Re: [patch] Add error check for fchmod in ldconfig.c

[Scott Cheloha]

On Thu, Jun 07, 2018 at 03:31:16PM +0800, Nan Xiao wrote:
> Hi tech@,
> 
> Maybe a error check of fchmod is necessary. [...]

In that spot I think the only way fchmod can fail is with EIO.

But, for sake of discussion, suppose it fails with EIO and then all
the subsequent writes succeed and the EIO, for whatever reason, was
spurious or somehow not indicative of deeper instability, and the
system remains up and stable afterward: I think there are then two
problems with proceeding after fchmod fails.

One, installing ld.so.hints when it's writable by root sounds like
a bad idea.  I'm not sure it matters in practice as root can open a
read-only file with write privileges anyway, but in principle the hints
file should be read-only for everyone.

Two, installing ld.so.hints when it isn't readable by the rest of the
system sort of defeats the purpose of ld.so.hints: speeding up shared
library lookup for everyone.

Unless this is the very first run of ldconfig, there will be a legible
and useful hints file in-place already... which we'd then overwrite
with one only readable by root processes.

Ideally, most processes are not root processes, so this potentially adds
some overhead for all such processes without LD_LIBRARY_PATH set, which
would not be ideal.

--

This patch is ok cheloha@ and I can commit this if someone else is ok with
it, but I'd really like to hear from someone with more familiarity with
the run-time linking process: is my analysis here off-base?

--
Scott Cheloha

> Index: ldconfig.c
> ===
> RCS file: /cvs/src/libexec/ld.so/ldconfig/ldconfig.c,v
> retrieving revision 1.37
> diff -u -p -r1.37 ldconfig.c
> --- ldconfig.c26 Apr 2018 12:42:50 -  1.37
> +++ ldconfig.c7 Jun 2018 07:04:45 -
> @@ -386,7 +386,11 @@ buildhints(void)
>   warn("%s", tmpfilenam);
>   goto out;
>   }
> - fchmod(fd, 0444);
> +
> + if (fchmod(fd, 0444) == -1) {
> + warn("%s", tmpfilenam);
> + goto out;
> + }
> 
>   if (write(fd, , sizeof(struct hints_header)) !=
>   sizeof(struct hints_header)) {
> 
> -- 
> Best Regards
> Nan Xiao
> 

mg(1): add missing cscope function keybind

[hajime]

It seems to me that keymap.c need to change 'rescan' to 'csfuncalled' in
'static PF cCsc[] = { ... }'.
The reason why I have an impression is that doesn't match between cscope.c,
keymap.c and mg.1.

As you can see as below, cscope.c's comment contains 'C-c s l' keybind.

$ cd /src/usr.bin/mg
$ grep -A 3 -B 5 csfuncalled cscope.c
/*
 * Find functions called by this function. Bound to C-c s l
 */
/* ARGSUSED */
int
csfuncalled(int f, int n)
{
return (do_cscope(CSCALLEDFUNCS));
}
$

But, keymap.c and mg.1 do not have 'C-c s l' keybind.

$ grep -A 19 'static PF cCsc' keymap.c
static PF cCsc[] = {
cscallerfuncs,  /* c */
csdefinition,   /* d */
csegrep,/* e */
csfindfile, /* f */
rescan, /* g */
rescan, /* h */
csfindinc,  /* i */
rescan, /* j */
rescan, /* k */
rescan, /* l */
rescan, /* m */
csnextmatch,/* n */
rescan, /* o */
csprevmatch,/* p */
rescan, /* q */
rescan, /* r */
cssymbol,   /* s */
csfindtext  /* t */
};
$ man mg
(snip)
DEFAULT KEY BINDINGS
 Normal editing commands are very similar to GNU Emacs.  In the following
 examples, C-x means Control-x, and M-x means Meta-x, where the Meta key
 may be either a special key on the keyboard or the ALT key; otherwise ESC
 followed by the key X works as well.

   C-SPC set-mark-command
   C-a   beginning-of-line
   C-b   backward-char
   C-c s c   cscope-find-functions-calling-this-function
   C-c s d   cscope-find-global-definition
   C-c s e   cscope-find-egrep-pattern
   C-c s f   cscope-find-this-file
   C-c s i   cscope-find-files-including-file
   C-c s n   cscope-next-symbol
   C-c s p   cscope-prev-symbol
   C-c s s   cscope-find-this-symbol
   C-c s t   cscope-find-this-text-string
   C-d   delete-char
(snip)
$

OK?

Best regards,
Hajime Edakawa

Index: keymap.c
===
RCS file: /cvs/src/usr.bin/mg/keymap.c,v
retrieving revision 1.58
diff -u -p -r1.58 keymap.c
--- keymap.c29 Dec 2015 19:44:32 -  1.58
+++ keymap.c7 Jun 2018 11:31:21 -
@@ -55,7 +55,7 @@ static PF cCsc[] = {
csfindinc,  /* i */
rescan, /* j */
rescan, /* k */
-   rescan, /* l */
+   csfuncalled,/* l */
rescan, /* m */
csnextmatch,/* n */
rescan, /* o */
Index: mg.1
===
RCS file: /cvs/src/usr.bin/mg/mg.1,v
retrieving revision 1.106
diff -u -p -r1.106 mg.1
--- mg.111 Dec 2017 07:27:07 -  1.106
+++ mg.17 Jun 2018 11:31:06 -
@@ -134,6 +134,8 @@ cscope-find-egrep-pattern
 cscope-find-this-file
 .It C-c s i
 cscope-find-files-including-file
+.It C-c s l
+cscope-find-called-functions
 .It C-c s n
 cscope-next-symbol
 .It C-c s p

Re: bgpd: stop with the announce confusion

[Job Snijders]

On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote:
> > It would be helpful during upgrades if it's possible to write some
> > configurations that work the same on both the old and new versions.
> > That way the configuration can be changed to a version which will
> > still work before you get to the point where you can't simply revert
> > to the old config file). I think if the new version would accept
> > but ignore "announce all", that would be enough.
> 
> Yes, I can add a dummy "announce *" handler. In general people should be
> already able to write filters that work before and after the change.
> Happy to add a bit of code to ease the change but it also comes with a
> price that users may not adjust their configs because they don't fail to
> load.

I'd prefer if only "announce all" is allowed as a no-op (but a warning
about the directive's deprecation is printed), for "announce self" and
"announce default-route" just throw an error and refuse to start the
daemon.

Kind regards,

Job

Re: bgpd: stop with the announce confusion

[Claudio Jeker]

On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote:
> On Thu, Jun 07, 2018 at 10:20:17AM +0100, Stuart Henderson wrote:
> > On 2018/06/07 10:26, Claudio Jeker wrote:
> > > On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> > > > So the announce keyword in bgpd is massivly overloaded.
> > > > It is one of the most common things new bgpd users are unsure about.
> > > > These are all possible announce options:
> > > > 
> > > > announce (IPv4|IPv6) (none|unicast|vpn)
> > > > announce as-4byte (yes|no)
> > > > announce capabilities (yes|no)
> > > > announce refresh (yes|no)
> > > > announce restart (yes|no)
> > > > and
> > > > announce (all|none|self|default-route)
> > > > 
> > > > Especially the last one is a bit confusing because it influences the way
> > > > the filter work. This was good in the beginning of bgpd but now I think
> > > > the time is right to move on. Filtering in general got more important 
> > > > and
> > > > using large-communities as a method to tag prefixes so that they can be
> > > > matched against those later is important.
> > > > People are easily confused by `announce IPv4 unicast` vs `announce all`
> > > > and so on.
> > > > 
> > > > The following diff does a few things.
> > > > a) it removes the `announce (all|none|self|default-route)` version
> > > > b) `announce none` is now `export none`
> > > > c) `announce default-route` is now `export default-route`
> > > > d) the examples file is adjusted accordingly and also the network
> > > >statements are no setting a large-community which is used by the
> > > >filters.
> > > > e) the filters are split in input and output and to a lesser extent
> > > >ibgp vs ebgp.
> > > > f) since anounce self is gone the filters will now default deny (which 
> > > > is
> > > >not a big thing and has the benefit that at start all routes show up 
> > > > in
> > > >Adj-RIB-In first).
> > > > 
> > > > In general people using `announce all` can just remove the line. When
> > > > using `annouce self` more care is needed since the filters may need 
> > > > extra
> > > > adjustment. `announce none` and `announce default-route` are simple
> > > > renames, every thing else remains the same.
> > > > 
> > > 
> > > To be more precise what needs to be changed in your config.
> > > 
> > > - neighbors using 'announce none' just rename it to 'export none'
> > > - neighbors using 'announce default-route' just rename it to 'export
> > >   default-route'
> > > 
> > > For all other cases 'announce self' and 'announce all' needs to be removed
> > > and filters need to be put in place instead. A good example is in
> > > /etc/example/bgpd.conf. In short you want to permit ibgp in and out and
> > > for ebgp you want to only allow reasonable things in and only your
> > > announcements out. How is this done best is by tagging announcements with
> > > a community. I use large-community here because they are more expressive.
> > > 
> > > # tag announcements with a community
> > > network 10.0.1.0/24 set large-community $ASN:1:1
> > > 
> > > ... neighbor configs ...
> > > 
> > > # first inbound
> > > allow from ibgp
> > > # the example filters out a lot of bad prefixes here which is good
> > > # In general you don't trust the outside world so this is where you should
> > > # filter the most.
> > > allow from ebgp inet prefixlen 8 - 24
> > > allow from ebgp inet6 prefixlen 16 - 48
> > > # scrub our community range from ebgp
> > > match from ebgp set large-community delete $ASN:*:*
> > > 
> > > # now outbound filters
> > > # again ibgp is generally allowed
> > > allow to ibgp
> > > # for ebgp make sure to not leak any unintended networks so best is to
> > > # just allow the networks we tagged.
> > > allow to ebgp large-community $ASN:1:1
> > > # another option is to go eplicit by network
> > > allow to ebgp prefix 10.0.1.0/24
> > > 
> > > For a pure ibgp router the basic rules can be simplified to:
> > >allow from ibgp
> > >allow to ibgp
> > > 
> > > While most configs probably have inbound filters they may lack outbound
> > > filters. It is possible to check the effect of this change by adding
> > >deny from any
> > >deny to any
> > > at the start of your filters. `bgpctl show rib out nei myPeerName` is a
> > > great way to see what is announced before and after.
> > > 
> > > See this as an oportunity to bring your bgpd filter up to current
> > > standards.
> > > -- 
> > > :wq Claudio
> > > 
> > 
> > It would be helpful during upgrades if it's possible to write some
> > configurations that work the same on both the old and new versions.
> > That way the configuration can be changed to a version which will
> > still work before you get to the point where you can't simply revert
> > to the old config file). I think if the new version would accept
> > but ignore "announce all", that would be enough.
> 
> Yes, I can add a dummy "announce *" handler. In general people should be
> already able to write filters that work before 

Re: bgpd: stop with the announce confusion

[Job Snijders]

On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> The following diff does a few things.
> a) it removes the `announce (all|none|self|default-route)` version
> b) `announce none` is now `export none`
> c) `announce default-route` is now `export default-route`
> d) the examples file is adjusted accordingly and also the network
>statements are no setting a large-community which is used by the
>filters.
> e) the filters are split in input and output and to a lesser extent
>ibgp vs ebgp.
> f) since anounce self is gone the filters will now default deny (which is
>not a big thing and has the benefit that at start all routes show up in
>Adj-RIB-In first).

OK job@

I built a release & tested on a few routers.

I like Stuart's suggestion, if the directive "announce all" is made a
no-op in 6.4 (and removed in 6.5), I can produce configs that work on
both 6.3 and 6.4, making the upgrade easier.

Kind regards,

Job

Re: bgpd: stop with the announce confusion

[Claudio Jeker]

On Thu, Jun 07, 2018 at 10:20:17AM +0100, Stuart Henderson wrote:
> On 2018/06/07 10:26, Claudio Jeker wrote:
> > On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> > > So the announce keyword in bgpd is massivly overloaded.
> > > It is one of the most common things new bgpd users are unsure about.
> > > These are all possible announce options:
> > > 
> > > announce (IPv4|IPv6) (none|unicast|vpn)
> > > announce as-4byte (yes|no)
> > > announce capabilities (yes|no)
> > > announce refresh (yes|no)
> > > announce restart (yes|no)
> > > and
> > > announce (all|none|self|default-route)
> > > 
> > > Especially the last one is a bit confusing because it influences the way
> > > the filter work. This was good in the beginning of bgpd but now I think
> > > the time is right to move on. Filtering in general got more important and
> > > using large-communities as a method to tag prefixes so that they can be
> > > matched against those later is important.
> > > People are easily confused by `announce IPv4 unicast` vs `announce all`
> > > and so on.
> > > 
> > > The following diff does a few things.
> > > a) it removes the `announce (all|none|self|default-route)` version
> > > b) `announce none` is now `export none`
> > > c) `announce default-route` is now `export default-route`
> > > d) the examples file is adjusted accordingly and also the network
> > >statements are no setting a large-community which is used by the
> > >filters.
> > > e) the filters are split in input and output and to a lesser extent
> > >ibgp vs ebgp.
> > > f) since anounce self is gone the filters will now default deny (which is
> > >not a big thing and has the benefit that at start all routes show up in
> > >Adj-RIB-In first).
> > > 
> > > In general people using `announce all` can just remove the line. When
> > > using `annouce self` more care is needed since the filters may need extra
> > > adjustment. `announce none` and `announce default-route` are simple
> > > renames, every thing else remains the same.
> > > 
> > 
> > To be more precise what needs to be changed in your config.
> > 
> > - neighbors using 'announce none' just rename it to 'export none'
> > - neighbors using 'announce default-route' just rename it to 'export
> >   default-route'
> > 
> > For all other cases 'announce self' and 'announce all' needs to be removed
> > and filters need to be put in place instead. A good example is in
> > /etc/example/bgpd.conf. In short you want to permit ibgp in and out and
> > for ebgp you want to only allow reasonable things in and only your
> > announcements out. How is this done best is by tagging announcements with
> > a community. I use large-community here because they are more expressive.
> > 
> > # tag announcements with a community
> > network 10.0.1.0/24 set large-community $ASN:1:1
> > 
> > ... neighbor configs ...
> > 
> > # first inbound
> > allow from ibgp
> > # the example filters out a lot of bad prefixes here which is good
> > # In general you don't trust the outside world so this is where you should
> > # filter the most.
> > allow from ebgp inet prefixlen 8 - 24
> > allow from ebgp inet6 prefixlen 16 - 48
> > # scrub our community range from ebgp
> > match from ebgp set large-community delete $ASN:*:*
> > 
> > # now outbound filters
> > # again ibgp is generally allowed
> > allow to ibgp
> > # for ebgp make sure to not leak any unintended networks so best is to
> > # just allow the networks we tagged.
> > allow to ebgp large-community $ASN:1:1
> > # another option is to go eplicit by network
> > allow to ebgp prefix 10.0.1.0/24
> > 
> > For a pure ibgp router the basic rules can be simplified to:
> >allow from ibgp
> >allow to ibgp
> > 
> > While most configs probably have inbound filters they may lack outbound
> > filters. It is possible to check the effect of this change by adding
> >deny from any
> >deny to any
> > at the start of your filters. `bgpctl show rib out nei myPeerName` is a
> > great way to see what is announced before and after.
> > 
> > See this as an oportunity to bring your bgpd filter up to current
> > standards.
> > -- 
> > :wq Claudio
> > 
> 
> It would be helpful during upgrades if it's possible to write some
> configurations that work the same on both the old and new versions.
> That way the configuration can be changed to a version which will
> still work before you get to the point where you can't simply revert
> to the old config file). I think if the new version would accept
> but ignore "announce all", that would be enough.

Yes, I can add a dummy "announce *" handler. In general people should be
already able to write filters that work before and after the change.
Happy to add a bit of code to ease the change but it also comes with a
price that users may not adjust their configs because they don't fail to
load.
 
> Remember that "announce self" is implicit for ebgp neighbours unless
> there's another "announce" keyword, so people might be using 

Re: bgpd: stop with the announce confusion

[Stuart Henderson]

On 2018/06/07 10:26, Claudio Jeker wrote:
> On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> > So the announce keyword in bgpd is massivly overloaded.
> > It is one of the most common things new bgpd users are unsure about.
> > These are all possible announce options:
> > 
> > announce (IPv4|IPv6) (none|unicast|vpn)
> > announce as-4byte (yes|no)
> > announce capabilities (yes|no)
> > announce refresh (yes|no)
> > announce restart (yes|no)
> > and
> > announce (all|none|self|default-route)
> > 
> > Especially the last one is a bit confusing because it influences the way
> > the filter work. This was good in the beginning of bgpd but now I think
> > the time is right to move on. Filtering in general got more important and
> > using large-communities as a method to tag prefixes so that they can be
> > matched against those later is important.
> > People are easily confused by `announce IPv4 unicast` vs `announce all`
> > and so on.
> > 
> > The following diff does a few things.
> > a) it removes the `announce (all|none|self|default-route)` version
> > b) `announce none` is now `export none`
> > c) `announce default-route` is now `export default-route`
> > d) the examples file is adjusted accordingly and also the network
> >statements are no setting a large-community which is used by the
> >filters.
> > e) the filters are split in input and output and to a lesser extent
> >ibgp vs ebgp.
> > f) since anounce self is gone the filters will now default deny (which is
> >not a big thing and has the benefit that at start all routes show up in
> >Adj-RIB-In first).
> > 
> > In general people using `announce all` can just remove the line. When
> > using `annouce self` more care is needed since the filters may need extra
> > adjustment. `announce none` and `announce default-route` are simple
> > renames, every thing else remains the same.
> > 
> 
> To be more precise what needs to be changed in your config.
> 
> - neighbors using 'announce none' just rename it to 'export none'
> - neighbors using 'announce default-route' just rename it to 'export
>   default-route'
> 
> For all other cases 'announce self' and 'announce all' needs to be removed
> and filters need to be put in place instead. A good example is in
> /etc/example/bgpd.conf. In short you want to permit ibgp in and out and
> for ebgp you want to only allow reasonable things in and only your
> announcements out. How is this done best is by tagging announcements with
> a community. I use large-community here because they are more expressive.
> 
> # tag announcements with a community
> network 10.0.1.0/24 set large-community $ASN:1:1
> 
> ... neighbor configs ...
> 
> # first inbound
> allow from ibgp
> # the example filters out a lot of bad prefixes here which is good
> # In general you don't trust the outside world so this is where you should
> # filter the most.
> allow from ebgp inet prefixlen 8 - 24
> allow from ebgp inet6 prefixlen 16 - 48
> # scrub our community range from ebgp
> match from ebgp set large-community delete $ASN:*:*
> 
> # now outbound filters
> # again ibgp is generally allowed
> allow to ibgp
> # for ebgp make sure to not leak any unintended networks so best is to
> # just allow the networks we tagged.
> allow to ebgp large-community $ASN:1:1
> # another option is to go eplicit by network
> allow to ebgp prefix 10.0.1.0/24
> 
> For a pure ibgp router the basic rules can be simplified to:
>allow from ibgp
>allow to ibgp
> 
> While most configs probably have inbound filters they may lack outbound
> filters. It is possible to check the effect of this change by adding
>deny from any
>deny to any
> at the start of your filters. `bgpctl show rib out nei myPeerName` is a
> great way to see what is announced before and after.
> 
> See this as an oportunity to bring your bgpd filter up to current
> standards.
> -- 
> :wq Claudio
> 

It would be helpful during upgrades if it's possible to write some
configurations that work the same on both the old and new versions.
That way the configuration can be changed to a version which will
still work before you get to the point where you can't simply revert
to the old config file). I think if the new version would accept
but ignore "announce all", that would be enough.

Remember that "announce self" is implicit for ebgp neighbours unless
there's another "announce" keyword, so people might be using it without
realising. It would not be very good if those people (who are probably
not dealing with BGP often) started redistributing all their transit
routes to peers ;)

Re: bgpd: stop with the announce confusion

[Claudio Jeker]

On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> So the announce keyword in bgpd is massivly overloaded.
> It is one of the most common things new bgpd users are unsure about.
> These are all possible announce options:
> 
> announce (IPv4|IPv6) (none|unicast|vpn)
> announce as-4byte (yes|no)
> announce capabilities (yes|no)
> announce refresh (yes|no)
> announce restart (yes|no)
> and
> announce (all|none|self|default-route)
> 
> Especially the last one is a bit confusing because it influences the way
> the filter work. This was good in the beginning of bgpd but now I think
> the time is right to move on. Filtering in general got more important and
> using large-communities as a method to tag prefixes so that they can be
> matched against those later is important.
> People are easily confused by `announce IPv4 unicast` vs `announce all`
> and so on.
> 
> The following diff does a few things.
> a) it removes the `announce (all|none|self|default-route)` version
> b) `announce none` is now `export none`
> c) `announce default-route` is now `export default-route`
> d) the examples file is adjusted accordingly and also the network
>statements are no setting a large-community which is used by the
>filters.
> e) the filters are split in input and output and to a lesser extent
>ibgp vs ebgp.
> f) since anounce self is gone the filters will now default deny (which is
>not a big thing and has the benefit that at start all routes show up in
>Adj-RIB-In first).
> 
> In general people using `announce all` can just remove the line. When
> using `annouce self` more care is needed since the filters may need extra
> adjustment. `announce none` and `announce default-route` are simple
> renames, every thing else remains the same.
> 

To be more precise what needs to be changed in your config.

- neighbors using 'announce none' just rename it to 'export none'
- neighbors using 'announce default-route' just rename it to 'export
  default-route'

For all other cases 'announce self' and 'announce all' needs to be removed
and filters need to be put in place instead. A good example is in
/etc/example/bgpd.conf. In short you want to permit ibgp in and out and
for ebgp you want to only allow reasonable things in and only your
announcements out. How is this done best is by tagging announcements with
a community. I use large-community here because they are more expressive.

# tag announcements with a community
network 10.0.1.0/24 set large-community $ASN:1:1

... neighbor configs ...

# first inbound
allow from ibgp
# the example filters out a lot of bad prefixes here which is good
# In general you don't trust the outside world so this is where you should
# filter the most.
allow from ebgp inet prefixlen 8 - 24
allow from ebgp inet6 prefixlen 16 - 48
# scrub our community range from ebgp
match from ebgp set large-community delete $ASN:*:*

# now outbound filters
# again ibgp is generally allowed
allow to ibgp
# for ebgp make sure to not leak any unintended networks so best is to
# just allow the networks we tagged.
allow to ebgp large-community $ASN:1:1
# another option is to go eplicit by network
allow to ebgp prefix 10.0.1.0/24

For a pure ibgp router the basic rules can be simplified to:
   allow from ibgp
   allow to ibgp

While most configs probably have inbound filters they may lack outbound
filters. It is possible to check the effect of this change by adding
   deny from any
   deny to any
at the start of your filters. `bgpctl show rib out nei myPeerName` is a
great way to see what is announced before and after.

See this as an oportunity to bring your bgpd filter up to current
standards.
-- 
:wq Claudio

Re: Should whois(1) and IPv6 default to ANICHOST?

[Mikolaj Kucharski]

Hi,

Any comments?

On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote:
> Hi,
> 
> This is very naive patch for whois(1) which makes it work
> by default for IPv6 addresses. I went with very minimal
> approach here. If string contains colon, it's asumed to
> be IPv6 address. Comments welcome.
> 
> Please CC me, as I'm not subscribed to the list.
> 
> Index: whois.c
> ===
> RCS file: /cvs/src/usr.bin/whois/whois.c,v
> retrieving revision 1.56
> diff -u -p -u -r1.56 whois.c
> --- whois.c   26 Jul 2017 15:48:38 -  1.56
> +++ whois.c   4 Apr 2018 19:01:45 -
> @@ -278,7 +278,8 @@ whois(const char *query, const char *ser
>   * If the TLD is a number, query ARIN, otherwise, use TLD.whois-server.net.
>   * If the domain does not contain '.', check to see if it is an NSI handle
>   * (starts with '!') or a CORE handle (COCO-[0-9]+ or COHO-[0-9]+) or an
> - * ASN (starts with AS). Fall back to NICHOST for the non-handle case.
> + * ASN (starts with AS) or IPv6 address (contains ':'). Fall back to
> + * NICHOST for the non-handle and non-IPv6 case.
>   */
>  char *
>  choose_server(const char *name, const char *country, char **tofree)
> @@ -305,6 +306,8 @@ choose_server(const char *name, const ch
>   else if ((strncasecmp(name, "AS", 2) == 0) &&
>   strtol(name + 2, , 10) > 0 && *ep == '\0')
>   return (MNICHOST);
> + else if (strchr(name, ':') != NULL) /* IPv6 address */
> + return (ANICHOST);
>   else
>   return (NICHOST);
>   } else if (isdigit((unsigned char)*(++qhead)))

Regards,
 Mikolaj

[patch] Use snprintf to implement concat in etc.c

[Nan Xiao]

HI tech@,

I think maybe one snprintf is more efficient and concise. Sorry if I am
wrong, thanks!

Index: etc.c
===
RCS file: /cvs/src/libexec/ld.so/ldconfig/etc.c,v
retrieving revision 1.7
diff -u -p -r1.7 etc.c
--- etc.c   12 May 2006 23:35:16 -  1.7
+++ etc.c   7 Jun 2018 07:10:30 -
@@ -5,6 +5,7 @@
 #include 

 #include 
+#include 
 #include 
 #include 
 #include "ld.h"
@@ -61,9 +62,7 @@ concat(const char *s1, const char *s2, c
len = strlen(s1) + strlen(s2) + strlen(s3) + 1;
str = xmalloc(len);

-   strlcpy(str, s1, len);
-   strlcat(str, s2, len);
-   strlcat(str, s3, len);
+   snprintf(str, len, "%s%s%s", s1, s2, s3);

return (str);
 }

-- 
Best Regards
Nan Xiao

[patch] Add error check for fchmod in ldconfig.c

[Nan Xiao]

Hi tech@,

Maybe a error check of fchmod is necessary. Sorry if I am wrong, thanks!

Index: ldconfig.c
===
RCS file: /cvs/src/libexec/ld.so/ldconfig/ldconfig.c,v
retrieving revision 1.37
diff -u -p -r1.37 ldconfig.c
--- ldconfig.c  26 Apr 2018 12:42:50 -  1.37
+++ ldconfig.c  7 Jun 2018 07:04:45 -
@@ -386,7 +386,11 @@ buildhints(void)
warn("%s", tmpfilenam);
goto out;
}
-   fchmod(fd, 0444);
+
+   if (fchmod(fd, 0444) == -1) {
+   warn("%s", tmpfilenam);
+   goto out;
+   }

if (write(fd, , sizeof(struct hints_header)) !=
sizeof(struct hints_header)) {

-- 
Best Regards
Nan Xiao