On 21/10/2023 20:39, Florian Obser wrote:
Which was 8 years ago. I don't understand why you see a change in 7.4.
Anyway, we decided to not clean up control sockets in any of our
privsep daemons because leaving them behind does not cause any issues.
I just noticed it today when I tried to use
Rev 1.140 by florian@ seems to have changed that.
Do not try to unlink the control socket in an unprivileged child
process on shutdown.
Found while working ontame(2) <http://man.openbsd.org/tame.2>.
OK benno@
G
On 21/10/2023 14:41, Kapetanakis Giannis wrote:
After 7.4 relayd does not
After 7.4 relayd does not unlink it's socket
I've added the following but it's probably not enough. unveil?
G
Index: relayd.c
===
RCS file: /cvs/src/usr.sbin/relayd/relayd.c,v
retrieving revision 1.191
diff -u -p -r1.191 relayd.c
Just for the record, I'm running that pf_table patch for almost a month now
without any negative impact on my load balancers.
pfsync/carp/relayd
It also solved my problem with relayd.
However I believe some care should also be taken on relayd part
- do not check statistics on disabled
Hello,
I have a problem with relayd and redirects. If I disable a table, redirect
stays down only for a while.
After a few seconds, redirect gets active again and forwards to the disabled
table.
Same happens for redirect with a backup forward table.
Redirect points momentarily to backup table
Hi,
I've send a bug report in bugs@ with subject "relayd crashing some times"
After I disable all hosts from a redirect, I get random fatal() error
from check_tables() like the one bellow:
pfe: check_table: cannot get table stats for dir-sieve@relayd/dir-sieve:
No such file or directory
On 05/06/2021 21:31, Stuart Henderson wrote:
Sometimes I see authentication errors from ospfd, mainly (though
possibly not entirely always) on a 30 minute cycle, e.g. these log entries
2021-06-03T05:30:04.952Z ospfd[31748]: spf_calc: area 0.0.0.0 calculated
2021-06-03T05:51:43.785Z
On 06/01/2021 12:11, Claudio Jeker wrote:
The dependon statement in ospfd parse.y introduces some troubles since it
holds an empty rule that then conflicts with optnl.
This diff changes dependon into dependon and dependonopt so that in the
place where it is optional dependonopt can be used and
On 06/01/2021 14:02, Claudio Jeker wrote:
The code in ospf6d is a bit broken when it comes to point-to-point links.
This diff fixes this by a) using the neighbor address instead of the unset
interface destination address and by b) matching the incomming packet
against all possible IPs of that
On 29/07/2020 17:43, Klemens Nanni wrote:
> On Wed, Jul 29, 2020 at 05:33:14PM +0300, Kapetanakis Giannis wrote:
>> Wouldn't this break those who already have
>> !route -T2
>>
>> in their hostname.if files?
> No,
>
> $ route -T1 exec id -R
> 1
On 29/07/2020 12:54, Matthieu Herrb wrote:
> Hi,
>
> When I'm configuring an interface with a spécific rdomain, I'd assume
> that '!' commands (especially /sbin/route commands) are executed in
> the rdomain for this interface.
>
> I know that parsing this file is complex and somehow fragile but
On 24/12/2019 00:09, Remi Locherer wrote:
Hi,
this brings support for interface "type p2p" to ospf6d (ospfd got it a few
weeks ago).
The configuration looks like this:
area 0.0.0.0 {
interface em0 {
type p2p
}
}
OK?
Remi
works for me :)
kudos
G
On 17/11/2019 13:44, Remi Locherer wrote:
> Yes, I'll send a separate diff for that later.
>
> OK for the new diff?
Works for me.
G
On 25/10/2019 13:57, Remi Locherer wrote:
> Hi tech@,
>
> earlier this year I sent a diff that allowed to change an interface
> from broadcast to point-to-point.
>
> https://marc.info/?l=openbsd-tech=156132923203704=2
>
> It turned out that this was not sufficient. It made the adjacency
> come up
Hi,
This does not work for me with IOS.
neighbor is full,
rib is ok
fib does not list the routes to IOS and
routing table is not updated on BSD
On IOS I do have the loopback route the BSD is announcing.
G
On 24/06/2019 01:33, Remi Locherer wrote:
> Diff below adds to ospfd point to point
Hi,
By default we have:
# relayctl show
missing argument:
valid commands/args:
summary
hosts
redirects
relays
routers
sessions
On the other hand:
# relayctl host
usage: relayctl [-s socket] command [argument ...]
# relayctl host dis
missing argument:
valid commands/args:
I
sorry setup is different:
- [OB1]- [Cisco_ext_1] ---
[Cisco_int] --| |--- [BGP router]
- [OB2]- [Cisco_ext2_ ]---
G
On 20/04/18 16:20, Remi Locherer wrote:
> On 2018-04-20 14:46, Kapetanakis Giannis wrote:
>> While it does the job for local connected/static networks (on the router),
>> it doesn't do it for forwarded routes which I learn from remote OSPF routers.
>
> LSAs from other ro
On 04/02/18 01:42, Remi Locherer wrote:
> Hi
>
> This adds a new feature to ospfd: depend on interface.
>
> A ospfd.conf using it looks like this:
>
> --%<--
> redistribute default depend on carp0
> area 0.0.0.0 {
> interface em2 { depend on carp0 }
> [...]
> }
> --%<--
>
> This
On 07/02/18 08:38, David Gwynne wrote:
this is a big change to gre, with the main motivation of adding
support for gre keys.
gre keys are supported by the vnetid ioctls, and works much like
vxlan (funny that). by default gre doesnt use a key, but you can
set one and change you mind and remove
On 04/02/18 17:52, Stuart Henderson wrote:
On 2018/02/04 02:56, Kapetanakis Giannis wrote:
On 04/02/18 01:42, Remi Locherer wrote:
Hi
This adds a new feature to ospfd: depend on interface.
If I understand this right, someone could use this combined with pfsync,
to wait for states full sync
On 04/02/18 01:42, Remi Locherer wrote:
Hi
This adds a new feature to ospfd: depend on interface.
A ospfd.conf using it looks like this:
--%<--
redistribute default depend on carp0
area 0.0.0.0 {
interface em2 { depend on carp0 }
[...]
}
--%<--
This router would send out the
On 01/02/18 00:06, Todd C. Miller wrote:
Shouldn't this be:
# Log everything coming from host bastion to a separate file
++bastion /var/log/bastion
*.*
+*
how about
# Log everything coming from host bastion to a separate file
++bastion
Hi,
A problem with our flows and nat-to on the $ext_if is that it exports the
original (private) IP address and not the new-public IP after the translation.
We already have the information about the private IP from the flow on the
$int_if.
Similar problem with rdr-to and PF_OUT.
This diff
On 13/12/17 10:29, Martin Pieuchot wrote:
> On 13/12/17(Wed) 09:54, David Gwynne wrote:
>> im still looking at vlan performance problems, as discussed by mpi@
>> at http://www.grenadille.net/post/2017/02/13/What-happened-to-my-vlan.
>>
>> recently it occurred to me that we're making an implicit
On 28/11/17 17:06, Sebastian benoit wrote:
> Hi,
>
> your diff looks good, but i would rather do it the way bgpd/bgpctl do it:
>
> there the default is /var/run/bgpd.sock. where is the
> routing domain bgpctl is running in. To administer bgpd(8) in a different
> routing domain, run bgpctl
Hi,
On June I've posted a patch about using alternative control socket for relayd
and relayctl.
There was a comment from David Gwynne which was evaluated.
Is it OK to get this is in order to be able to control multiple relayd daemons
on different rdomains?
thanks
Giannis
Index: config.c
On 19/07/17 13:13, Peer Dong wrote:
> Hi Tech,
>
>
> which programming language should i dig on to understand the programming
> codes i am reading.
>
>
> thanks again.
>
> Peerdong.
C
https://en.wikipedia.org/wiki/C_(programming_language)
On 12/07/17 22:00, Jeremie Courreges-Anglas wrote:
The tweak I had in mind: consistently use "ttl" for all the
get/setsockopt calls.
ok?
nice,
you can also replace sizeof(int) to sizeof(ttl) on the else{} block of
case AF_INET6
G
Index: check_icmp.c
On 10/07/17 17:22, Jeremie Courreges-Anglas wrote:
> Using -1 for IPV6_UNICAST_HOPS is correct.
>
> Note that you can also use -1 for IP_TTL on OpenBSD, sadly some systems
> out there don't support it.
>
>> comments?
>
> ok jca@ with the nits below.
>
> It would be nice to factor this out in a
On 23/06/17 11:07, Kapetanakis Giannis wrote:
> On 23/06/17 04:43, David Gwynne wrote:
>>
>>> On 23 Jun 2017, at 01:15, Kapetanakis Giannis <bil...@edu.physics.uoc.gr>
>>> wrote:
>>>
>>> Hi,
>>>
>>> Here is a patch for using al
On 04/07/17 23:56, Sebastian Benoit wrote:
> Florian Obser(flor...@openbsd.org) on 2017.07.04 19:27:15 +:
>> On Fri, Jun 23, 2017 at 01:52:52PM +0300, Kapetanakis Giannis wrote:
>>> Hi,
>>>
>>> Using relayd's redirect/forward on ipv6 addresses I discovered p
Hi,
Using relayd's redirect/forward on ipv6 addresses I discovered problems
relating to setting TTL.
There is no check for address family and setsockopt tries to apply IP_TTL
always.
Without ip ttl on ipv6 table, check_icmp gives
send_icmp: getsockopt: Invalid argument
With ip ttl on ipv6
On 23/06/17 04:43, David Gwynne wrote:
>
>> On 23 Jun 2017, at 01:15, Kapetanakis Giannis <bil...@edu.physics.uoc.gr>
>> wrote:
>>
>> Hi,
>>
>> Here is a patch for using alternative control socket for relayd and relayctl.
>> It's based on ospf
Hi,
Here is a patch for using alternative control socket for relayd and relayctl.
It's based on ospfd. I would like for this to get in order to be able to
control multiple relayd daemons on different rdomains.
regards,
Giannis
Index: relayd.8
Hi,
just a minor change to manual pages of switch daemon.
G
Index: switchd.8
===
RCS file: /cvs/src/usr.sbin/switchd/switchd.8,v
retrieving revision 1.2
diff -u -p -r1.2 switchd.8
--- switchd.8 25 Sep 2016 23:05:29 -
On 12/07/16 02:28, Alexander Bluhm wrote:
> On Mon, Jun 27, 2016 at 05:10:14PM +0300, Kapetanakis Giannis wrote:
>> new version with all changes
>
> I have polished the diff a bit and would like to commit it.
>
> ok?
>
> bluhm
Nice,
One question. S
On 27/06/16 02:02, Alexander Bluhm wrote:
> On Thu, Jun 23, 2016 at 07:52:06PM +0300, Kapetanakis Giannis wrote:
>> On 23/06/16 18:14, Kapetanakis Giannis wrote:
>>> It adds two switches:
>>> -c client_cert_file
>>> -k client_key_file
>
> That's fine.
On 23/06/16 18:14, Kapetanakis Giannis wrote:
Hi,
Following http://marc.info/?l=openbsd-tech=142136923124184=2 which
added TLS client support in syslogd and since now libtls supports
client certificates, this patch adds client's certificate support in
syslogd for mutual authentication
Hi,
Following http://marc.info/?l=openbsd-tech=142136923124184=2 which
added TLS client support in syslogd and since now libtls supports client
certificates, this patch adds client's certificate support in syslogd
for mutual authentication to a remote syslog server.
It is based on code from
Just noticed this typo in tcp_input.c
G
Index: tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.318
diff -u -p -u -p -r1.318 tcp_input.c
--- tcp_input.c 31 Mar 2016 13:11:14 - 1.318
+++
Hi,
This adds manual upgrade instructions for bsd.sp kernels similar to what
upgrade58 did.
Don't want to miss the nice copy & paste for all kind of machines I support.
regards,
Giannis
Index: upgrade59.html
===
RCS file:
42 matches
Mail list logo
