sh regs.h conflict persists
This should fix it, but my kernel is still compiling. Index: signal.h === RCS file: /cvs/src/sys/arch/sh/include/signal.h,v retrieving revision 1.4 diff -u -p -r1.4 signal.h --- signal.h13 Apr 2012 18:09:01 - 1.4 +++ signal.h27 Apr 2012 10:25:04 - @@ -40,7 +40,6 @@ typedef int sig_atomic_t; #if __BSD_VISIBLE || __XPG_VISIBLE = 420 -#include sh/reg.h /* * Information pushed on stack when a signal is delivered.
Re: pfctl: fix printing of 'foo/*' anchors
On 2012/04/27 00:51, Lawrence Teo wrote: The diff below fixes pfctl so that it will show the 'authpf/*' anchor as intended: This is extremely useful for relayd/ftp-proxy too. Note that since this diff changes the behavior of pfctl -a 'foo/*' -sr, it will also change the pfload* regression tests since those tests execute this command: pfctl -o none -a 'regress/*' -gvvsr If this diff is correct, I would appreciate some guidance from the developers on how to address the pfload* regression tests. First problem: -a 'regress/*' used to print anchor regress, and now it _only_ prints sub-anchors. Following diff changes it to print the named anchor itself as well as sub-anchors, which is how I would expect recursive printing to work. Index: pfctl.c === RCS file: /cvs/src/sbin/pfctl/pfctl.c,v retrieving revision 1.310 diff -u -p -r1.310 pfctl.c --- pfctl.c 18 Apr 2012 14:42:17 - 1.310 +++ pfctl.c 27 Apr 2012 10:57:12 - @@ -1937,6 +1937,7 @@ main(int argc, char *argv[]) int optimize = PF_OPTIMIZE_BASIC; int level; char anchorname[MAXPATHLEN]; + int anchor_wildcard = 0; char*path; char*lfile = NULL, *sfile = NULL; const char *errstr; @@ -2097,9 +2098,10 @@ main(int argc, char *argv[]) int len = strlen(anchoropt); if (anchoropt[len - 1] == '*') { - if (len = 2 anchoropt[len - 2] == '/') + if (len = 2 anchoropt[len - 2] == '/') { anchoropt[len - 2] = '\0'; - else + anchor_wildcard = 1; + } else anchoropt[len - 1] = '\0'; opts |= PF_OPT_RECURSE; } @@ -2137,6 +2139,10 @@ main(int argc, char *argv[]) pfctl_load_fingerprints(dev, opts); pfctl_show_rules(dev, path, opts, PFCTL_SHOW_RULES, anchorname, 0, 0, shownr); + if (anchor_wildcard) + pfctl_show_rules(dev, path, opts, + PFCTL_SHOW_RULES, anchorname, 0, + anchor_wildcard, shownr); break; case 'l': pfctl_load_fingerprints(dev, opts); If '-s l' and maybe also '-s a' get the same treatment then I think I'll be OK with this going in. Next problem, and this is not directly relating to the above diff to fix printing, but it is highlighted by it: the anchors added by pfload regression tests are never emptied. Running 'make pfload-update' results in the same crap being added to lots of the files it produces. So it seems the -Fr / -Fa flush commands also need teaching how to work recursively and the regress Makefile changing to use this. If I bypass this problem by temporarily adjusting pfload${n}-update to use individual anchor names per rule (rather than '-a regress' I used '-a foo$n') I see that with the above diff an additional summary is printed each time, each rule-printing gets these additional lines: [ Skip steps: i=end d=end r=end f=end p=end sa=end da=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + [ Skip steps: i=0 d=0 r=0 f=0 p=0 sa=0 da=0 sp=0 dp=0 ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] This is slightly ugly but I don't think it's a major problem. also spotted, though I don't know if it's a problem, I don't see a way to remove an anchor once created. But then again, I don't see why you don't end up with hundreds of old ftp-proxy anchors showing up...so not sure what's going on here.
Re: [resend] ipv6 support for tftp
On 19/04/12 2:54 PM, Gleydson Soares wrote: On Tue, Mar 06, 2012 at 09:32:47AM +, Stuart Henderson wrote: On 2011/01/22 19:40, Gleydson Soares wrote: can anyone test this diff? your feedback will be most welcome On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote: hi, - ipv6 support for tftp client. based on an old itojun's diff. weerd@ pointed out this old diff - here's a slightly updated version; only minor tweaks from gsoares@ version: whitespace nits in some lines touched in the diff, and I rewrote the manpage diff. works for me against usr/sbin/tftpd; any comments? Tested against OpenBSD's tftpd and dnsmasq. Working fine for me. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [resend] ipv6 support for tftp
On Fri, Apr 27, 2012 at 12:34:19PM -0400, Brad Smith wrote: Tested against OpenBSD's tftpd and dnsmasq. Working fine for me. here is an updated version of the diff. - setpeer0() and setpeer() were renamed accordingly for clarity and consistency. (requested by henning@) - fix memleak(call freeaddrinfo() to release *res0) - checks against valid server port number - man page tweaked based on points by sthen@ and jmc@ this diff has been OK by sthen@ jmc@ henning@ i will commit it tomorrow if no objections till there. ? 1 ? tftp_ipv6_3.diff Index: main.c === RCS file: /cvs/src/usr.bin/tftp/main.c,v retrieving revision 1.30 diff -u -p -r1.30 main.c --- main.c 27 Oct 2009 23:59:44 - 1.30 +++ main.c 24 Apr 2012 15:39:19 - @@ -68,7 +68,8 @@ void put(int, char **); voidquit(int, char **); voidsetascii(int, char **); voidsetbinary(int, char **); -voidsetpeer(int, char **); +voidsetpeer(char *, char *); +voidparsearg(int, char **); voidsetrexmt(int, char **); voidsettimeout(int, char **); voidsettrace(int, char **); @@ -86,9 +87,8 @@ static __dead void command(void); struct cmd *getcmd(char *); char *tail(char *); -struct sockaddr_in peeraddr; +struct sockaddr_storage peeraddr; int f; -short port; int trace; int verbose; int connected; @@ -98,7 +98,6 @@ intmargc; char *margv[MAXARGV+1]; char *prompt = tftp; voidintr(int); -struct servent *sp; int rexmtval = TIMEOUT; int maxtimeout = 5 * TIMEOUT; charhostname[MAXHOSTNAMELEN]; @@ -134,7 +133,7 @@ struct cmd { }; struct cmd cmdtab[] = { - { connect,chelp, setpeer }, + { connect,chelp, parsearg }, { mode, mhelp, modecmd }, { put,shelp, put }, { get,rhelp, get }, @@ -170,26 +169,14 @@ structmodes { int main(int argc, char *argv[]) { - struct sockaddr_in s_in; - - /* socket, bind */ - sp = getservbyname(tftp, udp); - if (sp == 0) - errx(1, udp/tftp: unknown service); - f = socket(AF_INET, SOCK_DGRAM, 0); - if (f 0) - err(3, socket); - bzero((char *)s_in, sizeof(s_in)); - s_in.sin_family = AF_INET; - if (bind(f, (struct sockaddr *)s_in, sizeof(s_in)) 0) - err(1, bind); + f = -1; /* set default transfer mode */ strlcpy(mode, netascii, sizeof(mode)); /* set peer if given */ if (argc 1) - setpeer(argc, argv); + parsearg(argc, argv); /* catch SIGINT */ signal(SIGINT, intr); @@ -205,11 +192,73 @@ main(int argc, char *argv[]) } void -setpeer(int argc, char *argv[]) +setpeer(char *host, char *port) { - struct hostent *host; - const char *errstr; + struct addrinfo hints, *res0, *res; + int error; + struct sockaddr_storage ss; + char *cause = unknown; + + if (connected) { + close(f); + f = -1; + } + connected = 0; + + memset(hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + hints.ai_flags = AI_CANONNAME; + if (!port) + port = tftp; + error = getaddrinfo(host, port, hints, res0); + if (error) { + warnx(%s, gai_strerror(error)); + return; + } + + for (res = res0; res; res = res-ai_next) { + if (res-ai_addrlen sizeof(peeraddr)) + continue; + f = socket(res-ai_family, res-ai_socktype, res-ai_protocol); + if (f 0) { + cause = socket; + continue; + } + memset(ss, 0, sizeof(ss)); + ss.ss_family = res-ai_family; + ss.ss_len = res-ai_addrlen; + if (bind(f, (struct sockaddr *)ss, ss.ss_len) 0) { + cause = bind; + close(f); + f = -1; + continue; + } + + break; + } + + if (f 0) + warn(%s, cause); + else { + /* res-ai_addr = sizeof(peeraddr) is guaranteed */ + memcpy(peeraddr, res-ai_addr, res-ai_addrlen); + if (res-ai_canonname) { + (void) strncpy(hostname, res-ai_canonname, +
Invito Omaggio ExpoSanita' 2012
Gentile Operatore, auspicando di farle cosa gradita, in allegato alla presente, le inviamo un piccolo omaggio per una Sua eventuale presenza a EXPOSANITA. Non dimentichi di venirci a trovare allo Stand n. 9. Scarichi e stampi l'invito, al seguente indirizzo www.sanitaliaweb.it/invito_expo.pdf Nel ringraziarla per lattenzione porgiamo i nostri cordiali saluti. La redazione di www.sanitaliaweb.it
Re: pfctl: fix printing of 'foo/*' anchors
On Fri, Apr 27, 2012 at 12:45:01PM +0100, Stuart Henderson wrote: On 2012/04/27 00:51, Lawrence Teo wrote: The diff below fixes pfctl so that it will show the 'authpf/*' anchor as intended: This is extremely useful for relayd/ftp-proxy too. I agree. I bumped into this bug while writing a custom proxy that uses 'foo/*' anchors, so I think the fix will also help future proxies that use these anchors. Note that since this diff changes the behavior of pfctl -a 'foo/*' -sr, it will also change the pfload* regression tests since those tests execute this command: pfctl -o none -a 'regress/*' -gvvsr If this diff is correct, I would appreciate some guidance from the developers on how to address the pfload* regression tests. First problem: -a 'regress/*' used to print anchor regress, and now it _only_ prints sub-anchors. Following diff changes it to print the named anchor itself as well as sub-anchors, which is how I would expect recursive printing to work. Thank you for catching this! I agree that the behavior shown by your revised diff is much closer to what users expect. If '-s l' and maybe also '-s a' get the same treatment then I think I'll be OK with this going in. Here's a revised diff that makes it work with '-s l'. Index: pfctl.c === RCS file: /cvs/src/sbin/pfctl/pfctl.c,v retrieving revision 1.310 diff -u -p pfctl.c --- pfctl.c 18 Apr 2012 14:42:17 - 1.310 +++ pfctl.c 28 Apr 2012 02:18:05 - @@ -864,6 +864,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum p switch (format) { case PFCTL_SHOW_LABELS: if (pr.rule.label[0]) { + INDENT(depth, !(opts PF_OPT_VERBOSE)); printf(%s %llu %llu %llu %llu %llu %llu %llu %llu\n, pr.rule.label, @@ -1937,6 +1938,7 @@ main(int argc, char *argv[]) int optimize = PF_OPTIMIZE_BASIC; int level; char anchorname[MAXPATHLEN]; + int anchor_wildcard = 0; char*path; char*lfile = NULL, *sfile = NULL; const char *errstr; @@ -2097,9 +2099,10 @@ main(int argc, char *argv[]) int len = strlen(anchoropt); if (anchoropt[len - 1] == '*') { - if (len = 2 anchoropt[len - 2] == '/') + if (len = 2 anchoropt[len - 2] == '/') { anchoropt[len - 2] = '\0'; - else + anchor_wildcard = 1; + } else anchoropt[len - 1] = '\0'; opts |= PF_OPT_RECURSE; } @@ -2137,11 +2140,19 @@ main(int argc, char *argv[]) pfctl_load_fingerprints(dev, opts); pfctl_show_rules(dev, path, opts, PFCTL_SHOW_RULES, anchorname, 0, 0, shownr); + if (anchor_wildcard) + pfctl_show_rules(dev, path, opts, + PFCTL_SHOW_RULES, anchorname, 0, + anchor_wildcard, shownr); break; case 'l': pfctl_load_fingerprints(dev, opts); pfctl_show_rules(dev, path, opts, PFCTL_SHOW_LABELS, anchorname, 0, 0, shownr); + if (anchor_wildcard) + pfctl_show_rules(dev, path, opts, + PFCTL_SHOW_LABELS, anchorname, 0, + anchor_wildcard, shownr); break; case 'q': pfctl_show_altq(dev, ifaceopt, opts, I'm not sure what's the best way to handle '-s a' yet, since I think users typically run 'pfctl -s a' to find out everything about their full ruleset instead of specific anchors. Applying a recursive behavior on '-s a' also seems complex. Do you have any thoughts on what a command like pfctl -a 'foo/*' -s a should show? Next problem, and this is not directly relating to the above diff to fix printing, but it is highlighted by it: the anchors added by pfload regression tests are never emptied. Running 'make pfload-update' results in the same crap being added to lots of the files it produces. So it seems the -Fr / -Fa flush commands also need teaching how to work recursively and the regress Makefile changing to use this. If I bypass this problem by temporarily adjusting pfload${n}-update to use individual anchor names per rule (rather than '-a regress' I used '-a foo$n') I see that with the above diff an additional summary is printed each time, each rule-printing gets these additional lines: [ Skip steps: i=end