SSHFP with EDNS0/DNSSEC

Hi, earlier this year, jca@ worked on support for DNSSEC and the EDNS0 extension [1] and committed this work at [2] (thanks!). I tried this with SSHFP records to check authenticity of hosts with DNSSEC; but ssh reported that the hostkey fingerprints were insecure. I am using this

Re: first stab at RFC 7217: random but stable link local addresses

On Tue, Jul 11, 2017 at 11:48:47AM +, Florian Obser wrote: > On Tue, Jul 11, 2017 at 11:08:23AM +0100, Stuart Henderson wrote: > > On 2017/07/11 07:45, Florian Obser wrote: > > > The way I want to move forward with this is: > > > > > > 1) generate a random key at boot if it's not present yet

Re: remove CPU_LIDSUSPEND/machdep.lidsuspend

Martin Natano wrote: > Go ahead replacing machdep.lidsuspend with cpu.lidaction. OpenBSD 6.1 > contains both MIBs, so there is a clear path for migration. i have updated my sysctl.conf. fire away!

remove CPU_LIDSUSPEND/machdep.lidsuspend

Go ahead replacing machdep.lidsuspend with cpu.lidaction. OpenBSD 6.1 contains both MIBs, so there is a clear path for migration. ok? natano Index: arch/amd64/amd64/machdep.c === RCS file: /cvs/src/sys/arch/amd64/amd64/machdep.c,v

Re: rtadvd: use log_warnx when errno is not set

Florian Obser(flor...@openbsd.org) on 2017.07.11 19:30:37 +: > > OK? yes > diff --git if.c if.c > index 95f83d8e822..cc878bd5916 100644 > --- if.c > +++ if.c > @@ -435,7 +435,7 @@ parse_iflist(struct if_msghdr ***ifmlist_p, char *buf, > size_t bufsize) > lim = buf + bufsize; >

Re: rtadvd: use fatalx like normal people

ok with one question. Florian Obser(flor...@openbsd.org) on 2017.07.11 19:29:44 +: > replace > log_warnx("foo"): > exit(1); > with >fatalx("foo): > > OK? > > diff --git config.c config.c > index 85d14efedca..e6f48fffec7 100644 > --- config.c > +++ config.c > @@ -85,9 +85,8 @@

Re: rtadvd: don't clobber errno

ok Florian Obser(flor...@openbsd.org) on 2017.07.11 19:25:58 +: > ... we want to log_warn what went wrong. > OK? > > diff --git if.c if.c > index 4683bcffac9..c4a4fea1984 100644 > --- if.c > +++ if.c > @@ -111,7 +111,7 @@ if_nametosdl(char *name) > int > if_getmtu(char *name) > { > -

Potential DoS attack on PF due to infinite loop

Recently we discovered a potential bug in pf_lb.c. It is in the latest code that we retrieved from here: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_lb.c?annotate=1.60 The problem is at line 224. When a LB rule is configured to have 65535 as the high port, and uint16 variable tmp

Re: relayd ipv6 ttl check_icmp / check_tcp

commited, thanks! On Mon, Jul 10, 2017 at 06:18:03PM +0300, Kapetanakis Giannis wrote: > On 10/07/17 17:22, Jeremie Courreges-Anglas wrote: > > Using -1 for IPV6_UNICAST_HOPS is correct. > > > > Note that you can also use -1 for IP_TTL on OpenBSD, sadly some systems > > out there don't support

Re: rtadvd: format strings for fatal{x,}

Florian Obser(flor...@openbsd.org) on 2017.07.11 19:27:54 +: > from bgpd. > > OK? ok > benno, is this the right way to do it? I kinda lost track on your > log merging efforts... yes thats ok. I neglected rtadvd a bit. > diff --git log.c log.c > index 357ef35b79c..08afcebcac0 100644 > ---

Re: Remove accents from fortunes

On Tue, 11 Jul 2017 19:47:41 +0200, Ingo Schwarze wrote: > So here is a patch that makes putting UTF-8 characters into > fortune/datfiles safe. OK millert@ - todd

rtadvd: use log_warnx when errno is not set

OK? diff --git if.c if.c index 95f83d8e822..cc878bd5916 100644 --- if.c +++ if.c @@ -435,7 +435,7 @@ parse_iflist(struct if_msghdr ***ifmlist_p, char *buf, size_t bufsize) lim = buf + bufsize; for (ifm = (struct if_msghdr *)buf; ifm < (struct if_msghdr *)lim;) {

rtadvd: use fatalx like normal people

replace log_warnx("foo"): exit(1); with fatalx("foo): OK? diff --git config.c config.c index 85d14efedca..e6f48fffec7 100644 --- config.c +++ config.c @@ -85,9 +85,8 @@ getconfig(char *intface) do { \ int64_t

rtadvd: format strings for fatal{x,}

from bgpd. OK? benno, is this the right way to do it? I kinda lost track on your log merging efforts... diff --git log.c log.c index 357ef35b79c..08afcebcac0 100644 --- log.c +++ log.c @@ -135,26 +135,44 @@ log_debug(const char *emsg, ...) } } -void -fatal(const char *emsg) +static

rtadvd: don't clobber errno

... we want to log_warn what went wrong. OK? diff --git if.c if.c index 4683bcffac9..c4a4fea1984 100644 --- if.c +++ if.c @@ -111,7 +111,7 @@ if_nametosdl(char *name) int if_getmtu(char *name) { - int s; + int s, save_errno; struct ifreqifr;

Re: Remove accents from fortunes

Ingo Schwarze wrote: > Hi, > > Ted Unangst wrote on Tue, Jul 11, 2017 at 09:41:36AM -0400: > > > and it always sucks to lose information if somebody went to the > > trouble of recording the necessary accents already. > > So here is a patch that makes putting UTF-8 characters into >

Re: Remove accents from fortunes

Hi, Ted Unangst wrote on Tue, Jul 11, 2017 at 09:41:36AM -0400: > and it always sucks to lose information if somebody went to the > trouble of recording the necessary accents already. So here is a patch that makes putting UTF-8 characters into fortune/datfiles safe. Of course, we cannot

Re: first stab at RFC 7217: random but stable link local addresses

On Tue, Jul 11, 2017 at 03:12:58PM -, Christian Weisgerber wrote: > On 2017-07-11, Florian Obser wrote: > > > + SHA512Final(digest, ); > > + > > + /* assumes sizeof(digest) > sizeof(ifid) */ > > + bcopy(digest, >s6_addr[8], 8); > > ... and we're finished here.

Re: Remove accents from fortunes

On 2017/07/11 17:13, Ingo Schwarze wrote: > Hi Stuart, > > Stuart Henderson wrote on Tue, Jul 11, 2017 at 03:52:26PM +0100: > > On 2017/07/11 16:19, Ingo Schwarze wrote: > > >> This decade feels like a strange point in time for degrading fortune > >> and calendar files by replacing UTF-8

Re: first stab at RFC 7217: random but stable link local addresses

On 2017-07-11, Florian Obser wrote: > + SHA512Final(digest, ); > + > + /* assumes sizeof(digest) > sizeof(ifid) */ > + bcopy(digest, >s6_addr[8], 8); ... and we're finished here. > + /* make sure to set "u" bit to local, and "g" bit to individual. */ > +

Re: Remove accents from fortunes

Hi Stuart, Stuart Henderson wrote on Tue, Jul 11, 2017 at 03:52:26PM +0100: > On 2017/07/11 16:19, Ingo Schwarze wrote: >> This decade feels like a strange point in time for degrading fortune >> and calendar files by replacing UTF-8 characters with ASCII >> transcriptions. Maybe such games

Re: Remove accents from fortunes

On 2017/07/11 16:19, Ingo Schwarze wrote: > This decade feels like a strange point in time for degrading fortune > and calendar files by replacing UTF-8 characters with ASCII > transcriptions. Maybe such games should call > > setlocale(LC_CTYPE, ""); > char *loc = nl_langinfo(CODESET); > >

remove prefix list and default router related sysctls

as pointed out by mpi, the kernel no longer tracks this information. OK? diff --git sys/netinet/icmp6.h sys/netinet/icmp6.h index bfa5a196c70..bf8524c2da1 100644 --- sys/netinet/icmp6.h +++ sys/netinet/icmp6.h @@ -513,9 +513,7 @@ struct icmp6stat { #define ICMPV6CTL_MTUDISC_HIWAT16

Re: Remove accents from fortunes

Hi, Anthony J. Bentley wrote on Tue, Jul 11, 2017 at 02:58:08AM -0600: > "Ted Unangst" writes: >> do we want to delete them? or replace them with proper utf-8 sequences? > I wouldn't mind doing that. But fortune(6) will happily print UTF-8 to a > non-UTF-8 terminal, which though probably

Re: Remove accents from fortunes

I so much hate it when people drop the umlaut in my name and write "Floter" - this usually happens while being in America because people don't know better. My name is Flöter or Floeter ("ae", "oe", or "ue" are the correct substitutions). They are different letters with different pronunciations

Re: Remove accents from fortunes

Anthony J. Bentley wrote: > "Ted Unangst" writes: > > Anthony J. Bentley wrote: > > > Hi, > > > > > > "Punctuation followed by backspace" hasn't been the right way to enter > > > accents for a long time. > > > > hard to see what the diff is doing since i coudn't see the backspaces. :) > > > >

Re: Remove accents from fortunes

Anthony J. Bentley wrote: >And since nobody's complained in the past few years that they couldn't >see the accents in Jabberwocky... But then some Frenchman might suddenly complain about René Descartes's name being misspelt (not that I had ever noticed that the accent didn't show up before

Re: first stab at RFC 7217: random but stable link local addresses

On Tue, Jul 11, 2017 at 11:08:23AM +0100, Stuart Henderson wrote: > On 2017/07/11 07:45, Florian Obser wrote: > > The way I want to move forward with this is: > > > > 1) generate a random key at boot if it's not present yet (like we do > > for ssh host keys and ipsec) > > 2) if /etc/netstart

Re: [PATCH] allow notAfter after 2038 with 32-bit time_t

Hi, I have built embedded systems that have run 20 years with no update - but I doubt they are common. More of an issue is archived data. I have read data 30 years old, and may well do so again. While I think the answer is "human readable date formats" The Americans have scuppered that with

Re: urndis issues

On Sun, Jul 09, 2017 at 09:57 +0300, Artturi Alm wrote: > Hi, > > anyone else having issues w/urndis(android)? > victim of circumstances, i have to rely on it at times during the summer. > When i plug phone into usb, and enable usb tethering or w/e it is called, > i never get ip on first try, i

Re: [PATCH] allow notAfter after 2038 with 32-bit time_t

On 2017/07/11 01:55, Kyle J. McKay wrote: > 2) 32-bit systems are going to be around for many years still; 32-bit ARM > platforms are everywhere .. > 4) 32-bit time_t has potentially still got over 20 years of life left in it Yes. The gamble is whether 32-bit systems will still be around then. I

Re: first stab at RFC 7217: random but stable link local addresses

On 2017/07/11 07:45, Florian Obser wrote: > > Here is the first step in implementing RFC 7217 "A Method for > Generating Semantically Opaque Interface Identifiers with IPv6 > Stateless Address Autoconfiguration (SLAAC)" > > This is orthogonal to privacy extension. The idea is to replace the >

Re: rip router advertisement processing and solicitation sending out of kernel

On 10/07/17(Mon) 08:04, Florian Obser wrote: > --- netinet6/in6.c > +++ netinet6/in6.c > @@ -897,25 +897,9 @@ in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) > { > struct ifaddr *ifa = >ia_ifa; > extern int ifatrash; > - int plen; > > NET_ASSERT_LOCKED(); > > -

Re: backgammon(6): remove compiled out user count checks

On Tue, Jul 11, 2017 at 11:01:32AM +0200, Frederic Cambus wrote: > Hi tech@, > > The user count checks have been compiled out since 1998, let's get rid > of them. > > Comments? OK? > ok mlarkin > Index: games/backgammon/backgammon/main.c >

backgammon(6): remove compiled out user count checks

Hi tech@, The user count checks have been compiled out since 1998, let's get rid of them. Comments? OK? Index: games/backgammon/backgammon/main.c === RCS file: /cvs/src/games/backgammon/backgammon/main.c,v retrieving revision 1.23

Re: Remove accents from fortunes

"Ted Unangst" writes: > Anthony J. Bentley wrote: > > Hi, > > > > "Punctuation followed by backspace" hasn't been the right way to enter > > accents for a long time. > > hard to see what the diff is doing since i coudn't see the backspaces. :) > > do we want to delete them? or replace them with

Re: [PATCH] allow notAfter after 2038 with 32-bit time_t

On Jul 5, 2017, at 22:30, Bob Beck wrote: On Thu, May 18, 2017 at 7:31 AM, Kyle J. McKay wrote: RFC 5280 section 4.1.2.5 states: To indicate that a certificate has no well-defined expiration date, the notAfter SHOULD be assigned the GeneralizedTime value of

first stab at RFC 7217: random but stable link local addresses

Here is the first step in implementing RFC 7217 "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)" This is orthogonal to privacy extension. The idea is to replace the stable slaac addresses formed from the MAC address of your

Re: Remove accents from fortunes

Anthony J. Bentley wrote: > Hi, > > "Punctuation followed by backspace" hasn't been the right way to enter > accents for a long time. hard to see what the diff is doing since i coudn't see the backspaces. :) do we want to delete them? or replace them with proper utf-8 sequences?