Re: Please test: UVM fault unlocking (aka vmobjlock)

2021-11-30 Thread Stuart Henderson
On 2021/11/29 22:50, Martin Pieuchot wrote: > On 24/11/21(Wed) 11:16, Martin Pieuchot wrote: > > Diff below unlock the bottom part of the UVM fault handler. I'm > > interested in squashing the remaining bugs. Please test with your usual > > setup & report back. > > Thanks to all the testers,

Re: iwm/iwx: try to make roaming more reliable

2021-11-29 Thread Stuart Henderson
On 2021/11/27 12:44, Stefan Sperling wrote: > The current implementation suffers from race conditions which can > leave the interface in a state where it gets "stuck". I have seen > this happen on iwm(4) 9560 in particular, while testing the driver > with new firmware images recently published by

disabling a cpu socket

2021-11-27 Thread Stuart Henderson
I have some amd64 machines which are doing 600+ gettimeofday/second at quiet times and way more when they're busy and I'd quite like to get them onto userland tsc, however they're dual socket and the skew between cores on the different sockets is too great. There's no way to disable a socket in

Re: Pass -U to pgrep and pkill in rc.subr(8)

2021-11-25 Thread Stuart Henderson
Yes that will break a lot of existing scripts, also it is probably not needed - rc.subr uses the process name *and arguments*, if you're using default top options you'll only see the name, use top -C or ps to check as there is probably more that you can match on. -- Sent from a phone,

Re: vport: set UP on ip assign

2021-11-24 Thread Stuart Henderson
How about a flag that can be passed via ifconfig to disable the implicit up? Then netstart could use it to enaure that an interface is only brought up after it has finished configuration (which *is* a problem for pppoe and carp at least) and it suits people's finger memory for ifconfig? Of course

Re: snmpd: tweak listen on

2021-11-20 Thread Stuart Henderson
parse.y files anyway. > > martijn@ > > > > Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.11.14 00:23:59 > > +0100: > > > On Sat, 2021-11-13 at 13:23 +, Stuart Henderson wrote: > > > > On 2021/08/09 20:55, Martijn van Dur

Re: IPsec tdb ddb print

2021-11-18 Thread Stuart Henderson
On 2021/11/18 09:15, Claudio Jeker wrote: > On Thu, Nov 18, 2021 at 08:10:26AM +0000, Stuart Henderson wrote: > > On 2021/11/15 17:23, Alexander Bluhm wrote: > > > + DUMP(ids, "%p"); > > > + DUMP(ids_swapped, "%d"); > > > +

Re: IPsec tdb ddb print

2021-11-18 Thread Stuart Henderson
On 2021/11/15 17:23, Alexander Bluhm wrote: > + DUMP(ids, "%p"); > + DUMP(ids_swapped, "%d"); > + DUMP(mtu, "%d"); > + DUMP(mtutimeout, "%lld"); > + pr("%18s: %08x\n", "udpencap_port", > + ntohl(tdb->tdb_udpencap_port));

Re: vport: set UP on ip assign

2021-11-15 Thread Stuart Henderson
On 2021/11/15 12:27, Klemens Nanni wrote: > On Sun, Nov 14, 2021 at 07:04:42PM -0700, Theo de Raadt wrote: > > I think physical interfaces should come up when something is configured > > on them, but virtual interfaces shouldn't -- mostly because the order of > > configuration is often muddled. >

Re: [PATCH] [www] faq/current.html - docoment recent changes in Xenocara [Was: Re: X server updated to version 21.1.1]

2021-11-15 Thread Stuart Henderson
On 2021/11/15 12:16, Raf Czlonka wrote: > On Mon, Nov 15, 2021 at 11:38:20AM GMT, Zé Loff wrote: > > > > On Mon, Nov 15, 2021 at 11:01:39AM +, Stuart Henderson wrote: > > > Remove the symlink named something like 70-bitmap-only from > > > /etc/fon

Re: X server updated to version 21.1.1

2021-11-15 Thread Stuart Henderson
Remove the symlink named something like 70-bitmap-only from /etc/fonts/conf.d -- Sent from a phone, apologies for poor formatting. On 15 November 2021 09:05:46 Zé Loff wrote: On Fri, Nov 12, 2021 at 07:18:52PM +0100, Matthieu Herrb wrote: Hi, I've updated the X server in Xenocara to

Re: IPsec tdb ref counting

2021-11-14 Thread Stuart Henderson
On 2021/11/14 03:12, Vitaliy Makkoveev wrote: > Hi, > > Do you have panics with this diff? Running now, I don't hit the splassert traces with this one. I will let you know if there is a panic. > Index: sys/net/if_bridge.c > === >

Re: snmpd(8): New application layer - step towards agentx support

2021-11-14 Thread Stuart Henderson
On 2021/11/14 11:49, Martijn van Duren wrote: > sthen@ found an issue when using this diff with netsnmp tools. > > The problem was that I put the requestID in the msgID, resulting > in a mismatch upon receiving the reply. The reason that snmp(1) > works is because msgID and requestID are the

Re: IPsec tdb ref counting

2021-11-13 Thread Stuart Henderson
On 2021/11/13 23:05, Stuart Henderson wrote: > On 2021/11/13 22:41, Stuart Henderson wrote: > > On 2021/11/13 21:49, Stuart Henderson wrote: > > > On 2021/11/13 18:04, Alexander Bluhm wrote: > > > > Hi, > > > > > > > > To make IPsec MP safe we

Re: IPsec tdb ref counting

2021-11-13 Thread Stuart Henderson
On 2021/11/13 22:41, Stuart Henderson wrote: > On 2021/11/13 21:49, Stuart Henderson wrote: > > On 2021/11/13 18:04, Alexander Bluhm wrote: > > > Hi, > > > > > > To make IPsec MP safe we need refcounting for the tdb. The diff > > > below is part of

Re: IPsec tdb ref counting

2021-11-13 Thread Stuart Henderson
On 2021/11/13 21:49, Stuart Henderson wrote: > On 2021/11/13 18:04, Alexander Bluhm wrote: > > Hi, > > > > To make IPsec MP safe we need refcounting for the tdb. The diff > > below is part of something bigger we have at genua. Although it > > does not cover t

Re: IPsec tdb ref counting

2021-11-13 Thread Stuart Henderson
On 2021/11/13 18:04, Alexander Bluhm wrote: > Hi, > > To make IPsec MP safe we need refcounting for the tdb. The diff > below is part of something bigger we have at genua. Although it > does not cover timeouts and the tdb reaper yet, I want to get this > in as a frist step. > > It passes

Re: snmpd: tweak listen on

2021-11-13 Thread Stuart Henderson
On 2021/08/09 20:55, Martijn van Duren wrote: > On Mon, 2021-08-09 at 11:57 +0200, Martijn van Duren wrote: > > > > This diff fixes all of the above: > > - Allow any to be used resolving to 0.0.0.0 and :: > > - Set SO_REUSEADDR on sockets, so we can listen on both any and > >   localhost > > -

Re: [PATCH] [src] share/man/man5/hostname.if.5 - nwid -> join

2021-11-11 Thread Stuart Henderson
On 2021/11/11 16:30, Klemens Nanni wrote: > On Thu, Nov 11, 2021 at 04:11:10PM +, Raf Czlonka wrote: > > Hello, > > > > It seems like this has been missed in recent thread[0]. > > > > Not entirely sure whether the sentence "flows" any longer but here > > it goes anyway. > > > > [0]

Re: add 802.11n 40MHz support to iwn(4)

2021-11-09 Thread Stuart Henderson
On 2021/11/09 20:38, Jan Stary wrote: > On Nov 09 00:36:03, h...@stare.cz wrote: > > As a naive test of speed, I am downloading a 100MB file > > from a http server just behind the AP with > > ftp -o /dev/null http://stare.cz/.tmp/file > > An average of ten runs is 5.31 MB/s without the diff > >

Re: relayd regress tcp performance

2021-11-09 Thread Stuart Henderson
What's the status of this diff? On 2021/09/21 17:30, Alexander Bluhm wrote: > On Sat, Sep 18, 2021 at 02:35:20PM +0200, Jan Klemkow wrote: > > The following diff removes the every 2nd ACK feature again and ensures > > that we send out an ACK if soreceive() empties the receive buffer. > > Looks

Re: smtpd smtp_proceed_wiz function

2021-11-08 Thread Stuart Henderson
On 2021/11/08 14:52, Crystal Kolipe wrote: > src/usr.sbin/smtpd/smtp_session.c contains the following code: > > 1892static void > 1893smtp_proceed_wiz(struct smtp_session *s, const char *args) > 1894{ > 1895smtp_reply(s, "500 %s %s: this feature is

Re: sppp(4)/pppoe(4) - DNS configuration via resolvd(8)

2021-11-08 Thread Stuart Henderson
On 2021/11/08 15:50, Klemens Nanni wrote: > With this diff pppoe(4) sends two nameservers and thus wins, but that is > expected and setups such as mine must either > - disable resolvd > - enable resolvd but also enable unwind > (unwind also learns DNS proposals but always wins in resolv.conf) >

net.inet6.icmp6.nd6_debug and RDNSS

2021-11-07 Thread Stuart Henderson
net.inet6.icmp6.nd6_debug is fairly noisy if you advertise nameservers, OK to silence those warnings? Nov 7 00:45:34 bamboo /bsd: nd6_options: unsupported option 25 - option ignored Nov 7 04:26:22 bamboo /bsd: nd6_options: unsupported option 25 - option ignored Nov 7 04:26:26 bamboo /bsd:

Re: ftp: Print actually requested URLs

2021-11-06 Thread Stuart Henderson
On 2021/11/06 17:29, Klemens Nanni wrote: > Encoding URL paths changes the requested URL and therefore may yield > different responses (opposed to an unencoded URL), solely depending on > how the server implements de/encoding. Makes sense as this matches what various other tools that fetch URLs

Re: [patch] httpd static gzip compression

2021-11-04 Thread Stuart Henderson
On 2021/11/04 08:27, Theo de Raadt wrote: > prx wrote: > > > * Stuart Henderson le [04-11-2021 14:09:39 +]: > > > On 2021/11/04 14:21, prx wrote: > > > > Hello, > > > > The attached patch add support for static gzip compression. > > &g

Re: [patch] httpd static gzip compression

2021-11-04 Thread Stuart Henderson
On 2021/11/04 14:21, prx wrote: > Hello, > The attached patch add support for static gzip compression. > > In other words, if a client support gzip compression, when "file" is > requested, httpd will check if "file.gz" is avaiable to serve. > > Regards. > > prx btw this was rejected before,

Re: New hw.perfpolicy behavior

2021-11-03 Thread Stuart Henderson
On 2021/11/03 05:47, Crystal Kolipe wrote: > > Your OptiPlex 9020 is probably a modern i5/i7, which probably contains > > C states similar to this: > > > > acpicpu0 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS > > > > Which means when the idle loop calls the "mwait" instruction,

Re: New hw.perfpolicy behavior

2021-11-03 Thread Stuart Henderson
On 2021/11/03 16:46, Damien Miller wrote: > On Tue, 2 Nov 2021, Theo de Raadt wrote: > > > Paul de Weerd wrote: > > > > > A recent commit by Theo changed the hw.perfpolicy behavior to always > > > run at full speed when AC power is on. This means that my workstation > > > (and servers, once I

Re: ifconfig: zap dead code

2021-11-03 Thread Stuart Henderson
On 2021/11/02 23:47, Klemens Nanni wrote: > No idea what it was supposed to do back then; cvs blame points at ha, that's Jason's username for various places it's obviously not needed, but it's tempting to keep it for historical interest! > OK? > > Index: ifconfig.c >

ospfd/ospf6d, interfaces in log messages

2021-11-02 Thread Stuart Henderson
I've recently started seeing a number of flaps with ospfd/ospf6d with invalid seq nums / "seq num mismatch, bad flags" logged. Not quite sure what's going yet as they must be occurring on various local switched segments on one nic and also on ethernet wan circuits direct to router on a separate

Re: uniq(1): support arbitrarily long lines

2021-11-01 Thread Stuart Henderson
On 2021/11/01 10:36, Scott Cheloha wrote: > How did you generate this input? Is it just ten million lines with a > single 'z' character? `jot -bz 1000`? That one was lots of copies of ports/infrastructure/bsd.port.mk catted together. > Updated patch. > > I screwed up. We don't need to

Re: uniq(1): support arbitrarily long lines

2021-11-01 Thread Stuart Henderson
On 2021/10/31 20:48, Scott Cheloha wrote: > In uniq(1), if we use getline(3) instead of fgets(3) we can support > arbitrarily long lines. It works for me, and getting rid of the length restriction is nice. I don't know how much of a concern it is, but it's about twice as slow: $ wc -l /tmp/z

Re: demystify vport(4) in vport(4) and ifconfig(8)

2021-10-29 Thread Stuart Henderson
On 2021/10/29 14:08, Ingo Schwarze wrote: > Hi Stuart, > > Stuart Henderson wrote on Fri, Oct 29, 2021 at 10:53:41AM +0100: > > On 2021/10/28 23:19, Klemens Nanni wrote: > >> On Fri, Oct 29, 2021 at 12:57:54AM +0200, Ingo Schwarze wrote: > > >>> MAN

Re: demystify vport(4) in vport(4) and ifconfig(8)

2021-10-29 Thread Stuart Henderson
On 2021/10/28 23:19, Klemens Nanni wrote: > On Fri, Oct 29, 2021 at 12:57:54AM +0200, Ingo Schwarze wrote: > > MANPAGER=firefox man -T html $(ifconfig -C) > > This doesn't work if firefox is already running as the MANPAGER firefox > process exits immediately after sending the file/link to the

Re: demystify vport(4) in vport(4) and ifconfig(8)

2021-10-28 Thread Stuart Henderson
On 2021/10/28 13:11, David Gwynne wrote: > On Wed, Oct 27, 2021 at 10:12:35AM +0100, Stuart Henderson wrote: > > On 2021/10/27 17:44, David Gwynne wrote: > > > > > > > benno@ suggested I look at vether(4) to adapt the text related to > > > > bridge(4) b

Re: snmpd(8): don't allocate memory for system mib

2021-10-27 Thread Stuart Henderson
On 2021/10/27 17:14, Martijn van Duren wrote: > Trying to search for memory leaks in my new snmpd code I found some > harmless, but annoying ones in system from SNMPv2-MIB. > > We call uname(3) every time (even if we don't even need info from > that call) and ones set we save it until forever. >

Re: demystify vport(4) in vport(4) and ifconfig(8)

2021-10-27 Thread Stuart Henderson
On 2021/10/27 17:44, David Gwynne wrote: > > > benno@ suggested I look at vether(4) to adapt the text related to > > bridge(4) but I'm not sure how to rewrite it properly for veb(4). > > i get that, but for a different reason. im too close to veb/vport, so i > think it's all very obvious. > >

Re: snmpd trap community problem

2021-10-25 Thread Stuart Henderson
On 2021/10/25 10:09, Martijn van Duren wrote: > Thanks for the detailed analysis. > > diff below should fix it. thanks, OK. I'm sure I tried that but maybe I missed the _ (SNMPV2 vs SNMP_V2).

Re: snmpd trap community problem

2021-10-24 Thread Stuart Henderson
ooops, sorry not trondd, it was jhuldtgren who spotted it! On 2021/10/24 22:26, Stuart Henderson wrote: > trondd noticed a startup problem with snmpd on mips64 but didn't see > them on amd64 and wondered if it was arch-specific, I had a go at > reproducing and see it very often o

snmpd trap community problem

2021-10-24 Thread Stuart Henderson
trondd noticed a startup problem with snmpd on mips64 but didn't see them on amd64 and wondered if it was arch-specific, I had a go at reproducing and see it very often on aarch64 and also sometimes on amd64. Any setting of "trap receiver $ip snmpv2c community $community" triggers the problem: #

Re: installer/wifi drivers: use join by default

2021-10-24 Thread Stuart Henderson
On 2021/10/24 11:57, Klemens Nanni wrote: > On Sun, Oct 24, 2021 at 12:41:11PM +0100, Stuart Henderson wrote: > > On 2021/10/24 11:20, Klemens Nanni wrote: > > > @@ -174,7 +174,7 @@ The following > > > example creates a host-based access point on boot: > &g

Re: installer/wifi drivers: use join by default

2021-10-24 Thread Stuart Henderson
On 2021/10/24 11:20, Klemens Nanni wrote: > @@ -174,7 +174,7 @@ The following > example creates a host-based access point on boot: > .Bd -literal -offset indent > mediaopt hostap > -nwid mynwid nwkey mywepkey > +join mynwid nwkey mywepkey > inet 192.168.1.1 255.255.255.0 that's not right for

Re: [PATCH] Change maximum size of /usr/src to 3G for autoinstall

2021-10-24 Thread Stuart Henderson
On 2021/10/24 13:10, Mikhail wrote: > Hello, current maximum size of /usr/src in large disk autoinstall > configuration is set to 2G, which in insufficient for 'git clone', where > the repo already exceeded this size, I suggest to change it to 3G, since > most users have disks large enough to

Re: new option for rcctl ls

2021-10-22 Thread Stuart Henderson
On 2021/10/22 12:56, Stuart Henderson wrote: > On 2021/10/22 12:20, Antoine Jacoutot wrote: > > On Thu, Oct 21, 2021 at 04:45:47PM +0100, Stuart Henderson wrote: > > > Sometimes I find it useful to list daemons which are set to 'disabled' > > > but are actually running

Re: new option for rcctl ls

2021-10-22 Thread Stuart Henderson
On 2021/10/22 12:20, Antoine Jacoutot wrote: > On Thu, Oct 21, 2021 at 04:45:47PM +0100, Stuart Henderson wrote: > > Sometimes I find it useful to list daemons which are set to 'disabled' > > but are actually running. Either those where I have started them by hand > >

Re: ixl(4): add checksum receive offloading

2021-10-22 Thread Stuart Henderson
On 2021/10/22 11:25, Jan Klemkow wrote: > this diff add hardware checksum offloading for the receive path of > ixl(4) interfaces. Would be good to have this tested with NFS if anyone has a way to do so. nics are probably better now but I'm pretty sure we have had problems with NFS and offloading

Re: retire hifn safe ubsec

2021-10-21 Thread Stuart Henderson
On 2021/10/21 10:02, Theo de Raadt wrote: > Stuart Henderson wrote: > > > On 2021/10/21 16:30, Alexander Bluhm wrote: > > > Hi, > > > > > > Goal is to retire the async crypto API. It is slow and adds > > > complexity which hinders MP progress in

Re: retire hifn safe ubsec

2021-10-21 Thread Stuart Henderson
On 2021/10/21 16:30, Alexander Bluhm wrote: > Hi, > > Goal is to retire the async crypto API. It is slow and adds > complexity which hinders MP progress in IPsec. It is used by the > old PCI devices hifn(4), safe(4), and ubsec(4). > > These devices are not common anymore. Using the CPU for

new option for rcctl ls

2021-10-21 Thread Stuart Henderson
Sometimes I find it useful to list daemons which are set to 'disabled' but are actually running. Either those where I have started them by hand forgotten to enable in rc.conf.local, or to check for services which shouldn't be running but which are anyway. Any comments on this diff to add it to

Re: snmpd: s/SNMP_C_GETRESP/SNMP_C_RESPONSE

2021-10-21 Thread Stuart Henderson
On 2021/10/21 15:08, Martijn van Duren wrote: > This one has been bothering me for a while. > > OK? > > martijn@ > > Index: smi.c > === > RCS file: /cvs/src/usr.sbin/snmpd/smi.c,v > retrieving revision 1.28 > diff -u -p -r1.28

Re: Increase of kern.seminfo.semmns sysctl

2021-10-17 Thread Stuart Henderson
On 2021/10/17 15:31, Mikhail wrote: > Hello, current git of postgresql requires more semaphores than OpenBSD > currently suggests as a default, I propose to rise the limit to 100. > FreeBSD has 340, as a comparison. > > Another solution may be to add the note to README of postgresql's port > to

pax mtime

2021-10-15 Thread Stuart Henderson
This is just a quick hack for now, but we need something like it in order to correctly extract some newer tars with correct timestamps, in particular python-generated ones like https://pypi.io/packages/source/w/wheel/wheel-0.36.2.tar.gz Index: tar.c

Re: syslogd: allow setting TLS protocols

2021-10-11 Thread Stuart Henderson
On 2021/10/11 15:50, Alexander Bluhm wrote: > On Sat, Oct 09, 2021 at 09:36:01PM +0100, Stuart Henderson wrote: > > This allows setting which TLS versions are usable by syslogd. Some > > environments require that TLSv1.0 is disabled. Manual wording stolen from > > ftp

Re: head(1): fully support the legacy -count syntax

2021-10-10 Thread Stuart Henderson
On 2021/10/10 14:26, Scott Cheloha wrote: > On Sun, Oct 10, 2021 at 12:31:22PM -0600, Theo de Raadt wrote: > > Bryan Steele wrote: > > > > > On Sun, Oct 10, 2021 at 12:18:55PM -0500, Scott Cheloha wrote: > > > > On Sun, Oct 10, 2021 at 10:51:29AM -0600, Theo de Raadt wrote: > > > > > did anyone

syslogd: allow setting TLS protocols

2021-10-09 Thread Stuart Henderson
This allows setting which TLS versions are usable by syslogd. Some environments require that TLSv1.0 is disabled. Manual wording stolen from ftp(1). any comments? ok? Index: syslogd.8 === RCS file:

etc/syslog.conf: adjust comment for log host sample config

2021-10-09 Thread Stuart Henderson
The comments in etc/syslog.conf describe partially log-client setup and partially log-host setup and use UDP. I think it would be better to focus on "loghost-client" setup in the default config, the server options needed seem better described in syslogd(8) than in comments in syslog.conf. Since we

Re: Remove deprecated variables in sysctl(2)

2021-10-05 Thread Stuart Henderson
On 2021/10/05 18:11, Solene Rapenne wrote: > Variables HW_PHYSMEM and HW_USERMEM were deprecated 13 years ago, > maybe we can remove them from sysctl(2)? "deprecated" doesn't mean removed or disabled, it just means that one shouldn't use them. These are still in system headers and supported by

Re: Relayd daily crash ca_dispatch_relay invalid

2021-10-01 Thread Stuart Henderson
On 2021/10/01 14:43, Stuart Henderson wrote: > On 2021/10/01 09:29, abyx...@mnetic.ch wrote: > > I'm getting a daily crash (call to fatalx). No clue what triggers it and > > the logging is really sparse. I couldn't follow what the code in ca.c is > > actually doing (

Re: Relayd daily crash ca_dispatch_relay invalid

2021-10-01 Thread Stuart Henderson
On 2021/10/01 09:29, abyx...@mnetic.ch wrote: > I'm getting a daily crash (call to fatalx). No clue what triggers it and the > logging is really sparse. I couldn't follow what the code in ca.c is actually > doing (what the hash belongs to that is triggering the crash). A snip from >

Re: OpenBSD Errata: September 30, 2021 (libressl)

2021-09-30 Thread Stuart Henderson
On 2021/09/30 21:45, Sebastian Benoit wrote: > An errata patch for LibreSSL has been released for OpenBSD 6.8 and > OpenBSD 6.9. > > Compensate for the expiry of the DST Root X3 certificate. The use of an > unnecessary expired certificate in certificate chains can cause validation > errors. > >

Re: Variable type fix in parse.y (all of them)

2021-09-30 Thread Stuart Henderson
On 2021/09/29 21:21, Christian Weisgerber wrote: > The oft-copied parse.y code declares some variables as "unsigned char *" > but passes them to functions that take "char *" arguments and doesn't > make any use of the unsigned property. btw, those used to be char:

Re: sigwaitinfo(2) and sigtimedwait(2)

2021-09-24 Thread Stuart Henderson
On 2021/09/24 19:36, Rafael Sadowski wrote: > I'm trying to port the more KDE stuff so my question is from porter > perspective. > > I need sigwaitinfo(2)/sigtimedwait(2) and I found both functions in > lib/libc/gen/sigwait.c with the comment "need kernel to fill in more > siginfo_t bits first".

Re: Should 80MB of RAM be enough for kernel relinking on i386?

2021-09-23 Thread Stuart Henderson
Nobody should really by using i386 for new systems. The advantages of running amd64-compatible hardware are too big to ignore. Lower power consumption, much faster in most cases (the extra register used by PIE hurts i386 mode a lot more than amd64 mode with its extra registers), more address space

Re: pf.conf(5) & reply-to

2021-09-22 Thread Stuart Henderson
On 2021/09/22 11:28, Landry Breuil wrote: > Le Tue, Sep 21, 2021 at 10:40:12PM +0200, Sebastian Benoit a écrit : > > Alexander Bluhm(alexander.bl...@gmx.net) on 2021.09.21 22:34:09 +0200: > > > On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote: > > > > did i screwup something somewhere

Re: [PATCH] Always generate SAN

2021-09-17 Thread Stuart Henderson
Moved to tech@. Full original mail at https://marc.info/?l=openbsd-misc=163187837530385=2 On 2021-09-17, Wolf wrote on misc@: > Use of only CN is not allowed according to Baseline Requirements 1.8.0 > from CA Browser Forum. Using CN is not prohibited, but if it is present, > value in it must

Re: Diff: Function Length Reduction

2021-09-10 Thread Stuart Henderson
On 2021/09/10 16:39, VARIK VALEFOR wrote: > Is any particular aspect of the replacement code bad? The use of 'magic number' ASCII values obfuscates what the code is doing.

Re: Diff: Function Length Reduction

2021-09-10 Thread Stuart Henderson
On 2021/09/10 00:27, VARIK VALEFOR wrote: > P.S. s/originalBuf/vp->buffer/g I think this is a good demonstration of why sometimes it's better to have longer but simpler code.

Re: Change vm_dsize to vsize_t

2021-09-09 Thread Stuart Henderson
On 2021/09/09 06:47, Greg Steuck wrote: > Mark Kettenis writes: > > >> From: "Theo de Raadt" > >> Date: Tue, 07 Sep 2021 07:08:19 -0600 > >> > >> Or we could coordinate the Greg approach as a sysctl ABI change near a > >> libc major bump. On the other side of such a bump, all kernel + base +

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Stuart Henderson
On 2021/09/08 09:03, Damien Miller wrote: > This is a case of the host key algorithm not matching, so you > should use HostKeyAlgorithms=+ssh-rsa - I'll make sure to mention > this in the release notes. People seem to really be having a hard time grasping what's being disabled by default. And it

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Stuart Henderson
On 2021/09/07 14:40, Martijn van Duren wrote: > On Mon, 2021-08-30 at 10:08 +1000, Damien Miller wrote: > > Hi, > > > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > > in OpenSSH. > > > > While The SSH protocol confusingly uses overlapping names for key and > >

Re: timeout: Prettify man page and usage

2021-09-02 Thread Stuart Henderson
On 2021/09/02 08:56, Job Snijders wrote: > On Thu, Sep 02, 2021 at 07:23:26AM +0100, Jason McIntyre wrote: > > > .Ar time > > > -can be integer or decimal numbers. > > > +are positive integer or real (decimal) numbers, with an optional > > > > can you have a negative timeout? > > Negative

Re: async traceroute(8)

2021-09-01 Thread Stuart Henderson
On 2021/09/01 11:25, Florian Obser wrote: > So traceroute sends one probe, waits upto 5^W3 seconds for an answer to > arrive, sends the next probe and so on. > > This makes it a bit faster (10x on a path with two intermediate systems > not answering) by sending probes, waiting for the answer and

Re: [Patch] - Add -u (update packages) to sysupgrade(8)

2021-08-30 Thread Stuart Henderson
On 2021/08/28 09:26, Sebastien Marie wrote: > On Fri, Aug 27, 2021 at 08:17:51PM -0500, Aaron Poffenberger wrote: > > Following is patch to add a flag to upgrade packages during > > rc.firsttime after a sysupgrade. > > > > if you need this flag, is it a ponctual usage (running sysupgrade with >

Re: arm64 rpi4 upgrade, "Failed to install bootblocks" at end

2021-08-29 Thread Stuart Henderson
On 2021/08/28 22:28, Stuart Henderson wrote: > Spotted this at the end of a sysupgrade run. No issue with the reboot but > it doesn't look quite right, in particular the newfs_msdos is a bit scary. > > [...] > Installing xshare70.tgz 100% |**| 4

arm64 rpi4 upgrade, "Failed to install bootblocks" at end

2021-08-28 Thread Stuart Henderson
Spotted this at the end of a sysupgrade run. No issue with the reboot but it doesn't look quite right, in particular the newfs_msdos is a bit scary. [...] Installing xshare70.tgz 100% |**| 4505 KB00:36 Installing xfont70.tgz 100% |**|

Re: [patch] traceroute timeouts

2021-08-28 Thread Stuart Henderson
OK? Index: traceroute.8 === RCS file: /cvs/src/usr.sbin/traceroute/traceroute.8,v retrieving revision 1.69 diff -u -p -w -r1.69 traceroute.8 --- traceroute.811 Feb 2020 18:41:39 - 1.69 +++ traceroute.828 Aug

Re: wg(4) ipv6 ospf6d

2021-08-28 Thread Stuart Henderson
On 2021/08/25 22:23, Sebastian Benoit wrote: > Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200: > > On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote: > > > On 2021-08-25 18:02 +01, Stuart Henderson wrote: > > > > Trying to announce a ne

Re: [Patch] - Add -u (update packages) to sysupgrade(8)

2021-08-28 Thread Stuart Henderson
On 2021/08/27 23:07, Aaron Poffenberger wrote: > On 2021-08-27 23:00 -0400, Daniel Jakots wrote: > > On Fri, 27 Aug 2021 20:17:51 -0500, Aaron Poffenberger > > wrote: > > > > > + ${PKGS} && echo "pkg_add -Iu" >> /etc/rc.firsttime > > > > I don't think this addition is worth it, but anyway this

Re: wg(4) ipv6 ospf6d

2021-08-25 Thread Stuart Henderson
On 2021/08/25 19:58, Crystal Kolipe wrote: > On Wed, Aug 25, 2021 at 06:02:11PM +0100, Stuart Henderson wrote: > > If I manually configure a link-local the interface is successfully > > added. > > > > Anyone have an idea what the behaviour should be here? For pass

Re: wg(4) ipv6 ospf6d

2021-08-25 Thread Stuart Henderson
On 2021/08/25 13:33, Daniel Jakots wrote: > On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson > wrote: > > > If I manually configure a link-local the interface is successfully > > added. > > > > Anyone have an idea what the behaviour should be here? Fo

wg(4) ipv6 ospf6d

2021-08-25 Thread Stuart Henderson
Trying to announce a network on a wg(4) interface via ospf6d, just using passive to pick up the prefix, i.e. interface wg0 { passive } It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0". With -v I get 'interface with index 27 not found' (this is "normal" with ospf6d) and the

Re: allow KARL with config(8)'d kernels

2021-08-25 Thread Stuart Henderson
On 2021/08/25 10:35, Sebastien Marie wrote: > On Tue, Aug 24, 2021 at 01:53:41PM +0200, Paul de Weerd wrote: > > I have a new machine where I'd like to use IPMI. Of course, doing > > `config -e -f /bsd` will break KARL, so I tried to find a minimal way > > of supporting this. Done by introducing

Re: pf.conf(5) about queueing may be wrong

2021-08-23 Thread Stuart Henderson
On 2021/08/23 22:21, Klemens Nanni wrote: > On Mon, Aug 23, 2021 at 07:03:45PM +0200, Solene Rapenne wrote: > > pf.conf says this in QUEUEING > > https://man.openbsd.org/pf.conf#QUEUEING > > > > > If the referenced queue does not exist on the outgoing interface, > > > the default queue for that

Re: pf.conf(5) about queueing may be wrong

2021-08-23 Thread Stuart Henderson
On 2021/08/23 19:03, Solene Rapenne wrote: > pf.conf says this in QUEUEING > https://man.openbsd.org/pf.conf#QUEUEING > > > If the referenced queue does not exist on the outgoing interface, > > the default queue for that interface is used. > > however, with this simple config > > queue std on

Re: [patch] traceroute timeouts

2021-08-20 Thread Stuart Henderson
Shell aliases are good for that. I think I'd be happy with 3 seconds by default. 2 feels a bit short on overloaded links, GPRS, and some round-the-world packet trips -- Sent from a phone, apologies for poor formatting. On 20 August 2021 16:30:24 Tom Smyth wrote: Hello all,, would it make

Re: [patch] traceroute timeouts

2021-08-20 Thread Stuart Henderson
On 2021/08/20 10:46, Florian Obser wrote: > Makes sense to me, OK florian I think 1 second by default is still too short.

Re: ucc(4): consumer control keyboard device driver

2021-08-18 Thread Stuart Henderson
On 2021/08/18 18:48, Martin Pieuchot wrote: > Regarding the introduction of a separate wskbd(4) this can be seen as an > intermediate step. Having this logic in ukbd(4) implies revisiting the > way reportID are mapped to USB drivers, which is still a bit of a hack > when it comes to supporting

Re: snmp(1): Fix unsafe defaults

2021-08-11 Thread Stuart Henderson
On 2021/08/11 19:34, Martijn van Duren wrote: > On Wed, 2021-08-11 at 18:03 +0100, Stuart Henderson wrote: > > On 2021/08/11 16:35, Martijn van Duren wrote: > > > Following snmpd, remove the public default community and move to snmpv3 > > > by default. This is also what

Re: snmp(1): Fix unsafe defaults

2021-08-11 Thread Stuart Henderson
On 2021/08/11 16:35, Martijn van Duren wrote: > Following snmpd, remove the public default community and move to snmpv3 > by default. This is also what net-snmp does. I originally chose this > default because that's what snmpctl did and it allowed for easier > interoperability with snmpd(8). v3

Re: CVS: cvs.openbsd.org: src

2021-08-09 Thread Stuart Henderson
On 2021/08/09 22:35, Martijn van Duren wrote: > Moving to tech@ > > On Mon, 2021-08-09 at 20:56 +0100, Stuart Henderson wrote: > > On 2021/08/09 12:14, Martijn van Duren wrote: > > > CVSROOT:/cvs > > > Module name:src > > > Changes by: m

Re: snmpd: tweak listen on

2021-08-09 Thread Stuart Henderson
On 2021/08/09 20:55, Martijn van Duren wrote: > Updated diff after my engineid commit. ok > Index: snmpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/snmpd/snmpd.conf.5,v > retrieving revision 1.53 > diff -u -p -r1.53 snmpd.conf.5 >

Re: dhcpleased(8): ignore servers / parts of lease

2021-08-09 Thread Stuart Henderson
On 2021/08/09 15:03, Andras Vinter wrote: > It's probably an overkill for first implementation, but in the future > I think we should support subnet definitions in CIDR notation (e.x.: > 192.168.0.0/24) and IP ranges for fine control (e.x.: > 192.168.0.100-192.168.0.254). dhclient never needed

Re: Fix unsafe snmpd defaults

2021-08-08 Thread Stuart Henderson
On 2021/08/08 10:05, Martijn van Duren wrote: > > +++ etc/examples/snmpd.conf 7 Aug 2021 21:45:44 - > > @@ -1,24 +1,26 @@ > >  # $OpenBSD: snmpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $ > >   > > -listen_addr="127.0.0.1" > > +# Default is to listen to all addresses for SNMPv3 only;

Re: Fix unsafe snmpd defaults

2021-08-07 Thread Stuart Henderson
On 2021/08/07 15:17, Martijn van Duren wrote: > Let me give one final pushback, if this doesn't convince you then feel > free to commit sthen's diff without my OK, but make sure it stays in > sync with snmp(1). I was convinced enough to try it, hence okaying your previous diff, but practical

Re: Fix unsafe snmpd defaults

2021-08-05 Thread Stuart Henderson
On 2021/08/03 23:46, Martijn van Duren wrote: > On Tue, 2021-08-03 at 21:58 +0100, Stuart Henderson wrote: > > On 2021/08/03 22:07, Martijn van Duren wrote: > > > On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote: > > > > On 2021/06/15 17:39, Stuart Henderson

Re: rpki-client support more http status codes

2021-08-04 Thread Stuart Henderson
On 2021/08/04 19:58, Sebastian Benoit wrote: > just as i had looked them up :P My usual quick http status code reference doesn't even have 103 (and the graphical representation of https://http.cat/308 is a bit confusing :)

Re: Add versioned lib to system perl's @INC for non-packaged modules

2021-08-04 Thread Stuart Henderson
On 2021/08/04 19:45, Ingo Schwarze wrote: > Hi Andrew, > > Andrew Fresh wrote on Fri, Jul 30, 2021 at 05:34:40PM -0700: > > On Sun, May 16, 2021 at 03:30:39PM -0700, Andrew Hewus Fresh wrote: > > >> There do appear to be some annoyances with still shared directories for > >> man pages, in that

Re: Fix unsafe snmpd defaults

2021-08-03 Thread Stuart Henderson
On 2021/08/03 22:07, Martijn van Duren wrote: > On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote: > > On 2021/06/15 17:39, Stuart Henderson wrote: > > > > Then again, I don't get the feeling many people use snmpd at this time > > > > and maybe it's a good

Re: Fix unsafe snmpd defaults

2021-08-03 Thread Stuart Henderson
On 2021/06/15 17:39, Stuart Henderson wrote: > > Then again, I don't get the feeling many people use snmpd at this time > > and maybe it's a good moment to bite the bullet and go for safest > > defaults possible at this time. But if that's the case I would like to > &g

  1   2   3   4   5   6   7   8   9   10   >