Re: pckbd volume keys (part 1), diff to test

On Fri, May 23, 2014 at 12:42:31PM +0200, Alexandre Ratchov wrote: On Wed, Apr 30, 2014 at 01:06:48AM +0200, Alexandre Ratchov wrote: This diff attempts to unify volume keys; it makes pckbd and ukbd volume keys behave like all other volume keys (acpithinkpad, acpiasus, macppc/abtn and

remove appletalk from netintro(4)

Support for Appeltalk (sys/netatalk) was removed about 3 years ago but netintro(4) still mentions it. Remi Index: netintro.4 === RCS file: /cvs/src/share/man/man4/netintro.4,v retrieving revision 1.44 diff -u -p -r1.44 netintro.4

Re: acpiec(4): clear events based on vendor

On Tue, Jun 10, 2014 at 06:25:33PM +0300, Paul Irofti wrote: After discussions with Theo we decided to walk the table where needed instead of using the soft state variables. Also adding all the Samsung models to the quirks table (as per the Linux EC quirks table). I tried this diff with

Re: acpiec(4): clear events based on vendor

On Wed, Jun 11, 2014 at 09:11:54AM +0300, Paul Irofti wrote: On Tue, Jun 10, 2014 at 11:50:02PM +0200, Remi Locherer wrote: On Tue, Jun 10, 2014 at 06:25:33PM +0300, Paul Irofti wrote: After discussions with Theo we decided to walk the table where needed instead of using the soft state

Re: [PATCH] Atheros AR9281 miniPCI-E new product id 2nd try

On Mon, Jun 02, 2014 at 03:25:19PM +0200, Stefan Sperling wrote: On Mon, Jun 02, 2014 at 11:41:52AM +0200, Stefan Sperling wrote: On Sun, Jun 01, 2014 at 09:17:09PM +0200, mijenix wrote: Hope someone can commit the new product id. Connecting to a WLAN network works and also hostap mode.

Re: ksh history bug

On Wed, Aug 13, 2014 at 07:41:08PM +0100, Jason McIntyre wrote: hi! notice how ksh's history command (fc -l) does not list the last typed history command: $ ls $ date Wed Aug 13 19:29:59 BST 2014 $ history 1 ls 2 date the only thing

Re: acpi global lock diff that needs testing

Mark Kettenis mark.kettenis at xs4all.nl writes: On amd64/i386 there is this nasty thing called SMM mode. This allows BIOS writers to run code behind the back of the OS to do all sorts of crazy stuff like simulating a legacy PC keyboard controller on systems that don't have one, or spin up

new login style: yubikey-and-pwd

This patch privides a new login style: yubikey-and-pwd. The idea is from login_totp-and-pwd from the login_oath port. I tried to keep the patch small and not touch to many things. But probably it would be bette to chang more stuff (eg: there are now two backchannels: *back from login_passwd.c

Re: new login style: yubikey-and-pwd

password changes. Even without the encrypt/decrypt functionality a tool like ssh-keygen for yubikey in base would be nice. It could be used to generate the key and id file and write it to the yubikey. On Sat, Jan 04, 2014 at 10:55:39AM +0100, Remi Locherer wrote: This patch privides a new login

Re: new login style: yubikey-and-pwd

On Sun, Jan 05, 2014 at 12:26:05PM +, Stuart Henderson wrote: On 2014/01/05 13:10, Remi Locherer wrote: + /* only test the password if yubikey auth was successful */ This should be done even if Yubikey auth fails, to avoid disclosing information due to timing. Good point! I changed

Re: new login style: yubikey-and-pwd

On Sun, Jan 05, 2014 at 06:44:22PM -0600, Kent R. Spillner wrote: Still haven't tested, but I also saw: +password_pwd = malloc(password_pwd_len + 1); /* +1 for \0 */ + +/* extract the password */ +for ( cnt = 0 ; cnt password_pwd_len ; cnt++ ) +password_pwd[cnt] =

rdomain(4) man page additions

Hi I think the following additions to the rdomain(4) man page would be usefull for people that want to start using rdomains and rtables. Remi Index: rdomain.4 === RCS file: /home/remi/cvs/src/share/man/man4/rdomain.4,v retrieving

install efi bootloader into an additional directory

Hi Since we have efiboot creating a multiboot environment on amd64/i386 became simpler. One obstacle is that (all?) OSs write their bootloader to the default loction efi/boot/ on the EFI Sys partition. Some OSs also create an efi/XXX directory where they put most of their stuff (centos, ubuntu,

[PATCH] install efi bootloader into an additional directory

Nobody else using OpenBSD on in an UEFI multiboot setup? On Thu, Jan 28, 2016 at 09:04:40AM +0100, Remi Locherer wrote: > Hi > > Since we have efiboot creating a multiboot environment on amd64/i386 > became simpler. One obstacle is that (all?) OSs write their bootloader > to the

Re: axen improvements

On Sat, Mar 19, 2016 at 05:09:34PM -0400, Brandon Mercer wrote: > I've recently acquired a usb3.0->gigabit ethernet adapter. It did not > attach reliably, pass traffic reliably, and it made my machine panic > when I unplugged it. Takahiro HAYASHI suggested that the reset > code doesn't do anything

patch for resolv.conf(5)

The resolver supports more than 3 nameservers. Index: resolv.conf.5 === RCS file: /cvs/src/share/man/man5/resolv.conf.5,v retrieving revision 1.48 diff -u -p -r1.48 resolv.conf.5 --- resolv.conf.5 23 Nov 2015 18:04:53 -

small patch for relayd.conf.5

Hi I think there is a small mistake in relayd.conf.5. Remi Index: relayd.conf.5 === RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.170 diff -u -p -r1.170 relayd.conf.5 --- relayd.conf.5 29 Jul 2016

Re: rebound quantum entanglement

On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > wont this also mean if it is not running i have to wait for the localhost > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so > > > i > > > slow everything down for a timeout? > > > > Not if he

Re: rebound quantum entanglement

On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > On 2016/09/15 10:39, Remi Locherer wrote: > > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > > wont this also mean if it is not running i have to wait for the > > > > &

ospfd - handling mtu changes

Hi, I ran into problems with mtu sizes on interfaces (gif in my case) and ospfd. mtu was not the same on both sites so adjacency could not be formed. The mtu mismatch is also logged by ospfd. Just changing the MTU with ifconfig is not enough in such a case. I did not want to restart ospfd since

Re: ospfd - handling mtu changes

On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Anglas wrote: > Remi Locherer <remi.loche...@relo.ch> writes: > > > Hi, > > > > I ran into problems with mtu sizes on interfaces (gif in my case) and > > ospfd. mtu was not the same on both sites

ospfd - add metric and type to print_redistribute

Hi, In the output of ospfd -nv I miss metric and type for the redistribute statement. The below patch adds this. Sample output: remi@mistral:..in/ospfd% doas obj/ospfd -nv WARNING: IP forwarding NOT enabled, running as stub router router-id 10.10.10.1 fib-update yes rfc1583compat yes stub

Re: ospfd - handling mtu changes

On Mon, Dec 05, 2016 at 06:06:42PM +0100, Remi Locherer wrote: > On Tue, Nov 29, 2016 at 12:14:40PM +0100, Jeremie Courreges-Anglas wrote: > > Remi Locherer <remi.loche...@relo.ch> writes: > > > > > On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Angl

Re: ospfd - handling mtu changes

On Tue, Nov 29, 2016 at 12:14:40PM +0100, Jeremie Courreges-Anglas wrote: > Remi Locherer <remi.loche...@relo.ch> writes: > > > On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Anglas wrote: > >> Remi Locherer <remi.loche...@relo.ch> writes: >

Re: ospf6d: handle interface MTU changes

On Wed, Dec 21, 2016 at 12:08:23PM +0100, Jeremie Courreges-Anglas wrote: > > Hi, > > After ospfd here's a diff to make ospf6d refresh his view of an > interface's MTU at runtime. This needs a fresh kernel. > > The parent should pass the IFINFO message to its children first, and > then decide

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Tue, Jul 04, 2017 at 11:00:18PM +0200, Remi Locherer wrote: > On Sun, Jun 25, 2017 at 11:47:09PM +0200, Remi Locherer wrote: > > Hi, > > > > ospfd does not react nicely when running "sh /etc/netstart if". > > > > This is because adding the

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > > On 06/25/17 23:47, Remi Locherer wrote: > > > Hi, > > > > > > ospfd does not react nicely when running "sh /etc/netstart

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > On 06/25/17 23:47, Remi Locherer wrote: > > Hi, > > > > ospfd does not react nicely when running "sh /etc/netstart if". > > > > This is because adding the same address again

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Sun, Jun 25, 2017 at 11:47:09PM +0200, Remi Locherer wrote: > Hi, > > ospfd does not react nicely when running "sh /etc/netstart if". > > This is because adding the same address again do an interface results > in RTM_DELADDR and RTM_NEWADDR. ospfd hand

ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

Hi, ospfd does not react nicely when running "sh /etc/netstart if". This is because adding the same address again do an interface results in RTM_DELADDR and RTM_NEWADDR. ospfd handles the former but the later. If this happens ospfd says "interface vether0:192.168.250.1 gone". Adjacencies on that

Re: hidmt: add support for hybrid mode

On Sun, Oct 08, 2017 at 09:22:46AM -0500, joshua stein wrote: > This adds support for Hybrid mode for Windows Precision Touchpads > (ihidev/imt). If yours only works with one finger, this should fix > that. > > This also changes the way SET_REPORTs are sent to put the touchpad > into touchpad

Re: ugold(4): add support for TEMPer1F_H1V1.5F

On Wed, Oct 04, 2017 at 10:52:31PM +0200, Jan Klemkow wrote: > Hi, > > This diff adds support for the "TEMPer1F_H1V1.5F" USB temperature and > humidity sensor to the ugold(4) driver. I got reasonable values from > the device, but as mentioned in this github issue [1] they are not very >

Re: imt/hidmt: tests with "Windows Precision Touchpads" needed

On Tue, Sep 19, 2017 at 09:43:37PM +0200, Ulf Brosziewski wrote: > This patch adapts hidmt - which is used by imt(4) - to the multitouch > interface of wsmouse, and it adds the compat-mode configuration required > by the wsmouse-internal touchpad input driver. > > Tests with both the synaptics

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Wed, Aug 23, 2017 at 12:22:03AM +0200, Florian Riehm wrote: > On 08/21/17 18:57, Remi Locherer wrote: > > On Mon, Jul 24, 2017 at 04:59:46PM +0200, Remi Locherer wrote: > > > On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > > > > On Fri, Jul 21, 201

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

On Mon, Jul 24, 2017 at 04:59:46PM +0200, Remi Locherer wrote: > On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > > On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > > > On 06/25/17 23:47, Remi Locherer wrote: > > > > Hi, > > >

document how ospfd interacts with carp

Hi, ospfd.conf(5) should mention what ospfd does automatically when configured on carp interfaces. ok? Remi Index: ospfd.conf.5 === RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v retrieving revision 1.48 diff -u -p -r1.48

Re: dwiic: add pci attachment

On Fri, Nov 03, 2017 at 12:01:15PM -0500, joshua stein wrote: > Intel 100 Series laptops have the DesignWare I2C controller > attaching via PCI instead of ACPI, so move the guts of dwiic(4) into > ic/ and add dwiic_acpi and dwiic_pci files. Unfortunately the PCI > attachment still needs to

document capability dc in remote(5)

Hi, in 2015 remote(5) was trimmed down when tip was removed. It looks like documentation for capability "dc" was also removed by accident. cu(1) still supports this (src/usr.bin/cu/cu.c): 381 if (is_direct == -1 && cgetcap(cp, "dc", ':') != NULL) 382 is_direct = 1; Below

Re: dwiic(4) fix

On Tue, May 22, 2018 at 05:43:01PM +0200, Mark Kettenis wrote: > > Date: Mon, 21 May 2018 17:25:47 -0700 > > From: Mike Larkin > > > > On Mon, May 21, 2018 at 12:44:47PM +0200, Mark Kettenis wrote: > > > The diff below fixes I2C_OP_WRITE_WITH_STOP operations. Currently we

ospfd: deal with /etc/netstart, changes of netmask and dest_addr

Hi, in some circumstances ospfd behaves not the way a user would expect and it's not easy understand how to recover. With below diff ospfd recovers automatically from the following three cases. 1) netstart When someone runs the netstart script on a running system it most likely assigns the

ospf6d: fix resending LSAs on if change

Hi, ospf6d does not resend LSAs when a carp interface goes into backup state. This is unfortunate since other routers may still use the route to the backup router or they even do ECMP and send traffic to the master and backup. This minimal diff adds braces to fix it: Index: rde.c

ospf6d: MAX_METRIC for carp backup interfaces

Hi, ospfd sends LSAs with MAX_METRIC for carp interfaces in state backup. This does the same for ospf6d. While here also document how ospf6d treats carp interfaces. OK? Remi Index: ospf6d.conf.5 === RCS file:

Re: ospfd: deal with /etc/netstart, changes of netmask and dest_addr

On Tue, Jun 19, 2018 at 03:59:24PM +0100, Stuart Henderson wrote: > On 2018/06/18 08:53, Remi Locherer wrote: > > Index: ospfd.h > > === > > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v > > retrieving re

Re: ospfd/parse.y : fix line count

On Sat, Jun 02, 2018 at 10:33:11PM +0200, Denis Fondras wrote: > Applying otto@'s diff to ospfd. > Fixes an off-by-one line count when using include statements. > > Ok ? I applied your diff and verified that the line number for errors in included files is now correct. ok remi@ > > Index:

Re: ospf6d/parse.y : fix line count

On Sat, Jun 02, 2018 at 10:33:07PM +0200, Denis Fondras wrote: > Applying otto@'s diff to ospf6d. > Fixes an off-by-one line count when using include statements. > > Ok ? I applied your diff and verified that the line number for errors in included files is now correct. ok remi@ > > Index:

ospf6ctl sh data intra : print metric

Hi, this adds "Metric: " to the output of "ospf6ctl show database intra". It looks like this: -- LS age: 1152 LS Type: Intra Area (Prefix) Link State ID: 1.0.0.0

ospf6ctl.8 - document missing database filters

Hi, the ospf6ctl manual misses two database filters. OK? Remi Index: ospf6ctl.8 === RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.8,v retrieving revision 1.11 diff -u -p -r1.11 ospf6ctl.8 --- ospf6ctl.8 5 Nov 2017 17:45:02 -

ospf6d: fix metric for intra area prefix LSAs

Hi, RfC 5340 says that for intra area prefix LSAs metric should be set to 0 in case of point-to-multipoint or loopback interfaces. Otherwise metric should be set to the value of the interfaces output cost. ospf6d currently sends intra area prefix LSAs *always* with metric 0. Below diff fixes

Re: ospf6d: fix metric for intra area prefix LSAs

On Wed, Jun 06, 2018 at 09:01:49AM +0200, Claudio Jeker wrote: > On Wed, Jun 06, 2018 at 08:06:30AM +0200, Remi Locherer wrote: > > Hi, > > > > RfC 5340 says that for intra area prefix LSAs metric should be set to 0 > > in case of point-to-multipoint or loopback i

Re: ospfd: deal with /etc/netstart, changes of netmask and dest_addr

On Fri, Jun 22, 2018 at 12:25:40AM +0200, Jeremie Courreges-Anglas wrote: > On Tue, Jun 19 2018, Remi Locherer wrote: > > On Tue, Jun 19, 2018 at 03:59:24PM +0100, Stuart Henderson wrote: > >> On 2018/06/18 08:53, Remi Locherer wrote: >

Re: isakmpd.policy check

On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote: > On 2018/01/04 12:47, Martin Pieuchot wrote: > > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > > we do. > > This means you trust your ipsec peers not to request an invalid flow. > That's reasonable if

Re: bridge(4): protected interface (port)

On Wed, Jan 24, 2018 at 11:27:51PM +, Tom Smyth wrote: > Hello, Martin, Remi, All > Im very excited about this feature, Thanks Martin, > Please see Comments inline below > > On 23 January 2018 at 18:06, Remi Locherer <remi.loche...@relo.ch> wrote: > > On Mon, Jan 2

Re: ospfd: depend on interface (new feature)

On Sun, Feb 04, 2018 at 05:19:59AM +0100, Claudio Jeker wrote: > On Sun, Feb 04, 2018 at 12:42:22AM +0100, Remi Locherer wrote: > > Hi > > > > This adds a new feature to ospfd: depend on interface. > > > > A ospfd.conf using it looks like this: > > >

ospfd: depend on interface (new feature)

Hi This adds a new feature to ospfd: depend on interface. A ospfd.conf using it looks like this: --%<-- redistribute default depend on carp0 area 0.0.0.0 { interface em2 { depend on carp0 } [...] } --%<-- This router would send out the default route and the em2 network with

Re: ospf6d only needs AF_INET6 route messages

On Thu, Feb 08, 2018 at 11:52:01AM +0100, Sebastian Benoit wrote: > can someone confirm that ospf6d still works with this change? > > oks? ospf6d works as before with this change. It also matches what ospfd does. OK remi@ > > (benno_ospf6d_kroute.diff) > > diff --git usr.sbin/ospf6d/kroute.c

Re: ospfd getting confused about who is DR

On Fri, Feb 09, 2018 at 03:39:43AM +0100, Claudio Jeker wrote: > On netsplits it can happen that on join multiple ospfd end up as DR. > In my case with 3 routers the one cut off stays DR even though the rest of > the network already has a DR and BDR. > > Looking into this it seems that in some

Re: LACP Administrative Knobs

On 2018-08-09 03:53, Carlos Cardenas wrote: On Mon, Aug 06, 2018 at 08:18:23PM -0700, Carlos Cardenas wrote: Howdy. Attached is a patch from my work that started at g2k18 on adding administrative knobs to our LACP driver. The driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only has

ospfd: prevent additional ospfd from starting

Hi tech, recently we had a short outage in our network. A script started an additional ospfd instance because the -n flag for config test was missing. What then happend was not nice: - The new ospfd unlinked the control socket of the first ospfd - The new ospfd removed all routes from the first

Re: ospfd: prevent additional ospfd from starting

On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: > On Wed, Aug 22, 2018 at 12:12:10AM +0200, Remi Locherer wrote: > > On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > > > On 2018/08/21 17:16, Remi Locherer wrote: > > > > Hi tech, &g

Re: ospfd: prevent additional ospfd from starting

On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > On 2018/08/21 17:16, Remi Locherer wrote: > > Hi tech, > > > > recently we had a short outage in our network. A script started an > > additional > > ospfd instance because the -n

Re: ospfd: prevent additional ospfd from starting

On Tue, Aug 28, 2018 at 07:56:43AM +0200, Claudio Jeker wrote: > On Mon, Aug 27, 2018 at 11:33:19PM +0200, Remi Locherer wrote: > > On Fri, Aug 24, 2018 at 12:21:31PM +0200, Remi Locherer wrote: > > > On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: [ snip ]

Re: ospfd: prevent additional ospfd from starting

On Fri, Aug 24, 2018 at 12:21:31PM +0200, Remi Locherer wrote: > On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: > > On Wed, Aug 22, 2018 at 12:12:10AM +0200, Remi Locherer wrote: > > > On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > >

ospfd: pledge parent process

Hi, Since slaacd is able to use pledge in the parent process I thought it may be possible for ospfd too. It works fine until ospfd gets reloaded. At this point it uses setsockopt to set the priority filter on the routing socket. Since I could not find a promise for this I extended wroute. Does

Re: ospfd: pledge parent process

On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > Hi, > > > > Since slaacd is able to use pledge in the parent process I thought it may > > be possible for ospfd too. > > &

Re: ospfd: pledge parent process

On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > Hi, > > > > Since slaacd is able to use pledge in the parent process I thought it may > > be possible for ospfd too. > > &

Re: ospfd: pledge parent process

On Sun, Sep 02, 2018 at 08:05:55AM +0200, Remi Locherer wrote: > On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > > Hi, > > > > > > Since slaacd is able to use pledge in

ospf6d: prevent additional ospf6d from starting

Hi, this is the adaption of the recent ospfd commit to ospf6d. Early in the startup the main process checks if another process is listening on the control socket and exits if that is the case. Otherwise the master process opens the control socket and passes it on to the ospf engine. OK? Remi

ospf6d: depend on

Hi, With the "depend on" option routes are sent out with a metric of 65535 if the referenced interface is down or in state backup. This is especially useful on a carp cluster to ensure all traffic goes to the carp master. This is similar to what we have for ospfd. A configuration using this

ospfd: change control socket to ospfd.sock.

Hi, This changes the name of the ospfd control socket to include the rdomain. It's similar to what bgpd does. OK? Remi Index: ospfd/ospfd.c === RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v retrieving revision 1.98 diff -u -p

Re: pledge ospf6d

On Tue, Jul 10, 2018 at 07:12:01PM +0200, Florian Riehm wrote: > Hi, > > this adds pledge to the ospf6d route decision engine and the ospf engine. > It is compared to the ospfd quite simple, since ospf6d does not support > reload, > rdomains and kif-interfaces. > > ok? builds and runs fine. OK

Re: bgpd: announce prefixes with priority n

On Wed, Jul 11, 2018 at 12:43:41AM +0200, Sebastian Benoit wrote: > hi, > > allows you to announce prefixes from the kernel routing table selected by > priority. > > lightly tested, as in, the config part works. > > network inet priority 32 > > ok? works in my lab setup. OK remi@ > >

Re: ospf6d: depend on

On Tue, Jul 10, 2018 at 03:22:43PM +0200, Remi Locherer wrote: > Hi, > > With the "depend on" option routes are sent out with a metric of 65535 if > the referenced interface is down or in state backup. This is especially > useful on a carp cluster to ensure all traffi

ospfd printconf: print rdomain

This makes "ospfd -nv" print the rdomain config option if present. OK? Remi Index: printconf.c === RCS file: /cvs/src/usr.sbin/ospfd/printconf.c,v retrieving revision 1.18 diff -u -p -r1.18 printconf.c --- printconf.c 5 Feb 2018

ospf6d: add support for rdomains

Hi, This adds rdomain support to ospf6d. It works the same as in ospfd. OK? Remi Index: ospf6ctl/ospf6ctl.c === RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v retrieving revision 1.48 diff -u -p -r1.48 ospf6ctl.c ---

Re: ospf6d: depend on

On Wed, Jul 11, 2018 at 02:59:30PM +0200, Florian Riehm wrote: > Hi, > > successfully tested. I like the feature! Thanks! > Some (mostly cosmetic) comments inline. I fixed them. Updated diff below. > Index: ospfe.c > === > RCS

Re: ospf6d: remove unneded log_setverbose()

On Mon, Jul 09, 2018 at 10:42:16AM +0200, Claudio Jeker wrote: > On Mon, Jul 09, 2018 at 10:31:15AM +0200, Remi Locherer wrote: > > later on it is set with: > > log_setverbose(ospfd_conf->opts & OSPFD_OPT_VERBOSE); > > > > OK? > > Shouldn't we in

ospf6d: remove unneded log_setverbose()

later on it is set with: log_setverbose(ospfd_conf->opts & OSPFD_OPT_VERBOSE); OK? Index: ospf6d.c === RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v retrieving revision 1.35 diff -u -p -r1.35 ospf6d.c --- ospf6d.c5 Nov 2017

Re: bridge(4): protected interface (port)

On Mon, Jan 22, 2018 at 04:23:59PM +0100, Martin Pieuchot wrote: > Diff below adds a new feature to bridge(4), similar to Cisco's Protected > Port but with more possibilities. > > The idea is to prevent traffic to flow between some members of a bridge(4). > For example: > - you want to prevent

Re: ospfd: depend on interface (new feature)

On 2018-04-20 14:46, Kapetanakis Giannis wrote: On 04/02/18 01:42, Remi Locherer wrote: Hi This adds a new feature to ospfd: depend on interface. A ospfd.conf using it looks like this: --%<-- redistribute default depend on carp0 area 0.0.0.0 { interface em2 { depend on ca

Re: ospfd: depend on interface (new feature)

On 2018-04-20 15:39, Kapetanakis Giannis wrote: On 20/04/18 16:20, Remi Locherer wrote: On 2018-04-20 14:46, Kapetanakis Giannis wrote: While it does the job for local connected/static networks (on the router), it doesn't do it for forwarded routes which I learn from remote OSPF routers

unveil ospfd's parent proc

Hi, this restricts ospfd's parent process to only read it's config file (reload) and unlink the control socket on exit. I added unveil after the setup of the control socket is done since chmod is used in control_init. OK? Remi Index: ospfd.c

Re: unveil ospfd's parent proc

st_list, entry); > free(r); > > On 15:58 Sun 28 Oct , Florian Obser wrote: > > Sorry, I'm on a phone. The diff context looks like the control FD is > > already open at this point. Does ospfd later re-open it? > > > > On October 27, 2018 11:2

Re: unveil ospfd's parent proc

11:25:58 PM GMT+02:00, Remi Locherer > wrote: > >On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > >> Remi Locherer wrote: > >> > >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > >> > > This breaks usage o

Re: unveil ospfd's parent proc

gt; > > ospfd_shutdown(); > > @@ -308,7 +313,6 @@ ospfd_shutdown(void) > > msgbuf_clear(_rde->ibuf.w); > > close(iev_rde->ibuf.fd); > > > > - control_cleanup(ospfd_conf->csock); > > while ((r = SIMPLEQ_FIRST(_conf->redist_list)) != NU

unveil ospf6d's parent proc

Hi, ospf6d does not support reloading so its parent proc does not need filesystem access with the exception of the control socket cleanup on exit. Once we teach it how to reload the config it is easy to unveil "/" readonly as I just did for ospfd. OK? Remi cvs diff: Diffing . Index: ospf6d.c

Re: unveil ospfd's parent proc

2018 5:26:06 PM GMT+02:00, Remi Locherer > wrote: > >Hi, > > > >this restricts ospfd's parent process to only read it's config file > >(reload) > >and unlink the control socket on exit. I added unveil after the setup > >of > >the control socket

Re: disable fs access on ripd

On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote: > Remi Locherer wrote: > > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote: > > > Hi, > > > > > > After all files are opened ripd(8) can have the fs access disabled just &g

Re: disable fs access on ripd

On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote: > Hi, > > After all files are opened ripd(8) can have the fs access disabled just before > each process main loop. Its 2 childs already run under chroot, but since they > are still not pledged at least they have no way to

Re: disable fs access on ripd

On Tue, Oct 30, 2018 at 05:31:04PM +, Ricardo Mestre wrote: > clearly an oversight due to looking at too many daemons at the same > time. since the only thing ripd needs to do is unlink the socket I think > we can remove control_cleanup, even though I'd rather do this > introducing pledge, but

Re: unveil ospfd's parent proc

On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > Remi Locherer wrote: > > > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > > > This breaks usage of the "include" keyword. Something that all the > > > parse.y daemon

Re: unveil dhclient (privileged process)

On Mon, Nov 05, 2018 at 12:30:08PM +, Ricardo Mestre wrote: > Hi, > > dhclient(8)'s privileged process cannot be pledged yet due to some route > related sysctl(2)'s, but it seems it only needs to access two files. One is > /etc/resolv.conf with write/create permissions and saved_argv[0]

ripd.conf man page fix

Hi, the default for triggered-updates is no. OK? Remi cvs diff: Diffing . Index: ripd.conf.5 === RCS file: /cvs/src/usr.sbin/ripd/ripd.conf.5,v retrieving revision 1.15 diff -u -p -r1.15 ripd.conf.5 --- ripd.conf.5 18 Jun 2018

ripd.conf: allow interface without { }

Hi, ripd wants curly braces for interface blocks even if no parameters are specified. This is inconsistent with other daemons and a bit annoying. Below diff makes ripd accepting interface if0 without { } afterwards. The example in the man page shows the interface statement with and

Re: ripd.conf: allow interface without { }

On Sun, Nov 11, 2018 at 09:48:38AM +0100, Claudio Jeker wrote: > On Sat, Nov 10, 2018 at 09:17:57PM +0100, Remi Locherer wrote: > > Hi, > > > > ripd wants curly braces for interface blocks even if no parameters are > > specified. This is inconsistent with other

Re: prevent bgpd from starting when control socket already used

On Mon, Nov 12, 2018 at 08:12:37AM +0100, Claudio Jeker wrote: > On Sun, Nov 11, 2018 at 04:40:54PM -0700, Theo de Raadt wrote: > > Makes sense to me, I suppose. > > > > Isn't another approach to swap the opening of the sockets? > > > > Or why does failure to control :179 sockets not stop

prevent bgpd from starting when control socket already used

Hi, I heard from two devs that started a 2nd bgpd by accident (forgot -n for a config check) which then caused downtime. Below diff adds a check to bgpd similar to the one we have now in ospfd and ospf6d: if another process is listening on the control socket bgpd exits. The situation is a bit

Re: OpenBGPd Feature Request / Question if the Feature Request

On Sat, Sep 22, 2018 at 08:22:52AM +0100, Tom Smyth wrote: > OpenBGPd Feature Request / Question if the Feature Request > is something the community would use ? > > Background, > Ideally we would run full tables so that we have visibility > on reachibility of a prefix via a transit provider, >

Re: ospf6d: fib-priority

On Sat, Dec 29, 2018 at 02:06:32PM +0100, Denis Fondras wrote: > On Fri, Dec 28, 2018 at 09:50:50PM +0100, Remi Locherer wrote: > > Hi tech, > > > > this allows to adjust the priority of the routes that ospf6d inserts > > into the kernel routing table. > > &

Re: ripd: fib-priority

On Mon, Dec 31, 2018 at 01:33:39PM +0100, Jeremie Courreges-Anglas wrote: > On Sun, Dec 30 2018, Remi Locherer wrote: > > Hi tech, > > > > after adding the config option "fib-priority" to ospfd/ospf6d I figured out > > that it is almost the same change to a

ospfd: send router lsa when removing an interface

Hi tech, when removing an interface from ospdf.conf and doing a reload other OSPF routers should get a router LSA update. Then they can remove the affected route. But currently this does not happen. The affected route might be used by other routers a long time after removing it from the config

  1   2   3   >