Re: diff for ssh/sftp/scp -j

[Sebastian Benoit]

Holger Mikolon(hol...@mikolon.com) on 2017.11.25 23:16:54 +0100:
> Hi tech@
> 
> at work I can ssh (hence cvs) to public servers only via a ProxyCommand
> specified in /etc/ssh/ssh_config.
> 
> However, with the ProxyCommand set I cannot ssh into servers in the
> internal network. So I end up changing ssh_config depending on my
> use case over and over. This bothered me enough to come up with the
> following simple diff. It adds a command line option -j to ssh/sftp/scp
> for ignoring the ProxyCommand. Of course "-j" can be changed to any
> other free letter.
> 
> Anyone else finding this useful? Comments?

well, you could also just have two config files and use

  ssh -F $HOME/.ssh/config_with_proxy

and since thats too long to type

  alias sshp="ssh -F $HOME/.ssh/config_with_proxy"

imho not worth yet another option.

/Benno

 
> Regards
> Holger
> ;-se
> 
> 
> Index: usr.bin/ssh/scp.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/scp.c,v
> retrieving revision 1.193
> diff -u -p -u -r1.193 scp.c
> --- usr.bin/ssh/scp.c 21 Oct 2017 23:06:24 -  1.193
> +++ usr.bin/ssh/scp.c 25 Nov 2017 21:59:05 -
> @@ -400,7 +400,7 @@ main(int argc, char **argv)
>   addargs(, "-oClearAllForwardings=yes");
>  
>   fflag = tflag = 0;
> - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
> + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:jP:q12346S:o:F:")) != -1)
>   switch (ch) {
>   /* User-visible flags. */
>   case '1':
> @@ -426,6 +426,9 @@ main(int argc, char **argv)
>   addargs(_remote_args, "%s", optarg);
>   addargs(, "-%c", ch);
>   addargs(, "%s", optarg);
> + break;
> + case 'j':
> + addargs(, "-j");
>   break;
>   case 'P':
>   sshport = a2port(optarg);
> Index: usr.bin/ssh/sftp.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
> retrieving revision 1.182
> diff -u -p -u -r1.182 sftp.c
> --- usr.bin/ssh/sftp.c3 Nov 2017 03:46:52 -   1.182
> +++ usr.bin/ssh/sftp.c25 Nov 2017 21:59:05 -
> @@ -2303,7 +2303,7 @@ main(int argc, char **argv)
>   infile = stdin;
>  
>   while ((ch = getopt(argc, argv,
> - "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
> + "1246afhpqrvCc:D:i:jl:o:s:S:b:B:F:P:R:")) != -1) {
>   switch (ch) {
>   /* Passed through to ssh(1) */
>   case '4':
> @@ -2318,6 +2318,9 @@ main(int argc, char **argv)
>   case 'o':
>   addargs(, "-%c", ch);
>   addargs(, "%s", optarg);
> + break;
> + case 'j':
> + addargs(, "-j");
>   break;
>   case 'q':
>   ll = SYSLOG_LEVEL_ERROR;
> Index: usr.bin/ssh/ssh.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
> retrieving revision 1.469
> diff -u -p -u -r1.469 ssh.c
> --- usr.bin/ssh/ssh.c 1 Nov 2017 00:04:15 -   1.469
> +++ usr.bin/ssh/ssh.c 25 Nov 2017 21:59:05 -
> @@ -583,7 +583,7 @@ main(int ac, char **av)
>   argv0 = av[0];
>  
>   again:
> - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
> + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:jkl:m:no:p:qstvx"
>   "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
>   switch (opt) {
>   case '1':
> @@ -626,6 +626,9 @@ main(int ac, char **av)
>   break;
>   case 'g':
>   options.fwd_opts.gateway_ports = 1;
> + break;
> + case 'j':
> + options.proxy_command = xstrdup("none");
>   break;
>   case 'O':
>   if (options.stdio_forward_host != NULL)
> 

diff for ssh/sftp/scp -j

[Holger Mikolon]

Hi tech@

at work I can ssh (hence cvs) to public servers only via a ProxyCommand
specified in /etc/ssh/ssh_config.

However, with the ProxyCommand set I cannot ssh into servers in the
internal network. So I end up changing ssh_config depending on my
use case over and over. This bothered me enough to come up with the
following simple diff. It adds a command line option -j to ssh/sftp/scp
for ignoring the ProxyCommand. Of course "-j" can be changed to any
other free letter.

Anyone else finding this useful? Comments?

Regards
Holger
;-se


Index: usr.bin/ssh/scp.c
===
RCS file: /cvs/src/usr.bin/ssh/scp.c,v
retrieving revision 1.193
diff -u -p -u -r1.193 scp.c
--- usr.bin/ssh/scp.c   21 Oct 2017 23:06:24 -  1.193
+++ usr.bin/ssh/scp.c   25 Nov 2017 21:59:05 -
@@ -400,7 +400,7 @@ main(int argc, char **argv)
addargs(, "-oClearAllForwardings=yes");
 
fflag = tflag = 0;
-   while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
+   while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:jP:q12346S:o:F:")) != -1)
switch (ch) {
/* User-visible flags. */
case '1':
@@ -426,6 +426,9 @@ main(int argc, char **argv)
addargs(_remote_args, "%s", optarg);
addargs(, "-%c", ch);
addargs(, "%s", optarg);
+   break;
+   case 'j':
+   addargs(, "-j");
break;
case 'P':
sshport = a2port(optarg);
Index: usr.bin/ssh/sftp.c
===
RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.182
diff -u -p -u -r1.182 sftp.c
--- usr.bin/ssh/sftp.c  3 Nov 2017 03:46:52 -   1.182
+++ usr.bin/ssh/sftp.c  25 Nov 2017 21:59:05 -
@@ -2303,7 +2303,7 @@ main(int argc, char **argv)
infile = stdin;
 
while ((ch = getopt(argc, argv,
-   "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
+   "1246afhpqrvCc:D:i:jl:o:s:S:b:B:F:P:R:")) != -1) {
switch (ch) {
/* Passed through to ssh(1) */
case '4':
@@ -2318,6 +2318,9 @@ main(int argc, char **argv)
case 'o':
addargs(, "-%c", ch);
addargs(, "%s", optarg);
+   break;
+   case 'j':
+   addargs(, "-j");
break;
case 'q':
ll = SYSLOG_LEVEL_ERROR;
Index: usr.bin/ssh/ssh.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.469
diff -u -p -u -r1.469 ssh.c
--- usr.bin/ssh/ssh.c   1 Nov 2017 00:04:15 -   1.469
+++ usr.bin/ssh/ssh.c   25 Nov 2017 21:59:05 -
@@ -583,7 +583,7 @@ main(int ac, char **av)
argv0 = av[0];
 
  again:
-   while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+   while ((opt = getopt(ac, av, "1246ab:c:e:fgi:jkl:m:no:p:qstvx"
"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -626,6 +626,9 @@ main(int ac, char **av)
break;
case 'g':
options.fwd_opts.gateway_ports = 1;
+   break;
+   case 'j':
+   options.proxy_command = xstrdup("none");
break;
case 'O':
if (options.stdio_forward_host != NULL)

Re: patching use-after-free and innocent memory leak in pfctl_optimzie.c

[Alexandr Nedvedicky]

On Fri, Nov 24, 2017 at 07:22:58PM +0100, Alexander Bluhm wrote:
> On Fri, Nov 24, 2017 at 01:11:08PM +0100, Alexandr Nedvedicky wrote:
> > the patch below is part of larger diff [1] I've sent earlier.  Leonardo 
> > seen a
> > pfctl.core, when pfctl_optimize failed to create a radix table. The use 
> > after
> > free happens in superblock_free() at 1621:
> 
> I have seen exactly the same crash this week.  My analysis came to
> the same result as yours.  But while I was still considering whether
> a reference count would be overkill for such a short-lived tool,
> you just fixed the bug.  Thanks!

thanks for looking at my changes. I had same doubts if I should go
for reference count overkill. Then finally the passion for correct
code won.

> 
> > @@ -315,9 +317,10 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct 
> > pf_ruleset *rs)
> > err(1, "calloc");
> > memcpy(r, >por_rule, sizeof(*r));
> > TAILQ_INSERT_TAIL(rs->rules.active.ptr, r, entries);
> > -   free(por);
> > +   pf_opt_table_unref(por->por_src_tbl);
> > +   pf_opt_table_unref(por->por_dst_tbl);
> > }
> > -   free(block);
> > +   superblock_free(pf, block);
> > }
> >  
> > return (0);
> 
> I think you must not remove the free(por) line.  It is correct in
> your larger diff, but here you leak memory.

good catch, you are right.

thanks a lot
regards
sasha

Re: [patch] snmpd hrStorageSize negative values

[Joel Knight]

On Thu, Mar 9, 2017 at 10:02 PM, Joel Knight  wrote:
> Hi.
>
> snmpd(8) uses unsigned ints internally to represent the size and used
> space of a file system. The HOST-RESOURCES-MIB defines the valid
> values for those OIDs as 0..2147483647. With sufficiently large file
> systems, this can cause negative numbers to be returned for the size
> and used space OIDs.
>
> .1.3.6.1.2.1.25.2.3.1.5.36=-1573167768

Hi. Just wanted to bump this again and see if anyone that cares about
snmp could take a look? Looking for oks and someone who wouldn't mind
committing it.


> At sthen's suggestion, do what net-snmp does and fiddle with the
> values to prevent wrapping. Yes this mucks with the actual values of
> size, used space, and block size, but it allows snmpd to convey the
> proper size and used space of the file system which is what most
> everybody is really interested in.
>
> In case gmail hoses this diff, it's also here:
> https://www.packetmischief.ca/files/patches/snmpd.hrstorage2.diff
Index: usr.sbin/snmpd/mib.c
===
RCS file: /data/cvs-mirror/OpenBSD/src/usr.sbin/snmpd/mib.c,v
retrieving revision 1.80
diff -p -u -r1.80 mib.c
--- usr.sbin/snmpd/mib.c17 Nov 2015 12:30:23 -  1.80
+++ usr.sbin/snmpd/mib.c19 Feb 2017 20:01:46 -
@@ -643,6 +643,14 @@ mib_hrstorage(struct oid *oid, struct be
units = mnt->f_bsize;
size = mnt->f_blocks;
used = mnt->f_blocks - mnt->f_bfree;
+
+   /* for large filesystems, do not overflow hrStorageSize */
+   while (size > INT32_MAX) {
+   size = size >> 1;
+   units = units << 1;
+   used = used >> 1;
+   }
+
sop = [3];
break;
}

Re: fortune: typo: than -> then

[Theo Buehler]

fixed, thanks

Re: openssl s_time, speed: use monotime for absolute interval measurement

[Brent Cook]

Thanks guys. This will make enabling this on the odder platforms in
portable easier.

On Fri, Nov 24, 2017 at 7:03 AM, Scott Cheloha 
wrote:

> > On Nov 24, 2017, at 6:58 AM, Jeremie Courreges-Anglas 
> wrote:
> >
> > On Wed, Nov 22 2017, Scott Cheloha  wrote:
> >> Whoops, ignore that last patch, it lacked the
> >> static changes in apps_posix.c
> >
> > This looks good to me.  I'm tempted to commit the apps_posix.c part
> > first: it seems to me that app_tminterval() could be reused in s_time.c,
> > leading to simpler code instead of inlining clock_gettime calls.
>
> I intend to refactor that module next.  One thing I was going to
> do was abstract away the timer interface, so that works.
>
> --
> Scott Cheloha
>
>

armv7/sxie: some fixes

[Artturi Alm]

Hi,

kind of embarassing, but i guess i originally went w/what was enough to
get booting/building over eth, and i blindly followed freebsd driver
more than i should of - as it is clearly nothing but copypaste with
even comments included from linux.. yep.

so sxie has these bugs like trying to flush via rx filter control register
etc., just like every other driver(free,net,linux) i've seen for allwinner
emac still do.
mostly fixed in the diff below, that is huge, i know, but anyone is free
to pick what they want, if anything. :)

i used UM10326.pdf by NXP for ie. the _softreset() below, more specifically
"Chapter 14: LPC32x0 Ethernet Media Access Controller (MAC)".
freebsd has driver for it too, but the "scatter gather dma engines" in it
were different enough to what exists for sun4i emac, so i gave up trying to
fit the pieces before getting hands dirty.

-Artturi


diff --git a/sys/arch/armv7/sunxi/sxie.c b/sys/arch/armv7/sunxi/sxie.c
index 116fda5f8d7..e428425d7f8 100644
--- a/sys/arch/armv7/sunxi/sxie.c
+++ b/sys/arch/armv7/sunxi/sxie.c
@@ -51,105 +51,182 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #include 
 
-/* configuration registers */
-#defineSXIE_CR 0x
+#if defined(DEBUG) || defined(DIAGNOSTIC)
+#defineSXIE_CD (ifp->if_flags & IFF_DEBUG)
+#defineSXIEDBG(x)  do { if (SXIE_CD) printf((x)); } while (0)
+#else
+#defineSXIE_CD (0)
+#defineSXIEDBG(x)  do { } while (0)
+#endif
+
+/* control registers */
+#defineSXIE_CMDR   0x
 #defineSXIE_TXMODE 0x0004
-#defineSXIE_TXFLOW 0x0008
+#defineSXIE_TXFLOW 0x0008  /* unused */
 #defineSXIE_TXCR0  0x000c
 #defineSXIE_TXCR1  0x0010
 #defineSXIE_TXINS  0x0014
+/*
+ * XXX was wondering, what if these TXPKTLEN registers
+ * are actually part of memory mapped tx 'fake' descriptors,
+ * something like w/DMA but only via register map or something?
+ * should add some dbg and try to figure out:)
+ */
 #defineSXIE_TXPKTLEN0  0x0018
 #defineSXIE_TXPKTLEN1  0x001c
-#defineSXIE_TXSR   0x0020
+#defineSXIE_TXSR   0x0020  /* unused */
 #defineSXIE_TXIO0  0x0024
-#defineSXIE_TXIO1  0x0028
-#defineSXIE_TXTSVL00x002c
-#defineSXIE_TXTSVH00x0030
-#defineSXIE_TXTSVL10x0034
-#defineSXIE_TXTSVH10x0038
-#defineSXIE_RXCR   0x003c
+#defineSXIE_TXIO1  0x0028  /* unused */
+#defineSXIE_TXTSVL00x002c  /* unused */
+#defineSXIE_TXTSVH00x0030  /* unused */
+#defineSXIE_TXTSVL10x0034  /* unused */
+#defineSXIE_TXTSVH10x0038  /* unused */
+
+/* receive filter registers */
+#defineSXIE_RXFILTER_CTRL  0x003c
 #defineSXIE_RXHASH00x0040
 #defineSXIE_RXHASH10x0044
-#defineSXIE_RXSR   0x0048
-#defineSXIE_RXIO   0x004C
+
+/* dunno.. */
+#defineSXIE_RXSR   0x0048  /* unused */
+#defineSXIE_RXIO   0x004c
 #defineSXIE_RXFBC  0x0050
+
+/* module control registers */
 #defineSXIE_INTCR  0x0054
 #defineSXIE_INTSR  0x0058
-#defineSXIE_MACCR0 0x005C
-#defineSXIE_MACCR1 0x0060
-#defineSXIE_MACIPGT0x0064
-#defineSXIE_MACIPGR0x0068
-#defineSXIE_MACCLRT0x006C
-#defineSXIE_MACMFL 0x0070
-#defineSXIE_MACSUPP0x0074
-#defineSXIE_MACTEST0x0078
-#defineSXIE_MACMCFG0x007C
-#defineSXIE_MACMCMD0x0080
-#defineSXIE_MACMADR0x0084
-#defineSXIE_MACMWTD0x0088
-#defineSXIE_MACMRDD0x008C
-#defineSXIE_MACMIND0x0090
-#defineSXIE_MACSSRR0x0094
-#defineSXIE_MACA0  0x0098
-#defineSXIE_MACA1  0x009c
-#defineSXIE_MACA2  0x00a0
+
+/* ethernet MAC registers */
+#defineSXIE_MAC0   0x005c
+#defineSXIE_MAC1   0x0060
+#defineSXIE_MAC_IPGT   0x0064
+#defineSXIE_MAC_IPGR   0x0068
+#defineSXIE_MAC_CLRT   0x006c
+#defineSXIE_MAC_MAXF   0x0070
+#defineSXIE_MAC_SUPP   0x0074
+#defineSXIE_MAC_TEST   0x0078  /* unused */
+#defineSXIE_MAC_MCFG   0x007c
+#defineSXIE_MAC_MCMD   0x0080
+#defineSXIE_MAC_MADR   0x0084
+#defineSXIE_MAC_MWTD   0x0088
+#define

Re: amd64: EFI boot over network try to load kernel from hd0

[Patrick Wildt]

On Fri, Nov 24, 2017 at 04:48:08PM -0700, Andrew Hewus Fresh wrote:
> A version of this patch that applies cleanly lets me autoinstall
> OpenBSD on a FreeNAS under bhyve.
> So this seems useful and works for me.
> 
> Anyway, I wrote down notes of what I had to do.  I should probably try
> vmm on this hardware again, but time constraints and all that.
> 
> https://gist.github.com/afresh1/804fc0a315ee41e88a24f1aa5e2d3552

Updated diff, ok?

diff --git a/sys/arch/amd64/stand/efiboot/Makefile.common 
b/sys/arch/amd64/stand/efiboot/Makefile.common
index 6dc1cdebd4d..40f5cd2282d 100644
--- a/sys/arch/amd64/stand/efiboot/Makefile.common
+++ b/sys/arch/amd64/stand/efiboot/Makefile.common
@@ -24,7 +24,7 @@ AFLAGS+=  -pipe -fPIC
 
 .PATH: ${.CURDIR}/..
 SRCS+= self_reloc.c
-SRCS+= efiboot.c efidev.c
+SRCS+= efiboot.c efidev.c efipxe.c
 SRCS+= conf.c
 
 .PATH: ${S}/stand/boot
diff --git a/sys/arch/amd64/stand/efiboot/conf.c 
b/sys/arch/amd64/stand/efiboot/conf.c
index 9d825543ec0..befac5a4210 100644
--- a/sys/arch/amd64/stand/efiboot/conf.c
+++ b/sys/arch/amd64/stand/efiboot/conf.c
@@ -30,12 +30,14 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
 #include "disk.h"
 #include "efiboot.h"
 #include "efidev.h"
+#include "efipxe.h"
 
 const char version[] = "3.35";
 
@@ -50,7 +52,7 @@ void (*i386_probe1[])(void) = {
cninit, efi_memprobe
 };
 void (*i386_probe2[])(void) = {
-   efi_diskprobe, diskprobe
+   efi_pxeprobe, efi_diskprobe, diskprobe
 };
 
 struct i386_boot_probes probe_list[] = {
@@ -61,6 +63,8 @@ int nibprobes = nitems(probe_list);
 
 
 struct fs_ops file_system[] = {
+   { tftp_open,   tftp_close,   tftp_read,   tftp_write,   tftp_seek,
+ tftp_stat,   tftp_readdir   },
{ ufs_open,ufs_close,ufs_read,ufs_write,ufs_seek,
  ufs_stat,ufs_readdir},
{ cd9660_open, cd9660_close, cd9660_read, cd9660_write, cd9660_seek,
@@ -75,10 +79,8 @@ struct fs_ops file_system[] = {
 int nfsys = nitems(file_system);
 
 struct devsw   devsw[] = {
-   { "EFI", efistrategy, efiopen, eficlose, efiioctl },
-#if 0
{ "TFTP", tftpstrategy, tftpopen, tftpclose, tftpioctl },
-#endif
+   { "EFI", efistrategy, efiopen, eficlose, efiioctl },
 };
 int ndevs = nitems(devsw);
 
diff --git a/sys/arch/amd64/stand/efiboot/efiboot.c 
b/sys/arch/amd64/stand/efiboot/efiboot.c
index 90bd85576fd..4bbc6bdb5e5 100644
--- a/sys/arch/amd64/stand/efiboot/efiboot.c
+++ b/sys/arch/amd64/stand/efiboot/efiboot.c
@@ -52,9 +52,8 @@ static EFI_GUIDblkio_guid = BLOCK_IO_PROTOCOL;
 static EFI_GUID devp_guid = DEVICE_PATH_PROTOCOL;
 u_long  efi_loadaddr;
 
-static int  efi_device_path_depth(EFI_DEVICE_PATH *dp, int);
-static int  efi_device_path_ncmp(EFI_DEVICE_PATH *, EFI_DEVICE_PATH *,
-   int);
+int efi_device_path_depth(EFI_DEVICE_PATH *dp, int);
+int efi_device_path_ncmp(EFI_DEVICE_PATH *, EFI_DEVICE_PATH *, int);
 static void efi_heap_init(void);
 static void efi_memprobe_internal(void);
 static void efi_video_init(void);
@@ -101,6 +100,11 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
? 0x1e0 : 0x80;
efi_bootdp = dp0;
break;
+   } else if (DevicePathType(dp) == MESSAGING_DEVICE_PATH&&
+   DevicePathSubType(dp) == MSG_MAC_ADDR_DP) {
+   bios_bootdev = 0x0;
+   efi_bootdp = dp0;
+   break;
}
}
}
@@ -233,7 +237,7 @@ next:
  * Determine the number of nodes up to, but not including, the first
  * node of the specified type.
  */
-static int
+int
 efi_device_path_depth(EFI_DEVICE_PATH *dp, int dptype)
 {
int i;
@@ -246,7 +250,7 @@ efi_device_path_depth(EFI_DEVICE_PATH *dp, int dptype)
return (-1);
 }
 
-static int
+int
 efi_device_path_ncmp(EFI_DEVICE_PATH *dpa, EFI_DEVICE_PATH *dpb, int deptn)
 {
int  i, cmp;
diff --git a/sys/arch/amd64/stand/efiboot/efiboot.h 
b/sys/arch/amd64/stand/efiboot/efiboot.h
index 09ba95ebe9d..e1f726551f3 100644
--- a/sys/arch/amd64/stand/efiboot/efiboot.h
+++ b/sys/arch/amd64/stand/efiboot/efiboot.h
@@ -21,6 +21,7 @@ void   efi_cons_probe(struct consdev *);
 voidefi_memprobe(void);
 voidefi_hardprobe(void);
 voidefi_diskprobe(void);
+voidefi_pxeprobe(void);
 voidefi_cons_init(struct consdev *);
 int efi_cons_getc(dev_t);
 voidefi_cons_putc(dev_t, int);
diff --git a/sys/arch/amd64/stand/efiboot/eficall.h 
b/sys/arch/amd64/stand/efiboot/eficall.h
index 38b903efa20..f8cdd5c1228 100644
--- a/sys/arch/amd64/stand/efiboot/eficall.h
+++ b/sys/arch/amd64/stand/efiboot/eficall.h
@@ -44,10 +44,12 @@ extern uint64_t efi_call(int, void *, ...);
 efi_call(8, (_func), (_1), (_2), (_3), (_4), (_5), (_6),