On Wed, Aug 10, 2022 at 11:08:06AM +0200, Claudio Jeker wrote:
> On Fri, Jul 01, 2022 at 04:03:21PM +, Visa Hankala wrote:
> > On Fri, Jul 01, 2022 at 09:59:11AM +0200, Claudio Jeker wrote:
> > > On Thu, Jun 30, 2022 at 03:46:35PM +, Visa Hankala wrote:
> > > > On Thu, Jun 30, 2022 at
On Thu, Aug 11, 2022 at 02:22:08AM +0200, Jeremie Courreges-Anglas wrote:
> On Wed, Aug 10 2022, Scott Cheloha wrote:
> > [...]
> >
> > 1. Our ksh(1) already checks for stdout errors in the echo builtin.
>
> So do any of the scripts in our source tree use /bin/echo for whatever
> reason? If so,
On Wed, Aug 10 2022, Scott Cheloha wrote:
> On Wed, Aug 10, 2022 at 02:23:08PM -0600, Theo de Raadt wrote:
>> Scott Cheloha wrote:
>>
>> > On Wed, Aug 10, 2022 at 12:26:17PM -0600, Theo de Raadt wrote:
>> > > Scott Cheloha wrote:
>> > >
>> > > > We're sorta-kinda circling around adding the
On Wed, Aug 10, 2022 at 02:23:08PM -0600, Theo de Raadt wrote:
> Scott Cheloha wrote:
>
> > On Wed, Aug 10, 2022 at 12:26:17PM -0600, Theo de Raadt wrote:
> > > Scott Cheloha wrote:
> > >
> > > > We're sorta-kinda circling around adding the missing (?) stdio error
> > > > checking to other
On Wed, Aug 10 2022, "Theo de Raadt" wrote:
> Scott Cheloha wrote:
>
>> We're sorta-kinda circling around adding the missing (?) stdio error
>> checking to other utilities in bin/ and usr.bin/, no? I want to be
>> sure I understand how to do the next patch, because if we do that it
>> will
Scott Cheloha wrote:
> On Wed, Aug 10, 2022 at 12:26:17PM -0600, Theo de Raadt wrote:
> > Scott Cheloha wrote:
> >
> > > We're sorta-kinda circling around adding the missing (?) stdio error
> > > checking to other utilities in bin/ and usr.bin/, no? I want to be
> > > sure I understand how to
On Wed, Aug 10, 2022 at 12:26:17PM -0600, Theo de Raadt wrote:
> Scott Cheloha wrote:
>
> > We're sorta-kinda circling around adding the missing (?) stdio error
> > checking to other utilities in bin/ and usr.bin/, no? I want to be
> > sure I understand how to do the next patch, because if we
On 2022/08/10 15:07:15 +0200, Claudio Jeker wrote:
> On Sun, Aug 07, 2022 at 11:10:22AM +0200, Omar Polo wrote:
> > blob - ddf83f965d0e6a99ada695694bea77b775bae2aa
> > blob + 1d577ba63efca388ca3644d1a52d9b3d9f246014
> > --- usr.sbin/slowcgi/slowcgi.c
> > +++ usr.sbin/slowcgi/slowcgi.c
> > @@
Scott Cheloha wrote:
> We're sorta-kinda circling around adding the missing (?) stdio error
> checking to other utilities in bin/ and usr.bin/, no? I want to be
> sure I understand how to do the next patch, because if we do that it
> will probably be a bunch of programs all at once.
This
On Sat, Jul 30, 2022 at 05:23:37PM -0600, Todd C. Miller wrote:
> On Sat, 30 Jul 2022 18:19:02 -0500, Scott Cheloha wrote:
>
> > Bump. The standard's error cases for fflush(3) are identical to those
> > for fclose(3):
> >
> > https://pubs.opengroup.org/onlinepubs/9699919799/functions/fflush.html
On Fri, Jul 29, 2022 at 08:13:14AM -0500, Scott Cheloha wrote:
> On Wed, Jul 13, 2022 at 12:50:24AM -0500, Scott Cheloha wrote:
> > We reduce overhead if we only parse the user's format string once. To
> > achieve that, this patch does the following:
> >
> > [...]
> >
> > - When parsing the
On Wed, Aug 10, 2022 at 06:16:30PM +0200, Theo Buehler wrote:
> On Wed, Aug 10, 2022 at 03:10:19PM +, Job Snijders wrote:
> > An errata exists for RFC 6482, which informs us: """The EE certificate
> > MUST NOT use "inherit" elements as described in [RFC3779].""" Read the
> > full report here:
On Wed, Aug 10, 2022 at 03:10:19PM +, Job Snijders wrote:
> Hi all,
>
> An errata exists for RFC 6482, which informs us: """The EE certificate
> MUST NOT use "inherit" elements as described in [RFC3779].""" Read the
> full report here: https://www.rfc-editor.org/errata/eid3166
>
> Although
Hello,
On Wed, Aug 10, 2022 at 02:38:16PM +, Stefan Butz wrote:
> Hi everyone,
>
> this mail includes a patch to store pf rules in a red-black tree.
> Currently they are stored in a linked list.
> My system configured with 16000 rules takes about 10 minutes
> to print them out using `pfctl
On Wed, 10 Aug 2022 14:38:16 -, Stefan Butz wrote:
> this mail includes a patch to store pf rules in a red-black tree.
> Currently they are stored in a linked list.
> My system configured with 16000 rules takes about 10 minutes
> to print them out using `pfctl -sr`.
> This patch decreases the
Hi all,
An errata exists for RFC 6482, which informs us: """The EE certificate
MUST NOT use "inherit" elements as described in [RFC3779].""" Read the
full report here: https://www.rfc-editor.org/errata/eid3166
Although it might seem a bit 'wasteful' to d2i the IP Resources
extension in multiple
Hi everyone,
this mail includes a patch to store pf rules in a red-black tree.
Currently they are stored in a linked list.
My system configured with 16000 rules takes about 10 minutes
to print them out using `pfctl -sr`.
This patch decreases the time to 4 seconds.
I was not able to measure a time
On Wed, Aug 10, 2022 at 03:59:12PM +0200, Theo Buehler wrote:
> The below matches the VPN4 code and makes more sense given that we deref
> kr6 in the else block.
>
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
On Wed, Aug 10, 2022 at 01:58:14PM +, Job Snijders wrote:
> Hi,
>
> The ROA specification (RFC 6482 § 4) is a bit underspecified, but in the
> wild the RFC 3779 AS Resources extension never ever appears on ROA EE
> certificates, as it serves no purpose in the validation process. I've
> seen
The below matches the VPN4 code and makes more sense given that we deref
kr6 in the else block.
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.287
diff -u -p -U5 -r1.287 kroute.c
--- kroute.c
Hi,
The ROA specification (RFC 6482 § 4) is a bit underspecified, but in the
wild the RFC 3779 AS Resources extension never ever appears on ROA EE
certificates, as it serves no purpose in the validation process. I've
seen it happen once, in the past, which was a CA mistake.
Related reading
On Wed, Aug 10, 2022 at 02:54:58PM +0200, Claudio Jeker wrote:
> This is more of what I just did in other places. Use direct assignment
> instead of memcpy(), remove double bzero() calls, switch to memset()
> and order struct kroute_nexthop in a more sensible way.
ok
> There should be no
On Sun, Aug 07, 2022 at 11:10:22AM +0200, Omar Polo wrote:
> I'm not sure httpd(8) handles correctly when the fastcgi application
> (e.g. slowcgi) closes the connection prematurely.
>
> To verify it, I'm playing with three simple CGI scripts running under
> slowcgi with a very low timeout (-t2).
This is more of what I just did in other places. Use direct assignment
instead of memcpy(), remove double bzero() calls, switch to memset()
and order struct kroute_nexthop in a more sensible way.
There should be no behaviour change from all this.
--
:wq Claudio
Index: bgpd.h
On Wed, Aug 10, 2022 at 11:59:30AM +0200, Claudio Jeker wrote:
> When introducing prefix_nhvalid(p) the code in network_dump_upcall()
> was not correctly adjusted:
>
> Before:
> if (prefix_nexthop(p) == NULL ||
> prefix_nexthop(p)->state != NEXTHOP_REACH)
>
On Wed, Aug 10, 2022 at 12:17:29PM +0200, Claudio Jeker wrote:
> bgpctl show network uses the same data handler as bgpctl show fib.
> I increased the space between destination and gateway for IPv6 for the
> latter but forgot to adjust the former.
>
> Before:
> flags: S = Static
> flags prio
bgpctl show network uses the same data handler as bgpctl show fib.
I increased the space between destination and gateway for IPv6 for the
latter but forgot to adjust the former.
Before:
flags: S = Static
flags prio destination gateway
S0 10.2.3.0/24 0.0.0.0
On Wed, Aug 10, 2022 at 02:17:53AM +, Job Snijders wrote:
> Dear all,
>
> I like to run rpki-client very often, and not be bogged down with
> non-responsive respositories. If a repository is uncommunicative,
> rpki-client as-is will try other transports, or come back later (because
> of a
When introducing prefix_nhvalid(p) the code in network_dump_upcall()
was not correctly adjusted:
Before:
if (prefix_nexthop(p) == NULL ||
prefix_nexthop(p)->state != NEXTHOP_REACH)
kf.nexthop.aid = kf.prefix.aid;
else
kf.nexthop =
On Fri, Jul 01, 2022 at 04:03:21PM +, Visa Hankala wrote:
> On Fri, Jul 01, 2022 at 09:59:11AM +0200, Claudio Jeker wrote:
> > On Thu, Jun 30, 2022 at 03:46:35PM +, Visa Hankala wrote:
> > > On Thu, Jun 30, 2022 at 11:51:52AM +0200, Claudio Jeker wrote:
> > > > After discussing this with
30 matches
Mail list logo