Re: ssl(8), fix text about web browsers and SAN

I was just stumbling over this as well when I did the relayd: SNI diff. OK reyk On Fri, May 10, 2019 at 1:50 PM Stuart Henderson wrote: > it's standard behaviour for web browsers to not use hostnames in > Subject at all but require SAN. current ssl(8) text suggests "some new" > and "deprecated"

Re: relayd: SNI

On Thu, May 09, 2019 at 02:51:23PM +0200, Reyk Floeter wrote: > Hi, > > this diff adds SNI support to relayd. > Below is the same diff again -current minus one debug line. jsing@ has noted that calling tls_config_set_keypair_ocsp_mem() with NULL ocsp options could be r

Re: usbhidaction(1) with a foot pedal/control

Hi, On Tue, Dec 17, 2019 at 06:57:54PM +, Raf Czlonka wrote: > I use a Philips USB foot pedal[0] as an additional input device. > With usbhidaction(1), I can "program" its four "buttons". > > After recent changes to uhid(4) device nodes' permissions, my USB > foot pedal "stopped working". >

Re: snmpd(8) remove OID CONFIGURATION

> Am 27.02.2020 um 08:56 schrieb Martijn van Duren > : > > On 2/12/20 7:48 AM, Martijn van Duren wrote: >> Hello tech@, >> >> Working on something else, this bit of code is somewhat in my way and it >> feels like an early testing feature instead of actually being useful. >> It wasn’t an ear

Re: [patch] Make tcpbench server non-forking and non-blocking.

hi, the idea sounds ok, but why just 128? tcpbench is for benchmarking and testing and it should be possible to run more concurrent connections. it could call getrlimit() to get the actual RLIMIT_NOFILE value which is 128 by default but can be much higher. another variant is the way spamd/spamd

Call for testing: IPsec diff

Hi! I need people to test the following IPsec diff on existing setups running -current. This diff will add some cool features for the next release but I first need regression testing with plain old setups (ipsec.conf with static keying or isakmpd); preferrably on IPsecs that are running closely t

Re: Call for testing: IPsec diff

Hi, updating one side should be enough. reyk On Sat, Jul 03, 2010 at 01:15:50AM +0400, Vadim Zhukov wrote: > 2010/7/3 Reyk Floeter : > > Hi! > > > > I need people to test the following IPsec diff on existing setups > > running -current. ??This diff will add some

Re: Call for testing: IPsec diff (update)

On Fri, Jul 02, 2010 at 10:49:52PM +0200, Reyk Floeter wrote: > I need people to test the following IPsec diff on existing setups > running -current. This diff will add some cool features for the next > release but I first need regression testing with plain old setups > (ipsec.conf

Re: Call for testing: IPsec diff (update)

On Wed, Jul 07, 2010 at 05:26:22PM +, Christian Weisgerber wrote: > Reyk Floeter wrote: > > > --- net/if_bridge.c 2 Jul 2010 02:40:16 - 1.181 > > +++ net/if_bridge.c 3 Jul 2010 17:22:52 - > > @@ -152,7 +152,8 @@ u_int8_t bridge_filterrule(struct

Re: Call for testing: IPsec diff (2nd update)

On Wed, Jul 07, 2010 at 05:26:22PM +, Christian Weisgerber wrote: > (1) I think a number of unrelated changes in if_bridge.c, like the > one above, snuck in. > > (2) Works for me. > this is an updated diff; no functional changes just without the unrelated bridge stuff and adjust to curre

Re: fix iwn firmware error during init

On Tue, Jan 12, 2016 at 11:59:08AM +0100, Stefan Sperling wrote: > On Sat, Jan 09, 2016 at 10:25:45PM +0100, Stefan Sperling wrote: > > I've run into an issue where iwn(4) fails to init the hardware. > > > > Running 'ifconfig iwn0 scan' resulted in: > > > > setting configuration > > iwn0: fatal f

Re: vmx: vmxnet3_load_mbuf will still do the wrong thing

Hi, On Tue, Jan 19, 2016 at 04:31:56PM +0100, Mike Belopuhov wrote: > Hi, > > We've just run into a vmx panic and code inspection revealed > that my previous diff contained a mistake, the pullup operation > is called on a wrong mbuf chain. > > I apologize for overlooking this issue. > > We're n

Re: Xen virtual network (Netfront) driver

> On 23.01.2016, at 12:12, Anders Berggren wrote: > >> On 06 Jan 2016, at 18:49, Reyk Floeter wrote: >> - I didn't work on m4.10xlarge (see cvs:~reyk/dmesg.m4.10xlarge). > > I didn’t see any mentions of it in the dmesg > https://gist.github.com/reyk/b372af303

Re: ntpd: really enable debug messages

On Sat, Jan 23, 2016 at 12:39:19PM -0600, Brent Cook wrote: > I'm going with this instead. That way it works like the manual > specifies already (-v enables logging debug messages) > Yes, the -v flag is better, but see below. > cvs server: Diffing . > Index: ntpd.c >

Re: Xen virtual network (Netfront) driver

> On 23.01.2016, at 22:27, Jonathon Sisson wrote: > > On Sat, Jan 23, 2016 at 12:19:29PM +0100, Reyk Floeter wrote: >> No, you have to *enable* SR-IOV in the image. >> >> Machines with the Intel NIC will not show any netfront in the device list >> via XenSto

Re: httpd: patch for portability asprintf use

> On 06.05.2016, at 17:56, Hiltjo Posthuma wrote: > > On Wed, Apr 27, 2016 at 2:41 PM, Hiltjo Posthuma > wrote: >> Hi, >> >> The following patch for httpd makes sure the value of the asprintf buffer is >> zeroed on error and not relied upon, so at the 'done' labe

Re: httpd: patch for portability asprintf use

> On 06.05.2016, at 18:36, Theo de Raadt wrote: > >> If OpenBSD's behavior of asprintf is non-standard and everyone else is >> doing it differently, we would probably have to apply the patch. But this >> would also affect many other places in the tree were we rely on our >> asprintf semantics. >

Re: shorten ifconfig output for vnetids and parent interfaces

> Am 29.05.2017 um 07:34 schrieb David Gwynne : > > this rolls vnetid and parent into a single encap line in ifconfig. > > eg: > > - vnetid: 7 > - parent: ix1 > + encap: vnetid: 7 parent: ix1 > The repeated colons for keys after encap: are unusual for ifconfig output, could

Re: remove vlan specific ifconfig settings

Well, not just muscle memory but the fact that some people including me had hostname.vlanX files without an explicit "vlan X" in it. And I did like the implicit tags, despite your vlan6000 problem that nobody ever had ;-) But it is time to move on, we have to cope with it. So no objections any

Re: remove vlan specific ifconfig settings

> Am 05.06.2017 um 09:26 schrieb David Gwynne : > > >> On 5 Jun 2017, at 17:05, Reyk Floeter wrote: >> >> Well, not just muscle memory but the fact that some people including me had >> hostname.vlanX files without an explicit "vlan X" in it. >

Re: remove vlan specific ifconfig settings

> Am 05.06.2017 um 09:35 schrieb Reyk Floeter : > > >> Am 05.06.2017 um 09:26 schrieb David Gwynne : >> >> >>> On 5 Jun 2017, at 17:05, Reyk Floeter wrote: >>> >>> Well, not just muscle memory but the fact that some people including me h

dhcpd: don't reject DHCPINFORM from behind relay

Hi, landry@ sees many log messages 'DHCPINFORM from xx but ciaddr yy is not consistent with actual address' in a setup where dhcpd runs behind dhcrelay. The code in dhcpd's dhcpinform() seems wrong - it assumes that ciaddr (the client IP) is identical to the packet source address and it doesn't c

Re: relayd - multiple instances

Yes On Wed, Jul 05, 2017 at 06:17:21PM +0200, Maxim Bourmistrov wrote: > > Hello, > Are there plans for relayd to run multiple instances? > Eg. dropping socket to a configurable location. > > Regards >

Re: Remove accents from fortunes

I so much hate it when people drop the umlaut in my name and write "Floter" - this usually happens while being in America because people don't know better. My name is Flöter or Floeter ("ae", "oe", or "ue" are the correct substitutions). They are different letters with different pronunciations th

Re: TCP support for snmpd(8)

> On 19.07.2017, at 10:16, Marco Pfatschbacher wrote: > > This adds TCP support to snmpd. > I've added a tcp option to the "listen on" statement. > The trap receiver will continue to bind to UDP addresses only. > > Tested against net-snmp, which has TCP support. > Nice! Are you also planning

Re: which programming language to use?

http://www.emojicode.org Unfortunately, I don't think that it has been ported to OpenBSD yet (and you'll need a terminal with an emoji font) Reyk > On 19.07.2017, at 12:13, Peer Dong wrote: > > Hi Tech, > > > which programming language should i dig on to understan

Re: don't error when switch ioctls return EEXIST

On Fri, Jul 28, 2017 at 06:13:50PM +1000, Jonathan Gray wrote: > The handling of 'add' used by bridge and switch in ifconfig does not > error out if the ioctl returns EEXIST. Do the same for the switch > specific 'addlocal' and 'portno' ioctls so netstart won't error out > when rerun with the same

Re: vmd(8): Improve RFC 2132 compliance (DHCP)

Hi, thank you for the patch and the detailed explanation. I knew that Android is having similar problems under vmd, maybe that's also because of busybox' udhcpc. I have to clarify that vmd does not implement "DHCP" but "BOOTP". I picked BOOTP because it was simpler to implement and totally suffi

Re: MBIM Patch (Round 2)

>> As I said, we could still change the name of the interface to 'ubm' >> while keeping 'umbim' as the name of the driver. > > No, I don't understand the proposal. I think it should be ubm > throughout, or I am threatening to rename ix(4) to a 8 character > name. > Fun fact, ix(4) was called i

Re: IP_SENDSRCADDR [2/2] : add cmsg support

> Am 12.06.2016 um 16:36 schrieb Vincent Gross : > > On Sun, 12 Jun 2016 15:29:32 +0200 (CEST) > Mark Kettenis wrote: > >>> Date: Sun, 12 Jun 2016 14:59:55 +0200 >>> From: Vincent Gross >>> >>> This diff adds support for IP_SENDSRCADDR cmsg on UDP sockets. As >>> for udp6_output(), we check t

Re: 64bit DMA on amd64

Hi, The intentional 4GB limit is for forwarding: what if you forward mbufs from a 64bit-capable interface to another one that doesn't support 64bit DMA? And even if you would only enable it if all interfaces are 64bit-capable, what if you plug in a 32bit USB/hotplug interface? We did not want t

Re: ecdsa support in iked

Hi, On Sun, Jul 03, 2016 at 11:07:27AM +0200, Ren?? Ammerlaan wrote: > I???ve created a patch for ecdsa support in iked. Also found a bug > in handling auth_eap, because that value is never initialised to 0. I > also updated the dsa sign functions with the newer EVP_Digest so > it???s aligned with

Re: ecdsa support in iked

> On Sun, Jul 03, 2016 at 11:07:27AM +0200, Ren?? Ammerlaan wrote: > > I???ve created a patch for ecdsa support in iked. Also found a bug > > in handling auth_eap, because that value is never initialised to 0. I > > also updated the dsa sign functions with the newer EVP_Digest so > > it???s aligned

vxlan 1/2: multicast fix

Hi, VXLAN has to clear all multicast flags from the outer packet after decapsulating the mbuf. This fixes things like ARP in VXLAN multicast tunnels. It used to work ... but simply clearing M_MCAST and M_BCAST is a practical approach that is also found in other L2 tunnel drivers. OK? Reyk Ind

vxlan 2/2: ipv6 tunnel support

Hi, this diff adds support for tunneling VXLAN over IPv6, roughly based on an older diff from yasuoka@ and/or goda@. It currently only supports unicast and not IPv6 multicast mode. ifconfig vxlan6 tunnel fd00::1 fd00::2 10.1.6.1/24 vnetid 6 up This diff also includes the previous multicast fla

Re: httpd: Add SNI support

On Sun, Aug 14, 2016 at 04:06:26AM +1000, Joel Sing wrote: > The following enables SNI support within httpd. > > It requires libtls to have server side support for SNI (diff previously > posted). > The code is amazingly simple but it works fine and the diff is good: OK reyk@ Two small notes:

Re: libtls: Add server side support for SNI

On Sun, Aug 14, 2016 at 04:04:34AM +1000, Joel Sing wrote: > For those who are interested, the following diff adds server side support > for SNI to libtls. There are three additional functions: > > tls_config_add_keypair_file() > tls_config_add_keypair_mem() > tls_conninfo_servername() > > The fi

Re: httpd: be stricter with TLS configuration

On Sat, Aug 13, 2016 at 02:57:14AM +1000, Joel Sing wrote: > The following diff makes httpd stricter with respect to TLS configuration: > > - Do not allow TLS and non-TLS to be configured on the same port. > - Do not allow TLS options to be specified without a TLS listener. > - Ensure that TLS opt

Re: httpd: be stricter with TLS configuration

On Mon, Aug 15, 2016 at 11:33:18PM +1000, Joel Sing wrote: > On Monday 15 August 2016 13:04:43 Reyk Floeter wrote: > > On Sat, Aug 13, 2016 at 02:57:14AM +1000, Joel Sing wrote: > > > The following diff makes httpd stricter with respect to TLS configuration: > > > >

httpd "Persistent connection issue in FastCGI", anyone?

Hi, has somebody else seen something like "Persistent connection issue in FastCGI" as described in https://github.com/reyk/httpd/issues/49 ? Reyk

Re: nitems not from param.h

Heh, you bet me to it - at least in my daemons. vmd and a few others might need it as well (relayd already defines it locally). ok reyk@ > Am 16.08.2016 um 19:53 schrieb Ted Unangst : > > should not be using secret kernel interfaces in userland. > > > Index: httpd/httpd.c > ==

Re: small patch for relayd.conf.5

On Thu, Aug 18, 2016 at 12:49:42PM +0100, Jason McIntyre wrote: > On Wed, Aug 17, 2016 at 11:47:40PM +0200, Remi Locherer wrote: > > Hi > > > > I think there is a small mistake in relayd.conf.5. > > > > Remi > > > > > > Index: relayd.conf.5 > > ==

Re: relayd TLS ticket and session support accross processes

On Tue, Aug 30, 2016 at 01:22:49PM +0200, Claudio Jeker wrote: > Here is the latest version of the ticket and tls session cache support. > Tickets can be disabled and also the session timeout is configurable. > Same code as before with man page diff > Nice work! I'm curious how this impact produc

Re: relayd TLS ticket and session support accross processes

On Tue, Aug 30, 2016 at 03:51:04PM +0200, Claudio Jeker wrote: > On Tue, Aug 30, 2016 at 02:44:17PM +0200, Reyk Floeter wrote: > > On Tue, Aug 30, 2016 at 01:22:49PM +0200, Claudio Jeker wrote: > > > Here is the latest version of the ticket and tls session cache support. &g

Re: Let iked specify its source address when sending

On Wed, Aug 31, 2016 at 03:26:53PM +0200, Vincent Gross wrote: > On Thu, 11 Aug 2016 16:57:27 +0100 > Stuart Henderson wrote: > > > On 2016/06/27 13:00, J?r?mie Courr?ges-Anglas wrote: > [...] > > > > > > I also gave my ok to vgross by IM. > > > > > > I know that some concerns have been expos

Re: Let iked specify its source address when sending

On Wed, Aug 31, 2016 at 04:09:30PM +0200, Reyk Floeter wrote: > On Wed, Aug 31, 2016 at 03:26:53PM +0200, Vincent Gross wrote: > > On Thu, 11 Aug 2016 16:57:27 +0100 > > Stuart Henderson wrote: > > > > > On 2016/06/27 13:00, J?r?mie Courr?ges-Anglas wrote: >

Re: ifconfig baudrate

On Wed, Aug 31, 2016 at 05:04:38PM +0200, Stefan Sperling wrote: > This makes ifconfig display baudrates defined in ifmedia.h tables. > > Before (prints media subtype): > > $ ifconfig iwn0 | grep media: > media: IEEE802.11 autoselect (OFDM6 mode 11a) > $ ifconfig em0 | grep media: >

Re: ifconfig baudrate

On Wed, Aug 31, 2016 at 09:12:30AM -0600, Theo de Raadt wrote: > > This makes ifconfig display baudrates defined in ifmedia.h tables. > > > > Before (prints media subtype): > > > > $ ifconfig iwn0 | grep media: > > media: IEEE802.11 autoselect (OFDM6 mode 11a) > > $ ifconfig em0 | grep me

Re: ifconfig baudrate

> Am 31.08.2016 um 21:29 schrieb Chris Cappuccio : > > Reyk Floeter [r...@openbsd.org] wrote: >> >> Ok, it makes some sense to have this information for Ethernet. > > I am strongly opposed to this change on wired or wireless. Why the > push for having less info

Re: relayd TLS ticket and session support accross processes

On Thu, Sep 01, 2016 at 11:27:55AM +0200, Claudio Jeker wrote: > On Tue, Aug 30, 2016 at 03:51:04PM +0200, Claudio Jeker wrote: > > On Tue, Aug 30, 2016 at 02:44:17PM +0200, Reyk Floeter wrote: > > > On Tue, Aug 30, 2016 at 01:22:49PM +0200, Claudio Jeker wrote: > > > &

Re: Let iked specify its source address when sending

On Wed, Aug 31, 2016 at 03:57:45PM +0200, Vincent Gross wrote: > On Wed, 31 Aug 2016 15:26:53 +0200 > Vincent Gross wrote: > > > On Thu, 11 Aug 2016 16:57:27 +0100 > > Stuart Henderson wrote: > > > > > On 2016/06/27 13:00, J?r?mie Courr?ges-Anglas wrote: > > [...] > > > > > > > > I also ga

relayd fork+exec

RCS file: /cvs/src/usr.sbin/relayd/proc.c,v retrieving revision 1.30 diff -u -p -u -p -r1.30 proc.c --- usr.sbin/relayd/proc.c 2 Sep 2016 12:14:08 -0000 1.30 +++ usr.sbin/relayd/proc.c 2 Sep 2016 16:49:54 - @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.30 2016/09/02

Re: relayd fork+exec

TF is needed. Reyk > Reyk Floeter(r...@openbsd.org) on 2016.09.02 19:03:47 +0200: > > Hi, > > > > after all the preparation, the following diff adds support for > > fork+exec in relayd; based on rzalamena@'s work for httpd. > > > > Notes: > > - p

Re: switchd(8): more debug messages

On Thu, Sep 22, 2016 at 09:45:05PM +0200, Rafael Zalamena wrote: > Enable more debug messages to help developing the flow modification messages. > > ok? > OK, sure. Reyk > Index: ofp13.c > === > RCS file: /home/obsdcvs/src/usr.sbi

Re: switchd(8): fix memory leak and loop

On Thu, Sep 22, 2016 at 09:46:50PM +0200, Rafael Zalamena wrote: > This diff fixes a memory leak in ofp_read() that happens in every message > and a infinite loop that happens when the remote switch closes the > connection. > > ok? > I'm planning to replace this part of the code (network I/O).

Re: switchd(8): set the pktbuf for packet_in messages

On Thu, Sep 22, 2016 at 09:48:48PM +0200, Rafael Zalamena wrote: > The pkt_buf variable is never set in incoming packet_in messages and this > diff fixes it. > > ok? > I wonder how this happened, thanks. Skip the space before the cast, > + pkt->pkt_buf = (uint8_t *) eh; pkt->pkt_b

Re: snmpd(8): fix compilation warnings with DEBUG

> On 26.09.2016, at 15:37, Stuart Henderson wrote: > > On 2016/09/26 15:20, Rafael Zalamena wrote: >> This diff fixes two compiler warnings when compiling with DEBUG define. >> >> ok? > > I think this would be preferred: > I agree, this is the correct fix. OK reyk@ > Index: timer.c > ==

Re: iwm: add mac context later

On Tue, Sep 27, 2016 at 05:36:26PM +0200, Stefan Sperling wrote: > It looks like iwm firmware does not like a MAC context which does not > specify the AP's BSSID. > > The driver currently adds such a context when initializing the hardware > for the first time after boot (with the BSSID set to all

vmd: virtual switches and enhanced interface configuration

= imsg->fd; + vm->vm_ifs[n].vif_fd = imsg->fd; return (0); fail: @@ -329,5 +387,4 @@ config_getif(struct privsep *ps, struct close(imsg->fd); errno = EINVAL; return (-1); - } Index: usr.sbin/vmd/parse.y

Re: httpd(8): dup2() fix for proc.c

rgv); > fatal("%s: execvp", __func__); > -- Esdenera Networks GmbH Konkordiastr. 14b, 30449 Hannover, Germany mobile: +49-151-24018199, reyk.floe...@esdenera.com http://www.esdenera.com/, twitter: @esdenera Managing Director: Reyk Floeter Jurisdiction: HRB 209963, Hannover USt-IdNr. (VAT-ID): DE289693407

Re: httpd(8)/proc.c: use less fds on startup

On Tue, Oct 04, 2016 at 11:54:37PM +0200, Rafael Zalamena wrote: > On Tue, Oct 04, 2016 at 07:46:52PM +0200, Rafael Zalamena wrote: > > This diff makes proc.c daemons to use less file descriptors on startup, > > this way we increase the number of child we can have considerably. This > > also improv

Re: httpd(8)/proc.c: use less fds on startup

> Am 10.10.2016 um 18:47 schrieb Rafael Zalamena : > >> On Mon, Oct 10, 2016 at 12:32:49PM +0200, Reyk Floeter wrote: >>> On Tue, Oct 04, 2016 at 11:54:37PM +0200, Rafael Zalamena wrote: >>>> On Tue, Oct 04, 2016 at 07:46:52PM +0200, Rafael Zalamena wrote: >&

vmd/vmctl load/reload/reset

Hi, vmctl reload is currently broken, the attached diff fixes it and re-introduces the semantics that originally came from iked: - load/reload just reloads the configuration without clearing any running configuration. This way you can start vmd with a few configured vms, terminate one vm, and re

Re: vmd/vmctl load/reload/reset

On Wed, Oct 12, 2016 at 01:44:25PM +0200, Reyk Floeter wrote: > Hi, > > vmctl reload is currently broken, the attached diff fixes it and > re-introduces the semantics that originally came from iked: > > - load/reload just reloads the configuration without clearing any >

Re: vmm: experimentation with networking on wifi interfaces

> Am 14.10.2016 um 00:38 schrieb Edd Barrett : > > Hey, > > As we saw earlier on misc@, getting a vmm host on the internet when the > host is using a wireless interface is not as straightforward as with > wired interfaces. > > Specifically, a bridge won't work on a wireless interface, which in

Re: ifconfig(8): fix set switch(4) datapath id

> Am 17.10.2016 um 14:16 schrieb Rafael Zalamena : > > There are two inconsistencies with the ifconfig(8) switch(4) configuring: > 1) Datapath ID is an unsigned 64 bit integer, not a signed one; I think we should use strtonum instead of strtoull here. > 2) ifconfig(8) man pages says that the pa

Re: ifconfig(8): fix set switch(4) datapath id

> Am 17.10.2016 um 14:33 schrieb Rafael Zalamena : > >> On Mon, Oct 17, 2016 at 02:30:41PM +0400, Reyk Floeter wrote: >> >>> Am 17.10.2016 um 14:16 schrieb Rafael Zalamena : >>> >>> There are two inconsistencies with the ifconfig(8) switch(4) conf

Re: vmd: simplify fatal/fatalx errno handling

On Sun, Oct 16, 2016 at 08:03:05PM -0600, Theo de Raadt wrote: > > On Sun, Oct 16, 2016 at 02:55:39PM -0700, Philip Guenther wrote: > > > > > > Instead of using errno as a hidden argument to vfatal(), make it an > > > _actual_ argument named 'code', ala the errc/warnc family, and rename it > >

Re: vmd: simplify fatal/fatalx errno handling

On Sun, Oct 16, 2016 at 02:55:39PM -0700, Philip Guenther wrote: > > Instead of using errno as a hidden argument to vfatal(), make it an > _actual_ argument named 'code', ala the errc/warnc family, and rename it > to vfatalc() to match the pattern set. > > ok? > OK, makes sense please sync a

Re: FAQ entry for vmm

On Sat, Oct 15, 2016 at 05:11:49PM +0100, Edd Barrett wrote: > Hi, > > Here's an intial stab at a FAQ entry for vmm. > > It covers two common setups: > * a vmm guest with network access via the host's wired network > * a vmm guest with network access via the host's wireless network > > Pleas

Re: switch(4): kill unused function

OK, no need to keep unused functions. > On 14.10.2016, at 18:47, Rafael Zalamena wrote: > > The switch(4) device has a function called switch_forward_flooder() > which doesn't seem to be used anywhere. > > In switchofp.c we have the swofp_action_output() which would be the place > where it woul

Re: switch(4): fix packet_out message handling

OK, sure > On 14.10.2016, at 14:26, Rafael Zalamena wrote: > > The switch(4) packet_out handler wasn't handling some cases, so here is > the missing code. > > 1) pout_buffer_id is a 4 bytes field and it was using the wrong define > to check for absence of buffers; > 2) When a buffer_id was se

Re: switch(4): add more input validations

> On 28.10.2016, at 19:20, Rafael Zalamena wrote: > > This diff teaches switch(4) how to do more validations on dynamic input > field types, like: ofp_match (has N oxms), ofp_action_header (might be > followed by N actions) and ofp_instruction (might have N actions inside). > > This is importan

Re: snmpd: listen on multiple addresses

On Thu, Nov 10, 2016 at 12:57:13AM +0100, Jeremie Courreges-Anglas wrote: > > The following diff adds support for listening multiple addresses (thus > for dual-stack setups). Multiple "listen on" settings are allowed, the > default is to listen on 0.0.0.0 and :: (currently, only 0.0.0.0). > A sin

Re: snmpd: listen on multiple addresses

On Thu, Nov 17, 2016 at 11:42:38AM +, Stuart Henderson wrote: > On 2016/11/10 00:57, Jeremie Courreges-Anglas wrote: > > > > The following diff adds support for listening multiple addresses (thus > > for dual-stack setups). Multiple "listen on" settings are allowed, the > > default is to list

Re: snmpd: listen on multiple addresses

> Am 17.11.2016 um 14:28 schrieb Jeremie Courreges-Anglas : > > Reyk Floeter writes: > >>> On Thu, Nov 10, 2016 at 12:57:13AM +0100, Jeremie Courreges-Anglas wrote: >>> >>> The following diff adds support for listening multiple addresses (thus >>&

relayd: sync proc.c and fix startup fd exhaustion

sion 1.36 diff -u -p -u -p -r1.36 proc.c --- usr.sbin/relayd/proc.c 5 Oct 2016 17:31:28 - 1.36 +++ usr.sbin/relayd/proc.c 20 Nov 2016 11:45:18 - @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.36 2016/10/05 17:31:28 rzalamena Exp $ */ +/* $OpenBSD: proc.c,v 1.34 2

Re: switchd(8): negotiate versions with hello

> On 22.11.2016, at 16:12, Rafael Zalamena wrote: > > Teach switchd(8) how to negotiate protocol version using the hello bitmap > header. This way switchd(8) is able to fallback or use higher version using > the bitmap. > > This diff also prevents connections from switching version in the middl

Re: vio(4): fixup crash on up/down

On Wed, Nov 23, 2016 at 09:10:44PM +0100, Stefan Fritsch wrote: > On Wed, 23 Nov 2016, Rafael Zalamena wrote: > > > > Maybe something like this is enough already (untested): > > > > I tried your diff without Mike's if_vio diff and it doesn't panic anymore, > > however it doesn't work. > > > > vi

test TSC timecounter

Hi, we have figured out that the acpihpet(4) timecounter is extremely slow on recent Intel platforms, especially on Skylake. This diff adds the TSC timecounter if it is an invariant TSC and the diff enables it by default on Skylake or newer. Non-invariant TSCs are not intended to be supported as

Re: NULL check before m_freem(9)

> > Our m_freem(9) and m_free(9) deal with NULL like free(3), so there's no need > for such checks. > > ok? > OK reyk > Index: kern/uipc_syscalls.c > === > RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v > retrieving revision 1.140

Re: vxlan bug wrt IN6_ANY as source Was: Re: tweak in6_selectsrc()

> On 01.12.2016, at 08:35, Vincent Gross wrote: > > On Tue, 29 Nov 2016 17:03:44 +0100 > Martin Pieuchot wrote: > >> Diff below removes the 'struct route_in6' argument from >> in6_selectsrc(). >> >> It is only used by in6_pcbselsrc() so move the code there. This >> reduces differences with I

Re: vxlan bug wrt IN6_ANY as source Was: Re: tweak in6_selectsrc()

> On 02.12.2016, at 11:31, Reyk Floeter wrote: > >> >> On 01.12.2016, at 08:35, Vincent Gross wrote: >> >> On Tue, 29 Nov 2016 17:03:44 +0100 >> Martin Pieuchot wrote: >> >>> Diff below removes the 'struct route_in6' a

Re: [PATCH] softraid.4 move wd(4) examples to sd(4)

> Am 05.12.2016 um 23:05 schrieb Bryan Vyhmeister : > > In responding to a post on misc@, I noticed that bioctl(8) uses all sd(4) > devices in the examples sections while softraid(4) uses wd(4) devices > for the chunks. This patch updates softraid.4 to use sd(4) devices as > well. I have not used

dhcrelay: pledge(2)

Hi, dhcrelay drops privs but isn't pledged yet - here it is. It is simpler than dhclient: it only needs stdio and route because it pre-opens all file descriptors (UDP, bpf), does the bpf ioctls before, and only needs "route" for interface status ioctls on runtime. OK? Reyk Index: usr.sbin/dhcr

Re: [PATCH] softraid.4 move wd(4) examples to sd(4)

On Wed, Dec 07, 2016 at 06:42:51AM -0800, Bryan Vyhmeister wrote: > On Wed, Dec 07, 2016 at 10:46:44AM +0100, Reyk Floeter wrote: > > > > > Am 05.12.2016 um 23:05 schrieb Bryan Vyhmeister : > > > > > > In responding to a post on misc@, I noticed that bioctl(8)

Re: dhcrelay(8): add support for layer 2 relaying

On Fri, Dec 09, 2016 at 10:08:09AM +0100, Rafael Zalamena wrote: > On Thu, Dec 08, 2016 at 08:43:20PM +0100, Rafael Zalamena wrote: > > This diff implements layer 2 relaying support for dhcrelay with further > > support for Relay Agent Info (RFC 3046). This feature is mostly used by > > switched ne

Re: King Jim Portabook

>> On Sat, Dec 10, 2016 at 08:17:10PM +0900, Ryan McBride wrote: >> So I've been eying this machine for a while: >> http://www.kingjim.co.jp/sp/portabook/xmc10/ > > Included below is the dmesg with the previous diff applied. > > Besides all the devices that show "not configured", there are a bun

Re: King Jim Portabook

> On 10.12.2016, at 13:37, Mark Kettenis wrote: > >> From: Reyk Floeter >> Date: Sat, 10 Dec 2016 12:50:56 +0100 >> >>>> On Sat, Dec 10, 2016 at 08:17:10PM +0900, Ryan McBride wrote: >>>> So I've been eying this machine for a wh

ifconfig: print netmask in CIDR notation

Hi, printing the netmask in hex seems to be a historical artifact in ifconfig; I always wondered about it and I never got used to it. The following diff changes ifconfig output to print contiguous netmasks in CIDR notation. Non-contiguous netmasks will still be printed in full, tunnels will prin

Re: ifconfig: print netmask in CIDR notation

On Tue, Dec 13, 2016 at 10:58:28AM +0100, Mark Kettenis wrote: > > Date: Tue, 13 Dec 2016 10:51:40 +0100 > > From: Reyk Floeter > > > > Hi, > > > > printing the netmask in hex seems to be a historical artifact in ifconfig; > > I always wondered about i

Re: ifconfig: print netmask in CIDR notation

On Tue, Dec 13, 2016 at 10:13:32AM +, Stuart Henderson wrote: > On 2016/12/13 10:51, Reyk Floeter wrote: > > printing the netmask in hex seems to be a historical artifact in ifconfig; > > I always wondered about it and I never got used to it. > > > > The following d

Re: ifconfig: print netmask in CIDR notation

On Tue, Dec 13, 2016 at 11:29:12AM +0100, Peter Hessler wrote: > On 2016 Dec 13 (Tue) at 10:51:40 +0100 (+0100), Reyk Floeter wrote: > :Non-contiguous netmasks will still be printed in full > > Why do we want to still support this? Can that be removed now? > > After a b

Re: ifconfig: print netmask in CIDR notation

On Tue, Dec 13, 2016 at 12:14:10PM +0100, Martin Pieuchot wrote: > On 13/12/16(Tue) 11:32, Reyk Floeter wrote: > > [...] > > Simple reasons: this is a different discussion or diff. If we would > > want to remove non-contiguous netmasks completely, it should be done > >

Re: dhcrelay(8): fix default layer 3 remote-id

I think that matches the previous behaviour, OK reyk > On 13.12.2016, at 15:10, Rafael Zalamena wrote: > > After the many iterations of the layer 2 diff, I noticed I broke the > layer 3 default Relay Agent Information insertion: the relayed packet is > using the wrong address in the remote-id fi

Re: Build kernels with -ffreestanding?

>> Am 28.12.2016 um 08:29 schrieb Martin Pieuchot : >> >> On 28/12/16(Wed) 01:05, Jeremie Courreges-Anglas wrote: >> Mark Kettenis writes: >> Date: Sat, 24 Dec 2016 00:08:35 +0100 (CET) From: Mark Kettenis We already do this on some architectures, but not on amd64 for

Re: using httpd to distribute signify keys

On Thu, Jun 18, 2015 at 11:46:13PM +1000, David Gwynne wrote: > this adds the current signify pub key for base to the httpd Server > version header. > > as you say, the keys are small. this could help distribute it widely. > > here's an example of what it looks like: > > dlg@mild ~$ curl -I http

httpd rewrites with Lua's pattern matching

ct server *src, const char *name, fatal("out of memory"); memcpy(&dstl->srv_conf, &s->srv_conf, sizeof(dstl->srv_conf)); - strlcpy(dstl->srv_conf.name, name, sizeof(dstl->srv_conf.name)); + strlcpy(dstl->

Re: httpd rewrites with Lua's pattern matching

On Sat, Jun 20, 2015 at 03:01:18PM +0200, Reyk Floeter wrote: > Hi, > > there is some great interest in getting support for rewrites and > better matching in httpd. I refused to implement this using regex, as > regex is extremely complicated code, there have been lots of bugs, &

Re: interfaces and priorities for relayd routers

Hi, On Thu, May 14, 2015 at 09:44:22PM +1000, David Gwynne wrote: > i want relayd to check teh availability of some services and inject > routes when the service is available. if it is available, i want > to advertise the routes using ospfd, but i also want the local > machine to be able to contac

<    1   2   3   4   5   >