Re: follow up to 'once rule' expiration

2019-07-18 Thread Lawrence Teo
On Thu, Jul 18, 2019 at 09:46:58AM +0200, Alexandr Nedvedicky wrote: > Hello, > > I've just realized my suggestion [1] to lteo@ was not complete. The single > atomic_cas() used as I've suggested is not sufficient measure. The code > should also do a non-atomic test to check, whether the rule is

pf(4) man page: sync with net/pfvar.h

2019-05-22 Thread Lawrence Teo
This syncs the pf(4) man page with the latest net/pfvar.h (r1.490). ok? Index: pf.4 === RCS file: /cvs/src/share/man/man4/pf.4,v retrieving revision 1.91 diff -u -p -r1.91 pf.4 --- pf.418 Feb 2019 13:11:44 - 1.91

Re: use getpwuid_r in doas

2019-05-21 Thread Lawrence Teo
On Tue, May 21, 2019 at 01:07:10PM -0400, Ted Unangst wrote: > I have a coming change which will need to access both the calling user and > target users' passwd entries. In order to accomplish this, we need to switch > to the reentrant flavor of getpwuid. No behaviorial change, but I think this >

Re: tetris: remove unused vars

2019-05-19 Thread Lawrence Teo
On Sun, May 19, 2019 at 02:39:20PM -0400, Jake Champlin wrote: > Revision 1.23 added unveil to tetris, yet left two unused variables in > scores.c > Removes unused vars in scores.c, that were added to tetris.c in v1.23 Fixed, thanks! > Index: scores.c >

acpi_loadtables(): do not assume rsdt exists

2019-05-11 Thread Lawrence Teo
This makes acpi_loadtables() ensure that rsdp->rsdp_rsdt exists before attempting to to use it. ok? Index: acpi.c === RCS file: /cvs/src/sys/dev/acpi/acpi.c,v retrieving revision 1.365 diff -u -p -r1.365 acpi.c --- acpi.c 11

divert(4): increment divs_errors on if_get failure

2019-03-24 Thread Lawrence Teo
This diff modifies divert_packet() to increment the divs_errors counter on if_get failure so that users will be aware of it via netstat(1). The same thing is done for divert6_packet(). While here, it also modifies divert_output() to move m_freem(m) below divstat_inc(divs_errors). This is purely

Re: Zap PF_TRANS_ALTQ

2018-01-20 Thread Lawrence Teo
On Fri, Jan 19, 2018 at 02:18:08PM -0700, Theo de Raadt wrote: > > > On Fri, Jan 19, 2018 at 08:24:23PM +, Stuart Henderson wrote: > > > > To be honest though, unless it's in the way of something, I'm not sure > > > > it's > > > > worth removing. > > > > > > If those constatns are in ports

Zap PF_TRANS_ALTQ

2018-01-18 Thread Lawrence Teo
Nothing uses PF_TRANS_ALTQ anymore, so zap it. ok? Index: pfvar.h === RCS file: /cvs/src/sys/net/pfvar.h,v retrieving revision 1.470 diff -u -p -r1.470 pfvar.h --- pfvar.h 29 Dec 2017 17:05:25 - 1.470 +++ pfvar.h

Explicitly check PF_TRANS_RULESET

2018-01-18 Thread Lawrence Teo
The pf(4) DIOCX{BEGIN,COMMIT,ROLLBACK} calls support two ruleset types: PF_TRANS_RULESET and PF_TRANS_TABLE. However, their switch statements in pf_ioctl.c only check for PF_TRANS_TABLE and do not check PF_TRANS_RULESET at all. This diff adds explicit checks for PF_TRANS_RULESET to those switch

pf.4: sync structs with net/pfvar.h

2017-08-27 Thread Lawrence Teo
This syncs the struct declarations in pf.4 with the latest net/pfvar.h (r1.465 at the time of writing). ok? Index: pf.4 === RCS file: /cvs/src/share/man/man4/pf.4,v retrieving revision 1.87 diff -u -p -r1.87 pf.4 --- pf.430

n_time in trpt(8)

2016-12-21 Thread Lawrence Teo
In 2014, mpi@ substituted n_time, n_long, and n_short with their equivalent u_int_* types throughout the network stack to remove the dependency on : http://marc.info/?l=openbsd-tech=140523875001860=2 As mentioned in his mail, trpt(8) is the only program in userland that uses n_time. The

libpcap: pcap_set_immediate_mode

2016-10-08 Thread Lawrence Teo
This imports pcap_set_immediate_mode() from mainline libpcap, which allows a libpcap-based program to process packets as soon as they arrive. ok? Index: pcap-bpf.c === RCS file: /cvs/src/lib/libpcap/pcap-bpf.c,v retrieving revision

fix openssl(1) prime output

2015-09-12 Thread Lawrence Teo
When the openssl(1) prime command is asked to check the primality of a decimal number, it changes it to hex in the output which is a little confusing: $ openssl prime 976110468996539 377C46DC41DBB is prime The following diff fixes this so that it will always show the original number in the

openssl(1) remove redundant defines

2015-09-09 Thread Lawrence Teo
This diff removes redundant defines in two files. In s_socket.c, SOCKET_PROTOCOL is defined as IPPROTO_TCP, but it's only used once. In s_time.c, NO_SHUTDOWN is always defined, so there is no need for a bunch of NO_SHUTDOWN #ifdef blocks. No binary change. ok? Index: s_socket.c

Re: openssl(1) remove redundant defines

2015-09-09 Thread Lawrence Teo
On Wed, Sep 09, 2015 at 11:17:55AM -0500, Brent Cook wrote: > On Wed, Sep 9, 2015 at 10:15 AM, Todd C. Miller > <todd.mil...@courtesan.com> wrote: > > On Wed, 09 Sep 2015 10:02:17 -0400, Lawrence Teo wrote: > >> In s_time.c, NO_SHUTDOWN is always defined, so there

openssl(1) remove unused defines

2015-09-08 Thread Lawrence Teo
This removes several unused defines in openssl(1). No binary change. ok? Index: ca.c === RCS file: /cvs/src/usr.bin/openssl/ca.c,v retrieving revision 1.9 diff -u -p -u -p -r1.9 ca.c --- ca.c22 Aug 2015 16:36:05 -

Re: 58.html

2015-09-03 Thread Lawrence Teo
I have applied this along with the other amdcf(4) diff you sent, thanks! On Thu, Sep 03, 2015 at 08:41:25PM -0400, Rob Pierce wrote: > href tar and cpio? > > Index: 58.html > === > RCS file: /cvs/www/58.html,v > retrieving revision

Re: [PATCH] pcap manpages

2015-04-06 Thread Lawrence Teo
Committed, thanks. On Mon, Apr 06, 2015 at 07:30:46PM +0200, Jan Stary wrote: Any comments? On Mar 29 22:24:41, h...@stare.cz wrote: The diff below fixes what seem to be errors in pcap.3, either in factuality or markup or grammar. Jan --- pcap.3.orig Sun Mar 29

Re: Minor typo in fread.3

2015-03-04 Thread Lawrence Teo
On Wed, Mar 04, 2015 at 09:08:21PM -0700, Ryan T May wrote: I found a minor typo in the manpage for fread(3). Thanks, Ryan May Fixed, thanks! Index: fread.3 === RCS file: /cvs/src/lib/libc/stdio/fread.3,v retrieving

sys/mbuf.h: tedu m_act

2015-02-08 Thread Lawrence Teo
m_act was the historical name of m_nextpkt, and was already deprecated at the time DI of 4.4BSD was published. Nothing in our tree uses it, so I would like to propose removing it. Both FreeBSD and NetBSD have removed theirs. I have tested this with make build+release. I also partially tested

libpcap use after free

2015-01-14 Thread Lawrence Teo
libpcap has a use after free (found via LLVM). pcap_close() currently looks like this: void pcap_close(pcap_t *p) { if (p-opt.source != NULL) free(p-opt.source); pcap_cleanup_bpf(p); free(p); } The bug affects libpcap programs that enable monitor mode on

bpf(4) man page: update SEE ALSO reference

2015-01-14 Thread Lawrence Teo
The bpf(4) man page's SEE ALSO section lists this as a reference: McCanne, S. and Jacobson, V., An efficient, extensible, and portable network monitor. That paper is most likely an unpublished draft because it can't be found online. The only reference I found to it is in a 1992

tcpdrop usage()

2015-01-09 Thread Lawrence Teo
This diff replaces goto fail in tcpdrop with a proper usage() to be consistent with other programs in the tree. ok? Index: tcpdrop.c === RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v retrieving revision 1.15 diff -u -p -r1.15

Re: tcpdrop freeaddrinfo

2014-12-30 Thread Lawrence Teo
On Tue, Dec 30, 2014 at 07:44:51AM +0100, Claudio Jeker wrote: On Tue, Dec 30, 2014 at 12:00:38AM -0500, Lawrence Teo wrote: tcpdrop makes two getaddrinfo() calls: if ((gaierr = getaddrinfo(laddr1, port1, hints, laddr)) != 0) errx(1, %s port %s: %s, addr1, port1

tcpdrop freeaddrinfo

2014-12-29 Thread Lawrence Teo
tcpdrop makes two getaddrinfo() calls: if ((gaierr = getaddrinfo(laddr1, port1, hints, laddr)) != 0) errx(1, %s port %s: %s, addr1, port1, gai_strerror(gaierr)); if ((gaierr = getaddrinfo(faddr2, port2, hints, faddr)) != 0) {

divert(4) m_pullup

2014-12-15 Thread Lawrence Teo
Make divert_output() do an m_pullup only if truly needed. ok? Index: netinet/ip_divert.c === RCS file: /cvs/src/sys/netinet/ip_divert.c,v retrieving revision 1.31 diff -u -p -r1.31 ip_divert.c --- netinet/ip_divert.c 5 Dec 2014

Re: pcap(3) manpage fixes

2014-12-15 Thread Lawrence Teo
On Fri, Dec 12, 2014 at 03:32:31PM +0100, Ingo Schwarze wrote: Hi Kaspars, Kaspars Bankovskis wrote on Fri, Dec 12, 2014 at 03:22:16PM +0200: Function arguments in synopsis for pcap_inject and pcap_sendpacket are a bit messed up by comma. Types updated from actual code. And some .An

divert(4) icmp length fix

2014-07-12 Thread Lawrence Teo
divert_output() has a basic sanity check to ensure that the m_pkthdr.len for reinjected packets is not shorter than the minimum length based on the protocol: if (p_hdrlen m-m_pkthdr.len off + p_hdrlen) goto fail; off is the length of the IP header, and p_hdrlen is the

Re: ftp(1) User-Agent

2014-07-11 Thread Lawrence Teo
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on feedback from halex@ and deraadt@, I have changed it so that the User-Agent can be set via a -U

Re: ftp(1) User-Agent

2014-07-11 Thread Lawrence Teo
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote: On 07/11/14 17:35, Lawrence Teo wrote: On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based

divert(4) checksum cleanup

2014-07-11 Thread Lawrence Teo
This diff simplifies divert_output() further by removing the csum_flag variable and setting the checksum flag in pkthdr directly (the variable was originally there to help with zeroing the checksum, but we've now determined that zeroing the checksum is unnecessary so that variable is no longer

divert(4) checksum offload

2014-07-09 Thread Lawrence Teo
Packets that are reinjected via a divert(4) socket will have their IP and protocol checksums recalculated, since the userspace application could have modified them. Currently, these checksums are manually recalculated by divert_output(). But now that the new checksum offloading system is in

Re: ftp(1) User-Agent

2014-07-09 Thread Lawrence Teo
About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on feedback from halex@ and deraadt@, I have changed it so that the User-Agent can be set via a -U command-line option instead of an environment variable. I have also fixed a conflict with guenther@'s recent fetch.c

divert(4) without mbuf tags

2014-07-08 Thread Lawrence Teo
The current divert(4) implementation allocates an mbuf tag in pf_test() to store the divert port specified by a divert-packet PF rule. The divert_packet() function then looks up that mbuf tag to retrieve the divert port number before sending the packet to userspace. As far as I can tell, this

tcpdump: fix/improve bad checksum display

2014-06-16 Thread Lawrence Teo
The way tcpdump displays bad checksums is annoyingly inconsistent. Here's an example where tcpdump is showing two packets: one with a bad IP checksum, and another with a bad TCP checksum (emphasis mine): Bad IP checksum 14:38:42.489639 192.168.30.1.20 192.168.30.70.80: S [tcp sum ok] 0:0(0) win

Re: ftp(1) User-Agent

2014-06-13 Thread Lawrence Teo
On Thu, Jun 12, 2014 at 06:32:00PM +0200, Alexander Hall wrote: On June 11, 2014 6:18:19 AM CEST, Lawrence Teo l...@openbsd.org wrote: This diff allows ftp(1) to change the User-Agent for HTTP(S) URL requests via the FTPUSERAGENT environment variable (personally I prefer HTTPUSERAGENT

ftp(1) User-Agent

2014-06-10 Thread Lawrence Teo
This diff allows ftp(1) to change the User-Agent for HTTP(S) URL requests via the FTPUSERAGENT environment variable (personally I prefer HTTPUSERAGENT but FTPUSERAGENT is what's used by ftp(1) on other BSDs). This is useful when fetching URLs that are sensitive to the User-Agent, such as sites

improve divert(4) example program

2014-06-03 Thread Lawrence Teo
Marchetto mich...@openbsd.org +.\ Copyright (c) 2012-2014 Lawrence Teo l...@openbsd.org .\ .\ Permission to use, copy, modify, and distribute this software for any .\ purpose with or without fee is hereby granted, provided that the above .\ copyright notice and this permission notice appear

Re: skip pflog interfaces in pcap_lookupdev()

2014-03-17 Thread Lawrence Teo
On Thu, Aug 08, 2013 at 12:12:39AM -0500, joshua stein wrote: Running tcpdump with no -i arg finds a good interface to listen on by default on many machines, but on my laptop it finds pflog0 before urtwn0. Can we skip pflog interfaces like loopbacks? I got reminded of this diff while working

libpcap: malloc+memset - calloc

2014-03-11 Thread Lawrence Teo
This changes a few malloc()+memset() calls to calloc(). OK? Index: gencode.c === RCS file: /cvs/src/lib/libpcap/gencode.c,v retrieving revision 1.36 diff -u -p -r1.36 gencode.c --- gencode.c 9 Oct 2010 08:14:36 - 1.36

Re: Trivial patch for ipv6

2014-03-09 Thread Lawrence Teo
Committed, thanks! On Sun, Mar 09, 2014 at 06:39:21PM +0100, Alexander Bluhm wrote: OK bluhm@ On Sun, Mar 02, 2014 at 05:45:15AM -0800, Loganaden Velvindron wrote: On Wed, Feb 12, 2014 at 09:11:41PM +0100, Alexander Bluhm wrote: On Wed, Feb 12, 2014 at 10:10:36AM -0800, Loganaden

Re: remove pf_check_congestion()

2014-03-07 Thread Lawrence Teo
On Fri, Mar 07, 2014 at 10:22:59AM -0700, Theo de Raadt wrote: * Ted Unangst t...@tedunangst.com [2014-03-07 07:40]: On Thu, Mar 06, 2014 at 23:56, Lawrence Teo wrote: pf_check_congestion() simply checks if ifq-ifq_congestion is non-zero, and returns 1 or 0 accordingly. It is only

remove pf_check_congestion()

2014-03-06 Thread Lawrence Teo
pf_check_congestion() simply checks if ifq-ifq_congestion is non-zero, and returns 1 or 0 accordingly. It is only called by pf_test_rule(). Since what pf_check_congestion() does is very trivial and pf_test_rule() is its only user, would it make sense to remove it and let pf_test_rule() check

pf_check_proto_cksum(): simplify ICMP checksum verification

2014-01-22 Thread Lawrence Teo
This diff simplifies the verification of ICMP checksums in pf_check_proto_cksum() by letting it use the same in4_cksum() call that is used for TCP and UDP checksums. As a bonus, since in4_cksum() doesn't need that m_data/m_len dance the code becomes much shorter as well. OK? Index: pf.c

tcpdrop(8): check strdup() return values

2014-01-09 Thread Lawrence Teo
This checks the return values of strdup() calls in tcpdrop(8). OK? Index: tcpdrop.c === RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v retrieving revision 1.12 diff -u -p -r1.12 tcpdrop.c --- tcpdrop.c 24 Oct 2013 02:55:50 -

tcpdump: detect bad ICMP checksums (1/2)

2014-01-06 Thread Lawrence Teo
Our tcpdump has the ability to detect bad TCP and UDP checksums with the -v flag, but not ICMP and ICMPv6 checksums. Here are two diffs to let tcpdump detect bad ICMP/ICMPv6 checksums, which should help when debugging issues caused by such checksums. :) The first diff (below) is simply a

Re: in[6]_proto_cksum_out: ICMP checksum fix

2013-10-24 Thread Lawrence Teo
On Fri, Oct 18, 2013 at 03:27:09PM -0400, Lawrence Teo wrote: Back in August I sent a diff to fix ICMP checksum calculation in in_proto_cksum_out() and in_delayed_cksum() in cases where the ICMP checksum field is not in the first mbuf of an mbuf chain (original post at http://marc.info/?l

mbuf(9) man page: document ICMP checksum flags

2013-10-24 Thread Lawrence Teo
Now that the M_ICMP_CSUM_* flags are actually used in the kernel by PF (specifically pf_check_proto_cksum() and pf_cksum()), document them in the mbuf(9) man page. OK? Index: mbuf.9 === RCS file: /cvs/src/share/man/man9/mbuf.9,v

Re: in[6]_proto_cksum_out: ICMP checksum fix

2013-10-19 Thread Lawrence Teo
On Sat, Oct 19, 2013 at 04:43:07PM +0200, Alexander Bluhm wrote: On Fri, Oct 18, 2013 at 03:27:09PM -0400, Lawrence Teo wrote: Back in August I sent a diff to fix ICMP checksum calculation in in_proto_cksum_out() and in_delayed_cksum() in cases where the ICMP checksum field

in[6]_proto_cksum_out: ICMP checksum fix

2013-10-18 Thread Lawrence Teo
@ with the following feedback: On Fri, Aug 09, 2013 at 02:21:29AM +0200, Alexander Bluhm wrote: On Mon, Aug 05, 2013 at 10:28:57AM -0400, Lawrence Teo wrote: Index: ip_output.c === RCS file: /cvs/src/sys/netinet/ip_output.c,v retrieving

pfctl: two fixes when storing a state file

2013-10-07 Thread Lawrence Teo
When storing a state file (pfctl -S statefile), pfctl_state_store() returns without freeing the inbuf pointer. And if the state table is empty, it doesn't close the file before returning. This diff fixes both bugs. OK? Index: pfctl.c

pfctl: only allow once rules in anchors

2013-08-19 Thread Lawrence Teo
This diff ensures that PF one shot rules can only be used inside anchors and not in the main ruleset. OK? Index: sbin/pfctl/parse.y === RCS file: /cvs/src/sbin/pfctl/parse.y,v retrieving revision 1.624 diff -u -p -u -p -r1.624

Re: include netinet/in_var.h in arch/dev

2013-08-07 Thread Lawrence Teo
On Wed, Aug 07, 2013 at 03:39:59AM +0200, Alexander Bluhm wrote: Hi, I have just removed a bunch of useless include netinet/in_var.h from the machine independent drivers. I suspect that they are also not needed in the architecture specific network drivers. Unfortunately I don't have any

in_proto_cksum_out: fix ICMP checksum calculation

2013-08-05 Thread Lawrence Teo
in_proto_cksum_out() currently calculates ICMP checksums like this: hlen = ip-ip_hl 2; icp = (struct icmp *)(mtod(m, caddr_t) + hlen); icp-icmp_cksum = 0; icp-icmp_cksum = in4_cksum(m, 0, hlen, ntohs(ip-ip_len) - hlen); However this won't work if the

in6_delayed_cksum: fix ICMPv6 checksum calculation

2013-08-05 Thread Lawrence Teo
in6_delayed_cksum() incorrectly assumes that the ICMPv6 header or checksum field is in the first mbuf of an mbuf chain before setting it to 0. This diff fixes it. OK? Index: ip6_output.c === RCS file:

pf(4) man page: fix two errors

2013-07-02 Thread Lawrence Teo
This diff fixes two errors on the pf(4) man page: 1. DIOCSETSTATUSIF has not used struct pfioc_if since pf_ioctl.c rev 1.234; it now uses struct pfioc_iface. Since the definition of pfioc_iface is already listed under DIOCIGETIFACES, I moved the description of DIOCSETSTATUSIF below

pf(4) man page: two small fixes

2013-06-01 Thread Lawrence Teo
Here are two small fixes to the pf(4) man page to make pfioc_natlook and pfr_addr match net/pfvar.h. OK? Index: pf.4 === RCS file: /cvs/src/share/man/man4/pf.4,v retrieving revision 1.74 diff -u -p -r1.74 pf.4 --- pf.410

calculating ICMP checksums with in4_cksum()

2013-06-01 Thread Lawrence Teo
Currently, ICMP(v4) checksums are calculated using in_cksum(), which requires the following m_data/m_len dance: hlen = ip-ip_hl 2; m-m_data += hlen; m-m_len -= hlen; icp = mtod(m, struct icmp *); icp-icmp_cksum = 0; icp-icmp_cksum = in_cksum(m,

options(4) man page: bump BUFCACHEPERCENT

2013-05-22 Thread Lawrence Teo
BUFCACHEPERCENT has been set to 20 by default for a while now, so bump it in the options(4) man page accordingly. OK? Index: options.4 === RCS file: /cvs/src/share/man/man4/options.4,v retrieving revision 1.231 diff -u -p -r1.231

tcpdump(8) man page: sync PF reason codes

2013-04-29 Thread Lawrence Teo
This diff syncs the PF reason codes on the tcpdump(8) man page with PFRES_NAMES in net/pfvar.h. OK? Index: tcpdump.8 === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v retrieving revision 1.79 diff -u -p -r1.79 tcpdump.8 ---

divert(4) man page: document recent checksum changes

2013-04-18 Thread Lawrence Teo
This diff documents my recent checksum recalculation changes for divert(4): http://marc.info/?l=openbsd-cvsm=136543514928571w=2 I have also made the text more specific to clarify that divert sockets are only applicable to PF rules with the divert-packet parameter, with an explicit note that it

ftp(1) man page: remove paragraph in BUGS

2013-04-05 Thread Lawrence Teo
The ftp(1) man page has a paragraph in BUGS that warns against using ftp(1) with 4.2BSD servers. I doubt anyone would connect to an 4.2BSD server today, so is there any reason not to remove it? Lawrence Index: ftp.1 === RCS file:

Re: md5: returns 0 when a file does not exist

2013-03-29 Thread Lawrence Teo
On Thu, Mar 28, 2013 at 03:34:50PM +0100, Patrik Lundin wrote: I noticed that md5(1) returns 0 when you target a file that does not exist: = $ md5 foobar md5: cannot open foobar: No such file or directory $ echo $? 0 = This seems wrong according to the man page, and I have

Re: mbuf(9) man page: update checksum flags

2013-03-21 Thread Lawrence Teo
On Thu, Mar 21, 2013 at 04:13:35PM +, Christian Weisgerber wrote: Lawrence Teo l...@openbsd.org wrote: The checksum flags listed in the mbuf(9) man page do not match the ones in mbuf.h. In addition, the m_pkthdr.csum variable name should be m_pkthdr.csum_flags. The following

Re: PF divert(4) bugfix: recalculate checksums on packet reinjection

2013-03-13 Thread Lawrence Teo
On Mon, Mar 04, 2013 at 11:37:32PM -0500, Lawrence Teo wrote: Brief background: divert(4) sockets can be used to send packets to a userspace program. The program can inspect the packets and decide to either reinject them back into the kernel or drop them. According to the divert(4) man page

PF divert(4) bugfix: recalculate checksums on packet reinjection

2013-03-04 Thread Lawrence Teo
Brief background: divert(4) sockets can be used to send packets to a userspace program. The program can inspect the packets and decide to either reinject them back into the kernel or drop them. According to the divert(4) man page, The packets' checksums are recalculated upon reinjection. This

dhclient(8): check strdup() return values in bind_lease()

2013-01-12 Thread Lawrence Teo
The bind_lease() function has several strdup() calls for the domainname and nameservers variables, but their return values are not checked. In my tests, dhclient won't crash even if these strdup() calls return NULL; however, if one of those variables become NULL as a result, the search or

Re: dhclient(8): fix segfault if calloc()/strdup() return NULL

2012-12-16 Thread Lawrence Teo
On Thu, Dec 13, 2012 at 12:07:42PM +0100, Joerg Zinke wrote: Am 11.12.2012 um 04:12 schrieb Lawrence Teo l...@openbsd.org: There are a number of calloc() and strdup() calls in the apply_defaults() and clone_lease() functions whose return values are not checked. If they happen to return

tcpdump: ensure priv_pcap_live() returns NULL if no device

2012-11-05 Thread Lawrence Teo
In the unlikely event that a NULL device is passed to the priv_pcap_live() function, it will just set the error buffer and continue, causing a segfault. The diff below fixes this bug by ensuring that the function returns NULL in this situation. Comments/OK? Lawrence Index: privsep_pcap.c

pflogd(8): two if_exists() fixes

2012-11-03 Thread Lawrence Teo
Quick background: In pflogd(8), the if_exists() function tests if a given pflogX interface exists. It returns 1 (if it exists) or 0 (if not). This diff fixes two issues with if_exists(): 1. if_exists() opens a socket to test the pflogX interface exists. If the interface does not exist, the

Move pcap-filter(3) man page to section 7

2012-08-30 Thread Lawrence Teo
I think the current pcap-filter(3) man page belongs in section 7, since it does not describe library functions like the other man pages in section 3. It is more similar to the man pages in section 7. The mainline libpcap's source distribution will try to install the pcap-filter man page in

Re: ftp(1) usage/man page HTTP Basic authentication tweaks

2012-08-20 Thread Lawrence Teo
Here's a revised version of the diff that was done with a lot of discussion with and help from jmc@. This is what the diff does: * In both usage and the man page synopsis, combine the http and https usage formats into the following so that it is less verbose: ftp [-C] [-c cookie] [-o

tcpdump(8) man page: don't send bug reports to mainline

2012-08-20 Thread Lawrence Teo
We maintain our own tcpdump, so remove the sentence in the BUGS section that asks users to send bug reports to mainline tcpdump. While here, fix the following mandoc -Tlint warnings: tcpdump.8:603:2: WARNING: skipping paragraph macro tcpdump.8:610:2: WARNING: skipping paragraph macro ok?

ftp(1) usage/man page HTTP Basic authentication tweaks

2012-08-14 Thread Lawrence Teo
This is a small follow-up diff to haesbaert@'s recent commit that enables HTTP Basic authentication in ftp(1): * In the AUTO-FETCHING FILES section of the ftp(1) man page, describe what [user:password@] does when used with HTTP and HTTPS URLs. * Fix usage formatting to match man page SYNOPSIS

Re: vmt ref vmwh

2012-08-13 Thread Lawrence Teo
On Mon, Aug 13, 2012 at 09:07:52AM +0200, David Coppa wrote: On Sun, Aug 12, 2012 at 11:34 PM, Ingo Schwarze schwa...@usta.de wrote: Hi Ted, Ted Unangst wrote on Tue, Jul 24, 2012 at 08:57:59PM -0400: The vmwh package is very handy, but somewhat hard to discover. Can we add a little

Re: vmt ref vmwh

2012-08-13 Thread Lawrence Teo
On Mon, Aug 13, 2012 at 04:06:28PM +0100, Stuart Henderson wrote: On 2012/08/13 10:51, Lawrence Teo wrote: OK for me as well; I prefer the version that spells out the port name as sysutils/vmwh We direct users towards packages not ports. Good point.. thank you, I need to remember

Re: Mention RFC 6106 in rtadvd.conf(5) SEE ALSO section

2012-07-23 Thread Lawrence Teo
On Sun, Jul 22, 2012 at 09:42:03PM -0400, Brad Smith wrote: Mention RFC 6106 in the rtadvd.conf(5) man pages SEE ALSO section. OK Index: rtadvd.conf.5 === RCS file: /home/cvs/src/usr.sbin/rtadvd/rtadvd.conf.5,v retrieving

Re: pfctl: make -P work with -ss

2012-07-08 Thread Lawrence Teo
On Thu, May 31, 2012 at 12:07:18AM -0400, Lawrence Teo wrote: pfctl's -P flag (introduced in OpenBSD 5.1) makes pfctl print ports using their names in /etc/services. It was originally intended to be used with -sr. The diff extends it to make it work with -ss. Example: # pfctl -P -ss

Re: [s...@cd80.net: Re: rtadvd(8) patch 2/2 : finalize server-side RFC 6106 support]

2012-07-07 Thread Lawrence Teo
On Sat, Jul 07, 2012 at 03:17:30PM +0200, Matthieu Herrb wrote: On Sat, Jul 07, 2012 at 12:47:32PM +0200, Peter Hessler wrote: ressurecting an old patch. OK from me, anyone else? With my sysadmin-deplying-IPv6-at-my-dayjob hat, I'd love to see that go in, but I can't test it before

wbsio: Add support for Winbond W83627UHG

2012-06-28 Thread Lawrence Teo
This diff adds support for the Winbond W83627UHG chip, as found on the Lanner FW-7539 appliance. This diff was ported from DragonFly BSD: http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/245ec76bc1613b22cf282526fa9931e4c16e4237 Here is the sysctl hw.sensors output on that Lanner

ssl(8) man page: miscellaneous fixes

2012-06-14 Thread Lawrence Teo
This diff fixes a few grammar/punctuation issues and missing words on the ssl(8) man page. I have also added some text to make it flow better. ok? Index: ssl.8 === RCS file: /cvs/src/share/man/man8/ssl.8,v retrieving revision 1.50

nginx.conf SSL file locations

2012-06-14 Thread Lawrence Teo
This diff modifies the default ssl_certificate and ssl_certificate_key values in nginx.conf to match the ssl(8) man page. ok? Index: nginx.conf === RCS file: /cvs/src/usr.sbin/nginx/conf/nginx.conf,v retrieving revision 1.3 diff -u

pfctl: make -P work with -ss

2012-05-30 Thread Lawrence Teo
pfctl's -P flag (introduced in OpenBSD 5.1) makes pfctl print ports using their names in /etc/services. It was originally intended to be used with -sr. The diff extends it to make it work with -ss. Example: # pfctl -P -ss all tcp 192.168.6.7:ssh (172.16.88.25:6688) - 172.16.88.22:49622

inet(3) man page: remove extra verbiage

2012-05-30 Thread Lawrence Teo
The inet(3) man page has always felt messy to me, where the words function and routine are used interchangeably to describe the various functions in inconsistent ways. This extra verbiage makes it somewhat harder to look up the descriptions of functions. Since it is understood that this man page

Re: pkg_add/pkg_delete: include PID in syslog messages

2012-05-28 Thread Lawrence Teo
On Mon, Mar 19, 2012 at 12:50:12PM +0100, Marc Espie wrote: On Wed, Mar 07, 2012 at 12:31:48AM -0500, Lawrence Teo wrote: This simple diff makes pkg_add and pkg_delete include their PID when logging to syslog. This is useful when trying to determine whether several packages were added

Latest libpcap 1.2.0 diff (2012-05-11)

2012-05-15 Thread Lawrence Teo
I sent a diff to update libpcap in base in November 2011 [1]. Here's the latest version that fixes a bug I found after running regression tests on all pcap-based ports in the ports tree. If anyone would like to test the diff, the programs in base that link to libpcap and would also require

Re: Latest libpcap 1.2.0 diff (2012-05-11)

2012-05-15 Thread Lawrence Teo
On Tue, May 15, 2012 at 08:06:43PM +0100, Stuart Henderson wrote: On 2012/05/15 14:19, Lawrence Teo wrote: If anyone would like to test the diff, the programs in base that link to libpcap and would also require testing are: - /usr/libexec/spamlogd - /usr/sbin/pppd - /usr/sbin/tcpdump

sha1(1) man page: recommend sha256(1) instead

2012-05-07 Thread Lawrence Teo
This diff changes the sha1(1) man page to recommend the use of sha256(1). It uses language that is similar to the md5(1) man page. Thoughts? Lawrence Index: sha1.1 === RCS file: /cvs/src/bin/md5/sha1.1,v retrieving revision 1.29

cron: fix incorrect error message

2012-05-07 Thread Lawrence Teo
This diff fixes the error message for one of the log_it() calls in cron (was probably a pasto). While here, also fix the style for two other log_it() calls. Lawrence Index: cron.c === RCS file: /cvs/src/usr.sbin/cron/cron.c,v

Re: tcpbench: crash with -n and -b

2012-05-04 Thread Lawrence Teo
On Fri, May 04, 2012 at 11:34:02PM +0200, Erik Lax wrote: Hi, I noticed that tcpbench sometimes crashes when using -n and -b combined, this is because of a double-free in the client initialization loop. This is consistently reproducible for me, if I run tcpbench -s in one session and

Re: pfctl: fix printing of 'foo/*' anchors

2012-04-27 Thread Lawrence Teo
On Fri, Apr 27, 2012 at 12:45:01PM +0100, Stuart Henderson wrote: On 2012/04/27 00:51, Lawrence Teo wrote: The diff below fixes pfctl so that it will show the 'authpf/*' anchor as intended: This is extremely useful for relayd/ftp-proxy too. I agree. I bumped into this bug while writing

pfctl: remove redundant check

2012-04-26 Thread Lawrence Teo
This diff removes a redundant check from the pfctl_show_rules() function. There is no functional change, and pfctl still passes all regression tests with this change. Comments? Lawrence Index: pfctl.c === RCS file:

pfctl: fix printing of 'foo/*' anchors

2012-04-26 Thread Lawrence Teo
The pfctl(8) man page says: By default, recursive inline printing of anchors applies only to unnamed anchors specified inline in the ruleset. If the anchor name is terminated with a `*' character, the -s flag will recursively print all anchors in a brace delimited block. For

Re: ftp(1): new -s flag to specify source IP address

2012-04-24 Thread Lawrence Teo
On Wed, Apr 18, 2012 at 11:58:26PM -0400, Lawrence Teo wrote: This diff adds a -s flag to ftp(1) to let the user specify the source IP address of the connection. This is useful when using ftp(1) over VPN tunnels or when an alternate source IP is required to fetch a file from a FTP/HTTP/HTTPS

Re: ftp-proxy(8): ensure nat_range_high is defined in add_nat()

2012-04-19 Thread Lawrence Teo
On Wed, Apr 18, 2012 at 11:36:49PM -0400, Lawrence Teo wrote: This simple diff adds a check to the add_nat() function in ftp-proxy(8) to ensure that nat_range_high is defined before proceeding to create the PF NAT rule. I think the original author may have intended to do this since

ftp-proxy(8): ensure nat_range_high is defined in add_nat()

2012-04-18 Thread Lawrence Teo
This simple diff adds a check to the add_nat() function in ftp-proxy(8) to ensure that nat_range_high is defined before proceeding to create the PF NAT rule. I think the original author may have intended to do this since there is an existing check for nat_range_low. Technically, all calls to

inet(3) man page: reorganize for better readability

2012-04-18 Thread Lawrence Teo
The inet(3) man page has always been rather difficult to read for me, primarily because the order of the inet_* functions in the DESCRIPTION section is not the same as their order in SYNOPSIS. In addition, the descriptions of various functions are grouped together in large paragraphs, making it

ftp(1): new -s flag to specify source IP address

2012-04-18 Thread Lawrence Teo
This diff adds a -s flag to ftp(1) to let the user specify the source IP address of the connection. This is useful when using ftp(1) over VPN tunnels or when an alternate source IP is required to fetch a file from a FTP/HTTP/HTTPS server due to access control policies. The -s flag is present in

pkg_add/pkg_delete: include PID in syslog messages

2012-03-06 Thread Lawrence Teo
This simple diff makes pkg_add and pkg_delete include their PID when logging to syslog. This is useful when trying to determine whether several packages were added (or removed) by the same pkg_add (or pkg_delete) process. Here is some sample output: Mar 3 22:15:17 obsd-amd64 pkg_add[3530]:

Re: request for the inclusion of the pcap-filter manpage

2012-03-04 Thread Lawrence Teo
On Mon, Mar 05, 2012 at 12:43:07AM +0100, Ingo Schwarze wrote: http://www.manpagez.com/man/7/pcap-filter/ http://www.tcpdump.org/release/libpcap-1.2.1.tar.gz Please consider adding it to the distribution. From cursory inspection, it looks like OpenBSD is using a fork of libpcap 0.4 or

  1   2   >