Re: [diff] usr.sbin/smtpd add missing includes

2021-10-17 Thread Philipp
[2021-10-18 11:09] Jonathan Gray > On Sun, Oct 17, 2021 at 04:23:50PM +0200, Philipp wrote: > > Hello > > > > I'm currently working on getting OpenSMTPD-portable build. During this > > I found some missing includes. > > It would help if you could descr

smtpd workarounds for KAME sin6_scope_id

2021-10-17 Thread Philipp
for this problem? Philipp

[diff] usr.sbin/smtpd add missing includes

2021-10-17 Thread Philipp
Hello I'm currently working on getting OpenSMTPD-portable build. During this I found some missing includes. diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 7de52a1c568..b1307c4daa6 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -28,6 +28,8 @@ #include

Re: DANE in libressl?

2021-08-29 Thread Peter J. Philipp
out there is doing this already right? Best Regards, -peter > Peter J. Philipp wrote: > > > Hi, > > > > I was wondering if anyone has wanted to implement DANE functions into > > OpenBSD? > > And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if

DANE in libressl?

2021-08-29 Thread Peter J. Philipp
Hi, I was wondering if anyone has wanted to implement DANE functions into OpenBSD? And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd be on someones toes here, if I start implementing... With unwind we can make use of things such as DANE due to validation of DNSSEC.

Re: list hyperv features in dmesg

2021-06-14 Thread Peter J. Philipp
On Mon, Jun 14, 2021 at 01:19:21PM -0700, Chris Cappuccio wrote: [..] > If you're going to print flags for some unsupported features, why > not print them all? > > The 'features3' line doesn't look clean > > Typically uppercase flags like this are formatted like OK in this next patch (below)

list hyperv features in dmesg

2021-06-14 Thread Peter J. Philipp
Hi, I may be interested in looking into hyperv since I have a MS Windows Server 2019 machine that has a hyper-v running OpenBSD (half the resources). I have two things that would need my attention 1. the time doesn't jump when I patch the host OS and reboot, hyperv guest gets snapshotted at boot

Re: uwacom: reduce tip pressure for click activation

2021-06-03 Thread Peter J. Philipp
On Thu, Jun 03, 2021 at 09:23:16PM +0200, Stefan Hagen wrote: > Peter J. Philipp wrote: > > On Thu, Jun 03, 2021 at 08:06:06PM +0200, Stefan Hagen wrote: > >> Which one? > > > > It didn't say in the dmesg if I recall correctly, luckily I found the > > packaging.

Re: uwacom: reduce tip pressure for click activation

2021-06-03 Thread Peter J. Philipp
On Thu, Jun 03, 2021 at 08:06:06PM +0200, Stefan Hagen wrote: > Peter J. Philipp wrote: > > > I have a Wacom Intuos. > > Which one? It didn't say in the dmesg if I recall correctly, luckily I found the packaging. CTL-490 DW-S. > > I found that I could no

Re: uwacom: reduce tip pressure for click activation

2021-06-03 Thread Peter J. Philipp
On Thu, Jun 03, 2021 at 05:10:57PM +0200, Stefan Hagen wrote: > Hi, > > I'm using a Wacom CTL-490 to draw on virtual whiteboards in online > meetings. Hi, I tried your patch and got rejections, though I was able to fix it. I have a Wacom Intuos. I found that I could not write anything as good

Re: macppc bsd.mp pmap's hash lock

2021-05-19 Thread Peter J. Philipp
[cross posting this to ppc@] On Wed, May 19, 2021 at 12:27:51AM -0400, George Koehler wrote: > On Thu, 13 May 2021 02:20:45 -0400 > George Koehler wrote: > > > My last diff (11 May 2021) still has a potential problem with memory > > barriers. I will mail a new diff if I think of a fix. > >

Re: httpd with rdomain

2021-05-17 Thread Peter J. Philipp
On Mon, May 17, 2021 at 05:55:00PM +0200, Claudio Jeker wrote: [..] > > Granted I did not test it with a difficult config. And I advise any > > committer > > to test this fully before trusting my code. For me it's better than using > > route and starting httpd twice, though. > > > > I don't

httpd with rdomain

2021-05-17 Thread Peter J. Philipp
Hi, I found myself wanting this, this morning. I made a patch but then I put it in the wrong spot, and noticed it needed rewriting of SERVER in parse.y. Later in the day I found myself looking into this, and a better patch came out of it. It works on a simple setup for me (mind the censored

Re: [PATCH v3 (resend)] tee: Add -q, --quiet, --silent option to not write to stdout

2021-01-25 Thread Philipp-Joachim Ost
> > echo 'foo' | sudo tee /etc/foo >/dev/null; Why don't you just do echo foo > /etc/foo or sudo sh -c 'echo foo > /etc/foo' ? I don't normally use sudo, so there might be some better way of using it. Kind regards, Philipp

explicit_bzero csalt

2021-01-21 Thread Peter J. Philipp
Hi, On IRC, someone and I were arbitrarily going through bcrypt.c and I noticed the following resulting from bcrypt_newhash(): int bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) { char salt[BCRYPT_SALTSPACE]; if (bcrypt_initsalt(log_rounds, salt,

Re: acme-client(1): backup certs

2021-01-02 Thread Peter J. Philipp
On Sat, Jan 02, 2021 at 05:10:01PM -0600, Chris Bennett wrote: > On Sat, Jan 02, 2021 at 05:23:11PM +0100, Florian Obser wrote: > > > > Create .1 backup files when acme-client is going to overwrite a > > certificate file. > > > > This files are not terribly big and it's convenient to keep one >

Re: AUDIORECDEVICE environment variable in sndio lib

2020-11-18 Thread Peter J. Philipp
Sorry I apologize, I had my kern.audio.record set to 0. It works for me. *red faced* -peter On Wed, Nov 18, 2020 at 04:12:25PM +0100, Peter J. Philipp wrote: > On Wed, Nov 18, 2020 at 11:00:17AM +0100, Alexandre Ratchov wrote: > > Thanks; semarie suggested a similar diff,

Re: AUDIORECDEVICE environment variable in sndio lib

2020-11-18 Thread Peter J. Philipp
On Wed, Nov 18, 2020 at 11:00:17AM +0100, Alexandre Ratchov wrote: > Thanks; semarie suggested a similar diff, so below is an attempt to > take into account all the suggestions: > > - add AUDIOPLAYDEVICE, to handle play-only devices as well. We've the > very same problem for them. > > - use

Re: AUDIORECDEVICE environment variable in sndio lib

2020-11-17 Thread Peter J. Philipp
On Tue, Nov 17, 2020 at 05:09:28PM +, Stuart Henderson wrote: > On 2020/11/17 17:13, Peter J. Philipp wrote: > > Hi, > > > > I have a mic on snd/1 and speakers on snd/0. I had tried a lot of different > > settings with audacity port but couldn't get this to work

AUDIORECDEVICE environment variable in sndio lib

2020-11-17 Thread Peter J. Philipp
Hi, I have a mic on snd/1 and speakers on snd/0. I had tried a lot of different settings with audacity port but couldn't get this to work, so I chose the method of last resort. Below is a patch to allow an AUDIORECDEVICE environment variable specifying the wanted microphone. -peter Index:

Re: Fwd: explicit_bzero vs. alternatives

2020-08-11 Thread Philipp Klaus Krause
think a broader approach could work. In general, the standard is only concerned with state observable in the C abstract machine. Everything else can only be hinted at (e.g. via volatile or something like bzero/memset_explicit, etc). Philipp

Re: ssh(1), getrrsetbyname(3), SSHFP and DNSSEC

2020-07-29 Thread Peter J. Philipp
On Wed, Jul 29, 2020 at 05:42:16PM +0200, Florian Obser wrote: > > First you mention fallback to DHCP-learned resolvers. Those you should > > probably not trust indeed, but it looks like unwind(8) attempts to use > > them to perform its own validation. So the value of the AD flag in > >

Re: ssh(1), getrrsetbyname(3), SSHFP and DNSSEC

2020-07-17 Thread Peter J. Philipp
On Fri, Jul 17, 2020 at 11:45:22PM +0200, Jesper Wallin wrote: > Thoughts? > > > Yours, > Jesper Wallin I found this very interesting. Too bad you didn't quote any RFC's that support this behaviour because RFC 4033 says you shouldn't set the AD bit in a query, RFC 4035 says something similar,

DNS options for sppp(4)

2020-07-06 Thread Peter J. Philipp
Hello, This is an old patch from Gerhard Roth, and mpf@ dating back to 2007. Please see: https://marc.info/?l=openbsd-tech=134943767022961=2 I contacted Gerhard who said instead of begging for this I should make it IPv6 capable. So I tried and nearly flooded my ISP off the net (sorry), it

Re: powerpc: mplock & WITNESS

2020-04-10 Thread Peter J. Philipp
On Thu, Apr 09, 2020 at 10:58:29PM -0400, George Koehler wrote: > In the trace, #0 and #1 are wrong, but the rest of the trace looks > good enough for WITNESS. I added an artificial lock order reversal to > ums(4) for WITNESS to catch. I got this trace, > > #0 0xe4d764 > #1

Re: powerpc: mplock & WITNESS

2020-04-09 Thread Peter J. Philipp
On Thu, Apr 09, 2020 at 01:08:12PM +0200, Martin Pieuchot wrote: > On 09/04/20(Thu) 12:20, Peter J. Philipp wrote: > > It's April 9th for me, so no chance for April 1st things. Both patches > > didn't > > boot (they loaded on ofwboot though) for me. I assume you wan

Re: powerpc: mplock & WITNESS

2020-04-09 Thread Peter J. Philipp
It's April 9th for me, so no chance for April 1st things. Both patches didn't boot (they loaded on ofwboot though) for me. I assume you wanted me to enable WITNESS option which I did. The kernel did not print anything so it must have done something before openfirmware... I'm going to check out

arm64 mainbus.c patch

2020-04-09 Thread Peter J. Philipp
Hi, While code-reading the riscv64 port (which leans on some arm64 code), I have found a small gotcha in /sys/arch/arm64/dev/mainbus.c. The patch is self explanatory and leans on the fix from simplebus.c line 210. Index: mainbus.c

patch for dump for high percentages

2020-02-29 Thread Peter J. Philipp
Hi, I have a patch for dump(8) if it is generally considered bad if percentage done is over 100.0%. I checked the archives on marc.info for this and didn't see any discussion whether this was a topic before. Here is the odd DUMP message I got on a host: DUMP: 102.41% done, finished in 0:00

Re: add DIOCRADDADDRS ioctl to kern_pledge pf

2020-01-14 Thread Peter J. Philipp
On Tue, Jan 14, 2020 at 11:05:38AM -0700, Theo de Raadt wrote: > Some of the pledges (such as "pf") exist to support a cluster of > programs -- not just 1 program -- and improve their security by limiting > what they can do. So that when the program gets subverted due something > on it's input,

add DIOCRADDADDRS ioctl to kern_pledge pf

2020-01-14 Thread Peter J. Philipp
Hi, I'm in the process of building a program that adds IP addresses to a table, from the network, It is HMAC'ed. I was stopped by a pledge, it seems it was not configured. Here is the ktrace snippet: 40051 table-server CALL open(0xbb705fb11f6,0x2) 40051 table-server NAMI "/dev/pf" 40051

Re: man.cgi(8): turn off HTML5 autocomplete for the query input field

2020-01-10 Thread Philipp Buehler
Am 10.01.2020 15:58 schrieb Tim Baumgard: I found out that Apple requires nonstandard [1] attributes to fully The other day nonstandard "gave" us javascript around the globe... Cheers for putting this one in, was really kinda PITA and I didn't know about this attribute. -- pb

Re: ntpd is too noisy about 'DNS lookup tempfail' on IPv6 only hosts

2019-11-06 Thread Peter J. Philipp
On Wed, Nov 06, 2019 at 11:30:32AM +0100, Florian Obser wrote: > > @@ -94,7 +95,7 @@ host_dns1(const char *s, struct ntp_addr > > struct ntp_addr *h, *hh = NULL; > > > > memset(, 0, sizeof(hints)); > > - hints.ai_family = AF_UNSPEC; > > + hints.ai_family = (test_v4_gw() == 0)

ntpd is too noisy about 'DNS lookup tempfail' on IPv6 only hosts

2019-11-05 Thread Peter J. Philipp
Hi, I have an IPv6 only host arrowhead.ip6.centroid.eu, that has very noisy: Oct 29 09:12:48 arrowhead ntpd[18744]: DNS lookup tempfail Oct 29 09:21:45 arrowhead last message repeated 2 times in fact: arrowhead# grep 'DNS lookup tempfail' /var/log/daemon | wc -l 1354 This is because the

Re: ppppoe octeon kernel panic .6.6

2019-10-24 Thread Peter J. Philipp
Hi Miod, Thanks for helping. With this patch unfortunatly I still get a trap 2 on my small unifi security gateway which I pulled out again to test your patch. ---> cnmac0: 192.168.177.35 lease accepted from 192.168.177.1 (24:a4:3c:06:9f:16) pppoe0: received unexpected PADO pppoe0: host

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
+0200, Janne Johansson wrote: > Den ons 23 okt. 2019 kl 09:15 skrev Peter J. Philipp : > > > Hi Holger & Tech, > > > > I have made my octeon router work again and I have a patch. > > > > > Truncated it a lot, leaving the things I reacted on: > > >

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
On Wed, Oct 23, 2019 at 11:18:11AM +0200, Martin Pieuchot wrote: > On 23/10/19(Wed) 08:43, Peter J. Philipp wrote: > > Hi Holger & Tech, > > Hello Peter, > > > I have made my octeon router work again and I have a patch. But I'm not an > > openbsd developer, nor

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
On Wed, Oct 23, 2019 at 08:21:50AM +0200, Holger Glaess wrote: > hi > > > here the traceback , i hope ;) Hi Holger & Tech, I have made my octeon router work again and I have a patch. But I'm not an openbsd developer, nor is this patch official in any way. It was a lot of debugging and

Re: sysupgrade: select sets to install

2019-07-12 Thread Philipp Buehler
Am 10.07.2019 20:18 schrieb Theo de Raadt: Ofcourse there are also custom sets, like site${VERSION}-*.tgz . Which is something to keep in mind. Yeah, we could delete support for that entirely Those of you so used to pushing buttons and requiring special features used by a limited subset of

Re: if_pppoe.c patch

2019-01-20 Thread Peter J. Philipp
On Sun, Jan 20, 2019 at 12:56:22PM +, Stuart Henderson wrote: > On 2019/01/18 10:59, Peter J. Philipp wrote: > > I have "covered" up PPPoE Session ID's from users because it is a value that > > is only gotten on the Data Link layer and historically non-root users did

if_pppoe.c patch

2019-01-18 Thread Peter J. Philipp
I have "covered" up PPPoE Session ID's from users because it is a value that is only gotten on the Data Link layer and historically non-root users did not have access to that. It really is a value that doesn't concern them. I have wrapped the display with a suser() conditional. The magic value

handling of magic number in LCP echo replies

2019-01-18 Thread Peter J. Philipp
Hi, I'd like to get some help determining if this is a problem per se. In /sys/net/if_spppsubr.c lines 1323-1327 the nmagic is assembled and checked against sp->lcp.magic, and if it doesn't match then it does something weird. It resets the sp->pp_alivecnt to 0. This to me does nothing much

Re: nice side-effect, but rebound doesn't play

2018-07-14 Thread Peter J. Philipp
in theory my request is right and it would be cool to have multiple nameserver entries that it reads from the resolv.conf and then tries. (Oh noI'm a feature creep!) Apologies, -peter On Sat, Jul 14, 2018 at 07:24:09AM +0200, Peter J. Philipp wrote: > Hi, > > Yesterday I was messing with m

nice side-effect, but rebound doesn't play

2018-07-13 Thread Peter J. Philipp
Hi, Yesterday I was messing with my network and particularily my workstation with the goal of having an internal nameserver serve "internal.centroid.eu" zones for my computers at home, and also do "168.192.in-addr.arpa" reverse. I had no luck diverting this from BIND, and then something

define rebound magic numbers

2018-07-13 Thread Peter J. Philipp
Hi, While reading through rebound, I noticed the author uses a lot of magic numbers in DNS flags field. I present OpenBSD a set of #defines that I wrote in 2002 on an OpenBSD/macppc iBook in Montreal. If I didn't write all of it then, I followed up with it in 2005 when my own DNS server came

fstat -r flag to display rdomains on sockets

2018-04-07 Thread Peter J. Philipp
Hi, I've been running iked for a while now and have been able to guess which iked belongs to which rdomain by the cpu counter but as I'm using the other iked more the cpu counter is about the same and it's confusing when I have to restart iked with route exec. I introduce the -r flag to fstat

this fixes gif(4) on 6.3

2018-04-07 Thread Peter J. Philipp
Hello, Yesterday I wrote to misc@ with this: https://marc.info/?l=openbsd-misc=152302592426018=2 I apologize with the inline paste, thunderbird is just not good enough for this stuff. Anyhow I have produced this patch after upgrading the 6.2 box to 6.3. It all works now: Here is my config:

Re: return packets may not be desired to be scrubbed

2018-03-30 Thread Peter J. Philipp
On Thu, Mar 29, 2018 at 10:01:02PM +0200, Peter J. Philipp wrote: ... > The end result is here. I add 2 arguments to pf_scrub() for rule/state > direction that is desired and direction that the packet is taking. Then > in random-id the logic does not scrub when we had an "

return packets may not be desired to be scrubbed

2018-03-29 Thread Peter J. Philipp
Hi, While writing my own patches to the OpenBSD kernel and the pf subsystem, I noticed that random-id packets scrub twice. I noticed this by copying random-id's code and modifying it a little. From that grew a little patch for scrub and random-id and I'd like OpenBSD to consider it. I sent a

httpd/logger.c patch

2018-03-11 Thread Peter J. Philipp
Hi, While auditing something in and around /usr/src/usr.sbin/httpd/logger.c (didn't find what I was looking for), I noticed that logger_log() was returning with an int but the return value was not processed at all. Here is a small patch that makes the return value void. I tested this patch

save_errno for SHA256File()

2017-10-23 Thread Peter J. Philipp
Hi, I have a program that constantly stalls on reading /etc/spwd.db with SHA256File() (from sha2.h). Here is the program flow: > sha256file: Operation not permitted on file: /etc/spwd.db 2f6574632f737077642e6462 ^C beta$ stat /etc/spwd.db 1024 78977 -rw-r- 1 root _shadow 327856

Re: pointer corruption in exec_script.c

2017-05-10 Thread Peter J. Philipp
indirectly, again sorry. -peter On 05/09/17 23:14, Ted Unangst wrote: > Peter J. Philipp wrote: >> In my tinkering with the ELFSEC mechanism, I have noticed something >> possibly troubling. In /sys/kern/exec_script.c shellname is a pointer >> to cp which is a pointer to hdrstr whic

Re: pointer corruption in exec_script.c

2017-05-09 Thread Peter J. Philipp
On Tue, May 09, 2017 at 10:05:28PM +0200, Peter J. Philipp wrote: > Hi, > > In my tinkering with the ELFSEC mechanism, I have noticed something > possibly troubling. In /sys/kern/exec_script.c shellname is a pointer > to cp which is a pointer to hdrstr which is a pointer to epp-&g

pointer corruption in exec_script.c

2017-05-09 Thread Peter J. Philipp
Hi, In my tinkering with the ELFSEC mechanism, I have noticed something possibly troubling. In /sys/kern/exec_script.c shellname is a pointer to cp which is a pointer to hdrstr which is a pointer to epp->ep_hdr... When calling the intended set shellname variable, later, I get part of the ELF

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-06 Thread Peter J. Philipp
On Fri, May 05, 2017 at 10:48:30PM +, Christian Weisgerber wrote: > On 2017-05-05, "Peter J. Philipp" <p...@centroid.eu> wrote: > > > This is my second official contribution to what I call ELFSEC, it places a > > signature in binaries, in the ELF header t

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Peter J. Philipp
On Fri, May 05, 2017 at 05:25:57PM +0100, Kevin Chadwick wrote: > > There was concern about my use of MD5 HMAC's so I > > took them out. The ELF header of 32 bit systems is too small to fit > > SHA256 checksums, so I'm leaving it out. > > Have you considered CMAC which can be truncated if need

My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Peter J. Philipp
/* * System call names. @@ -393,4 +393,5 @@ char *syscallnames[] = { "#328 (obsolete __tfork51)",/* 328 = obsolete __tfork51 */ "__set_tcb",/* 329 = __set_tcb */ "__get_tcb",/

Re: usermod.8 patch

2017-03-31 Thread Philipp Buehler
Am 31.03.2017 15:39 schrieb Jeremie Courreges-Anglas: I think the current wording is fine; no need for an option to set _default_ values. options are good - as long as they're optional --art -- pb

relayd(8): more rdomain integration diff

2017-03-01 Thread Philipp Buehler
Hi folks, after trying forth and back to overcome some limitations in relayd along multiple "instances" and rdomain/rtable I decided to scrub some rust of my C/yacc and produced the following diffs against -current to relayd and relayctl. Feats: - relayd/relayctl: -s sockname; obviously and

undocumented -P/-I in relayd, vmd, httpd, ...

2017-02-28 Thread Philipp Buehler
Hi there, while crawling through relayd source, I noticed that there is I:P: in getopt. P is obviously setting the proc-title, but I am unsure what to "get" from an instance-number via -I. This found way into httpd, snmpd, switchd and vmd also; mainly while g2k16. If someone dares to

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 11:14:13AM +0100, Jeremie Courreges-Anglas wrote: > "Peter J. Philipp" <p...@centroid.eu> writes: > > > On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote: > >> I had a patch somewhere for TSIG as well somewhere, give me

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote: > I had a patch somewhere for TSIG as well somewhere, give me some time to > find it. TSIG can secure the channel as well, but my implementation wasn't > all that pretty. Here is the patch, it would need fixing up, an

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 10:19:52AM +0100, Jeremie Courreges-Anglas wrote: > > Thanks for considering my patch. OpenBSD tremendously improves with this > > work of yours, I'm all for it! However to make use of this DNSSEC mode, > > the channel to the recursive DNS server has to be absolutely

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 12:35:33AM +0100, Jeremie Courreges-Anglas wrote: > Setting the AD flag for a query is possible, however those semantics are > newer than the EDNS0 extension. As far as I know, rfc6840 introduced > AD=1 for queries in 2013, whereas rfc3225 specifies the DO flag since >

Re: asr: support for RES_USE_DNSSEC

2017-02-25 Thread Peter J. Philipp
Hi, I'm not the best in reading patches, so I'm going to query you. Does your patch check for the "AD" flag from the resolver? As basically a DNSSEC able recursive nameserver should set this meaning it has authenticated the data. I wrote a patch for DNSSEC (possibly erroneous by comparing it

pf.conf.5 patch

2016-09-24 Thread Peter J. Philipp
Hi, Please consider this patch for the pf.conf.5 manpage, it took me hours to figure out what went wrong with my network after parts stopped working due to this example. Changing it to what I have now makes it work right. Symptoms without this fix caused IPv6 neighbours to stop pinging/being

Re: multiple routing tables

2016-05-15 Thread Philipp Buehler
Am 15.05.2016 12:10 schrieb Stefan Sperling: They key point seems to be that you're trying to route between different rdomains. I believe you must use pf to route traffic coming from this IP (which is in rdomain 0) to vether1 (which is in rdomain 2) or look into pair(4), also. -- pb

RELAYD_ANCHOR as a relayd.conf option

2016-04-22 Thread Philipp Buehler
Moin, while trying to push rdomain setups a bit further, I noticed that relayd is using a fixed anchor. For the pre-rdomain days this was sufficient, but nowadays that might look a bit different. Some dance with 'match pftag', carefully crafted (read:unique) rdr-subanchor-names can make

TSIG authentication in libasr

2016-02-27 Thread Peter J. Philipp
Hi, I have a patch for TSIG authentication in libasr. It is enabled by the "tsig" keyword in /etc/resolv.conf. My /etc/resolv.conf looks like this: search centroid.eu #nameserver 192.168.34.1 nameserver 200.46.208.61 tsig secret-key.:DONTTRY lookup file bind The HMAC over the TSIG is

Re: Make alpha 2038-safe

2016-02-17 Thread Philipp Schafft
base) > [...] > + if (year < MINYEAR || ct.mon < 1 || ct.mon > 12 || ct.day < 1 || > ct.day > 31 || ct.hour > 23 || ct.min > 59 || ct.sec > 59) { > [...] I'm not sure if this applies here as well. In some places sec == 60 is used for leap seconds. Th

Re: I have a program I wish to submit for the base

2016-01-29 Thread Peter J. Philipp
Luke, don't feel bad. Very little code that is "offered" gets taken by the OpenBSD project. OpenBSD really only takes when they see benefit for the project. An example for that is openssh. What you really want to do is focus on your own projects and make them available somewhere so that when

httpd patch

2016-01-15 Thread Peter J. Philipp
Hello, I had nothing better to do tonight after work so I read a little in httpd. I have come up with a patch for i386 and any architecture where off_t != size_t. So on i386 there is this: uranus$ ./sizetest off_t = 8 size_t = 4 and I have these files in a directory: uranus$ ls -lhi total

Re: httpd patch

2016-01-15 Thread Peter J. Philipp
On Fri, Jan 15, 2016 at 08:36:05PM +, Peter J. Philipp wrote: > Hello, > > I had nothing better to do tonight after work so I read a little in httpd. > I have come up with a patch for i386 and any architecture where off_t != > size_t. > > So on i386 there is this: &g

Re: httpd patch

2016-01-15 Thread Peter J. Philipp
On Sat, Jan 16, 2016 at 04:35:16AM +, Peter J. Philipp wrote: > Hello again, > > I couldn't sleep because for some reason my head was spinning around this > code. In sleep I reviewed what I remembered of this code and noticed two > things. > > 1. My patch was against

Re: pledge idea

2015-11-02 Thread Peter J. Philipp
On Thu, Oct 29, 2015 at 06:39:58PM +0100, Peter J. Philipp wrote: > Hi Reyk, > > deraadt already told me there was a patch for this already. Yes it > would be more cycles for stdio I see that. > > Thanks for your effort in making me see this. > > -peter >

pledge idea

2015-10-29 Thread Peter J. Philipp
Hi deraadt, I know you know I don't code well, but in order to show you what's on my mind I had to write code, I took the bsearch() from the ieee80211 code, so perhaps there is a better way (like always) perhaps to unify the function between these two areas. The reason I did this is to save on

Re: pledge idea

2015-10-29 Thread Peter J. Philipp
On 10/29/15 18:51, Reyk Floeter wrote: > On Thu, Oct 29, 2015 at 04:32:25PM +, Peter J. Philipp wrote: >> Hi deraadt, >> >> I know you know I don't code well, but in order to show you what's on my >> mind I had to write code, I took the bsearch() from the ie

Re: autoinstall(8): using multiple set sources?

2015-08-08 Thread Philipp
Am 08.08.2015 01:26 schrieb Alexander Hall: Try adding Set name(s) = done Here, like you would manually do (albeit likely implicit by just pressing enter). Bit counterintuitive at first, but works! Thanks a bunch.

autoinstall(8): using multiple set sources?

2015-08-07 Thread Philipp
While heavy playing with autoinstall(8), I came across that I cannot make it happen to install the usual sets from CD/ISO and additional ones like site58.tgz from a webserver. install.conf snips: root disk = wd0 Use (W)hole disk = W Location of sets = cd Set name(s) = all Location of sets =

an XOR improvement of 1%

2015-06-08 Thread Peter J. Philipp
Hi, I have made a patch against 5.7 that improves the speed of xor for amd64 by 1% (timed on a seperate userland program). I tested the userland program against an i386 and a amd64 host, didn't have access to any other architectures. If a hardcore developer thinks this is worth it ... feel

Re: autoinstall(8) tweaks

2015-04-15 Thread Philipp
Am 15.04.2015 01:20 schrieb Ryan McBride: On other systems where I don't know how the data will grow, I typically configure them with something close to the auto layout, but a smaller /home, and leave the remaining disk empty. When I get a feel for what the data usage is in /var/daemon or /home

Re: autoinstall(8) tweaks

2015-04-07 Thread Philipp
Am 07.04.2015 16:55 schrieb Kirill Bychkov: disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n Oh, please yes. I know that this will be PITA around (non)escaping and all, but the default labelling just isnt cutting it. + _mode=$(sed -E '/^ *filename

Re: use mallocarray in kern

2014-07-14 Thread Philipp
Sorry to break the threading, but I already expunged the original message.. Re: http://marc.info/?l=openbsd-techm=140529530814733w=2 The second and third hunk should use mallocarray() instead of malloc() in my eyes. sizeof(Elf_Phdr) as type just doesnt make sense to me. Hope not everyone is

Re: iked + isakmpd on the same machine

2014-04-24 Thread Philipp
Am 22.04.2014 17:28 schrieb Mike Belopuhov: more like it's not supported and is not supposed to work. not supposed as in 'not wanted'? it's like running nginx and apache at the same time but Quite frankly: I'm doing that in some locations ;-) worse since there are kernel tentacles involved

iked + isakmpd on the same machine

2014-04-22 Thread Philipp
It happened! A remote peer *requires* IKEv2 - and I've to do that on a machine running isakmpd with somewhat 25+ IKEv1 peers. First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad workaround: start isakmpd (with Listen-on) first. Second hurdle: iked loads its SAs and eventually

Re: 5.5 and dual-boot

2014-03-07 Thread jean-philipp luiggi
Le 07/03/2014 12:02 PM, Bob Beck a écrit : actually more painful than having to boot windows is to always have something handy to boot the snap from in order to dd the bootblock off in case you forget to do it before rebooting, or you're fucked. Hi Bob, Yeah and hopefully, with a recent post

Re: 5.5 and dual-boot

2014-03-07 Thread jean-philipp luiggi
Le 07/03/2014 12:13 PM, Theo de Raadt a écrit : actually more painful than having to boot windows is to always have something handy to boot the snap from in order to dd the bootblock off in case you forget to do it before rebooting, or you're fucked. The new installboot was enabled around a

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 09:22 schrieb Alex Mathiasen: Thank you! This solved my problem. Cheers.. found the hard way the other day. There should really be some dmesg when state-tables overflow. This silent dropping is wasting time in debugging such situations. Sorry for talk instead of diff :-}

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 12:22 schrieb Stuart Henderson: Writing messages that show up in dmesg is not cheap, particularly on systems with serial console. Well, ok. How about pflog?

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 13:11 schrieb Henning Brauer: how do you emit such a maessage in pcap? as payload with a dummy packet header? (N!!) pf is taking action without telling anyone - and that's not nice. There *are* other log() entries in pf.c already so I wonder how the initial

Re: Routing issues

2014-02-16 Thread Philipp
Am 16.02.2014 14:08 schrieb Stuart Henderson: Some ideas: check that the pf statetable (full or src-con) is not overflowing.. lately I had 'no route' where it was just peeking over the limit of 10,000 states spuriously. Went me crazy. pfctl -sm ; pfctl -si -vv

Re: Request for Funding our Electricity

2014-01-18 Thread Philipp
Am 17.01.2014 22:14 schrieb Kevin Lyda: That's a bug to be filed against an emulator. And it's easier to do that *now* when the older hardware is around to test for bug compatibility. And how do you do that when the hardware has gone? And I must admit the resistance to this is weird. This

Re: Request for Funding our Electricity

2014-01-14 Thread Peter J. Philipp
On 01/14/14 21:56, Theo de Raadt wrote: Hi, Anyone want to suggest we hold a bake sale? I just donated a little bit. Looking for roughly 10 dozen like minded people. I'm not suggesting a bake sale but one thing I noticed with the freebsdfoundation.org's website, that I think works out good,

-DDEBUG misses DUMP_REGS on amd64 libsa

2013-11-14 Thread Philipp
Hi, from: sys/arch/amd64/stand/libsa/cmd_i386.c: #ifdef DEBUG int Xregs(void) { DUMP_REGS; return 0; } #endif which is undeclared. i386 has one in sys/arch/i386/stand/libsa/debug_md.h --pb

urtwn(4) patch

2013-05-11 Thread Peter J. Philipp
Hi, I previously sent out a patch for this device support here: Linkname: 'USB Wireless Micro Adapter IWL 4000 support' - MARC URL: http://marc.info/?l=openbsd-techm=135342591418924w=2 Now I've looked at the usbdevs file a little closer and finally replaced my PJPUK device with

Re: write(2) man page

2013-02-24 Thread Philipp Schafft
.) Hope that helped! :) -- Philipp. (Rah of PH2) signature.asc Description: This is a digitally signed message part

USB Wireless Micro Adapter IWL 4000 support

2012-11-20 Thread Peter J. Philipp
First off I'd like to say that today luck was with me. Big time. I went to a local store (saturn.de) to buy a wireless usb adapter and picked one out that I thought was supported. I did not take my netbook with me so I didn't know if it would work or not. So when I got home it was detected as

Re: USB Wireless Micro Adapter IWL 4000 support

2012-11-20 Thread Peter J. Philipp
On Tue, Nov 20, 2012 at 04:33:27PM +0100, Peter J. Philipp wrote: urtwn0 at uhub0 port 1 Realtek Belkin Wireless Adapter rev 2.00/2.00 addr 2 urtwn0: MAC/BB RTL8192CU, RF 6052 2T2R, address ec:1a:59:0d:fa:1c Hrmm, sometimes it does not detect right. I had to cold boot my netbook last

tftpd patch

2012-06-28 Thread Peter J. Philipp
Hi, I have the weird scenario when I try to tftp a file from a remote tftpd that's also openbsd that my pf doesn't keep a state open. This is something I need to fix, however I found this in the logs on the remote tftpd and it's misleading: Jun 28 14:03:21 hostname tftpd[2506]: recv:

Re: ip6(4) manpage update

2012-06-18 Thread Peter J. Philipp
On Mon, Jun 18, 2012 at 08:06:06AM +0100, Jason McIntyre wrote: the blank line above should be a .Pp. also this diff adds trailing whitespace at eol in a few places. please remove it. except for that, i'm fine with this diff, if some developer wants to take it. jmc Awesome! Well here

  1   2   >