Re: tcpdump: revisiting some old diffs, cleanup unused functions
On Wed, Nov 07, 2018 at 07:06:09PM -0500, Bryan Steele wrote: > I'm revisiting some old tcpdump diffs, now that mestre@ has added proper > unveil(2) support! :-) > > Refresher: https://marc.info/?l=openbsd-tech=150535073209723=2 > > This hoists opening pf.os(5) fingerprints '-o' from the 'RUN' state to > the 'FILTER' state, this will allow for a reduced pledge(2) at runtime > in the (currently root) monitor process. This was a bit of copy & paste, sorry. This moves the opening of pf.os earlier and avoids the unveil later on. Of course, reducing the runtime pledge(2) promises will come later! :-) > > This still works as well as it already has. :-) > > ( ... ) [tcp sum ok] (src OS: OpenBSD 6.1) 3311509932:3311509932(0) win > 16384 > (DF) (ttl 64, id 41239, len 64) > > The only potential difference is that if /etc/pf.os is replaced at > runtime, tcpdump won't reopen it. > > I don't think that's a problem.. > > ok? > > -Bryan. Remove the now unused internal privsep "getline" code, which passed lines over a socket, replaced with explicit fdpassing of /etc/pf.os. This depends on the previous diff.. ok? -Bryan. Index: privsep.c === RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v retrieving revision 1.49 diff -u -p -u -r1.49 privsep.c --- privsep.c 28 Sep 2018 06:48:59 - 1.49 +++ privsep.c 8 Nov 2018 00:19:47 - @@ -77,8 +77,8 @@ static const int allowed_max[] = { ALLOW(PRIV_GETPROTOENTRIES) | ALLOW(PRIV_ETHER_NTOHOST) | ALLOW(PRIV_INIT_DONE), /* RUN */ ALLOW(PRIV_GETHOSTBYADDR) | ALLOW(PRIV_ETHER_NTOHOST) | - ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_GETLINES) | - ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS), + ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_LOCALTIME) | + ALLOW(PRIV_PCAP_STATS), /* EXIT */ 0 }; @@ -90,21 +90,10 @@ static int allowed_ext[] = { /* INIT */ ALLOW(PRIV_SETFILTER), /* BPF */ ALLOW(PRIV_SETFILTER), /* FILTER */ALLOW(PRIV_GETSERVENTRIES), - /* RUN */ ALLOW(PRIV_GETLINES) | ALLOW(PRIV_LOCALTIME) | - ALLOW(PRIV_PCAP_STATS), + /* RUN */ ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS), /* EXIT */ 0 }; -struct ftab { - char *name; - int max; - int count; -}; - -static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}}; - -#define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab)) - intdebug_level = LOG_INFO; intpriv_fd = -1; volatile pid_t child_pid = -1; @@ -123,7 +112,6 @@ static void impl_getrpcbynumber(int); static voidimpl_getserventries(int); static voidimpl_getprotoentries(int); static voidimpl_localtime(int fd); -static voidimpl_getlines(int); static voidimpl_pcap_stats(int, int *); static voidtest_state(int, int); @@ -345,10 +333,6 @@ priv_exec(int argc, char *argv[]) test_state(cmd, STATE_RUN); impl_localtime(sock); break; - case PRIV_GETLINES: - test_state(cmd, STATE_RUN); - impl_getlines(sock); - break; case PRIV_PCAP_STATS: test_state(cmd, STATE_RUN); impl_pcap_stats(sock, ); @@ -577,55 +561,6 @@ impl_localtime(int fd) } static void -impl_getlines(int fd) -{ - FILE *fp; - char *buf, *lbuf, *file; - size_t len, fid; - - logmsg(LOG_DEBUG, "[priv]: msg PRIV_GETLINES received"); - - must_read(fd, , sizeof(size_t)); - if (fid >= NUM_FILETAB) - errx(1, "invalid file id"); - - file = file_table[fid].name; - - if (file == NULL) - errx(1, "invalid file referenced"); - - if (file_table[fid].count >= file_table[fid].max) - errx(1, "maximum open count exceeded for %s", file); - - file_table[fid].count++; - - if ((fp = fopen(file, "r")) == NULL) { - write_zero(fd); - return; - } - - lbuf = NULL; - while ((buf = fgetln(fp, ))) { - if (buf[len - 1] == '\n') - buf[len - 1] = '\0'; - else { - if ((lbuf = malloc(len + 1)) == NULL) - err(1, NULL); - memcpy(lbuf, buf, len); - lbuf[len] = '\0'; - buf = lbuf; - } - - write_string(fd, buf); - - free(lbuf); - lbuf = NULL; - } - write_zero(fd); - fclose(fp); -} - -static void impl_pcap_stats(int fd, int *bpfd) { struct pcap_stat stats; @@ -786,17 +721,6 @@ priv_localtime(const time_t *t) return
Add C++ support for cscope in mg
Since cscope supports C++, would the team accept a patch that updates the fnmatch in do_cscope to recognize .cc, .cpp and .hpp files?
tcpdump: revisiting some old diffs, hoist opening of pf.os.
I'm revisiting some old tcpdump diffs, now that mestre@ has added proper unveil(2) support! :-) Refresher: https://marc.info/?l=openbsd-tech=150535073209723=2 This hoists opening pf.os(5) fingerprints '-o' from the 'RUN' state to the 'FILTER' state, this will allow for a reduced pledge(2) at runtime in the (currently root) monitor process. This still works as well as it already has. :-) ( ... ) [tcp sum ok] (src OS: OpenBSD 6.1) 3311509932:3311509932(0) win 16384 (DF) (ttl 64, id 41239, len 64) The only potential difference is that if /etc/pf.os is replaced at runtime, tcpdump won't reopen it. I don't think that's a problem.. ok? -Bryan. Index: pfctl_osfp.c === RCS file: /cvs/src/usr.sbin/tcpdump/pfctl_osfp.c,v retrieving revision 1.13 diff -u -p -u -r1.13 pfctl_osfp.c --- usr.sbin/tcpdump/pfctl_osfp.c 28 May 2017 10:06:12 - 1.13 +++ usr.sbin/tcpdump/pfctl_osfp.c 7 Nov 2018 23:52:48 - @@ -81,17 +81,14 @@ void print_name_list(int, struct name voidsort_name_list(int, struct name_list *); struct name_entry *lookup_name_list(struct name_list *, const char *); -/* XXX arbitrary */ -#define MAX_FP_LINE 1024 - /* Load fingerprints from a file */ int pfctl_file_fingerprints(int dev, int opts, const char *fp_filename) { - u_char buf[MAX_FP_LINE]; + FILE *in; u_char *line; size_t len; - int i, lineno = 0; + int i, fd, lineno = 0; int window, w_mod, ttl, df, psize, p_mod, mss, mss_mod, wscale, wscale_mod, optcnt, ts0; pf_tcpopts_t packed_tcpopts; @@ -99,15 +96,22 @@ pfctl_file_fingerprints(int dev, int opt struct pf_osfp_ioctl fp; pfctl_flush_my_fingerprints(); + + fd = priv_open_pfosfp(); + if (fd < 0) + return (1); + + if ((in = fdopen(fd, "r")) == NULL) { + warn("%s", fp_filename); + return (1); + } + class = version = subtype = desc = tcpopts = NULL; if ((opts & PF_OPT_NOACTION) == 0) pfctl_clear_fingerprints(dev, opts); - priv_getlines(FTAB_PFOSFP); - while ((len = priv_getline(buf, sizeof(buf))) > 0) { - buf[len -1] = '\n'; - line = buf; + while ((line = fgetln(in, )) != NULL) { lineno++; free(class); free(version); Index: privsep.c === RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v retrieving revision 1.49 diff -u -p -u -r1.49 privsep.c --- usr.sbin/tcpdump/privsep.c 28 Sep 2018 06:48:59 - 1.49 +++ usr.sbin/tcpdump/privsep.c 7 Nov 2018 23:52:48 - @@ -73,7 +73,8 @@ static const int allowed_max[] = { /* INIT */ ALLOW(PRIV_OPEN_BPF) | ALLOW(PRIV_OPEN_DUMP) | ALLOW(PRIV_SETFILTER), /* BPF */ ALLOW(PRIV_SETFILTER), - /* FILTER */ALLOW(PRIV_OPEN_OUTPUT) | ALLOW(PRIV_GETSERVENTRIES) | + /* FILTER */ALLOW(PRIV_OPEN_PFOSFP) | ALLOW(PRIV_OPEN_OUTPUT) | + ALLOW(PRIV_GETSERVENTRIES) | ALLOW(PRIV_GETPROTOENTRIES) | ALLOW(PRIV_ETHER_NTOHOST) | ALLOW(PRIV_INIT_DONE), /* RUN */ ALLOW(PRIV_GETHOSTBYADDR) | ALLOW(PRIV_ETHER_NTOHOST) | @@ -114,6 +115,7 @@ extern void set_slave_signals(void); static voidimpl_open_bpf(int, int *); static voidimpl_open_dump(int, const char *); +static voidimpl_open_pfosfp(int); static voidimpl_open_output(int, const char *); static voidimpl_setfilter(int, char *, int *); static voidimpl_init_done(int, int *); @@ -277,6 +279,8 @@ priv_exec(int argc, char *argv[]) allowed_ext[STATE_RUN] |= ALLOW(PRIV_GETRPCBYNUMBER); allowed_ext[STATE_FILTER] |= ALLOW(PRIV_GETPROTOENTRIES); } + if (oflag) + allowed_ext[STATE_FILTER] |= ALLOW(PRIV_OPEN_PFOSFP); if (infile) cmdbuf = read_infile(infile); @@ -297,6 +301,10 @@ priv_exec(int argc, char *argv[]) test_state(cmd, STATE_BPF); impl_open_dump(sock, RFileName); break; + case PRIV_OPEN_PFOSFP: + test_state(cmd, STATE_FILTER); + impl_open_pfosfp(sock); + break; case PRIV_OPEN_OUTPUT: test_state(cmd, STATE_RUN); impl_open_output(sock, WFileName); @@ -309,10 +317,6 @@ priv_exec(int argc, char *argv[]) test_state(cmd, STATE_RUN); impl_init_done(sock, ); - if (oflag) { - if (unveil("/etc/pf.os", "r") == -1) - err(1,
Re: Add new PCI product IDs
Ping On Thu, Oct 25, 2018 at 2:46 PM Peter Ezetta wrote: > Hello, > > Diff below adds product IDs for the Nvidia Quadro M1200 Mobile graphics > card and the Intel Xeon E3-1200 v6 7th gen Host Bridge (for mobile). > > Index: pcidevs > === > RCS file: /cvs/src/sys/dev/pci/pcidevs,v > retrieving revision 1.1863 > diff -u -p -r1.1863 pcidevs > --- pcidevs 22 Oct 2018 05:06:32 - 1.1863 > +++ pcidevs 25 Oct 2018 21:36:12 - > @@ -4718,6 +4718,7 @@ product INTEL CORE7G_U_HB 0x5904 Core 7G > product INTEL CORE7G_U_GT1 0x5906 HD Graphics 610 > product INTEL CORE7G_Y_HB 0x590c Core 7G Host > product INTEL CORE7G_Y_GT1 0x590e HD Graphics > +product INTEL XEONE3_1200V6M_HB0x5910 Xeon E3-1200 v6/7 Host > product INTEL CORE_GMM_2 0x5911 Core GMM > product INTEL CORE7G_S_GT2 0x5912 HD Graphics 630 > product INTEL CORE8G_U_HB 0x5914 Core 8G Host > @@ -6529,6 +6530,7 @@ product NVIDIA GEFORCE940MX 0x134d GeFor > product NVIDIA GEFORCEGTX750TI 0x1380 GeForce GTX 750 Ti > product NVIDIA GEFORCEGTX750 0x1381 GeForce GTX 750 > product NVIDIA GEFORCEGTX745 0x1382 GeForce GTX 745 > +product NVIDIA QUADROM1200 0x13b6 Quadro M1200 > > /* Oak Technologies products */ > product OAKTECH OTI10070x0107 OTI107 >
Re: unveil tcpdrop
On Wed, Nov 07, 2018 at 01:02:28PM +, Ricardo Mestre wrote: > Hi, > > tcpdrop(8) needs to access only two files, in this case /etc/hosts and > /etc/resolv.conf both with read permissions for the purpose of name > resolution. > ethers(5) is not needed since we are not using any of the ether_*(3) family. > > Since unistd.h needs to be included I also shuffled netdb.h into the right > place. > > Comments? OK? OK bluhm@ > Index: tcpdrop.c > === > RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v > retrieving revision 1.17 > diff -u -p -u -r1.17 tcpdrop.c > --- tcpdrop.c 16 Jan 2015 06:40:21 - 1.17 > +++ tcpdrop.c 6 Nov 2018 10:48:10 - > @@ -27,10 +27,11 @@ > #include > > #include > +#include > #include > #include > #include > -#include > +#include > > __dead void usage(void); > > @@ -61,6 +62,13 @@ main(int argc, char **argv) > char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2; > struct tcp_ident_mapping tir; > int gaierr, rval = 0; > + > + if (unveil("/etc/hosts", "r") == -1) > + err(1, "unveil"); > + if (unveil("/etc/resolv.conf", "r") == -1) > + err(1, "unveil"); > + if (unveil(NULL, NULL) == -1) > + err(1, "unveil"); > > memset(, 0, sizeof(hints)); > hints.ai_family = AF_UNSPEC;
Re: switchd(8): change default listen port to the standardized OpenFlow port
On Wed, Nov 07, 2018 at 10:52:59AM +0100, Klemens Nanni wrote: > On Tue, Nov 06, 2018 at 11:01:37PM -0800, Ayaka Koshibe wrote: > > Currently, switchd(8) defaults to listening on port 6633, which was > > the defacto port value used by OpenFlow. A decent chunk of OpenFlow > > controllers have switched over to the IANA standardized OpenFlow port, > > 6653. While testing the change, I noticed that switchd(8) will listen on > > random ports if one isn't specified in switchd.conf(5), e.g: > That seems reasonable. > > > listen on 127.0.0.1 > > > > The following consolidates the #defines for port values, and also sets a > > default listen port when it isn't specified in switchd.conf(5). > Diff reads fine but can you please mention the default settings in > switchd.conf(5) accordingly? Sure thing, I hope that 'global configurations' is the right section: Index: parse.y === RCS file: /cvs/src/usr.sbin/switchd/parse.y,v retrieving revision 1.12 diff -u -p -u -r1.12 parse.y --- parse.y 1 Nov 2018 00:18:44 - 1.12 +++ parse.y 7 Nov 2018 16:52:24 - @@ -146,6 +146,8 @@ listen : LISTEN ON STRING opttls port { YYERROR; } free($3); + ((struct sockaddr_in *)>sc_server.srv_addr) + ->sin_port = htons(SWITCHD_CTLR_PORT); } ; @@ -627,7 +629,7 @@ parse_config(const char *filename, struc conf = sc; - /* Set the default 0.0.0.0 6633/tcp */ + /* Set the default 0.0.0.0 6653/tcp */ memset(>sc_server.srv_addr, 0, sizeof(conf->sc_server.srv_addr)); sin4 = (struct sockaddr_in *)>sc_server.srv_addr; sin4->sin_family = AF_INET; Index: switchd.conf.5 === RCS file: /cvs/src/usr.sbin/switchd/switchd.conf.5,v retrieving revision 1.8 diff -u -p -u -r1.8 switchd.conf.5 --- switchd.conf.5 30 Oct 2018 07:25:57 - 1.8 +++ switchd.conf.5 7 Nov 2018 16:52:24 - @@ -81,6 +81,7 @@ OpenFlow switches. Secure connections can be enabled with the optional .Ic tls keyword. +The default listen port is 6653. .\".It Ic device on Ar device-name Oo Ic forward to Ar uri Oc .\"Attach to a .\".Xr switch 4 Index: types.h === RCS file: /cvs/src/usr.sbin/switchd/types.h,v retrieving revision 1.10 diff -u -p -u -r1.10 types.h --- types.h 18 Nov 2016 16:49:35 - 1.10 +++ types.h 7 Nov 2018 16:52:24 - @@ -37,8 +37,7 @@ #define SWITCHD_MAX_TAP256 #define SWITCHD_MAX_SESSIONS 0x -#define SWITCHD_CTLR_PORT 6633/* Previously used by OpenFlow */ -#define SWITCHD_CTLR_IANA_PORT 6653/* Assigned by IANA for OpenFlow */ +#define SWITCHD_CTLR_PORT 6653/* Assigned by IANA for OpenFlow */ #define SWITCHD_CACHE_MAX 4096/* Default MAC address cache limit */ #define SWITCHD_CACHE_TIMEOUT 240 /* t/o in seconds for learned MACs */
Re: [PATCH] Fix broken bus voltage setting in sdhc
> From: Ben Pye > Content-Type: text/plain; charset="utf-8" > > I have been attempting to run OpenBSD on my HP Chromebook 13, it's a > Skylake device with eMMC storage. Previously sdhc attempted to set the > same bus voltage multiple times, and after the first, successful, > attempt it would break resulting in all later commands timing out. This > patch changes sdhc such that it only sets the voltage if the request is > for a different level, this is the behaviour FreeBSD has. That makes sense. We'll need to test this on more hardware. And maybe we need to reset hp->vdd in some places (suspend/resume, resets). Cheers, Mark > Index: sys/dev/sdmmc/sdhc.c > === > RCS file: /cvs/src/sys/dev/sdmmc/sdhc.c,v > retrieving revision 1.61 > diff -u -p -u -p -r1.61 sdhc.c > --- sys/dev/sdmmc/sdhc.c 6 Sep 2018 10:15:17 - 1.61 > +++ sys/dev/sdmmc/sdhc.c 7 Nov 2018 15:36:10 - > @@ -53,6 +53,7 @@ struct sdhc_host { > u_int8_t regs[14]; /* host controller state */ > u_int16_t intr_status; /* soft interrupt status */ > u_int16_t intr_error_status;/* soft error status */ > + u_int8_t vdd; /* current vdd */ > > bus_dmamap_t adma_map; > bus_dma_segment_t adma_segs[1]; > @@ -420,6 +421,8 @@ sdhc_host_reset(sdmmc_chipset_handle_t s > > s = splsdmmc(); > > + hp->vdd = 0; > + > /* Disable all interrupts. */ > HWRITE2(hp, SDHC_NINTR_SIGNAL_EN, 0); > > @@ -491,6 +494,16 @@ sdhc_bus_power(sdmmc_chipset_handle_t sc > int s; > > s = splsdmmc(); > + > + /* > + * If the requested vdd is the same as current vdd return. > + */ > + if (hp->vdd == ocr) { > + splx(s); > + return 0; > + } > + > + hp->vdd = ocr; > > /* >* Disable bus power before voltage change. > >
[PATCH] Fix broken bus voltage setting in sdhc
I have been attempting to run OpenBSD on my HP Chromebook 13, it's a Skylake device with eMMC storage. Previously sdhc attempted to set the same bus voltage multiple times, and after the first, successful, attempt it would break resulting in all later commands timing out. This patch changes sdhc such that it only sets the voltage if the request is for a different level, this is the behaviour FreeBSD has. Ben. Index: sys/dev/sdmmc/sdhc.c === RCS file: /cvs/src/sys/dev/sdmmc/sdhc.c,v retrieving revision 1.61 diff -u -p -u -p -r1.61 sdhc.c --- sys/dev/sdmmc/sdhc.c6 Sep 2018 10:15:17 - 1.61 +++ sys/dev/sdmmc/sdhc.c7 Nov 2018 15:36:10 - @@ -53,6 +53,7 @@ struct sdhc_host { u_int8_t regs[14]; /* host controller state */ u_int16_t intr_status; /* soft interrupt status */ u_int16_t intr_error_status;/* soft error status */ + u_int8_t vdd; /* current vdd */ bus_dmamap_t adma_map; bus_dma_segment_t adma_segs[1]; @@ -420,6 +421,8 @@ sdhc_host_reset(sdmmc_chipset_handle_t s s = splsdmmc(); + hp->vdd = 0; + /* Disable all interrupts. */ HWRITE2(hp, SDHC_NINTR_SIGNAL_EN, 0); @@ -491,6 +494,16 @@ sdhc_bus_power(sdmmc_chipset_handle_t sc int s; s = splsdmmc(); + + /* +* If the requested vdd is the same as current vdd return. +*/ + if (hp->vdd == ocr) { + splx(s); + return 0; + } + + hp->vdd = ocr; /* * Disable bus power before voltage change.
unveil hotplugd
Hi, hotplugd(8) needs to open(2) `device' with read permissions, /dev/hotplug by default but can be changed via arguments. Then it needs read/execute on both _PATH_ETC_HOTPLUG_{ATTACH,DETACH} to access(2) and execl(3) them. Tested successfully attaching/dettaching (mount/umount) an USB pen. Comments? OK? Index: hotplugd.c === RCS file: /cvs/src/usr.sbin/hotplugd/hotplugd.c,v retrieving revision 1.14 diff -u -p -u -r1.14 hotplugd.c --- hotplugd.c 31 Jul 2016 20:13:12 - 1.14 +++ hotplugd.c 7 Nov 2018 15:31:19 - @@ -61,9 +61,6 @@ main(int argc, char *argv[]) struct sigaction sact; struct hotplug_event he; - if (pledge("stdio rpath proc exec", NULL) == -1) - err(1, "pledge"); - while ((ch = getopt(argc, argv, "d:")) != -1) switch (ch) { case 'd': @@ -79,6 +76,15 @@ main(int argc, char *argv[]) argv += optind; if (argc > 0) usage(); + + if (unveil(device, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_ETC_HOTPLUG_ATTACH, "rx") == -1) + err(1, "unveil"); + if (unveil(_PATH_ETC_HOTPLUG_DETACH, "rx") == -1) + err(1, "unveil"); + if (pledge("stdio rpath proc exec", NULL) == -1) + err(1, "pledge"); if ((devfd = open(device, O_RDONLY | O_CLOEXEC)) == -1) err(1, "%s", device);
installboot: explicit free() in bootstrap()
Hello, On hppa and landisk, bootstrap() is called from md_installboot(). md_installboot() is the last action before returning from main(), but bootstrap() can explicitly free the buffer it calloc'd (boot). I don't have access to hppa or landisk. Is someone able to check that this doesn't break anything? - Michael Index: bootstrap.c === RCS file: /cvs/src/usr.sbin/installboot/bootstrap.c,v retrieving revision 1.10 diff -u -p -u -r1.10 bootstrap.c --- bootstrap.c 1 Sep 2018 16:55:29 - 1.10 +++ bootstrap.c 7 Nov 2018 15:15:31 - @@ -124,7 +124,9 @@ bootstrap(int devfd, char *dev, char *bo fprintf(stderr, "%s bootstrap to disk\n", (nowrite ? "would write" : "writing")); if (nowrite) - return; + goto done; if (pwrite(devfd, boot, bootsize, 0) != (ssize_t)bootsize) err(1, "pwrite"); +done: + free(boot); }
Re: tcsh -- build without sbrk
(dropping ports@) > On Nov 5, 2018, at 9:22 AM, Marc Espie wrote: > >> On Mon, Nov 05, 2018 at 09:15:28AM -0500, Daniel Dickman wrote: >> gcc uses them for precompiled headers (PCH) which is a local diff added >> by kurt@ in 2009. its likely nothing in base uses PCH but i don't know >> what in ports needs this: > > This has always been a mess. I suspect it's not really important these days > because pch only make sense for large C++ codebases, which are definitely > not going to be happy with the gcc from base anyway. > > There is also some snippet using sbrk to avoid malloc in gmon.c. > > That might be more of an issue... i did not run into anything else when i compiled base gcc on an i386 system with a modified libc. looked to me like just the pch functionality, although we’d need to test every platform to be certain, i guess. > >> [3]https://github.com/openbsd/src/commit/cfee5d1 >> >> choices there would be to disable PCH support or maybe there's a >> different way to reimplement without brk/sbrk. > >> clang looks like they have a HAVE_SBRK ifdef or something like that. so >> usage can likely be turned off but i don't know this codebase that well >> so that's just an assumption. > > Yep, I'll have to look. let me know if you want me to test any llvm diffs on my system.
Re: Add extra ':' when base64 encoding
On Wed, Nov 07, 2018 at 02:52:45PM +0100, Martijn van Duren wrote: > Taken from my other ldap diff, but could easily be committed separately. > From RFC2849: > value-spec = ":" (FILL 0*1(SAFE-STRING) / > ":" FILL (BASE64-STRING) / > "<" FILL url) >; See notes 7 and 8, below > > OK? Sure. OK claudio@ > martijn@ > > Index: ldapclient.c > === > RCS file: /cvs/src/usr.bin/ldap/ldapclient.c,v > retrieving revision 1.8 > diff -u -p -r1.8 ldapclient.c > --- ldapclient.c 6 Nov 2018 20:38:42 - 1.8 > +++ ldapclient.c 7 Nov 2018 13:51:48 - > @@ -435,7 +435,7 @@ ldapc_printattr(struct ldapc *ldap, cons > } > > /* Base64 is indicated with a double-colon */ > - if (asprintf(, "%s: %s", key, out) == -1) { > + if (asprintf(, "%s:: %s", key, out) == -1) { > log_warnx("asprintf"); > free(out); > return (-1); > -- :wq Claudio
Add extra ':' when base64 encoding
Taken from my other ldap diff, but could easily be committed separately. >From RFC2849: value-spec = ":" (FILL 0*1(SAFE-STRING) / ":" FILL (BASE64-STRING) / "<" FILL url) ; See notes 7 and 8, below OK? martijn@ Index: ldapclient.c === RCS file: /cvs/src/usr.bin/ldap/ldapclient.c,v retrieving revision 1.8 diff -u -p -r1.8 ldapclient.c --- ldapclient.c6 Nov 2018 20:38:42 - 1.8 +++ ldapclient.c7 Nov 2018 13:51:48 - @@ -435,7 +435,7 @@ ldapc_printattr(struct ldapc *ldap, cons } /* Base64 is indicated with a double-colon */ - if (asprintf(, "%s: %s", key, out) == -1) { + if (asprintf(, "%s:: %s", key, out) == -1) { log_warnx("asprintf"); free(out); return (-1);
unveil tcpdrop
Hi, tcpdrop(8) needs to access only two files, in this case /etc/hosts and /etc/resolv.conf both with read permissions for the purpose of name resolution. ethers(5) is not needed since we are not using any of the ether_*(3) family. Since unistd.h needs to be included I also shuffled netdb.h into the right place. Comments? OK? Index: tcpdrop.c === RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v retrieving revision 1.17 diff -u -p -u -r1.17 tcpdrop.c --- tcpdrop.c 16 Jan 2015 06:40:21 - 1.17 +++ tcpdrop.c 6 Nov 2018 10:48:10 - @@ -27,10 +27,11 @@ #include #include +#include #include #include #include -#include +#include __dead void usage(void); @@ -61,6 +62,13 @@ main(int argc, char **argv) char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2; struct tcp_ident_mapping tir; int gaierr, rval = 0; + + if (unveil("/etc/hosts", "r") == -1) + err(1, "unveil"); + if (unveil("/etc/resolv.conf", "r") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); memset(, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC;
unveil chpass
Hi, chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it. If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above. Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8). In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards. Tested all paths successfully with a test account. Comments? OK? Index: chpass.c === RCS file: /cvs/src/usr.bin/chpass/chpass.c,v retrieving revision 1.44 diff -u -p -u -r1.44 chpass.c --- chpass.c8 Dec 2017 17:04:15 - 1.44 +++ chpass.c7 Nov 2018 12:50:07 - @@ -136,7 +136,13 @@ main(int argc, char *argv[]) pw_error(tempname, 1, 1); display(tempname, dfd, pw); - if (pledge("stdio rpath wpath cpath id proc exec", + if (unveil(_PATH_BSHELL, "x") == -1) + err(1, "unveil"); + if (unveil(_PATH_SHELLS, "r") == -1) + err(1, "unveil"); + if (unveil(tempname, "rc") == -1) + err(1, "unveil"); + if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -158,7 +164,9 @@ main(int argc, char *argv[]) } if (op == NEWSH) { - if (pledge("stdio rpath wpath cpath id proc exec", + if (unveil(_PATH_SHELLS, "r") == -1) + err(1, "unveil"); + if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -175,6 +183,12 @@ main(int argc, char *argv[]) sigdelset(, SIGINT); sigprocmask(SIG_BLOCK, , NULL); + if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1) + err(1, "unveil"); + if (unveil(_PATH_MASTERPASSWD, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_PWD_MKDB, "x") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) err(1, "pledge");
Re: switchd(8): change default listen port to the standardized OpenFlow port
On Tue, Nov 06, 2018 at 11:01:37PM -0800, Ayaka Koshibe wrote: > Hi all, > > Currently, switchd(8) defaults to listening on port 6633, which was > the defacto port value used by OpenFlow. A decent chunk of OpenFlow > controllers have switched over to the IANA standardized OpenFlow port, > 6653. While testing the change, I noticed that switchd(8) will listen on > random ports if one isn't specified in switchd.conf(5), e.g: > > listen on 127.0.0.1 > > The following consolidates the #defines for port values, and also sets a > default listen port when it isn't specified in switchd.conf(5). > > Comments/OKs? > OK claudio@ > Thanks, > Ayaka > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/switchd/parse.y,v > retrieving revision 1.12 > diff -u -p -u -r1.12 parse.y > --- parse.y 1 Nov 2018 00:18:44 - 1.12 > +++ parse.y 7 Nov 2018 06:35:03 - > @@ -146,6 +146,8 @@ listen: LISTEN ON STRING opttls port { > YYERROR; > } > free($3); > + ((struct sockaddr_in *)>sc_server.srv_addr) > + ->sin_port = htons(SWITCHD_CTLR_PORT); > } > ; > > @@ -627,7 +629,7 @@ parse_config(const char *filename, struc > > conf = sc; > > - /* Set the default 0.0.0.0 6633/tcp */ > + /* Set the default 0.0.0.0 6653/tcp */ > memset(>sc_server.srv_addr, 0, sizeof(conf->sc_server.srv_addr)); > sin4 = (struct sockaddr_in *)>sc_server.srv_addr; > sin4->sin_family = AF_INET; > Index: types.h > === > RCS file: /cvs/src/usr.sbin/switchd/types.h,v > retrieving revision 1.10 > diff -u -p -u -r1.10 types.h > --- types.h 18 Nov 2016 16:49:35 - 1.10 > +++ types.h 7 Nov 2018 06:35:03 - > @@ -37,8 +37,7 @@ > #define SWITCHD_MAX_TAP 256 > #define SWITCHD_MAX_SESSIONS 0x > > -#define SWITCHD_CTLR_PORT6633/* Previously used by OpenFlow */ > -#define SWITCHD_CTLR_IANA_PORT 6653/* Assigned by IANA for > OpenFlow */ > +#define SWITCHD_CTLR_PORT6653/* Assigned by IANA for OpenFlow */ > > #define SWITCHD_CACHE_MAX4096/* Default MAC address cache limit */ > #define SWITCHD_CACHE_TIMEOUT240 /* t/o in seconds for learned > MACs */ > -- :wq Claudio
Re: switchd(8): change default listen port to the standardized OpenFlow port
On Tue, Nov 06, 2018 at 11:01:37PM -0800, Ayaka Koshibe wrote: > Currently, switchd(8) defaults to listening on port 6633, which was > the defacto port value used by OpenFlow. A decent chunk of OpenFlow > controllers have switched over to the IANA standardized OpenFlow port, > 6653. While testing the change, I noticed that switchd(8) will listen on > random ports if one isn't specified in switchd.conf(5), e.g: That seems reasonable. > listen on 127.0.0.1 > > The following consolidates the #defines for port values, and also sets a > default listen port when it isn't specified in switchd.conf(5). Diff reads fine but can you please mention the default settings in switchd.conf(5) accordingly?