Re: tzset(3): update man page to reality

2022-10-03 Thread Sebastian Benoit
Todd C. Miller(mill...@openbsd.org) on 2022.10.03 13:32:22 -0600: > On Mon, 03 Oct 2022 13:27:05 -0600, "Todd C. Miller" wrote: > > > We did not document tzname, timezone or daylight and the rules > > regarding pathnames was not entirely clear. reads ok to me > > I think it is worth mentioning

Re: wc(1): add -L flag to write length of longest line

2022-10-01 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2022.09.30 11:11:42 -0600: > I'm sure there are other people have other desireable features which I > haven't listed. For instance, could wc.c be the scaffold to use for the > long-desired web browser to be included in OpenBSD? Oh, it's clearly incomplete

rpki-client 8.0 released

2022-09-11 Thread Sebastian Benoit
. See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix Origin Validation help secure the global Internet routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD

Re: rpki-client stop all repo fetching a bit before the timeout

2022-09-02 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.02 22:02:33 +0200: > Lets try to finish work by stopping all syncs and fall back to what we > have in cache after 7/8 of the timeout (timeout - 1/2 repo_timeout). > This way we still have 1/8 of time to finish the calculation and produce > output.

Re: mld6 remove global variable

2022-09-02 Thread Sebastian Benoit
that was meant to be an ok :) Sebastian Benoit(be...@openbsd.org) on 2022.09.02 22:04:41 +0200: > Alexander Bluhm(alexander.bl...@gmx.net) on 2022.09.02 20:38:04 +0200: > > Hi, > > > > Due to the KAME scope address hack, the link-local all nodes and > > routers IPv

Re: mld6 remove global variable

2022-09-02 Thread Sebastian Benoit
Alexander Bluhm(alexander.bl...@gmx.net) on 2022.09.02 20:38:04 +0200: > Hi, > > Due to the KAME scope address hack, the link-local all nodes and > routers IPv6 addresses cannot be const. So move memory from data > to stack to make variables MP safe. > > ok? > > bluhm > > Index:

Re: rpki-client add abort to rrdp

2022-09-02 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.02 19:55:28 +0200: > We want to be able to abort RRDP syncs. Now the problem is that depending > on the state the abort request is more or less complex. What needs to be > avoided is that a message received after the corresponding RRDP session >

Re: unbound and cannot increase max open fds from 512 to 4152

2022-09-02 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2022.09.02 12:16:06 +0100: > On 2022/09/02 11:25, Sebastian Benoit wrote: > > > > > Sep 2 06:39:58 x1c unbound: [14264:0] notice: Restart of unbound > > > > > 1.16.0. > > > > > Sep 2 06:39

Re: unbound and cannot increase max open fds from 512 to 4152

2022-09-02 Thread Sebastian Benoit
Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 08:07:01 +: > On Fri, Sep 02, 2022 at 09:53:54AM +0200, Sebastian Benoit wrote: > > Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 06:47:00 +: > > > Hi, > > > > > > I have a quest

Re: unbound and cannot increase max open fds from 512 to 4152

2022-09-02 Thread Sebastian Benoit
Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 06:47:00 +: > Hi, > > I have a question, could or should unbound in base be delivered with: > > # cat /etc/login.conf.d/unbound > unbound:\ > :openfiles-cur=4096:\ > :openfiles-max=8192:\ > :tc=daemon: > > or

Re: httpd: overwrite rather than error for duplicate type entries

2022-09-02 Thread Sebastian Benoit
thanks, commited! Florian Obser(flor...@openbsd.org) on 2022.09.02 08:08:09 +0200: > This diff is correct and the use-case makes sense to me. > OK florian > > > On 2022-09-01 21:30 +01, Ben Fuller wrote: > > On Thu, Sep 01, 2022 at 21:22:13 +0100, Ben Fuller wrote: > >> On Thu, Sep 01, 2022 at

Re: ps(1): add -d (descendancy) option to display parent/child process relationships

2022-09-01 Thread Sebastian Benoit
Job Snijders(j...@openbsd.org) on 2022.09.01 03:37:59 +: > Dear all, > > Some ps(1) implementations have an '-d' ('descendancy') option. Through > ASCII art parent/child process relationships are grouped and displayed. > Here is an example: > > $ ps ad -O ppid,user > PID PPID USER

Re: bgpd switch rde_peer to RB tree

2022-09-01 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.01 12:04:03 +0200: > Convert the rde_peer hash table to an RB tree. This is a bit more complex > because rde_peer list is used in a lot of places. As a bonus use > peer_foreach in mrt.c to write the table v2 peer header (this needs a > special

Re: bgpd cleanup hash leftovers

2022-09-01 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.01 12:48:32 +0200: > bgpd no longer needs siphash.h and also remove a hash member and a > prototype which are now unused. > > -- > :wq Claudio > > Index: rde.h > === > RCS

Re: bgpd change attr cache to use RB tree

2022-08-31 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.31 13:56:18 +0200: > Like all other hash tables use an RB tree instead. > Again the calculation of the hash can be skipped because the compare > function is probably fast enough. that sentence does parse, but i am semantically challenged by it.

Re: bgpd: only run one roa softreconfig process at a time

2022-08-30 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.30 22:54:43 +0200: > Currently if bgpd takes a long time to re-evaluate all prefixes because of > a ROA change a second update can come in before the first is processed. > This is not good. So add a barrier to only run one

make kernel build without INET6 again (pf_lb.c)

2022-08-30 Thread Sebastian Benoit
ok? diff --git sys/net/pf_lb.c sys/net/pf_lb.c index 588115cbff7..905af42e463 100644 --- sys/net/pf_lb.c +++ sys/net/pf_lb.c @@ -519,13 +519,18 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, * fall back to POOL_NONE if there is a single host

Re: bgpd move nexthops to RB tree

2022-08-30 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.30 19:11:15 +0200: > I'm on a mission to remove the hash tables :) > > This one is for struct nexthop. Hopefully it makes nexthop_get a bit > better. ok, but one __func__ below > > -- > :wq Claudio > > Index: rde.c >

delete unused variable in ix(4) rx checksum calc

2022-08-30 Thread Sebastian Benoit
ptype is never used. ok? diff --git sys/dev/pci/if_ix.c sys/dev/pci/if_ix.c index cb233034d23..72a221b97d9 100644 --- sys/dev/pci/if_ix.c +++ sys/dev/pci/if_ix.c @@ -148,7 +148,7 @@ voidixgbe_enable_intr(struct ix_softc *); void ixgbe_disable_intr(struct ix_softc *); int

Re: Is rdomain correct for rtable in man ifconfig?

2022-07-14 Thread Sebastian Benoit
The manpage is correct here. Routing tables (rtable) and routing domains (rdomain) are intermingled in that a rdomain has at least one rtable (with the same ID). But it can have multiple rtables, see rtable(4). There are 2 settings that can be configured: * the tunnel interfaces' rdomain,

rpki-client 7.9 released

2022-07-14 Thread Sebastian Benoit
and RFC 6811 for a description of how RPKI and BGP Prefix Origin Validation help secure the global Internet routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project

Syspatch retracted (OpenBSD Errata: April 22, 2022 (wifi))

2022-04-23 Thread Sebastian Benoit
Syspatch syspatch71-001_wifi has been retracted. A mistake was made in generating the syspatch(8) binary update syspatch71-001_wifi for this errata. This causes problems installing future binary updates and reverting the syspatch. Because of this, the syspatch has been retracted until the issue

Re: rpki-client: TZ=UTC + localtime -> gmtime?

2022-04-21 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.04.20 15:12:57 +0200: > On Wed, Apr 20, 2022 at 03:00:15PM +0200, Theo Buehler wrote: > > Found this when looking at the timezone issue a couple of weeks back and > > then forgot about it: > > > > This setenv() + localtime() looks like a hack to me

rpki-client 7.8 has just been released

2022-04-09 Thread Sebastian Benoit
Origin Validation help secure the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous

rpki-client 7.7 has just been released

2022-04-07 Thread Sebastian Benoit
Origin Validation help secure the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous

rpki-client 7.6 released

2022-02-07 Thread Sebastian Benoit
routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: - Enforce the correct namespace of rrdp

Re: rpki-client repo layout change

2022-01-26 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.26 11:54:41 +0100: > On Wed, Jan 26, 2022 at 11:43:25AM +0100, Theo Buehler wrote: > > On Wed, Jan 26, 2022 at 10:06:37AM +0100, Claudio Jeker wrote: > > > This diff removes the valid/ subdir in favor of a more direct directory > > > layout for

Re: application.c be more paranoid for misbehaving backends

2022-01-21 Thread Sebastian Benoit
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2022.01.20 22:53:06 +0100: > There's a missing NULL check in appl_response(). This should only happenwhen > a backend is misbehaving, so I only managed to find this because > I'm actively bashing it right now. This should make us a little more

Re: rpki-client pass real filename from parser back to parent

2022-01-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 16:15:56 +0100: > This is another diff on the way to having a validated repo. > Pass the filename of the entity which was parsed back to the parent. > With this we can move the filepath_add() call from entity_write_req() > to entity_process().

Re: unbreak rpki-client -n mode

2022-01-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 16:05:57 +0100: > Currently running rpki-client -n with an up to date repo results in the > loss of around 25% of ROAs. The reason is that most of apnic fails since > they decided it is a glorious idea to put two rsync repos into one rrdp >

Re: fix some -Wunused-but-set-variable warnings in vmd

2022-01-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 14:12:02 +0100: > On Tue, Jan 04, 2022 at 10:58:41AM +0100, Claudio Jeker wrote: > > This are obvious and easy to fix unused but set variables. > > There are more in vioscsi.c but those are actually used if compiled with > > DEBUG set. > > The

Re: simplify rpki-client entity marshal

2021-12-28 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.12.28 16:57:48 +0100: > This re-shuffles struct entity a bit and removes the unneeded has_data > indicator. Both data and datasz are not null when data is present and null > when there is no data. With this in mind the code becomes simpler. > ok

Re: rpki-client: use single function to build basedir

2021-12-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.12.03 16:45:48 +0100: > Currently ta, rrdp and rsync repositories use different functions to build > their base path. This diff changes this so that all can use the same > function. > > This is a first step to introduce a common validated

Re: rpki-client: make maximum number of publication points to sync operator configurable

2021-11-25 Thread Sebastian Benoit
Job Snijders(j...@openbsd.org) on 2021.11.25 16:13:51 +: > It might be advantageous to permit operators to optionally specify the > maximum number of publication points with which rpki-client will > synchronize. > > For example: "doas rpki-client -m 1 -t /etc/rpki/ripe.tal" has as effect >

Re: rpki-client rrdp regress test

2021-11-25 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.25 12:30:31 +0100: > This add an RRDP regress test that checks basic operation. > It checks some valid notification, snapshot and delta XML. > There are also two XML attacks included (billion laughs and XXE). > More bad XML files should be added.

Re: snmpd: tweak listen on

2021-11-14 Thread Sebastian Benoit
If there is no obvious reason (i.e. be different because you need it for a specific feature) why not to use the same host*() function as other parse.y? it would be better to stay in sync with otehrr daemons. That way if there is an issue in one daemon, we can fix it in all of them. Or, to turn

Re: give sppp(4) its own RTM_PROPOSAL priority

2021-11-10 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.11.10 09:46:32 -0700: > Sebastien Marie wrote: > > > I just wonder about the system behaviour after building a new kernel > > and rebooting to build userland: RTP_PROPOSAL_SOLICIT is changed and > > kernel/userland will mismatch. > > > > But UMB

rpki-client 7.5 has just been released

2021-11-09 Thread Sebastian Benoit
routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Make rpki-client more resilient regarding

OpenBSD Errata: November 9, 2021 (rpki-client)

2021-11-09 Thread Sebastian Benoit
An errata patch for rpki-client has been released for OpenBSD 6.9 and OpenBSD 7.0. rpki-client(8) should handle CA misbehaviours as soft-errors. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

Re: [patch] httpd static gzip compression

2021-11-05 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.11.05 08:24:21 -0600: > prx wrote: > > > I think this remark should be placed into perspective. > > > > When a file is requested, its gzipped version is send if : > > * The client ask for it with appropriate header. > > * The server admin configured

Re: rpki-client show attr name in rrdp parse errors

2021-11-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.05 15:26:57 +0100: > On Wed, Nov 03, 2021 at 12:58:17PM +0100, Claudio Jeker wrote: > > In one place this is already done but this makes sure we show the bad > > attribute in all cases where a non conforming attribute is found. > > Found another

Re: [patch] httpd static gzip compression

2021-11-05 Thread Sebastian Benoit
Ingo Schwarze(schwa...@usta.de) on 2021.11.05 14:37:15 +0100: > Hi Theo, > > Theo de Raadt wrote on Thu, Nov 04, 2021 at 08:27:47AM -0600: > > prx wrote: > >> On 2021/11/04 14:21, prx wrote: > > >>> The attached patch add support for static gzip compression. > >>> > >>> In other words, if a

Re: speedup io marshal in rpki-client

2021-11-05 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.05 09:18:15 +0100: > Noticed the other day. The ip addr arrays and as number array are > marshalled element by element which is not very efficent. > All the data is in one big blob of memory so just use the basic io > operations for a memory blob

Re: rpki-client X509_free XXX fix

2021-11-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.04 18:31:54 +0100: > There is this bit in parser.c > X509_free(x509); // needed? XXX > > As tb@ properly noted this X509_free() is needed because the cert_parse() > returns an up referenced x509 pointer back. > > I moved the X509_free() so

Re: rpki-client better exit behaviour when something goes wrong

2021-11-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.04 18:43:10 +0100: > On Thu, Nov 04, 2021 at 11:27:46AM -0600, Theo de Raadt wrote: > > Claudio Jeker wrote: > > > > > This diff replaces the errx() call in the poll fd check with warnings plus > > > an exit of the main event loop. It also

Re: [patch] httpd static gzip compression

2021-11-04 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.11.04 08:53:13 -0600: > Stuart Henderson wrote: > > > In some ways it would be better if it *did* compress on the fly, as then > > you don't have so much to consider with the effect on block/match rules, > > whether a request is passed to a fastcgi

Re: ospfd/ospf6d, interfaces in log messages

2021-11-03 Thread Sebastian Benoit
Remi Locherer(remi.loche...@relo.ch) on 2021.11.03 22:23:44 +0100: > On Tue, Nov 02, 2021 at 05:27:11PM +, Stuart Henderson wrote: > > I've recently started seeing a number of flaps with ospfd/ospf6d > > with invalid seq nums / "seq num mismatch, bad flags" logged. > > Not quite sure what's

OpenBSD Errata: October 31, 2021 (uipc)

2021-10-30 Thread Sebastian Benoit
An errata patch for the kernel has been released for OpenBSD 6.9 and OpenBSD 7.0. The kernel could leak memory when closing unix sockets. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

rpki-client-7.4 released

2021-10-30 Thread Sebastian Benoit
routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Added support for validating BGPsec Router

OpenBSD Errata: October 31, 2021 (bpf)

2021-10-30 Thread Sebastian Benoit
An errata patch for the kernel has been released for OpenBSD 6.9 and OpenBSD 7.0. Opening /dev/bpf too quickly too often could lead to a kernel crash. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

OpenBSD Errata: October 31, 2021 (nsd)

2021-10-30 Thread Sebastian Benoit
An errata patch for nsd(8) has been released for OpenBSD 7.0. In certain configurations, nsd can be crashed remotely. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

Re: demystify vport(4) in vport(4) and ifconfig(8)

2021-10-28 Thread Sebastian Benoit
David Gwynne(da...@gwynne.id.au) on 2021.10.29 07:02:14 +1000: > On Thu, Oct 28, 2021 at 03:43:11PM +0100, Jason McIntyre wrote: > > On Thu, Oct 28, 2021 at 04:53:39PM +1000, David Gwynne wrote: > > > > > > > > > > On 28 Oct 2021, at 15:35, Jason McIntyre wrote: > > > > > > > > On Thu, Oct 28,

Re: openrsync add --max-size and --min-size support

2021-10-28 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.28 17:36:27 +0200: > This diff should implement --max-size and --min-size almost equivalent to > GNU rsync. I decided to use scan_scaled() instead of building something > new that handles all the extra bits GNU rsync has. > The remote rsync

Re: demystify vport(4) in vport(4) and ifconfigt(8)

2021-10-26 Thread Sebastian Benoit
Solene Rapenne(sol...@perso.pw) on 2021.10.26 21:18:30 +0200: > I tried to figure out how to use veb interfaces but the man page > wasn't obvious in regards to the "vport" thing. It turns out it's > a kind of interface that can be created with ifconfig. > > I think we should make this clearer. >

Re: route.8: nameserver command is not resolvd(8) specific

2021-10-26 Thread Sebastian Benoit
Klemens Nanni(k...@openbsd.org) on 2021.10.26 15:30:17 +: > On Tue, Oct 26, 2021 at 04:06:20PM +0100, Jason McIntyre wrote: > > On Tue, Oct 26, 2021 at 08:57:40AM -0600, Theo de Raadt wrote: > > > Jason McIntyre wrote: > > > > > > > On Tue, Oct 26, 2021 at 12:21:52PM +, Klemens Nanni

Re: snmpd(8): Log correct engineid

2021-10-25 Thread Sebastian Benoit
ok Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.10.21 08:45:51 +0100: > ping > > On Sun, 2021-09-26 at 10:22 +0200, Martijn van Duren wrote: > > ober_get_nstring writes a pointer to buf and does not overwrite the > > content of buf itself. So pushing an array in there will result

Re: relayd patch for websocket upgrade

2021-10-23 Thread Sebastian Benoit
commited, Thanks for reporting and this and the patches, and sorry for the delay. /Benno Sebastian Benoit(be...@openbsd.org) on 2021.10.23 22:22:10 +0200: > Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700: > > On Sun, May 02, 2021 at 11:05:16AM -0700,

Re: relayd patch for websocket upgrade

2021-10-23 Thread Sebastian Benoit
Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700: > On Sun, May 02, 2021 at 11:05:16AM -0700, Jonathon Fletcher wrote: > > On Sun, Mar 07, 2021 at 06:22:04PM -0800, Jonathon Fletcher wrote: > > > On Sun, Mar 07, 2021 at 06:46:33PM +0100, Marcus MERIGHI wrote: > > > >

Re: fix IO handling in rpki-client

2021-10-23 Thread Sebastian Benoit
ok benno@ Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.23 14:20:19 +0200: > This diff changes the io read functions to work on ibufs. > With this the poll loops will consume data with io_buf_read() until a full > message is received and then that message is processed. Thanks to this > the

httpd request body too large in log

2021-10-23 Thread Sebastian Benoit
differentiate the third 413 from the other two in httpd. ok? diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c index 153829f4201..bf3fae05414 100644 --- usr.sbin/httpd/server_http.c +++ usr.sbin/httpd/server_http.c @@ -1406,7 +1406,7 @@ server_response(struct httpd *httpd,

Re: [Possible patch] httpd and HEAD requests to CGI scripts

2021-10-23 Thread Sebastian Benoit
Ross L Richardson(open...@rlr.id.au) on 2021.10.09 21:40:50 +1100: > This relates to the earlier messages I sent to bugs@ in: > https://marc.info/?t=16330937691=1=2 > > RFC 7231 [HTTP/1.1] section 4.3.2. "HEAD" states: > The HEAD method is identical to GET except that the server

Re: ixl(4): add checksum receive offloading

2021-10-22 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2021.10.22 12:55:20 +0100: > On 2021/10/22 11:25, Jan Klemkow wrote: > > this diff add hardware checksum offloading for the receive path of > > ixl(4) interfaces. > > Would be good to have this tested with NFS if anyone has a way to do so. > nics are

Re: isakmpd: prepare for opaque X509_EXTENSION

2021-10-21 Thread Sebastian Benoit
see the "if (csc == NULL)" error case below. otherwise ok Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:45:43 +0200: > On Thu, Oct 21, 2021 at 01:05:18PM +0200, Theo Buehler wrote: > > This is the first of two diffs to prepare isakmpd for upcoming libcrypto > > changes. X509_EXTENSION

Re: isakmpd: prepare for opaque X509_EXTENSION

2021-10-21 Thread Sebastian Benoit
Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:05:18 +0200: > This is the first of two diffs to prepare isakmpd for upcoming libcrypto > changes. X509_EXTENSION will become opaque so we need to use an accessor. > I decided to leave accesses into ASN1_OCTET_STRING as they are for >

Re: acme-client: don't reach into X509

2021-10-13 Thread Sebastian Benoit
Theo Buehler(t...@theobuehler.org) on 2021.10.13 13:55:14 +0200: > In an upcoming libcrypto bump, we will make a few structs in libcrypto > opaque. This needs a small change in acme-client. Fetch the extension > stack using X509_get0_extensions() and iterate using the stack API. > Note that

Re: Variable type fix in parse.y (all of them)

2021-10-12 Thread Sebastian Benoit
Christian Weisgerber(na...@mips.inka.de) on 2021.10.12 12:49:24 +0200: > Christian Weisgerber: > > > Here's another attempt, incorporating millert's feedback and adding > > a few more casts: > > Any interest in this or not worth the churn and I should drop it? i think it should go in. ok

Re: Relayd daily crash ca_dispatch_relay invalid

2021-10-02 Thread Sebastian Benoit
abyx...@mnetic.ch(abyx...@mnetic.ch) on 2021.10.01 09:56:32 -0400: > On Fri, Oct 1, 2021, at 09:44, Stuart Henderson wrote: > > On 2021/10/01 14:43, Stuart Henderson wrote: > >> On 2021/10/01 09:29, abyx...@mnetic.ch wrote: > >> > I'm getting a daily crash (call to fatalx). No clue what triggers

OpenBSD Errata: September 30, 2021 (libressl)

2021-09-30 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. Compensate for the expiry of the DST Root X3 certificate. The use of an unnecessary expired certificate in certificate chains can cause validation errors. Binary updates for the amd64, i386 and arm64 platform are

OpenBSD Errata: September 27, 2021 (libressl)

2021-09-26 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. A stack overread could occur when checking X.509 name constraints. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

OpenBSD Errata: September 27, 2021 (sshd)

2021-09-26 Thread Sebastian Benoit
An errata patch for sshd(8) has been released for OpenBSD 6.8 and OpenBSD 6.9. sshd(8) from OpenSSH 6.2 (OpenBSD 5.3) through 8.7 (OpenBSD 6.9) failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a

rpki-client-7.3 released

2021-09-23 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Improve the HTTP client code

Re: less: tighten pledge in secure mode

2021-09-22 Thread Sebastian Benoit
Tobias Stoeckmann(tob...@stoeckmann.org) on 2021.09.21 22:23:55 +0200: > Hi, > > upstream (greenwood) less has disabled history file support for secure > mode, i.e. LESSSECURE=1: https://github.com/gwsw/less/pull/201 > > The problem was about permanent marks for which we do not have support >

Re: pf.conf(5) & reply-to

2021-09-21 Thread Sebastian Benoit
Alexander Bluhm(alexander.bl...@gmx.net) on 2021.09.21 22:34:09 +0200: > On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote: > > did i screwup something somewhere in my config and there's a better way > > for that ? > > This was changed in February. No more interface, but gateway >

Re: rpki-client add back keep-alive to http requests

2021-09-12 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.09.10 12:09:47 +0200: > On Thu, Sep 09, 2021 at 09:18:04AM -0600, Bob Beck wrote: > > > > ok beck@ > > > > On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote: > > > While Connection: keep-alive should be the default it seems that

Re: iked(8): make proto option accept lists

2021-09-04 Thread Sebastian Benoit
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.04 12:39:26 +0200: > Here's an updated diff including the man page bits. I don't want to bikeshed the manpage. The code is ok benno@ :) > Looking at pf.conf(5) > and ipsec.conf(5), there does not really seem to be a standard way to document >

Re: iked(8): make proto option accept lists

2021-09-03 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.09.03 11:32:42 +0200: > On 2021-09-03 10:38 +02, Claudio Jeker wrote: > > On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote: > >> Tobias Heider(tobias.hei...@stusta.de) on 2021.09

Re: iked(8): make proto option accept lists

2021-09-03 Thread Sebastian Benoit
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200: > The diff below makes iked accept a list of protocols for the "proto" config > option in iked.conf(5). > This would allow us to have a single policy with "proto { ipencap, ipv6 }" > to secure a gif(4) tunnel, instead of

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Sebastian Benoit(be...@openbsd.org) on 2021.09.02 21:41:15 +0200: > Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200: > > On 2021-09-02 12:26 +02, Sebastian Benoit wrote: > > > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > > >> Ping.

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200: > On 2021-09-02 12:26 +02, Sebastian Benoit wrote: > > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > >> Ping. > >> > >> On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote

Re: Removal of old users and groups in the upgrade notes

2021-09-02 Thread Sebastian Benoit
Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100: > Ping. > > On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote: > > Ping. > > > > On Sun, May 09, 2021 at 01:07:15PM BST, Raf Czlonka wrote: > > > Hello, > > > > > > This is both a general question and specific example of

Re: timeout: Prettify man page and usage

2021-09-02 Thread Sebastian Benoit
ok Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.09.02 11:05:24 +0200: > On Thu, 2021-09-02 at 08:56 +, Job Snijders wrote: > > On Thu, Sep 02, 2021 at 07:23:26AM +0100, Jason McIntyre wrote: > > > > .Ar time > > > > -can be integer or decimal numbers. > > > > +are positive

Re: rpki-client exclude files from rsync fetch

2021-08-31 Thread Sebastian Benoit
Theo de Raadt(dera...@openbsd.org) on 2021.08.31 11:09:22 -0600: > I don't understand -- why would people edit this file? > > If this list is in argv, it will be difficult to identify targets using > ps, because the hostname is way at the end. Yes. If we worry about people touching it,

Re: relayd(8): agentx allow re-enabling

2021-08-30 Thread Sebastian Benoit
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.08.30 12:50:23 +0200: > Via "relayctl reload" agentx can be enabled, disabled, but if it's > enabled->disabled->enabled the final enable won't work because we > never reset the sa. > > Also add an extra guard so that we don't accidentally

Re: wg(4) ipv6 ospf6d

2021-08-25 Thread Sebastian Benoit
Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200: > On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote: > > On 2021-08-25 18:02 +01, Stuart Henderson wrote: > > > Trying to announce a network on a wg(4) interface via ospf6d, just > > > using passive to pick up the prefix,

Re: acme-client(1): Fix misleading comment

2021-08-24 Thread Sebastian Benoit
commited, thanks Emil Engler(m...@emilengler.com) on 2021.08.24 08:52:57 +0200: > While auditing acme-client(1) I have noticed that the source code still > makes references to curl. > > Apparently acme-client(1) used curl for HTTP transfers up until this > commit: >

Re: handle RTM_IFANNOUNCE in dhcpleased & slaacd

2021-08-24 Thread Sebastian Benoit
Florian Obser(flor...@openbsd.org) on 2021.08.23 20:30:07 +0200: > So I was playing with a usb network adapter and noticed that dhcpleased > and slaacd would hold on to them when I unplugged them. don't do that :P > They would be listed as "unknown" because we can't find the if_name for > the

OpenBSD Errata: August 20, 2021 (libressl)

2021-08-20 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. Printing a certificate can result in a crash in X509_CERT_AUX_print(). Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective

Re: cal(1): Clean up mutually exclusive options

2021-08-16 Thread Sebastian Benoit
Jason McIntyre(j...@kerhand.co.uk) on 2021.08.16 12:02:13 +0100: > when i wrote my mail, i failed to understand that "overrides earlier" > was really just another way of saying "mutually exclusive". i don;t find > it as clear, and i don;t hugely like it, but i guess it's just my > preference. Not

OpenBSD Errata: August 11, 2021 (perl)

2021-08-10 Thread Sebastian Benoit
An errata patch for perl has been released for OpenBSD 6.9. perl(1) Encode (3p) loads a module from an incorrect relative path. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

OpenBSD Errata: August 11, 2021 (kernel)

2021-08-10 Thread Sebastian Benoit
An errata patch for the kernel has been released for OpenBSD 6.8 and OpenBSD 6.9. In a specific configuration, wg(4) leaked mbufs. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:

Re: bgpd add add-path receive support

2021-08-06 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:55:45 +0200: > On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote: > > This diff implements the bit to support the receive side of > > RFC7911 - Advertisement of Multiple Paths in BGP. > > > > I did some basic tests and it works

OpenBSD Errata: August 4, 2021 (kernel, sparc64)

2021-08-04 Thread Sebastian Benoit
An errata patch for the kernel on the sparc64 architecture has been released for OpenBSD 6.8 and OpenBSD 6.9. On sparc64, a missaligned address could trigger a kernel assert and panic the kernel. Source code patches can be found on the respective errata pages:

Re: rpki-client support more http status codes

2021-08-04 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:45:14 +0200: > On Wed, Aug 04, 2021 at 10:53:39AM +0200, Claudio Jeker wrote: > > This adds a few more HTTP Status codes to the mix of the accepted ones. > > Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx > > and

Re: Rationale behind exec clearing out unveil paths

2021-08-03 Thread Sebastian Benoit
dz...@disroot.org(dz...@disroot.org) on 2021.06.15 14:12:22 +: > > Seems to be working as intended. You are letting someone run all binaries. > And I am not letting someone write to the filesystem. Yet, they can > bypass that easily. `unveil("/", "rx")` gives a false illusion of > security,

rpki-client 7.2 released

2021-07-28 Thread Sebastian Benoit
the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Use RRDP as default protocol

tpmr manpage add veb reference

2021-07-27 Thread Sebastian Benoit
tpmr(4) connects only two ethernet ports with not much functionality, so the manpage is helpful by telling us bridge(4) as a more complete alternative. We now also have veb(4), so mention that as well. ok? diff --git share/man/man4/tpmr.4 share/man/man4/tpmr.4 index ab9eba4cee3..de0b200d429

Re: bgpd refactor struct prefix

2021-07-26 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.07.14 09:33:19 +0200: > On Tue, Jun 29, 2021 at 12:00:24PM +0200, Claudio Jeker wrote: > > This diff moves the rib_entry pointer re into the union to safe some > > space. For add-path I need to add a few more u_int32_t and that would > > blow the

Re: bgpctl add support for RFC8050 (add-path support for MRT parser)

2021-07-26 Thread Sebastian Benoit
ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.07.13 15:37:36 +0200: > This diff adds support to read MRT files using the new introduced _ADDPATH > types as defined in RFC8050. I also started adding MRT support to bgpd but > that depends on ADD-PATH itself. > > There are a few gotchas,

OpenBSD Errata: July 25, 2021 (libc, mips64)

2021-07-26 Thread Sebastian Benoit
An errata patch for the libc library on the mips64 architecture has been released for OpenBSD 6.8 and OpenBSD 6.9. On mips64, the strchr/index/strrchr/rindex functions in libc handled signed characters incorrectly. Source code patches can be found on the respective errata pages:

OpenBSD Errata: July 25, 2021 (relayd)

2021-07-25 Thread Sebastian Benoit
An errata patch for the relayd application layer gateway daemon has been released for OpenBSD 6.9. relayd(8), when using the the http protocol strip filter directive or http protocol macro expansion, processes format strings. Binary updates for the amd64, i386, and arm64 platform are available

  1   2   3   4   5   6   7   8   >