Re: lladdr support for netstart/hostname.if

2022-11-22 Thread Florian Obser
On 2022-11-22 18:06 +10, David Gwynne wrote: > > There are a few things to keep in mind if we're going to use lladdrs like > this. > > vlan interfaces start with their lladdr as 00:00:00:00:00:00 and then assume > the lladdr of the parent interface when that is configured. > > Clonable devices

unit(1): Sur l’extension de la liste des préfixes du SI

2022-11-18 Thread Florian Obser
See page 6 of https://www.bipm.org/documents/20126/77765681/Resolutions-2022.pdf/281f3160-fc56-3e63-dbf7-77b76500990f OK? diff --git usr.bin/units/units.lib usr.bin/units/units.lib index c50011dcbc8..fb61ae63dc4 100644 --- usr.bin/units/units.lib +++ usr.bin/units/units.lib @@ -13,6 +13,8 @@

Re: fix Ipv6 link local address assignment

2022-11-15 Thread Florian Obser
On 2022-11-15 19:21 +01, Claudio Jeker wrote: > My last commit to in6_ifattach() broke a few regress tests. > The problem is that 'ifconfig tun0 inet6 eui64' no longer works. > Now I thought it would if called explicitly but no. > So lets peddal back a bit and assign link-local addresses on all

Re: netstart: wait for autoconf on RUNNING interfaces only

2022-11-11 Thread Florian Obser
On 2022-11-11 20:15 UTC, Klemens Nanni wrote: > On Fri, Nov 11, 2022 at 07:00:27PM +0000, Florian Obser wrote: >> On 2022-11-11 16:55 UTC, Klemens Nanni wrote: >> > Only /etc/hostname.athn0 contains autoconf on my X230. >> > >> > When the hardware switch

Re: netstart: wait for autoconf on RUNNING interfaces only

2022-11-11 Thread Florian Obser
On 2022-11-11 16:55 UTC, Klemens Nanni wrote: > Only /etc/hostname.athn0 contains autoconf on my X230. > > When the hardware switch turned off, netstart still waits 10 seconds: > > $ ifconfig athn0 > athn0: > flags=a48803 > mtu 1500 > lladdr 04:f0:21:30:37:de >

Re: ftp: strnvis redirect uri

2022-11-09 Thread Florian Obser
200 might be a bit short for an URL, no? On 2022-11-09 16:34 +01, Claudio Jeker wrote: > The redirect URI is untrusted input so strnvis it first before printing > it. > > -- > :wq Claudio > > Index: fetch.c > === > RCS file:

Re: route(8) example for "out of prefix" default gateway

2022-11-09 Thread Florian Obser
OK florian On 9 November 2022 07:37:50 GMT, Stuart Henderson wrote: >Seems some hosting providers have annoying "out of prefix" >default gateways whuch are painful to configure >(https://marc.info/?t=16678224225=1=2), should >we give a pointer in route(8)? > >Index: route.8

Re: rad(8): Implement RFC 8781 PREF64 router advertisement option.

2022-10-15 Thread Florian Obser
On 2022-10-15 13:00 +02, Florian Obser wrote: > With this clients can learn the presence and used prefix for Network > Address and Protocol Translation between IPv6 and IPv4 (NAT64). > > Apparently there is support in mobile devices as well as in macOS. > > This option, together

rad(8): Implement RFC 8781 PREF64 router advertisement option.

2022-10-15 Thread Florian Obser
With this clients can learn the presence and used prefix for Network Address and Protocol Translation between IPv6 and IPv4 (NAT64). Apparently there is support in mobile devices as well as in macOS. This option, together with the the dhcp "IPv6-only preferred" option (108) enables the

Re: mg: add zap-to-char and zap-up-to-char

2022-10-13 Thread Florian Obser
On 2022-10-13 12:16 +02, Omar Polo wrote: > small quality-of-life addition. GNU Emacs has zap-to-char bound by to > M-z and zap-up-to-char unbound; i'm unsure how closely we want to > follow emacs here, IMHO zap-up-to-char is way more useful than > zap-to-char and so i opted to bound M-z to

Re: sysupgrade: exit 1 instead of exit 0 when ending early

2022-10-07 Thread Florian Obser
On 2022-10-07 14:39 -04, Josh Grosse wrote: > For ease of running sysupgrade from within a script. > > diff --git a/usr.sbin/sysupgrade/sysupgrade.sh > b/usr.sbin/sysupgrade/sysupgrade.sh > index d80ff127ffa..ce5800093c9 100644 > --- a/usr.sbin/sysupgrade/sysupgrade.sh > +++

Re: acme-client: allow newlines in alternative names

2022-10-05 Thread Florian Obser
Makes sense to me, OK florian Please wait a day or two in case there are objections. On 2022-10-05 09:28 +02, Omar Polo wrote: > just a small scratch to itch; i'd prefer if i could split the > alternative names in multiple lines without using \ > > so, now one should be able to write > > domain

Re: Remove some unnecessary setproctitle(3) format strings

2022-09-27 Thread Florian Obser
On 2022-09-27 09:26 +02, Martijn van Duren wrote: > The caveats section talks about "user-supplied data". These string are > constant and don't contain any '%'. Most other daemons in base use the > setproctitle("title"); format as well. It's not that clear cut, snmpd(8), a daemon you might be

Re: grdc: show timezone when TZ is set

2022-09-23 Thread Florian Obser
deraadt objected to the time zone validation. I don't care about the feature and I agree with the point that I shouldn't do it because there is no API for it. I don't even know where the time zone files are. To make this all more symmetric always print tm_zone, even if TZ is not set. OK? diff

Re: grdc: show timezone when TZ is set

2022-09-23 Thread Florian Obser
So, with the tzset(3) restriction in place I'd like to fix grdc, because what we currently have is wrong: There are time zones that have minute offsets, display those correctly. Pointed out by pjanzen@. To display the offset, use ISO 8601, as suggested by David Goerger. Take a guess if tzset(3)

Re: sysupgrade - Reading from socket: Undefined error: 0

2022-09-20 Thread Florian Obser
On 2022-09-19 22:27 +02, Hrvoje Popovski wrote: > Hi all, > > when doing sysupgrade few minutes ago on multiple machines i'm getting > error in subject > > smc24# sysupgrade -s > Fetching from https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/ > SHA256.sig 100%

Re: grdc: show timezone when TZ is set

2022-09-18 Thread Florian Obser
I'm happy with that, let's do this then - fix the offset calculation - output tm->tm_zone in addition to TZ to be able to spot typos. OK? diff --git grdc.c grdc.c index 66e5eee79e6..05b1ff1ea87 100644 --- grdc.c +++ grdc.c @@ -185,9 +185,12 @@ main(int argc, char *argv[])

Re: grdc: show timezone when TZ is set

2022-09-18 Thread Florian Obser
On 2022-09-18 01:55 -04, Paul Janzen wrote: > The recent change to grdc(6), to display additional information if TZ is > set, has a few issues. > > 1. Time zone offset incorrectly reported in Newfoundland. > > Some time zones have offsets of 30 or 45 minutes. The displayed time > offset is

Re: grdc: show timezone when TZ is set

2022-09-17 Thread Florian Obser
On 2022-09-17 08:42 UTC, Klemens Nanni wrote: > On Sat, Sep 17, 2022 at 09:40:27AM +0200, Florian Obser wrote: >> On 2021-10-24 03:06 +02, James Russell Stickney wrote: >> > I recently found myself wanting to moniter local time from a number of >> > locations aro

Re: grdc: show timezone when TZ is set

2022-09-17 Thread Florian Obser
On 2021-10-24 03:06 +02, James Russell Stickney wrote: > I recently found myself wanting to moniter local time from a number of > locations around the world. > Setting the TZ environment variable on grdc did a wonderfull job at this. > At which point, I wanted to know which clock was showing

Re: httpd: overwrite rather than error for duplicate type entries

2022-09-02 Thread Florian Obser
This diff is correct and the use-case makes sense to me. OK florian On 2022-09-01 21:30 +01, Ben Fuller wrote: > On Thu, Sep 01, 2022 at 21:22:13 +0100, Ben Fuller wrote: >> On Thu, Sep 01, 2022 at 21:44:34 +0200, Florian Obser wrote: >> > Pretty sure this doesn't compil

Re: httpd: overwrite rather than error for duplicate type entries

2022-09-01 Thread Florian Obser
Pretty sure this doesn't compile. If it were to compile it would leak memory. On 1 September 2022 20:32:55 CEST, Ben Fuller wrote: >Hi, > >In my httpd.conf, I include /usr/share/misc/mime.types but also want to >define a few of my own type rules: in particular, I wanted to use > >

Re: ps(1): add -d (descendancy) option to display parent/child process relationships

2022-09-01 Thread Florian Obser
On 2022-09-01 09:55 -06, "Theo de Raadt" wrote: > Job Snijders wrote: > >> On Thu, Sep 01, 2022 at 03:14:40PM +0200, Martin Schröder wrote: >> > Am Do., 1. Sept. 2022 um 05:38 Uhr schrieb Job Snijders : >> > > Some ps(1) implementations have an '-d' ('descendancy') option. Through >> > > ASCII

Re: dhcpleased.8: add lease files to FILES

2022-08-28 Thread Florian Obser
On 2022-08-18 20:34 UTC, Klemens Nanni wrote: > On Thu, Aug 18, 2022 at 08:53:51PM +0100, Jason McIntyre wrote: >> On Thu, Aug 18, 2022 at 07:29:42PM +, Klemens Nanni wrote: >> > There is dhcpleasectl(8) -l but that only works for currently >> > configured leases/interfaces and does not print

Re: slowcgi, httpd and fastcgi abnormal termination

2022-08-11 Thread Florian Obser
On 2022-08-11 11:39 +02, Claudio Jeker wrote: > On Wed, Aug 10, 2022 at 09:45:44PM +0200, Omar Polo wrote: >> On 2022/08/10 15:07:15 +0200, Claudio Jeker wrote: >> > On Sun, Aug 07, 2022 at 11:10:22AM +0200, Omar Polo wrote: >> > Should slowcgi kill the command if SCRIPT_DONE is not set? >> >>

Re: nd6: Rename is_newentry to newentry

2022-08-04 Thread Florian Obser
On 2022-08-04 14:21 UTC, Klemens Nanni wrote: > This matches the extensive comments and schema for related variables. > No functional change. are you planning to work on ND, or is this just shuffing of deck chairs? When I rewrote source address selection it was worthwhile that blame worked to

slaacd(8): delete autoconf or temporary address on interface flag removal

2022-07-23 Thread Florian Obser
I just fixed the case where autoconf and temporary addresses stayed behind when the interface no longer has inet6 autoconf and inet6 temporary. This deletes addresses when one removes the temporary or autoconf flag but the other one is still set. OK? (This needs rev 1.82 of engine.c to work

Re: nd6: Zap nd6_recalc_reachtm_interval indirection

2022-07-22 Thread Florian Obser
On 2022-07-22 14:27 +02, Claudio Jeker wrote: > On Fri, Jul 22, 2022 at 12:18:34PM +, Klemens Nanni wrote: >> Only used once, so use the macro directly like ND6_SLOWTIMER_INTERVAL >> is used in many places. >> >> OK? > > Is that a value that should be adjustable? I don't think so, this is

Re: Remove support for CH and HS classes from dig(1)

2022-07-18 Thread Florian Obser
On 2022-07-18 14:52 +01, Ricardo Mestre wrote: > Hi, > > I'm too young to ever know there were other types of networks still supported > by > dig(1), but it seems it's a thing. Found while reading [0]. > > Realistically speaking do we want to keep supporting these kind of ancient > networks on

Re: dhcpleased(8): close unneeded bpf FDs

2022-07-14 Thread Florian Obser
On 2022-07-12 14:35 +02, Florian Obser wrote: > When the autoconf flag flaps around we might end up with multiple bpf > FDs in flight. Things then get confusing. The kernel tells us we can > read from the bpf FD but the data is actually "on the other FD", so > read(2

dhcpleased(8): close unneeded bpf FDs

2022-07-12 Thread Florian Obser
When the autoconf flag flaps around we might end up with multiple bpf FDs in flight. Things then get confusing. The kernel tells us we can read from the bpf FD but the data is actually "on the other FD", so read(2) returns 0. Found the hard way by, and patiently debugged with weerd@ One way to

Re: dig(1): SVCB and HTTPS RR types

2022-07-02 Thread Florian Obser
anyone? On 2022-06-25 13:15 +02, Florian Obser wrote: > See https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/ > > $ ./obj/dig @8.8.8.8 +norec _dns.resolver.arpa svcb > > ; <<>> dig 9.10.8-P1 <<>> @8.8.8.8 +norec _dns.resolver.arpa svcb > ;

Re: slaacd(8): state machine rewrite, improved roaming support

2022-07-01 Thread Florian Obser
this one works better on real wifi, which can transition down -> down diff --git engine.c engine.c index db6d619abf1..4703c3ec7c7 100644 --- engine.c +++ engine.c @@ -100,23 +100,13 @@ enum if_state { IF_DOWN, - IF_DELAY, - IF_PROBE, - IF_IDLE, - IF_DEAD, -}; -

nsd 4.6.0

2022-06-30 Thread Florian Obser
OK? diff --git Makefile.in Makefile.in index b6b7eb37570..96d0784f610 100644 --- Makefile.in +++ Makefile.in @@ -81,13 +81,13 @@ MANUALS=nsd.8 nsd-checkconf.8 nsd-checkzone.8 nsd-control.8 nsd.conf.5 COMMON_OBJ=answer.o axfr.o ixfr.o ixfrcreate.o buffer.o configlexer.o configparser.o dname.o

slaacd(8): state machine rewrite, improved roaming support

2022-06-29 Thread Florian Obser
This rewrite was inspired by what we learned in dhcpleased. I find state_transition / timeout split easier to reason about. This also fixes a bunch of bugs, like remove stale IPs / routes / DNS servers when moving from one IPv6 enabled network to another. Tests, comments, OKs? diff --git

Re: snmpd(8): Add rudimentary AgentX support

2022-06-27 Thread Florian Obser
On 2022-06-27 13:32 +02, Martijn van Duren wrote: > For the group-id I went with 92, which was used by _rtadvd. It's one up > from _snmpd and has been used previously by _rtadvd, which should make > it the perfect candidate. According to florian rtadvd never stored > anything on disk and chances

dig(1): no trust

2022-06-26 Thread Florian Obser
A day without a removal diff for dig is a sad day, let's have a happy day! OK? diff --git lib/dns/include/dns/rdataset.h lib/dns/include/dns/rdataset.h index 785821dabf2..26003cfaad4 100644 --- lib/dns/include/dns/rdataset.h +++ lib/dns/include/dns/rdataset.h @@ -86,7 +86,6 @@ struct

dig(1): SVCB and HTTPS RR types

2022-06-25 Thread Florian Obser
uot;, target)); case 63: return (isc_str_tobuffer("ZONEMD", target)); + case 64: + return (isc_str_tobuffer("SVCB", target)); + case 65: + return (isc_str_tobuffer("HTTPS", target)); case 99:

dig(1): remove unused DNS_RDATASETATTR defines

2022-06-25 Thread Florian Obser
OK? diff --git lib/dns/include/dns/rdataset.h lib/dns/include/dns/rdataset.h index a2e86b62055..e2c453adc81 100644 --- lib/dns/include/dns/rdataset.h +++ lib/dns/include/dns/rdataset.h @@ -67,46 +67,6 @@ typedef struct dns_rdatasetmethods { void(*clone)(dns_rdataset_t

dig(1): remove order and order_args

2022-06-25 Thread Florian Obser
We do not order RRsets and we are not interested in partial RRsets. OK? diff --git lib/dns/include/dns/message.h lib/dns/include/dns/message.h index a70720eee39..7f547411bf0 100644 --- lib/dns/include/dns/message.h +++ lib/dns/include/dns/message.h @@ -226,9 +226,6 @@ struct dns_message {

improve unwind memory usage

2022-06-19 Thread Florian Obser
Some time ago (it has been years actually), Otto instrumented malloc(3) to see where unwind is using a lot of memory when it's just sitting there. One of the remaining areas is struct config_file with its member outgoing_avail_ports: if(!(cfg->outgoing_avail_ports = (int*)calloc(65536,

Re: [PATCH] adds -t timeout to slowcgi

2022-06-11 Thread Florian Obser
On 2022-06-10 04:27 -07, Alfred Morgan wrote: >> The connection to upstream (e.g. httpd) is closed so the client gets a 500 >> error. > > Hmm, this isn't my experience. Possibly a slowcgi bug? My clients were > getting no response, e.g.: > curl: (52) Empty reply from server > >> But the script

Re: [PATCH] adds -t timeout to slowcgi

2022-06-09 Thread Florian Obser
On 2022-06-09 01:36 -07, Alfred Morgan wrote: > I think this got missed on misc@ when I posted on 5/24. I'm now > reposting here in tech@ with the [PATCH] subject tag. > > Index: usr.sbin/slowcgi/slowcgi.8 > === > RCS file:

Re: httpd: add include_dir keyword

2022-06-02 Thread Florian Obser
On 2022-06-02 11:04 +02, qorg11 wrote: > This patch addes the "inlcude_dir" keyword for httpd.conf. Which works > just like "include" but it includes all the files in a directory, for > example: include "/etc/httpd.d" > > The diff file is attatched. I don't think we want this functionality.

Re: acme-client: check token names

2022-05-05 Thread Florian Obser
On 2022-05-04 13:21 +0430, Ali Farzanrad wrote: > OK, I've tested following diff on my own domain and it works. > I did 2 modifications: > > 1. I explicitly call setlocate with "C" to ensure C locale, I came to the conclusion that it's best to call setlocale in first thing in main, that's what

Re: acme-client: check token names

2022-05-03 Thread Florian Obser
On 2022-05-03 17:41 +0430, Ali Farzanrad wrote: > > Hi Florian, > > Yes, I read the RFC, it should work, but I couldn't test it yet, because > my domain manager is a little lazy (I've registeret 2 subdomains for my > domain, but it is not listed in name servers yet). I'll probably test > it

Re: acme-client: check token names

2022-05-03 Thread Florian Obser
On 2022-05-02 03:04 +0430, Ali Farzanrad wrote: > Hi tech@, > > I know that acme-client is unveiled properly, but isn't it better to > check token names? Nice catch, the token is untrusted input. We should validate this differently though. RFC 8555, 8.5 HTTP Challenge: token (required,

Re: ssh-keygen(1): resident fido2 keys

2022-05-01 Thread Florian Obser
On 2022-05-01 14:43 +02, Christian Weisgerber wrote: > Florian Obser: > >> Sounds reasonable, this adds the FIDO section and moves the -O bits in. >> The wording is inspired by / copied from the 8.2 release notes and the >> CERTIFICATES section. > > I think

Re: ssh-keygen(1): resident fido2 keys

2022-04-30 Thread Florian Obser
On 2022-04-29 19:24 +01, Jason McIntyre wrote: > what we probably want is a simple overview of these devices in > DESCRIPTION. but that's not simple. the page is already a bruiser. i > mean, it discusses what constitues a good password/phrase! where to go > from there? > > i note that the other

dhcpleased(8): be more lenient with host name and domain name options

2022-04-30 Thread Florian Obser
As found by n18fuhtm AT tutanota.com there are dhcp servers that send a domain name option with length 1 and a single \0. We strip trailing \0 and then end up with length 0. This is a protocol violation, the minimum length for domain name option is 1, and we ignore the lease. So we are not going

ssh-keygen(1): resident fido2 keys

2022-04-29 Thread Florian Obser
So I got a yubikey and I wanted to try fido2 with ssh. I was a bit unsure on how to generate a key (hint: it's just ssh-keygen -t ed25519-sk). So I went and ask the Internet. I ran into some page that suggested that you need to give a ton of options to ssh-keygen, including -o resident without

Re: dhcpleased: Don’t set option 12 if host name is empty

2022-04-25 Thread Florian Obser
On 2022-04-24 20:01 +02, Ibrahim Khalifa wrote: > Hi, > > I ran into an issue with dhcpleased when trying to do pxeboot and automatic > installation when using DHCP Relay on Cisco ASA. > > The problem is when dhcpleased starts for the first time after bsd.rd > is loaded there is no hostname set

Re: pf igmp icmp6 multicast router alert

2022-04-21 Thread Florian Obser
On 2022-04-21 21:10 +02, Alexander Bluhm wrote: > On Thu, Apr 21, 2022 at 08:56:07PM +0200, Otto Moerbeek wrote: >> > Currently it allows all options. Should I make it specific to >> > router alert with IGMP or ICMP6? >> >> To me it looks like the icmp6 case already is limited to MLD? > > The

rad(8): rate limit solicited router advertisements

2022-03-22 Thread Florian Obser
Rate limit router advertisements according to RFC 4861 6.2.6. In all cases, Router Advertisements sent in response to a Router Solicitation MUST be delayed by a random time between 0 and MAX_RA_DELAY_TIME seconds. (If a single advertisement is sent in response to multiple

Re: initial 11ac support for iwm(4)

2022-03-17 Thread Florian Obser
Still works fine on 9260. While playing around with this I noticed something else which is probably not a regression: I have two SSIDs, "normal" and NAT64, they are on the same AP and just come out on different vlans, they use the same channel. They are also on 2.4GHz. Switching between them

Re: initial 11ac support for iwm(4)

2022-03-16 Thread Florian Obser
This works fine on iwm0 at pci1 dev 0 function 0 "Intel Dual Band Wireless-AC 9260" rev 0x29, msix iwm0: hw rev 0x320, fw ver 46.4e1ceb39.0 and iwm0 at pci2 dev 0 function 0 "Intel AC 7260" rev 0x83, msi iwm0: hw rev 0x140, fw ver 17.3216344376.0 against UniFi UAP-AC-SHD and UAP-AC-Pro. I have

nsd 4.4.0

2022-03-14 Thread Florian Obser
Tests, OKs? diff --git usr.sbin/nsd/Makefile.in usr.sbin/nsd/Makefile.in index 8aa40269f2a..e28fc47cd32 100644 --- usr.sbin/nsd/Makefile.in +++ usr.sbin/nsd/Makefile.in @@ -586,7 +586,7 @@ cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h $(srcdir)/tpkg/cutest/ cutest_udbrad.o:

Re: unwind(8): simplify query parsing

2022-03-13 Thread Florian Obser
anyone? On 2022-03-03 19:57 +01, Florian Obser wrote: > parse_packet() is used by unbound(8) to parse response packets, not > queries. There is no need to do all this work just to get access to > the query id and flags. This is what unbound(8) is doing. > > OK? > >

unwind(8): simplify query parsing

2022-03-03 Thread Florian Obser
parse_packet() is used by unbound(8) to parse response packets, not queries. There is no need to do all this work just to get access to the query id and flags. This is what unbound(8) is doing. OK? diff --git frontend.c frontend.c index 6316231f4bf..ac53fc01ef1 100644 --- frontend.c +++

Re: [PATCH] httpd initialize kv structs on stack

2022-03-02 Thread Florian Obser
On 2022-03-01 10:22 -08, j...@bitminer.ca wrote: > Looking at the gz option, I noticed some kv structs allocated on > stack but not fully initialized. Nice catch. > > This patches initializes the kv struct to avoid randomly getting > KV_GLAG_GLOBBING in kv_find depending on stack contents,

Re: unwind(8): use parse_edns_from_pkt

2022-03-01 Thread Florian Obser
anyone had a chance to test this? On 2022-02-24 18:38 +01, Florian Obser wrote: > Upstream renamed parse_extract_edns to > parse_extract_edns_from_response_msg and parse_edns_from_pkt to > parse_edns_from_query_pkt in the upcomming libunbound 1.15.0 > update. Both funktions work

Re: sysupgrade(8): Pick correct firmware directory

2022-02-28 Thread Florian Obser
On 2022-02-28 06:30 -08, Andrew Hewus Fresh wrote: > On Mon, Feb 28, 2022 at 08:27:13AM +0100, Florian Obser wrote: >> On 2022-02-27 21:33 -08, Andrew Hewus Fresh >> wrote: >> > So, sdk@ noticed that sysupgrade didn't get updated for the new logic in >> > the fi

Re: sysupgrade(8): Pick correct firmware directory

2022-02-27 Thread Florian Obser
On 2022-02-27 21:33 -08, Andrew Hewus Fresh wrote: > So, sdk@ noticed that sysupgrade didn't get updated for the new logic in > the firmware directories. Specifically that the only time we use > "snapshots" directory is with -current. The rest of the time, including > during -beta we use the

unwind(8): use parse_edns_from_pkt

2022-02-24 Thread Florian Obser
Upstream renamed parse_extract_edns to parse_extract_edns_from_response_msg and parse_edns_from_pkt to parse_edns_from_query_pkt in the upcomming libunbound 1.15.0 update. Both funktions work equally well for us but it would look weird to use the "from_response_msg" function on the query so

[Wolf] [PATCH] Move warnx into correct place

2022-02-22 Thread Florian Obser
OK florian Start of forwarded message From: Wolf To: m...@openbsd.org Cc: Wolf Subject: [PATCH] Move warnx into correct place Date: Sun, 20 Feb 2022 15:10:16 +0100 Original location caused the line to be printed every time for ec keys. I suspect copy

Re: ping icmp ident collisions

2022-02-18 Thread Florian Obser
On 2022-02-18 12:17 +10, Jonathan Matthew wrote: > The only thing ping uses to determine whether a received icmp echo reply > packet is a > response to one of its requests is the 16 bit icmp ident field. If you ping > enough > stuff at the same time, eventually you'll have two concurrent pings

Re: dhcpleased(8) vs. microsoft dhcp server

2022-02-15 Thread Florian Obser
On 2022-02-15 12:07 -07, "Todd C. Miller" wrote: > On Tue, 15 Feb 2022 20:01:52 +0100, Florian Obser wrote: > > I think you need that to be: > > /* MUST delete trailing NUL, per RFC 2132 */ > slen = dho_len; > while (slen > 0 &&

dhcpleased(8) vs. microsoft dhcp server

2022-02-15 Thread Florian Obser
Jan reported that the microsoft dhcp server sends the domain name option as a C string (i.e. NUL terminated) on-wire. This then ends up in /var/db/dhcpleased/$IF as e.g. domain-name: example.com\^@ which the installer uses to form /etc/myname which then later on smtpd complains about. I'm fresh

Re: adding MIME type for XSLT

2022-02-12 Thread Florian Obser
On 2022-02-11 21:51 UTC, Stuart Henderson wrote: > On 2022/02/11 11:19, Florian Obser wrote: >> I'm wondering if we need to sync, unfortunately the two files are >> not diffable :/ > > easy enough to transform, and the extensions and mimetypes are basically > in sync.

Re: adding MIME type for XSLT

2022-02-11 Thread Florian Obser
On 2022-02-11 02:29 -07, "Anthony J. Bentley" wrote: > Jesse Alama writes: >> XSLT is a well-established XML-based language for stylesheets. It has been ar >> ound since the late 90s; the most recent version was finalized in 2017 (see >> https://www.w3.org/TR/xslt-30/). The mime.types file

Re: IPv6 privacy extensions

2022-01-24 Thread Florian Obser
On 2022-01-24 00:17 +01, Marcel Logen <33327110-0...@ybtra.de> wrote: > Hello, > > since ca. April 2021 I see, that (after boot) no new IPv6 > temporary adresses are created after 900 seconds (15 min). > > The pltime decreases to 900 and then gets a value of 1800. > No new temporary address is

Re: slaacd(8): router lifetime zero vs. prefixes

2022-01-01 Thread Florian Obser
ping On 2021-12-27 17:01 +01, Florian Obser wrote: > Prefix life time is independent from router life time. > Form an IPv6 address even if the router announcing the prefix isn't a > default router. > Problem reported by mgraves AT brainfat.net on misc > > OK? > > diff

Re: dhcpleased(8): host name DHCP option

2022-01-01 Thread Florian Obser
ping On 2021-12-24 10:16 +01, Florian Obser wrote: > Make host name DHCP option configurable. > Diff from ha...@sdf.org, tweaks by me. > > RFC 2132 says a host name must have a lenght of at least 1, so we can > use strlen(h_name) == 0 to not send a host name option at all and h

Re: slaacd: wait for non-tentative link local address

2022-01-01 Thread Florian Obser
ping On 2021-12-27 16:20 +01, Florian Obser wrote: > Wait for the link-local address to become non-tentative. > Otherwise we just end up with an ugly "Can't assign requested address" > error from sendmsg(2). > > OK? > > diff --git frontend.c frontend.c > ind

slaacd(8): router lifetime zero vs. prefixes

2021-12-27 Thread Florian Obser
Prefix life time is independent from router life time. Form an IPv6 address even if the router announcing the prefix isn't a default router. Problem reported by mgraves AT brainfat.net on misc OK? diff --git engine.c engine.c index 81a06cc5528..7a2c11e1bc2 100644 --- engine.c +++ engine.c @@

slaacd: wait for non-tentative link local address

2021-12-27 Thread Florian Obser
Wait for the link-local address to become non-tentative. Otherwise we just end up with an ugly "Can't assign requested address" error from sendmsg(2). OK? diff --git frontend.c frontend.c index b3be6c3fe98..3bbe3656dd3 100644 --- frontend.c +++ frontend.c @@ -75,6 +75,7 @@ struct iface {

dhcpleased(8): host name DHCP option

2021-12-24 Thread Florian Obser
Make host name DHCP option configurable. Diff from ha...@sdf.org, tweaks by me. RFC 2132 says a host name must have a lenght of at least 1, so we can use strlen(h_name) == 0 to not send a host name option at all and h_name == NULL to send the default host name option. OK? diff --git

nsd 4.3.9

2021-12-20 Thread Florian Obser
Trivial update to 4.3.9. The only change is to configparser.y, the rest is fluff. OK? diff --git configparser.y configparser.y index 6642a6f544c..70e54cf21f3 100644 --- configparser.y +++ configparser.y @@ -542,9 +542,9 @@ cpus: /* Users may specify "0 1", "0" "1", 0 1 or a combination

Re: fix ping(8) and traceroute(8) source selection

2021-12-18 Thread Florian Obser
On 2021-12-17 22:12 +01, Denis Fondras wrote: > Here is an attempt to fix ping(8) and traceroute(8) source selection. > > Currently these tools do not obey route sourceaddr set by the operator. This > leads to frustration at best and erroneous diagnosis at worse on multi-homed > systems. I did

dhcpleased(8): keep xid

2021-12-13 Thread Florian Obser
Only generate a new xid on state change. When we first request a lease (INIT or REBOOTING state) we run with very short timeouts. If the dhcp server is slow to respond we already have a new xid and ignore the server's response. This goes on until we increase the timeout high enough. If we just

dhcpleased(8): network byte order for xid

2021-12-13 Thread Florian Obser
Treat xid as a uint32_t in network byte order on the wire. Internally this doesn't matter since we only care about equality. This makes logging output comparable to tcpdump(8). Pointed out by joel@ OK? diff --git engine.c engine.c index 60f81d6f3c8..4fbdf2f16ef 100644 --- engine.c +++ engine.c

dhcpleased(8): use struct assignment

2021-12-13 Thread Florian Obser
Replace struct member assignment with struct assignment to make the code more compact. No binary change (on amd64). OK? Or is there a reason not to do this? diff --git dhcpleased.c dhcpleased.c index c8cc8e14d04..00bbffc1699 100644 --- dhcpleased.c +++ dhcpleased.c @@ -785,16 +785,14 @@

Re: DNS in acme-client

2021-12-13 Thread Florian Obser
021, Florian Obser wrote: >> On 12 December 2021 21:19:21 CET, Jeremie Courreges-Anglas >> wrote: >>> >>>dnsproc.c only returns a single address even if the code pretends to >>>support multiple addresses. This leads to weird behavior in edge cases, >&

Re: DNS in acme-client

2021-12-12 Thread Florian Obser
On 12 December 2021 21:19:21 CET, Jeremie Courreges-Anglas wrote: > >dnsproc.c only returns a single address even if the code pretends to >support multiple addresses. This leads to weird behavior in edge cases, >as experienced by a user on IRC. > >Take a machine with both IPv4 and IPv6

Re: unveil(2) usbhidctl(1)

2021-12-11 Thread Florian Obser
On 2021-12-12 01:52 UTC, Ricardo Mestre wrote: > Hi, > > usbhidctl(1) after hid_start(3) doesn't need to open any more files so we can > restrict all fs access with unveil(2). > > comments? ok? > > Index: usbhid.c > === > RCS file:

Re: dhcpleased - set ciaddr per RFC

2021-12-07 Thread Florian Obser
g dhcp_hdr->xid in host byte order. > > > > .joel > > On Fri, Dec 3, 2021 at 5:21 AM Florian Obser wrote: >> >> Last one, Joel spotted one more bug in the previous one, I was missing >> an assignment to dhcp_server in the ACK case. >> >> This

Re: dhcpleased - set ciaddr per RFC

2021-12-03 Thread Florian Obser
Last one, Joel spotted one more bug in the previous one, I was missing an assignment to dhcp_server in the ACK case. This is a rewrite of the package construction logic to send the correct information in the right states: RFC 2131 4.3.6, Table 4

Re: bsd.upgrade fails `umount /mnt` with a single partition disk.

2021-12-02 Thread Florian Obser
This reads correct. OK florian On 2021-12-02 00:01 -07, "Theo de Raadt" wrote: > Yuichiro NAITO wrote: > >> bsd.upgrade fails and shows following messages with a single partition disk. >> >> ``` >> Force checking of clean non-root filesystems? [no] no >> umount: /mnt: Device busy >> Can't

Re: dhcpleased - set ciaddr per RFC

2021-11-30 Thread Florian Obser
I'm making a fine mess off this :( On 2021-11-25 10:23 -07, Joel Knight wrote: > On Wed, Nov 24, 2021 at 4:46 AM Florian Obser wrote: > >> Thanks, I had indeed missed this. I went through the RFC and found that >> we MUST NOT send the server identifier in rebooting state. Wh

Re: slaacd(8): prevent crash when interface disappears

2021-11-28 Thread Florian Obser
On 2021-11-28 05:13 UTC, Klemens Nanni wrote: > On Thu, Nov 18, 2021 at 09:02:00AM +0100, Florian Obser wrote: >> This might be the crash kn@ was seeing once in a blue moon. > > I somewhat doubt it, since slaacd crashed on my notebook using trunk(4) > over em(4)

Re: slaacd(8): prevent crash when interface disappears

2021-11-27 Thread Florian Obser
anyone? On 2021-11-18 09:02 +01, Florian Obser wrote: > This is split in two for easier review and I also intend to commit it > like this. > > The first diff shuffles setting of if_index around so that it's > available in all switch cases and uses it consistently instead of &

Re: dhcpleased - set ciaddr per RFC

2021-11-24 Thread Florian Obser
On 2021-11-23 21:30 -07, Joel Knight wrote: > On Fri, Nov 19, 2021 at 1:01 PM Joel Knight wrote: >> >> One thing that got missed in the refactor was that the requested-ip >> option should not be set in a RENEWING or BINDING state (or in other >> words, when ciaddr is set). This chunk on top of

Re: asr(3): strip AD flag in responses

2021-11-23 Thread Florian Obser
You could drop "Note that". Either way, OK florian On 23 November 2021 13:39:51 CET, Jeremie Courreges-Anglas wrote: >On Mon, Nov 22 2021, Florian Obser wrote: >> On 2021-11-21 22:21 +01, Jeremie Courreges-Anglas wrote: >>> On Sun, Nov 21 2021, Jeremie Courrege

Re: asr(3): strip AD flag in responses

2021-11-22 Thread Florian Obser
On 2021-11-21 22:21 +01, Jeremie Courreges-Anglas wrote: > On Sun, Nov 21 2021, Jeremie Courreges-Anglas wrote: >> On Sat, Nov 20 2021, Florian Obser wrote: > > [...] > >>>> Index: lib/libc/asr/res_mkquery.c >>>> ===

Re: asr(3): strip AD flag in responses

2021-11-22 Thread Florian Obser
On 2021-11-21 21:34 +01, Jeremie Courreges-Anglas wrote: > On Sat, Nov 20 2021, Florian Obser wrote: >> On 2021-11-20 17:05 +01, Jeremie Courreges-Anglas wrote: >> do you remember why you check for !RES_USE_DNSSEC? >> I'd like to leave it out. > > Fir

Re: acme-client: another trivial accessor conversion

2021-11-21 Thread Florian Obser
I'm not a huge fan of these long if else if chains in this code base, so fine by me. OK On 2021-11-22 00:18 +01, Theo Buehler wrote: > bio->num_write aka BIO_number_written(bio). Straightforward. The main > reason I'm asking is that keeping the two else results in overlong lines > and awkward

Re: asr(3): strip AD flag in responses

2021-11-21 Thread Florian Obser
On 2021-11-20 21:16 +01, Otto Moerbeek wrote: > On Sat, Nov 20, 2021 at 06:44:58PM +0100, Florian Obser wrote: > >> On 2021-11-20 18:41 +01, Florian Obser wrote: >> > On 2021-11-20 18:19 +01, Florian Obser wrote: >> > >> >> +/* >> >> + *

Re: asr(3): strip AD flag in responses

2021-11-20 Thread Florian Obser
On 2021-11-20 18:41 +01, Florian Obser wrote: > On 2021-11-20 18:19 +01, Florian Obser wrote: > >> +/* >> + * Clear AD flag in the answer. >> + */ >> +static void >> +clear_ad(struct asr_result *ar) >> +{ >> +struct asr_dns_header *h; >&g

Re: asr(3): strip AD flag in responses

2021-11-20 Thread Florian Obser
On 2021-11-20 18:19 +01, Florian Obser wrote: > +/* > + * Clear AD flag in the answer. > + */ > +static void > +clear_ad(struct asr_result *ar) > +{ > + struct asr_dns_header *h; > + uint16_t flags; > + > + h = (struct asr_dns_heade

Re: asr(3): strip AD flag in responses

2021-11-20 Thread Florian Obser
On 2021-11-20 17:05 +01, Jeremie Courreges-Anglas wrote: > First, I'm happy to this subject considered again, even if I don't use > DNSSEC these days I think it makes sense to provide this support in libc. > > On Sat, Nov 20 2021, Florian Obser wrote: >> On 2021-11-20 14:40

  1   2   3   4   5   6   7   8   9   >