DHCP options and dhcpleased?

2022-10-10 Thread Mogens Jensen 
Is it possible to use dhcp-options(5) with dhcpleased? I need to use
the DHCP option "dhcp-requested-address" with client requests. The
option works with dhclient, but I understand that this daemon will be
removed from base system in the future, so I prefer to use dhcpleased
but it seems I can't use other options than the ones documented in
dhcpleased.conf(5).

Best regards,
Mogens Jensen

Re: pf.conf / scrub resulting in invalid checksum

2022-10-10 Thread Alexandr Nedvedicky 
Hello,

On Mon, Oct 10, 2022 at 06:52:00AM +0200, Bjorn Ketelaars wrote:

> 
> (reply also send to tech@)
> 
> In 2011 henning@ removed fiddling with the ip checksum of normalised
> packets in sys/net/pf_norm.c (r1.131). Rationale was that the checksum
> is always recalculated in all output paths anyway. In 2016 procter@
> reintroduced checksum modification to preserve end-to-end checksums
> (r1.189 of sys/net/pf_norm.c). Although I'm not sure, it seems as if
> somewhere in that timeslot checksum recalculation of normalised packets
> was broken.
> 
> Issue got caught as net/mcast-proxy strictly adheres to RFC2236, which
> states that "When receiving packets, the checksum MUST be verified
> before processing a packet". After scrubbing a packet the checksum
> becomes invalid thus failing verification by net/mcast-proxy.
> 
> I found two workarounds:
> 1.) rip out checksum verification from net/mcast-proxy;
> 2.) don't scrub packets with, e.g., id-random and/or no-df set.
> 
> However, proposed solution is to fix this in pf. Diff below fixes the
> issue at hand.
> 
> Comments/OK?

diff reads good to me. change makes sense in my opinion.

OK sashan


> 
> 
> Index: sys/net/pf.c
> ===
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1140
> diff -u -p -r1.1140 pf.c
> --- sys/net/pf.c  3 Sep 2022 19:22:19 -   1.1140
> +++ sys/net/pf.c  10 Oct 2022 03:22:06 -
> @@ -164,7 +164,7 @@ void   pf_add_threshold(struct 
> pf_thres
>  int   pf_check_threshold(struct pf_threshold *);
>  int   pf_check_tcp_cksum(struct mbuf *, int, int,
>   sa_family_t);
> -static __inline void  pf_cksum_fixup(u_int16_t *, u_int16_t, u_int16_t,
> +__inline void pf_cksum_fixup(u_int16_t *, u_int16_t, 
> u_int16_t,
>   u_int8_t);
>  void  pf_cksum_fixup_a(u_int16_t *, const struct pf_addr *,
>   const struct pf_addr *, sa_family_t, u_int8_t);
> @@ -1937,7 +1937,7 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw
>   * Note: this serves also as a reduction step for at most one add (as the
>   * trailing mod 2^16 prevents further reductions by destroying carries).
>   */
> -static __inline void
> +__inline void
>  pf_cksum_fixup(u_int16_t *cksum, u_int16_t was, u_int16_t now,
>  u_int8_t proto)
>  {
> Index: sys/net/pf_norm.c
> ===
> RCS file: /cvs/src/sys/net/pf_norm.c,v
> retrieving revision 1.224
> diff -u -p -r1.224 pf_norm.c
> --- sys/net/pf_norm.c 22 Aug 2022 20:35:39 -  1.224
> +++ sys/net/pf_norm.c 10 Oct 2022 03:22:06 -
> @@ -1646,14 +1646,21 @@ pf_scrub(struct mbuf *m, u_int16_t flags
>  #ifdef INET6
>   struct ip6_hdr  *h6 = mtod(m, struct ip6_hdr *);
>  #endif   /* INET6 */
> + u_int16_told;
>  
>   /* Clear IP_DF if no-df was requested */
> - if (flags & PFSTATE_NODF && af == AF_INET && h->ip_off & htons(IP_DF))
> + if (flags & PFSTATE_NODF && af == AF_INET && h->ip_off & htons(IP_DF)) {
> + old = h->ip_off;
>   h->ip_off &= htons(~IP_DF);
> + pf_cksum_fixup(>ip_sum, old, h->ip_off, 0);
> + }
>  
>   /* Enforce a minimum ttl, may cause endless packet loops */
> - if (min_ttl && af == AF_INET && h->ip_ttl < min_ttl)
> + if (min_ttl && af == AF_INET && h->ip_ttl < min_ttl) {
> + old = h->ip_ttl;
>   h->ip_ttl = min_ttl;
> + pf_cksum_fixup(>ip_sum, old, h->ip_off, 0);
> + }
>  #ifdef INET6
>   if (min_ttl && af == AF_INET6 && h6->ip6_hlim < min_ttl)
>   h6->ip6_hlim = min_ttl;
> @@ -1661,8 +1668,11 @@ pf_scrub(struct mbuf *m, u_int16_t flags
>  
>   /* Enforce tos */
>   if (flags & PFSTATE_SETTOS) {
> - if (af == AF_INET)
> + if (af == AF_INET) {
> + old = *(u_int16_t *)h;
>   h->ip_tos = tos | (h->ip_tos & IPTOS_ECN_MASK);
> + pf_cksum_fixup(>ip_sum, old, *(u_int16_t *)h, 0);
> + }
>  #ifdef INET6
>   if (af == AF_INET6) {
>   /* drugs are unable to explain such idiocy */
> @@ -1674,6 +1684,9 @@ pf_scrub(struct mbuf *m, u_int16_t flags
>  
>   /* random-id, but not for fragments */
>   if (flags & PFSTATE_RANDOMID && af == AF_INET &&
> - !(h->ip_off & ~htons(IP_DF)))
> + !(h->ip_off & ~htons(IP_DF))) {
> + old = h->ip_id;
>   h->ip_id = htons(ip_randomid());
> + pf_cksum_fixup(>ip_sum, old, h->ip_id, 0);
> + }
>  }
> Index: sys/net/pfvar.h
> ===
> RCS file: /cvs/src/sys/net/pfvar.h,v
> retrieving revision 1.510
> diff -u -p -r1.510 pfvar.h
> --- sys/net/pfvar.h   3 Sep 2022 14:57:54 -

Re: Mention _XOPEN_SOURCE_EXTENDED in curs_addwstr.3

2022-10-10 Thread Jason McIntyre 
hi. just committed by nicm:

List: openbsd-cvs
Subject: CVS: cvs.openbsd.org: src
From: Nicholas Marriott 
Date: 2022-10-10 8:57:10
Message-ID: 4f7d42a92ccdbaf3 () cvs ! openbsd ! org
[Download RAW message or body]

CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2022/10/10 03:03:08

Modified files:
lib/libcurses : curses.h

Log message:
ncurses wide character functions should be available with _XOPEN_SOURCE of 500 
or greater and not require _XOPEN_SOURCE_EXTENDED. Bring in changes from 
upstream ncurses patches 20100403 and 20111030 to take this into account. 
Reported by Grigory Kirillov via jmc@.


On 10 September 2022 10:44:59 BST, Grigory Kirillov  wrote:
>On Fri, Sep 09, 2022 at 07:42:18PM +0200, Anders Andersson wrote:
>> On Wed, Sep 7, 2022 at 9:02 PM Grigory Kirillov  wrote:
>> >
>> > Recently one OpenBSD user of little project of mine got caught up in
>> > a problem - they couldn't compile it from source because wide character
>> > functions of the ncurses library weren't declared. After a long
>> > investigation I finally found out that these functions require
>> > _XOPEN_SOURCE_EXTENDED macro being defined. On my machine that wasn't
>> > a problem because on my Linux system ncurses header also checks for
>> > _XOPEN_SOURCE macro which value has to be greater than or equal to 500
>> > and I was already compiling it with this macro with a value of 700.
>> >
>> > My request here is to put up a `#define _XOPEN_SOURCE_EXTENDED` line to
>> > the OpenBSD man page for curs_addwstr.3 I think this will make it
>> > easier for other people to compile ncurses with wide character functions
>> > especially for someone who's trying to resolve issues for someone else
>> > while being on a different system...
>> >
>> > Also it would be cool if ncurses header provided in OpenBSD were
>> > checking value of the _XOPEN_SOURCE macro (because
>> > _XOPEN_SOURCE_EXTENDED is equal to _XOPEN_SOURCE with the value of 500
>> > or greater (according to my feature_test_macros(7) man page) and I also
>> > hope that this is a standard behavior).
>> 
>> From what I can see, this macro is obsolete, so it should probably not
>> be recommended in the man page:
>> 
>> "Use of _XOPEN_SOURCE_EXTENDED in new source code should be avoided.
>> Since defining _XOPEN_SOURCE with a value of 500 or more has the same
>> effect as defining _XOPEN_SOURCE_EXTENDED, the latter (obsolete)
>> feature test macro is generally not described in the SYNOPSIS in man
>> pages."
>> 
>
>Okay, then I hope someone kindly adds an ifdef with the _XOPEN_SOURCE
>macro to the wide character function declarations in ncurses header.
>I think it's also worth adding a note to the curs_addwstr.3 man page
>about the need to declare the corresponding macro. Thanks!
>