Re: 6.4 openBGPD Segfault caused by filters referencing undeclared prefix-set

2018-11-18 Thread Florian Obser
diff --git parse.y parse.y index 7b7ce5388c0..1aa2aabc28c 100644 --- parse.y +++ parse.y @@ -879,7 +879,7 @@ network : NETWORK prefix filter_set { struct network *n; if ((ps = find_prefixset($3, >prefixsets))

Re: rad: don't try to leave the multicast group on detached interfaces

2018-11-16 Thread Florian Obser
On Fri, Nov 16, 2018 at 04:30:28PM +0100, Reyk Floeter wrote: > Hi, > > the following patch prevents rad(8) from aborting when an interface is > detached (or a clone destroyed). It is no fatal condition for rad as > it otherwise handles interface events just fine by reinitializing > itself on

Re: [PATCH] httpd: Write X-Forwarded-For to access.log

2018-11-11 Thread Florian Obser
On Sun, Nov 11, 2018 at 01:46:06PM +0100, Sebastian Benoit wrote: > Bruno Flueckiger(inform...@gmx.net) on 2018.11.11 10:31:34 +0100: > > Hi > > > > When I run httpd(8) behind relayd(8) the access log of httpd contains > > the IP address of relayd, but not the IP address of the client. I've > >

Re: [PATCH] parse ! on hostname.if for autoinstall

2018-11-09 Thread Florian Obser
I have a use for this. Do the chicken scratches allow reject routes? I currently have bunch of lines like this in my hostname.if files: !route -q add -net 2a01:db8::/48 ::1 -reject On Fri, Nov 09, 2018 at 06:16:53PM -0600, Todd T. Fries wrote: > Would there be any merit in contemplating a syntax

Re: let ping6 set the IPv6 traffic class like it does for IPv4 TOS

2018-11-09 Thread Florian Obser
OK florian@ On Fri, Nov 09, 2018 at 06:43:06PM +1000, David Gwynne wrote: > On Fri, Nov 09, 2018 at 08:30:08AM +0100, Denis Fondras wrote: > > On Fri, Nov 09, 2018 at 05:07:10PM +1000, David Gwynne wrote: > > > On Fri, Nov 09, 2018 at 06:33:46AM +0100, Florian Obser wrote: >

Re: let ping6 set the IPv6 traffic class like it does for IPv4 TOS

2018-11-08 Thread Florian Obser
please update usage(), then it's OK florian@ Could you do tracerute6, too? On Fri, Nov 09, 2018 at 03:08:20PM +1000, David Gwynne wrote: > This sets ping6 up to specify the traffic class field for the IPv6 > traffic class field. The v6 traffic class is equivalent to the IPv6 > TOS/DSCP field, so

Re: disable fs access on ripd

2018-10-30 Thread Florian Obser
On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote: > Remi Locherer wrote: > > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote: > > > Hi, > > > > > > After all files are opened ripd(8) can have the fs access disabled just > > > before > > > each process main loop.

Re: unveil ospf6d's parent proc

2018-10-30 Thread Florian Obser
OK florian@ On Mon, Oct 29, 2018 at 11:27:15PM +0100, Remi Locherer wrote: > Hi, > > ospf6d does not support reloading so its parent proc does not need > filesystem access with the exception of the control socket cleanup on > exit. Once we teach it how to reload the config it is easy to unveil

Re: unveil htpasswd

2018-10-30 Thread Florian Obser
OK florian@ On Tue, Oct 30, 2018 at 09:02:48AM +, Ricardo Mestre wrote: > Hi, > > htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in > batch mode and 2 arguments are used we know we have to access argv[0] with rwc > permissions and also to rwc a temporary file in /tmp

Re: unveil ospfd's parent proc

2018-10-28 Thread Florian Obser
er wrote: >> >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: >> > > This breaks usage of the "include" keyword. Something that all >the parse.y daemons support. >> > > >> > >> > Oh, of course! >> > >> &

Re: unveil ospfd's parent proc

2018-10-26 Thread Florian Obser
This breaks usage of the "include" keyword. Something that all the parse.y daemons support. On October 26, 2018 5:26:06 PM GMT+02:00, Remi Locherer wrote: >Hi, > >this restricts ospfd's parent process to only read it's config file >(reload) >and unlink the control socket on exit. I added

Re: httpd(8): don't send HSTS headers over unencrypted connections

2018-10-15 Thread Florian Obser
OK florian@ On Mon, Oct 15, 2018 at 12:38:56AM -0600, Anthony J. Bentley wrote: > Florian Obser writes: > > On Sun, Oct 14, 2018 at 07:36:18PM -0600, Anthony J. Bentley wrote: > > > Hi, > > > > > > RFC 6797 says: > > > > > >An H

Re: httpd(8): don't send HSTS headers over unencrypted connections

2018-10-15 Thread Florian Obser
On Mon, Oct 15, 2018 at 07:33:52AM +0200, Bruno Flueckiger wrote: > On 14.10.18 19:36, Anthony J. Bentley wrote: > > Hi, > > > > RFC 6797 says: > > > >An HSTS Host MUST NOT include the STS header field in HTTP responses > >conveyed over non-secure transport. > > > > Is this the correct

Re: httpd(8): don't send HSTS headers over unencrypted connections

2018-10-15 Thread Florian Obser
On Sun, Oct 14, 2018 at 07:36:18PM -0600, Anthony J. Bentley wrote: > Hi, > > RFC 6797 says: > >An HSTS Host MUST NOT include the STS header field in HTTP responses >conveyed over non-secure transport. > > Is this the correct check? With this I get what I expect: HSTS headers please

unneeded ai_addrlen size checks

2018-10-14 Thread Florian Obser
I went through the tree and found these uneeded checks. They are unneeded because either: - we are asking getaddrinfo for a specific AF and shove the result into the right sized sockaddr_in{,6} - we are asking for AF_UNSPEC and switch on the returned ai_family - we stuff the result into

Re: ping: sockaddr size check

2018-10-14 Thread Florian Obser
On Sat, Oct 13, 2018 at 08:29:34PM +0200, Klemens Nanni wrote: > After calling getaddrinfo(3) we check the size of the returned socket > address to match for AF-specific cases, but I fail to see how this is > even possible. > > `hints.ai_family' is set appropiately and `res->ai_family' is

Re: [PATCH] Expose arpinq through sysctl

2018-10-13 Thread Florian Obser
Seems like a reasonable addition. OK florian@ or if someone gives me an OK I can commit it. On Wed, Oct 10, 2018 at 03:18:51PM +0200, Daniel Hokka Zakrisson wrote: > Hi, > > While investigating packet loss through OpenBSD 6.3 firewalls I noticed > that a lot of packets were getting dropped by

do not join node information multicast group

2018-10-04 Thread Florian Obser
Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joine the group though. OK? diff --git in6.c in6.c index c09ab1dcd0a..5297c0a1249 100644 --- in6.c +++ in6.c @@ -808,19 +808,6 @@ in6_update_ifa(struct ifnet *ifp,

nsd 4.1.25

2018-09-27 Thread Florian Obser
unexciting update to 4.1.25, running in production in front of a powerdns signer without issues. OK? diff --git config.h.in config.h.in index eded09dd6b3..4d47f603062 100644 --- config.h.in +++ config.h.in @@ -1,5 +1,8 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/*

Re: usr.bin/bgplg: remove ping6 leftovers

2018-09-14 Thread Florian Obser
On Fri, Sep 14, 2018 at 12:22:13PM +0200, Clemens Goessnitzer wrote: > In usr.bin/bgplg, ping6/Makefile is left-over from ping(6) unification. > However, there is no ping6 folder anymore: > > $ cd /usr/src/usr.bin/bgplg/ping6/ && make > *** Parse error in /usr/src/usr.bin/bgplg/ping6: Could not

Re: httpd: block return with a contentless status

2018-09-07 Thread Florian Obser
OK florian@ or I can commit it if someone gives me an OK On Fri, Sep 07, 2018 at 03:08:53AM +1200, Carlin Bingham wrote: > If httpd is configured to do "block return" with a 1xx or 204 status, it > sends a response with a Content-Length header and a body, which per RFC > 7230 it must not. > >

Re: httpd: block return with a contentless status

2018-09-06 Thread Florian Obser
+02:00, Florian Obser wrote: >On Fri, Sep 07, 2018 at 03:08:53AM +1200, Carlin Bingham wrote: >> If httpd is configured to do "block return" with a 1xx or 204 status, >it >> sends a response with a Content-Length header and a body, which per >RFC >>

Re: httpd: block return with a contentless status

2018-09-06 Thread Florian Obser
On Fri, Sep 07, 2018 at 03:08:53AM +1200, Carlin Bingham wrote: > If httpd is configured to do "block return" with a 1xx or 204 status, it > sends a response with a Content-Length header and a body, which per RFC > 7230 it must not. > > The use case for this is a webapp which wants the webserver

Re: ospfd: prevent additional ospfd from starting

2018-08-29 Thread Florian Obser
OK florian@ On Tue, Aug 28, 2018 at 01:19:39PM +0200, Remi Locherer wrote: > On Tue, Aug 28, 2018 at 07:56:43AM +0200, Claudio Jeker wrote: > > On Mon, Aug 27, 2018 at 11:33:19PM +0200, Remi Locherer wrote: > > > On Fri, Aug 24, 2018 at 12:21:31PM +0200, Remi Locherer wrote: > > > > On Fri, Aug

Re: mg: add set-case-replace

2018-08-29 Thread Florian Obser
OK florian On Tue, Aug 28, 2018 at 02:09:58PM +0200, Reyk Floeter wrote: > Hi, > > the new case-preserving replace is a very nice feature - > unless you want to replace a string with the exact capitalisation. > > From florian@'s original commit message: > > Use (mostly) the same capitalisation

Re: nsd 4.1.24

2018-08-15 Thread Florian Obser
When this goes in I think we should switch the default control socket and stop listening on localhost. OK? diff --git etc/nsd.conf etc/nsd.conf index 729a5f620ba..94710bfa5ae 100644 --- etc/nsd.conf +++ etc/nsd.conf @@ -19,6 +19,7 @@ server: remote-control: control-enable: yes +

nsd 4.1.24

2018-08-15 Thread Florian Obser
Now with systemd support! A more useful feature for us might be that nsd-control can now commuicate over a unix domain socket. OK? diff --git config.h.in config.h.in index d3470836f26..eded09dd6b3 100644 --- config.h.in +++ config.h.in @@ -317,6 +317,9 @@ /* Define to 1 if you have the

Re: refactor ieee80211_match_ess() / ieee80211_set_ess()

2018-08-06 Thread Florian Obser
please ignore On Mon, Aug 06, 2018 at 04:22:28PM +0200, Florian Obser wrote: > > Refactor ieee80211_match_ess() and ieee80211_set_ess(): > nwids are binary data with an explicit length, so treat them as such > instead of treating them like strings with a fixed len of > IEE

Re: refactor ieee80211_del_ess()

2018-08-06 Thread Florian Obser
please ignore On Mon, Aug 06, 2018 at 03:18:59PM +0200, Florian Obser wrote: > > Inspired by stsp's recent ieee80211_add_ess commit. > > Refactor ieee80211_del_ess(): > nwids are binary data with an explicit length, so treat them as such > instead of treating them like string

Re: relayd: remove lognotify

2018-08-06 Thread Florian Obser
On Mon, Aug 06, 2018 at 03:46:48PM +0200, Sebastian Benoit wrote: > > RELAYD_OPT_LOGNOTIFY seems to do nothing. > > ok? > > (benno_remove_lognotify.diff) > > diff --git usr.sbin/relayd/hce.c usr.sbin/relayd/hce.c > index e4b50292d69..7f0d70ba0e7 100644 > --- usr.sbin/relayd/hce.c > +++

refactor ieee80211_match_ess() / ieee80211_set_ess()

2018-08-06 Thread Florian Obser
Refactor ieee80211_match_ess() and ieee80211_set_ess(): nwids are binary data with an explicit length, so treat them as such instead of treating them like strings with a fixed len of IEEE80211_NWID_LEN. To avoid two searches in a row ieee80211_set_ess() accepts a struct ieee80211_ess which

refactor ieee80211_del_ess()

2018-08-06 Thread Florian Obser
Inspired by stsp's recent ieee80211_add_ess commit. Refactor ieee80211_del_ess(): nwids are binary data with an explicit length, so treat them as such instead of treating them like strings with a fixed len of IEEE80211_NWID_LEN. This recycles the ``all'' parameter and calls it len. If len == 0

Re: ifconfig join: show list of configured ess ids

2018-08-06 Thread Florian Obser
On Mon, Aug 06, 2018 at 12:05:30PM +0200, Stefan Sperling wrote: > On Mon, Aug 06, 2018 at 11:42:51AM +0200, Florian Obser wrote: > > I don't understand why we have a limit on the join list. > > The ioctl interface is easier to deal with if the max size is known in > advance.

Re: ifconfig join: show list of configured ess ids

2018-08-06 Thread Florian Obser
On Mon, Aug 06, 2018 at 11:31:27AM +0200, Stefan Sperling wrote: > On Sat, Aug 04, 2018 at 09:12:27PM +0200, Sebastian Benoit wrote: > > Hi, > > > > with this diff, > > > > ifconfig join > > > > will print the list of networks that are configured for autojoin. > > > > $ ifconfig iwm0 join

do not set nwid over and over again

2018-08-05 Thread Florian Obser
we just found the ess by comparing the nwid. It will not have magically changed behind our back. OK? diff --git net80211/ieee80211_node.c net80211/ieee80211_node.c index d4561bffc06..a282ed5a333 100644 --- net80211/ieee80211_node.c +++ net80211/ieee80211_node.c @@ -229,11 +229,10 @@

Re: ifconfig join: show list of configured ess ids

2018-08-05 Thread Florian Obser
OK florian@ On Sat, Aug 04, 2018 at 09:12:27PM +0200, Sebastian Benoit wrote: > Hi, > > with this diff, > > ifconfig join > > will print the list of networks that are configured for autojoin. > > $ ifconfig iwm0 join > iwm0: flags=208843 mtu 1500 > lladdr a4:7f:da:a4:d7:c1 >

Re: remove pledge(2) cpath from switchd(8)

2018-08-05 Thread Florian Obser
OK florian@ On Sat, Aug 04, 2018 at 12:18:45PM +0100, Ricardo Mestre wrote: > Hi, > > Here's another one for switchd(8) which removes cpath promise from pledge(2) > > OK? > > Index: control.c > === > RCS file:

Re: remove pledge(2) cpath from vmd(8)

2018-08-05 Thread Florian Obser
OK florian@ On Sat, Aug 04, 2018 at 12:21:46PM +0100, Ricardo Mestre wrote: > Hi, > > And here's another one that also removes cpath promise from vmd(8) > > OK? > > Index: control.c > === > RCS file:

Re: remove pledge(2) cpath from eigrpd(8)

2018-08-05 Thread Florian Obser
On Sat, Aug 04, 2018 at 12:12:06PM +0100, Ricardo Mestre wrote: > Hi, > > As we discussed, here's a diff to revert back my previous commit on > eigrpd(8) and remove cpath promise entirely since if the socket is not > deleted at shutdown it won't cause any harm. > > OK? I'd prefer to get rid of

Re: please test: unveil for ifconfig

2018-08-03 Thread Florian Obser
A bug in the unveil implementation has been found that prevents wifi firmware loading if this diff is applied. On August 2, 2018 7:04:31 PM GMT+02:00, Florian Obser wrote: >I have been told that this is going to fall into snaps soon. If you >are doing weird (or normal) things with if

Re: rad(8): move dns settings to global options

2018-08-03 Thread Florian Obser
sthen pointed out that it's better to overwrite dns options, not to merge diff --git engine.c engine.c index db31fb2a15b..93010cace51 100644 --- engine.c +++ engine.c @@ -260,6 +260,7 @@ engine_dispatch_main(int fd, short event, void *bula) { static struct rad_conf *nconf;

rad(8): move dns settings to global options

2018-08-03 Thread Florian Obser
Move dns settings to global options so that they don't need to be repeated in every interface block. OK? diff --git engine.c engine.c index db31fb2a15b..93010cace51 100644 --- engine.c +++ engine.c @@ -260,6 +260,7 @@ engine_dispatch_main(int fd, short event, void *bula) { static struct

Re: correct nd6_timer_next accounting

2018-08-03 Thread Florian Obser
Anyone brave enough to OK this? I haven't heard from anyone that it breaks their internet... On Wed, Aug 01, 2018 at 11:18:02PM +0200, Florian Obser wrote: > I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) > but when you try to reach that target no neighbor solici

Re: please test: unveil for ifconfig

2018-08-02 Thread Florian Obser
this one's better - use the correct unveil pattern, pointed out by brynet@ - argv[0] vs. argv[i], pointed out by Matthew Martin and Mario Campos diff --git ifconfig.c ifconfig.c index 9bfb1751aab..20154059394 100644 --- ifconfig.c +++ ifconfig.c @@ -676,10 +676,15 @@ main(int argc, char *argv[])

please test: unveil for ifconfig

2018-08-02 Thread Florian Obser
I have been told that this is going to fall into snaps soon. If you are doing weird (or normal) things with ifconfig, please test. In particular if you use rulefile. Thanks! diff --git ifconfig.c ifconfig.c index 9bfb1751aab..873aed5bcc7 100644 --- ifconfig.c +++ ifconfig.c @@ -676,10 +676,13

Re: correct nd6_timer_next accounting

2018-08-02 Thread Florian Obser
Note that the neighbor entry is in state S (stale). Whatever that means... On Thu, Aug 02, 2018 at 04:44:57PM +0100, Stuart Henderson wrote: > On 2018/08/01 23:18, Florian Obser wrote: > > I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) > > but when y

correct nd6_timer_next accounting

2018-08-01 Thread Florian Obser
I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) but when you try to reach that target no neighbor solicitation is send. I think the reason for that is that no new nd6_timer is scheduled because the code thinks it is already scheduled. Maybe. I'm having a hard time reproducing

nsd 4.1.23

2018-07-30 Thread Florian Obser
works for me[tm] OK? NSD versions 4.1.22 and before are vulnerable in comparing TSIG information and this can be used to discover a TSIG secret. NSD uses TSIG to protect zone transfers. The TSIG code uses a secret key to

Re: mg(1): Ignore dirty flag on *undo* buffer

2018-07-26 Thread Florian Obser
Thanks! However, since rev 1.72 of buffer.c this is not necessary any more. Buffers with names starting and ending with '*' are considered throw away and have BFIGNDIRTY set in bnew(). On Sun, Jul 22, 2018 at 12:14:32PM +0200, Joachim Nilsson wrote: > Hi guys, > > here's a patch to mg I did a

Re: Setting MTU in slaacd (1/4)

2018-07-24 Thread Florian Obser
I think this is the right place to put this. (The diff is missing context, this is the wroute pledge). dhclient(8) is also using this ioctl so one step closer to pledge the dhclient priv process, too. this is OK florian@ but you will need an ok from deraadt, too! On Tue, Jul 24, 2018 at

Re: Setting MTU in slaacd (2/4)

2018-07-24 Thread Florian Obser
On Tue, Jul 24, 2018 at 08:29:30PM +0200, Björn Ketelaars wrote: > Assuming that the pledge bits are in, the diff below enables setting of > MTU on the interface by slaacd. > > If a MTU is advertised it is checked that it is at least 1280 bytes. If > not MTU is set to 1280. If no MTU is

Re: show advertised MTU in slaacctl

2018-07-24 Thread Florian Obser
On Mon, Jul 23, 2018 at 08:59:37PM +0200, Björn Ketelaars wrote: > On Mon 23/07/2018 17:38, Florian Obser wrote: > > On Sun, Jul 22, 2018 at 10:32:31AM +0200, Björn Ketelaars wrote: > > > On Sun 22/07/2018 07:27, Björn Ketelaars wrote: > > > > Now that rad(8) is a

Re: show advertised MTU in slaacctl

2018-07-23 Thread Florian Obser
On Mon, Jul 23, 2018 at 05:53:09PM +0200, Klemens Nanni wrote: > On Mon, Jul 23, 2018 at 05:38:58PM +0200, Florian Obser wrote: > > Do you intend to set the mtu on the interface? If not I'm a bit > > reluctand to parse and show it. I know that we are showing the > > n

Re: show advertised MTU in slaacctl

2018-07-23 Thread Florian Obser
On Sun, Jul 22, 2018 at 10:32:31AM +0200, Björn Ketelaars wrote: > On Sun 22/07/2018 07:27, Björn Ketelaars wrote: > > Now that rad(8) is able to advertise a MTU I think it would be nice to > > have slaacctl(8) show this advertisement. The patch below touches both > > sbin/slaacd and

Re: pfctl: use strtonum in host()

2018-07-23 Thread Florian Obser
On Mon, Jul 23, 2018 at 11:22:56AM +0200, Otto Moerbeek wrote: > On Mon, Jul 23, 2018 at 11:16:16AM +0200, Klemens Nanni wrote: > > > strtonum(3) is simpler than checking three cases for `q' and gives nicer > > error messages. While here, use `v6mask' as maximum netmask instead of > > hardcoding

slaacd(8): moving between networks

2018-07-22 Thread Florian Obser
When one is connected to a network, suspends or hibernates, moves to a different network and wakes up one ends up with ip addresses from both networks and things probably go sideways. There is a good chance that source address selection picks the wrong IP. One common suggestion is that slaacd

Re: slaacd(8): handle duplicate addresses

2018-07-22 Thread Florian Obser
anyone? On Wed, Jul 18, 2018 at 01:55:37PM +0200, Florian Obser wrote: > > Handle duplicate address detection failures. > > We get notified when duplication is detected on the route socket. For > privacy addresses simply generate a new random address. If we have > soii enable

Re: call for testing: rad(8) - a rtadvd(8) replacement

2018-07-20 Thread Florian Obser
On Fri, Jul 20, 2018 at 03:40:07PM +0200, Björn Ketelaars wrote: > New diff, which addresses all your comments except the "no mtu" bit in > the parser as I do not understand what you mean. Never mind then :) I was thinking about something like this: 8< mtu 1480 interface ix0 # gets mtu

Re: call for testing: rad(8) - a rtadvd(8) replacement

2018-07-19 Thread Florian Obser
On Thu, Jul 19, 2018 at 09:47:06PM +0200, Björn Ketelaars wrote: > On Wed 18/07/2018 08:54, Florian Obser wrote: > > During g2k18 I commited rad(8). > > > > The latest amd64 and i386 snapshots should contain it with enough > > features to replace rtadvd(8). If

slaacd(8): handle duplicate addresses

2018-07-18 Thread Florian Obser
Handle duplicate address detection failures. We get notified when duplication is detected on the route socket. For privacy addresses simply generate a new random address. If we have soii enabled increase the dad counter on the prefix and generate a new address. For eui64 addresses nothing can

Re: call for testing: rad(8) - a rtadvd(8) replacement

2018-07-18 Thread Florian Obser
On Wed, Jul 18, 2018 at 11:03:46AM +0200, Sebastien Marie wrote: > On Wed, Jul 18, 2018 at 08:54:51AM +0200, Florian Obser wrote: > > During g2k18 I commited rad(8). > > > > The latest amd64 and i386 snapshots should contain it with enough > > features to replace

call for testing: rad(8) - a rtadvd(8) replacement

2018-07-18 Thread Florian Obser
During g2k18 I commited rad(8). The latest amd64 and i386 snapshots should contain it with enough features to replace rtadvd(8). If you are using rtadvd(8) I'd appreciate if you could switch to rad(8) and report back if any features are missing. The plan is to unhook rtadvd(8) from the build

Re: rad(8): add rad.conf to changelist(5)

2018-07-13 Thread Florian Obser
On Fri, Jul 13, 2018 at 08:19:17AM +0200, Sebastien Marie wrote: > Hi, > > As rad(8) is linked in the build, I think it makes sens to add rad.conf > to changelist ? thanks! I always forget about the changelist. Commited with tb's tweak. > > Thanks. > -- > Sebastien Marie > > Index:

RTM_CHGADDRATTR try 2

2018-07-12 Thread Florian Obser
When I sent this around in april it still needed the kernel lock which made it fuggly... Now the netlock is enough. Introduce RTM_CHGADDRATTR to inform userland on the route socket when an attribute of an address is changed. For now it's used when IPv6 duplicate address detection finishes. With

Re: mg(1): query-replace & capitilisation

2018-07-12 Thread Florian Obser
phessler points out that the variable names are confusing. diff --git line.c line.c index ae5d4a7e3bb..301f5206fdc 100644 --- line.c +++ line.c @@ -18,6 +18,7 @@ */ #include +#include #include #include #include @@ -511,7 +512,11 @@ int lreplace(RSIZE plen, char *st) {

mg(1): query-replace & capitilisation

2018-07-12 Thread Florian Obser
mg(1) searches case insensitve and puts the replace string verbatime in place. The One True Editor considers the case (capitalised or all uppercase) and adjusts the replacement string accordingly. This only happens when the replacement string is all lowercase. The following diff implements this

Re: soii addresses for interfaces without layer 2 addresses

2018-07-11 Thread Florian Obser
On Wed, Jul 11, 2018 at 10:04:53AM +0200, Martin Pieuchot wrote: > On 10/07/18(Tue) 18:01, Florian Obser wrote: > > When an interface doesn't have a layer 2 address in6_get_soii_ifid() > > failes and then later on a in in6_get_ifid() a layer 2 address is > >

rc(8): don't hide failures from route6d & rtadvd

2018-07-11 Thread Florian Obser
at least rtadvd has it's own check and failes to start if forwarding is not enabled, not sure what route6d is doing. rc(8) should not silently hide errors. OK? diff --git etc/rc etc/rc index 21f009306cb..938f4858301 100644 --- etc/rc +++ etc/rc @@ -575,14 +575,7 @@ run_upgrade_script sysmerge

Re: pledge ospf6d

2018-07-10 Thread Florian Obser
Reads good. OK florian On July 10, 2018 7:12:01 PM GMT+02:00, Florian Riehm wrote: >Hi, > >this adds pledge to the ospf6d route decision engine and the ospf >engine. >It is compared to the ospfd quite simple, since ospf6d does not support >reload, >rdomains and kif-interfaces. > >ok? > >friehm >

soii addresses for interfaces without layer 2 addresses

2018-07-10 Thread Florian Obser
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface. Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers

stable IPv6 link local addresses for interfaces without layer 2 addresses

2018-07-10 Thread Florian Obser
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is

Re: route: improve inet6_makenetandmask

2018-06-24 Thread Florian Obser
On Sun, Jun 24, 2018 at 10:29:55PM +0200, Klemens Nanni wrote: > On Sun, Jun 24, 2018 at 10:09:26PM +0200, Florian Obser wrote: > > I don't understand why it's equivalent. > > > > prefixlen() seems to operate on so_mask while the only caller of > > inet6_makene

Re: route: improve inet6_makenetandmask

2018-06-24 Thread Florian Obser
On Sun, Jun 24, 2018 at 07:54:48PM +0200, Jeremie Courreges-Anglas wrote: > On Sun, Jun 24 2018, Klemens Nanni wrote: > > On Sun, Jun 24, 2018 at 04:34:01PM +0200, Jeremie Courreges-Anglas wrote: > >> So if I understand correctly, this diff does three things: > >> 1. shorten the code (remove the

Re: slaacd(8): stop unrolling loops

2018-06-21 Thread Florian Obser
On Thu, Jun 21, 2018 at 10:02:41AM +0200, Janne Johansson wrote: > Den ons 20 juni 2018 kl 16:16 skrev Florian Obser : > > > This might have been a good idea 20 years ago but in this day and age > > the compiler is probably better at unrolling loops. > > > > Wo

slaacd(8): stop unrolling loops

2018-06-20 Thread Florian Obser
This might have been a good idea 20 years ago but in this day and age the compiler is probably better at unrolling loops. OK? diff --git engine.c engine.c index 9f94bf177ff..330c2725ae0 100644 --- engine.c +++ engine.c @@ -1262,6 +1262,7 @@ gen_addr(struct slaacd_iface *iface, struct radv_prefix

Re: mandoc potential memory leak fix

2018-06-18 Thread Florian Obser
On Mon, Jun 18, 2018 at 04:37:32PM +0200, Jan Schreiber wrote: > Hi, > > this patch closes potential memory leaks in the mandoc memory wrapper > functions and follows the examples in the manpages. > These are not leaks since mandoc exits via err(3) immediately after an allocation failure. Which

Re: Should whois(1) and IPv6 default to ANICHOST?

2018-06-17 Thread Florian Obser
I like it, I think the heuristic is good enough. OK florian@ or I take OKs to commit it myself ;) On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote: > Hi, > > This is very naive patch for whois(1) which makes it work > by default for IPv6 addresses. I went with very minimal >

slaacd(8): pledge main process

2018-06-16 Thread Florian Obser
I just commited the kernel bits. I intend to commit the userland bits on monday. If you want to play along at home, here is the diff: (you need an up2date checkout, a new kernel and at least make includes). diff --git slaacd.c slaacd.c index 8a405b5ca94..8e4207faf05 100644 --- slaacd.c +++

Re: netintro.4 fix

2018-06-13 Thread Florian Obser
On Wed, Jun 13, 2018 at 06:03:00PM +0300, Mikhail wrote: > Nuke non-existing chapter link in netintro.4. My system has quite a few DIAGNOSTIC sections in section 4: $ fgrep DIAGNOSTICS /usr/share/man/man4/* | wc -l 72 > > Index: netintro.4 >

nsd 4.1.22

2018-06-13 Thread Florian Obser
OK? diff --git config.h.in config.h.in index 795944fb1af..d3470836f26 100644 --- config.h.in +++ config.h.in @@ -25,6 +25,9 @@ /* Define to the default facility for syslog. */ #undef FACILITY +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + /* Define to 1 if

Re: ping.c minor bug discrepancy between reported size of icmp packet

2018-06-09 Thread Florian Obser
On Fri, Jun 08, 2018 at 08:52:17PM +0100, Tom Smyth wrote: > Hello I see a small discrepancy between the measurement > of sent and received packets as displayed by ping command > > on the wire the sent and received packets are the same size > I had a brief go > > foo# ping 5.134.88.1 > PING

Re: [Patch] mg(1) tutorial: no columns :(

2018-05-27 Thread Florian Obser
On Fri, May 25, 2018 at 02:42:07PM -0400, Brian Callahan wrote: > > > On 05/25/18 10:25, Leonid Bobrov wrote: > > Mentioning would be nice. > > > > display.c's 1.39 revision log says "off by default > > to not kill slow serial lines" -_- > > > > Then why not write that diff? > Something like

Re: [Patch] mg(1) set column-number-mode on by default

2018-05-26 Thread Florian Obser
Not OK. With column-number-mode on mg has to redraw the modeline (maybe even the whole window?) on every cursor move. Try it on a 9600 serial console. With line-number-mode on the redraw is only necessary when a cursor move changes the line number. Happens considerably less often. Also note how

Re: nsd: refuse-any for udp only & default changes

2018-05-17 Thread Florian Obser
On Thu, May 17, 2018 at 07:26:47PM +0100, Stuart Henderson wrote: > On 2018/05/17 19:06, Florian Obser wrote: > > 2) turn on minimal-reponses and refuse-any per default > > > > I think these are better / sane defaults. > > I agree, OK. > > What do you think ab

nsd: refuse-any for udp only & default changes

2018-05-17 Thread Florian Obser
Two diffs for the price of one! 1) From upcomming nsd 4.1.22: refuse-any sends truncation (+TC) in reply to ANY queries over UDP, and allows TCP queries like normal. 2) turn on minimal-reponses and refuse-any per default I think these are better / sane defaults. I take OKs for both or

nsd 4.1.21

2018-05-17 Thread Florian Obser
Trivial update to 4.1.21. There is quite a lot of sillyness in here. The only really interesting bit is probably refuse-any. OK? diff --git Makefile.in Makefile.in index 5bd2364579c..16d193f766d 100644 --- Makefile.in +++ Makefile.in @@ -291,6 +291,7 @@ zlexer.c: $(srcdir)/zlexer.lex

Re: slaacd(8) handle RTM_DELETE of default route

2018-05-17 Thread Florian Obser
forgot to mention, this needs a fairly recent checkout On Thu, May 17, 2018 at 02:25:44PM +0200, Florian Obser wrote: > Peter points out that I never got around to correctly handling > RTM_DELETE in slaacd. If something deletes the slaacd handled default > route we should just

slaacd(8) handle RTM_DELETE of default route

2018-05-17 Thread Florian Obser
Peter points out that I never got around to correctly handling RTM_DELETE in slaacd. If something deletes the slaacd handled default route we should just re-create it. (Something being an explicit route(8) delete or if it implicitly disapears because of on ifconfig(8) lladdr random). Tests, OKs?

nuke unused ia6_createtime

2018-05-06 Thread Florian Obser
OK? diff --git in6.c in6.c index 82d1c23d4ae..e25843dd9a5 100644 --- in6.c +++ in6.c @@ -637,7 +637,7 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, ia6->ia_ifa.ifa_addr = sin6tosa(>ia_addr); ia6->ia_addr.sin6_family = AF_INET6;

Re: Push the netlock down in in_control()

2018-05-01 Thread Florian Obser
looks reasonable to me. OK On Tue, May 01, 2018 at 07:08:59PM +0200, Theo Buehler wrote: > On Mon, Apr 30, 2018 at 02:55:21PM +0200, Martin Pieuchot wrote: > > On 30/04/18(Mon) 12:00, Theo Buehler wrote: > > > With mpi's encouragement and guidance, here's a diff that reduces the > > > scope of

route(8): stop debugging route monitor

2018-04-30 Thread Florian Obser
The -d flag should be a no-op in monitor mode since it does not modify the routing table. However, if -d is provided route monitor lists all interfaces and their associated addresses and exits. This is confusing, unexpected and no longer needed (if ever). Make -d a proper no-op for route monitor

route(8): sync p_rttables to netstat(1) version

2018-04-30 Thread Florian Obser
Sync p_rttables() to netstat(1) version. Pointed out by claudio and mpi. Remaining differences are pledge and priority handling which only route(8) has. While here switch flushroutes to get_sysctl() function. OK? diff --git route.c route.c index d93374578c5..85e76621dd3 100644 --- route.c +++

route(8): tableid is always valid

2018-04-29 Thread Florian Obser
tableid is either initialized to the current routing table or to the one specified by the T flag. No need to pass a flag around if the tableid is valid. It always is. This code is now in sync between flushroutes() and p_rttables(). OK? diff --git route.c route.c index

route(8): let the kernel do the filtering for flushroutes

2018-04-29 Thread Florian Obser
No need to get the whole routing table from the kernel if we are filtering by address family and / or priority; similar to what p_rttables() is doing. (On a router in the DFZ we need to copy 150+ MB) OK? diff --git route.c route.c index 031ae6c1b33..229cca1491d 100644 --- route.c +++ route.c

Re: fix route monitor -AF

2018-04-29 Thread Florian Obser
On Sun, Apr 29, 2018 at 09:12:36PM +0200, Sebastian Benoit wrote: > Florian Obser(flor...@openbsd.org) on 2018.04.29 17:10:46 +0200: > > in the pledge refactoring in 2015 we lost the ability to filter on > > address family when running route monitor. > > i.e. route monitor -

fix route monitor -AF

2018-04-29 Thread Florian Obser
in the pledge refactoring in 2015 we lost the ability to filter on address family when running route monitor. i.e. route monitor -inet6 would only show IPv6 route messages. This restores that functionality. To see that I'm not globbering some global state I (more or less) machanically turned int

Re: net80211: stub SIOCS80211SCAN, make ifconfig scan instant

2018-04-25 Thread Florian Obser
On Wed, Apr 25, 2018 at 09:14:42PM +0300, Paul Irofti wrote: > On Wed, Apr 25, 2018 at 08:55:26PM +0300, Paul Irofti wrote: > > Hi, > > > > The following diff removes the functionality of the SIOCS80211SCAN ioctl. > > After long discussions with stps@, mpi@, and deraadt@ we decided that > > this

Re: RTM_CHGADDRATTR

2018-04-25 Thread Florian Obser
anyone? should slaacd just poll? On Wed, Apr 18, 2018 at 07:49:41PM +0200, Florian Obser wrote: > On Wed, Apr 18, 2018 at 05:05:59PM +0200, Florian Obser wrote: > > This is to inform userland (i.e. slaacd(8)) when duplicate address > > detection finishes. > > > > Not a

Re: remove unused rtentry parameter from rtm_addr()

2018-04-23 Thread Florian Obser
any objections? otherwise I'll commit it with OK benno, kn On Thu, Apr 19, 2018 at 08:08:45AM +0200, Florian Obser wrote: > On Wed, Apr 18, 2018 at 11:31:02PM +0200, Alexander Bluhm wrote: > > On Wed, Apr 18, 2018 at 05:03:04PM +0200, Florian Obser wrote: > > > @@ -1158,9 +11

Re: re-run DAD on address update

2018-04-23 Thread Florian Obser
anyone? On Wed, Apr 18, 2018 at 02:09:56PM +0200, Florian Obser wrote: > Run duplicate address detection again if an existing address gets > updated from userland that was marked duplicated or tentative. > > Otherwise we would just lose the duplicated / tentative stat

  1   2   3   4   5   >