Re: relayd patch for websocket upgrade

2021-10-23 Thread Sebastian Benoit
commited, Thanks for reporting and this and the patches, and sorry for the delay. /Benno Sebastian Benoit(be...@openbsd.org) on 2021.10.23 22:22:10 +0200: > Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700: > > On Sun, May 02, 2021 at 11:05:16AM -0700,

Re: relayd patch for websocket upgrade

2021-10-23 Thread Sebastian Benoit
Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700: > On Sun, May 02, 2021 at 11:05:16AM -0700, Jonathon Fletcher wrote: > > On Sun, Mar 07, 2021 at 06:22:04PM -0800, Jonathon Fletcher wrote: > > > On Sun, Mar 07, 2021 at 06:46:33PM +0100, Marcus MERIGHI wrote: > > > >

Re: fix IO handling in rpki-client

2021-10-23 Thread Sebastian Benoit
ok benno@ Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.23 14:20:19 +0200: > This diff changes the io read functions to work on ibufs. > With this the poll loops will consume data with io_buf_read() until a full > message is received and then that message is processed. Thanks to this > the

httpd request body too large in log

2021-10-23 Thread Sebastian Benoit
differentiate the third 413 from the other two in httpd. ok? diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c index 153829f4201..bf3fae05414 100644 --- usr.sbin/httpd/server_http.c +++ usr.sbin/httpd/server_http.c @@ -1406,7 +1406,7 @@ server_response(struct httpd *httpd,

Re: [Possible patch] httpd and HEAD requests to CGI scripts

2021-10-23 Thread Sebastian Benoit
Ross L Richardson(open...@rlr.id.au) on 2021.10.09 21:40:50 +1100: > This relates to the earlier messages I sent to bugs@ in: > https://marc.info/?t=16330937691=1=2 > > RFC 7231 [HTTP/1.1] section 4.3.2. "HEAD" states: > The HEAD method is identical to GET except that the server

Re: ixl(4): add checksum receive offloading

2021-10-22 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2021.10.22 12:55:20 +0100: > On 2021/10/22 11:25, Jan Klemkow wrote: > > this diff add hardware checksum offloading for the receive path of > > ixl(4) interfaces. > > Would be good to have this tested with NFS if anyone has a way to do so. > nics are

Re: isakmpd: prepare for opaque X509_EXTENSION

2021-10-21 Thread Sebastian Benoit
see the "if (csc == NULL)" error case below. otherwise ok Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:45:43 +0200: > On Thu, Oct 21, 2021 at 01:05:18PM +0200, Theo Buehler wrote: > > This is the first of two diffs to prepare isakmpd for upcoming libcrypto > > changes. X509_EXTENSION

Re: isakmpd: prepare for opaque X509_EXTENSION

2021-10-21 Thread Sebastian Benoit
Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:05:18 +0200: > This is the first of two diffs to prepare isakmpd for upcoming libcrypto > changes. X509_EXTENSION will become opaque so we need to use an accessor. > I decided to leave accesses into ASN1_OCTET_STRING as they are for >

Re: acme-client: don't reach into X509

2021-10-13 Thread Sebastian Benoit
Theo Buehler(t...@theobuehler.org) on 2021.10.13 13:55:14 +0200: > In an upcoming libcrypto bump, we will make a few structs in libcrypto > opaque. This needs a small change in acme-client. Fetch the extension > stack using X509_get0_extensions() and iterate using the stack API. > Note that

Re: Variable type fix in parse.y (all of them)

2021-10-12 Thread Sebastian Benoit
Christian Weisgerber(na...@mips.inka.de) on 2021.10.12 12:49:24 +0200: > Christian Weisgerber: > > > Here's another attempt, incorporating millert's feedback and adding > > a few more casts: > > Any interest in this or not worth the churn and I should drop it? i think it should go in. ok

Re: Relayd daily crash ca_dispatch_relay invalid

2021-10-02 Thread Sebastian Benoit
abyx...@mnetic.ch(abyx...@mnetic.ch) on 2021.10.01 09:56:32 -0400: > On Fri, Oct 1, 2021, at 09:44, Stuart Henderson wrote: > > On 2021/10/01 14:43, Stuart Henderson wrote: > >> On 2021/10/01 09:29, abyx...@mnetic.ch wrote: > >> > I'm getting a daily crash (call to fatalx). No clue what triggers

OpenBSD Errata: September 30, 2021 (libressl)

2021-09-30 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. Compensate for the expiry of the DST Root X3 certificate. The use of an unnecessary expired certificate in certificate chains can cause validation errors. Binary updates for the amd64, i386 and arm64 platform are

OpenBSD Errata: September 27, 2021 (libressl)

2021-09-26 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. A stack overread could occur when checking X.509 name constraints. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

OpenBSD Errata: September 27, 2021 (sshd)

2021-09-26 Thread Sebastian Benoit
An errata patch for sshd(8) has been released for OpenBSD 6.8 and OpenBSD 6.9. sshd(8) from OpenSSH 6.2 (OpenBSD 5.3) through 8.7 (OpenBSD 6.9) failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a

rpki-client-7.3 released

2021-09-23 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Improve the HTTP client code

Re: less: tighten pledge in secure mode

2021-09-22 Thread Sebastian Benoit
Tobias Stoeckmann(tob...@stoeckmann.org) on 2021.09.21 22:23:55 +0200: > Hi, > > upstream (greenwood) less has disabled history file support for secure > mode, i.e. LESSSECURE=1: https://github.com/gwsw/less/pull/201 > > The problem was about permanent marks for which we do not have support >

Re: pf.conf(5) & reply-to

2021-09-21 Thread Sebastian Benoit
Alexander Bluhm(alexander.bl...@gmx.net) on 2021.09.21 22:34:09 +0200: > On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote: > > did i screwup something somewhere in my config and there's a better way > > for that ? > > This was changed in February. No more interface, but gateway >

Re: rpki-client add back keep-alive to http requests

2021-09-12 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.09.10 12:09:47 +0200: > On Thu, Sep 09, 2021 at 09:18:04AM -0600, Bob Beck wrote: > > > > ok beck@ > > > > On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote: > > > While Connection: keep-alive should be the default it seems that

Re: iked(8): make proto option accept lists

2021-09-04 Thread Sebastian Benoit
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.04 12:39:26 +0200: > Here's an updated diff including the man page bits. I don't want to bikeshed the manpage. The code is ok benno@ :) > Looking at pf.conf(5) > and ipsec.conf(5), there does not really seem to be a standard way to document >

Re: iked(8): make proto option accept lists

2021-09-03 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.09.03 11:32:42 +0200: > On 2021-09-03 10:38 +02, Claudio Jeker wrote: > > On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote: > >> Tobias Heider(tobias.hei...@stusta.de) on 2021.09

Re: iked(8): make proto option accept lists

2021-09-03 Thread Sebastian Benoit
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200: > The diff below makes iked accept a list of protocols for the "proto" config > option in iked.conf(5). > This would allow us to have a single policy with "proto { ipencap, ipv6 }" > to secure a gif(4) tunnel, instead of

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Sebastian Benoit(be...@openbsd.org) on 2021.09.02 21:41:15 +0200: > Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200: > > On 2021-09-02 12:26 +02, Sebastian Benoit wrote: > > > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > > >> Ping.

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200: > On 2021-09-02 12:26 +02, Sebastian Benoit wrote: > > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > >> Ping. > >> > >> On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > Ping. > > On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote: > > Ping. > > > > On Sun, May 09, 2021 at 01:07:15PM BST, Raf Czlonka wrote: > > > Hello, > > > > > > This is both a general question and specific example of

Re: timeout: Prettify man page and usage

2021-09-02 Thread Sebastian Benoit
ok Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.09.02 11:05:24 +0200: > On Thu, 2021-09-02 at 08:56 +, Job Snijders wrote: > > On Thu, Sep 02, 2021 at 07:23:26AM +0100, Jason McIntyre wrote: > > > > .Ar time > > > > -can be integer or decimal numbers. > > > > +are positive

Re: rpki-client exclude files from rsync fetch

2021-08-31 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.08.31 11:09:22 -0600: > I don't understand -- why would people edit this file? > > If this list is in argv, it will be difficult to identify targets using > ps, because the hostname is way at the end. Yes. If we worry about people touching it,

Re: relayd(8): agentx allow re-enabling

2021-08-30 Thread Sebastian Benoit
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.08.30 12:50:23 +0200: > Via "relayctl reload" agentx can be enabled, disabled, but if it's > enabled->disabled->enabled the final enable won't work because we > never reset the sa. > > Also add an extra guard so that we don't accidentally

Re: wg(4) ipv6 ospf6d

2021-08-25 Thread Sebastian Benoit
Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200: > On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote: > > On 2021-08-25 18:02 +01, Stuart Henderson wrote: > > > Trying to announce a network on a wg(4) interface via ospf6d, just > > > using passive to pick up the prefix,

Re: acme-client(1): Fix misleading comment

2021-08-24 Thread Sebastian Benoit
commited, thanks Emil Engler(m...@emilengler.com) on 2021.08.24 08:52:57 +0200: > While auditing acme-client(1) I have noticed that the source code still > makes references to curl. > > Apparently acme-client(1) used curl for HTTP transfers up until this > commit: >

Re: handle RTM_IFANNOUNCE in dhcpleased & slaacd

2021-08-24 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.08.23 20:30:07 +0200: > So I was playing with a usb network adapter and noticed that dhcpleased > and slaacd would hold on to them when I unplugged them. don't do that :P > They would be listed as "unknown" because we can't find the if_name for > the

OpenBSD Errata: August 20, 2021 (libressl)

2021-08-20 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. Printing a certificate can result in a crash in X509_CERT_AUX_print(). Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

Re: cal(1): Clean up mutually exclusive options

2021-08-16 Thread Sebastian Benoit
Jason McIntyre(j...@kerhand.co.uk) on 2021.08.16 12:02:13 +0100: > when i wrote my mail, i failed to understand that "overrides earlier" > was really just another way of saying "mutually exclusive". i don;t find > it as clear, and i don;t hugely like it, but i guess it's just my > preference. Not

OpenBSD Errata: August 11, 2021 (perl)

2021-08-10 Thread Sebastian Benoit
An errata patch for perl has been released for OpenBSD 6.9. perl(1) Encode (3p) loads a module from an incorrect relative path. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

OpenBSD Errata: August 11, 2021 (kernel)

2021-08-10 Thread Sebastian Benoit
An errata patch for the kernel has been released for OpenBSD 6.8 and OpenBSD 6.9. In a specific configuration, wg(4) leaked mbufs. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

Re: bgpd add add-path receive support

2021-08-06 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:55:45 +0200: > On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote: > > This diff implements the bit to support the receive side of > > RFC7911 - Advertisement of Multiple Paths in BGP. > > > > I did some basic tests and it works

OpenBSD Errata: August 4, 2021 (kernel, sparc64)

2021-08-04 Thread Sebastian Benoit
An errata patch for the kernel on the sparc64 architecture has been released for OpenBSD 6.8 and OpenBSD 6.9. On sparc64, a missaligned address could trigger a kernel assert and panic the kernel. Source code patches can be found on the respective errata pages:

Re: rpki-client support more http status codes

2021-08-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:45:14 +0200: > On Wed, Aug 04, 2021 at 10:53:39AM +0200, Claudio Jeker wrote: > > This adds a few more HTTP Status codes to the mix of the accepted ones. > > Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx > > and

Re: Rationale behind exec clearing out unveil paths

2021-08-03 Thread Sebastian Benoit
dz...@disroot.org(dz...@disroot.org) on 2021.06.15 14:12:22 +: > > Seems to be working as intended. You are letting someone run all binaries. > And I am not letting someone write to the filesystem. Yet, they can > bypass that easily. `unveil("/", "rx")` gives a false illusion of > security,

rpki-client 7.2 released

2021-07-28 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Use RRDP as default protocol

tpmr manpage add veb reference

2021-07-27 Thread Sebastian Benoit
tpmr(4) connects only two ethernet ports with not much functionality, so the manpage is helpful by telling us bridge(4) as a more complete alternative. We now also have veb(4), so mention that as well. ok? diff --git share/man/man4/tpmr.4 share/man/man4/tpmr.4 index ab9eba4cee3..de0b200d429

Re: bgpd refactor struct prefix

2021-07-26 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.07.14 09:33:19 +0200: > On Tue, Jun 29, 2021 at 12:00:24PM +0200, Claudio Jeker wrote: > > This diff moves the rib_entry pointer re into the union to safe some > > space. For add-path I need to add a few more u_int32_t and that would > > blow the

Re: bgpctl add support for RFC8050 (add-path support for MRT parser)

2021-07-26 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.07.13 15:37:36 +0200: > This diff adds support to read MRT files using the new introduced _ADDPATH > types as defined in RFC8050. I also started adding MRT support to bgpd but > that depends on ADD-PATH itself. > > There are a few gotchas,

OpenBSD Errata: July 25, 2021 (libc, mips64)

2021-07-26 Thread Sebastian Benoit
An errata patch for the libc library on the mips64 architecture has been released for OpenBSD 6.8 and OpenBSD 6.9. On mips64, the strchr/index/strrchr/rindex functions in libc handled signed characters incorrectly. Source code patches can be found on the respective errata pages:

OpenBSD Errata: July 25, 2021 (relayd)

2021-07-25 Thread Sebastian Benoit
An errata patch for the relayd application layer gateway daemon has been released for OpenBSD 6.9. relayd(8), when using the the http protocol strip filter directive or http protocol macro expansion, processes format strings. Binary updates for the amd64, i386, and arm64 platform are available

Re: unwind(8): store enabled resolvers lookup table in config

2021-07-24 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.07.23 20:27:40 +0200: > We store a list of resolver strategies in order of their preference in > the configuration struct. This is also an implicit list of enabled > resolver strategies. We have also stored an explict lookup array of > enabled strategies

Re: unwind(8): don't doubt secure answers on network change

2021-07-24 Thread Sebastian Benoit
Florian Obser(flor...@narrans.de) on 2021.07.23 20:28:33 +0200: > Do not doubt a secure (i.e. validated) NXDOMAIN response when we just > switched networks. We just validated it! > > While here reorder the long list of conditions to make it easier to > understand when we doubt a response because

Re: rpki-client: adjust HTTP/1.1 request string

2021-07-23 Thread Sebastian Benoit
Job Snijders(j...@openbsd.org) on 2021.07.23 15:23:49 +: > Hi all, > > Based on suggestions from Julian Reschke. > > * "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to > use persistent connections (RFC 7230, section 6.3). > > * "Host" is recommended to be in the front.

Re: rsync getopt_long cleanup

2021-07-14 Thread Sebastian Benoit
ok benno@ much better as the list grows Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.07.13 20:06:39 +0200: > I never really liked the getopt_long definitions in rsync. Too much magic > and chaos. > > This moves the table out of main to gain some more space and to make it a > proper read-only

Re: bgpd refactor network flush code a bit

2021-06-24 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.06.24 17:06:36 +0200: > The network flush code only operates on peerself (like all the other > network commands). Instead of passing a peer to the tree walker just > default to peerself in network_flush_upcall(). > This makes the code more obivous

Re: bgpd shuffle some code around

2021-06-24 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.06.24 17:03:58 +0200: > In rde_update_dispatch() do the AFI check for IPv4 prefixes before > extracting the prefix. This is similar to what the MP code does and > is also more logical. > > OK? > -- > :wq Claudio > > Index: rde.c >

Re: bgpd fix add-path capability encoding

2021-06-24 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.06.22 19:47:04 +0200: > Dumb copy paste error. The add-path capability is 4byte per AFI/SAFI > the 2 + is from graceful restart where two extra bytes are at the front of > the AFI/SAFI list. ok. > > -- > :wq Claudio > > Index: session.c >

OpenBSD Errata: June 25, 2021 (bgpd)

2021-06-24 Thread Sebastian Benoit
An errata patch for the bgpd routing daemon has been released for OpenBSD 6.9. During bgpd(8) config reloads prefixes of the wrong address family could leak to peers resulting in session resets. Binary updates for the amd64, i386, and arm64 platform are available via the syspatch utility. Source

rpki-client 7.1 released

2021-05-18 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Add keep-alive support to the HTTP client code for RRDP

Re: httpd(8): don't try to chunk-encode an empty body

2021-05-17 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.05.15 17:14:38 +0200: > Turns out it's not that difficult to do this correctly since we already > wait until we read all http headers from the fcgi upstream. We just need > to delay writing of the http header until we know if the body is empty > or not. >

Re: bgpd strict community negotiation

2021-05-14 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.12 19:49:08 +0200: > RFC5492 is fairly explicit when a capability should be enabled on a > session: > >A BGP speaker that supports a particular capability may use this >capability with its peer after the speaker determines (as described >

Re: rsync fix file handling in uploader

2021-05-14 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.07 17:12:16 +0200: > So yesterday I committed a change to simplify file handling. This removed > the O_NONBLOCK flag from openat() but today I realized that this was a bit > premature. The code at that point does not know if the file is actually a

Re: rsync exit code and error cleanup

2021-05-14 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.07 12:16:26 +0200: > Currently our rsync does not follow the exit codes from rsync. Also the > error handling is complex because ERR() and ERRX() are not terminating the > process. > > This diff tries to start cleaning up the mess a bit.

Re: limit concurrent RTR connects in bgpd

2021-05-14 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.14 11:21:11 +0200: > I think it is a good idea to limit the number of concurrent connects in > bgpd. I used 32 as the limit since that is way enough for the number of > RTR sessions people will configure. > > If the limit is hit the request will

Re: httpd(8): don't try to chunk-encode an empty body

2021-05-14 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.05.14 19:13:49 +0200: > As found out by Chris Narkiewicz the hard way, trying to chunk encode an > empty body makes the nextclown app stop working. (see "Nextcloud stopped > working after upgrade to 6.9" on ports@). > > I don't think there is a valid way

Re: bgpd, non-blocking rtr connect

2021-05-10 Thread Sebastian Benoit
ok benno@ Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.03 17:37:36 +0200: > The RTR session was opened with a blocking connect() call. This is rather > bad if the RTR peer does not exist since then bgpd will block until the > connect timed out. This diff makes the connect() call

Re: more rsync cleanup

2021-05-07 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.06 17:59:32 +0200: > As noticed by benno@ the blk.blks buffer is leaked in some cases. > Fix those and cleanup up the pre_* functions a bit more. > I increased the diff context a bit to make the diff easier to read. reads ok > > -- > :wq

Re: make rsync -v less verbose

2021-05-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.05 20:03:19 +0200: > I like rsync -v but hell it is noisy with openrsync. > Just shut up about all the files that have not changed unless you go -vv. Before we do this, are there reasons to keep this like it is in the original? I think i

Re: rpki-client: change "asn" from string to integer in JSON output

2021-05-05 Thread Sebastian Benoit
Job Snijders(j...@openbsd.org) on 2021.05.05 16:35:46 +: > I'd like to modify our JSON format, many people in the community have > voiced complaints that transforming the string to an integer is > annoying. > > This won't break existing deployments coupled with GoRTR. > > OK? ok benno@ >

Re: simplify the openrsync uploader

2021-05-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.05 17:53:20 +0200: > The rsync uploader (what is the generator in rsync) can be simplified and > cleaned up a fair bit. > > There is some confusion of non-blocking IO on regular files and the idea > to poll() between openat() and fstat(). This is

Re: openrsync mini cleanup

2021-05-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.05 17:13:03 +0200: > Normalize some code. ok > > -- > :wq Claudio > > Index: receiver.c > === > RCS file: /cvs/src/usr.bin/rsync/receiver.c,v > retrieving revision 1.25 > diff -u

Re: bgpd better reload behaviour

2021-05-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.05 14:20:58 +0200: > The peer flags (mainly rde evaluate all but also transparent-as) and the > export options (none, default) are not properly handled on a config > reload. In both cases a full session restart is needed after the config > reload

Re: rpki-client delay deletes also for RRDP repos

2021-04-30 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.29 15:34:15 +0200: > Like for rsync repos files in the RRDP repos should be delayed until after > the validation finished. As with anything RPKI related there is little > trust in the repositories and their abilities to not botch an update. > >

Re: bgpd: stricter multiprotocol negotiation

2021-04-30 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.28 12:40:46 +0200: > At the moment bgpd will fall back to IPv4 unicast if there was no match in > the multiprotocol capabilities between local and remote peer. > This is not correct, if the router expects a certain AFI/SAFI for the > session then

Re: bgpctl time in sec in JSON output

2021-04-30 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.28 10:45:20 +0200: > There are various time fields in the JSON output. > last_read, last_write, last_updown on sessions, last_update for rib > entries and last_change for sets. Currently the value is the fmt_timeframe > string (which looks

rpki-client 7.0 released

2021-04-15 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD Project and gets released as a base component of OpenBSD every six months, and follows the OpenBSD release numbering scheme. This release

Re: relayd regress tcp performance

2021-04-15 Thread Sebastian Benoit
Hi, just a bit of caution: i remember getting args-http-slow-consumer.pl to work right in the first place was not easy. If i remember correctly i had quite a lot false positives depending on where i ran it. Alexander made it a bit better later, but i would not be surprised if it can still fail

Re: rpki-client skip deltas if session_id does not match

2021-04-14 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.14 20:18:25 +0200: > There is no need to queue up any deltas if the session-id differes from > the one on disk. New session-id will always result in a snapshot download. > This may help in some situation to skip queuing many deltas that are just >

Re: rpki-client more http.c cleanup

2021-04-13 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.13 14:14:38 +0200: > This is another minor cleanup. It makes http_done() similar to http_fail() > and by taking all the arguments (which would allow it to be called after > the http connection was removed) and it also no longer alters the http >

Re: missing case in rpki-client rrdp repo merge

2021-04-13 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.13 11:29:57 +0200: > rpki-client applies all delta files to a temporary location. At the same > time files or uri are tracked in a added and deleted set to know which > files to remove from the repo or move into place. > > Now when adding a file

Re: apmd: log ioctl failures

2021-03-25 Thread Sebastian Benoit
Klemens Nanni(k...@openbsd.org) on 2021.03.25 19:45:04 +0100: > On Sat, Mar 20, 2021 at 07:46:38PM +0100, Klemens Nanni wrote: > > Otherwise there is no way other than reading driver code to determine > > why running zzz(8) for example does not do anything on certain machines. > > > >

Re: unwind(8): improve DNS64 detection

2021-02-07 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.02.06 19:18:20 +0100: > I noticed that sometimes DNS64 detection is not working correctly on > boot. Eventually I tracked it down to this: > Feb 6 08:56:22 x1 unwind[7139]: check_dns64_done: bad packet: too short: -1 > > The problem is that we are

Re: "monitoring only" interfaces

2021-02-07 Thread Sebastian Benoit
David Gwynne(da...@gwynne.id.au) on 2021.01.27 17:13:09 +1000: > some of the discussion around dup-to made me think that a diff we > have here at work might be more broadly useful. > > we run a box here with a bunch of ethernet ports plugged into span > ports on switches. basically every packet

Re: grep: add --null flag

2021-01-24 Thread Sebastian Benoit
Sebastian Benoit(be...@openbsd.org) on 2021.01.25 00:27:05 +0100: > Theo de Raadt(dera...@openbsd.org) on 2021.01.24 16:01:32 -0700: > > Stuart Henderson wrote: > > > > > On 2021/01/24 12:10, Theo de Raadt wrote: > > > > I completely despi

Re: grep: add --null flag

2021-01-24 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.01.24 16:01:32 -0700: > Stuart Henderson wrote: > > > On 2021/01/24 12:10, Theo de Raadt wrote: > > > I completely despise that the option is called "--null". > > > > > > Someone was a complete idiot. > > > > gnu grep has both --null and -z for this

Re: grep: add --null flag

2021-01-24 Thread Sebastian Benoit
Hi, the diff looks good, i would change the wording in the manpage a bit, see below. Anyone else who wants to ok it? /Benno Omar Polo(o...@omarpolo.com) on 2021.01.22 12:19:08 +0100: > > quasi three-weekly ping. > > Is this such a bad idea? > > (TBH: I have still to look at how to write a

Re: more refactor bgpd route decision process

2021-01-13 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.01.13 13:10:23 +0100: > This is another cleanup round of the route decision process. > This time focusing on prefix_cmp(). Make sure that when using > return (a - b) that the results always fits in an int type. > Also make sure the check of the

OpenBSD Errata: January 13th, 2021 (carp)

2021-01-13 Thread Sebastian Benoit
Errata patches for the kernel have been released for OpenBSD 6.8. Use of bpf(4) on a carp interface could result in a use after free error. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the respective errata

Re: Make ospf6d work on point-to-point links

2021-01-12 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.01.12 10:07:57 +0100: > On Wed, Jan 06, 2021 at 01:02:50PM +0100, Claudio Jeker wrote: > > The code in ospf6d is a bit broken when it comes to point-to-point links. > > This diff fixes this by a) using the neighbor address instead of the unset > >

OpenBSD Errata: January 11th, 2021 (nd6)

2021-01-11 Thread Sebastian Benoit
Errata patches for the kernel have been released for OpenBSD 6.7 and 6.8. When an NDP entry is invalidated the associated layer 2 address is not invalidated. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the

Re: bgpd simplify update path

2021-01-08 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.01.07 19:34:23 +0100: > When bgpd generates an UPDATE to update or withdraw prefixes it does this > from rde_generate_updates() and then decends into up_generate_update(). > Now there is up_test_update() that checks if a new prefix is actually OK >

Re: fix opsfd parse.y shit/reduce conflicts

2021-01-06 Thread Sebastian Benoit
Thanks, i think the dependon might have been my fault. code reads ok. I also checked a few configs, including an artificial one that uses depend on. /Benno Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.01.06 11:11:49 +0100: > The dependon statement in ospfd parse.y introduces some troubles

Re: acme-client(1): backup certs

2021-01-03 Thread Sebastian Benoit
ok Florian Obser(flor...@openbsd.org) on 2021.01.02 17:23:11 +0100: > > Create .1 backup files when acme-client is going to overwrite a > certificate file. > > This files are not terribly big and it's convenient to keep one > previous file around for example if one adds or removes domains to

getifaddrs(3) manpage improvement

2020-12-29 Thread Sebastian Benoit
Hi, maybe add a hint about the needed check? comments? ok? diff --git lib/libc/net/getifaddrs.3 lib/libc/net/getifaddrs.3 index 26eac493202..946c2d9a9b0 100644 --- lib/libc/net/getifaddrs.3 +++ lib/libc/net/getifaddrs.3 @@ -74,13 +74,13 @@ Contains the interface flags, as set by References

npppd: result of getifaddrs() not used?

2020-12-29 Thread Sebastian Benoit
It seems to me that this call to getifaddrs() is actually not needed. ok? diff --git usr.sbin/npppd/pppoe/pppoed.c usr.sbin/npppd/pppoe/pppoed.c index 5b3f09dccb1..bae41732199 100644 --- usr.sbin/npppd/pppoe/pppoed.c +++ usr.sbin/npppd/pppoe/pppoed.c @@ -458,7 +459,6 @@ pppoed_reload(pppoed

getifaddrs ifa_addr NULL checks, last set

2020-12-29 Thread Sebastian Benoit
Hi, these last ones are a bit different from the others: Two cases in libc, two in ifconfig, and one in isakmpd that is a bit tricky. comments? ok? diff --git lib/libc/rpc/get_myaddress.c lib/libc/rpc/get_myaddress.c index d0ac78f796e..b84968e1807 100644 --- lib/libc/rpc/get_myaddress.c +++

getifaddrs ifa_addr NULL checks round 3

2020-12-29 Thread Sebastian Benoit
Another set of NULL checks in programs under usr.sbin/ ok? diff --git usr.sbin/eigrpd/parse.y usr.sbin/eigrpd/parse.y index f024e3cf0cd..0ac9431e829 100644 --- usr.sbin/eigrpd/parse.y +++ usr.sbin/eigrpd/parse.y @@ -1246,7 +1246,8 @@ get_rtr_id(void) for (ifa = ifap; ifa; ifa =

more getifaddrs ifa_addr NULL checks

2020-12-29 Thread Sebastian Benoit
More missing checks, outside of usr.sbin. Missing: isakmpd and ifconfig I have not yet looked at libc internal use, libpcap and regress/. ok? diff --git sbin/iked/parse.y sbin/iked/parse.y index aedbb74f3fd..b02ff55d4e7 100644 --- sbin/iked/parse.y +++ sbin/iked/parse.y @@ -2166,7 +2166,8 @@

usr.sbin/* getifaddrs ifa_addr NULL check

2020-12-29 Thread Sebastian Benoit
Hi, claudios bgpd diff and florian mentioning rad(8) made me look into usr.sbin/ for getifaddrs() usage. I think these need a NULL check as well. ok? diff --git usr.sbin/ospf6d/parse.y usr.sbin/ospf6d/parse.y index f163e24149d..509aa2f2e88 100644 --- usr.sbin/ospf6d/parse.y +++

Re: bgpd refactor roa-set internals

2020-12-29 Thread Sebastian Benoit
ok. Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.12.29 10:23:53 +0100: > On Fri, Dec 18, 2020 at 11:36:33AM +0100, Claudio Jeker wrote: > > In preparation for RTR support this diff changes the internal > > representation of roa-set to a simple RB tree based on struct roa. > > The big

Re: kern.video.record man page updates

2020-12-29 Thread Sebastian Benoit
ok. maybe add a line to current.html so that people are not surprised that their video is no longer working after upgrade. /Benno Marcus Glocker(mar...@nazgul.ch) on 2020.12.28 23:47:54 +0100: > Since I'm receiving various private queries about documenting the new > kern.video.record sysctl(2)

Re: bgpd: getifaddrs ifa_addr NULL check

2020-12-29 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.12.29 10:29:00 +0100: > On Thu, Dec 17, 2020 at 01:26:09PM +0100, Claudio Jeker wrote: > > getifaddrs can return a struct ifaddrs entry with a NULL ifa_addr. > > I think an unnumbered point-to-point interface can trigger this. > > So better check for

Re: bgpd show status of set tables

2020-12-29 Thread Sebastian Benoit
reads ok, benno@ Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.12.29 10:33:53 +0100: > On Thu, Dec 10, 2020 at 02:42:49PM +0100, Claudio Jeker wrote: > > On Thu, Dec 03, 2020 at 10:59:29PM +0100, Claudio Jeker wrote: > > > The use of roa-set, prefix-set and as-set is fairly common in bgpd. > >

Re: bgpd: adjust loopback filter for network statements

2020-12-27 Thread Sebastian Benoit
I agree with this. ok benno@ Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.12.23 15:37:02 +0100: > In bgpd statements like > network inet static > or > network rtlabel "exportme" > will skip routes that use 127.0.0.1 as nexthop. This makes sense for > network connected and network

Re: [PATCH] remove variable names from prototypes in sys_pipe.c

2020-11-14 Thread Sebastian Benoit
henkjan gersen(h.ger...@gmail.com) on 2020.11.14 19:00:15 +: > OK, no problem it just looked strange when reading the code as most > definitions in that file don't have them. > > btw) I'm by now way more puzzled why this file has a function to create a pipe > > struct pipe_pair

rpki-client 6.8p1 released

2020-11-12 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD Project and gets released as a base component of OpenBSD every six months, and follows the OpenBSD release numbering scheme

  1   2   3   4   5   6   7   >