Re: Remove booting from kernels in raw/qcow2 images in vmd(8)

2021-03-12 Thread Reyk Floeter
t; - >> -/* >> - * For ufs.c >> - */ >> - >> -struct devsw vmboot_devsw = { >> -.dv_name ="vmboot", >> -.dv_strategy =vmboot_strategy, >> -/* other fields are not needed */ >> -}; >> - >> -struct open_file vmboot_file = { >> -.f_dev = _devsw, &g

Re: snmpd(8) remove OID CONFIGURATION

2020-02-27 Thread Reyk Floeter
> Am 27.02.2020 um 08:56 schrieb Martijn van Duren > : > > On 2/12/20 7:48 AM, Martijn van Duren wrote: >> Hello tech@, >> >> Working on something else, this bit of code is somewhat in my way and it >> feels like an early testing feature instead of actually being useful. >> It wasn’t an

Re: usbhidaction(1) with a foot pedal/control

2019-12-17 Thread Reyk Floeter
Hi, On Tue, Dec 17, 2019 at 06:57:54PM +, Raf Czlonka wrote: > I use a Philips USB foot pedal[0] as an additional input device. > With usbhidaction(1), I can "program" its four "buttons". > > After recent changes to uhid(4) device nodes' permissions, my USB > foot pedal "stopped working". >

Re: vmctl: start: Require one interface at minimium with -i

2019-10-26 Thread Reyk Floeter
On Sat, Oct 26, 2019 at 12:57:56AM +0200, Klemens Nanni wrote: > It makes no sense to allow zero interfaces; either a positive count is > given or -i is omitted entirely. vm.conf(5) does not allow interface > configuration that results in zero interfaces either. > > $ doas vmctl start

Re: vmd: static address for local interfaces, fix static tapX names

2019-10-25 Thread Reyk Floeter
On Fri, Oct 25, 2019 at 12:27:25PM -0700, Mike Larkin wrote: > On Fri, Oct 25, 2019 at 06:15:59PM +0000, Reyk Floeter wrote: > > Hi, > > > > the attached diff is rather large and implements two things for vmd: > > > > 1) Allow to configure static IP address/gate

vmd: static address for local interfaces, fix static tapX names

2019-10-25 Thread Reyk Floeter
Hi, the attached diff is rather large and implements two things for vmd: 1) Allow to configure static IP address/gateway pairs local interfaces. 2) Skip statically configured interface names (eg. tap0) when allocating dynamic interfaces. Example: ---snip--- vm "foo" { disable

Re: vmd: opentap: ifname is not optional

2019-10-25 Thread Reyk Floeter
On Fri, Oct 25, 2019 at 10:16:14AM +0200, Klemens Nanni wrote: > The function argument is not checked at all and strlcpy(3) will segfault > if it NULL. > > Slightly adjust the comment to reflect this and defer the error case's > default value to the end: If a node is successfully opened, ifname

Re: iked(8): improve logging output

2019-08-09 Thread Reyk Floeter
Hi, I agree that __func__ should be removed from anything except log_debug() messages. I think you should prepend the term sa or spi to explain what the hex numbers mean. otherwise OK reyk > Am 09.08.2019 um 17:31 schrieb Tobias Heider : > > The current log output is not as helpful as i

Re: [patch] relayd OCSP stapling for TLS server

2019-06-21 Thread Reyk Floeter
On Thu, Jun 20, 2019 at 07:58:10PM +0200, Bruno Flueckiger wrote: > Hi, > > The patch below adds OCSP stapling to the TLS server in relayd(8). The > OCSP response is read from a binary encoded DER file that can be created > using ocspcheck(8). > > If a file with the same name as the certificate

Re: [patch] relayd OCSP stapling for TLS server

2019-06-20 Thread Reyk Floeter
Hi Bruno, thanks for your efforts. I‘ve already written an OCSP patch which was being delayed in review. I don’t have the patch at hand but you can see the branch at https://github.com/reyk/relayd/tree/ocsp Reyk > Am 20.06.2019 um 19:58 schrieb Bruno Flueckiger : > > Hi, > > The patch

Re: trunk(4) shouldn't need to play with a port's if_type

2019-06-11 Thread Reyk Floeter
Hi, the initial intention was to differentiate a trunk port from a regular Ethernet interface. As long as an interface is a member of a trunk, it is not a fully featured Ethernet interface. The changed type prevented from using it elsewhere. I‘m not so familiar with the current network stack

Re: enc(4) free sizes

2019-06-10 Thread Reyk Floeter
Hi, didn’t you miss a free(sc, M_DEVBUF, 0) in L119 enc_clone_create()? Otherwise OK reyk > Am 10.06.2019 um 18:53 schrieb Martin Pieuchot : > > ok? > > Index: net/if_enc.c > === > RCS file: /cvs/src/sys/net/if_enc.c,v >

Re: ftp.html: adjust mirror minimum space

2019-06-01 Thread Reyk Floeter
On Sat, Jun 01, 2019 at 12:18:33PM +0200, Theo Buehler wrote: > On Sat, Jun 01, 2019 at 12:05:09PM +0200, Reyk Floeter wrote: > > Hi, > > > > a fresh rsync over night revealed that the minimum space for mirrors > > should be adjusted. > > > > OK? >

ftp.html: adjust mirror minimum space

2019-06-01 Thread Reyk Floeter
Hi, a fresh rsync over night revealed that the minimum space for mirrors should be adjusted. OK? Reyk Index: ftp.html === RCS file: /cvs/www/ftp.html,v retrieving revision 1.794 diff -u -p -u -p -r1.794 ftp.html --- ftp.html30

Re: relayd: SNI

2019-05-13 Thread Reyk Floeter
On Thu, May 09, 2019 at 02:51:23PM +0200, Reyk Floeter wrote: > Hi, > > this diff adds SNI support to relayd. > Below is the same diff again -current minus one debug line. jsing@ has noted that calling tls_config_set_keypair_ocsp_mem() with NULL ocsp options could

Re: ssl(8), fix text about web browsers and SAN

2019-05-10 Thread Reyk Floeter
I was just stumbling over this as well when I did the relayd: SNI diff. OK reyk On Fri, May 10, 2019 at 1:50 PM Stuart Henderson wrote: > it's standard behaviour for web browsers to not use hostnames in > Subject at all but require SAN. current ssl(8) text suggests "some new" > and

relayd: add from/to filter options

2019-05-09 Thread Reyk Floeter
Hi, the relayd code already had a few bits for from/to specifiers in filter rules, but it wasn't finished. I did get occasional requests if it would be possible to filter based on IPs (much like Allow/Deny rules elsewhere). Simple blocking should better be done in pf but the purpose of this is

Re: Reorder comic fonts used in error pages for httpd(8) and relayd(8)

2019-05-09 Thread Reyk Floeter
Thanks for your patch! So we have to figure out if people prefer the new fonts or the classic Comic Sans MS font. It is style vs. authenticity. But I think your suggestion is OK. Reyk > Am 09.05.2019 um 15:34 schrieb Nathan Galt : > > I happened upon ,

relayd: SNI

2019-05-09 Thread Reyk Floeter
Hi, this diff adds SNI support to relayd. It is a bit big and I have to break it down, but I'm sending this first version now to give people a chance to test. The major "infrastructure" change is that keypairs are not stored in relay structs anymore but in a global list where each keypair

Re: Avoid system(3) in ikectl

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 07:05:24PM -0400, Ted Unangst wrote: > Reyk Floeter wrote: > > On Wed, May 08, 2019 at 06:44:32PM -0400, Ted Unangst wrote: > > > Ted Unangst wrote: > > > > Matthew Martin wrote: > > > > > I did that originally [1], but Reyk

Re: Avoid system(3) in ikectl

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 06:44:32PM -0400, Ted Unangst wrote: > Ted Unangst wrote: > > Matthew Martin wrote: > > > I did that originally [1], but Reyk preferred the varargs approach [2], > > > so I changed the patch to match. > > > > Sorry, only wading into the thread at this point. Seems not

Re: Avoid system(3) in ikectl

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 01:06:30PM -0500, Matthew Martin wrote: > ping > The diff looks good now. I otherwise agree with tedu. OK reyk@ > On Thu, Apr 25, 2019 at 11:21:00PM -0500, Matthew Martin wrote: > > On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote: > > > > + argv =

Re: relayd websocket

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 07:07:43PM +0200, Reyk Floeter wrote: > On Wed, May 08, 2019 at 06:26:45PM +0200, Reyk Floeter wrote: > > On Wed, Mar 06, 2019 at 05:36:32PM +0100, Sebastian Benoit wrote: > > > Rivo Nurges(rivo.nur...@smit.ee) on 2019.03.05 22:42:13 +: > > >

Re: vm.conf: boot-device

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 06:47:53PM +0200, Anton Lindqvist wrote: > Hi, > A first stab at adding support for option `-B device' to vm.conf(5). > With the diff below, I'm able to add a dedicated VM to be used with > autoinstall(5): > > vm "amd64-install" { > disable > boot

Re: relayd websocket

2019-05-08 Thread Reyk Floeter
On Wed, May 08, 2019 at 06:26:45PM +0200, Reyk Floeter wrote: > On Wed, Mar 06, 2019 at 05:36:32PM +0100, Sebastian Benoit wrote: > > Rivo Nurges(rivo.nur...@smit.ee) on 2019.03.05 22:42:13 +: > > > Hi! > > > > > > On 3/5/19 10:36 PM, Claudio Jeker wrote:

Re: relayd websocket

2019-05-08 Thread Reyk Floeter
On Wed, Mar 06, 2019 at 05:36:32PM +0100, Sebastian Benoit wrote: > Rivo Nurges(rivo.nur...@smit.ee) on 2019.03.05 22:42:13 +: > > Hi! > > > > On 3/5/19 10:36 PM, Claudio Jeker wrote: > > > I guess that this would need strcasestr() instead of strcasecmp(), since > > > you > > > are looking

relayd: fix filter rules with forward to statement

2019-05-08 Thread Reyk Floeter
Hi, the attached diff fixes filter rules with "forward to" statement in persistent (keep-alive) connections. See the XXX comment below. ```relayd.conf log connection table { 127.0.0.1 } table { 127.0.0.1 } table { 127.0.0.1 } http protocol pathfwd { return

Re: iked curve25519

2019-03-30 Thread Reyk Floeter
I like the idea of switching it to the proper ID. Reyk > Am 30.03.2019 um 20:31 schrieb Stuart Henderson : > > curve25519 had a proper ID (31) assigned in 2016 but we still have > the draft private-use ID in iked. Any thoughts on whether we can just > cut across to the proper ID, or whether

Re: delete dead code: tc_getfrequency

2019-03-26 Thread Reyk Floeter
We happen to use this in the vmm pvclock diff. Reyk > Am 26.03.2019 um 16:28 schrieb Scott Cheloha : > > Dead since import by my reckoning... so, ~15 years dead? > > ok? > > Index: kern/kern_tc.c > === > RCS file:

Re: httpd: New log format to log X-Forwarded-{For|Port} headers

2019-03-08 Thread Reyk Floeter
Hi, On Mon, Mar 04, 2019 at 02:06:02PM +0100, Bruno Flueckiger wrote: > I've completely reworked my patch for httpd(8). The last patch broke the > log format combined. And the config option was ugly. This time I've > added another log format called forwarded. It appends two fields to the > log

Re: Avoid system(3) in ikectl

2019-03-08 Thread Reyk Floeter
On Wed, Mar 06, 2019 at 10:42:15PM -0600, Matthew Martin wrote: > I had sent a similar patch a while back. There seemed to me some > interest, but it was never comitted. Updated to apply to -current. > I vaguely remember that there was a diff that had issues that I didn't like for different

Re: add more bootdevices to vmctl

2018-12-10 Thread Reyk Floeter
OK reyk@ Please think about the manpage. > Am 10.12.2018 um 22:35 schrieb Claudio Jeker : > > Now that fw_cfg support is in vmd it makes sense to have -B disk > and -B cdrom. Also error out if the option is not known. > > This allows to use -B cdrom to force booting from the cdrom disk image >

Re: carp though bridge with vmd

2018-12-10 Thread Reyk Floeter
Hi, as a general note for virtual switches and clouds that don’t support CARP due to restrictions on multicast and/or additional MACs: I use carppeer and lladdr of the parent interface in such cases. That doesn’t mean that you should need it with vmd and bridge and we have to look into this.

Re: change reboot behaviour in vmd

2018-12-09 Thread Reyk Floeter
Sure, the bootdevice trick makes sense. Another trick could probably be to try to switch to the hard disk after first boot (install) but this would make the logic and config a bit ugly. OK for the diff below. The only thing that I’m a bit concerned about is that -B might turn a bit into a

Re: pvclock(4)

2018-12-04 Thread Reyk Floeter
On Tue, Dec 04, 2018 at 05:43:48AM -0800, Chris Cappuccio wrote: > Of course printf instead of panic for testers > Oh, right, thanks! @john: Does this "slightly less simple" diff work for you? @phessler, Chris: Maybe we should get this fix tested and in, wait for reports, and I can use the

Re: pvclock(4)

2018-12-04 Thread Reyk Floeter
On Tue, Dec 04, 2018 at 12:46:06PM +0100, Peter Hessler wrote: > On 2018 Dec 03 (Mon) at 16:56:10 -0800 (-0800), Chris Cappuccio wrote: > :Reyk Floeter [r...@openbsd.org] wrote: > :> > :> Yes, KVM???s stable bit is not a reliable indication as it is seems to > depen

Re: pvclock(4)

2018-12-04 Thread Reyk Floeter
On Mon, Dec 03, 2018 at 04:56:10PM -0800, Chris Cappuccio wrote: > Reyk Floeter [r...@openbsd.org] wrote: > > > > Yes, KVM???s stable bit is not a reliable indication as it is seems to > > depend on the capabilities of the KVM version and not the actual > >

Re: pvclock(4)

2018-12-03 Thread Reyk Floeter
> Am 04.12.2018 um 00:52 schrieb Chris Cappuccio : > > johnw [johnw.m...@gmail.com] wrote: >> >> Hi, after disable pvclock, it can boot with new kernel again, thanks. > ... >> cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 105.29 MHz, 06-17-0a >> cpu0: >>

Re: pvclock(4)

2018-11-28 Thread Reyk Floeter
Hi, > Am 29.11.2018 um 05:27 schrieb johnw : > > >> So far I only got positive reports. Where are the problems? ;) > >> Otherwise: OK? > >> Reyk > > Hi, my kvm/quest/openbsd-amd64 can not boot, after upgrade to today current > (28-nov-2018). > thanks for reporting. Do you have a full

Re: pvclock(4)

2018-11-25 Thread Reyk Floeter
> Am 25.11.2018 um 05:02 schrieb Greg Steuck : > > I realize this report is practically useless, but better out than in > (according to Shrek). > I found this in the logs of my GCE VM running syzkaller bot. No further > details were preserved... > > 2018/11/24 09:53:48 ci-openbsd-main: poll:

Re: typo in vxlan.4

2018-11-22 Thread Reyk Floeter
On Thu, Nov 22, 2018 at 11:50:52AM -0500, Josh Grosse wrote: > The page refers to vmx0 rather than vxlan0 in its pf.conf > guidance. > ... I committed a change to use em0 instead of vmx0. vmx0 wasn't a good example (I wrote the manpage around the time when vmx(4) was new and I used it as a

Re: typo in vxlan.4

2018-11-22 Thread Reyk Floeter
On Thu, Nov 22, 2018 at 11:50:52AM -0500, Josh Grosse wrote: > The page refers to vmx0 rather than vxlan0 in its pf.conf > guidance. > Are you sure? In this example, vmx0 is the parent interface that receives VXLAN UDP packets - it could also be em0, ix0, or whatever you like. Reyk > Index:

Re: pvclock(4)

2018-11-22 Thread Reyk Floeter
On Mon, Nov 19, 2018 at 01:12:46PM +0100, Reyk Floeter wrote: > the attached diff is another attempt at implementing a pvclock(4) > guest driver. This improves the clock on KVM and replaces the need > for using the VM-expensive acpihpet(4). > So far I only got positive rep

Re: rad: add support for listening on interface groups

2018-11-20 Thread Reyk Floeter
On Sat, Nov 17, 2018 at 02:11:58PM +0100, Klemens Nanni wrote: > On Fri, Nov 16, 2018 at 08:56:52PM +0100, Reyk Floeter wrote: > > > the following diff allows rad(8) to watch interface groups. This > > > allows to automatically add/remove interfaces in a given group. > &

Re: vmd: add support for local inet6 interfaces

2018-11-20 Thread Reyk Floeter
Hi On Fri, Nov 16, 2018 at 05:35:03PM +0100, Reyk Floeter wrote: > "local interface" (-L) is an amazing feature and I use it every day; > but it is IPv4-only and now I realized that I need IPv6 too. > > The attached diff implements IPv6 support for local interf

pvclock(4)

2018-11-19 Thread Reyk Floeter
+ share/man/man4/pvclock.419 Nov 2018 11:48:33 - @@ -0,0 +1,45 @@ +.\"$OpenBSD$ +.\" +.\" Copyright (c) 2018 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provide

Re: rad: add support for listening on interface groups

2018-11-16 Thread Reyk Floeter
On Fri, Nov 16, 2018 at 04:41:12PM +0100, Reyk Floeter wrote: > Hi, > > the following diff allows rad(8) to watch interface groups. This > allows to automatically add/remove interfaces in a given group. > > For example, I put "interface tap" into rad.conf and it

Re: rad: don't try to leave the multicast group on detached interfaces

2018-11-16 Thread Reyk Floeter
On Fri, Nov 16, 2018 at 07:33:47PM +0100, Florian Obser wrote: > On Fri, Nov 16, 2018 at 04:30:28PM +0100, Reyk Floeter wrote: > > Hi, > > > > the following patch prevents rad(8) from aborting when an interface is > > detached (or a clone destroyed). It is

vmd: add support for local inet6 interfaces

2018-11-16 Thread Reyk Floeter
Hi, "local interface" (-L) is an amazing feature and I use it every day; but it is IPv4-only and now I realized that I need IPv6 too. The attached diff implements IPv6 support for local interfaces. A few notes and limitations: - Unlike the embedded IPv4 DHCP server, it does not implement a

rad: add support for listening on interface groups

2018-11-16 Thread Reyk Floeter
Hi, the following diff allows rad(8) to watch interface groups. This allows to automatically add/remove interfaces in a given group. For example, I put "interface tap" into rad.conf and it automatically serves my VM interfaces. You could also configure a custom group in vm.conf and rad.conf.

rad: don't try to leave the multicast group on detached interfaces

2018-11-16 Thread Reyk Floeter
Hi, the following patch prevents rad(8) from aborting when an interface is detached (or a clone destroyed). It is no fatal condition for rad as it otherwise handles interface events just fine by reinitializing itself on interface route messages. One additional style bit included. OK? Reyk

Re: Qcow2: Clean up logging/error handling

2018-11-16 Thread Reyk Floeter
On Sat, Nov 03, 2018 at 01:53:08PM -0700, Ori Bernstein wrote: > On Tue, 30 Oct 2018 23:01:50 -0700, Mike Larkin wrote: > > > On Tue, Oct 30, 2018 at 10:41:21PM -0700, o...@eigenstate.org wrote: > > > > On Tue, Oct 30, 2018 at 10:32:37PM -0700, Ori Bernstein wrote: > > > >> On Tue, 30 Oct 2018

Re: Reuse VM ids.

2018-11-16 Thread Reyk Floeter
On Sat, Oct 27, 2018 at 02:53:16PM -0700, Ori Bernstein wrote: > On Fri, 26 Oct 2018 01:57:15 +0200, Reyk Floeter wrote: > > > On Tue, Oct 23, 2018 at 10:21:08PM -0700, Ori Bernstein wrote: > > > On Mon, 8 Oct 2018 07:59:15 -0700, Bob Beck wrote: > > >

Re: Qcow2: Clean up logging/error handling

2018-10-27 Thread Reyk Floeter
Most of these are fatal and log_debug. Keep the __func__ there! But we’ll remove it from other logging functions where it was never intended to be used and potentially reword the warnings nicely. Reyk > Am 28.10.2018 um 00:39 schrieb Ori Bernstein : > >> On Sat, 27 Oct 2018 16:15:32 -0600,

Re: Reuse VM ids.

2018-10-25 Thread Reyk Floeter
On Tue, Oct 23, 2018 at 10:21:08PM -0700, Ori Bernstein wrote: > On Mon, 8 Oct 2018 07:59:15 -0700, Bob Beck wrote: > > > works here and I like it. but probably for after unlock > > > > It's after unlock -- pinging for OKs. > Not yet. Please include the VM's uid in the claim, e.g.

vmctl "convert": create new disk images from an input file

2018-10-08 Thread Reyk Floeter
Hi tech@, there is one more diff in our qcow2 queue which lets you convert disk images into anoter format. You create a new image from an input file: - The "standard" use case: vmctl create foo.qcow2 -i foo.raw - The other way around: vmctl create foo.raw -i foo.qcow2 -

Re: Reuse VM ids.

2018-10-08 Thread Reyk Floeter
On Sun, Oct 07, 2018 at 07:31:45PM -0700, Ori Bernstein wrote: > Keep a list of known vms, and reuse the VM IDs. This means that when using > '-L', the IP addresses of the VMs are stable. > After you conviced me about its use case, 3 comments: 1. it has to wait until after release 2. please

Re: vmd: rate-limit to avoid reboot loops

2018-10-06 Thread Reyk Floeter
> Am 06.10.2018 um 10:55 schrieb Consus : > >> On 23:32 Fri 05 Oct, Reyk Floeter wrote: >> Hi, >> >> it sometimes happens that a VM is stuck in a reboot loop. This isn't >> very pleasent for vmd, so this diff attempts to introduce a hard >> rate

vmd: rate-limit to avoid reboot loops

2018-10-05 Thread Reyk Floeter
Hi, it sometimes happens that a VM is stuck in a reboot loop. This isn't very pleasent for vmd, so this diff attempts to introduce a hard rate-limit: if the VM rebooted after less than VM_START_RATE_SEC (6) seconds, increment a counter. If this happens VM_START_RATE_LIMIT (3) times in a row,

Re: Qcow2: External snapshots

2018-10-05 Thread Reyk Floeter
On Wed, Oct 03, 2018 at 11:41:41PM -0700, Ori Bernstein wrote: > diff --git usr.sbin/vmd/config.c usr.sbin/vmd/config.c > index 550b73c1a39..68be738d304 100644 > --- usr.sbin/vmd/config.c > +++ usr.sbin/vmd/config.c > @@ -35,6 +35,7 @@ > #include > #include > #include > +#include > >

Re: Qcow2: External snapshots

2018-10-05 Thread Reyk Floeter
On Wed, Oct 03, 2018 at 11:41:41PM -0700, Ori Bernstein wrote: > Thanks, another update based on Reyk's feeback and fixes. > You missed one thing: jmc@'s manpage comments. For everything else: Looks good! Tests work fine. OK reyk@ Reyk > diff --git regress/usr.sbin/vmd/diskfmt/Makefile >

Re: Qcow2: External snapshots

2018-10-03 Thread Reyk Floeter
On Tue, Oct 02, 2018 at 11:13:35PM -0700, Ori Bernstein wrote: > On Mon, 1 Oct 2018 11:24:01 -0700, Ori Bernstein wrote: > > > On Mon, 1 Oct 2018 12:55:12 +0200 > > Reyk Floeter wrote: > > > > > Hi Ori, > > > > > > On Sun, Sep 30, 2018 at

Re: vmd losing VMs

2018-10-02 Thread Reyk Floeter
cu to elicit any characters. > I'll verify next time it happens. > > On Tue, Oct 2, 2018 at 10:20 AM Reyk Floeter wrote: > > > On Tue, Oct 02, 2018 at 10:10:41AM -0700, Greg Steuck wrote: > > > Naturally, bugs don't solve themselves :) Here's a log, it's not very > > &

Re: vmd losing VMs

2018-10-02 Thread Reyk Floeter
On Tue, Oct 02, 2018 at 10:10:41AM -0700, Greg Steuck wrote: > Naturally, bugs don't solve themselves :) Here's a log, it's not very > useful due to the lack of debugging symbols. Notice, that runaway vmds > don't die on their own, they just spin out of control. I'll do VMM_DEBUG > next. > "they

Re: Qcow2: External snapshots

2018-10-01 Thread Reyk Floeter
Hi Ori, On Sun, Sep 30, 2018 at 12:27:00PM -0700, Ori Bernstein wrote: > I've added support to vmd for external snapshots. That is, > snapshots that are derived from a base image. Data lookups > start in the derived image, and if the derived image does not > contain some data, the search proceeds

Re: vmd stdio /dev/null

2018-09-10 Thread Reyk Floeter
Hi, I already gave my OK for relayd but asked to adjust all proc.c instances. OK reyk@ > Am 09.09.2018 um 23:47 schrieb Mike Larkin : > >> On Sun, Sep 09, 2018 at 11:45:07PM +0200, Alexander Bluhm wrote: >> Hi, >> >> Like the other proc.c daemons, vmd(8) children do not detach from >> the

mg: add set-case-replace

2018-08-28 Thread Reyk Floeter
Hi, the new case-preserving replace is a very nice feature - unless you want to replace a string with the exact capitalisation. >From florian@'s original commit message: > Use (mostly) the same capitalisation in the replacement string as in > > the replaced string: > > replacing foo with bar

Re: vmd/vmctl: allow to boot cdrom-only VMs

2018-08-24 Thread Reyk Floeter
his makes me wonder. Does it make sense to support booting a kernel without > disks? Some people have heard of the phrase 'diskless' ;-) > > Penned by Reyk Floeter on 20180822 13:35.23, we have: > | Hi, > | > | vmctl doesn't allow to boot VMs with only a CDROM. I see no reason

vmd/vmctl: allow to boot cdrom-only VMs

2018-08-22 Thread Reyk Floeter
Hi, vmctl doesn't allow to boot VMs with only a CDROM. I see no reason for it and vmd already allows CDROM-only. OK? Via https://twitter.com/wizardishungry/status/1032327323125727232 "Jon Williams @wizardishungry @reykfloeter Could you consider allowing booting ISO-only vms in 6.4? This is

Re: vmctl: add unveil

2018-08-22 Thread Reyk Floeter
On Tue, Aug 21, 2018 at 09:51:52PM -0700, Carlos Cardenas wrote: > Patch to unveil vmctl. > > Comments/OK? > OK reyk btw. paths[0] is an artifact from the old pledge paths argument. semarie@ removed it in -r1.13 of main.c but we both overlooked that paths[2] is not needed anymore and could

Re: vmd: sync DPADD with LDADD

2018-06-24 Thread Reyk Floeter
OK reyk@ > Am 24.06.2018 um 07:57 schrieb Gleydson Soares : > > sync DPADD with LDADD adding missing ${LIBPTHREAD} to ensure > that binary is rebuilt in case of pthread library changes. > Index: Makefile > === > RCS file:

ypldap: sync aldap from ldap(1)

2018-06-21 Thread Reyk Floeter
Hi, the _url code was broken and disabled in ypldap's aldap - I fixed it for ldap(1). The other chunk is a DEBUG message fix, not compiled by default. OK? Index: usr.sbin/ypldap/aldap.c === RCS file:

tech

2018-06-20 Thread Reyk Floeter
Hi, when we develop code in OpenBSD, we have the choice of reviewing or sharing our patches privately between individual developers, on an internal list, or here on tech@. >From https://www.openbsd.org/mail.html: tech Discussion of technical topics for OpenBSD developers and advanced

Re: httpd 3/3: request rewrite

2018-06-20 Thread Reyk Floeter
anyone? On Wed, Jun 13, 2018 at 05:20:55PM +0200, Reyk Floeter wrote: > On Wed, May 30, 2018 at 12:36:05AM +0200, Reyk Floeter wrote: > > as mentioned in the big diff before, this implements rewrites. This > > diff applies on top of the previous ones. > > > > Imp

ldap(1) -y secretfile

2018-06-20 Thread Reyk Floeter
Hi, the following diff adds support for reading the bind secret from a file; this allows to hide it from ps. The -y flag is once again compatible with OpenLDAP's client. Pointed out by Tim Chase on Twitter. OK? Reyk Index: usr.bin/ldap/ldap.1

Re: httpd response mimetype bug

2018-06-13 Thread Reyk Floeter
On Sat, Jan 13, 2018 at 05:23:35PM +0100, Sebastian Benoit wrote: > Hiltjo Posthuma(hil...@codemadness.org) on 2018.01.13 13:08:38 +0100: > > On Sat, Jan 13, 2018 at 09:39:44AM +0100, Anton Lindqvist wrote: > > > On Tue, Jan 09, 2018 at 05:38:57PM +0100, Hidv?gi G?bor wrote: > > > > >Synopsis:

Re: httpd 3/3: request rewrite

2018-06-13 Thread Reyk Floeter
On Wed, May 30, 2018 at 12:36:05AM +0200, Reyk Floeter wrote: > as mentioned in the big diff before, this implements rewrites. This > diff applies on top of the previous ones. > > Implement the "request rewrite" option for internal rewrites. &g

Re: dhcrelay bpf bugs

2018-06-06 Thread Reyk Floeter
> Am 05.06.2018 um 16:27 schrieb asaxena9021 : > > Hi David, > > I am facing this problem with lpf.c > > In function receive_packet , My packet is somehow is getting corrupted. > > DHCP packet content is like below: > > DHCP Packet Content: >opcode : 15 >

Re: [Patch] mg(1): Experimental UTF-8 support

2018-05-30 Thread Reyk Floeter
> Am 30.05.2018 um 10:10 schrieb Leonid Bobrov : > >> On Wed, May 30, 2018 at 09:05:12AM +0200, Hiltjo Posthuma wrote: >>> On Tue, May 29, 2018 at 05:22:43PM +0300, Leonid Bobrov wrote: On Tue, May 29, 2018 at 03:33:08PM +0200, Henning Brauer wrote: Hi, very welcome!

Re: httpd request rewrite

2018-05-30 Thread Reyk Floeter
> Am 30.05.2018 um 10:12 schrieb Sebastian Benoit : > > Sebastian Benoit(be...@openbsd.org) on 2018.05.30 10:10:51 +0200: >> Reyk Floeter(r...@openbsd.org) on 2018.05.29 18:48:31 +0200: >>> Hi, >>> >>> it's about time. >>> >>&

Re: httpd 2/3: rename "root strip" to "request strip"

2018-05-29 Thread Reyk Floeter
On Wed, May 30, 2018 at 12:32:12AM +0200, Reyk Floeter wrote: > Hi, > > this diff applies on top of the previous one. > > Rename "root strip" to "request strip" > > The root strip option name was semantically incorrect as it does not

httpd 3/3: request rewrite

2018-05-29 Thread Reyk Floeter
{ "rewrite",REWRITE }, { "root", ROOT }, { "sack", SACK }, { "server", SERVER }, diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c i

httpd 2/3: rename "root strip" to "request strip"

2018-05-29 Thread Reyk Floeter
Hi, this diff applies on top of the previous one. Rename "root strip" to "request strip" The root strip option name was semantically incorrect as it does not strip the root but the request path. This is a grammar change and it also needs a heads up and a change in other

httpd 1/3: don't encode the query string twice

2018-05-29 Thread Reyk Floeter
Hi, the first diff fixes a bug that I found with the work on rewrites. The http_query is already url_encoded; don't encode it twice. This fixes a bug in the macros and log file handler that double-encoded the query. This does not change FCGI as it was already handling the

Re: httpd request rewrite

2018-05-29 Thread Reyk Floeter
On Tue, May 29, 2018 at 10:00:22PM +0200, Hiltjo Posthuma wrote: > On Tue, May 29, 2018 at 06:48:31PM +0200, Reyk Floeter wrote: > > Hi, > > > > it's about time. > > > > server "default" { > > listen

Re: httpd request rewrite

2018-05-29 Thread Reyk Floeter
On Tue, May 29, 2018 at 06:48:31PM +0200, Reyk Floeter wrote: > it's about time. > > server "default" { > listen on * port 80 > location match "/de/(.*)" { > request rewrite "/ch/%1" >

httpd request rewrite

2018-05-29 Thread Reyk Floeter
Hi, it's about time. server "default" { listen on * port 80 location match "/de/(.*)" { request rewrite "/ch/%1" } } You can also you the macros as in the "block return" external redirects. So maybe

Re: ldapd: add bsd.schema?

2018-05-18 Thread Reyk Floeter
On Fri, May 18, 2018 at 10:42:43AM +0200, Reyk Floeter wrote: > So, OK? > As sthen@ pointed out, I had shadowPassword in both MUST and MAY. (The reason is that I intended to move it from MUST to MAY, but forgot to remove the MUST). userPassword in nis.schema is also MAY, so it must not b

Re: ldapd: add bsd.schema?

2018-05-18 Thread Reyk Floeter
So, OK? On Tue, May 15, 2018 at 02:24:19PM +0200, Reyk Floeter wrote: > Hi, > > could we add an LDAP schema file that makes it easier to use sshd's > "AuthorizedKeysCommand"? > > While most howtos out there agree on the attribute name > "sshPublic

Re: [patch] httpd: add tls client certificate authentication

2018-05-16 Thread Reyk Floeter
It will! The diff is nice and OK. > Am 16.05.2018 um 22:33 schrieb Jan Klemkow : > > Hi Jack, > >> On Wed, May 16, 2018 at 05:32:56PM +0930, Jack Burton wrote: >> I figured that if we can agree on this much, so httpd can be used for >> the authentication-only case (which

ldapd: add bsd.schema?

2018-05-15 Thread Reyk Floeter
Hi, could we add an LDAP schema file that makes it easier to use sshd's "AuthorizedKeysCommand"? While most howtos out there agree on the attribute name "sshPublicKey", there is no common LDAP schema that implements it. Some people patch nis.schema (which seems a bad idea), others add their own

Re: ldapd: fix log and format string errors

2018-05-15 Thread Reyk Floeter
On Mon, May 14, 2018 at 12:45:18PM +0200, Reyk Floeter wrote: > Hi, > > the following patch updates ldapd to use log.c from vmd/relayd/etc. > > Notes: > > - This log.c uses format attributes that helped to fix some format > errors and two actual bugs: >- T

ldapd: fix log and format string errors

2018-05-14 Thread Reyk Floeter
Hi, the following patch updates ldapd to use log.c from vmd/relayd/etc. Notes: - This log.c uses format attributes that helped to fix some format errors and two actual bugs: - There was a missing argument in a log_warn in namespace.c - the ldape child never inherited the log level

Re: ldapd: filter rules on attributes

2018-05-14 Thread Reyk Floeter
On Sat, May 12, 2018 at 08:56:48PM +1000, Jonathan Matthew wrote: > > This only supports "write" (modify, add, delete) and not "read" > > (search) filter rules. The search mode will be more complicated and I > > will look at this later. > > > > Thoughts? OK? > > ok. Read filters would be good

ldapd: filter rules on attributes

2018-05-11 Thread Reyk Floeter
Hi! (resent to tech@) the following ldapd patch allows filter rules to match on attributes. This can be used to allow users to change their password (and a few other things) but not their entire dn. For example, in ldapd.conf: allow read access to any by self allow write access

Re: relayctl friendlier

2018-05-11 Thread Reyk Floeter
eOn Fri, May 11, 2018 at 01:53:58PM +0300, Kapetanakis Giannis wrote: > Hi, > > By default we have: > > # relayctl show > missing argument: > valid commands/args: > summary > hosts > redirects > relays > routers > sessions > > On the other hand: > # relayctl host > usage: relayctl

Re: ifconfig: add -rdomain option

2018-02-20 Thread Reyk Floeter
> Am 20.02.2018 um 11:15 schrieb Klemens Nanni : > >> On Mon, Feb 19, 2018 at 05:09:58PM -0800, Ayaka Koshibe wrote: >> This diff would allow saying 'ifconfig foo -rdomain' instead of 'ifconfig >> foo rdomain 0'. > I can see where you're coming from but this breaks semantics:

Re: Export IPsec flows via snmpd(8)

2018-02-07 Thread Reyk Floeter
> Am 07.02.2018 um 12:39 schrieb Martin Pieuchot <m...@openbsd.org>: > > On 07/02/18(Wed) 12:18, Reyk Floeter wrote: >>>> Am 07.02.2018 um 11:23 schrieb Martin Pieuchot <m...@openbsd.org>: >>>> On 07/02/18(Wed) 01:37, Reyk Floeter wrote: >>>

Re: Export IPsec flows via snmpd(8)

2018-02-07 Thread Reyk Floeter
> Am 07.02.2018 um 11:23 schrieb Martin Pieuchot <m...@openbsd.org>: > >> On 07/02/18(Wed) 01:37, Reyk Floeter wrote: >> >>>>> Am 02.01.2018 um 15:23 schrieb Martin Pieuchot <m...@openbsd.org>: >>>>> >>>>> On 19/12/17

Re: Export IPsec flows via snmpd(8)

2018-02-06 Thread Reyk Floeter
>> Am 02.01.2018 um 15:23 schrieb Martin Pieuchot : >> >>> On 19/12/17(Tue) 18:06, Marco Pfatschbacher wrote: >>> On Tue, Dec 19, 2017 at 12:43:48PM +0100, Martin Pieuchot wrote: >>> I'd like to see some information about my tunnels in my NMS. >> >> Nice. I would find that

  1   2   3   4   >