[2023-10-18 11:42] Omar Polo
> On 2023/10/18 08:40:14 +0100, Stuart Henderson wrote:
> > On 2023/10/17 22:27, Philipp wrote:
> > > [2023-10-17 17:32] Omar Polo
> > > > [...]
>
> > > But I don't think your proposed patch is a good solution, because the
[2023-10-17 17:32] Omar Polo
> sorry for the terrifc delay.
>
> On 2023/10/01 14:59:15 +0200, Philipp wrote:
> > Hi
> >
> > Setting Null MX is a way for domainowners to indicate that the domain
> > does not accept mail. Currently a Null MX causes a tempfai
On Tue, Oct 10, 2023 at 06:25:44AM +0200, Peter J. Philipp wrote:
> > > Thanks, I actually have one of these myself. So I'm going to
> > > investigate (and probably drop one of the diffs).
> >
> > I don't see any problems on my machine. Firmware loads and
On Mon, Oct 09, 2023 at 10:07:36PM +0200, Mark Kettenis wrote:
> > Date: Mon, 09 Oct 2023 20:31:04 +0200
> > From: Mark Kettenis
> >
> > > Date: Mon, 9 Oct 2023 06:09:57 +0200
> > > From: "Peter J. Philipp"
> > >
> > &g
On Sun, Oct 08, 2023 at 07:42:54PM +0200, Mark Kettenis wrote:
> Hector Martin has added support for the BCM4388 that is found on the
> last generation of Apple Macs. Based on his commits I've managed to
> get it working on my M2 Pro mini. I still have to clean up some of
> that stuff, but here
a bounce with the message "Domain does not accept mail".
Because some domains set the MX record to "localhost." to get a similar
efect the secound patch ignores "localhost." MX entries and handles a MX
containing only "localhost.&quo
On Tue, Sep 05, 2023 at 11:40:42PM +0200, Peter J. Philipp wrote:
> Hi,
>
> I'm porting OpenBSD to the Mango Pi D1. Most of the work is done but now
> is the time to try to get a RAMDISK kernel to boot.
>
> I'm having an issue with atomic_store_64() as shown here (line 1
Hi,
I'm porting OpenBSD to the Mango Pi D1. Most of the work is done but now
is the time to try to get a RAMDISK kernel to boot.
I'm having an issue with atomic_store_64() as shown here (line 1192):
1184 for (; va < DMAP_MAX_ADDRESS && pa < max_pa;
1185 pa += L1_SIZE,
On Thu, Aug 24, 2023 at 09:22:07AM -0400, A Tammy wrote:
> I don't think having a daemon for ping (or other trivial network
> operations) might be the best design. There's nothing about the service
> that demands a continuously running process in the background.
>
> Aisha
Ok Aisha, thanks. Well
Hi,
I have modified ping(8) to grab a raw descriptor from a daemon over AF_UNIX
sockets. This seems to work. While what I call the sun daemon needs to be
tightened a lot more it should work to make people understand my concept.
benefits:
we lose inet pledge
we lose the setuid to root bit
root
On Tue, Aug 22, 2023 at 02:33:39PM +0200, Peter J. Philipp wrote:
> Hi,
>
> I have an outstanding bug report that I send to deraadt and claudio, in
> reading the code I came across these macros:
>
> https://github.com/openbsd/src/blame/master/sys/sys/cdefs.h
>
> li
Hi,
I have an outstanding bug report that I send to deraadt and claudio, in
reading the code I came across these macros:
https://github.com/openbsd/src/blame/master/sys/sys/cdefs.h
lines 195 and 196. Now my question, does this not sorta look wrong?
Shouldn't these values be a little more
On Sat, Aug 12, 2023 at 02:27:13PM +, Miod Vallat wrote:
> Third time's (hopefully) the charm. How about that diff? Too much things
> have been removed in uwacom.
partial success! The wacom driver is recognized, no panics this time. But
the input is all over the place when I try to draw
On Sat, Aug 12, 2023 at 01:12:26PM +, Miod Vallat wrote:
> > On Sat, Aug 12, 2023 at 08:00:48AM +, Miod Vallat wrote:
> > > I have had a look at your diff and I think it's decent enough to go in
> > > after some polishing.
> > >
> > > Can Wacom tablet users try this cleaned up diff?
> >
On Sat, Aug 12, 2023 at 08:00:48AM +, Miod Vallat wrote:
> I have had a look at your diff and I think it's decent enough to go in
> after some polishing.
>
> Can Wacom tablet users try this cleaned up diff?
Hi,
My WACOM tablet stopped working with this, here is a dmesg with the patch and
On Tue, Aug 01, 2023 at 01:43:36PM +0200, p...@delphinusdns.org wrote:
> >Synopsis:non-terminated strings buffer in riscv64/cpu.c
> >Category:kernel
> >Environment:
> System : OpenBSD 7.3
> Details : OpenBSD 7.3-current (GENERIC.MP) #376: Thu Jul 13
> 03:59:40 MDT
On Thu, Aug 03, 2023 at 08:11:40PM +0200, Robert Palm wrote:
> I am looking at following code from arm64 and riscv64.
>
> ARM64:
> https://github.com/openbsd/src/blob/master/sys/arch/arm64/include/signal.h#L51
>
> --
> struct sigcontext {
> int
On Thu, Aug 03, 2023 at 08:29:31AM +0200, Peter J. Philipp wrote:
> On Thu, Aug 03, 2023 at 07:23:45AM +0100, Jason McIntyre wrote:
> > On Wed, Aug 02, 2023 at 05:52:02PM -0400, aisha wrote:
> > > Hi,
> > > Someone - https://www.youtube.com/watch?v=NQ5uD5x8vzg - me
On Thu, Aug 03, 2023 at 07:23:45AM +0100, Jason McIntyre wrote:
> On Wed, Aug 02, 2023 at 05:52:02PM -0400, aisha wrote:
> > Hi,
> > Someone - https://www.youtube.com/watch?v=NQ5uD5x8vzg - mentioned that
> > our man page for tar(1) doesn't have an extract example, so I thought it
> > would be
On Tue, Aug 01, 2023 at 11:11:43PM +0200, Robert Palm wrote:
> I own a VF 2 version 1.2a and can successfully install / boot the machine.
>
> The inner network port (dwqe1) works at 100 full duplex and receives ipv4
> via DHCP.
>
> The outer port currently doesn't seem to get an ip, but gets
Hi
On github someone reported an issue[0] regarding localhost MX entries.
Currently smtpd will just use the localhost relay. This leads to a
loop. Here a patch filtering localhost and localhost addresses for MX
requests.
As next step you could implement Null-MX (rfc 7505).
Philipp
[0] https
On Tue, Feb 07, 2023 at 10:41:34AM +, Stuart Henderson wrote:
> On 2023/02/07 10:20, Peter J. Philipp wrote:
> > Hi,
> >
> > Arslan Kabeer (on the Internet) made me aware of clickjacking being done on
> > my site using OpenBSD httpd. This following patch implement
Hi,
Arslan Kabeer (on the Internet) made me aware of clickjacking being done on
my site using OpenBSD httpd. This following patch implements a RFC 7034
protection called "noiframe" which disallows other sites (but not the same
site) to add an iframe to my site.
The config change is like this:
On Thu, Dec 29, 2022 at 02:38:18PM +0100, Janne Johansson wrote:
> > +#defineSCTLR_EOE 0x0100 /* endianness of
> > explcit data */
>
> Misspelled "explicit" there.
>
> --
> May the most significant bit of your life be positive.
Some had to be cut short in order
from:
https://developer.arm.com/documentation/den0024/a/ARMv8-Registers/System-registers/The-system-control-register?lang=en
The following patch tries to describe the system register in the source code to
the best of my ability. Source comment change only, no binary change.
Excuse that this is
Hi,
I don't know if we're locked but I'd like to point out that in NetBSD's
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/arm/rockchip/rk_anxdp.c.diff?r1=1.3=1.4_with_tag=MAIN
There is this change from 0x3 to 0x2. I don't know if it'll help me, as I have
a pinephone pro and this driver had
[2021-10-18 11:09] Jonathan Gray
> On Sun, Oct 17, 2021 at 04:23:50PM +0200, Philipp wrote:
> > Hello
> >
> > I'm currently working on getting OpenSMTPD-portable build. During this
> > I found some missing includes.
>
> It would help if you could descr
for this problem?
Philipp
Hello
I'm currently working on getting OpenSMTPD-portable build. During this
I found some missing includes.
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 7de52a1c568..b1307c4daa6 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -28,6 +28,8 @@
#include
out there is doing this already right?
Best Regards,
-peter
> Peter J. Philipp wrote:
>
> > Hi,
> >
> > I was wondering if anyone has wanted to implement DANE functions into
> > OpenBSD?
> > And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if
Hi,
I was wondering if anyone has wanted to implement DANE functions into OpenBSD?
And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd
be on someones toes here, if I start implementing...
With unwind we can make use of things such as DANE due to validation of DNSSEC.
On Mon, Jun 14, 2021 at 01:19:21PM -0700, Chris Cappuccio wrote:
[..]
> If you're going to print flags for some unsupported features, why
> not print them all?
>
> The 'features3' line doesn't look clean
>
> Typically uppercase flags like this are formatted like
OK in this next patch (below)
Hi,
I may be interested in looking into hyperv since I have a MS Windows Server 2019
machine that has a hyper-v running OpenBSD (half the resources). I have two
things that would need my attention 1. the time doesn't jump when I patch the
host OS and reboot, hyperv guest gets snapshotted at boot
On Thu, Jun 03, 2021 at 09:23:16PM +0200, Stefan Hagen wrote:
> Peter J. Philipp wrote:
> > On Thu, Jun 03, 2021 at 08:06:06PM +0200, Stefan Hagen wrote:
> >> Which one?
> >
> > It didn't say in the dmesg if I recall correctly, luckily I found the
> > packaging.
On Thu, Jun 03, 2021 at 08:06:06PM +0200, Stefan Hagen wrote:
> Peter J. Philipp wrote:
>
> > I have a Wacom Intuos.
>
> Which one?
It didn't say in the dmesg if I recall correctly, luckily I found the
packaging. CTL-490 DW-S.
> > I found that I could no
On Thu, Jun 03, 2021 at 05:10:57PM +0200, Stefan Hagen wrote:
> Hi,
>
> I'm using a Wacom CTL-490 to draw on virtual whiteboards in online
> meetings.
Hi,
I tried your patch and got rejections, though I was able to fix it. I have
a Wacom Intuos. I found that I could not write anything as good
[cross posting this to ppc@]
On Wed, May 19, 2021 at 12:27:51AM -0400, George Koehler wrote:
> On Thu, 13 May 2021 02:20:45 -0400
> George Koehler wrote:
>
> > My last diff (11 May 2021) still has a potential problem with memory
> > barriers. I will mail a new diff if I think of a fix.
>
>
On Mon, May 17, 2021 at 05:55:00PM +0200, Claudio Jeker wrote:
[..]
> > Granted I did not test it with a difficult config. And I advise any
> > committer
> > to test this fully before trusting my code. For me it's better than using
> > route and starting httpd twice, though.
> >
>
> I don't
Hi,
I found myself wanting this, this morning. I made a patch but then I put it
in the wrong spot, and noticed it needed rewriting of SERVER in parse.y.
Later in the day I found myself looking into this, and a better patch came out
of it. It works on a simple setup for me (mind the censored
>
> echo 'foo' | sudo tee /etc/foo >/dev/null;
Why don't you just do
echo foo > /etc/foo
or
sudo sh -c 'echo foo > /etc/foo' ?
I don't normally use sudo, so there might be some better way of using it.
Kind regards,
Philipp
Hi,
On IRC, someone and I were arbitrarily going through bcrypt.c and I noticed
the following resulting from bcrypt_newhash():
int
bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen)
{
char salt[BCRYPT_SALTSPACE];
if (bcrypt_initsalt(log_rounds, salt,
On Sat, Jan 02, 2021 at 05:10:01PM -0600, Chris Bennett wrote:
> On Sat, Jan 02, 2021 at 05:23:11PM +0100, Florian Obser wrote:
> >
> > Create .1 backup files when acme-client is going to overwrite a
> > certificate file.
> >
> > This files are not terribly big and it's convenient to keep one
>
Sorry I apologize, I had my kern.audio.record set to 0. It works for me.
*red faced*
-peter
On Wed, Nov 18, 2020 at 04:12:25PM +0100, Peter J. Philipp wrote:
> On Wed, Nov 18, 2020 at 11:00:17AM +0100, Alexandre Ratchov wrote:
> > Thanks; semarie suggested a similar diff,
On Wed, Nov 18, 2020 at 11:00:17AM +0100, Alexandre Ratchov wrote:
> Thanks; semarie suggested a similar diff, so below is an attempt to
> take into account all the suggestions:
>
> - add AUDIOPLAYDEVICE, to handle play-only devices as well. We've the
> very same problem for them.
>
> - use
On Tue, Nov 17, 2020 at 05:09:28PM +, Stuart Henderson wrote:
> On 2020/11/17 17:13, Peter J. Philipp wrote:
> > Hi,
> >
> > I have a mic on snd/1 and speakers on snd/0. I had tried a lot of different
> > settings with audacity port but couldn't get this to work
Hi,
I have a mic on snd/1 and speakers on snd/0. I had tried a lot of different
settings with audacity port but couldn't get this to work, so I chose the
method of last resort. Below is a patch to allow an AUDIORECDEVICE environment
variable specifying the wanted microphone.
-peter
Index:
think a broader approach could work. In general, the standard is
only concerned with state observable in the C abstract machine.
Everything else can only be hinted at (e.g. via volatile or something
like bzero/memset_explicit, etc).
Philipp
On Wed, Jul 29, 2020 at 05:42:16PM +0200, Florian Obser wrote:
> > First you mention fallback to DHCP-learned resolvers. Those you should
> > probably not trust indeed, but it looks like unwind(8) attempts to use
> > them to perform its own validation. So the value of the AD flag in
> >
On Fri, Jul 17, 2020 at 11:45:22PM +0200, Jesper Wallin wrote:
> Thoughts?
>
>
> Yours,
> Jesper Wallin
I found this very interesting. Too bad you didn't quote any RFC's that
support this behaviour because RFC 4033 says you shouldn't set the AD bit
in a query, RFC 4035 says something similar,
Hello,
This is an old patch from Gerhard Roth, and mpf@ dating back to 2007. Please
see: https://marc.info/?l=openbsd-tech=134943767022961=2
I contacted Gerhard who said instead of begging for this I should make it
IPv6 capable. So I tried and nearly flooded my ISP off the net (sorry),
it
On Thu, Apr 09, 2020 at 10:58:29PM -0400, George Koehler wrote:
> In the trace, #0 and #1 are wrong, but the rest of the trace looks
> good enough for WITNESS. I added an artificial lock order reversal to
> ums(4) for WITNESS to catch. I got this trace,
>
> #0 0xe4d764
> #1
On Thu, Apr 09, 2020 at 01:08:12PM +0200, Martin Pieuchot wrote:
> On 09/04/20(Thu) 12:20, Peter J. Philipp wrote:
> > It's April 9th for me, so no chance for April 1st things. Both patches
> > didn't
> > boot (they loaded on ofwboot though) for me. I assume you wan
It's April 9th for me, so no chance for April 1st things. Both patches didn't
boot (they loaded on ofwboot though) for me. I assume you wanted me to enable
WITNESS option which I did. The kernel did not print anything so it must have
done something before openfirmware...
I'm going to check out
Hi,
While code-reading the riscv64 port (which leans on some arm64 code), I have
found a small gotcha in /sys/arch/arm64/dev/mainbus.c. The patch is self
explanatory and leans on the fix from simplebus.c line 210.
Index: mainbus.c
Hi,
I have a patch for dump(8) if it is generally considered bad if percentage
done is over 100.0%. I checked the archives on marc.info for this and didn't
see any discussion whether this was a topic before.
Here is the odd DUMP message I got on a host:
DUMP: 102.41% done, finished in 0:00
On Tue, Jan 14, 2020 at 11:05:38AM -0700, Theo de Raadt wrote:
> Some of the pledges (such as "pf") exist to support a cluster of
> programs -- not just 1 program -- and improve their security by limiting
> what they can do. So that when the program gets subverted due something
> on it's input,
Hi,
I'm in the process of building a program that adds IP addresses to a table,
from the network, It is HMAC'ed.
I was stopped by a pledge, it seems it was not configured. Here is the
ktrace snippet:
40051 table-server CALL open(0xbb705fb11f6,0x2)
40051 table-server NAMI "/dev/pf"
40051
Am 10.01.2020 15:58 schrieb Tim Baumgard:
I found out that Apple requires nonstandard [1] attributes to fully
The other day nonstandard "gave" us javascript around the globe...
Cheers for putting this one in, was really kinda PITA and I didn't
know about this attribute.
--
pb
On Wed, Nov 06, 2019 at 11:30:32AM +0100, Florian Obser wrote:
> > @@ -94,7 +95,7 @@ host_dns1(const char *s, struct ntp_addr
> > struct ntp_addr *h, *hh = NULL;
> >
> > memset(, 0, sizeof(hints));
> > - hints.ai_family = AF_UNSPEC;
> > + hints.ai_family = (test_v4_gw() == 0)
Hi,
I have an IPv6 only host arrowhead.ip6.centroid.eu, that has very noisy:
Oct 29 09:12:48 arrowhead ntpd[18744]: DNS lookup tempfail
Oct 29 09:21:45 arrowhead last message repeated 2 times
in fact:
arrowhead# grep 'DNS lookup tempfail' /var/log/daemon | wc -l
1354
This is because the
Hi Miod,
Thanks for helping. With this patch unfortunatly I still get a trap 2 on
my small unifi security gateway which I pulled out again to test your patch.
--->
cnmac0: 192.168.177.35 lease accepted from 192.168.177.1 (24:a4:3c:06:9f:16)
pppoe0: received unexpected PADO
pppoe0: host
+0200, Janne Johansson wrote:
> Den ons 23 okt. 2019 kl 09:15 skrev Peter J. Philipp :
>
> > Hi Holger & Tech,
> >
> > I have made my octeon router work again and I have a patch.
> >
> >
> Truncated it a lot, leaving the things I reacted on:
>
>
>
On Wed, Oct 23, 2019 at 11:18:11AM +0200, Martin Pieuchot wrote:
> On 23/10/19(Wed) 08:43, Peter J. Philipp wrote:
> > Hi Holger & Tech,
>
> Hello Peter,
>
> > I have made my octeon router work again and I have a patch. But I'm not an
> > openbsd developer, nor
On Wed, Oct 23, 2019 at 08:21:50AM +0200, Holger Glaess wrote:
> hi
>
>
> here the traceback , i hope ;)
Hi Holger & Tech,
I have made my octeon router work again and I have a patch. But I'm not an
openbsd developer, nor is this patch official in any way. It was a lot of
debugging and
Am 10.07.2019 20:18 schrieb Theo de Raadt:
Ofcourse there are also custom sets, like site${VERSION}-*.tgz . Which
is
something to keep in mind.
Yeah, we could delete support for that entirely
Those of you so used to pushing buttons and requiring special features
used by a limited subset of
On Sun, Jan 20, 2019 at 12:56:22PM +, Stuart Henderson wrote:
> On 2019/01/18 10:59, Peter J. Philipp wrote:
> > I have "covered" up PPPoE Session ID's from users because it is a value that
> > is only gotten on the Data Link layer and historically non-root users did
I have "covered" up PPPoE Session ID's from users because it is a value that
is only gotten on the Data Link layer and historically non-root users did not
have access to that. It really is a value that doesn't concern them. I have
wrapped the display with a suser() conditional. The magic value
Hi,
I'd like to get some help determining if this is a problem per se. In
/sys/net/if_spppsubr.c lines 1323-1327 the nmagic is assembled and checked
against sp->lcp.magic, and if it doesn't match then it does something weird.
It resets the sp->pp_alivecnt to 0. This to me does nothing much
in theory my request
is right and it would be cool to have multiple nameserver entries that it
reads from the resolv.conf and then tries. (Oh noI'm a feature creep!)
Apologies,
-peter
On Sat, Jul 14, 2018 at 07:24:09AM +0200, Peter J. Philipp wrote:
> Hi,
>
> Yesterday I was messing with m
Hi,
Yesterday I was messing with my network and particularily my workstation with
the goal of having an internal nameserver serve "internal.centroid.eu" zones
for my computers at home, and also do "168.192.in-addr.arpa" reverse. I had
no luck diverting this from BIND, and then something
Hi,
While reading through rebound, I noticed the author uses a lot of magic numbers
in DNS flags field. I present OpenBSD a set of #defines that I wrote in 2002
on an OpenBSD/macppc iBook in Montreal. If I didn't write all of it then, I
followed up with it in 2005 when my own DNS server came
Hi,
I've been running iked for a while now and have been able to guess which iked
belongs to which rdomain by the cpu counter but as I'm using the other iked
more the cpu counter is about the same and it's confusing when I have to
restart iked with route exec.
I introduce the -r flag to fstat
Hello,
Yesterday I wrote to misc@ with this:
https://marc.info/?l=openbsd-misc=152302592426018=2
I apologize with the inline paste, thunderbird is just not good enough for
this stuff.
Anyhow I have produced this patch after upgrading the 6.2 box to 6.3. It all
works now:
Here is my config:
On Thu, Mar 29, 2018 at 10:01:02PM +0200, Peter J. Philipp wrote:
...
> The end result is here. I add 2 arguments to pf_scrub() for rule/state
> direction that is desired and direction that the packet is taking. Then
> in random-id the logic does not scrub when we had an "
Hi,
While writing my own patches to the OpenBSD kernel and the pf subsystem, I
noticed that random-id packets scrub twice. I noticed this by copying
random-id's code and modifying it a little. From that grew a little patch
for scrub and random-id and I'd like OpenBSD to consider it. I sent a
Hi,
While auditing something in and around /usr/src/usr.sbin/httpd/logger.c
(didn't find what I was looking for), I noticed that logger_log() was
returning with an int but the return value was not processed at all. Here
is a small patch that makes the return value void. I tested this patch
Hi,
I have a program that constantly stalls on reading /etc/spwd.db with
SHA256File() (from sha2.h). Here is the program flow:
>
sha256file: Operation not permitted
on file: /etc/spwd.db
2f6574632f737077642e6462
^C
beta$ stat /etc/spwd.db
1024 78977 -rw-r- 1 root _shadow 327856
indirectly,
again sorry.
-peter
On 05/09/17 23:14, Ted Unangst wrote:
> Peter J. Philipp wrote:
>> In my tinkering with the ELFSEC mechanism, I have noticed something
>> possibly troubling. In /sys/kern/exec_script.c shellname is a pointer
>> to cp which is a pointer to hdrstr whic
On Tue, May 09, 2017 at 10:05:28PM +0200, Peter J. Philipp wrote:
> Hi,
>
> In my tinkering with the ELFSEC mechanism, I have noticed something
> possibly troubling. In /sys/kern/exec_script.c shellname is a pointer
> to cp which is a pointer to hdrstr which is a pointer to epp-&g
Hi,
In my tinkering with the ELFSEC mechanism, I have noticed something
possibly troubling. In /sys/kern/exec_script.c shellname is a pointer
to cp which is a pointer to hdrstr which is a pointer to epp->ep_hdr...
When calling the intended set shellname variable, later, I get part of the ELF
On Fri, May 05, 2017 at 10:48:30PM +, Christian Weisgerber wrote:
> On 2017-05-05, "Peter J. Philipp" <p...@centroid.eu> wrote:
>
> > This is my second official contribution to what I call ELFSEC, it places a
> > signature in binaries, in the ELF header t
On Fri, May 05, 2017 at 05:25:57PM +0100, Kevin Chadwick wrote:
> > There was concern about my use of MD5 HMAC's so I
> > took them out. The ELF header of 32 bit systems is too small to fit
> > SHA256 checksums, so I'm leaving it out.
>
> Have you considered CMAC which can be truncated if need
/*
* System call names.
@@ -393,4 +393,5 @@ char *syscallnames[] = {
"#328 (obsolete __tfork51)",/* 328 = obsolete __tfork51 */
"__set_tcb",/* 329 = __set_tcb */
"__get_tcb",/
Am 31.03.2017 15:39 schrieb Jeremie Courreges-Anglas:
I think the current wording is fine; no need for an option to set
_default_ values.
options are good - as long as they're optional --art
--
pb
Hi folks,
after trying forth and back to overcome some limitations in relayd along
multiple
"instances" and rdomain/rtable I decided to scrub some rust of my C/yacc
and
produced the following diffs against -current to relayd and relayctl.
Feats:
- relayd/relayctl: -s sockname; obviously and
Hi there,
while crawling through relayd source, I noticed that there is I:P: in
getopt.
P is obviously setting the proc-title, but I am unsure what to "get"
from an
instance-number via -I.
This found way into httpd, snmpd, switchd and vmd also; mainly while
g2k16.
If someone dares to
On Mon, Feb 27, 2017 at 11:14:13AM +0100, Jeremie Courreges-Anglas wrote:
> "Peter J. Philipp" <p...@centroid.eu> writes:
>
> > On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote:
> >> I had a patch somewhere for TSIG as well somewhere, give me
On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote:
> I had a patch somewhere for TSIG as well somewhere, give me some time to
> find it. TSIG can secure the channel as well, but my implementation wasn't
> all that pretty.
Here is the patch, it would need fixing up, an
On Mon, Feb 27, 2017 at 10:19:52AM +0100, Jeremie Courreges-Anglas wrote:
> > Thanks for considering my patch. OpenBSD tremendously improves with this
> > work of yours, I'm all for it! However to make use of this DNSSEC mode,
> > the channel to the recursive DNS server has to be absolutely
On Mon, Feb 27, 2017 at 12:35:33AM +0100, Jeremie Courreges-Anglas wrote:
> Setting the AD flag for a query is possible, however those semantics are
> newer than the EDNS0 extension. As far as I know, rfc6840 introduced
> AD=1 for queries in 2013, whereas rfc3225 specifies the DO flag since
>
Hi,
I'm not the best in reading patches, so I'm going to query you. Does
your patch check for the "AD" flag from the resolver? As basically a
DNSSEC able recursive nameserver should set this meaning it has
authenticated the data. I wrote a patch for DNSSEC (possibly erroneous
by comparing it
Hi,
Please consider this patch for the pf.conf.5 manpage, it took me hours to
figure out what went wrong with my network after parts stopped working due
to this example. Changing it to what I have now makes it work right.
Symptoms without this fix caused IPv6 neighbours to stop pinging/being
Am 15.05.2016 12:10 schrieb Stefan Sperling:
They key point seems to be that you're trying to route between
different
rdomains. I believe you must use pf to route traffic coming from this
IP (which is in rdomain 0) to vether1 (which is in rdomain 2)
or look into pair(4), also.
--
pb
Moin,
while trying to push rdomain setups a bit further, I noticed that relayd
is using a fixed anchor.
For the pre-rdomain days this was sufficient, but nowadays that might
look a bit different.
Some dance with 'match pftag', carefully crafted (read:unique)
rdr-subanchor-names
can make
Hi,
I have a patch for TSIG authentication in libasr. It is enabled by the "tsig"
keyword in /etc/resolv.conf. My /etc/resolv.conf looks like this:
search centroid.eu
#nameserver 192.168.34.1
nameserver 200.46.208.61
tsig secret-key.:DONTTRY
lookup file bind
The HMAC over the TSIG is
base)
> [...]
> + if (year < MINYEAR || ct.mon < 1 || ct.mon > 12 || ct.day < 1 ||
> ct.day > 31 || ct.hour > 23 || ct.min > 59 || ct.sec > 59) {
> [...]
I'm not sure if this applies here as well. In some places sec == 60 is
used for leap seconds.
Th
Luke, don't feel bad. Very little code that is "offered" gets taken by
the OpenBSD project. OpenBSD really only takes when they see benefit
for the project. An example for that is openssh. What you really want
to do is focus on your own projects and make them available somewhere so
that when
Hello,
I had nothing better to do tonight after work so I read a little in httpd.
I have come up with a patch for i386 and any architecture where off_t !=
size_t.
So on i386 there is this:
uranus$ ./sizetest
off_t = 8
size_t = 4
and I have these files in a directory:
uranus$ ls -lhi
total
On Fri, Jan 15, 2016 at 08:36:05PM +, Peter J. Philipp wrote:
> Hello,
>
> I had nothing better to do tonight after work so I read a little in httpd.
> I have come up with a patch for i386 and any architecture where off_t !=
> size_t.
>
> So on i386 there is this:
&g
On Sat, Jan 16, 2016 at 04:35:16AM +, Peter J. Philipp wrote:
> Hello again,
>
> I couldn't sleep because for some reason my head was spinning around this
> code. In sleep I reviewed what I remembered of this code and noticed two
> things.
>
> 1. My patch was against
1 - 100 of 143 matches
Mail list logo
