Re: Difference between ping mnaual page and behaviour

commited, thanks! On Wed, Oct 26, 2016 at 01:51:00PM +, Florian Obser wrote: > [moved to tech@] > > On Tue, Oct 25, 2016 at 04:49:28PM +0200, Horv??th Tam??s wrote: > > Dear List! > > > > I've found in the man page of ping the following: "If less than >

Re: Difference between ping mnaual page and behaviour

[moved to tech@] On Tue, Oct 25, 2016 at 04:49:28PM +0200, Horv??th Tam??s wrote: > Dear List! > > I've found in the man page of ping the following: "If less than > eight bytes of pad are specified, no round trip times are given." > However I experienced that round trip times are shown *only*

nsd 4.1.13

I have been prodded by dhill & brad, so here is a diff. Running with it now but haven't reviewed it, yet. (I have a git repo with all intermediate diffs if someone wants to look at those...) Tests / OKs? (I will review the diff myself before committing) diff --git Makefile.in Makefile.in index

Re: send fewer router solicitations

On Mon, Sep 26, 2016 at 10:16:04PM +0100, Stuart Henderson wrote: > On 2016/09/26 20:14, Florian Obser wrote: > > On Wed, Sep 21, 2016 at 01:23:25PM +0100, Stuart Henderson wrote: > > > > > There's a problem with this: we lose the exponential backoff for the > >

Re: traceroute(8): drop to _traceroute user

this always does the 3 part setgroups, setresgid, setresuid dance... diff --git sbin/ping/ping.c sbin/ping/ping.c index 383ef65..6ea138c 100644 --- sbin/ping/ping.c +++ sbin/ping/ping.c @@ -259,7 +259,8 @@ main(int argc, char *argv[]) char rspace[3 + 4 * NROUTES + 1]; /* record

Re: traceroute(8): drop to _traceroute user

On Tue, Sep 27, 2016 at 02:48:54PM +0200, Sebastien Marie wrote: > I think we always want to drop effective uid once SOCK_RAW socket has > been opened. yes, I think this is better: diff --git sbin/ping/ping.c sbin/ping/ping.c index 383ef65..aa4c025 100644 --- sbin/ping/ping.c +++

Re: traceroute(8): drop to _traceroute user

On Tue, Sep 27, 2016 at 11:32:00AM +0100, Stuart Henderson wrote: > I just discovered an implication of the ping/traceroute changes: > bgplg users now need pwd.db in /var/www/etc. > Ooops. I guess this is a documentation problem? -- I'm not entirely sure you are real.

Re: send fewer router solicitations

On Wed, Sep 21, 2016 at 01:23:25PM +0100, Stuart Henderson wrote: > There's a problem with this: we lose the exponential backoff for the > quick timer. Say you have v6 at home and enable autoconf on your laptop > then move to a network without v6 - this results in you spamming the > network with

traceroute(8): drop to _traceroute user

It's not *that* expensive to have a dedicated user for this, so we don't need to think about if it's a problem to share with ping(8) or not. And we might be able to get rid of it again in the future. Pointed out by deraadt@ OK? diff --git etc/group etc/group index 7c050ef..e823310 100644 ---

traceroute(8): drop to _ping user

like ping(8)... OK? diff --git traceroute.c traceroute.c index 5c53f53..b1fde9d 100644 --- traceroute.c +++ traceroute.c @@ -246,6 +246,7 @@ #include #include #include +#include #include #include #include @@ -303,6 +304,8 @@ int last_tos; void usage(void); +#define

rtadvd: consistently use MAX_ prefix

OK? diff --git config.c config.c index 842f9af..3118e93 100644 --- config.c +++ config.c @@ -176,11 +176,11 @@ getconfig(char *intface) } MAYHAVE(val, "rltime", tmp->maxinterval * 3); - if (val && (val < tmp->maxinterval || val > MAXROUTERLIFETIME)) { + if (val &&

rtadvd: no need for float defines

OK? diff --git config.c config.c index 4f94632..842f9af 100644 --- config.c +++ config.c @@ -148,7 +148,7 @@ getconfig(char *intface) MAYHAVE(val, "maxinterval", DEF_MAXRTRADVINTERVAL); if (val < MIN_MAXINTERVAL || val > MAX_MAXINTERVAL) { log_warnx("maxinterval

Re: merge ping6(8) into ping(8)

... and this does things to the build infrastructure. It survives make release on amd64, it survived i386 in the past but I'm currently running another make release. I'm trying armv7, too. Tests on other archs would be very welcome, thanks! diff --git distrib/amd64/common/list

merge ping6(8) into ping(8)

this does 2 things: 1) copy missing things from ping6(8) over to ping(8) 2) add if (v6flag) { /* do new original v6 stuff */ } else { /* re-indent already present v4 stuff and wrap else around it /* } feel free to review and OK while I fight

Re: rebound quantum entanglement

On Wed, Sep 14, 2016 at 09:19:07PM -0400, Ted Unangst wrote: > So the plan is for rebound to be the 'system' resolver, with libc talking to > rbeound and rebound talking to the cloud. The main wrinkle is how does rebound > find the cloud? rebound.conf, but dhclient doesn't know anything about >

Re: mg docs ownership

On Sun, Sep 11, 2016 at 12:15:28PM +, Mark Lumsden wrote: > > Maybe we should just not install it? Mark? > > A couple of years ago when the tutorial started being installed there > were no dissenting voices, so unless there are objections, I'd carry > on doing that. And Martin's diff makes

Re: mg: region.c:preadin() - Also check for read() error

Haha OK florian@ On Thu, Sep 08, 2016 at 07:58:29AM +, Mark Lumsden wrote: > Source Joachim Nilsson: > > Coverity Scan found this interesting buglet. If read() fails the code, > before this patch, would trigger a "Negative array index write". > > ok? > > Index: region.c >

Re: replace microtime with getmicrouptime in ip_mroute.c

OK florian@ On Thu, Sep 08, 2016 at 11:54:01AM +1000, David Gwynne wrote: > it uses the time to rate limit the sending of assertion messages. > > there are two reasons for this change. > > firstly, using uptime instead of wall time means the intervals will > be measured against a a monotonic

ping(8): fix multicast source address selection

This got broken in rev 1.136 9 months ago. Sorry about that. Tests / OKs? p.s. applying + diff -bu is easier to figure out what's going on. diff --git ping.c ping.c index 9c2395a..b879d6f 100644 --- ping.c +++ ping.c @@ -121,7 +121,6 @@ int options; int moptions; #define

Re: send fewer router solicitations

On Fri, Sep 02, 2016 at 05:49:22PM +0100, Stuart Henderson wrote: > On 2016/09/02 10:37, Florian Obser wrote: > > To stop naddy from pestering me about this at every hackathon (rightly > > so!), let's base the timeout on the prefixes pltime. ;) > > Just a thought, are we

Re: in6_selectroute should never get AF_INET filled struct route *

OK florian@ On Fri, Sep 02, 2016 at 11:21:33AM +0200, Vincent Gross wrote: > in6_selectroute() checks whether the struct route it received contains > a valid route whose AF is not AF_INET6, "in case the cache is shared". > Well, is this cache shared or not ? > > There's only two ways to get to

send fewer router solicitations

Our kernel based rtsol code is like this little child. We bring up the interface, send our first solicitation and get an advertisment back with a pltime of a week or so. We lean back, quite happy that we can do v6 now, but after 60 seconds we wake up, oh shit, better check if that prefix is

httpd(8): read all headers from fcgi server

As has been reported on multiple occasions, httpd(8) assumes that the complete http answer header is in the first fastcgi stdout record: * https://marc.info/?l=openbsd-tech=144571751203238=2 * https://github.com/reyk/httpd/issues/63 (I think there were more) To reproduce: $ doas cp

Re: nsd 4.1.11

On Tue, Aug 16, 2016 at 07:00:39PM +, Florian Obser wrote: > OK? > anyone? diff --git buffer.h buffer.h index bee7d8b..9e17bc9 100644 --- buffer.h +++ buffer.h @@ -315,6 +315,20 @@ buffer_write_u32(buffer_type *buffer, uint32_t data) } static inline void +buffer_write_

nsd 4.1.11

OK? diff --git buffer.h buffer.h index bee7d8b..9e17bc9 100644 --- buffer.h +++ buffer.h @@ -315,6 +315,20 @@ buffer_write_u32(buffer_type *buffer, uint32_t data) } static inline void +buffer_write_u64_at(buffer_type *buffer, size_t at, uint64_t data) +{ +

rtadvd(8): fix potential NULL deref

rtadvd_check_timer() might return NULL if no timers need to run. I'm not 100% sure if it can happen in practice though, but still... Pointed out by llvm's scan-build. OK? diff --git rtadvd.c rtadvd.c index 0152045..1af402b 100644 --- rtadvd.c +++ rtadvd.c @@ -154,7 +154,7 @@ main(int argc, char

update nsd to 4.1.7 -> 4.1.10

Lightly tested, I will test AXFR with tsig tomorrow. tests / OKs? diff --git Makefile.in Makefile.in index 9103291..3fbd01b 100644 --- Makefile.in +++ Makefile.in @@ -439,9 +439,9 @@ xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd xfrd-notify.o:

Re: pf.conf macro with space

On Tue, Jun 21, 2016 at 10:14:52AM +0200, Sebastian Benoit wrote: > > same thing without a stupid helper function, pointed out by henning. OK florian@ (for all parse.y instances we have, oh and as usual you forgot cwm in your list :) ) > > diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y >

Re: Kill nd6_output()

There is a typo in a comment in nd6.c. s/nd6_resove/nd6_resolve/ With that fixed OK florian@ On Tue, Jun 14, 2016 at 11:52:02AM +0200, Martin Pieuchot wrote: > It's no longer doing anything, so let's remove it, ok? > > Index: net/pf.c >

Re: httpd(8) fix incorrect comment

On Tue, Jun 07, 2016 at 12:18:48PM +0200, Frank Schoep wrote: > Came across an incorrect comment in httpd(8) explaining memory > allocation. Comment claims that 5 times the source memory needs to > be allocated if source consists solely of "<" and ">", but those > characters expand to four bytes

Re: `rt_addr' or the end of `rt_ifa'

Any reason you are not adding the free(9) sizes in rtrequest(), too? OK florian@ On Wed, Jun 08, 2016 at 04:23:33PM +0200, Martin Pieuchot wrote: > Being able to remove the requirement of an configured address for every > route entry would have multiple benefit: > > . We could add route

Re: rcmdsh(3): use getaddrinfo() not gethostbyname2()

OK florian@ On Fri, May 27, 2016 at 06:09:40PM -0600, Todd C. Miller wrote: > rmcd(3) was converted ages ago but apparently this was missed. > > - todd > > Index: lib/libc/net/rcmdsh.c > === > RCS file:

Re: httpd: $DOCUMENT_URI macro fix for FastCGI

I find some of the variables utterly confusing and would consider it a net plus if I knew less about this. This is probably correct. Thanks for all the work. OK florian@ On Mon, Apr 18, 2016 at 10:35:47AM +0200, Christopher Zimmermann wrote: > On 2016-04-17 Tim Baumgard

Re: bgplg: use SERVER_NAME CGI variable instead of gethostname?

I think this is good. OK florian@ On Tue, Apr 05, 2016 at 10:39:15PM +0100, Stuart Henderson wrote: > I've just been reorganising some machines and have a hostname that I don't > really want on the looking glass page, this diff uses the CGI variable > instead to take the hostname as given by the

ping(8) -n flag

So, who knows what the -n flag is doing in ping(8)? The man page has this to say: -n Numeric output only. No attempt will be made to look up symbolic names for host addresses. $ ping -c1 amd64.openbsd.adns.de PING amd64.openbsd.adns.de (217.31.84.226): 56 data bytes

ping(8): implement -H

on top of previous mail ("ping(8) -n flag") OK? diff --git sbin/ping/ping.8 sbin/ping/ping.8 index e3d3d0b..07318e4 100644 --- sbin/ping/ping.8 +++ sbin/ping/ping.8 @@ -39,7 +39,7 @@ .Sh SYNOPSIS .Nm ping .Bk -words -.Op Fl DdEefLqRv +.Op Fl DdEefHLnqRv .Op Fl c Ar count .Op Fl I Ar ifaddr

Re: rtadvd usage()

with the changes bluhm suggested OK florian@ On Thu, Feb 04, 2016 at 02:36:25PM +0100, Alexander Bluhm wrote: > On Thu, Feb 04, 2016 at 02:02:46PM +0100, J??r??mie Courr??ges-Anglas wrote: > > +static void usage(void); > > Can you make the usage static __dead void? > > > +#define OPTIONS

Re: rtadvd: remove router renumbering support

yes please. while in there you should deleted the commented .Fl m from the man page, too. OK florian@ On Mon, Nov 30, 2015 at 08:12:32PM +0100, Jeremie Courreges-Anglas wrote: > > ie. https://tools.ietf.org/html/rfc2894 > > This code has been rotting since a long time, only activated during two

Re: rtadvd: useless argument/checks in if.c:get_next_msg()

OK florian@ On Mon, Nov 30, 2015 at 01:58:16PM +0100, Jeremie Courreges-Anglas wrote: > > Hi, > > get_next_msg() takes an "ifindex" argument, and contains code to check > whether the interface affected by a routing message is "the correct > one". Those tests have always been meaningless since

ping(8) / ping6(8) source address

Inspired by the traceroute / traceroute6 merge. At least reduces the diff in the option parser :) OK? diff --git ping/ping.c ping/ping.c index f5ccaca..4944f77 100644 --- ping/ping.c +++ ping/ping.c @@ -110,7 +110,7 @@ int options; #defineF_SO_DEBUG 0x0040 /*

pledge for nsd

Tested with and without zone transfers, forced writing of zones to disk and adding and removing zones at run time. Is the order of pledges in main() correct? OK? diff --git nsd.c nsd.c index 2420a65..d2084b7 100644 --- nsd.c +++ nsd.c @@ -,6 +,11 @@ main(int argc, char *argv[])

#include cleanup for ping6

I think this is correct... OK? diff --git ping6.c ping6.c index 2c786f9..8e42ade 100644 --- ping6.c +++ ping6.c @@ -81,35 +81,29 @@ */ #include -#include #include - -#include -#include +#include #include #include #include #include #include -#include #include #include

Re: The router doesn't know the size of the internet...

On Sat, Oct 24, 2015 at 06:15:48PM +0200, Sebastian Benoit wrote: > Alexander Bluhm(alexander.bl...@gmx.net) on 2015.10.24 17:21:27 +0200: > > On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote: > > > ...at least better than OpenBSD's source code. > > > > > > This diff gets rid of

IPv6 transport for pflow(4)

I don't really like to store struct sockaddr_storage since it's so big. I played around with a union like pf does, but looked complicated. Thoughts? Also with this you can specify a source port. Since I was touching all those lines anyway I renamed sender to flowsrc and receiver to flowdst like

Re: IPv6 transport for pflow(4)

On Sun, Sep 13, 2015 at 03:25:16PM +, Florian Obser wrote: > I don't really like to store struct sockaddr_storage since it's so > big. I played around with a union like pf does, but looked > complicated. > Thoughts? > > Also with this you can specify a source port. > Sin

pflow(4): reshuffle socreate(9)

Call socreate(9) only when we have a destination ip and port. Call sobind(9) only when we have a source ip. With this we can treat sc->so != NULL as a flag if the interface is in state IFF_RUNNING. OK? diff --git if_pflow.c if_pflow.c index c70ad81..829ec72 100644 --- if_pflow.c +++ if_pflow.c

Re: ping6: out of boundary access with invalid packets

On Tue, Sep 08, 2015 at 09:45:06PM +0200, Tobias Stoeckmann wrote: > The function pr_pack does not properly check boundaries before > accessing packet data. This could happen on short network reads or > when we receive packets that are addressed for another running ping6 > instance (see pr_pack

ping6(8): cleanup getaddrinfo

switch ping6(8) to the canonical example from getaddrinfo(3): error = getaddrinfo(..., res0); if (error) errx(1,...); [do stuff] freeaddrinfo(res0); I find this easier on the eyes: Hold on, why is it using a different struct addrinfo here? Why is it not calling freeaddrinfo(3)? Is it

remove RH0 support from ping6(8)

RH0 has been deprecated for quite some time now in RFC 5095. It's quite useless on OpenBSD since our stack unconditionally drops packets with a RH0 header so you can't get the packet out anyway. And last but not least it might get in the way if I ever manage to unify ping(8) and ping6(8). OK?

Re: move pflow(4) to sosend(9)

On Mon, Jul 20, 2015 at 06:58:06PM +0200, Alexander Bluhm wrote: On Mon, Jul 20, 2015 at 01:09:07AM +, Florian Obser wrote: - s = splnet(); + s = splnet(); pflow_flush(sc); + splx(s); This splx() looks strange, too. Why flush something

Re: move pflow(4) to sosend(9)

new diff, should address all comments: diff --git if_pflow.c if_pflow.c index 4f3ac5e..676829d 100644 --- if_pflow.c +++ if_pflow.c @@ -28,6 +28,8 @@ #include sys/timeout.h #include sys/ioctl.h #include sys/kernel.h +#include sys/socket.h +#include sys/socketvar.h #include sys/sysctl.h

move pflow(4) to sosend(9)

so pflow(4) shoving it's data with ip_output into the network stack seems wrong. this converts it to use sosend(9) and might even give us non-legacy IP support. tests from (heavy) pflow(4) users would be appriciated. diff --git if_pflow.c if_pflow.c index 4f3ac5e..624fdaf 100644 --- if_pflow.c

Re: [patch] update unbound forwards with dhclient nameservers

On Sun, Jul 19, 2015 at 01:08:46PM +0200, Gregor Best wrote: Hello, the following is a patch that adds an option called `update_unbound' to dhclient.conf. With this option enabled, dhclient will call unbound-control forwards ns1 ns2 ns3 instead of rewriting /etc/resolv.conf. My

Re: [patch] update unbound forwards with dhclient nameservers

On Sun, Jul 19, 2015 at 08:53:04PM +0200, Gregor Best wrote: On Sun, Jul 19, 2015 at 07:03:59PM +0100, Stuart Henderson wrote: [...] I'm uncertain about whether dhclient should do this at all, it seems to be the opposite of the direction dhclient has been going in recently, [...]

Re: sa_family_t is not always equal to u_int8_t

OK florian@ On Fri, Jul 17, 2015 at 01:41:17AM +0200, Alexandr Nedvedicky wrote: On Thu, Jul 16, 2015 at 11:10:06PM +, Miod Vallat wrote: cvs diff -p output: Please send unified diffs (diff -u). The easiest way is to have a diff -up line in your ~/.cvsrc file. Or diff -uNp if

httpd: hsts (rfc 6797)

OK? diff --git httpd.conf.5 httpd.conf.5 index b3eaad8..bfca29f 100644 --- httpd.conf.5 +++ httpd.conf.5 @@ -262,6 +262,18 @@ root directory of .Xr httpd 8 and defaults to .Pa /run/slowcgi.sock . +.It Ic hsts Oo Ar option Oc +Enable HTTP Strict Transport Security. +Valid options are: +.Bl -tag

Re: [Patch] httpd - don't leak fcgi file descriptors

On Mon, Jun 08, 2015 at 09:17:41PM +0200, Claudio Jeker wrote: On Mon, Jun 08, 2015 at 09:12:32PM +0200, Joerg Jung wrote: On Tue, Jun 02, 2015 at 05:47:47PM +0200, Claudio Jeker wrote: On Tue, Jun 02, 2015 at 01:50:35PM +0200, Joerg Jung wrote: Am 01.06.2015 um 01:25 schrieb Todd

Re: Byte range implementation for httpd(8)

On Sun, May 03, 2015 at 01:46:56PM +0200, Sunil Nimmagadda wrote: On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote: Sorry for the very late reply, I'm currently very busy :/ Thank you for taking time to review it. A new patch with style nits fixed and a gratuitous NULL check

Re: [PATCH] Support If-Modified-Since header on requests in httpd

On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote: I found 'timeoff' to be useful for converting to a time_t that is in GMT; however, did not find documentation on this in the man pages. It seems to be a function dating back to at least the NetBSD fork. If there is a better time function I

Re: [PATCH] Support If-Modified-Since header on requests in httpd

On Sun, May 03, 2015 at 11:14:48AM -0500, Kyle Thompson wrote: On Sun, May 03, 2015 at 03:00:40PM +, Florian Obser wrote: On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote: RFC 7232 A recipient MUST ignore the If-Modified-Since header field if the received field-value

Re: Byte range implementation for httpd(8)

On Sun, May 03, 2015 at 08:14:25PM +0200, Sebastian Benoit wrote: one question though: whats the reasoning behind MAX_RANGES 4? nginx seems to have a default of unlimited (which i think questionable), but what is Wasn't there a cve about this last year or so? You can try to burn cpu and io on

Re: Byte range implementation for httpd(8)

Sorry for the very late reply, I'm currently very busy :/ On Fri, Apr 17, 2015 at 05:04:01AM +0200, Sunil Nimmagadda wrote: Range requests as defined in RFC7233 is required for resuming interrupted http(s) downloads for example: ftp -C http://foo.bar/install57.iso With this diff, httpd

Re: copy'n'paste like typo in pf.c

On Sun, Apr 05, 2015 at 11:48:21AM +0200, Alexandr Nedvedicky wrote: Hello, when we ran PF sources through coverity we got an error as follows: 8310 if (ri-r-dst.addr.type == PF_ADDR_TABLE) 8311 pfr_update_stats(ri-r-dst.addr.p.tbl, 8312

Re: mg(1) segfault

On Sat, Apr 04, 2015 at 10:48:15AM -0300, Gleydson Soares wrote: mg(1) segfault. it is triggered as follows: 1- echo (start-kbd-macro) $HOME/.mg 2- open mg and type twice C-x ( find below the backtrace and a patch to fix. OK? Program received signal SIGBUS, Bus error. definemacro

Re: mg(1) segfault

On Sat, Apr 04, 2015 at 03:23:45PM -0300, Gleydson Soares wrote: return (macrodef = FALSE); but we shouldn't change macrodef here. I hate the startup file. Look, this is a use after free, but I can't find it... #0 0x1b9de0b1b77f in definemacro (f=0, n=1) at

Re: Small ifconfig output tweak for inet6?

On Thu, Mar 26, 2015 at 05:46:12PM +0100, Henning Brauer wrote: * Mike Belopuhov m...@belopuhov.com [2015-03-26 14:36]: however I agree that if we do this for ipv6 we should do it for ipv4 as well but then do we care about tons of stuff out there parsing ifconfig output? that's the prime

Re: Small ifconfig output tweak for inet6?

On Thu, Mar 26, 2015 at 01:48:03PM +0100, Martin Pieuchot wrote: How do people feel about printing the prefixlen in CIDR notation? I'm annoyed about outputs not fitting in 80 chars when using autoconf magic: -inet6 fd00::f2de:f1ff:fe6a:15d1 prefixlen 64 autoconf pltime 3594 vltime 7194

Re: Small ifconfig output tweak for inet6?

On Thu, Mar 26, 2015 at 06:50:37PM +0100, Martin Pieuchot wrote: On 26/03/15(Thu) 17:39, Florian Obser wrote: On Thu, Mar 26, 2015 at 01:48:03PM +0100, Martin Pieuchot wrote: How do people feel about printing the prefixlen in CIDR notation? I'm annoyed about outputs not fitting in 80

Re: httpd fastcgi diff

On Wed, Mar 25, 2015 at 10:20:53PM +0100, Tim van der Molen wrote: I'm using the hgweb.cgi Python script to serve Mercurial repositories over HTTP. When served by httpd, hgweb.cgi does not work well with the hg command-line utility. For example, this doesn't work: $ hg clone

Re: mg(1) segfaults on scroll-down

Hi, On Wed, Mar 18, 2015 at 01:35:08PM +0200, Kaspars Bankovskis wrote: Hi, to reproduce the issue: (1) start mg and press Enter, until you fill up the screen and it goes on to the next screen. (2) type in at least one character (3) press M-v (or execute command scroll-down) (4) mg

Re: allow stateless address auto configuration when v6 forwarding is enabled

On Mon, Mar 23, 2015 at 08:22:46PM +0100, Stefan Sperling wrote: On Mon, Mar 23, 2015 at 06:21:40PM +, Florian Obser wrote: [ this originated on misc@: https://marc.info/?t=14170362181r=1w=2 ] so there are setups out there where a router gets a default route (and maybe a prefix

allow stateless address auto configuration when v6 forwarding is enabled

[ this originated on misc@: https://marc.info/?t=14170362181r=1w=2 ] so there are setups out there where a router gets a default route (and maybe a prefix) via SLAAC (think dsl / cable line). Currently the kernel does not accept a default route via SLAAC when forwarding is enabled. Since we

Re: 5.6, IPv6: is autoconf set by default?

On Sat, Jan 10, 2015 at 02:07:49PM +, Stuart Henderson wrote: [moved from misc@] On 2015-01-08, Josh Grosse j...@jggimi.homeip.net wrote: On Thu, Jan 08, 2015 at 03:20:46PM +, Florian Obser wrote: [...] eui64 Fill the interface index (the lowermost 64th bit of an IPv6

Re: rtadvd on OpenBSD 5.6 with Comcast cable connection

(moved to tech@) On Thu, Jan 01, 2015 at 11:51:32AM -0600, Aaron Riekenberg wrote: I found some other reports of the same problem with rtadvd logging excessive messages about router advertisements on the external non-advertising interface. From OpenBSD 5.2:

relayd errata Nov 17

This patch fixes a relayd crash for the 5.6 release. untrusted comment: signature from openbsd 5.6 base private key RWR0EANmo9nqhgFKMGabOlUXoxAuey9xQyKcm0OULFMOSkyd3ReQHQjwA1psSBbqu1ex9j28D/nyEh6U8uj8f2oFZtXoHA7njAg= OpenBSD 5.6 errata 6, Nov 17, 2014: Fix for relayd crash Apply patch using:

Re: mg: exit code cleanup

Commited, thanks! On Sun, Nov 09, 2014 at 08:40:03PM +0100, Martin Natano wrote: mg(1) calls 'exit(1)' on failure, but 'exit(GOOD)' on success. In my opinion it would be more readable to just use 'exit(0)' for a normal exit. (If there really is the need for a define, EXIT_SUCCESS would be a

Re: getent(1) hosts enumeration defunc

Hi Ingo, On Sun, Oct 19, 2014 at 02:24:27AM +0200, Ingo Schwarze wrote: Hi Philip, Philip Guenther wrote on Sat, Oct 18, 2014 at 04:38:09PM -0700: Maybe we just fix getent(1) to return an error like it does for ethers? Whatever we do with gethostent(3) - maybe it's really expendable,

Re: Bug in gethostbyaddr and patch to solve

On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote: Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with current) and certain addres of the LAN I got always a segfault. Nope, already fixed in the upcomming 5.6 release and -current.

Move sending of router solicitation packages to the kernel

This moves sending of router solicitation packages to the kernel. With it rtsol{,d}(8) is no longer needed. Add inet6 autoconf to /etc/hostname.IF or run ifconfig IF inet6 autoconf and the kernel will start sending rtsol packages. An the following events a timer will be (re) started with a timeout

Re: recent ipv6 changes: how to pick up rtadv without an autoconf address?

On Fri, Jul 25, 2014 at 02:28:15PM +0100, Stuart Henderson wrote: Following the recent IPv6 changes, what method should now be used to have a statically configured ipv6 address but accept router advertisements to pick up a default route? as discussed on icb:

Re: using -Werror-implicit-function-declaration

usr.sbin, missing prototypes: diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h index 4c9224a..45b060f 100644 --- usr.sbin/mrouted/defs.h +++ usr.sbin/mrouted/defs.h @@ -209,6 +209,7 @@ extern void accept_leave_message(u_int32_t src, u_int32_t dst,

Re: using -Werror-implicit-function-declaration

usr.sbin, fix bind configure: Carefully checked that config.h and generated Makefiles don't change. diff --git usr.sbin/bind/configure usr.sbin/bind/configure index 6e280ad..db02979 100644 --- usr.sbin/bind/configure +++ usr.sbin/bind/configure @@ -4596,6 +4596,8 @@ cat confdefs.h

Re: using -Werror-implicit-function-declaration

usr.sbin, fix nsd/unbound configure carefully checked that config.h and generated Makefiles don't change. need for _XOPEN_VERSION pointed out by guenther@ diff --git usr.sbin/nsd/configure usr.sbin/nsd/configure index d2d28c1..c2a40e8 100644 --- usr.sbin/nsd/configure +++ usr.sbin/nsd/configure

Re: using -Werror-implicit-function-declaration

usr.sbin; enable -Werror-implicit-function-declaration: This has currently no effect on subdirs using Makefile.bsd-wrapper (bind, nginx, nsd, unbound). This is beeing worked on. With a workaround they have been tested and with the previous diffs are clean. diff --git usr.sbin/Makefile.inc

Re: using -Werror-implicit-function-declaration

/sbin: diff --git sbin/Makefile.inc sbin/Makefile.inc index 1b14860..92ca312 100644 --- sbin/Makefile.inc +++ sbin/Makefile.inc @@ -2,3 +2,4 @@ BINDIR?= /sbin LDSTATIC= ${STATIC} +CFLAGS+= -Werror-implicit-function-declaration diff --git sbin/disklabel/editor.c

Re: [patch ping.c] replace malloc memset with calloc

On Tue, Apr 22, 2014 at 03:08:45PM -0400, pe...@petermalone.org wrote: Thanks Florian team. Please review the following diff. tab vs. space, more in sync with ping6 OK? diff --git ping.c ping.c index 6a13a86..29cf84c 100644 --- ping.c +++ ping.c @@ -70,6 +70,7 @@ #include ctype.h #include

Re: [patch ping.c] replace malloc memset with calloc

Please switch it to poll(2) like ping6(8) is doing, there by side stepping the whole issue. On Tue, Apr 22, 2014 at 09:33:50AM +0200, Otto Moerbeek wrote: On Tue, Apr 22, 2014 at 02:57:54AM -0400, pe...@petermalone.org wrote: Sure - I should have spotted that. Still not there. Please use

Re: bgpctl show_attr bad length fix

Commited, thanks On Tue, Mar 18, 2014 at 08:57:40AM +, rivo nurges wrote: Hi! When show_attr reads data length from provided data it reads carbage to alen and fails afterwards. This patch fixes the problem by casting the data to u_char. While at it I noticed data gets assigned twice.

Re: Simple static testcgi.c

On Sat, Mar 01, 2014 at 02:27:44PM -0500, James Turner wrote: So I wanted to test out nginx and slowcgi. I started everything up and hit up localhost/cgi-bin/test-cgi. Whoops forgot to move /bin/sh into the chroot. Try again, shit forgot to chmod 555 test-cgi. heh, been there, done that :)

pflow(4): pflowproto 9

Since we are in -beta you are all starting to test snapshots like crazy, right? Right?! Please do me a favor, if you're using pflow(4) test if your favorite collector works with pflowproto 10. Since the time_t cleanup (rev 1.34 of if_pflow.c) v10 no longer sends insane flows. I know it now works

Re: Important bgpd fix

On Sat, Jan 11, 2014 at 03:07:37PM +, Stuart Henderson wrote: I'm running this on one router without seeing any problems yet, however it does not have any graceful-restart peers so it's not exactly a great test. Has anyone else tried this at all yet? Benno is running it on one of our

Re: tftp-proxy(8) with nat-to

On Fri, Dec 20, 2013 at 01:17:08PM +1000, David Gwynne wrote: im glad you wrote a diff rather than simply complain that nat and tftp doesnt work. the moving parts generally look good to me apart from the struct src_addr and getopt chunks. please use sockaddr_storage instead of sockaddr in

tftp-proxy(8) with nat-to

tftp-proxy(8) doesn't work if there is a nat gateway in the path from the client to the server. I considered changing the location of the tftp server in our network but that's not possibly because of reasons. (6) of RFC 1925 applies... With this tftp-proxy(8) grows another knob (-a) like

Re: pfsync(4) mangles prio in master/slave setup

On Wed, Nov 20, 2013 at 01:38:11PM +0200, Alexey Suslikov wrote: On Wed, Nov 20, 2013 at 1:32 PM, Mike Belopuhov m...@belopuhov.com wrote: could you please add more description to this report since it's very hard to follow and interpret your mail. basically, when setup switches to slave,

Re: bgpd: fib-priority

now with reload working; check RTP_NONE fib-priority = RTP_MAX test reports / comments / OKs? diff --git bgpd.c bgpd.c index 9c48bb3..8ad95fe 100644 --- bgpd.c +++ bgpd.c @@ -43,7 +43,7 @@ int check_child(pid_t, const char *); intsend_filterset(struct imsgbuf *, struct

bgpd: fib-priority

First stab, only lightly tested, reload is *not* working. I need to think a bit more how to handle reloads exactly. Note that if you try to shoot yourself in the foot by specifing another already used priority (e.g. 32), it will not only take of your foot but take the thigh right with it... (at

Re: pflow in rdomain

commited, thanks! On Thu, Oct 31, 2013 at 04:30:51PM +0100, Anders Berggren wrote: We tried to get pflow running in a non-default rdomain, and found this to get it going. Make sense? --- sys/net/if_pflow.c.orig Fri Sep 13 20:58:40 2013 +++ sys/net/if_pflow.cMon Sep 16 13:25:54

INADDR_ANY in pflow(4)

Since no one presented a case why sending from INADDR_ANY is a good thing[tm], make it clear that it won't work. The ifconfig(8) diff generates this output: $ sudo ifconfig pflow0 up $ ifconfig pflow0 pflow0: flags=1UP mtu 1492 priority: 0 pflow: sender: INVALID receiver:

Re: pflow(4) without flowsrc

On Mon, Sep 02, 2013 at 11:11:43AM +0200, Martin Pieuchot wrote: On 31/08/13(Sat) 04:28, Nathanael Rensen wrote: If no flowsrc is specified on a pflow(4) interface then the src address is determined by ip_output(). However prior to calling ip_output() pflow(4) has already calculated the UPD

Re: mg(1): shell-command

On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote: This diff modifies the shell-command-on-region function and gives us shell-command. It makes getting output from other commands into mg really easy. Comments/oks? -lum Index: def.h

<    3   4   5   6   7   8   9   >