Re: mg(1): shell-command

2013-05-22 Thread Jasper Lievisse Adriaanse
On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote:
 This diff modifies the shell-command-on-region function and gives us
 shell-command. It makes getting output from other commands into mg
 really easy. Comments/oks?
 
 -lum

It seems Emacs doesn't split the window if the output from the command is only
a single line (like 'date'), which is behaviour I quite like if you want to
check something small.

 Index: def.h
 ===
 RCS file: /cvs/src/usr.bin/mg/def.h,v
 retrieving revision 1.135
 diff -u -p -r1.135 def.h
 --- def.h 25 Mar 2013 11:41:44 -  1.135
 +++ def.h 21 May 2013 19:46:38 -
 @@ -592,6 +592,7 @@ intregion_get_data(struct region *, c
  void  region_put_data(const char *, int);
  int   markbuffer(int, int);
  int   piperegion(int, int);
 +int   shellcommand(int, int);
  int   pipeio(const char * const, char * const[], char * const, int,
struct buffer *);
  
 Index: funmap.c
 ===
 RCS file: /cvs/src/usr.bin/mg/funmap.c,v
 retrieving revision 1.45
 diff -u -p -r1.45 funmap.c
 --- funmap.c  27 Dec 2012 18:51:52 -  1.45
 +++ funmap.c  21 May 2013 19:46:38 -
 @@ -179,6 +179,7 @@ static struct funmap functnames[] = {
   {setfillcol, set-fill-column,},
   {setmark, set-mark-command,},
   {setprefix, set-prefix-string,},
 + {shellcommand, shell-command,},
   {piperegion, shell-command-on-region,},
   {shrinkwind, shrink-window,},
  #ifdef NOTAB
 Index: keymap.c
 ===
 RCS file: /cvs/src/usr.bin/mg/keymap.c,v
 retrieving revision 1.50
 diff -u -p -r1.50 keymap.c
 --- keymap.c  7 Jun 2012 15:15:04 -   1.50
 +++ keymap.c  21 May 2013 19:46:38 -
 @@ -217,8 +217,9 @@ static PF metacV[] = {
   pagenext/* ^V */
  };
  
 -static PF metasp[] = {
 - justone /* space */
 +static PF metaspex[] = {
 + justone,/* space */
 + shellcommand/* ! */
  };
  
  static PF metapct[] = {
 @@ -317,7 +318,7 @@ struct KEYMAPE (8 + IMAPEXT) metamap = {
   CCHR('V'), CCHR('V'), metacV, NULL
   },
   {
 - ' ', ' ', metasp, NULL
 + ' ', '!', metaspex, NULL
   },
   {
   '%', '%', metapct, NULL
 Index: mg.1
 ===
 RCS file: /cvs/src/usr.bin/mg/mg.1,v
 retrieving revision 1.75
 diff -u -p -r1.75 mg.1
 --- mg.1  28 Dec 2012 16:12:50 -  1.75
 +++ mg.1  21 May 2013 19:46:38 -
 @@ -268,6 +268,8 @@ suspend-emacs
  scroll-other-window
  .It M-SPC
  just-one-space
 +.It M-!
 +shell-command
  .It M-.
  find-tag
  .It M-*
 @@ -835,6 +837,8 @@ Used by auto-fill-mode.
  Sets the mark in the current window to the current dot location.
  .It set-prefix-string
  Sets the prefix string to be used by the 'prefix-region' command.
 +.It shell-command
 +Execute external command from mini-buffer.
  .It shell-command-on-region
  Provide the text in region to the shell command as input.
  .It shrink-window
 Index: region.c
 ===
 RCS file: /cvs/src/usr.bin/mg/region.c,v
 retrieving revision 1.32
 diff -u -p -r1.32 region.c
 --- region.c  27 Dec 2012 18:49:59 -  1.32
 +++ region.c  21 May 2013 19:46:38 -
 @@ -28,6 +28,7 @@ static  int iomux(int, char * const, int,
  static   int preadin(int, struct buffer *);
  static   voidpwriteout(int, char **, int *);
  static   int setsize(struct region *, RSIZE);
 +static   int shellcmdoutput(char * const[], char * const, int);
  
  /*
   * Kill the region.  Ask getregion to figure out the bounds of the region.
 @@ -406,9 +407,8 @@ int
  piperegion(int f, int n)
  {
   struct region region;
 - struct buffer *bp;
 - int len, ret;
 - char *cmd, cmdbuf[NFILEN], *shellp, *text;
 + int len;
 + char *cmd, cmdbuf[NFILEN], *text;
   char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
  
   /* C-u M-| is not supported yet */
 @@ -436,6 +436,51 @@ piperegion(int f, int n)
   return (FALSE);
   }
  
 + region_get_data(region, text, len);
 +
 + return shellcmdoutput(argv, text, len);
 +}
 +
 +/*
 + * Get command from mini-buffer and execute externally.
 + */
 +/*ARGSUSED */
 +int
 +shellcommand(int f, int n)
 +{
 +
 + int len;
 + char *cmd, cmdbuf[NFILEN], *text;
 + char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
 +
 + if (n  1)
 + return (ABORT);
 +
 + if ((cmd = eread(Shell command: , cmdbuf, sizeof(cmdbuf),
 + EFNEW | EFCR)) == NULL || (cmd[0] == '\0'))
 + return (ABORT);
 +
 + 

Re: mg(1): shell-command

2013-05-22 Thread Jasper Lievisse Adriaanse
On Wed, May 22, 2013 at 07:42:42AM +, Mark Lumsden wrote:
 To make the shell-command-on-region and this command behave
 like that requires another diff.
 
 mark
I'm fine with this diff going in first and polishing it intree, it works fine
for commands with  1 line of output.
 
 On Wed, May 22, 2013 at 09:32:45AM +0200, Jasper Lievisse Adriaanse wrote:
  On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote:
   This diff modifies the shell-command-on-region function and gives us
   shell-command. It makes getting output from other commands into mg
   really easy. Comments/oks?
   
   -lum
  
  It seems Emacs doesn't split the window if the output from the command is 
  only
  a single line (like 'date'), which is behaviour I quite like if you want to
  check something small.
  
   Index: def.h
   ===
   RCS file: /cvs/src/usr.bin/mg/def.h,v
   retrieving revision 1.135
   diff -u -p -r1.135 def.h
   --- def.h 25 Mar 2013 11:41:44 -  1.135
   +++ def.h 21 May 2013 19:46:38 -
   @@ -592,6 +592,7 @@ intregion_get_data(struct region *, c
void  region_put_data(const char *, int);
int   markbuffer(int, int);
int   piperegion(int, int);
   +int   shellcommand(int, int);
int   pipeio(const char * const, char * const[], char * 
   const, int,
  struct buffer *);

   Index: funmap.c
   ===
   RCS file: /cvs/src/usr.bin/mg/funmap.c,v
   retrieving revision 1.45
   diff -u -p -r1.45 funmap.c
   --- funmap.c  27 Dec 2012 18:51:52 -  1.45
   +++ funmap.c  21 May 2013 19:46:38 -
   @@ -179,6 +179,7 @@ static struct funmap functnames[] = {
 {setfillcol, set-fill-column,},
 {setmark, set-mark-command,},
 {setprefix, set-prefix-string,},
   + {shellcommand, shell-command,},
 {piperegion, shell-command-on-region,},
 {shrinkwind, shrink-window,},
#ifdef NOTAB
   Index: keymap.c
   ===
   RCS file: /cvs/src/usr.bin/mg/keymap.c,v
   retrieving revision 1.50
   diff -u -p -r1.50 keymap.c
   --- keymap.c  7 Jun 2012 15:15:04 -   1.50
   +++ keymap.c  21 May 2013 19:46:38 -
   @@ -217,8 +217,9 @@ static PF metacV[] = {
 pagenext/* ^V */
};

   -static PF metasp[] = {
   - justone /* space */
   +static PF metaspex[] = {
   + justone,/* space */
   + shellcommand/* ! */
};

static PF metapct[] = {
   @@ -317,7 +318,7 @@ struct KEYMAPE (8 + IMAPEXT) metamap = {
 CCHR('V'), CCHR('V'), metacV, NULL
 },
 {
   - ' ', ' ', metasp, NULL
   + ' ', '!', metaspex, NULL
 },
 {
 '%', '%', metapct, NULL
   Index: mg.1
   ===
   RCS file: /cvs/src/usr.bin/mg/mg.1,v
   retrieving revision 1.75
   diff -u -p -r1.75 mg.1
   --- mg.1  28 Dec 2012 16:12:50 -  1.75
   +++ mg.1  21 May 2013 19:46:38 -
   @@ -268,6 +268,8 @@ suspend-emacs
scroll-other-window
.It M-SPC
just-one-space
   +.It M-!
   +shell-command
.It M-.
find-tag
.It M-*
   @@ -835,6 +837,8 @@ Used by auto-fill-mode.
Sets the mark in the current window to the current dot location.
.It set-prefix-string
Sets the prefix string to be used by the 'prefix-region' command.
   +.It shell-command
   +Execute external command from mini-buffer.
.It shell-command-on-region
Provide the text in region to the shell command as input.
.It shrink-window
   Index: region.c
   ===
   RCS file: /cvs/src/usr.bin/mg/region.c,v
   retrieving revision 1.32
   diff -u -p -r1.32 region.c
   --- region.c  27 Dec 2012 18:49:59 -  1.32
   +++ region.c  21 May 2013 19:46:38 -
   @@ -28,6 +28,7 @@ static  int iomux(int, char * const, int,
static   int preadin(int, struct buffer *);
static   voidpwriteout(int, char **, int *);
static   int setsize(struct region *, RSIZE);
   +static   int shellcmdoutput(char * const[], char * const, int);

/*
 * Kill the region.  Ask getregion to figure out the bounds of the 
   region.
   @@ -406,9 +407,8 @@ int
piperegion(int f, int n)
{
 struct region region;
   - struct buffer *bp;
   - int len, ret;
   - char *cmd, cmdbuf[NFILEN], *shellp, *text;
   + int len;
   + char *cmd, cmdbuf[NFILEN], *text;
 char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};

 /* C-u M-| is not supported yet */
   @@ -436,6 +436,51 @@ piperegion(int f, int n)
 return (FALSE);
 }

   + region_get_data(region, text, len);
   +
   + 

Re: mg(1): shell-command

2013-05-22 Thread Mark Lumsden
To make the shell-command-on-region and this command behave
like that requires another diff.

mark

On Wed, May 22, 2013 at 09:32:45AM +0200, Jasper Lievisse Adriaanse wrote:
 On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote:
  This diff modifies the shell-command-on-region function and gives us
  shell-command. It makes getting output from other commands into mg
  really easy. Comments/oks?
  
  -lum
 
 It seems Emacs doesn't split the window if the output from the command is only
 a single line (like 'date'), which is behaviour I quite like if you want to
 check something small.
 
  Index: def.h
  ===
  RCS file: /cvs/src/usr.bin/mg/def.h,v
  retrieving revision 1.135
  diff -u -p -r1.135 def.h
  --- def.h   25 Mar 2013 11:41:44 -  1.135
  +++ def.h   21 May 2013 19:46:38 -
  @@ -592,6 +592,7 @@ int  region_get_data(struct region *, c
   voidregion_put_data(const char *, int);
   int markbuffer(int, int);
   int piperegion(int, int);
  +int shellcommand(int, int);
   int pipeio(const char * const, char * const[], char * 
  const, int,
   struct buffer *);
   
  Index: funmap.c
  ===
  RCS file: /cvs/src/usr.bin/mg/funmap.c,v
  retrieving revision 1.45
  diff -u -p -r1.45 funmap.c
  --- funmap.c27 Dec 2012 18:51:52 -  1.45
  +++ funmap.c21 May 2013 19:46:38 -
  @@ -179,6 +179,7 @@ static struct funmap functnames[] = {
  {setfillcol, set-fill-column,},
  {setmark, set-mark-command,},
  {setprefix, set-prefix-string,},
  +   {shellcommand, shell-command,},
  {piperegion, shell-command-on-region,},
  {shrinkwind, shrink-window,},
   #ifdef NOTAB
  Index: keymap.c
  ===
  RCS file: /cvs/src/usr.bin/mg/keymap.c,v
  retrieving revision 1.50
  diff -u -p -r1.50 keymap.c
  --- keymap.c7 Jun 2012 15:15:04 -   1.50
  +++ keymap.c21 May 2013 19:46:38 -
  @@ -217,8 +217,9 @@ static PF metacV[] = {
  pagenext/* ^V */
   };
   
  -static PF metasp[] = {
  -   justone /* space */
  +static PF metaspex[] = {
  +   justone,/* space */
  +   shellcommand/* ! */
   };
   
   static PF metapct[] = {
  @@ -317,7 +318,7 @@ struct KEYMAPE (8 + IMAPEXT) metamap = {
  CCHR('V'), CCHR('V'), metacV, NULL
  },
  {
  -   ' ', ' ', metasp, NULL
  +   ' ', '!', metaspex, NULL
  },
  {
  '%', '%', metapct, NULL
  Index: mg.1
  ===
  RCS file: /cvs/src/usr.bin/mg/mg.1,v
  retrieving revision 1.75
  diff -u -p -r1.75 mg.1
  --- mg.128 Dec 2012 16:12:50 -  1.75
  +++ mg.121 May 2013 19:46:38 -
  @@ -268,6 +268,8 @@ suspend-emacs
   scroll-other-window
   .It M-SPC
   just-one-space
  +.It M-!
  +shell-command
   .It M-.
   find-tag
   .It M-*
  @@ -835,6 +837,8 @@ Used by auto-fill-mode.
   Sets the mark in the current window to the current dot location.
   .It set-prefix-string
   Sets the prefix string to be used by the 'prefix-region' command.
  +.It shell-command
  +Execute external command from mini-buffer.
   .It shell-command-on-region
   Provide the text in region to the shell command as input.
   .It shrink-window
  Index: region.c
  ===
  RCS file: /cvs/src/usr.bin/mg/region.c,v
  retrieving revision 1.32
  diff -u -p -r1.32 region.c
  --- region.c27 Dec 2012 18:49:59 -  1.32
  +++ region.c21 May 2013 19:46:38 -
  @@ -28,6 +28,7 @@ staticint iomux(int, char * const, int,
   static int preadin(int, struct buffer *);
   static voidpwriteout(int, char **, int *);
   static int setsize(struct region *, RSIZE);
  +static int shellcmdoutput(char * const[], char * const, int);
   
   /*
* Kill the region.  Ask getregion to figure out the bounds of the 
  region.
  @@ -406,9 +407,8 @@ int
   piperegion(int f, int n)
   {
  struct region region;
  -   struct buffer *bp;
  -   int len, ret;
  -   char *cmd, cmdbuf[NFILEN], *shellp, *text;
  +   int len;
  +   char *cmd, cmdbuf[NFILEN], *text;
  char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
   
  /* C-u M-| is not supported yet */
  @@ -436,6 +436,51 @@ piperegion(int f, int n)
  return (FALSE);
  }
   
  +   region_get_data(region, text, len);
  +
  +   return shellcmdoutput(argv, text, len);
  +}
  +
  +/*
  + * Get command from mini-buffer and execute externally.
  + */
  +/*ARGSUSED */
  +int
  +shellcommand(int f, int n)
  +{
  +
  +   int len;
  +   char 

[PATCH] add filter by host functionality to syslogd

2013-05-22 Thread Gregory Edigarov

Hi,

the following diff adds filter by host function to syslogd like:

+host
*   /var/log/host

or

+host2
mail.*  /var/log/host2.mail

etc.

works for me, with only one limitation: now only for resolvable hosts, i.e one 
cannot have
+192.168.2.1
*   /some/file

With best regards,
Gregory Edigarov

Index: syslogd.c
===
RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.107
diff -u -r1.107 syslogd.c
--- syslogd.c   16 Apr 2013 19:24:55 -  1.107
+++ syslogd.c   22 May 2013 08:31:30 -
@@ -124,6 +124,7 @@
time_t  f_time; /* time this was last written */
u_char  f_pmask[LOG_NFACILITIES+1]; /* priority mask */
char*f_program; /* program this applies to */
+   char*f_host;/* host this applies to */
union {
charf_uname[MAXUNAMES][UT_NAMESIZE+1];
struct {
@@ -249,7 +250,7 @@
 volatile sig_atomic_t WantDie;
 volatile sig_atomic_t DoInit;
 
-struct filed *cfline(char *, char *);

+struct filed *cfline(char *, char *, char *);
 voidcvthname(struct sockaddr_in *, char *, size_t);
 intdecode(const char *, const CODE *);
 void   dodie(int);
@@ -775,6 +776,9 @@
if (f-f_program)
if (strcmp(prog, f-f_program) != 0)
continue;
+   if (f-f_host)
+   if (strcmp(from,f-f_host) != 0)
+   continue;
 
 		if (f-f_type == F_CONSOLE  (flags  IGN_CONS))

continue;
@@ -1187,7 +1191,7 @@
 void
 init(void)
 {
-   char cline[LINE_MAX], prog[NAME_MAX+1], *p;
+   char cline[LINE_MAX], prog[NAME_MAX+1], host[NAME_MAX+1], *p;
struct filed *f, *next, **nextp, *mb, *m;
FILE *cf;
int i;
@@ -1223,6 +1227,10 @@
next = f-f_next;
if (f-f_program)
free(f-f_program);
+
+   if (f-f_host)
+   free(f-f_host);
+
if (f-f_type == F_MEMBUF) {
f-f_next = mb;
f-f_program = NULL;
@@ -1237,8 +1245,8 @@
/* open the configuration file */
if ((cf = priv_open_config()) == NULL) {
dprintf(cannot open %s\n, ConfFile);
-   *nextp = cfline(*.ERR\t/dev/console, *);
-   (*nextp)-f_next = cfline(*.PANIC\t*, *);
+   *nextp = cfline(*.ERR\t/dev/console, *, *);
+   (*nextp)-f_next = cfline(*.PANIC\t*, *, *);
Initialized = 1;
return;
}
@@ -1248,6 +1256,7 @@
 */
f = NULL;
strlcpy(prog, *, sizeof(prog));
+   strlcpy(host, *, sizeof(host));
while (fgets(cline, sizeof(cline), cf) != NULL) {
/*
 * check for end-of-section, comments, strip off trailing
@@ -1274,6 +1283,24 @@
prog[i] = 0;
continue;
}
+   if (*p == '+') {
+   p++;
+   while (isspace(*p))
+   p++;
+   if (!*p || (*p == '*'  (!p[1] || isspace(p[1] {
+   strlcpy(host, *, sizeof(host));
+   continue;
+   }
+   for (i = 0; i  NAME_MAX; i++) {
+   if (!isalnum(p[i])  p[i] != '-'  p[i] != 
'!')
+   break;
+   host[i] = p[i];
+   }
+host[i] = 0;
+continue;
+}
+   
+
p = cline + strlen(cline);
while (p  cline)
if (!isspace(*--p)) {
@@ -1281,7 +1308,7 @@
break;
}
*p = '\0';
-   f = cfline(cline, prog);
+   f = cfline(cline, prog, host);
if (f != NULL) {
*nextp = f;
nextp = f-f_next;
@@ -1390,13 +1417,15 @@
case F_CONSOLE:
case F_PIPE:
if (strcmp(list-f_un.f_fname, f-f_un.f_fname) == 0 
-   progmatches(list-f_program, f-f_program))
+   (progmatches(list-f_program, f-f_program) ||
+progmatches(list-f_host, f-f_host)))
return (list);
break;
case F_MEMBUF:
if (strcmp(list-f_un.f_mb.f_mname,
f-f_un.f_mb.f_mname) == 0 
-   progmatches(list-f_program, f-f_program))
+   (progmatches(list-f_program, 

Re: mg(1): shell-command

2013-05-22 Thread Florian Obser
On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote:
 This diff modifies the shell-command-on-region function and gives us
 shell-command. It makes getting output from other commands into mg
 really easy. Comments/oks?
 
 -lum
 
 Index: def.h
 ===
 RCS file: /cvs/src/usr.bin/mg/def.h,v
 retrieving revision 1.135
 diff -u -p -r1.135 def.h
 --- def.h 25 Mar 2013 11:41:44 -  1.135
 +++ def.h 21 May 2013 19:46:38 -
 @@ -592,6 +592,7 @@ intregion_get_data(struct region *, c
  void  region_put_data(const char *, int);
  int   markbuffer(int, int);
  int   piperegion(int, int);
 +int   shellcommand(int, int);
  int   pipeio(const char * const, char * const[], char * const, int,
struct buffer *);
  
 Index: funmap.c
 ===
 RCS file: /cvs/src/usr.bin/mg/funmap.c,v
 retrieving revision 1.45
 diff -u -p -r1.45 funmap.c
 --- funmap.c  27 Dec 2012 18:51:52 -  1.45
 +++ funmap.c  21 May 2013 19:46:38 -
 @@ -179,6 +179,7 @@ static struct funmap functnames[] = {
   {setfillcol, set-fill-column,},
   {setmark, set-mark-command,},
   {setprefix, set-prefix-string,},
 + {shellcommand, shell-command,},
   {piperegion, shell-command-on-region,},
   {shrinkwind, shrink-window,},
  #ifdef NOTAB
 Index: keymap.c
 ===
 RCS file: /cvs/src/usr.bin/mg/keymap.c,v
 retrieving revision 1.50
 diff -u -p -r1.50 keymap.c
 --- keymap.c  7 Jun 2012 15:15:04 -   1.50
 +++ keymap.c  21 May 2013 19:46:38 -
 @@ -217,8 +217,9 @@ static PF metacV[] = {
   pagenext/* ^V */
  };
  
 -static PF metasp[] = {
 - justone /* space */
 +static PF metaspex[] = {
 + justone,/* space */
 + shellcommand/* ! */
  };
  
  static PF metapct[] = {
 @@ -317,7 +318,7 @@ struct KEYMAPE (8 + IMAPEXT) metamap = {
   CCHR('V'), CCHR('V'), metacV, NULL
   },
   {
 - ' ', ' ', metasp, NULL
 + ' ', '!', metaspex, NULL
   },
   {
   '%', '%', metapct, NULL
 Index: mg.1
 ===
 RCS file: /cvs/src/usr.bin/mg/mg.1,v
 retrieving revision 1.75
 diff -u -p -r1.75 mg.1
 --- mg.1  28 Dec 2012 16:12:50 -  1.75
 +++ mg.1  21 May 2013 19:46:38 -
 @@ -268,6 +268,8 @@ suspend-emacs
  scroll-other-window
  .It M-SPC
  just-one-space
 +.It M-!
 +shell-command
  .It M-.
  find-tag
  .It M-*
 @@ -835,6 +837,8 @@ Used by auto-fill-mode.
  Sets the mark in the current window to the current dot location.
  .It set-prefix-string
  Sets the prefix string to be used by the 'prefix-region' command.
 +.It shell-command
 +Execute external command from mini-buffer.
  .It shell-command-on-region
  Provide the text in region to the shell command as input.
  .It shrink-window
 Index: region.c
 ===
 RCS file: /cvs/src/usr.bin/mg/region.c,v
 retrieving revision 1.32
 diff -u -p -r1.32 region.c
 --- region.c  27 Dec 2012 18:49:59 -  1.32
 +++ region.c  21 May 2013 19:46:38 -
 @@ -28,6 +28,7 @@ static  int iomux(int, char * const, int,
  static   int preadin(int, struct buffer *);
  static   voidpwriteout(int, char **, int *);
  static   int setsize(struct region *, RSIZE);
 +static   int shellcmdoutput(char * const[], char * const, int);
  
  /*
   * Kill the region.  Ask getregion to figure out the bounds of the region.
 @@ -406,9 +407,8 @@ int
  piperegion(int f, int n)
  {
   struct region region;
 - struct buffer *bp;
 - int len, ret;
 - char *cmd, cmdbuf[NFILEN], *shellp, *text;
 + int len;
 + char *cmd, cmdbuf[NFILEN], *text;
   char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
  
   /* C-u M-| is not supported yet */
 @@ -436,6 +436,51 @@ piperegion(int f, int n)
   return (FALSE);
   }
  
 + region_get_data(region, text, len);
 +
 + return shellcmdoutput(argv, text, len);
 +}
 +
 +/*
 + * Get command from mini-buffer and execute externally.
 + */
 +/*ARGSUSED */
 +int
 +shellcommand(int f, int n)
 +{
 +
 + int len;
 + char *cmd, cmdbuf[NFILEN], *text;

you don't need len and *text

 + char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
 +
 + if (n  1)
 + return (ABORT);
 +
 + if ((cmd = eread(Shell command: , cmdbuf, sizeof(cmdbuf),
 + EFNEW | EFCR)) == NULL || (cmd[0] == '\0'))
 + return (ABORT);
 +
 + argv[2] = cmd;
 +

the following is unnecessary...

 + len = strlen(cmd);
 +
 + if ((text = malloc(len + 1)) == NULL) {
 + 

Re: mg(1): shell-command

2013-05-22 Thread Mark Lumsden
I am glad to say, 3 of you are on your toes today. 

I sent the wrong diff, and to be honest I wasn't sure if any
one would notice.

Gold Stars to you all


On Wed, May 22, 2013 at 09:07:56AM +, Florian Obser wrote:
 On Tue, May 21, 2013 at 07:54:31PM +, Mark Lumsden wrote:
  This diff modifies the shell-command-on-region function and gives us
  shell-command. It makes getting output from other commands into mg
  really easy. Comments/oks?
  
  -lum
  
  Index: def.h
  ===
  RCS file: /cvs/src/usr.bin/mg/def.h,v
  retrieving revision 1.135
  diff -u -p -r1.135 def.h
  --- def.h   25 Mar 2013 11:41:44 -  1.135
  +++ def.h   21 May 2013 19:46:38 -
  @@ -592,6 +592,7 @@ int  region_get_data(struct region *, c
   voidregion_put_data(const char *, int);
   int markbuffer(int, int);
   int piperegion(int, int);
  +int shellcommand(int, int);
   int pipeio(const char * const, char * const[], char * 
  const, int,
   struct buffer *);
   
  Index: funmap.c
  ===
  RCS file: /cvs/src/usr.bin/mg/funmap.c,v
  retrieving revision 1.45
  diff -u -p -r1.45 funmap.c
  --- funmap.c27 Dec 2012 18:51:52 -  1.45
  +++ funmap.c21 May 2013 19:46:38 -
  @@ -179,6 +179,7 @@ static struct funmap functnames[] = {
  {setfillcol, set-fill-column,},
  {setmark, set-mark-command,},
  {setprefix, set-prefix-string,},
  +   {shellcommand, shell-command,},
  {piperegion, shell-command-on-region,},
  {shrinkwind, shrink-window,},
   #ifdef NOTAB
  Index: keymap.c
  ===
  RCS file: /cvs/src/usr.bin/mg/keymap.c,v
  retrieving revision 1.50
  diff -u -p -r1.50 keymap.c
  --- keymap.c7 Jun 2012 15:15:04 -   1.50
  +++ keymap.c21 May 2013 19:46:38 -
  @@ -217,8 +217,9 @@ static PF metacV[] = {
  pagenext/* ^V */
   };
   
  -static PF metasp[] = {
  -   justone /* space */
  +static PF metaspex[] = {
  +   justone,/* space */
  +   shellcommand/* ! */
   };
   
   static PF metapct[] = {
  @@ -317,7 +318,7 @@ struct KEYMAPE (8 + IMAPEXT) metamap = {
  CCHR('V'), CCHR('V'), metacV, NULL
  },
  {
  -   ' ', ' ', metasp, NULL
  +   ' ', '!', metaspex, NULL
  },
  {
  '%', '%', metapct, NULL
  Index: mg.1
  ===
  RCS file: /cvs/src/usr.bin/mg/mg.1,v
  retrieving revision 1.75
  diff -u -p -r1.75 mg.1
  --- mg.128 Dec 2012 16:12:50 -  1.75
  +++ mg.121 May 2013 19:46:38 -
  @@ -268,6 +268,8 @@ suspend-emacs
   scroll-other-window
   .It M-SPC
   just-one-space
  +.It M-!
  +shell-command
   .It M-.
   find-tag
   .It M-*
  @@ -835,6 +837,8 @@ Used by auto-fill-mode.
   Sets the mark in the current window to the current dot location.
   .It set-prefix-string
   Sets the prefix string to be used by the 'prefix-region' command.
  +.It shell-command
  +Execute external command from mini-buffer.
   .It shell-command-on-region
   Provide the text in region to the shell command as input.
   .It shrink-window
  Index: region.c
  ===
  RCS file: /cvs/src/usr.bin/mg/region.c,v
  retrieving revision 1.32
  diff -u -p -r1.32 region.c
  --- region.c27 Dec 2012 18:49:59 -  1.32
  +++ region.c21 May 2013 19:46:38 -
  @@ -28,6 +28,7 @@ staticint iomux(int, char * const, int,
   static int preadin(int, struct buffer *);
   static voidpwriteout(int, char **, int *);
   static int setsize(struct region *, RSIZE);
  +static int shellcmdoutput(char * const[], char * const, int);
   
   /*
* Kill the region.  Ask getregion to figure out the bounds of the 
  region.
  @@ -406,9 +407,8 @@ int
   piperegion(int f, int n)
   {
  struct region region;
  -   struct buffer *bp;
  -   int len, ret;
  -   char *cmd, cmdbuf[NFILEN], *shellp, *text;
  +   int len;
  +   char *cmd, cmdbuf[NFILEN], *text;
  char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
   
  /* C-u M-| is not supported yet */
  @@ -436,6 +436,51 @@ piperegion(int f, int n)
  return (FALSE);
  }
   
  +   region_get_data(region, text, len);
  +
  +   return shellcmdoutput(argv, text, len);
  +}
  +
  +/*
  + * Get command from mini-buffer and execute externally.
  + */
  +/*ARGSUSED */
  +int
  +shellcommand(int f, int n)
  +{
  +
  +   int len;
  +   char *cmd, cmdbuf[NFILEN], *text;
 
 you don't need len and *text
 
  +   char *argv[] = {sh, -c, (char *) NULL, (char *) NULL};
  +
  +   if 

Re: Kernel panic with alternative wscons console fonts

2013-05-22 Thread David Coppa
On Tue, 21 May 2013, Miod Vallat wrote:

  While experimenting, I've found that fonts with WSDISPLAY_FONTENC_ISO
  encoding like bold8x16-iso1 or sony8x16 are ok, while fonts with
  WSDISPLAY_FONTENC_IBM (bold8x16, vt220l8x8) cause the kernel panic
  below:
 
 Fixed. Thanks for the report!

Thanks a lot for the fix, Miod.

I'd like to share a nice hack Alexander Polakov did: terminus on
the console!

ciao,
David

Index: ter-u16n.h
===
RCS file: ter-u16n.h
diff -N ter-u16n.h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ ter-u16n.h  22 May 2013 13:21:26 -
@@ -0,0 +1,3456 @@
+static u_char Terminus8x16_data[];
+
+struct wsdisplay_font Terminus8x16= {
+   Terminus, /* typeface name */
+   0, /* index */
+   ' ', /* firstchar */
+   256 - ' ', /* numchars */
+   WSDISPLAY_FONTENC_ISO, /* encoding */
+   8, /* width */
+   16, /* height */
+   1, /* stride */
+   WSDISPLAY_FONTORDER_L2R, /* bit order */
+   WSDISPLAY_FONTORDER_L2R, /* byte order */
+   NULL, /* cookie */
+   Terminus8x16_data /* data */
+   };
+static u_char Terminus8x16_data[] = {
+   /* space */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* exclam */
+   0x0,
+   0x0,
+   0x10,
+   0x10,
+   0x10,
+   0x10,
+   0x10,
+   0x10,
+   0x10,
+   0x0,
+   0x10,
+   0x10,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* quotedbl */
+   0x0,
+   0x24,
+   0x24,
+   0x24,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* numbersign */
+   0x0,
+   0x0,
+   0x24,
+   0x24,
+   0x24,
+   0x7e,
+   0x24,
+   0x24,
+   0x7e,
+   0x24,
+   0x24,
+   0x24,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* dollar */
+   0x0,
+   0x10,
+   0x10,
+   0x7c,
+   0x92,
+   0x90,
+   0x90,
+   0x7c,
+   0x12,
+   0x12,
+   0x92,
+   0x7c,
+   0x10,
+   0x10,
+   0x0,
+   0x0,
+   
+   /* percent */
+   0x0,
+   0x0,
+   0x64,
+   0x94,
+   0x68,
+   0x8,
+   0x10,
+   0x10,
+   0x20,
+   0x2c,
+   0x52,
+   0x4c,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* ampersand */
+   0x0,
+   0x0,
+   0x18,
+   0x24,
+   0x24,
+   0x18,
+   0x30,
+   0x4a,
+   0x44,
+   0x44,
+   0x44,
+   0x3a,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* quotesingle */
+   0x0,
+   0x10,
+   0x10,
+   0x10,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* parenleft */
+   0x0,
+   0x0,
+   0x8,
+   0x10,
+   0x20,
+   0x20,
+   0x20,
+   0x20,
+   0x20,
+   0x20,
+   0x10,
+   0x8,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* parenright */
+   0x0,
+   0x0,
+   0x20,
+   0x10,
+   0x8,
+   0x8,
+   0x8,
+   0x8,
+   0x8,
+   0x8,
+   0x10,
+   0x20,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* asterisk */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x24,
+   0x18,
+   0x7e,
+   0x18,
+   0x24,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* plus */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x10,
+   0x10,
+   0x7c,
+   0x10,
+   0x10,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* comma */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x10,
+   0x10,
+   0x20,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* hyphen */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x7e,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* period */
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   0x10,
+   0x10,
+   0x0,
+   0x0,
+   0x0,
+   0x0,
+   
+   /* slash */
+   0x0,
+   0x0,
+   0x4,
+   0x4,
+   0x8,
+   0x8,
+   0x10,
+   0x10,
+   0x20,
+

options(4) man page: bump BUFCACHEPERCENT

2013-05-22 Thread Lawrence Teo
BUFCACHEPERCENT has been set to 20 by default for a while now, so bump
it in the options(4) man page accordingly.

OK?


Index: options.4
===
RCS file: /cvs/src/share/man/man4/options.4,v
retrieving revision 1.231
diff -u -p -r1.231 options.4
--- options.4   22 Mar 2013 16:40:24 -  1.231
+++ options.4   17 May 2013 15:23:48 -
@@ -278,7 +278,7 @@ for details.
 .Bl -ohang
 .It Cd option BUFCACHEPERCENT= Ns Ar integer
 Percentage of RAM to use as a file system buffer.
-It defaults to 5.
+It defaults to 20.
 .It Cd option EXT2FS_SYSTEM_FLAGS
 This option changes the behavior of the APPEND and IMMUTABLE flags
 for a file on an



Re: options(4) man page: bump BUFCACHEPERCENT

2013-05-22 Thread David Coppa
On Wed, May 22, 2013 at 3:42 PM, Lawrence Teo l...@openbsd.org wrote:
 BUFCACHEPERCENT has been set to 20 by default for a while now, so bump
 it in the options(4) man page accordingly.

 OK?

ok for me.

thanks for catching this.
David

 Index: options.4
 ===
 RCS file: /cvs/src/share/man/man4/options.4,v
 retrieving revision 1.231
 diff -u -p -r1.231 options.4
 --- options.4   22 Mar 2013 16:40:24 -  1.231
 +++ options.4   17 May 2013 15:23:48 -
 @@ -278,7 +278,7 @@ for details.
  .Bl -ohang
  .It Cd option BUFCACHEPERCENT= Ns Ar integer
  Percentage of RAM to use as a file system buffer.
 -It defaults to 5.
 +It defaults to 20.
  .It Cd option EXT2FS_SYSTEM_FLAGS
  This option changes the behavior of the APPEND and IMMUTABLE flags
  for a file on an




Re: [PATCH] add filter by host functionality to syslogd

2013-05-22 Thread Ted Unangst
On Wed, May 22, 2013 at 12:06, Gregory Edigarov wrote:
 
 works for me, with only one limitation: now only for resolvable hosts, i.e
 one cannot have
 +192.168.2.1
 * /some/file

Looking at the diff, I think it's not resolvable hosts, but whatever
hostname the sending machine decides to tell you?

My first thought is that we shouldn't rely on that, and syslogd should
refuse requests entirely from servers it doesn't like. My second
thought is that's what pf is for and spoofing syslog entries is
already pretty easy, so this is fine, but it needs to be documented as
such.

(I didn't look further at the diff to see if it was actually correct.)



Re: brgphy: reset autonegotiation timer when we get the link

2013-05-22 Thread Mike Belopuhov
On Tue, May 21, 2013 at 17:16 +0200, Mike Belopuhov wrote:
 from freebsd. ok?
 

ping!

 diff --git sys/dev/mii/brgphy.c sys/dev/mii/brgphy.c
 index 7f0bae2..461c798 100644
 --- sys/dev/mii/brgphy.c
 +++ sys/dev/mii/brgphy.c
 @@ -412,8 +412,10 @@ setit:
* the BMSR twice in case it's latched.
*/
   reg = PHY_READ(sc, MII_BMSR) | PHY_READ(sc, MII_BMSR);
 - if (reg  BMSR_LINK)
 + if (reg  BMSR_LINK) {
 + sc-mii_ticks = 0;  /* Reset autoneg timer. */
   break;
 + }
  
   /*
* Only retry autonegotiation every mii_anegticks seconds.



Re: brgphy: reset autonegotiation timer when we get the link

2013-05-22 Thread Mark Kettenis
 Date: Wed, 22 May 2013 17:59:19 +0200
 From: Mike Belopuhov m...@belopuhov.com
 
 On Tue, May 21, 2013 at 17:16 +0200, Mike Belopuhov wrote:
  from freebsd. ok?
  
 
 ping!

There are more drivers in the tree that do the same thing.  And then
there lots that have the same bug.  Would be nice if we could fix
those as well.  Anyway,

ok kettenis@

  diff --git sys/dev/mii/brgphy.c sys/dev/mii/brgphy.c
  index 7f0bae2..461c798 100644
  --- sys/dev/mii/brgphy.c
  +++ sys/dev/mii/brgphy.c
  @@ -412,8 +412,10 @@ setit:
   * the BMSR twice in case it's latched.
   */
  reg = PHY_READ(sc, MII_BMSR) | PHY_READ(sc, MII_BMSR);
  -   if (reg  BMSR_LINK)
  +   if (reg  BMSR_LINK) {
  +   sc-mii_ticks = 0;  /* Reset autoneg timer. */
  break;
  +   }
   
  /*
   * Only retry autonegotiation every mii_anegticks seconds.
 
 



Re: brgphy: reset autonegotiation timer when we get the link

2013-05-22 Thread Mike Belopuhov
On Wed, May 22, 2013 at 18:08 +0200, Mark Kettenis wrote:
  Date: Wed, 22 May 2013 17:59:19 +0200
  From: Mike Belopuhov m...@belopuhov.com
  
  On Tue, May 21, 2013 at 17:16 +0200, Mike Belopuhov wrote:
   from freebsd. ok?
   
  
  ping!
 
 There are more drivers in the tree that do the same thing.  And then
 there lots that have the same bug.  Would be nice if we could fix
 those as well.  Anyway,
 
 ok kettenis@
 

fair enough.  it looks like rgephy needs to proceed to mii_phy_status
and mii_phy_update, but returns instead.  i'd like it to get tested.

diff --git sys/dev/mii/brgphy.c sys/dev/mii/brgphy.c
index 7f0bae2..461c798 100644
--- sys/dev/mii/brgphy.c
+++ sys/dev/mii/brgphy.c
@@ -412,8 +412,10 @@ setit:
 * the BMSR twice in case it's latched.
 */
reg = PHY_READ(sc, MII_BMSR) | PHY_READ(sc, MII_BMSR);
-   if (reg  BMSR_LINK)
+   if (reg  BMSR_LINK) {
+   sc-mii_ticks = 0;  /* Reset autoneg timer. */
break;
+   }
 
/*
 * Only retry autonegotiation every mii_anegticks seconds.
diff --git sys/dev/mii/dcphy.c sys/dev/mii/dcphy.c
index d1ad0b4..841fe3f 100644
--- sys/dev/mii/dcphy.c
+++ sys/dev/mii/dcphy.c
@@ -272,8 +272,10 @@ dcphy_service(struct mii_softc *sc, struct mii_data *mii, 
int cmd)
break;
 
reg = CSR_READ_4(dc_sc, DC_10BTSTAT);
-   if (!(reg  DC_TSTAT_LS10) || !(reg  DC_TSTAT_LS100))
+   if (!(reg  DC_TSTAT_LS10) || !(reg  DC_TSTAT_LS100)) {
+   sc-mii_ticks = 0;
break;
+   }
 
/*
 * Only retry autonegotiation every mii_anegticks seconds.
diff --git sys/dev/mii/mlphy.c sys/dev/mii/mlphy.c
index 56858b5..fb5784b 100644
--- sys/dev/mii/mlphy.c
+++ sys/dev/mii/mlphy.c
@@ -306,6 +306,7 @@ mlphy_service(struct mii_softc *sc, struct mii_data *mii, 
int cmd)
msc-ml_linked = 1;
mlphy_status(sc);
}
+   sc-mii_ticks = 0;
break;
}
/*
diff --git sys/dev/mii/rgephy.c sys/dev/mii/rgephy.c
index 2c1ddbb..5fe9dc6 100644
--- sys/dev/mii/rgephy.c
+++ sys/dev/mii/rgephy.c
@@ -251,12 +251,16 @@ setit:
 */
if (sc-mii_rev  2) {
reg = PHY_READ(sc, RL_GMEDIASTAT);
-   if (reg  RL_GMEDIASTAT_LINK)
+   if (reg  RL_GMEDIASTAT_LINK) {
+   sc-mii_ticks = 0;
break;
+   }
} else {
reg = PHY_READ(sc, RGEPHY_SR);
-   if (reg  RGEPHY_SR_LINK)
+   if (reg  RGEPHY_SR_LINK) {
+   sc-mii_ticks = 0;
break;
+   }
}
 
/*
@@ -267,7 +271,7 @@ setit:

sc-mii_ticks = 0;
rgephy_mii_phy_auto(sc);
-   return (0);
+   break;
}
 
/* Update the media status. */
diff --git sys/dev/mii/urlphy.c sys/dev/mii/urlphy.c
index 09df2bd..2e3b475 100644
--- sys/dev/mii/urlphy.c
+++ sys/dev/mii/urlphy.c
@@ -186,8 +186,10 @@ urlphy_service(struct mii_softc *sc, struct mii_data *mii, 
int cmd)
 
/* Read the status register twice; MSR_LINK is latch-low. */
reg = PHY_READ(sc, URLPHY_MSR) | PHY_READ(sc, URLPHY_MSR);
-   if (reg  URLPHY_MSR_LINK)
-   return (0);
+   if (reg  URLPHY_MSR_LINK) {
+   sc-mii_ticks = 0;
+   break;
+   }
 
/*
 * Only retry autonegotiation every mii_anegticks seconds.
diff --git sys/dev/mii/xmphy.c sys/dev/mii/xmphy.c
index 1d3e2ea..e7687e6 100644
--- sys/dev/mii/xmphy.c
+++ sys/dev/mii/xmphy.c
@@ -212,8 +212,10 @@ xmphy_service(struct mii_softc *sc, struct mii_data *mii, 
int cmd)
  * the BMSR twice in case it's latched.
  */
reg = PHY_READ(sc, MII_BMSR) | PHY_READ(sc, MII_BMSR);
-   if (reg  BMSR_LINK)
+   if (reg  BMSR_LINK) {
+   sc-mii_ticks = 0;
break;
+   }
 
/*
 * Only retry autonegotiation every mii_anegticks seconds.
diff --git sys/dev/sbus/be.c sys/dev/sbus/be.c
index 1527ff0..7dc459d 100644
--- sys/dev/sbus/be.c
+++ sys/dev/sbus/be.c
@@ -1531,6 +1531,7 @@ be_intphy_service(struct be_softc *sc, struct mii_data 
*mii, int cmd)
sc-sc_dev.dv_xname,
(bmcr  BMCR_S100) ? 100 : 10);
}
+   

Re: iked(8) and GCM

2013-05-22 Thread Aaron Stellman
On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
 If you make it a couple of paragraphs past the table, there is this
 paragraph, which is rather clear:
 
  Using AES-GMAC or NULL with ESP will only provide authentication.  This
  is useful in setups where AH can not be used, e.g. when NAT is involved.
 
 Maybe a bit of redundancy would help, as this is a fairly important point,
 perhaps if the table were split up:

Actually, I don't believe *-gmac should be listed under ciphers. Even
though it is a mode of AES, it only provides authentication, hence it's
a MAC. Whereas, I believe it's common agreement that, ciphers are
defined as algorithms providing encryption or decryption.



bgpd, partial support for ttl-security with v6

2013-05-22 Thread Stuart Henderson
this sets the outgoing hop limit correctly on v6 sessions so they should
come up when we've configured ttl-security and the other side is checking
ttls. I don't have anything handy to test against but things look good
with tcpdump.

we ought to check incoming packets too, but this at least is a step in
the right direction. ok for now?

Index: bgpd.conf.5
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.124
diff -u -p -r1.124 bgpd.conf.5
--- bgpd.conf.5 2 Jan 2013 15:06:46 -   1.124
+++ bgpd.conf.5 22 May 2013 18:54:05 -
@@ -960,6 +960,10 @@ incoming packets are required to have a 
 ensuring they have not passed through more than the expected number of hops.
 The default is
 .Ic no .
+.Pp
+There is currently only partial support for ttl-security with IPv6;
+the TTL of outgoing packets is set,
+but no check is made for the TTL of incoming packets.
 .El
 .Sh FILTER
 .Xr bgpd 8
Index: session.c
===
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.329
diff -u -p -r1.329 session.c
--- session.c   20 Mar 2013 04:01:42 -  1.329
+++ session.c   22 May 2013 18:54:05 -
@@ -164,6 +164,11 @@ setup_listeners(u_int *la_cnt)
log_warn(setup_listeners setsockopt TTL);
continue;
}
+   if (la-sa.ss_family == AF_INET6  setsockopt(la-fd,
+   IPPROTO_IPV6, IPV6_UNICAST_HOPS, ttl, sizeof(ttl)) == -1) {
+   log_warn(setup_listeners setsockopt hoplimit);
+   continue;
+   }
 
session_socket_blockmode(la-fd, BM_NONBLOCK);
 
@@ -1230,7 +1235,17 @@ session_setup_socket(struct peer *p)
break;
case AID_INET6:
if (p-conf.ebgp) {
-   /* set hoplimit to foreign router's distance */
+   /* set hoplimit to foreign router's distance
+  1=direct n=multihop with ttlsec, we always use 255 */
+   if (p-conf.ttlsec) {
+   /*
+* XXX Kernel has no ip6 equivalent of IP_MINTTL yet so
+* we can't check incoming packets, but we can at least
+* set the outgoing TTL to allow sessions configured
+* with ttl-security to come up.
+*/
+   ttl = 255;
+   }
if (setsockopt(p-fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
ttl, sizeof(ttl)) == -1) {
log_peer_warn(p-conf,



Re: iked(8) and GCM

2013-05-22 Thread Mike Belopuhov
On 22 May 2013 19:57, Aaron Stellman z...@x96.org wrote:
 On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
 If you make it a couple of paragraphs past the table, there is this
 paragraph, which is rather clear:

  Using AES-GMAC or NULL with ESP will only provide authentication.  This
  is useful in setups where AH can not be used, e.g. when NAT is involved.

 Maybe a bit of redundancy would help, as this is a fairly important point,
 perhaps if the table were split up:

 Actually, I don't believe *-gmac should be listed under ciphers. Even
 though it is a mode of AES, it only provides authentication, hence it's
 a MAC. Whereas, I believe it's common agreement that, ciphers are
 defined as algorithms providing encryption or decryption.


it's not a MAC. it's an AEAD, where plaintext length is zero and AAD is not.



route(8) use -inet6 automatically for addresses containing :

2013-05-22 Thread Stuart Henderson
does anyone see a downside to this? if the address family is not
explicitly specified, assume v6 if it looks like it may be an ipv6
address.

allows e.g. route get 2001:200:dff:fff1:216:3eff:feb1:44d7
without needing to specify -inet6.

Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.161
diff -u -p -r1.161 route.c
--- route.c 21 Mar 2013 04:43:17 -  1.161
+++ route.c 22 May 2013 19:43:34 -
@@ -803,7 +803,10 @@ getaddr(int which, char *s, struct hoste
int afamily, bits;
 
if (af == 0) {
-   af = AF_INET;
+   if (strchr(s, ':') != NULL)
+   af = AF_INET6;
+   else
+   af = AF_INET;
aflen = sizeof(struct sockaddr_in);
}
afamily = af;   /* local copy of af so we can change it */



Re: route(8) use -inet6 automatically for addresses containing :

2013-05-22 Thread Stuart Henderson
On 2013/05/22 20:47, Stuart Henderson wrote:
 does anyone see a downside to this? if the address family is not
 explicitly specified, assume v6 if it looks like it may be an ipv6
 address.
 
 allows e.g. route get 2001:200:dff:fff1:216:3eff:feb1:44d7
 without needing to specify -inet6.

oops, as pointed out by jca@, I missed aflen (or rather, saw it and
for some unknown reason thought it didn't matter, I blame my tooth ;)

Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.161
diff -u -p -r1.161 route.c
--- route.c 21 Mar 2013 04:43:17 -  1.161
+++ route.c 22 May 2013 20:15:53 -
@@ -803,8 +803,13 @@ getaddr(int which, char *s, struct hoste
int afamily, bits;
 
if (af == 0) {
-   af = AF_INET;
-   aflen = sizeof(struct sockaddr_in);
+   if (strchr(s, ':') != NULL) {
+   af = AF_INET6;
+   aflen = sizeof(struct sockaddr_in6);
+   } else {
+   af = AF_INET;
+   aflen = sizeof(struct sockaddr_in);
+   }
}
afamily = af;   /* local copy of af so we can change it */
 



[RFC] Patches for the LDP daemon

2013-05-22 Thread Renato Westphal
Hello everybody,

First of all, let me introduce myself. I am Renato Westphal, I work as a
computer engineer in Brazil and I'm a maintainer of the MPLS-Linux project.
A couple of years ago I accidentally found that OpenBSD already had
built-in support for MPLS and, surprisingly, a fully working implementation
of the LDP daemon. I decided to checkout the code and I really liked what I
saw, the code was beautiful and easy to work with. After that, I took the
decision to port that code to Quagga/Linux and, after some time, it worked
out well*. This year I decided to work again on ldpd to fix all the
existing bugs and make the code more robust. Instead of working directly on
my Quagga port, I decided to fix all the existing bugs in the original
implementation and then re-start the port to Quagga/Linux. This way both
projects would benefit from my work.

With that said, the patches below are the first part of my work:
https://github.com/rwestphal/openbsd-ldpd/commits/renato

Summary of the patches:
* Added support for hello adjacencies and targeted hellos (which is half
the way to implement the draft martini L2VPN and VPLS control plane);
* Added support for multiple addresses per interface;
* Major improvements on session convergence time;
* Many bug fixes, code simplification and removal of dead code.

My next priorities:
* Implement the reload configuration (sighup) functionality;
* Review the label mapping algorithms.

I would like to get these patches reviewed and hopefully integrated. Any
comments would be appreciated ;)

Regards,
Renato.

[*] https://github.com/rwestphal/quagga-public/commits/mpls

-- 
Renato Westphal


pf state tracking and tos/dscp

2013-05-22 Thread Adam Gensler
Hi all,

I've been playing with pf for a number of months now and I've come across a 
situation that I'm having trouble finding a solution for. Specifically I'm 
working with the following topology:

Internet --- OpenBSD box --- Cisco router --- other devices

The Cisco router (a small 800 series router) is sitting behind an OpenBSD box 
(version 5.1). This Cisco router has an IPsec tunnel connected to another 
router out on the Internet. So, all the OpenBSD box sees is a bunch of 
encrypted frames (udp port 4500). That's all fine and dandy, that works well, 
no problems there.

However, some of the devices behind the Cisco router are setting the tos/dscp 
bits on their packets. I would like to be able to prioritize those packets in 
pf for altq handling. So, I've created the following rules:

local_nets = { 172.28.1.0/24, 172.28.10.0/24, 172.28.11.0/24 }
work871 = 172.28.1.3
pass in quick inet proto udp from $work871 tos 0xB8 tag VOIP-RTP
pass in quick inet proto udp from $work871 tos 0x60 tag VOIP-SIG
pass in quick inet proto { tcp, udp } from $local_nets

The idea here being that ingress traffic from 172.28.1.3, with the various tos 
values will be tagged with a specific tag. On the egress side I match on that 
tag and then apply it to a queue. That isn't working though.  It seems that PF 
creates a state entry first for the overall ipsec tunnel using the third rule. 
After that state gets established all subsequent packets do not evaluate the 
rules, even if those packets have different tos values. This leaves me to 
believe that pf isn't creating a state entry tuple that contains the tos value.

I've confirmed the TOS bits are being carried through to the IP header of the 
IPSEC packets. Here's a tcpdump of the incoming packets from my LAN interface 
(vr0):

tcpdump: listening on vr0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:37:39.464357 IP (tos 0xc0, ttl 255, id 848, offset 0, flags [none], proto 
UDP (17), length 144)
   172.28.1.3.4500  1.1.1.1.4500: UDP-encap: ESP(spi=0x32284280,seq=0x12e), 
length 116
21:37:39.483350 IP (tos 0xc0, ttl 255, id 1707, offset 0, flags [none], proto 
UDP (17), length 29)
   172.28.1.3.4500  64.102.7.50.4500: isakmp-nat-keep-alive
21:37:42.365389 IP (tos 0x0, ttl 255, id 849, offset 0, flags [none], proto UDP 
(17), length 152)
   172.28.1.3.4500  1.1.1.1.4500: UDP-encap: ESP(spi=0x32284280,seq=0x12f), 
length 124
21:37:45.465724 IP (tos 0xc0, ttl 255, id 850, offset 0, flags [none], proto 
UDP (17), length 144)
   172.28.1.3.4500  1.1.1.1.4500: UDP-encap: ESP(spi=0x32284280,seq=0x130), 
length 116
21:37:47.370081 IP (tos 0x0, ttl 255, id 851, offset 0, flags [none], proto UDP 
(17), length 152)
   172.28.1.3.4500  1.1.1.1.4500: UDP-encap: ESP(spi=0x32284280,seq=0x131), 
length 124
21:37:49.256302 IP (tos 0x60, ttl 255, id 852, offset 0, flags [none], proto 
UDP (17), length 120)
   172.28.1.3.4500  1.1.1.1.4500: UDP-encap: ESP(spi=0x32284280,seq=0x132), 
length 92

From this it's clear that the last packet has tos 0x60 set. However, if I 
look at this particular rule, it doesn't have any matches or state entries:

pass in quick inet proto udp from 172.28.1.3 to any tos 0x60 keep state tag 
VOIP-SIG
 [ Evaluations: 34Packets: 0 Bytes: 0   States: 0 ]
 [ Inserted: uid 0 pid 13666 State Creations: 0 ]

Instead, there's a state entry logged for this traffic under the third rule:

all udp 1.1.1.1:4500 - 172.28.1.3:4500   MULTIPLE:MULTIPLE
  age 00:15:50, expires in 00:00:57, 394:196 pkts, 52356:39176 bytes, rule 37

Based on the above, it seems like the state entries don't include the tos 
information making it impossible to properly classify traffic that is encrypted 
with ipsec. The only way to differentiate various traffic streams contained 
within the tunnel is via tos/dscp. This is fairly common practice in the 
Enterprise routing space. I'd love to be able to do the same thing here.

Am I missing something obvious? I've tested OpenBSD 5.1 and (for what its 
worth) FreeBSD 9.0 and also pfsense 2.1beta1, I see the same behavior on all of 
them.

Thanks in advance,
Adam



Network issue with bridging and IP address after upgrading from 4.5 to 5.3

2013-05-22 Thread Albert Chin
Network diagram:

++
||
|   +--+ | ++
|   |  | | ||
 ---o-- |   ---o-o-o-+  |
|  |x| ||  | |vr0|   |vr1| |vr2| |vr3|   |  |
|  Cisco router||  | (69.67.212.126) |  |
|  (ync)   ||  |   OpenBSD 5.3   |  |
 -- |  |(hisoka) |  |
|   -+  |
 +--+   |
 |  |
 | ++
 | |
 o-o---
|  |#30| |#28| |
|  |
| Cisco switch (dmz)   |
| (sw-dmz) |
 --


Cisco switch (dmz) relevant config:
  set vlan 100  2/1,2/28,2/30
  set port name 2/28 router(ync)
  set port name 2/30 hisoka(internet)
  clear trunk 2/28 1-1005
  set trunk 2/28 off dot1q 1025-4094
  clear trunk 2/30 1-1005
  set trunk 2/30 off dot1q 1025-4094

hisoka# ifconfig vr0
vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:24:c9:28:b8
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 69.67.212.126 netmask 0xffe0 broadcast 69.67.212.127
inet6 fe80::200:24ff:fec9:28b8%vr0 prefixlen 64 scopeid 0x1
hisoka# ifconfig bridge0
bridge0: flags=41UP,RUNNING
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
designated: id 00:00:00:00:00:00 priority 0
vr2 flags=7LEARNING,DISCOVER,BLOCKNONIP
port 3 ifpriority 0 ifcost 0
vr3 flags=7LEARNING,DISCOVER,BLOCKNONIP
port 4 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
00:00:24:c9:28:b8 vr3 1 flags=0
00:d0:b7:11:60:40 vr3 1 flags=0
00:24:c4:87:92:16 vr2 1 flags=0
00:09:12:ce:07:b9 vr3 1 flags=0
00:07:e9:5d:62:f8 vr3 1 flags=0
hisoka# cat /etc/hostname.bridge0
add vr2
add vr3
blocknonip vr2
blocknonip vr3
up
hisoka# cat /etc/pf.conf
ext_if = vr0

# options
set block-policy return
set loginterface $ext_if
set skip on { lo0 }

# rules
pass log all

If I try to ping 69.67.212.126 from the internet, I get (from a Linux
host):
  $ ping 69.67.212.126
  PING 69.67.212.126 (69.67.212.126) from 192.168.144.1 : 56(84) bytes of data.
  64 bytes from hisoka.thewrittenword.com (69.67.212.126): icmp_seq=0 ttl=243 
time=148.3 ms
  From hisoka.thewrittenword.com (69.67.212.126): Time to live exceeded
  From hisoka.thewrittenword.com (69.67.212.126): Time to live exceeded
  ...

Any ideas?

--
albert chin (ch...@thewrittenword.com)