Re: relayd and rdomain/prio defaults

2012-03-06 Thread Gabriel Linder

On 03/05/12 21:10, Erik Lax wrote:

On 3/2/12 5:09 PM, Gabriel Linder wrote:
Since 5.0 rules injected by relayd includes on rdomain 0 and prio 
0, I guess that's not intended ?
I think you're right. And if so, the same problem seem to exist for 
the ftp-proxy (filter.c) as well. I guess this is what happens when 
default values aren't compatible with bzero :)


Indeed :) Anything messing with anchors is probably concerned.

I just saw that my MUA scrambled my previous diff by replacing tabs by 
spaces, here is a proper version 
http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff




Re: [resend] ipv6 support for tftp

2012-03-06 Thread Stuart Henderson
On 2011/01/22 19:40, Gleydson Soares wrote:
 can anyone test this diff? your feedback will be most welcome
 On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote:
  hi,
  
  - ipv6 support for tftp client.
  
  based on an old itojun's diff.

weerd@ pointed out this old diff - here's a slightly updated version;
only minor tweaks from gsoares@ version: whitespace nits in some lines
touched in the diff, and I rewrote the manpage diff.

works for me against usr/sbin/tftpd; any comments?

Index: tftp.1
===
RCS file: /cvs/src/usr.bin/tftp/tftp.1,v
retrieving revision 1.19
diff -u -p -r1.19 tftp.1
--- tftp.1  1 Mar 2012 03:47:19 -   1.19
+++ tftp.1  6 Mar 2012 09:30:31 -
@@ -156,6 +156,10 @@ When using the
 argument, the
 .Ar host
 will be used as the default host for future transfers.
+A
+.Ar host
+specified as a numeric IPv6 address must be wrapped in square brackets:
+.Ar [host]:filename .
 If
 .Ar remotename
 is specified, the file is stored remotely as
Index: main.c
===
RCS file: /cvs/src/usr.bin/tftp/main.c,v
retrieving revision 1.30
diff -u -p -r1.30 main.c
--- main.c  27 Oct 2009 23:59:44 -  1.30
+++ main.c  6 Mar 2012 09:30:31 -
@@ -68,6 +68,7 @@ void   put(int, char **);
 voidquit(int, char **);
 voidsetascii(int, char **);
 voidsetbinary(int, char **);
+voidsetpeer0(char *, char *);
 voidsetpeer(int, char **);
 voidsetrexmt(int, char **);
 voidsettimeout(int, char **);
@@ -86,9 +87,8 @@ static __dead void command(void);
 struct cmd *getcmd(char *);
 char   *tail(char *);
 
-struct sockaddr_in  peeraddr;
+struct sockaddr_storage peeraddr;
 int f;
-short   port;
 int trace;
 int verbose;
 int connected;
@@ -98,7 +98,6 @@ intmargc;
 char   *margv[MAXARGV+1];
 char   *prompt = tftp;
 voidintr(int);
-struct servent *sp;
 int rexmtval = TIMEOUT;
 int maxtimeout = 5 * TIMEOUT;
 charhostname[MAXHOSTNAMELEN];
@@ -170,19 +169,7 @@ struct modes {
 int
 main(int argc, char *argv[])
 {
-   struct sockaddr_in  s_in;
-
-   /* socket, bind */
-   sp = getservbyname(tftp, udp);
-   if (sp == 0)
-   errx(1, udp/tftp: unknown service);
-   f = socket(AF_INET, SOCK_DGRAM, 0);
-   if (f  0)
-   err(3, socket);
-   bzero((char *)s_in, sizeof(s_in));
-   s_in.sin_family = AF_INET;
-   if (bind(f, (struct sockaddr *)s_in, sizeof(s_in))  0)
-   err(1, bind);
+   f = -1;
 
/* set default transfer mode */
strlcpy(mode, netascii, sizeof(mode));
@@ -205,11 +192,69 @@ main(int argc, char *argv[])
 }
 
 void
-setpeer(int argc, char *argv[])
+setpeer0(char *host, char *port)
 {
-   struct hostent  *host;
-   const char  *errstr;
+   struct addrinfo hints, *res0, *res;
+   int error;
+   struct sockaddr_storage ss;
+   char *cause = unknown;
+
+   if (connected) {
+   close(f);
+   f = -1;
+   connected = 0;
+   }
+
+   memset(hints, 0, sizeof(hints));
+   hints.ai_family = PF_UNSPEC;
+   hints.ai_socktype = SOCK_DGRAM;
+   hints.ai_protocol = IPPROTO_UDP;
+   hints.ai_flags = AI_CANONNAME;
+   if (!port)
+   port = tftp;
+   error = getaddrinfo(host, port, hints, res0);
+   if (error) {
+   warnx(%s, gai_strerror(error));
+   return;
+   }
+
+   for (res = res0; res; res = res-ai_next) {
+   f = socket(res-ai_family, res-ai_socktype, res-ai_protocol);
+   if (f  0) {
+   cause = socket;
+   continue;
+   }
+
+   memset(ss, 0, sizeof(ss));
+   ss.ss_family = res-ai_family;
+   ss.ss_len = res-ai_addrlen;
+   if (bind(f, (struct sockaddr *)ss, ss.ss_len)  0) {
+   cause = bind;
+   close(f);
+   f = -1;
+   continue;
+   }
+
+   break;
+   }
+
+   if (f  0)
+   warn(%s, cause);
+   else {
+   memcpy(peeraddr, res-ai_addr, res-ai_addrlen);
+   if (res-ai_canonname) {
+   (void) strncpy(hostname, res-ai_canonname,
+   sizeof(hostname));
+   } else
+   (void) strncpy(hostname, host, sizeof(hostname));
+   

Re: relayd and rdomain/prio defaults

2012-03-06 Thread Henning Brauer
just to confirm, I've seen this, this is a problem and we're
discussing how to fix the offenders (it's not just relayd)

* Gabriel Linder lin...@jeuxvideo.com [2012-03-02 18:26]:
 Since 5.0 rules injected by relayd includes on rdomain 0 and prio
 0, I guess that's not intended ?
 
 Index: pfe_filter.c
 ===
 RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v
 retrieving revision 1.47
 diff -u -r1.47 pfe_filter.c
 --- pfe_filter.c19 May 2011 08:56:49 -1.47
 +++ pfe_filter.c2 Mar 2012 16:06:30 -
 @@ -439,6 +442,8 @@
  rio.rule.dst.port[0] = address-port.val[0];
  rio.rule.dst.port[1] = address-port.val[1];
  rio.rule.rtableid = -1; /* stay in the main routing table */
 +rio.rule.onrdomain = -1;
 +rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET;
 
  if (rio.rule.proto == IPPROTO_TCP)
  rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
 

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/



Re: relayd and rdomain/prio defaults

2012-03-06 Thread Stuart Henderson
On 2012/03/06 10:20, Gabriel Linder wrote:
 On 03/05/12 21:10, Erik Lax wrote:
 On 3/2/12 5:09 PM, Gabriel Linder wrote:
 Since 5.0 rules injected by relayd includes on rdomain 0 and
 prio 0, I guess that's not intended ?
 I think you're right. And if so, the same problem seem to exist for
 the ftp-proxy (filter.c) as well. I guess this is what happens when
 default values aren't compatible with bzero :)
 
 Indeed :) Anything messing with anchors is probably concerned.
 
 I just saw that my MUA scrambled my previous diff by replacing tabs
 by spaces, here is a proper version
 http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff
 

Seems OK to me but somebody who uses multiple rtables needs to check it
(and also for ftp-proxy where a similar diff is needed and it has some
multiple rtable support already).

Here it is for tftp-proxy which is single rtable. OK?

Index: filter.c
===
RCS file: /cvs/src/libexec/tftp-proxy/filter.c,v
retrieving revision 1.10
diff -u -p -r1.10 filter.c
--- filter.c22 Jun 2011 08:40:14 -  1.10
+++ filter.c6 Mar 2012 09:55:29 -
@@ -214,6 +214,9 @@ prepare_rule(u_int32_t id, struct sockad
}
pfr.rule.dst.port_op = PF_OP_EQ;
pfr.rule.dst.port[0] = htons(d_port);
+   pfr.rule.rtableid = -1;
+   pfr.rule.onrdomain = -1;
+   pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET;
pfr.rule.action = PF_PASS;
pfr.rule.quick = 1;
pfr.rule.log = rule_log;



ftp-proxy: use correct incoming rdomain

2012-03-06 Thread Mike Belopuhov
ftp-proxy has all the code to support on rdomain feature
in place, just not used.  the change below uses an rdomain
obtained via the SO_RTABLE socket option of the accepted
socket.  OK?

Index: filter.c
===
RCS file: /home/cvs/src/usr.sbin/ftp-proxy/filter.c,v
retrieving revision 1.16
diff -u -p -u -p -r1.16 filter.c
--- filter.c22 Jun 2011 08:44:02 -  1.16
+++ filter.c6 Mar 2012 12:21:57 -
@@ -83,7 +83,7 @@ add_nat(u_int32_t id, struct sockaddr *s
return (-1);
 
pfr.rule.direction = PF_OUT;
-   /* XXX limit the source routing domain */
+   pfr.rule.onrdomain = s_rd;
pfr.rule.rtableid = -1;
pfr.rule.nat.proxy_port[0] = nat_range_low;
pfr.rule.nat.proxy_port[1] = nat_range_high;
@@ -110,7 +110,7 @@ add_rdr(u_int32_t id, struct sockaddr *s
return (-1);
 
pfr.rule.direction = PF_IN;
-   /* XXX limit the source routing domain */
+   pfr.rule.onrdomain = s_rd;
pfr.rule.rtableid = d_rd;
pfr.rule.rdr.proxy_port[0] = rdr_port;
if (ioctl(dev, DIOCADDRULE, pfr) == -1)
@@ -207,6 +207,7 @@ prepare_rule(u_int32_t id, struct sockad
pfr.rule.dst.addr.type = PF_ADDR_ADDRMASK;
pfr.rule.nat.addr.type = PF_ADDR_NONE;
pfr.rule.rdr.addr.type = PF_ADDR_NONE;
+   pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET;
 
if (src-sa_family == AF_INET) {
memcpy(pfr.rule.src.addr.v.a.addr.v4,



Re: ftp-proxy: use correct incoming rdomain

2012-03-06 Thread Claudio Jeker
On Tue, Mar 06, 2012 at 01:28:43PM +0100, Mike Belopuhov wrote:
 ftp-proxy has all the code to support on rdomain feature
 in place, just not used.  the change below uses an rdomain
 obtained via the SO_RTABLE socket option of the accepted
 socket.  OK?

Looks good to me.
 
 Index: filter.c
 ===
 RCS file: /home/cvs/src/usr.sbin/ftp-proxy/filter.c,v
 retrieving revision 1.16
 diff -u -p -u -p -r1.16 filter.c
 --- filter.c  22 Jun 2011 08:44:02 -  1.16
 +++ filter.c  6 Mar 2012 12:21:57 -
 @@ -83,7 +83,7 @@ add_nat(u_int32_t id, struct sockaddr *s
   return (-1);
  
   pfr.rule.direction = PF_OUT;
 - /* XXX limit the source routing domain */
 + pfr.rule.onrdomain = s_rd;
   pfr.rule.rtableid = -1;
   pfr.rule.nat.proxy_port[0] = nat_range_low;
   pfr.rule.nat.proxy_port[1] = nat_range_high;
 @@ -110,7 +110,7 @@ add_rdr(u_int32_t id, struct sockaddr *s
   return (-1);
  
   pfr.rule.direction = PF_IN;
 - /* XXX limit the source routing domain */
 + pfr.rule.onrdomain = s_rd;
   pfr.rule.rtableid = d_rd;
   pfr.rule.rdr.proxy_port[0] = rdr_port;
   if (ioctl(dev, DIOCADDRULE, pfr) == -1)
 @@ -207,6 +207,7 @@ prepare_rule(u_int32_t id, struct sockad
   pfr.rule.dst.addr.type = PF_ADDR_ADDRMASK;
   pfr.rule.nat.addr.type = PF_ADDR_NONE;
   pfr.rule.rdr.addr.type = PF_ADDR_NONE;
 + pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET;
  
   if (src-sa_family == AF_INET) {
   memcpy(pfr.rule.src.addr.v.a.addr.v4,
 

-- 
:wq Claudio



pkg_add/pkg_delete: include PID in syslog messages

2012-03-06 Thread Lawrence Teo
This simple diff makes pkg_add and pkg_delete include their PID when
logging to syslog. This is useful when trying to determine whether
several packages were added (or removed) by the same pkg_add (or
pkg_delete) process.

Here is some sample output:

Mar  3 22:15:17 obsd-amd64 pkg_add[3530]: Added nano-2.2.6 
Mar  3 22:15:26 obsd-amd64 pkg_delete[21136]: Removed nano-2.2.6 
Mar  3 22:16:51 obsd-amd64 pkg_add[30666]: Added redland-1.0.8p1 
Mar  3 22:16:54 obsd-amd64 pkg_add[30666]: Added mozilla-dicts-en-GB-1.3 
Mar  3 22:16:56 obsd-amd64 pkg_add[30666]: Added hunspell-1.2.12 
Mar  3 22:23:22 obsd-amd64 pkg_add[30666]: Added libreoffice-3.4.5.2v0 
Mar  3 23:33:23 obsd-amd64 pkg_add[5948]: Added kdiff3-0.9.96p1 

Comments?

Thanks,
Lawrence

Index: AddDelete.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/AddDelete.pm,v
retrieving revision 1.53
diff -u -p -r1.53 AddDelete.pm
--- AddDelete.pm9 Oct 2011 16:43:50 -   1.53
+++ AddDelete.pm4 Mar 2012 04:37:04 -
@@ -185,7 +185,7 @@ sub handle_options
$state-{loglevel} //= $state-config-value(loglevel) // 1;
if ($state-{loglevel}) {
require Sys::Syslog;
-   Sys::Syslog::openlog($state-{cmd}, nofatal);
+   Sys::Syslog::openlog($state-{cmd}, nofatal,pid);
}
 }