patch(1): don't run off the end in num_components.

Found with afl, if path ends in '/', num_components will run off the end of the string. OK? (this is on top of tb's fix on bugs but should be independent and not cause conflicts.) diff --git pch.c pch.c index 63543a609fb..8c58dc9ffe5 100644 --- pch.c +++ pch.c @@ -1484,7 +1484,8 @@ num_component

Re: Remove ENGINE use from relayd

I for one welcome our new relayd maintainer!

Re: patch: partially fix interactive mode

OK florian On 2023-07-19 13:17 +02, Theo Buehler wrote: > The addition of unveil broke interactive mode since ask() assumes the > default answer if it fails to open _PATH_TTY. Questions are only asked > if neither force nor batch mode is activated, so condition on those. > > It seams cleaner to d

Re: sysupgrade: omit default sets answer

On 2023-09-29 14:41 UTC, Klemens Nanni wrote: > The response file contains only to non-defaults, except for > Set name(s)? (or 'abort' or 'done') [done] done > > which is the hardcoded default since 2009: > ask "Set name(s)? (or 'abort' or 'done')" done > > We pass it since r1.

Re: relayd does not delete control socket on shutdown

On 2023-10-21 14:49 +03, Kapetanakis Giannis wrote: > Rev 1.140 by florian@ seems to have changed that. > > Do not try to unlink the control socket in an unprivileged child > process on shutdown. > Found while working ontame(2) . > OK benno@ > Which was 8 years ago

Re: patch unveil fail

reads correct, OK florian On 2023-10-25 13:38 +02, Alexander Bluhm wrote: > Hi, > > Since 7.4 patch(1) does not work if an explicit patchfile is given on > command line. > > https://marc.info/?l=openbsd-cvs&m=168941770509379&w=2 > > root@ot14:.../~# patch /usr/src/usr.bin/patch/patch.c patch-unve

Re: PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

Nice, as the draft states: The default Valid Lifetime for temporary addresses has been reduced from 1 week to 2 days, decreasing the typical number of concurrent temporary addresses from 7 to 2. This had been a complained on numerous occasions. This made me realize that we can

Re: PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

On Fri, Mar 27, 2020 at 12:58:18PM -0300, Fernando Gont wrote: > Hello, Florian, > > > On 27/3/20 12:20, Florian Obser wrote: > > Nice, > > > > as the draft states: > >The default Valid Lifetime for temporary addresses has been > >red

Re: slaacd: Reduce maximum IPv6 PIO lifetimes

I do like the limiting of pltime to router lifetime, the factor of 48 though. I don't know it seems like pulled out of thin air or to make the math work out to 1 day. I'm not fundamentally opposed to it and I'm fine with this going in if the draft is accepted or if it's clear that there is going t

Re: slaacd: Reduce maximum IPv6 PIO lifetimes

On Fri, Mar 27, 2020 at 12:24:27PM -0600, Theo de Raadt wrote: > +#ifndef MIN > +#defineMIN(_a,_b) ((_a) < (_b) ? (_a) : (_b)) > > Please use MINIMUM() for the name, as elsewhere. You also don't need the _. > diff --git engine.c engine.c index 8f2c4297225..f461708af77 100644 --- engine.

Re: PATCH: rad(8) Better PIO default lifetimes (was: Re: Improve handling of IPv6 SLAAC renumbering scenarios)

On Fri, Mar 27, 2020 at 11:10:25PM -0300, Fernando Gont wrote: > Florian/folks, > > This is an improved version: > > Essentially, if the lifetime of a prefix is not specified (i.e., the admin > relies on the default values), the Preferred Lifetime is set to the Router > Lifetime, and the Valid Li

slaacd(8): honour rdomain we are running in

OK? diff --git slaacd.c slaacd.c index 58f15bcda37..dae2eab3434 100644 --- slaacd.c +++ slaacd.c @@ -755,7 +755,7 @@ configure_gateway(struct imsg_configure_dfr *dfr, uint8_t rtm_type) rtm.rtm_version = RTM_VERSION; rtm.rtm_type = rtm_type; rtm.rtm_msglen = sizeof(rtm); -

slaacd(8): only pay attention to interfaces in our routing domain

While slaacd(8) doesn't receive router advertisements for interface in a different rdomain it still touches those interfaces, i.e. removing addresses. OK diff --git frontend.c frontend.c index 8c6d48810e9..8f5894a77de 100644 --- frontend.c +++ frontend.c @@ -69,6 +69,7 @@ void get_rtadd

unwind(8): recommend supersede in dhclient.conf

We didn't get around to run unwind per default and integrate it tighter with dhclient this release cycle. But there is also no need anymore to recomend prepend in dhclient.conf, unwind(8) is no longer closing it's service port when it's running so it should always be available. (I checked the inst

Re: acme-client(1) and Buypass Go SSL

Hi, thanks for working on this and finding another acme implementor! On Mon, Apr 20, 2020 at 06:51:17PM +0200, Bartosz Kuzma wrote: > Hello, > > I've tried to get a certificate from Buypass Go SSL provider using > acme-client(1) but it ends with the following error: > > acme-client: https://api

Re: httpd(8): add a "dark mode" in directory listings and error pages

On Mon, May 11, 2020 at 11:20:58AM +0200, Charlene Wendling wrote: > Hi, > > Similarly to what has been done for the OpenBSD project pages [0], this > diff adds a "dark mode" to directory listings and error pages in httpd, > using OpenBSD's dark color scheme. > > The goal is to avoid switching fr

Re: httpd(8): add a "dark mode" in directory listings and error pages

On Mon, May 11, 2020 at 03:43:39PM +0200, Charlene Wendling wrote: > On Mon, 11 May 2020 14:06:33 +0200 > Klemens Nanni wrote: > > > On Mon, May 11, 2020 at 11:20:58AM +0200, Charlene Wendling wrote: > > > Hi, > > > > > > Similarly to what has been done for the OpenBSD project pages [0], > > > th

Re: sysupgrade change to allow installing from url

On Tue, May 26, 2020 at 12:03:50AM +0200, Sebastian Benoit wrote: > Solene Rapenne(sol...@perso.pw) on 2020.05.25 15:25:40 +0200: > > Hi, > > > > I don't know if this will be accepted but I propose to add a -u [url] > > parameter to use older snapshots from an archive server for example. > > > >

rewrite IPv6 source address selection

This should be easier to read and follows the 8 rules in Section 5 of RFC 6724. I tried to hit all (implemented) rules of RFC 6724 and found only one behavioural difference, if there are two global unicast addresses configured on an interface, like this: inet6 fe80::fce1:baff:fed4:35e3%ve

Re: rewrite IPv6 source address selection

Anyone? Tests on multi homed machines would be particularly interesting. Thanks, Florian On Thu, Jun 04, 2020 at 07:33:32PM +0200, Florian Obser wrote: > This should be easier to read and follows the 8 rules in Section 5 of > RFC 6724. > > I tried to hit all (implemented) rules of

Re: [PATCH]: sysupgrade(8) don't create /home/_sysupgrade/keep

Nice catch! Committed, thanks. On Tue, Jun 16, 2020 at 01:36:22PM +0200, Martin Vahlensieck wrote: > Hi > > In the last revision install.sub stopped using /home/_sysupgrade/keep, > so unless I miss something this line can be removed. > > Best, > > Martin > > Index: sysupgrade.sh > ===

Re: 11n Tx aggregation for iwm(4)

Seems to be working on a X1 gen2 using iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x83, msi against a Unifi AP-SHD. Before: bandwidth min/avg/max/std-dev = 7.344/9.077/11.514/0.803 Mbps after: bandwidth min/avg/max/std-dev = 12.551/65.407/82.835/14.169 Mbps -- I'm no

Re: slowcgi ignore SIGPIPE

OK On Fri, Apr 16, 2021 at 05:20:00PM +0200, Claudio Jeker wrote: > This is an optimisation. > > Instead of installing a signal handler that does nothing just ignore the > signal. Now to ensure that the cgi processes run with a default SIGPIPE > restore it before execve. > > -- > :wq Claudio >

Re: iwm(4): Tx aggregation

This still works fine on iwm0 at pci2 dev 0 function 0 "Intel AC 7260" rev 0x83, msi iwm0: hw rev 0x140, fw ver 17.3216344376.0 Thanks, Florian -- I'm not entirely sure you are real.

Re: Cleanup of err(1, "unveil") pattern: bin, games, sbin

On Sun, May 02, 2021 at 09:00:21PM -0400, Ashton Fagg wrote: > "Theo de Raadt" writes: > > > Showing the symbolic name is not doing anywhere else in the tree. > > > > Most likely they should be > > > >err(1, "unveil: %s", path); > > Per Theo's advice, updated diffs are attached.

Re: Cleanup of err(1, "unveil") pattern: bin, games, sbin

"Theo de Raadt" writes: > Florian Obser wrote: > >> In this hunk alone you have three out of five and you log them all >> differently. I think this should be unified as >> fatal("unveil(\"%s\", \"%s\")", _PATH_RESCONF, &quo

Re: Cleanup of err(1, "unveil") pattern: bin, games, sbin

Florian Obser writes: > There are 4 or five cases how unveil is called, depending on how > you count. The permission seems to be always a string literal or NULL. > The path can be: > > 1) a string literal > 2) a #define > 3) a variable > 4) the empty string literal

Re: iwx and sysupgrade

On 2021-05-04 11:47 +02, Hrvoje Popovski wrote: > I'm not sure that with iwx and eduroam, sysupgrade can finish. Maybe i We have seen bugs before where we would wait for network while doing an automated upgrade. I think bsd.rd should not bring up the network when it detects that it's in sysupgrad

Re: services(5): add default ftps ports

reads good. OK florian On 2021-05-05 11:09 +01, Stuart Henderson wrote: > On 2021/05/04 12:07, Jan Klemkow wrote: >> Hi, >> >> Add missing ftps defaults ports to servies(5). >> >> OK? >> >> bye, >> Jan >> >> Index: services >>

unwind(8): don't try all authorities on validation errors

When libunbound encounters a validation error it retries up to 5 times, going through all the authoritative servers. In general I find that a bit silly. Sure, it might help with certain operator errors when signing a zone, but in my experience the oopsie just spreads like wildfire via XFR to all

Re: acme-client: use field agnostic {get,set}_affine_coordinates()

I trust you know what you are doing. OK florian fwiw On 2021-05-13 07:46 +02, Theo Buehler wrote: > The _GFp() variants provide no benefit and are just wrappers around the > variants without _GFp(), so use the latter directly. > > Index: acctproc.c >

rad(8) allow Router Solicitations from :: (unspecified address)

Last year Andrew Forgue pointed out that rad(8) does not respond to Router Solicitations from ::. ( https://marc.info/?l=openbsd-bugs&m=157820352329054&w=2 ) They also pointed out that RFC 4861 4.1 allows solicitations from the unspecified address: Source Address An IP ad

httpd(8): don't try to chunk-encode an empty body

As found out by Chris Narkiewicz the hard way, trying to chunk encode an empty body makes the nextclown app stop working. (see "Nextcloud stopped working after upgrade to 6.9" on ports@). I don't think there is a valid way to do this, so don't try to. This is kinda maybe a hack since there might

Re: httpd(8): don't try to chunk-encode an empty body

Turns out it's not that difficult to do this correctly since we already wait until we read all http headers from the fcgi upstream. We just need to delay writing of the http header until we know if the body is empty or not. OK? diff --git httpd.h httpd.h index b3a40b3af68..c4adfba232d 100644 ---

Re: httpd(8): don't try to chunk-encode an empty body

On 2021-05-18 00:47 +02, Sebastian Benoit wrote: > The comments in server_fcgi_header seem to suggest more dragons lurk in this > area. Sush! -- I'm not entirely sure you are real.

Re: Regarding May 17 patch

No, EVBUFFER_LENGTH(clt->clt_srvevb) will always be 8 for an FCGI_END_REQUEST, see: http://www.mit.edu/~yandros/doc/specs/fcgi-spec.html#S5.5 (Assuming the fcgi server is well behaved). On 2021-05-18 09:12 +02, Matthias Pressfreund wrote: > Hi Florian, isn't this what you actually wanted? > > Inde

Re: Regarding May 17 patch

On 2021-05-19 11:57 +02, Matthias Pressfreund wrote: > While trying to figure out why the May 17 patch in my case does > not behave as expected, I was adding some extra debug output to > server_fcgi_read, server_fcgi_header and server_fcgi_writechunk > and started a httpd debug session during whic

httpd(8): fastcgi & Content-Length: 0

The whole point of using Transfer-Encoding: chunked for fastcgi was so that we do not need to provide a Content-Length header if upstream doesn't give us one. (We'd need to slurp in all the data ugh). Now turns out that if we disable chunked encoding for zero sized bodies some browsers are picky a

Re: Regarding May 17 patch

Fix is in the mail I just send to tech with subject "httpd(8): fastcgi & Content-Length: 0" On 2021-05-19 18:50 +02, m...@fn.de wrote: > On 2021-05-19 17:54, Florian Obser wrote: >> Please indicate where you experience a 30 second delay. >> You get a 302 Found w

Re: httpd(8): fastcgi & Content-Length: 0

both Firefox and Chrome. >> >> However, my Andriod Nextcloud client is now broken again.  I get a >> "Connection Error". >> >> Is there a way I can help you troubleshoot this? >> >> There is nothing significant when I run a httpd -d -v -v -v -v -v >

Re: httpd(8): fastcgi & Content-Length: 0

return (-1); > - } else { > - key.kv_key = "Content-Length"; > - if ((kv = kv_find(&resp->http_headers, &key)) == NULL) { > - if (kv_add(&resp->http_headers, > - "Content-Length"

Re: httpd(8): fastcgi & Content-Length: 0

On 2021-05-20 16:31 +02, Matthias Pressfreund wrote: > I just tried WordPress again on Firefox and Chrome. No problems. > Is there an obj folder? If so, maybe try to do 'make clean' > after step 5. > I suspect there was one diff too many in Steve's procedure. I provided a clean diff for 6.9 in pr

Re: iwm(4): use new firmware images with fragattack fixes

So far this is working on my X1 gen2: iwm0 at pci2 dev 0 function 0 "Intel AC 7260" rev 0x83, msi iwm0: hw rev 0x140, fw ver 17.3216344376.0 -- I'm not entirely sure you are real.

dhcpleased(8): handle gateway outside configured address prefix

I hear there are circuses out there where the dhcp server hands us a /32 and so the default gateway is not reachable. The comment in sbin/dhclient/kroute.c suggests that the Google Clown Platform operates in this way. I seem to recall mumblings that Hetzner does something similar on their VPS. Cu

dhcpleased(8): implement classless static routes option

Implement "classless static routes" dhcp option. For this we need to be able to handle multiple routes being sent from the engine to the main process as well as to the control tool. This also lets us handle multiple default routes in the "routers" option for free. The configuration of the vario

Re: Fix unsafe snmpd defaults

I like it, Ok florian fwiw -- I'm not entirely sure you are real.

Re: Fix unsafe snmpd defaults

On 2021-06-15 17:39 +01, Stuart Henderson wrote: > Can we take a straw poll of readers of this email who are using SNMPv3 > (if any ;-) -- are you using auth+enc, just auth, or no authentication? > I'm thinking that somebody who went to the trouble of using v3 > probably uses auth+enc though I cou

Re: dhcpleased: default route with classless static routes option

On 17 July 2021 13:16:59 CEST, Bjorn Ketelaars wrote: >An inconsistency exists between dhclient(8) and dhcpleased(8) when >receiving the Classless Static Routes option: dhcpleased creates a >default route, while dhclient does not. > >If I'm not mistaken, the behaviour of dhclient is correct. Fr

Re: dhcpleased: default route with classless static routes option

On 2021-07-18 01:02 +02, Bjorn Ketelaars wrote: > On Sat 17/07/2021 17:12, Florian Obser wrote: >> >> >> On 17 July 2021 13:16:59 CEST, Bjorn Ketelaars wrote: >> >An inconsistency exists between dhclient(8) and dhcpleased(8) when >> >receiving the Cla

Re: unwind(8): WIP support using a custom CA

On 2021-07-22 13:25 UTC, Lucas wrote: > Updated patch. It now: > > - Allows using a custom CA > - Reconfigure DoT resolvers' config when just the CA changed (previous > version only impacted CA changes when there were also resolvers > changes) > > Have been running it without problems so far,

unwind(8): store enabled resolvers lookup table in config

We store a list of resolver strategies in order of their preference in the configuration struct. This is also an implicit list of enabled resolver strategies. We have also stored an explict lookup array of enabled strategies outside of the configuration to be able to quickly answer "is this strateg

unwind(8): don't doubt secure answers on network change

Do not doubt a secure (i.e. validated) NXDOMAIN response when we just switched networks. We just validated it! While here reorder the long list of conditions to make it easier to understand when we doubt a response because we might be behind a captive portal. First list all conditions when we do n

Re: [patch] dhcpleased(8): No new lease when trunk(4) failover

On 2021-07-28 23:02 +02, Jesper Wallin wrote: > Hi tech@ > > I've setup my machine to use trunk(4) with re(4) and iwm(4) as failover, > to make life easier when switching between wired and wireless > networking. The wired network at home is on a different subnet from > the wireless network, so wh

dhcpleased(8): ignore servers / parts of lease

This implements ignoring of nameservers and / or routes in leases as well as completely ignoring servers (you cannot block rogue DHCP servers in pf because bpf sees packets before pf). Various people voiced the need for these features. Tests, OKs? diff --git dhcpleased.c dhcpleased.c index 36a4a2

Re: dhcpleased(8): ignore servers / parts of lease

On 2021-08-08 11:52 +01, Jason McIntyre wrote: > On Sun, Aug 08, 2021 at 12:37:54PM +0200, Florian Obser wrote: >> This implements ignoring of nameservers and / or routes in leases as >> well as completely ignoring servers (you cannot block rogue DHCP servers >> in pf bec

Re: dhcpleased(8): ignore servers / parts of lease

On 2021-08-08 12:14 -07, patrick keshishian wrote: > On Sun, Aug 08, 2021 at 12:37:54PM +0200, Florian Obser wrote: >> This implements ignoring of nameservers and / or routes in leases as >> well as completely ignoring servers (you cannot block rogue DHCP servers >> in pf bec

Re: dhcpleased(8): ignore servers / parts of lease

On 2021-08-09 09:56 -06, "Theo de Raadt" wrote: > Using the word "security", you've got to be kidding. > > If a dhcp server on a L2 segment can be "rogue" about one thing, it can > most certainly lie about any other answer, or act out in many other > ways. > > The only way to avoid "rogue" DHCP se

Re: ucc(4): consumer control keyboard device driver

My microsoft sculpt has a bunch of media keys. I tried mute and increment / decrement. They don't seem to have an effect. --- dmesg.boot Wed Aug 18 19:19:07 2021 +++ dmesg.boot.ucc Wed Aug 18 19:19:16 2021 @@ -1,7 +1,7 @@ -OpenBSD 7.0-beta (GENERIC.MP) #131: Wed Aug 18 10:18:06 CEST 2021 +Op

Re: [patch] traceroute timeouts

Makes sense to me, OK florian On 2021-08-19 23:47 -07, wrote: > The default traceroute timeout of 5 seconds is excruciatingly long > when there are elements of the route that don't respond, and it > wasn't allowed to be set lower than 2 seconds. > > This changes the minimum to 1 second, matching

Re: [patch] traceroute timeouts

I guess I was too optimistic. I regularly work on machines that are 600-700 ms away and figured an additional 300 ms is good enough. Maybe not in case of congested links... On 20 August 2021 13:17:12 CEST, Mark Kettenis wrote: >> From: Florian Obser >> Date: Fri, 20 Aug 2021 10

Re: Reference dhcpleased.conf(5)

On 2021-08-22 18:36 -04, Scott Bennett wrote: > Like the rad(8) and unwind(8) manuals do, add references to > dhcpleased.conf(5) in the appropriate places. Committed, thanks! > > Cheers, > Scott > > diff 4ccbc464479218d5b5f4125325c4d9358f653323 /usr/src > blob - 7ee3d8f92a1d31880ce1729f21940fd38

handle RTM_IFANNOUNCE in dhcpleased & slaacd

So I was playing with a usb network adapter and noticed that dhcpleased and slaacd would hold on to them when I unplugged them. They would be listed as "unknown" because we can't find the if_name for the if_index anymore. Turns out we are not getting a RTM_IFINFO when an interface disappears but i

Re: resolv.conf(5): remove "either file" wording

Committed, thanks! On 2021-08-23 22:39 -04, Scott Bennett wrote: > In rev 1.61, references to resolv.conf.tail were removed, so it appears that > this page is now meant to solely document resolv.conf, a single file. So that > makes this sentence make not-so-much sense: > > The configuration

Re: autoupgrade dhcp autoconf race

Reads good. OK florian On 24 August 2021 19:41:06 CEST, Alexander Bluhm wrote: >Hi, > >For some weeks my automatic regress tests are not started reliably. >When the auto upgrader tries to fetch the sets, sometimes ftp does >not find any. The em0 interface is down and has no address. > >get_resp

Re: wg(4) ipv6 ospf6d

On 2021-08-25 18:02 +01, Stuart Henderson wrote: > Trying to announce a network on a wg(4) interface via ospf6d, just > using passive to pick up the prefix, i.e. > > interface wg0 { passive } > > It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0". > > With -v I get 'interface with i

Re: wg(4) ipv6 ospf6d

On 25 August 2021 22:02:02 CEST, Stefan Sperling wrote: >On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote: >> On 2021-08-25 18:02 +01, Stuart Henderson wrote: >> > Trying to announce a network on a wg(4) interface via ospf6d, just >> > using passive

Re: [Patch] - Add -u (update packages) to sysupgrade(8)

Oooh, neat. Thanks for this! On 2021-08-28 09:26 +02, Sebastien Marie wrote: > On Fri, Aug 27, 2021 at 08:17:51PM -0500, Aaron Poffenberger wrote: >> Following is patch to add a flag to upgrade packages during >> rc.firsttime after a sysupgrade. >> > > if you need this flag, is it a ponctual usa

Re: reduce debug logging from slowcgi

OK florian On 2021-08-31 16:24 +02, Paul de Weerd wrote: > Hi all, > > On a busy-ish site, I found that slowcgi is doing quite excessive > logging: every single environment variable is logged on a separate > logline. There's at least 17 variables per hit, but I've seen it go > up to 35. If you'

async traceroute(8)

So traceroute sends one probe, waits upto 5^W3 seconds for an answer to arrive, sends the next probe and so on. This makes it a bit faster (10x on a path with two intermediate systems not answering) by sending probes, waiting for the answer and doing reverse DNS lookups async. Please test. diff

Re: iked(8): client-side DNS support via resolvd(8)

On 2021-09-01 13:28 +02, Tobias Heider wrote: > Here's an updated diff with the following changes: > > - Send the ifidx of the configured 'iface' instead of ifidx 0 to prevent > name collisions > - Cache the first received DNS server locally for cleanup/resending. > - Handle RTP_PROPOSAL_SOLICIT

Re: Removal of old users and groups in the upgrade notes

On 2021-09-02 12:26 +02, Sebastian Benoit wrote: > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: >> Ping. >> >> On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote: >> > Ping. >> > >> > On Sun, May 09, 2021 at 01:07:15PM BST, Raf Czlonka wrote: >> > > Hello, >> > > >> > >

Re: async traceroute(8)

On 2021-09-01 04:05 -06, "Theo de Raadt" wrote: > Stuart Henderson wrote: > >> On 2021/09/01 11:25, Florian Obser wrote: >> > So traceroute sends one probe, waits upto 5^W3 seconds for an answer to >> > arrive, sends the next probe and so on. >> >

Re: async traceroute(8)

On 2021-09-02 15:00 +02, Florian Obser wrote: > On 2021-09-01 04:05 -06, "Theo de Raadt" wrote: >> Stuart Henderson wrote: >> >>> On 2021/09/01 11:25, Florian Obser wrote: >>> > So traceroute sends one probe, waits upto 5^W3 seconds for an answer t

Re: iwm/iwx suspend/resume improvement

This survived multiple suspend / resumes on iwm0 at pci1 dev 0 function 0 "Intel Dual Band Wireless-AC 9260" rev 0x29, msix iwm0: hw rev 0x320, fw ver 46.6b541b68.0, address 40:74:e0:38:11:11 thanks On 2021-09-02 15:26 +02, Stefan Sperling wrote: > This patch fixes suspend/resume with an AX20

Re: iked(8): make proto option accept lists

On 2021-09-03 10:38 +02, Claudio Jeker wrote: > On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote: >> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200: >> > + ; >> > + >> > +proto_list: protoval { $$ = $1; } >> > + |

Re: [Patch] Document /upgrade.site in sysupgrade(8) man page

I'd like to see this documented, I didn't know about it and now I'm using it on all my systems. I don't have an opinion *where* it should be documented. On 2021-09-02 10:18 -05, Aaron Poffenberger wrote: > Any further thoughts on this patch to the man page? > > Cheers, > > --Aaron > > On 2021-08

mg(1): query-replace & capitilisation

mg(1) searches case insensitve and puts the replace string verbatime in place. The One True Editor considers the case (capitalised or all uppercase) and adjusts the replacement string accordingly. This only happens when the replacement string is all lowercase. The following diff implements this fo

Re: mg(1): query-replace & capitilisation

phessler points out that the variable names are confusing. diff --git line.c line.c index ae5d4a7e3bb..301f5206fdc 100644 --- line.c +++ line.c @@ -18,6 +18,7 @@ */ #include +#include #include #include #include @@ -511,7 +512,11 @@ int lreplace(RSIZE plen, char *st) { RSIZ

RTM_CHGADDRATTR try 2

When I sent this around in april it still needed the kernel lock which made it fuggly... Now the netlock is enough. Introduce RTM_CHGADDRATTR to inform userland on the route socket when an attribute of an address is changed. For now it's used when IPv6 duplicate address detection finishes. With t

Re: rad(8): add rad.conf to changelist(5)

On Fri, Jul 13, 2018 at 08:19:17AM +0200, Sebastien Marie wrote: > Hi, > > As rad(8) is linked in the build, I think it makes sens to add rad.conf > to changelist ? thanks! I always forget about the changelist. Commited with tb's tweak. > > Thanks. > -- > Sebastien Marie > > Index: changelist

call for testing: rad(8) - a rtadvd(8) replacement

During g2k18 I commited rad(8). The latest amd64 and i386 snapshots should contain it with enough features to replace rtadvd(8). If you are using rtadvd(8) I'd appreciate if you could switch to rad(8) and report back if any features are missing. The plan is to unhook rtadvd(8) from the build soon

Re: call for testing: rad(8) - a rtadvd(8) replacement

On Wed, Jul 18, 2018 at 11:03:46AM +0200, Sebastien Marie wrote: > On Wed, Jul 18, 2018 at 08:54:51AM +0200, Florian Obser wrote: > > During g2k18 I commited rad(8). > > > > The latest amd64 and i386 snapshots should contain it with enough > > features to replace

slaacd(8): handle duplicate addresses

Handle duplicate address detection failures. We get notified when duplication is detected on the route socket. For privacy addresses simply generate a new random address. If we have soii enabled increase the dad counter on the prefix and generate a new address. For eui64 addresses nothing can be

Re: call for testing: rad(8) - a rtadvd(8) replacement

On Thu, Jul 19, 2018 at 09:47:06PM +0200, Björn Ketelaars wrote: > On Wed 18/07/2018 08:54, Florian Obser wrote: > > During g2k18 I commited rad(8). > > > > The latest amd64 and i386 snapshots should contain it with enough > > features to replace rtadvd(8). If

Re: call for testing: rad(8) - a rtadvd(8) replacement

On Fri, Jul 20, 2018 at 03:40:07PM +0200, Björn Ketelaars wrote: > New diff, which addresses all your comments except the "no mtu" bit in > the parser as I do not understand what you mean. Never mind then :) I was thinking about something like this: 8< mtu 1480 interface ix0 # gets mtu 1

Re: slaacd(8): handle duplicate addresses

anyone? On Wed, Jul 18, 2018 at 01:55:37PM +0200, Florian Obser wrote: > > Handle duplicate address detection failures. > > We get notified when duplication is detected on the route socket. For > privacy addresses simply generate a new random address. If we have > soii enable

slaacd(8): moving between networks

When one is connected to a network, suspends or hibernates, moves to a different network and wakes up one ends up with ip addresses from both networks and things probably go sideways. There is a good chance that source address selection picks the wrong IP. One common suggestion is that slaacd shou

Re: pfctl: use strtonum in host()

On Mon, Jul 23, 2018 at 11:22:56AM +0200, Otto Moerbeek wrote: > On Mon, Jul 23, 2018 at 11:16:16AM +0200, Klemens Nanni wrote: > > > strtonum(3) is simpler than checking three cases for `q' and gives nicer > > error messages. While here, use `v6mask' as maximum netmask instead of > > hardcoding i

Re: show advertised MTU in slaacctl

On Sun, Jul 22, 2018 at 10:32:31AM +0200, Björn Ketelaars wrote: > On Sun 22/07/2018 07:27, Björn Ketelaars wrote: > > Now that rad(8) is able to advertise a MTU I think it would be nice to > > have slaacctl(8) show this advertisement. The patch below touches both > > sbin/slaacd and usr.sbin/slaac

Re: show advertised MTU in slaacctl

On Mon, Jul 23, 2018 at 05:53:09PM +0200, Klemens Nanni wrote: > On Mon, Jul 23, 2018 at 05:38:58PM +0200, Florian Obser wrote: > > Do you intend to set the mtu on the interface? If not I'm a bit > > reluctand to parse and show it. I know that we are showing the > &

Re: show advertised MTU in slaacctl

On Mon, Jul 23, 2018 at 08:59:37PM +0200, Björn Ketelaars wrote: > On Mon 23/07/2018 17:38, Florian Obser wrote: > > On Sun, Jul 22, 2018 at 10:32:31AM +0200, Björn Ketelaars wrote: > > > On Sun 22/07/2018 07:27, Björn Ketelaars wrote: > > > > Now that rad(8) is able

Re: Setting MTU in slaacd (2/4)

On Tue, Jul 24, 2018 at 08:29:30PM +0200, Björn Ketelaars wrote: > Assuming that the pledge bits are in, the diff below enables setting of > MTU on the interface by slaacd. > > If a MTU is advertised it is checked that it is at least 1280 bytes. If > not MTU is set to 1280. If no MTU is advertised

Re: Setting MTU in slaacd (1/4)

I think this is the right place to put this. (The diff is missing context, this is the wroute pledge). dhclient(8) is also using this ioctl so one step closer to pledge the dhclient priv process, too. this is OK florian@ but you will need an ok from deraadt, too! On Tue, Jul 24, 2018 at 08:28:4

Re: mg(1): Ignore dirty flag on *undo* buffer

Thanks! However, since rev 1.72 of buffer.c this is not necessary any more. Buffers with names starting and ending with '*' are considered throw away and have BFIGNDIRTY set in bnew(). On Sun, Jul 22, 2018 at 12:14:32PM +0200, Joachim Nilsson wrote: > Hi guys, > > here's a patch to mg I did a co

nsd 4.1.23

works for me[tm] OK? NSD versions 4.1.22 and before are vulnerable in comparing TSIG information and this can be used to discover a TSIG secret. NSD uses TSIG to protect zone transfers. The TSIG code uses a secret key to pr

correct nd6_timer_next accounting

I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) but when you try to reach that target no neighbor solicitation is send. I think the reason for that is that no new nd6_timer is scheduled because the code thinks it is already scheduled. Maybe. I'm having a hard time reproducing

Re: correct nd6_timer_next accounting

Note that the neighbor entry is in state S (stale). Whatever that means... On Thu, Aug 02, 2018 at 04:44:57PM +0100, Stuart Henderson wrote: > On 2018/08/01 23:18, Florian Obser wrote: > > I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) > > but when y

please test: unveil for ifconfig

I have been told that this is going to fall into snaps soon. If you are doing weird (or normal) things with ifconfig, please test. In particular if you use rulefile. Thanks! diff --git ifconfig.c ifconfig.c index 9bfb1751aab..873aed5bcc7 100644 --- ifconfig.c +++ ifconfig.c @@ -676,10 +676,13 @@

Re: please test: unveil for ifconfig

this one's better - use the correct unveil pattern, pointed out by brynet@ - argv[0] vs. argv[i], pointed out by Matthew Martin and Mario Campos diff --git ifconfig.c ifconfig.c index 9bfb1751aab..20154059394 100644 --- ifconfig.c +++ ifconfig.c @@ -676,10 +676,15 @@ main(int argc, char *argv[])

Re: correct nd6_timer_next accounting

Anyone brave enough to OK this? I haven't heard from anyone that it breaks their internet... On Wed, Aug 01, 2018 at 11:18:02PM +0200, Florian Obser wrote: > I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) > but when you try to reach that target no neighbor

<    1   2   3   4   5   6   7   8   9   >