warning building libcrypto on amd64
Hello, When building libcrypto on amd64 I get this warning: (cd /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/md5 ; /usr/bin/perl ./asm/md5-x86_64.pl openbsd-elf) md5-x86_64.S Use of uninitialized value $output in pattern match (m//) at ./asm/md5-x86_64.pl line 115. Admittedly it's been a while since I've used perl for more than one-liners, so there may be a better solution. Index: md5-x86_64.pl === RCS file: /cvs/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl,v retrieving revision 1.1.1.3 diff -u -p -r1.1.1.3 md5-x86_64.pl --- md5-x86_64.pl 13 Apr 2014 15:16:34 - 1.1.1.3 +++ md5-x86_64.pl 25 Apr 2014 07:33:06 - @@ -112,7 +112,7 @@ my $flavour = shift; my $output = shift; if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); +my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || (defined $output $output =~ /\.asm$/)); $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; ( $xlate=${dir}x86_64-xlate.pl and -f $xlate ) or
Re: Remove rti_ifp from struct rt_addrinfo
On Fri, Apr 25, 2014 at 02:40:57AM +0200, Alexander Bluhm wrote: On Fri, Apr 25, 2014 at 09:09:03AM +0900, Ryan McBride wrote: Part of the reason it's there is to make carp work properly for services listening on the carp interface, in particular so that hosts in the BACKUP state will reach the MASTER rather than trying and failing to connect to their own carp interface. Maybe not needed in all setups, but likely to break things if we simply remove it. Why do you want to connect from the BACKUP machine to the MASTER using CARP addresses? Just add another fixed address and you can do that. Two reasons that come to mind are: 1) For troubleshooting, so I can ping or otherwise monitor the MASTER host. 2) In some cases it's undisireable (or even not possible) to run services on other IP addresses. For example, services that only allow you to configure 1 listening IP, or services where you wish to avoid users connecting to anything but the MASTER server. The current implementation may change the routing table in subtile ways until nothing works. In IPv6 the routes are fixed and there are less problems. In my opinion the current (intended) behaviour is correct; my preference would be to see this fixed rather than removed.
Re: Kill in_localaddr()
On 2014/04/24 16:41, Martin Pieuchot wrote: in_localaddr() is used only once in our tree and only if the sysctl net.inet.ip.mtudisc is set to 0. It is used to optimize the size of the MSS if the forward address correspond to a host on one of our subnets. Since it's an optimization for a special case that's not enabled by default, I'd like to kill it to remove one usage of the global list of IPv4 addresses. Is this definitely just an optimization or is it needed in order to set the correct mss on packets to a local destination? (I do set mtudisc=0 on boxes doing dynamic routing, to avoid one source of cloned routes which sometimes get in the way when restarting routing protocol daemons). Index: netinet/in.c === RCS file: /home/ncvs/src/sys/netinet/in.c,v retrieving revision 1.95 diff -u -p -r1.95 in.c --- netinet/in.c 10 Apr 2014 13:47:21 - 1.95 +++ netinet/in.c 24 Apr 2014 14:33:43 - @@ -99,22 +99,6 @@ int in_scrubprefix(struct in_ifaddr *); int in_addhost(struct in_ifaddr *); int in_scrubhost(struct in_ifaddr *); -/* Return 1 if an internet address is for a directly connected host */ -int -in_localaddr(struct in_addr in, u_int rdomain) -{ - struct in_ifaddr *ia; - - rdomain = rtable_l2(rdomain); - TAILQ_FOREACH(ia, in_ifaddr, ia_list) { - if (ia-ia_ifp-if_rdomain != rdomain) - continue; - if ((in.s_addr ia-ia_netmask) == ia-ia_net) - return (1); - } - return (0); -} - /* * Determine whether an IP address is in a reserved set of addresses * that may not be forwarded, or whether datagrams to that destination Index: netinet/in.h === RCS file: /home/ncvs/src/sys/netinet/in.h,v retrieving revision 1.107 diff -u -p -r1.107 in.h --- netinet/in.h 21 Apr 2014 10:07:58 - 1.107 +++ netinet/in.h 24 Apr 2014 14:33:43 - @@ -778,7 +778,6 @@ int in_broadcast(struct in_addr, stru int in_canforward(struct in_addr); int in_cksum(struct mbuf *, int); int in4_cksum(struct mbuf *, u_int8_t, int, int); -int in_localaddr(struct in_addr, u_int); voidin_proto_cksum_out(struct mbuf *, struct ifnet *); voidin_ifdetach(struct ifnet *); int in_mask2len(struct in_addr *); Index: netinet/tcp_input.c === RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.275 diff -u -p -r1.275 tcp_input.c --- netinet/tcp_input.c 21 Apr 2014 12:22:26 - 1.275 +++ netinet/tcp_input.c 24 Apr 2014 14:33:43 - @@ -3040,7 +3040,6 @@ tcp_mss(struct tcpcb *tp, int offer) goto out; } -#ifdef RTV_MTU /* * if there's an mtu associated with the route and we support * path MTU discovery for the underlying protocol family, use it. @@ -3058,23 +3057,21 @@ tcp_mss(struct tcpcb *tp, int offer) */ mss = IPV6_MMTU - iphlen - sizeof(struct ip6_frag) - sizeof(struct tcphdr); - } else - mss = rt-rt_rmx.rmx_mtu - iphlen - sizeof(struct tcphdr); - } else -#endif /* RTV_MTU */ - if (!ifp) + } else { + mss = rt-rt_rmx.rmx_mtu - iphlen - + sizeof(struct tcphdr); + } + } else if (!ifp) { /* * ifp may be null and rmx_mtu may be zero in certain * v6 cases (e.g., if ND wasn't able to resolve the * destination host. */ goto out; - else if (ifp-if_flags IFF_LOOPBACK) + } else if (ifp-if_flags IFF_LOOPBACK) { mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); - else if (tp-pf == AF_INET) { + } else if (tp-pf == AF_INET) { if (ip_mtudisc) - mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); - else if (inp in_localaddr(inp-inp_faddr, inp-inp_rtableid)) mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); } #ifdef INET6
Re: Kill in_localaddr()
On 25/04/14(Fri) 10:58, Stuart Henderson wrote: On 2014/04/24 16:41, Martin Pieuchot wrote: in_localaddr() is used only once in our tree and only if the sysctl net.inet.ip.mtudisc is set to 0. It is used to optimize the size of the MSS if the forward address correspond to a host on one of our subnets. Since it's an optimization for a special case that's not enabled by default, I'd like to kill it to remove one usage of the global list of IPv4 addresses. Is this definitely just an optimization or is it needed in order to set the correct mss on packets to a local destination? It is just an optimization is will now use the default size defined by net.inet.tcp.mssdflt as max instead of the mtu of the interface. (I do set mtudisc=0 on boxes doing dynamic routing, to avoid one source of cloned routes which sometimes get in the way when restarting routing protocol daemons). Maybe it makes sense to be able to clean such routes instead. Index: netinet/in.c === RCS file: /home/ncvs/src/sys/netinet/in.c,v retrieving revision 1.95 diff -u -p -r1.95 in.c --- netinet/in.c10 Apr 2014 13:47:21 - 1.95 +++ netinet/in.c24 Apr 2014 14:33:43 - @@ -99,22 +99,6 @@ int in_scrubprefix(struct in_ifaddr *); int in_addhost(struct in_ifaddr *); int in_scrubhost(struct in_ifaddr *); -/* Return 1 if an internet address is for a directly connected host */ -int -in_localaddr(struct in_addr in, u_int rdomain) -{ - struct in_ifaddr *ia; - - rdomain = rtable_l2(rdomain); - TAILQ_FOREACH(ia, in_ifaddr, ia_list) { - if (ia-ia_ifp-if_rdomain != rdomain) - continue; - if ((in.s_addr ia-ia_netmask) == ia-ia_net) - return (1); - } - return (0); -} - /* * Determine whether an IP address is in a reserved set of addresses * that may not be forwarded, or whether datagrams to that destination Index: netinet/in.h === RCS file: /home/ncvs/src/sys/netinet/in.h,v retrieving revision 1.107 diff -u -p -r1.107 in.h --- netinet/in.h21 Apr 2014 10:07:58 - 1.107 +++ netinet/in.h24 Apr 2014 14:33:43 - @@ -778,7 +778,6 @@ intin_broadcast(struct in_addr, stru int in_canforward(struct in_addr); int in_cksum(struct mbuf *, int); int in4_cksum(struct mbuf *, u_int8_t, int, int); -int in_localaddr(struct in_addr, u_int); void in_proto_cksum_out(struct mbuf *, struct ifnet *); void in_ifdetach(struct ifnet *); int in_mask2len(struct in_addr *); Index: netinet/tcp_input.c === RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.275 diff -u -p -r1.275 tcp_input.c --- netinet/tcp_input.c 21 Apr 2014 12:22:26 - 1.275 +++ netinet/tcp_input.c 24 Apr 2014 14:33:43 - @@ -3040,7 +3040,6 @@ tcp_mss(struct tcpcb *tp, int offer) goto out; } -#ifdef RTV_MTU /* * if there's an mtu associated with the route and we support * path MTU discovery for the underlying protocol family, use it. @@ -3058,23 +3057,21 @@ tcp_mss(struct tcpcb *tp, int offer) */ mss = IPV6_MMTU - iphlen - sizeof(struct ip6_frag) - sizeof(struct tcphdr); - } else - mss = rt-rt_rmx.rmx_mtu - iphlen - sizeof(struct tcphdr); - } else -#endif /* RTV_MTU */ - if (!ifp) + } else { + mss = rt-rt_rmx.rmx_mtu - iphlen - + sizeof(struct tcphdr); + } + } else if (!ifp) { /* * ifp may be null and rmx_mtu may be zero in certain * v6 cases (e.g., if ND wasn't able to resolve the * destination host. */ goto out; - else if (ifp-if_flags IFF_LOOPBACK) + } else if (ifp-if_flags IFF_LOOPBACK) { mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); - else if (tp-pf == AF_INET) { + } else if (tp-pf == AF_INET) { if (ip_mtudisc) - mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); - else if (inp in_localaddr(inp-inp_faddr, inp-inp_rtableid)) mss = ifp-if_mtu - iphlen - sizeof(struct tcphdr); } #ifdef INET6
Re: sysctl.8: add missing mtudisctimeout for ipv6
On 03/03/2014 04:09 PM, Jason McIntyre wrote: On Mon, Mar 03, 2014 at 10:46:40PM +0400, Loganaden Velvindron wrote: On Mon, Mar 3, 2014 at 5:41 PM, Jason McIntyre j...@kerhand.co.uk wrote: On Sun, Mar 02, 2014 at 10:51:22AM -0800, Loganaden Velvindron wrote: Hi, While going through some of the commit logs, I noticed that sysctl didn't list ip6.mtudisctimeout. Patch attached: Index: sbin/sysctl/sysctl.8 === RCS file: /cvs/src/sbin/sysctl/sysctl.8,v retrieving revision 1.173 diff -u -p -u -p -r1.173 sysctl.8 --- sbin/sysctl/sysctl.8 28 Oct 2013 21:02:35 - 1.173 +++ sbin/sysctl/sysctl.8 2 Mar 2014 18:45:29 - @@ -303,6 +303,7 @@ and a few require a kernel compiled with .It net.inet6.ip6.v6only Ta integer Ta no .It net.inet6.ip6.maxfrags Ta integer Ta yes .It net.inet6.ip6.mforwarding Ta integer Ta yes +.It net.inet6.ip6.mtudisctimeout Ta integer Ta yes .It net.inet6.ip6.multipath Ta integer Ta yes .It net.inet6.ip6.multicast_mtudisc Ta integer Ta yes .It net.inet6.icmp6.rediraccept Ta integer Ta yes should be accompanied by a corresponding entry in sysctl(3), along with a description. i've no idea what this stuff does, and i'm not volunteering to go find out. i notice there's a few of the ip6 sysctls not documented... which ipv6 sysctls are you referring to ? net.inet6.ip6.neighborgcthresh net.inet6.ip6.maxifprefixes net.inet6.ip6.maxifdefrouters net.inet6.ip6.maxdynroutes net.inet6.ip6.dad_pending net.inet6.ip6.mtudisctimeout any ip6 bods reading, feel free to help with a sentence or two. Do you still need help with this? Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: nginx.conf file limits
On 2014/04/21 19:10, Johnw wrote: Hi, would you like to add RLIMIT_NPROC setting to nginx.conf? Because I do not want/need nginx child run any command/fork so, I want set RLIMIT_NPROC=0 to nginx child process, but nginx ignore /etc/login.conf setting. While I think this is a nice idea, it should be submitted upstream rather than added to OpenBSD. Thank you. Index: src/core/nginx.c === RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v retrieving revision 1.8 diff -u -u -r1.8 nginx.c --- src/core/nginx.c15 May 2013 18:52:00 -1.8 +++ src/core/nginx.c21 Apr 2014 10:49:29 - @@ -104,6 +104,13 @@ 0, NULL }, +{ ngx_string(worker_rlimit_nproc), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + 0, + offsetof(ngx_core_conf_t, rlimit_nproc), + NULL }, + { ngx_string(worker_rlimit_nofile), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -963,6 +970,7 @@ ccf-worker_processes = NGX_CONF_UNSET; ccf-debug_points = NGX_CONF_UNSET; +ccf-rlimit_nproc = NGX_CONF_UNSET; ccf-rlimit_nofile = NGX_CONF_UNSET; ccf-rlimit_core = NGX_CONF_UNSET; ccf-rlimit_sigpending = NGX_CONF_UNSET; Index: src/core/ngx_cycle.h === RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v retrieving revision 1.5 diff -u -u -r1.5 ngx_cycle.h --- src/core/ngx_cycle.h1 Jun 2013 16:12:54 -1.5 +++ src/core/ngx_cycle.h21 Apr 2014 10:49:29 - @@ -79,6 +79,7 @@ ngx_int_tworker_processes; ngx_int_tdebug_points; + ngx_int_trlimit_nproc; ngx_int_trlimit_nofile; ngx_int_trlimit_sigpending; off_trlimit_core; Index: src/os/unix/ngx_process_cycle.c === RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v retrieving revision 1.12 diff -u -u -r1.12 ngx_process_cycle.c --- src/os/unix/ngx_process_cycle.c15 May 2013 18:52:01 -1.12 +++ src/os/unix/ngx_process_cycle.c21 Apr 2014 10:49:30 - @@ -950,6 +950,17 @@ ccf-username, ccf-group); } +if (ccf-rlimit_nproc != NGX_CONF_UNSET) { +rlmt.rlim_cur = (rlim_t) ccf-rlimit_nproc; +rlmt.rlim_max = (rlim_t) ccf-rlimit_nproc; + +if (setrlimit(RLIMIT_NPROC, rlmt) == -1) { +ngx_log_error(NGX_LOG_ALERT, cycle-log, ngx_errno, +setrlimit(RLIMIT_NPROC, %i) failed, +ccf-rlimit_nproc); +} +} + if (setuid(ccf-user) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle-log, ngx_errno, setuid(%d) failed, ccf-user); Index: src/core/nginx.c === RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v retrieving revision 1.8 diff -u -u -r1.8 nginx.c --- src/core/nginx.c 15 May 2013 18:52:00 - 1.8 +++ src/core/nginx.c 21 Apr 2014 10:49:29 - @@ -104,6 +104,13 @@ 0, NULL }, +{ ngx_string(worker_rlimit_nproc), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + 0, + offsetof(ngx_core_conf_t, rlimit_nproc), + NULL }, + { ngx_string(worker_rlimit_nofile), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -963,6 +970,7 @@ ccf-worker_processes = NGX_CONF_UNSET; ccf-debug_points = NGX_CONF_UNSET; +ccf-rlimit_nproc = NGX_CONF_UNSET; ccf-rlimit_nofile = NGX_CONF_UNSET; ccf-rlimit_core = NGX_CONF_UNSET; ccf-rlimit_sigpending = NGX_CONF_UNSET; Index: src/core/ngx_cycle.h === RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v retrieving revision 1.5 diff -u -u -r1.5 ngx_cycle.h --- src/core/ngx_cycle.h 1 Jun 2013 16:12:54 - 1.5 +++ src/core/ngx_cycle.h 21 Apr 2014 10:49:29 - @@ -79,6 +79,7 @@ ngx_int_tworker_processes; ngx_int_tdebug_points; + ngx_int_trlimit_nproc; ngx_int_trlimit_nofile; ngx_int_trlimit_sigpending; off_trlimit_core; Index: src/os/unix/ngx_process_cycle.c === RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v retrieving revision 1.12 diff -u -u -r1.12 ngx_process_cycle.c --- src/os/unix/ngx_process_cycle.c 15 May 2013 18:52:01 - 1.12 +++ src/os/unix/ngx_process_cycle.c 21 Apr
Re: Remove rti_ifp from struct rt_addrinfo
* Ryan McBride mcbr...@openbsd.org [2014-04-25 10:31]: On Fri, Apr 25, 2014 at 02:40:57AM +0200, Alexander Bluhm wrote: On Fri, Apr 25, 2014 at 09:09:03AM +0900, Ryan McBride wrote: Part of the reason it's there is to make carp work properly for services listening on the carp interface, in particular so that hosts in the BACKUP state will reach the MASTER rather than trying and failing to connect to their own carp interface. Maybe not needed in all setups, but likely to break things if we simply remove it. Why do you want to connect from the BACKUP machine to the MASTER using CARP addresses? Just add another fixed address and you can do that. Two reasons that come to mind are: 1) For troubleshooting, so I can ping or otherwise monitor the MASTER host. 2) In some cases it's undisireable (or even not possible) to run services on other IP addresses. For example, services that only allow you to configure 1 listening IP, or services where you wish to avoid users connecting to anything but the MASTER server. The current implementation may change the routing table in subtile ways until nothing works. In IPv6 the routes are fixed and there are less problems. In my opinion the current (intended) behaviour is correct; my preference would be to see this fixed rather than removed. given that -it is done for v4 only -it has been demonstrated to cause problems, namely screwed up routing tables -it, afair, not working in the unnumbered case at all the only conclusion I can come to is nuke it!. especially due to the 2nd point. I causes more harm than good in its current state. if this is desired (I can't really see the need to be honest) it must be done properly doing route priorities and marking routes down. This functionaity didn't exist when we did carp. Going that route (haha), the code for that wouldn't have much in common with what is currently there, so... I'm in favor of nuking. coincidently, I have a diff which does that :) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
patch /etc/X11/xinit/xinitrc
I submit two patches for the file /etc/X11/xinit/xinitrc: 1. patch.p1 it removes extra blank lines in the file. 2. patch.p2 it removes fvwm and xterm references since there is no reason why the user should choose such applications. --- HLG patch.p1 Description: patch.p1 patch.p2 Description: patch.p2