On Sat, Oct 28, 2023 at 09:59:25AM +0200, Martijn van Duren wrote:
> Right now when we register a region with below that an instance we
> can revert back in the tree. When we request below the instance we
> currently use appl_region_next() to find the next region and simply
> set the to be find
On Sat, Oct 28, 2023 at 09:41:55AM +0200, Martijn van Duren wrote:
> In most cases when a region is registered we have the full ownership.
> As soon as a region has been registered below prior mentioned region we
> could loose ownership halfway through. This case currently isn't fully
> tested and
On Sat, Oct 28, 2023 at 09:45:25AM +0200, Martijn van Duren wrote:
> RFC 2741 section 5.2 states that searchrange.end is non-inclusive.
> appl_varbind_valid() and appl_response() currently tests inclusive.
> The appl_varbind_valid() case is for backends that support
> searchrange.end (like agentx)
On Fri, Oct 27, 2023 at 01:06:31PM +0200, Claudio Jeker wrote:
> In the big ibuf API refactor I also broke the optparamlen handling
> by using one variable for two things.
>
> All the size handling in session_open() can be simplified since
> ibuf_size() is cheap to call.
>
> I think the result
On Fri, Oct 27, 2023 at 11:27:11AM +0200, Claudio Jeker wrote:
> While looking for something else I noticed this error.
>
> The holdtime is written into the buffer with ibuf_add_n16() so the htons()
> call is done in the ibuf add call. So there is no need for the htons()
> when assigning
On Thu, Oct 26, 2023 at 10:47:36AM +0200, Martijn van Duren wrote:
> So here's an elusive one that can be triggered every now and then by the
> new regression test. Once an AgentX session is opened and we send an
> invalid packet appl_agentx_recv() goes to appl_agentx_free(), since
> there's no
On Thu, Oct 26, 2023 at 11:51:00AM +0200, Martijn van Duren wrote:
> This case is covered by the new regress' backend_get_toofew and
> backend_get_toomany tests. However, even with MALLOC_OPTIONS cranked
> to the max it's really hard to trigger (I had to run
> backend_get_wrongorder,
On Tue, Oct 24, 2023 at 04:00:42PM +0200, Claudio Jeker wrote:
> On Tue, Oct 24, 2023 at 03:50:47PM +0200, Theo Buehler wrote:
> > On Tue, Oct 24, 2023 at 03:01:26PM +0200, Claudio Jeker wrote:
> > > When I added ibuf_get_fd() the idea was to make sure that ibuf_free() will
On Wed, Oct 18, 2023 at 01:49:00PM +0200, Martijn van Duren wrote:
> Right now we return the same value for both hrSWRunName and hrSWRunPath.
> hrSWRunPath should return the full path of the binary, and hrSWRunName
> a description of the running software.
>
> Afaik there's no proper way to
On Wed, Oct 18, 2023 at 11:54:06AM +0200, Martijn van Duren wrote:
> This diff adds the two entries from the hrSWRunPerfTable:
> hrSWRunPerfCPU, and hrSWRunPerfMem. This allows snmptop from the
> net-snmp package to work. Math stolen^Wcopied from top/machine.c.
>
> OK?
ok
>
> martijn@
>
>
> Thanks. Do we have a list of ports that use ibuf / imsg?
Here's a list obtained from the nm output of all ports by grepping for
'^ibuf_.* U' and '^imsg_.* U', respectively, then weeding out the
obvious false positives::
ibuf:
mail/opensmtpd-extras,-main
net/ladvd
imsg:
audio/amused
On Tue, Oct 24, 2023 at 04:00:42PM +0200, Claudio Jeker wrote:
> On Tue, Oct 24, 2023 at 03:50:47PM +0200, Theo Buehler wrote:
> > On Tue, Oct 24, 2023 at 03:01:26PM +0200, Claudio Jeker wrote:
> > > When I added ibuf_get_fd() the idea was to make sure that ibuf_free() will
On Tue, Oct 24, 2023 at 03:01:26PM +0200, Claudio Jeker wrote:
> When I added ibuf_get_fd() the idea was to make sure that ibuf_free() will
> close any fd still on the buffer. This way even if a fd is unexpectedly
> passed nothing will happen.
>
> That code was disabled at start because userland
On Tue, Oct 17, 2023 at 03:31:20PM +0200, Martijn van Duren wrote:
> RFC3416 section 4.2.1 (and others) tells us that if an error occurs the
> varbindlist in the response must be identical to the original request.
>
> There might be other edge-cases here, but let's at least make sure that
> the
On Tue, Oct 17, 2023 at 03:28:12PM +0200, Martijn van Duren wrote:
>
> Certain error codes are only intended for certain request-types. Add an
> appl_error_valid() function to test for this.
ok tb
On Tue, Oct 17, 2023 at 03:25:29PM +0200, Martijn van Duren wrote:
> If a backend registers as an instance it must never return OIDs below
> their registration. Add a test for this in appl_varbind_valid().
>
> OK?
ok with a tiny nit inline
>
> martijn@
>
> diff --git a/application.c
On Tue, Oct 17, 2023 at 03:21:45PM +0200, Martijn van Duren wrote:
> appl_agentx_session doesn't set ab_range explicitly to 1, and thus
> relies on malloc randomness to set it. Sit it explicitly.
ok, but I haven't verified that all the session's members are now
initialized.
>
> OK?
>
>
On Tue, Oct 17, 2023 at 03:17:19PM +0200, Martijn van Duren wrote:
> According to RFC3416 section 4.2.2 and 4.2.3 case "(2)" when an
> endOfMibView is returned the OID must be identical to originally
> requested OID. Currently this can fail when the original request
> is in a !last registered
On Tue, Oct 17, 2023 at 03:13:57PM +0200, Martijn van Duren wrote:
> Here's a special case unlikely to be found in the wild:
> When opening 2 sessions on an agentx connection (already unusual) and
> registering 2 overlapping regions on the different sessions, e.g. by
> differing in priority (even
On Tue, Oct 17, 2023 at 03:11:18PM +0200, Martijn van Duren wrote:
> Right now (un)registering a region with range_subid set to !0 will
> fail. Apparently nothing in the wild uses this, but let's fix it.
>
> This is the unregister part.
ok tb
On Tue, Oct 17, 2023 at 03:08:00PM +0200, Martijn van Duren wrote:
> Right now (un)registering a region with range_subid set to !0 will
> fail. Apparently nothing in the wild uses this, but let's fix it.
>
> This is the register part.
ok tb
On Tue, Oct 17, 2023 at 03:03:16PM +0200, Martijn van Duren wrote:
>
> RFC2741 section 6.2.2 says that reasonByManager can only be used by the
> agentx master. Treat this reason as a parseerror.
ok tb
On Tue, Oct 17, 2023 at 02:59:52PM +0200, Martijn van Duren wrote:
> appl_agentx_free() closes any potential open sessions before closing the
> connection and cleaning up. This function is called from multiple
> contexts and the current APPL_CLOSE_REASONSHUTDOWN is not always
> applicable. Add a
On Tue, Oct 17, 2023 at 02:56:59PM +0200, Martijn van Duren wrote:
> application.c checks the context where applicable, but not every
> agentx-pdu goes through there (e.g. agentx-ping-pdu). Make sure
> we always check the context in appl_agentx_recv()
ok tb
On Tue, Oct 17, 2023 at 02:54:07PM +0200, Martijn van Duren wrote:
> RFC2741 section 6.1 specifies which PDUs can contain which header flags.
> Check that that incoming agentx PDUs have valid flags in
> appl_agentx_recv(). While here I cleaned up a few log messages some
> minor restructuring to
On Mon, Oct 23, 2023 at 12:50:39PM +0200, Claudio Jeker wrote:
> So flowspec_get_addr() in the IPv6 case is utterly complicated.
Indeed. It would probably be worthwhile to add a bit of regress
exercising the branches of this function.
> Since matching can be done on some sub-part of the prefix.
On Thu, Oct 19, 2023 at 04:13:41PM +0200, Martijn van Duren wrote:
> OpenBSD 7.4 is here. upgrade72.html already mentions it's deprecation.
>
> OK?
ok
>
> martijn@
>
> Index: parse.y
> ===
> RCS file:
On Thu, Oct 19, 2023 at 01:26:49PM +0200, Claudio Jeker wrote:
> On Thu, Oct 19, 2023 at 12:59:17PM +0200, Theo Buehler wrote:
> > On Thu, Oct 19, 2023 at 10:41:07AM +0200, Claudio Jeker wrote:
> > > More ibuf cleanup. rtr_proto.c still uses ibuf_add() where it could use
>
On Thu, Oct 19, 2023 at 10:41:07AM +0200, Claudio Jeker wrote:
> More ibuf cleanup. rtr_proto.c still uses ibuf_add() where it could use
> the new functions.
>
> Two bits I'm unsure about:
> - I had to change some sizeof() to use native types (I especially dislike
> the sizeof(struct
On Wed, Oct 18, 2023 at 11:34:09AM +0200, Claudio Jeker wrote:
> On Tue, Oct 17, 2023 at 10:06:54AM +0200, Sebastian Benoit wrote:
> > Theo Buehler(t...@theobuehler.org) on 2023.10.17 09:13:15 +0200:
> > > On Mon, Oct 16, 2023 at 12:19:17PM +0200, Claudio Jeker wrote:
> >
On Wed, Oct 18, 2023 at 05:19:29PM +0200, Claudio Jeker wrote:
> This is a bit overdue. Convert session.c to also use the new ibuf API.
> This simplifies some code since there is no need for local variables.
> Also kill the struct msg_header and especially msg_open. The are of very
> little use.
>
On Tue, Oct 17, 2023 at 02:51:03PM +0200, Martijn van Duren wrote:
> RFC2741 section 7.1.1 tells us that if a pdu can't be parsed we must
> return a parseerror. Section 7.1 gives an example of "An unrecognized
> value is encountered". The spec is vague is a bit vague on what
> constitutes a
On Tue, Oct 17, 2023 at 02:49:05PM +0200, Martijn van Duren wrote:
> > Currently ax.c doesn't check the maximum length of an OID ax_pdutooid.
> > This can lead to a buffer overflow. Even though it must be fixed, I
> > don't think there's a big risk here, since an attacker would need to have
> >
On Tue, Oct 17, 2023 at 02:49:57PM +0200, Martijn van Duren wrote:
> > According to RFC2741 section 6.1.1 an agentx-response-pdu shouldn't have
> > the NON_DEFAULT_CONTEXT set. Remove the argument from ax_response().
>
> Here's the libagentx counterpart.
ok
On Tue, Oct 17, 2023 at 04:47:36PM +0200, Claudio Jeker wrote:
> Looking at fixing portable I realized that some bits around mask2prefixlen
> can be cleaned up.
>
> First in session.c the plen != 0xff check is not needed since it never can
> happen.
>
> 2nd the checks for sin_len and sin6_len ==
On Tue, Oct 17, 2023 at 12:41:57PM +0200, Martin Pieuchot wrote:
> Diff below merges two equivalent if blocks. No functional change, ok?
ok tb
>
>
> Index: uvm/uvm_pdaemon.c
> ===
> RCS file: /cvs/src/sys/uvm/uvm_pdaemon.c,v
>
On Mon, Oct 16, 2023 at 12:19:17PM +0200, Claudio Jeker wrote:
> I dislike how log.c does all these asprintf() calls with dubious
> workaround calls in case asprintf() fails.
You're not alone.
> IMO it is easier to use the stdio provided buffers and fflush() to get
> "atomic" writes on stderr.
On Mon, Oct 16, 2023 at 09:23:12AM +0200, Claudio Jeker wrote:
> This diff fixes a few more things when establishing connections with
> link-local IPv6 addresses. In get_alternate_addr() the interface scope
> of the connection is recovered and then passed to the RDE. The RDE can
> then use this
On Fri, Oct 13, 2023 at 07:01:06PM +0200, Claudio Jeker wrote:
> Extending the format string with the peer info is a bad idea.
> The reason is DNS^WIPv6 and scoped addresses which add a % to the
> string returned by log_fmt_peer.
>
> So instead vasprintf() the emsg and then just use logit().
On Thu, Oct 12, 2023 at 03:21:50PM +0200, Claudio Jeker wrote:
> I optimized "announce add-path send all" to not always re-evaluate all
> possible prefixes. While doing that I introduced a small bug. The problem
> is that the new prefix passed to up_generate_addpath_all() could be not
> eligible.
On Mon, Oct 09, 2023 at 11:50:14PM +0200, Tobias Heider wrote:
> On Mon, Oct 09, 2023 at 11:24:19PM +0200, Theo Buehler wrote:
> > On Mon, Oct 09, 2023 at 10:49:53PM +0200, Tobias Heider wrote:
> > > ipsecctl wrongly assumes that strings like the pf tag or
> > > the
On Mon, Oct 09, 2023 at 10:49:53PM +0200, Tobias Heider wrote:
> ipsecctl wrongly assumes that strings like the pf tag or
> the identities are always null terminated.
> The diff below fixes the cases that always kill my
> ipsecctl -m when running a fuzzer.
>
> ok?
>
> Index: pfkdump.c
>
This function is unused since the commit below.
commit f1cc710a366b47da6f96be2110292f8cd0933e7e
Author: djm
Date: Sun Apr 30 23:13:25 2017 +
remove compat20/compat13/compat15 variables
ok markus@
Index: cipher.c
===
On Mon, Sep 25, 2023 at 04:43:31PM +0200, Claudio Jeker wrote:
> On Mon, Sep 25, 2023 at 04:38:48PM +0200, Theo Buehler wrote:
> > On Mon, Sep 25, 2023 at 02:47:37PM +0200, Claudio Jeker wrote:
> > > On Sat, Sep 23, 2023 at 01:23:34PM +0200, Theo Buehler wrote:
> > > >
On Mon, Sep 25, 2023 at 02:47:37PM +0200, Claudio Jeker wrote:
> On Sat, Sep 23, 2023 at 01:23:34PM +0200, Theo Buehler wrote:
> > This is a second chunk split out of the diff mentioned in my previous
> > mail. It factors the parsing of ASIdentifiers and IPAddrBlocks out of
&g
On Sun, Sep 24, 2023 at 03:17:11PM +0200, Claudio Jeker wrote:
> Try to document how REGRESS_LOG and REGRESS_FAIL_EARLY interact.
We could make it fully precise with a few more words.
>
> --
> :wq Claudio
>
> Index: bsd.regress.mk.5
>
This is a second chunk split out of the diff mentioned in my previous
mail. It factors the parsing of ASIdentifiers and IPAddrBlocks out of
sbgp_assysnum() and sbgp_ipaddrblk() and makes the latter only extract
the info from the X509_EXTENSION. This should not change anything, but
the logic is a
This is a boring mechanical diff that splits some of the noise out of a
larger diff that Job will send out and explain in detail soon. In itself
it changes nothing. For a given product we will need to know the
originating TA for additional checks in cert_parse_ee_cert().
The callers of
On Mon, Sep 11, 2023 at 10:10:49PM -0500, Scott Cheloha wrote:
> p_tv() is identical to p_ts() in every way except for the subsecond
> conversion constants.
>
> Better to write p_ts() once: in p_tv(), convert from timeval to
> timespec and call p_ts().
While this looks like an improvement to me,
On Tue, Sep 12, 2023 at 12:03:01AM +, Job Snijders wrote:
> On Mon, Sep 11, 2023 at 09:31:03AM +0200, Theo Buehler wrote:
> > > - * This only parses the RFC 3779 extensions since these are necessary for
> > > - * validation.
> >
> > Isn't this still true? Y
On Mon, Sep 11, 2023 at 01:42:03AM +, Job Snijders wrote:
> This adds another compliance check for the X.509 subject name.
>
> Only commonName, and optionally serialNumber, are permitted in the
> certificate subject name. See RFC 6487 section 4.4 and 4.5.
>
> It seems the one CA who was not
On Thu, Sep 07, 2023 at 10:02:12PM +0200, Matthieu Herrb wrote:
> On Thu, Sep 07, 2023 at 05:24:56PM +0200, Matthieu Herrb wrote:
> > On Thu, Sep 07, 2023 at 07:11:40AM +0200, Anton Lindqvist wrote:
> > > On Wed, Sep 06, 2023 at 05:42:37AM -0600, Robert Nagy wrote:
> > > > CVSROOT:/cvs
> >
> If you have another idea why I get these let me know, I'm going to bed now
> and won't be up until 6AM or later tomorrow. I'm letting my kernel compile
> on the slow QEMU host overnight.
Please cut that crap out. Nobody cares.
On Wed, Sep 06, 2023 at 10:43:34AM +1000, Jonathan Gray wrote:
> On Wed, Dec 28, 2022 at 02:36:56PM -0700, Todd C. Miller wrote:
> > OK millert@ as well. There is no point in trying to fix this locally
> > when upstream zlib will be changing it in the near(?) future.
> >
> > - todd
>
> tb
On Sun, Sep 03, 2023 at 06:47:49PM +0200, Marc Espie wrote:
> On Thu, Aug 31, 2023 at 08:59:53AM +0200, Marc Espie wrote:
> > A long time ago, I tried to host our fork of make, in the hope it would get
> > picked up by other systems.
> >
> > Accordingly, some features were added to mimic netbsd's
On Wed, Aug 30, 2023 at 09:41:35AM +0200, Claudio Jeker wrote:
> In portable some features are disabled and requests by bgpctl should
> result in an error that is reasonable.
>
> For example bgpctl show fib returns "permission denied" in
> kroute-disabled.c which is not great. So lets have an
> + if (string[strlen(string) - 1] == '.')
> + buf[strlen(string) - 1] = '\0';
Careful with out-of-bounds accesses. What if string is "" ? Probably
easiest to do "len = strlen(string);" and if (len > 0 && ...).
On Mon, Aug 28, 2023 at 09:18:40PM +0200, Marc Espie wrote:
> On Mon, Aug 28, 2023 at 08:42:50PM +0200, Marc Espie wrote:
> > Turns out the exec in cmd_exec.c has absolutely zero reason to be
> > different from what engine does.
> >
> > This small patch moves a bit of code around, so that all
On Sat, Aug 12, 2023 at 02:29:45PM +, gil...@poolp.org wrote:
> Hello,
>
> Someone asked about selectable curves in the OpenSMTPD portable tracker,
> and it turns out I had a diff for that among a few others.
Why do they need this?
> - if (pread(fd, phdr, size, ehdr.e_phoff) != size) {
> + if ((nr = pread(fd, phdr, size, ehdr.e_phoff)) != -1) {
did you intend to check for == -1?
> warn("read(%s)", name);
should that not say pread?
On Fri, Aug 04, 2023 at 11:40:36AM +0200, Claudio Jeker wrote:
> When copying the shutdown reason from ctl_neighbor into the peer struct
> the strlcpy needs a NUL terminated string input. This may not be the case
> so we should be more careful here.
> I see two ways to fix this.
> a) force in a
On Thu, Aug 03, 2023 at 03:42:46PM +0200, Claudio Jeker wrote:
> iked has a special version of ibuf_size() called ibuf_length(). In the
> long run I want to remove this special case. The problem is that
> ibuf_length(NULL) returns 0 while ibuf_size() fails.
> Allowing the NULL pointer here results
Now that we have accessors for the SignedData and SignerInfo version
in libcrypto, let's put them to their intended use. For portable I have
made a PR to provide compat shims.
Index: cms.c
===
RCS file:
On Fri, Jul 28, 2023 at 12:06:54PM +0200, Claudio Jeker wrote:
> As suggested by tb@ add print_hexbuf() to hexdump an ibuf.
> Use this in place where a full ibuf is dumped. In some cases
> print_hex() is still used because the length is not the full
> ibuf or an offset is used.
ok tb
On Thu, Jul 27, 2023 at 03:31:32PM +0200, Claudio Jeker wrote:
> Use ibuf_data() instead of direct access to ibuf->buf.
> In some cases use ibuf_add_buf().
ok
> - print_hex(t->buf, 0, ibuf_length(t));
> + print_hex(ibuf_data(t), 0, ibuf_length(t));
There's a lot of these. Maybe worth
On Thu, Jul 20, 2023 at 05:22:25PM +0200, Theo Buehler wrote:
> On Thu, Jul 20, 2023 at 05:06:00PM +0200, Claudio Jeker wrote:
> > I think it is better to use a safe ideom when matching against a peer name
> > instead of forcefully NUL terminate the string somewhere unrelated.
>
On Thu, Jul 20, 2023 at 05:06:00PM +0200, Claudio Jeker wrote:
> I think it is better to use a safe ideom when matching against a peer name
> instead of forcefully NUL terminate the string somewhere unrelated.
> By default all these string buffers use the same size so strncmp() will
> not clip
On Thu, Jul 20, 2023 at 12:54:33PM +0200, Claudio Jeker wrote:
> Use the destination for the buffer len not the source.
ok
>
> --
> :wq Claudio
>
> Index: control.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/control.c,v
>
The addition of unveil broke interactive mode since ask() assumes the
default answer if it fails to open _PATH_TTY. Questions are only asked
if neither force nor batch mode is activated, so condition on those.
It seams cleaner to do unveil _PATH_TTY than to add a tty pledge since
as far as I can
On Tue, Jul 18, 2023 at 03:16:12PM +0200, Claudio Jeker wrote:
> ibuf_cat() is the same as ibuf_add_buf() so use the latter.
ok tb
On Sun, Jul 16, 2023 at 04:24:15PM +0200, Claudio Jeker wrote:
> Rename ibuf_get() to ibuf_getdata() by merging the two functions together.
> I want to use ibuf_get() as part of the ibuf API so this needs to move.
> Also use ibuf_add_zero() in a place of ibuf_reserve() and remove a check
> for
On Sat, Jul 15, 2023 at 12:53:45PM -0400, Dave Voutila wrote:
>
> Solène Rapenne writes:
>
> > On Fri, 2023-06-09 at 11:25 -0400, Dave Voutila wrote:
> >>
> >> Thanks. This feels like bad fd accounting during the fork/exec dance.
> >>
> >> Sounds like the switch definition and usage isn't
On Fri, Jul 14, 2023 at 11:43:38AM +0200, Claudio Jeker wrote:
> On Thu, Jul 13, 2023 at 11:36:22AM +0200, Theo Buehler wrote:
> > On Thu, Jul 13, 2023 at 10:04:33AM +0200, Claudio Jeker wrote:
> > > This is a follow-up to use more of the new ibuf API to write the
On Thu, Jul 13, 2023 at 10:04:33AM +0200, Claudio Jeker wrote:
> This is a follow-up to use more of the new ibuf API to write the mrt message.
>
> This removes all of the DUMP_XYZ macros and replaces them with
> ibuf_add_nX() calls. Also unify the error handling by using
> goto fail; in all cases
This is analogous to the change that op committed to smtpd a few days
ago. Instead of using ENGINE to make RSA use privsep via imsg, create
an RSA method that has custom priv_enc/priv_dec methods, replace the
default RSA method. Ditch numerous wrappers that extract the default
methods on the fly
Errata patches for bgpd(8), httpd(8) and the kernel have been released
for OpenBSD 7.2 and 7.3.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata72.html
On Wed, Jul 12, 2023 at 12:53:10PM +0200, Florian Obser wrote:
> So I was sufficiently bored during breakfast and decided to run afl
> against patch...
>
> basename(3) can fail thusly:
> ERRORS
> The following error codes may be set in errno:
>
> [ENAMETOOLONG] The path component
> Updated diff below
I have now spent a lot of time on this diff. Let's commit it in after
the upcoming release.
ok tb
On Fri, Jul 07, 2023 at 12:40:55AM +, Jeremy Evans wrote:
> On 12/23 08:36, Jeremy Evans wrote:
> > On 11/22 11:15, Jeremy Evans wrote:
> > > On 10/19 09:34, Jeremy Evans wrote:
> > > > Currently, when creating an archive file with pax(1), pax will attempt
> > > > to open a file even if the
On Mon, Jul 03, 2023 at 12:42:49PM +0200, Claudio Jeker wrote:
> On Mon, Jun 26, 2023 at 06:14:30PM +0200, Claudio Jeker wrote:
> > Adjust ldpd to follow the new ibuf API.
> > Diff is simple but as usual I could not test it out so please test.
>
> This is still open. I will commit this later
On Mon, Jul 03, 2023 at 12:28:44PM +0200, Claudio Jeker wrote:
> Same change as done in other daemons, use ibuf_data() and ibuf_size().
ok
On Mon, Jul 03, 2023 at 12:27:46PM +0200, Claudio Jeker wrote:
> Similar to the other daemons use ibuf_data() and ibuf_size() instead of
> direct access.
ok tb
On Mon, Jul 03, 2023 at 11:31:45AM +0200, Claudio Jeker wrote:
> Like ospfd use ibuf_data() consistently, also use ibuf_size() instead of
> ibuf->wpos and ibuf_left() to check if there is enough space left.
ok tb
On Mon, Jul 03, 2023 at 11:28:44AM +0200, Claudio Jeker wrote:
> Similar to the relayd diff use ibuf_data instead of ibuf->buf.
ok tb
On Mon, Jul 03, 2023 at 11:26:34AM +0200, Claudio Jeker wrote:
> This is just some additional ibuf cleanup in relayd.
> Mostly use ibuf_data() instead of direct access to ibuf->buf.
ok tb
>
> --
> :wq Claudio
>
> Index: check_tcp.c
>
On Sat, Jul 01, 2023 at 11:09:32PM +0200, Илья Шипицин wrote:
> I ran analyzer, it shows old findings. am I missing something? or patches
> were not yet applied
I have only just committed the diff for d1_pkt.c, thanks for the
reminder. I will look into the bio_ndef.c soon.
As already mentioned,
On Wed, Jun 07, 2023 at 04:00:43PM +0200, Florian Obser wrote:
> tests, OKs?
The diff is not going to get better by maturing on the list. If no one
tests voluntarily, they will have to. I looked over it and nothing really
shocked me.
ok tb
> > > - if ((new = reallocarray(comm->communities, newsize,
> > > - sizeof(struct community))) == NULL)
> > > + if ((new = recallocarray(comm->communities, comm->size,
> > > + newsize, sizeof(struct community))) == NULL)
> > >
On Tue, Jun 27, 2023 at 12:10:21PM +0200, Claudio Jeker wrote:
> Sorry this diff is a monster but it kind of turned into a all or nothing
> situation.
Frankly, it's not that bad.
> For a long time bgpd used a static 4k buffer plus a len argument to build
> updates. The result was ok but was also
On Thu, Jun 29, 2023 at 03:03:12PM +0200, Claudio Jeker wrote:
> Once again struct sockaddr_in6 causes 64bit systems to cry. This time in
> relayd. You can not statically setup a route message and think it will
> work. All our routing daemons switched to iov for building the route
> message out of
A thinko slipped through review in aspa.c which broke the ASPA counters.
Use only one counter and call it STYPE_PROVIDERS.
Is it ok to switch from "both" to "valid" in output-ometric.c for
consistency with the other products or do we need to maintain compat for
some parsers?
output before and
I wrote versions of this diff several times in the past but never sent
it out. A question by claudio encouraged me...
cryptowarnx() and cryptoerrx() fail at showing openssl error stacks
in a pleasant way as no amount of lipstick can make this pig pretty.
I don't think these stacks should be shown
On Wed, Jun 28, 2023 at 07:01:34PM +0200, Omar Polo wrote:
> On 2023/06/28 18:47:17 +0200, Theo Buehler wrote:
> > On Wed, Jun 28, 2023 at 06:37:43PM +0200, Omar Polo wrote:
> > > A similar thing could be applied to rpki-client' http.c as well, it
> > > should work t
On Wed, Jun 28, 2023 at 06:37:43PM +0200, Omar Polo wrote:
> since fetch.c revision 1.211 ("strip spaces at end of header lines and
> in chunked encoding headers") ftp removes trailing whitespaces early
> so we don't need to re-do that upon every header we parse.
>
> it can also be misleading
> -.An \ Shouten Aq Mt e...@freebsd.org
> +.An \ Schouten Aq Mt e...@freebsd.org
Committed. Thanks
On Mon, Jun 26, 2023 at 12:22:16PM +0200, Claudio Jeker wrote:
> This diff changes some parts of eigrpd to use the new ibuf API.
> There is one ibuf_seek() left in packet.c since the changes done to the
> header there are not as trivial as in any other daemon. So that part I
> left out for now.
On Sat, Jun 24, 2023 at 08:15:40PM +0200, Omar Polo wrote:
> while talking about a related matter with tb and jsing, jsing noted
> that ssl_init() in smtpd is completely useless. All its loading is
> already done automatically by libcrypto at runtime, and judging by the
> implementation of the
On Thu, Jun 22, 2023 at 02:25:08PM +0200, Claudio Jeker wrote:
> Here is a diff to refactor and update dvrmpd to use the new ibuf API.
> Instead of doing the checksum calculations in various places do it in
> send_packet() as a central place.
Reads ok, and again:
> Could people using dvrmpd test
On Thu, Jun 22, 2023 at 10:26:29AM +0200, Claudio Jeker wrote:
> Another ibuf_seek() -> ibuf_set_n16() conversions.
> While there also switch to ibuf_data() and ibuf_size().
Reads fine. ok. a test would indeed be nice.
The first warning cannot be hit because the X509v3_asid_is_canonical()
errors on empty asIdsOrRanges sequences. This is not the case for
IPAddrBlocks...
There is some ambiguity in RFC 6487, 4.8.10 whether empty
ipAddressesOrRanges are allowed or not. I opted for the stricter
interpretation
1 - 100 of 1548 matches
Mail list logo
