -130,6 +130,7 @@ struct client_config {
struct option_data defaults[256];
enum {
ACTION_DEFAULT,
+ ACTION_IGNORE,
ACTION_SUPERSEDE,
ACTION_PREPEND,
ACTION_APPEND
Index: dhctoken.h
===
RCS file: /cvs/src/sbin/dhclient/dhctoken.h,v
retrieving revision 1.5
diff -u -p -r1.5 dhctoken.h
--- dhctoken.h 15 May 2006 08:10:57 - 1.5
+++ dhctoken.h 27 Jul 2012 01:15:54 -
@@ -79,6 +79,7 @@
#define TOK_REJECT 2
Diff pflog.4 - sync struct pfloghdr with current
Index: share/man/man4/pflog.4 === RCS file: /cvs/src/share/man/man4/pflog.4,v retrieving revision 1.10 diff -u -r1.10 pflog.4 --- share/man/man4/pflog.4 31 May 2007 19:19:51 - 1.10 +++ share/man/man4/pflog.4 26 Jul 2012 17:39:56 - @@ -68,7 +68,7 @@ u_int8_taction; u_int8_treason; charifname[IFNAMSIZ]; - charruleset[PF_RULESET_NAME_SIZE]; + charruleset[PFLOG_RULESET_NAME_SIZE]; u_int32_t rulenr; u_int32_t subrulenr; uid_t uid; @@ -76,7 +76,13 @@ uid_t rule_uid; pid_t rule_pid; u_int8_tdir; - u_int8_tpad[3]; + u_int8_trewritten; + sa_family_t naf; + u_int8_tpad[1]; + struct pf_addr saddr; + struct pf_addr daddr; + u_int16_t sport; + u_int16_t dport; }; .Ed .Sh EXAMPLES
arc4random.3: no more slow random(4) devices
The expensive random(4) devices referred to don't exist any longer and aren't described in that man page, but it's probably worth mentioning how arc4random(3) is different from rand(3) etc. Index: arc4random.3 === RCS file: /cvs/src/lib/libc/crypt/arc4random.3,v retrieving revision 1.27 diff -u -p -r1.27 arc4random.3 --- arc4random.323 Dec 2008 18:31:02 - 1.27 +++ arc4random.326 Jul 2012 14:55:01 - @@ -69,10 +69,7 @@ which uses 8*8 8-bit S-Boxes. The S-Boxes can be in about (2**1700) states. .Pp .Fn arc4random -fits into a middle ground not covered by other subsystems such as -the strong, slow, and resource expensive random -devices described in -.Xr random 4 +provides a cryptographically secure pseudo-random number generator versus the fast but poor quality interfaces described in .Xr rand 3 , .Xr random 3 , -- Christian "naddy" Weisgerber na...@mips.inka.de
Paga $55 por Pendrive Kingston de 8 GB. SOLO POR HOY!!!
Si no podes visualizar este mail, ingresa a: http://news1.bonuscupon.com.ar/r.html?uid=1.27.295h.128.gydionacve
