Re: relayd/ctl alternative control socket

But what about people not running relay on rdomain, but rather just want to run separate instances of relayd ? > 28 nov. 2017 kl. 16:06 skrev Sebastian benoit > : > > Hi, > > your diff looks good, but i would rather do it the way bgpd/bgpctl do it: > >

Re: [patch] upon install of new operating system version, do not set root password to empty string

On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root

kdump: fcntl(F_GETOWN) doesn't take an argument

When displaying fcntl() arguments, kdump knows that fcntl commands F_GETFD, F_GETFL, and F_ISATTY don't take an additional argument. That's also true of F_GETOWN, so add it to that list. This diff would be three lines, but I think it's cleaner to figure out whether an argument should be

Re: Revise ACPI OperationRegion support

On Wed, Nov 29, 2017 at 04:30:01AM +0100, Mark Kettenis wrote: > Diff below revises the OperationRegion support to allow chvgpio(4) to > register its own OEM defined regions. This prevents a panic on a > Lenovo 2-in-1 that mlarkin@ carried all the way to Elk Lakes cabin. > It even makes the lid

Revise ACPI OperationRegion support

Diff below revises the OperationRegion support to allow chvgpio(4) to register its own OEM defined regions. This prevents a panic on a Lenovo 2-in-1 that mlarkin@ carried all the way to Elk Lakes cabin. It even makes the lid switch work somewhat. This will also make it easier to add CMOS support

Re: [patch] upon install of new operating system version, do not set root password to empty string

On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root

Re: iked, don't return NULL in print_host

On Wed, Nov 29 2017, Claudio Jeker wrote: > On Wed, Nov 29, 2017 at 01:59:06AM +0100, Claudio Jeker wrote: >> Seen in my log file: >> Nov 28 17:47:22 dramaqueen iked: vfprintf %s NULL in "%s: %s %s from %s to >> %s ms gid %u, %ld bytes%s" >> >> and >> >> Nov 29

Re: iked, don't return NULL in print_host

ok beck@ On Wed, Nov 29, 2017 at 02:17:21AM +0100, Claudio Jeker wrote: > On Wed, Nov 29, 2017 at 01:59:06AM +0100, Claudio Jeker wrote: > > Seen in my log file: > > Nov 28 17:47:22 dramaqueen iked: vfprintf %s NULL in "%s: %s %s from %s to > > %s ms gid %u, %ld bytes%s" > > > > and > > > > Nov

Re: iked, don't return NULL in print_host

On Wed, Nov 29, 2017 at 01:59:06AM +0100, Claudio Jeker wrote: > Seen in my log file: > Nov 28 17:47:22 dramaqueen iked: vfprintf %s NULL in "%s: %s %s from %s to > %s ms gid %u, %ld bytes%s" > > and > > Nov 29 01:02:39 dramaqueen iked[49967]: ikev2_msg_send: IKE_SA_INIT > request from (null) to

iked, don't return NULL in print_host

Seen in my log file: Nov 28 17:47:22 dramaqueen iked: vfprintf %s NULL in "%s: %s %s from %s to %s ms gid %u, %ld bytes%s" and Nov 29 01:02:39 dramaqueen iked[49967]: ikev2_msg_send: IKE_SA_INIT request from (null) to 62.48.30.5:500 msgid 0, 438 bytes The problem seems to be in print_host so

[patch] upon install of new operating system version, do not set root password to empty string

This is a highly theoretical and experimental mitigation which stops the root password on newly upgraded/installed systems from being an empty string. The thinking is that by not shipping an operating system with a known root password, certain classes of attacks involving logging into the root

relayd, save some power by removing snmp session tracking

So one of the things relayd's snmp agentx hook provieds is the relay sessions. To do that every connection accepted by relayd does 2 IMSG and the pfe is using linear lists to track them. Because of this the PFE engine is using more CPU time than needed. Is anyone using the fast changing session

Re: TCP/UDP/etc input w/o KERNEL_LOCK()

On Tue, Nov 28 2017, Alexander Bluhm wrote: > On Tue, Nov 28, 2017 at 02:42:58PM +0100, Martin Pieuchot wrote: >> > login: panic: kernel diagnostic assertion "_kernel_lock_held()" failed: >> > file "/usr/src/sys/kern/uipc_socket.c", line 1882 >> > Stopped at

Re: TCP/UDP/etc input w/o KERNEL_LOCK()

On Tue, Nov 28, 2017 at 02:42:58PM +0100, Martin Pieuchot wrote: > > login: panic: kernel diagnostic assertion "_kernel_lock_held()" failed: > > file "/usr/src/sys/kern/uipc_socket.c", line 1882 > > Stopped at db_enter+0x4: popl%ebp Next crash, now during regress/usr.bin/openssl.

Re: fuse: vfs create does not map 1:1 to fuse create

On Tue, Nov 28, 2017 at 10:59:07PM +0800, Helg wrote: One small comment from me: > /* already open i think all is ok */ > if (ip->fufh[fufh_type].fh_type != FUFH_INVALID) > return (0); > > + /* > + * The file has already been created and/or truncated so FUSE

Re: fuse: vfs create does not map 1:1 to fuse create

On Mon, Nov 27, 2017 at 10:48:04AM +0100, Martin Pieuchot wrote: > On 23/11/17(Thu) 21:45, Helg wrote: > > On Thu, Nov 23, 2017 at 12:09:34PM +, Helg Bredow wrote: > > > - Forwarded message from Martin Pieuchot - > > > > > > Date: Sat, 18 Nov 2017 11:03:49 +0100 > >

iked: don't include DH transform in IKE_AUTH msgs

Hi, turns out that, as specified in the RFC, the initial Child SA does not do PFS and is assumed to be secured using the DH exchange in the first handshake. Thus there is no KE/N payload in the IKE_AUTH exchange and we must not include a DH group other than None, which essentially means we must

Re: relayd/ctl alternative control socket

Hi, your diff looks good, but i would rather do it the way bgpd/bgpctl do it: there the default is /var/run/bgpd.sock. where is the routing domain bgpctl is running in. To administer bgpd(8) in a different routing domain, run bgpctl in said routing domain. i.e. it detects the rdomain at

Re: TCP/UDP/etc input w/o KERNEL_LOCK()

On 27/11/17(Mon) 14:01, Alexander Bluhm wrote: > On Mon, Nov 27, 2017 at 12:20:34PM +0100, Martin Pieuchot wrote: > > Questions, comments, tests? > > New panic with regress. I think it was sys/kern/sosplice this time. > > login: panic: kernel diagnostic assertion "_kernel_lock_held()" failed:

Re: armv7/sxie: enable phy-supply

On Sun, Nov 26, 2017 at 06:52:42PM +0200, Artturi Alm wrote: > Hi, > > unless i failed w/grep, only 4 boards with dts in u-boot/linux need this, > but i've got one of those, so this would be much appreciated:) > > -Artturi This seems reasonable and there is no non-panic error path there

Re: sed.1: miscellaneous corrections

On Mon, 27 Nov 2017 10:41:05 +, Jason McIntyre wrote: > On Sun, Nov 26, 2017 at 07:47:01PM +, kshe wrote: > > Hi, > > > > I noticed a certain number of inaccuracies within the manual page for > > sed. The diff below corrects to most obvious ones, although further > > improvements are

Re: Add Diffie-Hellman group negotiation to iked

On Mon, Nov 27, 2017 at 06:12:22PM +0100, Patrick Wildt wrote: > On Mon, Nov 27, 2017 at 04:21:08PM +0100, Patrick Wildt wrote: > > On Wed, Nov 22, 2017 at 05:26:24PM +0100, Patrick Wildt wrote: > > > On 2017/06/25 21:44, Tim Stewart wrote: > > > > My first patch did, in fact, break Child SAs

Re: dc(1): minor cleanup

On Tue, 28 Nov 2017 08:08:24 +, Otto Moerbeek wrote: > On Sun, Nov 26, 2017 at 07:25:46PM +, kshe wrote: > > Hi, > > > > The diff below encompasses three unrelated minor changes. > > > > 1. Merge the not_equal(), not_less() and not_greater() functions into > > their caller; these

Hide carp pass and sppp authname from userland

On Mon, Nov 27 2017, Stefan Sperling wrote: > On Mon, Nov 27, 2017 at 01:31:17AM +0100, Stefan Sperling wrote: >> On Sun, Nov 26, 2017 at 06:17:14PM +0100, Jeremie Courreges-Anglas wrote: >> > >> > I don't think anything has been committed regarding this issue, right? >> >>

Re: relayd/ctl alternative control socket

Hi, On June I've posted a patch about using alternative control socket for relayd and relayctl. There was a comment from David Gwynne which was evaluated. Is it OK to get this is in order to be able to control multiple relayd daemons on different rdomains? thanks Giannis Index: config.c

Re: dc(1) mishandles fractional input in bases other than 10

On Sun, Nov 26, 2017 at 07:51:13PM +, kshe wrote: > Hi, > > The following behaviour seems unacceptable to me. > > $ dc -e '16dio .C .C0 f' > .C0 > .B > > $ dc -e '8dio .3 .30 .300 f' > .3000 > .275 > .23 > > This bug affects all bases other than

Re: dc(1): dead store

On Sun, Nov 26, 2017 at 07:43:22PM +, kshe wrote: > Hi, > > This assignment is useless. > > Index: bcode.c > === > RCS file: /cvs/src/usr.bin/dc/bcode.c,v > retrieving revision 1.51 > diff -u -p -r1.51 bcode.c > --- bcode.c

Re: pf divert type

Hello, your change looks good to me as-is. Though I have one small suggestion, which I don't insist on: > Index: sys/netinet/raw_ip.c > === > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/raw_ip.c,v > retrieving revision 1.106

Re: filedesc's locking.

On 27/11/17(Mon) 19:32, Mathieu - wrote: > Martin Pieuchot wrote: > > On 27/11/17(Mon) 11:49, Mathieu - wrote: > > > Hi everyone, > > > > > > I was looking / poking around the filedesc handling in kern_descrip.c > > > and found the locking a bit.. weird, > > > > Can you define "weird"? Is it a

Re: dc(1): minor cleanup

On Sun, Nov 26, 2017 at 07:25:46PM +, kshe wrote: > Hi, > > The diff below encompasses three unrelated minor changes. > > 1. Merge the not_equal(), not_less() and not_greater() functions into > their caller; these functions cannot be called from the jump table, so > it is confusing to