Re: [PATCH] parse ! on hostname.if for autoinstall

2018-11-09 Thread Todd T. Fries
Would there be any merit in contemplating a syntax that would permit
adding routes in hostname.if so the installer could pick that up and
avoid the much more corner case shell disaster scenarios?

note .. 'route add' no longer requires -inet6 so we would not need a
special route6 syntax.

For example, one attempt at doing this could look like the below:

/usr/src/etc$ cat /etc/hostname.vether2 
10.2.2.2/24
inet6 eui64
route 1.2.3.0/24 10.2.2.1
route 2001:db8::/96 fe80::1%\$if
/usr/src/etc$ doas sh ./netstart -n vether2
ifconfig vether2 10.2.2.2/24
ifconfig vether2 inet6 eui64
route -q add 1.2.3.0/24 10.2.2.1
route -q add 2001:db8::/96 fe80::1%vether2
/usr/src/etc$ ifconfig vether2
vether2: flags=8843 mtu 1500
lladdr fe:e1:ba:dc:67:9b
index 20 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.2.2.2 netmask 0xff00 broadcast 10.2.2.255
inet6 fe80::6a0e:c942:3581:6ebf%vether2 prefixlen 64 scopeid 0x14
/usr/src/etc$ netstat -nr | grep vether2
1.2.3/24   10.2.2.1   UGS00 - 8 vether2
10.2.2/24  10.2.2.2   UCn10 - 4 vether2
10.2.2.1   link#20UHLch  12 - 3 vether2
10.2.2.2   fe:e1:ba:dc:67:9b  UHLl   00 - 1 vether2
10.2.2.255 10.2.2.2   UHb00 - 1 vether2
2001:db8::/96  fe80::1%vether2UGS0  
  0 - 8 vether2
fe80::%vether2/64  fe80::6a0e:c942:3581:6ebf%vether2 UCn
10 - 4 vether2
fe80::1%vether2link#20UHLch  1  
  2 - 3 vether2
fe80::6a0e:c942:3581:6ebf%vether2  fe:e1:ba:dc:67:9b  UHLl   0  
  0 - 1 vether2
ff01::%vether2/32  fe80::6a0e:c942:3581:6ebf%vether2 Um 
00 - 4 vether2
ff02::%vether2/32  fe80::6a0e:c942:3581:6ebf%vether2 Um 
00 - 4 vether2
/usr/src/etc$ diff -u netstart.orig netstart
--- netstart.orig   Fri Nov  9 17:58:58 2018
+++ netstartFri Nov  9 18:09:39 2018
@@ -68,6 +68,10 @@
_cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient $_if"
V4_DHCPCONF=true
;;
+   route)  ((${#_c[*]} == 3)) || return
+   _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
+   _cmds[${#_cmds[*]}]="route -q add${_cmd#route}"
+   ;;
'!'*)   _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
_cmds[${#_cmds[*]}]="${_cmd#!}"
;;



If this is worth pursuing, I'll create and test an installer equivalent version.

Thanks,

Penned by Theo de Raadt on 20181109 10:13.33, we have:
| This was intentional because a user could put crazy script commands
| in the files which don't work in the bsd.rd context.  bsd.rd is
| quite gutted.
| 
| That means some circumstances could fail quite badly
| 
| Could be reconsidered...
| 
| > During auto upgrade via the auto_upgrade.conf file (no DHCP server),
| > shell commands are skipped.
| > This small diff is coming from parse_hn_line() in /etc/netstart, thus,
| > it keeps the behavior similar.
| > I think it's handy, especially if you need a static route in order to
| > reach a mirror for example.
| > 
| > diff --git install.sub install.sub
| > index bce1fa50358..31dbafdc95d 100644
| > --- install.sub
| > +++ install.sub
| > @@ -2319,8 +2319,11 @@ parse_hn_line() {
| >     _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient
| > $_if"
| >     V4_DHCPCONF=true
| >     ;;
| > -   '!'*|bridge)
| > -   # Skip shell commands and bridge in the installer.
| > +   '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
| > +   _cmds[${#_cmds[*]}]="${_cmd#!}"
| > +   ;;
| > +   bridge)
| > +   # Skip bridge in the installer.
| >     return
| >     ;;
| >     *)  _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
| > 
| > 
| > Cheers
| > 

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: spf walk: lookup aaaa records with "a" mechanism

2018-10-15 Thread Todd T. Fries
In principal I like this.

In practice, I note something is missing.  I get a different output:

$ echo netsend.nl | smtpctl spf walk
32.1.9.129
32.1.9.132
80.127.98.234
80.127.135.115

I also note the dns is being requested, as per below, just not printed for some 
reason.

09:42:12.175535 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 70: 192.168.1.85.11695 
> 8.8.8.8.53: [udp sum ok] 49902+ TXT? netsend.nl.(28) (ttl 64, id 37703, len 
56)
09:42:12.504853 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 112: 8.8.8.8.53 > 
192.168.1.85.11695: [udp sum ok] 49902 1/0/0 netsend.nl. TXT "v=spf1 
a:smtp.netsend.nl -all[|domain] (ttl 119, id 12691, len 98)
09:42:12.505483 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.45977 
> 8.8.8.8.53: [udp sum ok] 37034+ A? smtp.netsend.nl.(33) (ttl 64, id 19808, 
len 61)
09:42:12.505526 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.31571 
> 8.8.8.8.53: [udp sum ok] 58052+ ? smtp.netsend.nl.(33) (ttl 64, id 22845, 
len 61)
09:42:12.668825 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 131: 8.8.8.8.53 > 
192.168.1.85.31571: [udp sum ok] 58052 2/0/0 smtp.netsend.nl.  
2001:981:8a34:1:80:127:135:115, smtp.netsend.nl.  
2001:984:6a6f:1:468a:5bff:fed9:87(89) (ttl 119, id 58881, len 117)
09:42:12.748121 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 107: 8.8.8.8.53 > 
192.168.1.85.45977: [udp sum ok] 37034 2/0/0 smtp.netsend.nl. A 80.127.98.234, 
smtp.netsend.nl. A 80.127.135.115(65) (ttl 56, id 60155, len 93)

Thanks,

Penned by Tim Kuijsten on 20181014 18:08.06, we have:
| Hi,
| 
| When the "a" designated sender mechanism is used in an spf txt record, both
| v4 and v6 addresses are matched according to [1], so let `smtpctl spf walk`
| resolve both A and  records.
| 
| Current output:
| $ echo netsend.nl | smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
| 
| Expected output:
| $ echo netsend.nl | ./smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
| 2001:981:8a34:1:80:127:135:115
| 2001:984:6a6f:1:468a:5bff:fed9:87
| 
| -Tim
| 
| [1] https://tools.ietf.org/html/rfc7208#section-5.3

| diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
| index c4ce2e3d891..22b057963f9 100644
| --- a/usr.sbin/smtpd/spfwalk.c
| +++ b/usr.sbin/smtpd/spfwalk.c
| @@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
|   }
|   if (strncasecmp("a:", *ap, 2) == 0) {
|   lookup_record(T_A, *(ap) + 2, dispatch_a);
| + lookup_record(T_, *(ap) + 2, dispatch_);
|   continue;
|   }
|   if (strncasecmp("exists:", *ap, 7) == 0) {


-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: vmd/vmctl: allow to boot cdrom-only VMs

2018-08-23 Thread Todd T. Fries
Penned by Theo de Raadt on 20180823 14:22.46, we have:
| Mike Larkin  wrote:
| 
| > On Thu, Aug 23, 2018 at 11:05:40AM -0500, Todd T. Fries wrote:
| > > This makes me wonder. Does it make sense to support booting a kernel 
without
| > > disks?  Some people have heard of the phrase 'diskless' ;-)
| > > 
| > > Penned by Reyk Floeter on 20180822 13:35.23, we have:
| > > | Hi,
| > > | 
| > > | vmctl doesn't allow to boot VMs with only a CDROM.  I see no reason
| > > | for it and vmd already allows CDROM-only.
| > > | 
| > > | OK?
| > > | 
| > > | Via https://twitter.com/wizardishungry/status/1032327323125727232
| > > | "Jon Williams @wizardishungry
| > > | @reykfloeter Could you consider allowing booting ISO-only vms in 6.4?
| > > | This is helpful for running container hosts (e.g. boot2docker)."
| > > | 
| > > | Reyk
| > > | 
| > > | Index: usr.sbin/vmctl/vmctl.c
| > > | ===
| > > | RCS file: /cvs/src/usr.sbin/vmctl/vmctl.c,v
| > > | retrieving revision 1.54
| > > | diff -u -p -u -p -r1.54 vmctl.c
| > > | --- usr.sbin/vmctl/vmctl.c  12 Jul 2018 12:04:49 -  1.54
| > > | +++ usr.sbin/vmctl/vmctl.c  22 Aug 2018 18:29:44 -
| > > | @@ -98,8 +98,8 @@ vm_start(uint32_t start_id, const char *
| > > | errx(1, "too many disks");
| > > | else if (ndisks == 0)
| > > | warnx("starting without disks");
| > > | -   if (kernel == NULL && ndisks == 0)
| > > | -   errx(1, "no kernel or disk specified");
| > > | +   if (kernel == NULL && ndisks == 0 && !iso)
| > > | +   errx(1, "no kernel or disk/cdrom specified");
| > > | if (nnics == -1)
| > > | nnics = 0;
| > > | if (nnics > VMM_MAX_NICS_PER_VM)
| > > 
| > > -- 
| > > Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . 
github:toddfries
| > > 
| > 
| > I know personally of at least 3 people using vmm(4)/vmd(8) with gigantisch
| > ramdisks containing all sorts of goo. None of them use any disks.
| 
| but no AFS in sight.
| 

vmd(8) doesn't have a fdc(4) either, so no swapping on a floppy!

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: vmd/vmctl: allow to boot cdrom-only VMs

2018-08-23 Thread Todd T. Fries
This makes me wonder. Does it make sense to support booting a kernel without
disks?  Some people have heard of the phrase 'diskless' ;-)

Penned by Reyk Floeter on 20180822 13:35.23, we have:
| Hi,
| 
| vmctl doesn't allow to boot VMs with only a CDROM.  I see no reason
| for it and vmd already allows CDROM-only.
| 
| OK?
| 
| Via https://twitter.com/wizardishungry/status/1032327323125727232
| "Jon Williams @wizardishungry
| @reykfloeter Could you consider allowing booting ISO-only vms in 6.4?
| This is helpful for running container hosts (e.g. boot2docker)."
| 
| Reyk
| 
| Index: usr.sbin/vmctl/vmctl.c
| ===
| RCS file: /cvs/src/usr.sbin/vmctl/vmctl.c,v
| retrieving revision 1.54
| diff -u -p -u -p -r1.54 vmctl.c
| --- usr.sbin/vmctl/vmctl.c12 Jul 2018 12:04:49 -  1.54
| +++ usr.sbin/vmctl/vmctl.c22 Aug 2018 18:29:44 -
| @@ -98,8 +98,8 @@ vm_start(uint32_t start_id, const char *
|   errx(1, "too many disks");
|   else if (ndisks == 0)
|   warnx("starting without disks");
| - if (kernel == NULL && ndisks == 0)
| - errx(1, "no kernel or disk specified");
| + if (kernel == NULL && ndisks == 0 && !iso)
| + errx(1, "no kernel or disk/cdrom specified");
|   if (nnics == -1)
|       nnics = 0;
|   if (nnics > VMM_MAX_NICS_PER_VM)

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: ifconfig join: show list of configured ess ids

2018-08-06 Thread Todd T. Fries
|   struct ieee80211_ess *ess;
|   struct ieee80211_wpapsk *psk;
|   struct ieee80211_keyavail *ka;
| @@ -488,6 +490,26 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t 
data)
|   }
|   }
|   break;
| + case SIOCG80211JOINALL:
| + ja = (struct ieee80211_joinreq_all *)data;
| + ja->ja_nodes = len = 0;
| + TAILQ_FOREACH(ess, >ic_ess, ess_next) {
| + if (len + sizeof(struct ieee80211_nodereq) >=
| + ja->ja_size) {
| + error = E2BIG;
| + break;
| + }
| + memset(, 0, sizeof(struct ieee80211_join));
| + join.i_len = ess->esslen;
| + memcpy(_nwid, ess->essid, join.i_len);
| + error = copyout(, >ja_node[ja->ja_nodes],
| + sizeof(struct ieee80211_nodereq));
| + if (error)
| + break;
| + len += sizeof(struct ieee80211_join);
| + ja->ja_nodes++;
| + }
| + break;
|   case SIOCS80211NWKEY:
|   if ((error = suser(curproc)) != 0)
|   break;
| diff --git sys/net80211/ieee80211_ioctl.h sys/net80211/ieee80211_ioctl.h
| index 9ea74127b22..ea19d8a9550 100644
| --- sys/net80211/ieee80211_ioctl.h
| +++ sys/net80211/ieee80211_ioctl.h
| @@ -275,6 +275,7 @@ struct ieee80211_keyrun {
|  
|  #define SIOCS80211SCAN_IOW('i', 210, struct ifreq)
|  
| +#define  SIOCG80211JOINALL   _IOWR('i', 218, struct 
ieee80211_joinreq_all)
|  #define  SIOCS80211JOIN  _IOWR('i', 255, struct ifreq)
|  #define  SIOCG80211JOIN  _IOWR('i', 256, struct ifreq)
|  
| @@ -288,6 +289,14 @@ struct ieee80211_join {
|   struct ieee80211_nwkey  i_nwkey;
|  };
|  
| +struct ieee80211_joinreq_all {
| + char ja_ifname[IFNAMSIZ];
| + int  ja_nodes; /* returned count */
| + size_t   ja_size;  /* size of node buffer */
| + struct ieee80211_join   *ja_node;  /* allocated node buffer */
| +};
| +
| +
|  #define IEEE80211_JOIN_SHOW  0x01
|  #define IEEE80211_JOIN_FOUND 0x02
|  #define IEEE80211_JOIN_DEL   0x04
| diff --git sys/net80211/ieee80211_node.h sys/net80211/ieee80211_node.h
| index 882df583190..afd9b4ce438 100644
| --- sys/net80211/ieee80211_node.h
| +++ sys/net80211/ieee80211_node.h
| @@ -39,7 +39,7 @@
|  #define  IEEE80211_TRANS_WAIT5   /* transition wait */
|  #define  IEEE80211_INACT_WAIT5   /* inactivity timer 
interval */
|  #define  IEEE80211_INACT_MAX (300/IEEE80211_INACT_WAIT)
| -#define  IEEE80211_CACHE_SIZE    100
| +
|  #define  IEEE80211_CACHE_WAIT30
|  
|  struct ieee80211_rateset {

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: cwm: remove ssh auto-completion

2017-07-10 Thread Todd T. Fries
Wow, I missed the completion bits also!

I like this better than the cwm menu or dmenu, so I'll be using this
from now on instead of the window manager.

Here's my cool 3 liners to nab all them hosts ;-)

set -A complete_ssh $(
(awk '!/\*/ && /^Host /{print $2}' ~/.ssh/config;
awk '{sub(",.*$","",$1);print $1}' ~/.ssh/known_hosts)|sort -u)

Thanks!

Penned by Ingo Schwarze on 20170710  8:22.48, we have:
| Hi,
| 
| Bryan Steele wrote on Mon, Jul 10, 2017 at 08:21:19AM -0400:
| 
| > Instead of relying on the window manager, why not add it to your
| > shell?
| > 
| > https://deftly.net/posts/2017-05-01-openbsd-ksh-tab-complete.html
| > 
| >   set -A complete_ssh $(awk '!/\*/ && /^Host /{print $2}' ~/.ssh/config)
| > 
| > I'm sure someone can come up with a cool one liner for parsing
| > known_hosts files.
| 
| YIKES, what a horrible idea.
| 
| I think the support for complete_* arrays ought to be summarily
| deleted from emacs.c.  It is excessive complexity and creeping
| featurism and has no place in a program as sensitve as the shell.
| 
| Yours,
|   Ingo

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: cwm: remove ssh auto-completion

2017-07-09 Thread Todd T. Fries
I'm going to echo Martijn's opinion below.

Nearly 95% of my ssh sessions to lots of systems start with alt-. followed
by a few keys typed to confirm the hostname is correct followed by enter.

Typing the full hostname or providing shortened versions in .ssh/config is
unwieldy and quite cumbersome otherwise.

I've come to use this feature as a very trusted time saver in my regular
day.

I'd say I use it on average 100 or more times per day.

What are our options to replace it with equivalent functionality should you
feel the need to march on without it?

Thanks,

Penned by Martijn van Duren on 20170710  0:01.54, we have:
| As a sysadmin with access to over a couple of 100 machines I find this
| feature extremely useful. It would require me quite a bit of extra
| brainpower to remember the correct/full hostname of each and every one
| of them, especially since I can start typing halfway through the
| hostname.
| 
| So yeah, I think it'd would be a shame if this feature would disappear.
| 
| martijn@
| 
| On 07/07/17 18:44, Okan Demirmen wrote:
| > Hi cwm users,
| > 
| > In converting this to use getline(3) over fgetln(3), I'm asking the 
question if
| > this (imho) mis-feature belongs in a window manager. I've hinted at wanting 
to
| > remove it in the past but there was opposition.  As a compromise, we could 
just
| > leave the 'ssh>' menu available, but it will not be pre-populated (nor
| > auto-completed) by what's in ~/.ssh/known_hosts; just type in the
| > host/ip/whatever at the menu prompt. cwm(1) does a very rudimentary pass at
| > parsing the known_hosts file, and there's no reason to hoist code from 
ssh(1)
| > just to get auto-completion in a window manager menu.
| > 
| > Below is the minimal code part in kbfunc_menu_ssh().
| > 
| > Preferably, I'd like to remove the whole ssh menu, but can live with the 
below
| > if it's useful to others.
| > 
| > Thoughts?
| > 
| > Thanks,
| > Okan
| > 
| > Index: kbfunc.c
| > ===
| > RCS file: /home/open/cvs/xenocara/app/cwm/kbfunc.c,v
| > retrieving revision 1.145
| > diff -u -p -r1.145 kbfunc.c
| > --- kbfunc.c9 May 2017 13:40:18 -   1.145
| > +++ kbfunc.c6 Jul 2017 19:36:13 -
| > @@ -462,50 +462,16 @@ kbfunc_menu_ssh(void *ctx, struct cargs 
| > struct cmd_ctx  *cmd;
| > struct menu *mi;
| > struct menu_qmenuq;
| > -   FILE*fp;
| > -   char*buf, *lbuf, *p;
| > -   char hostbuf[HOST_NAME_MAX+1];
| > char path[PATH_MAX];
| > int  l;
| > -   size_t   len;
| >  
| > TAILQ_FOREACH(cmd, , entry) {
| > if (strcmp(cmd->name, "term") == 0)
| > break;
| > }
| > -   TAILQ_INIT();
| >  
| > -   if ((fp = fopen(Conf.known_hosts, "r")) == NULL) {
| > -   warn("%s: %s", __func__, Conf.known_hosts);
| > -   goto menu;
| > -   }
| > +   TAILQ_INIT();
| >  
| > -   lbuf = NULL;
| > -   while ((buf = fgetln(fp, ))) {
| > -   if (buf[len - 1] == '\n')
| > -   buf[len - 1] = '\0';
| > -   else {
| > -   /* EOF without EOL, copy and add the NUL */
| > -   lbuf = xmalloc(len + 1);
| > -   (void)memcpy(lbuf, buf, len);
| > -   lbuf[len] = '\0';
| > -   buf = lbuf;
| > -   }
| > -   /* skip hashed hosts */
| > -   if (strncmp(buf, HASH_MARKER, strlen(HASH_MARKER)) == 0)
| > -   continue;
| > -   for (p = buf; *p != ',' && *p != ' ' && p != buf + len; p++) {
| > -   /* do nothing */
| > -   }
| > -   /* ignore badness */
| > -   if (p - buf + 1 > sizeof(hostbuf))
| > -   continue;
| > -   (void)strlcpy(hostbuf, buf, p - buf + 1);
| > -   menuq_add(, NULL, "%s", hostbuf);
| > -   }
| > -   free(lbuf);
| > -   (void)fclose(fp);
| > -menu:
| > if ((mi = menu_filter(sc, , "ssh", NULL, (CWM_MENU_DUMMY),
| > search_match_text, search_print_text)) != NULL) {
| > if (mi->text[0] == '\0')
| > 

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



does openssl get to use dns?

2015-11-19 Thread Todd T. Fries
To demonstrate:

  openssl s_client -connect www.google.com:443

A fix, probably not the full or correct one:

Index: openssl.c
===
RCS file: /cvs/src/usr.bin/openssl/openssl.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 openssl.c
--- openssl.c   17 Oct 2015 07:51:10 -  1.19
+++ openssl.c   20 Nov 2015 06:06:47 -
@@ -438,7 +438,7 @@ main(int argc, char **argv)
arg.data = NULL;
arg.count = 0;
 
-   if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) {
+   if (pledge("stdio inet rpath wpath cpath proc flock tty dns", NULL) == 
-1) {
fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
exit(1);
}
Index: s_client.c
===
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 s_client.c
--- s_client.c  17 Oct 2015 15:00:11 -  1.23
+++ s_client.c  20 Nov 2015 06:06:47 -
@@ -365,7 +365,7 @@ s_client_main(int argc, char **argv)
long socket_mtu = 0;
 
if (single_execution) {
-   if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) {
+   if (pledge("stdio inet rpath wpath cpath tty dns", NULL) == -1) 
{
perror("pledge");
exit(1);
}
-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \  sip:freedae...@ekiga.net
| "..in support of free software solutions." \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: boot/zboot: cmd.c merge

2014-07-26 Thread Todd T. Fries
) {
|  +   printf(%s not a console device\n, cmd.argv[1]);
|  +   return 0;
|  }
|   
|  +   if (cmd.argc == 2)
|  +   printf(%s speed is %d\n, cmd.argv[1],
|  +   cnspeed(dev, -1));
|  +   else {
|  +   sp = 0;
|  +   for (cp = cmd.argv[2]; isdigit(*cp); cp++)
|  +   sp = sp * 10 + (*cp - '0');
|  +   cnspeed(dev, sp);
|  +   }
|  return 0;
|   }
|   
|  @@ -407,8 +404,6 @@ Xtime(void)
|   
|  if (cmd.argc == 1)
|  printf(ctime(tt));
|  -   else {
|  -   }
|   
|  return 0;
|   }
|  @@ -429,8 +424,8 @@ Xls(void)
|  ls(cmd.path, sb);
|  else {
|  if ((fd = opendir(cmd.path))  0) {
|  -   printf (opendir(%s): %s\n, cmd.path,
|  -   strerror(errno));
|  +   printf(opendir(%s): %s\n, cmd.path,
|  +   strerror(errno));
|  return 0;
|  }
|   
|  @@ -440,10 +435,10 @@ Xls(void)
|  *p++ = '/';
|  *p = '\0';
|   
|  -   while(readdir(fd, p) = 0) {
|  +   while (readdir(fd, p) = 0) {
|  if (stat(cmd.path, sb)  0)
|  printf(stat(%s): %s\n, cmd.path,
|  -  strerror(errno));
|  +   strerror(errno));
|  else
|  ls(p, sb);
|  }

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: X dist set needs an update........

2014-07-22 Thread Todd T. Fries
Indeed. fixed.

Penned by Ian Mcwilliam on 20140722 21:18.12, we have:
| XETCLIST=`mktemp /tmp/_xetcsum.XX` || exit 1;  sort 
distrib/sets/lists/xetc/{mi,md.amd64}  ${XETCLIST};  cd /usr/xf4-dest   
xargs sha256 -h /usr/xf4-dest/usr/share/sysmerge/xetcsum  ${XETCLIST} || true; 
 rm -f ${XETCLIST}
| cd distrib/sets   env MACHINE=amd64 ksh ./maketars 56 5.6   { env 
MACHINE=amd64 ksh ./checkflist 5.6 || true ; }
| xbase: pax: Unable to access ./usr/X11R6/lib/libpixman-1.so.32.4: No such 
file or directory
| done.
| xetc: done.
| xserv: done.
| xshare: done.
| xfont: done.
| done.
| 958a959
|  ./usr/X11R6/include/intel_aub.h
| 5877c5878
|  ./usr/X11R6/lib/libpixman-1.so.32.4
| ---
|  ./usr/X11R6/lib/libpixman-1.so.32.6
| cd /usr/release;  cksum -a sha256 x*tgz  SHA256
| 
| 
| 
| Ian McWilliam

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Todd T. Fries
Penned by Mike Belopuhov on 20140711  6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
|  On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
|  Hello all,
|  I use rdomains to split routing domains per company and also separate
|  administration interfaces from routing interfaces on my routers (sshd,
|  bacula, postfix and puppetd running on a dedicated rdomain)
| 
|  Actually there is a problem with rdomains, we need to modify /etc/rc.d
|  scripts to add rdomain execution environment to the specified service.
|  If rc.subr have support to rdomains, we can let the rc.d scripts clean.
| 
|  To resolve those rdomain issues, I created a patch and I added a new
|  variable we could use on rc.conf(.local), ${_name}_rdomain. (This
|  variable needs a signed integer and use an existing rdomain, this is
|  checked by rc.subr.
| 
|  I want to contribute to OpenBSD and I give you this patch. If you have
|  any suggestions to improve it, tell me.
| 
|  I don't use rdomain so someone knowledgeable should comment here.
|  But it does look like a nice idea.
| 
| 
| having something like this would be really cool.  in case you'll be
| tweaking the code, make sure that the route -T exec printf check
| is preserved.  i would use true in this test however.
| 
| as far as i can tell the daemon_rdomain bit that goes into the rc
| script is fine, however i'm not quite sure how can i start two
| daemons in different rdomains via rc.conf.local.  looks like this
| diff doesn't handle this and allows only one instance in the
| ${_name}_rdomain rdomain.  but sometimes you want multiple, say
| sshd in rdomain 0 and 1.  daemon_rdomain flag allows me to go and
| create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
| in there.  but then i'd have to add it to the pkg_scripts...  this
| is a minor issue that i see.  perhaps ${_name}_rdomain should list
| multiple values, like sshd_rdomain=0,1,2,3.

multiple rdomain instances might even have different daemon_flags.

I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
ssh_rdomain_0_flags=-C /etc/ssh/sshd_0_config.  I'm guessing it
makes sense to add to sshd_flags= rather than over-write it, but
that's splitting hairs.

I've been wondering about how to implement what you've done, and
have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.

I like this direction.

Thanks,
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: Re : Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Todd T. Fries
Ok ok ok .. having the ability to specify the rdomain for the one instance of
a daemon started by /etc/rc does let other monkeying to be done from 
/etc/rc.local
if desired.

Thanks,

Penned by Loïc Blot on 20140711  9:56.35, we have:
| Of course,
| I have set the fewer modification on rc.subr because cases mentionned by Todd 
are more rare. I think those cases must be handled by rc.local. (but i agree 
with todd concept, but his modification is too big for majority of systems).
| 
| Loïc Blot,
| Ingénieur systèmes UNIX, Sécurité et Réseaux
| http://www.unix-experience.fr 
| 
| Theo de Raadt dera...@cvs.openbsd.org a écrit :
| 
|  Penned by Mike Belopuhov on 20140711  6:49.19, we have:
|  | On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
|  |  On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote:
|  |  Hello all,
|  |  I use rdomains to split routing domains per company and also separate
|  |  administration interfaces from routing interfaces on my routers (sshd,
|  |  bacula, postfix and puppetd running on a dedicated rdomain)
|  | 
|  |  Actually there is a problem with rdomains, we need to modify /etc/rc.d
|  |  scripts to add rdomain execution environment to the specified service.
|  |  If rc.subr have support to rdomains, we can let the rc.d scripts 
clean.
|  | 
|  |  To resolve those rdomain issues, I created a patch and I added a new
|  |  variable we could use on rc.conf(.local), ${_name}_rdomain. (This
|  |  variable needs a signed integer and use an existing rdomain, this is
|  |  checked by rc.subr.
|  | 
|  |  I want to contribute to OpenBSD and I give you this patch. If you have
|  |  any suggestions to improve it, tell me.
|  | 
|  |  I don't use rdomain so someone knowledgeable should comment here.
|  |  But it does look like a nice idea.
|  | 
|  | 
|  | having something like this would be really cool.  in case you'll be
|  | tweaking the code, make sure that the route -T exec printf check
|  | is preserved.  i would use true in this test however.
|  | 
|  | as far as i can tell the daemon_rdomain bit that goes into the rc
|  | script is fine, however i'm not quite sure how can i start two
|  | daemons in different rdomains via rc.conf.local.  looks like this
|  | diff doesn't handle this and allows only one instance in the
|  | ${_name}_rdomain rdomain.  but sometimes you want multiple, say
|  | sshd in rdomain 0 and 1.  daemon_rdomain flag allows me to go and
|  | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
|  | in there.  but then i'd have to add it to the pkg_scripts...  this
|  | is a minor issue that i see.  perhaps ${_name}_rdomain should list
|  | multiple values, like sshd_rdomain=0,1,2,3.
|  
|  multiple rdomain instances might even have different daemon_flags.
|  
|  I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
|  ssh_rdomain_0_flags=-C /etc/ssh/sshd_0_config.  I'm guessing it
|  makes sense to add to sshd_flags= rather than over-write it, but
|  that's splitting hairs.
|  
|  I've been wondering about how to implement what you've done, and
|  have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
|  
|  I like this direction.
| 
| For crazy stuff, use /etc/rc.local

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: NOINET6 by default

2014-06-10 Thread Todd T. Fries
Penned by Henning Brauer on 20140608 10:14.46, we have:
| since no consensus could be found yet for a new command line option to
| ifconfig, heck, not even about wether it is needed, I propose this for
| now.
| 
| 1) make ifconfig if inet6 eui64 reset the NOINET6 flag
| unconditionally, so a link-local will be assigned if there isn't one
| yet. 
| 
| Index: sbin/ifconfig/ifconfig.c
| ===
| RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
| retrieving revision 1.283
| diff -u -p -r1.283 ifconfig.c
| --- sbin/ifconfig/ifconfig.c  12 May 2014 08:47:37 -  1.283
| +++ sbin/ifconfig/ifconfig.c  19 May 2014 00:27:07 -
| @@ -411,7 +411,7 @@ const struct  cmd {
|   { flowdst,NEXTARG,0,  setpflow_receiver },
|   { -flowdst, 1,0,  unsetpflow_receiver },
|   { pflowproto, NEXTARG,0,  setpflowproto },
| - { -inet6, IFXF_NOINET6,   0,  setifxflags } ,
| + { -inet6, IFXF_NOINET6,   0,  setifxflags },
|   { keepalive,  NEXTARG2,   0,  NULL, setkeepalive },
|   { -keepalive, 1,  0,  unsetkeepalive },
|   { add,NEXTARG,0,  bridge_add },
| @@ -1312,6 +1312,7 @@ setia6eui64(const char *cmd, int val)
|  
|   if (afp-af_af != AF_INET6)
|   errx(1, %s not allowed for the AF, cmd);
| + setifxflags(inet6, -IFXF_NOINET6);
|   in6 = (struct in6_addr *)in6_addreq.ifra_addr.sin6_addr;
|   if (memcmp(in6addr_any.s6_addr[8], in6-s6_addr[8], 8) != 0)
|   errx(1, interface index is already filled);
| 
| 2) turn the NOINET6 flag on by default.
| As said previously, it will be reset and thus a link-local assigned
| transparently if either
| -rtsol(d) is run
| -an inet6 address is assigned
| -ifconfig if inet6 eui64 is run
| and thus should be entirely transparent for the vast majority of inet6
| users.
| 
| Index: sys/net/if.c
| ===
| RCS file: /cvs/src/sys/net/if.c,v
| retrieving revision 1.289
| diff -u -p -r1.289 if.c
| --- sys/net/if.c  16 May 2014 08:21:54 -  1.289
| +++ sys/net/if.c  16 May 2014 14:15:24 -
| @@ -423,6 +423,9 @@ if_attach(struct ifnet *ifp)
|  #else
|   TAILQ_INSERT_TAIL(ifnet, ifp, if_list);
|  #endif
| +#ifdef INET6
| + ifp-if_xflags |= IFXF_NOINET6;
| +#endif
|  
|   m_clinitifp(ifp);
|  
| wether we need a less obscure ifconfig command than eui64 can be
| discussed after.
| 
| oks?

ok todd@
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: NOINET6 by default

2014-05-15 Thread Todd T. Fries
Penned by Henning Brauer on 20140516  0:26.37, we have:
| * Claudio Jeker cje...@diehard.n-r-g.com [2014-05-15 09:33]:
|  On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote:
|   so as discussed recently having the inet6 link-local addrs on every
|   interface by default is stupid and a security risk.
|   
|   this diff fixes that. well, really two independent parts.
|   one: set the NOINET6 flag by default on each and every interface.
|   two: implement ifconfig if +inet6 to turn inet6 on and assign
|   the link-local addr.
|   
|   this should be transparent for almost all real use cases of inet6
|   since assigning any inet6 address also resets the flag (and ll is
|   assigned then as well).
|   lo0 still gets it's ::1 and fe80::1%lo0 by default.
|   
|   the only use case that needs config adoption: people ONLY using
|   link-local, they will need to put +inet6 in the corresponding
|   hostname.if file.
|   
|   ok?
|  
|  To be honest the right fix would be to get rid of IFXF_NOINET6 and
|  just make it the default. There is no need for such a flag anymore.
| 
| very valid point, I'll happily clean that up right after - one thing
| at a time.

When I travel between networks.. at home with rtsol capable networks ..
and at e.g. a library that does not have native IPv6 .. I find it invaluable
to 'zzz' then upon resume 'ifconfig wpi0 -inet6' for the library and then
'rtsol wpi0' at home.

Just because the new default will be the equivalent of 'ifconfig wpi0 -inet6'
until configured doesn't mean there isn't a use for clearing it later on as 
well.

I wish there were an equivalent for IPv4, but at least dhclient clears the old
address on 'ifconfig wpi0 down' ...

Thanks,
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: NOINET6 by default

2014-05-14 Thread Todd T. Fries
Penned by Henning Brauer on 20140514 22:48.16, we have:
| * Reyk Flöter reyk.floe...@googlemail.com [2014-05-15 01:04]:
|   On 15.05.2014, at 00:46, Henning Brauer lists-openbsdt...@bsws.de wrote:
|   * Mark Kettenis mark.kette...@xs4all.nl [2014-05-15 00:15]:
|   I don't think this is a good idea; didn't we establish the other day
|   that ifconfig if eui64 already did what your +inet6 does?
|   almost, it's ifconfig if inet6 eui64 - but that isn't all THAT
|   intuitive. I like +inet6 as the opposite of -inet6.
|  We don't have + something. It is foo or -foo but not +foo. I know that 
inet6 is already used for the regular addresses, but +inet6 sounds like an 
inconsistent workaround for a workaround. I don't like it.
| 
| just inet6 doesn't work, since that is already used to show all inet6
| addrs. 
| i find +inet6 very intuitive...
| 
|  To enable IPv6 link-local I would rather prefer two options to put
|  either inet6 eui64 (or an alias like inet6 link-local) or an actual
|  inet6 address in your hostname.if. The latter should automatically
|  remove the flag and enable the link-local address - does it work this
|  way? 
| 
| as said many times, yes it does.

I ack that it is a security risk to auto address interfaces without some admin
action.

The proposed solution seems sound, 'inet6 eui64' seems sane.  In theory it
should work, but I must be doing something wrong:

 # ifconfig vether0 create
 # ifconfig vether0 -inet6
 # ifconfig vether0 inet6 eui64
 ifconfig: could not determine link local address

Once that works properly, I say we let the diff in and bikeshed if we
truly need to invent more syntax ('+inet6') that is unlike anything else
vs let the few of us that want this apparently obsecure case add 'inet6
eui64' and be done with it.

Aka, lets not hold up the rest of the functionality just because we
can't agree if we need a further diff to make 'inet6 eui64'
better/faster/easier/another way to skin the cat...

IMHO, its time to polish in the tree.  This is, afterall, a _security_
related diff, no?

Thanks,
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: IPv6 by default

2014-04-29 Thread Todd T. Fries
Penned by Kenneth Westerback on 20140429  8:44.16, we have:
| On 29 April 2014 08:57, Simon Perreault si...@per.reau.lt wrote:
|  Le 2014-04-28 18:43, Kenneth Westerback a écrit :
|  Why is the burden on everyone to provide 'valid' objections?
| 
|  I know that what I proposed cannot go in at the moment. It's my end
|  goal. Now what I want is to have a clear picture of what the issues are,
|  and whether there's anything I can do to help fix them. I'm not putting
|  the burden on anyone except myself.
| 
| 
| I repeat the question - what is the point of your goal to return IPv6
| addresses first? Why change? Even in a world where IPv6 was 99.99% of
| the traffic, what advantages would accrue to having IPv6 addresses
| returned first? I'm not hostile or opposed, I just think this appears
| to be a complete waste of your time.
| 
|  Given the miniscule IPv6 usage out there, why should IPv6 come first?
| 
|  I don't see how usage is relevant. If IPv6 provided 1000% performance
|  improvement with no downsides, we would want to use it even if global
|  usage was low.
| 
| 
| Why would having the IPv6 addresses come first in the returned list be
| required to 'use' them? Please explain.

Many commonly used applications that have the ability to connect to both IPv4 
and
IPv6 will connect to the first address.  This is a mere convenience.

Everybody knows I use IPv6 a lot and I am fine with the resolv.conf 'family 
inet4 inet6'
remaining as it is until a future time if/when it makes sense to change it.

Doing so prematurely does not help.

Thanks,
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: IPv6 by default

2014-04-29 Thread Todd T. Fries
Penned by Otto Moerbeek on 20140429  9:07.54, we have:
| On Tue, Apr 29, 2014 at 10:04:35AM -0400, Simon Perreault wrote:
| 
|  Le 2014-04-29 09:55, Henning Brauer a ?crit :
|   Wouldn't it be better if libasr would run A and  requests in
|   parallel? Whichever response arrives first wins.
|   no, since that gives extremely unpredictable results.
|  
|  How about this then:
|  
|  - Run both requests in parallel.
|  - When one response is received, start a short timer (e.g. 200ms or so).
|  - If the second response is received before the timer expires, sort and
|  return the results as usual.
|  - Otherwise, kill the second request and return what you have.
|  
|  Simon
| 
| I'm still not sure what problem you bare trying to solve. I only see
| added complexity here.
| 
|   -Otto

Some broken routers that dish out dhcp leases and set themselves as the 
recursive
resolver have been reported to not respond when someone queries .

There may be some benifit, but for what percent of users?

Added complexity seems not the direction we want to go in, indeed.

Thanks,
-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: IPv6 by default

2014-04-28 Thread Todd T. Fries
You may not be aware of 'family inet4 inet6' default in resolv.conf that was
specifically changed to that for OpenBSD.

The reasoning given is .. IPv6 is a 2nd class netizen in terms of reliability
and user experience.

If you disagree, consider making the world more robust where IPv6 is concerned,
or perhaps just edit /etc/resolv.conf.

Thanks,

Penned by Simon Perreault on 20140428 17:05.36, we have:
| Tech,
| 
| Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan:
| make getaddrinfo() return IPv6 results first by default.
| 
| The diff below would be the end goal. I guess people will have valid 
objections
| to it. I'd like to know what they are.
| 
| Would it be necessary/desirable to check all calls to getaddrinfo() in base 
and
| add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere
| except special cases which right now I can't think of any)
| 
| Thanks,
| Simon
| 
| 
| Index: lib/libc/asr/asr.c
| ===
| RCS file: /cvs/src/lib/libc/asr/asr.c,v
| retrieving revision 1.33
| diff -u -p -r1.33 asr.c
| --- lib/libc/asr/asr.c26 Mar 2014 18:13:15 -  1.33
| +++ lib/libc/asr/asr.c28 Apr 2014 21:43:52 -
| @@ -518,8 +518,8 @@ asr_ctx_create(void)
|   ac-ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH;
|   ac-ac_refcount = 1;
|   ac-ac_ndots = 1;
| - ac-ac_family[0] = AF_INET;
| - ac-ac_family[1] = AF_INET6;
| + ac-ac_family[0] = AF_INET6;
| + ac-ac_family[1] = AF_INET;
|   ac-ac_family[2] = -1;
|  
|   ac-ac_hostfile = DEFAULT_HOSTFILE;
| Index: share/man/man5/resolv.conf.5
| ===
| RCS file: /cvs/src/share/man/man5/resolv.conf.5,v
| retrieving revision 1.44
| diff -u -p -r1.44 resolv.conf.5
| --- share/man/man5/resolv.conf.5  14 Jul 2013 19:44:39 -  1.44
| +++ share/man/man5/resolv.conf.5  28 Apr 2014 21:43:52 -
| @@ -217,8 +217,8 @@ For example:
|  .It Cm family
|  Specify which type of Internet protocol family to prefer,
|  if a host is reachable using different address families.
| -By default IPv4 addresses are queried first,
| -and then IPv6 addresses.
| +By default IPv6 addresses are queried first,
| +and then IPv4 addresses.
|  The syntax is:
|  .Bd -ragged -offset indent
|  .Cm family Ar family Op Ar family

-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries



Re: rc default PF ruleset too restrictive for DHCPv6

2014-01-18 Thread Todd T. Fries
This seems to make sense.  ok todd@.  Please get at least one other ok though.

Penned by Brad Smith on 20140118 20:57.26, we have:
| On Thu, Jan 09, 2014 at 03:55:44PM -0500, Brad Smith wrote:
|  The default PF ruleset as setup by rc is too restrictive. Have the default
|  ruleset allow for DHCPv6.
| 
| Anyone?
| 
|  Index: rc
|  ===
|  RCS file: /home/cvs/src/etc/rc,v
|  retrieving revision 1.419
|  diff -u -p -u -p -r1.419 rc
|  --- rc  3 Jan 2014 23:24:19 -   1.419
|  +++ rc  9 Jan 2014 20:47:07 -
|  @@ -330,6 +330,8 @@ if [ X${pf} != XNO ]; then
|  RULES=$RULES\npass in inet6 proto icmp6 all icmp6-type 
neighbradv
|  RULES=$RULES\npass out inet6 proto icmp6 all icmp6-type 
routersol
|  RULES=$RULES\npass in inet6 proto icmp6 all icmp6-type 
routeradv
|  +   RULES=$RULES\npass out inet6 proto udp from any port 
dhcpv6-client to any port dhcpv6-server
|  +   RULES=$RULES\npass in inet6 proto udp from any port 
dhcpv6-server to any port dhcpv6-client
|  fi
|  RULES=$RULES\npass proto carp keep state (no-sync)
|  case `sysctl vfs.mounts.nfs 2/dev/null` in
|  
|  -- 
|  This message has been scanned for viruses and
|  dangerous content by MailScanner, and is
|  believed to be clean.
|  
| 
| -- 
| This message has been scanned for viruses and
| dangerous content by MailScanner, and is
| believed to be clean.

-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: ftpd log address format

2013-05-10 Thread Todd T. Fries
Penned by Ted Unangst on 20130504  0:57.40, we have:
| On Sat, May 04, 2013 at 07:26, Martijn van Duren wrote:
|  For a lot of cases this isn't a problem. But there are a couple of
|  instances where the domain name resolves to something a little to
|  generic to be useful to determine it's origin and hence I'm not able to
|  decide if it's a legit connection or not, let alone being able to place
|  it in my firewall.
|  To fix this for myself I made this minor patch to retrieve the ip
|  address instead of the the reverse lookup. This appears to be the same
|  behavior as sshd shows.
| 
| I think this is wise. Reverse lookups are not really useful imo. If
| someone cares, they can always do them later.

I always set 'UseDNS no' in my sshd_config, same argument, and if dns is
borked for any reason, it avoids needless delay getting into an afflicted
system to unbork it.

Thanks,
-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: Show only usable commands in rc.subr usage

2013-04-03 Thread Todd T. Fries
Penned by Antoine Jacoutot on 20130403 10:24.19, we have:
| On Wed, Apr 03, 2013 at 05:14:10PM +0200, Alexander Hall wrote:
|  On 04/03/13 13:42, Vadim Zhukov wrote:
|   This patch makes rc.subr show only supported operations in usage.
|   This avoids some sort of confusion when, e.g., /etc/rc.d/smtpd
|   shows that reload command is allowed, but when you try it,
|   you get reload not supported error.
|   
|   okay?
|  
|  I approve of the idea. Nits inline.
| 
| No need to check for 'check' = this is a mandatory action.
| No need to check for 'restart' = it is 'start'+'stop'

amd does not support stop.
 
|  WBR,
|Vadim Zhukov
|   
|   
|   Index: rc.subr
|   ===
|   RCS file: /cvs/src/etc/rc.d/rc.subr,v
|   retrieving revision 1.68
|   diff -u -p -r1.68 rc.subr
|   --- rc.subr   19 Nov 2012 07:10:59 -  1.68
|   +++ rc.subr   3 Apr 2013 11:35:58 -
|   @@ -25,7 +25,13 @@ rc_err() {
| }
| 
| rc_usage() {
|   - rc_err usage: $0 [-df] {start|check|reload|restart|stop}
|   + local _a _allsup _enotsup
|   + for _a in start check reload restart stop; do
|   + eval _enotsup=\${rc_${_a}}
|   + [ X${_enotsup} != XNO ]  _allsup=$_allsup $_a
|  
|  maybe
|  [ X${_enotsup} != XNO ]  _allsup=${_allsup+$_allsup|}$_a
|  
|   + done
|  
|   + _allsup=`echo $_allsup | sed -e 's/ /|/g'`
|  
|  and skip the line above
|  
|   + rc_err usage: $0 [-df] {${_allsup}}
| }
| 
| rc_write_runfile() {
|   
|  
|  Also, you mix $var and ${var} notation. While I prefer the former
|  unless ${...} is needed for clarity or functionality, we should at
|  least be consequent where possible.
|  
|  /Alexander
| 
| -- 
| Antoine

-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: goodbye to some isa devices

2013-03-26 Thread Todd T. Fries
Penned by Ted Unangst on 20130326  8:09.14, we have:
| On Tue, Mar 26, 2013 at 11:13, Mark Kettenis wrote:
|  Date: Tue, 26 Mar 2013 05:20:27 -0400
|  From: Ted Unangst t...@tedunangst.com
| 
|  These isa devs are already disabled and not particularly popular among
|  our users.  affected: tcic, sea, wds, eg, el
|  
|  The reason these devices are disabled is probably that their probe
|  routines are destructive.  So the fact that they are disabled doesn't
|  necessarily mean that they don't work properly.
|  
|  I don't think maintaining these drivers is currently a huge burden on
|  us.  But decoupling them from the build will almost certainly lead to
|  some degree of bitrot.
| 
| Perfection is achieved when there's nothing left to take away. :)
| 
| It's not so much that we spend time maintaining the source, but I do
| spend time compiling it. And I have to download it (3 times!) every
| time I install a new snapshot. Cumulatively, I've probably spent hours
| of my life waiting for these drivers' bits to go from here to there. I
| will selfishly claim that if I save five minutes of time this year by
| not compiling these files, that right there is more benefit than
| retaining support.
| 
| I targeted disabled devices figuring they were least likely to be
| missed, but I honestly question the utility of any of these ISA
| network and SCSI drivers. They're going to be slow as shit. Besides,
| at this point, due to adding so many new drivers (kernel size has
| more than doubled in last ten years) the minimum RAM requirement is
| basically past ISA only machines. The segment of machines that lack
| PCI but support 32M or more of RAM is very narrow. And unlike sparc or
| vax, I don't think running OpenBSD on some ancient 486 is historically
| interesting.

I have some of these devices actually.  Haven't used them in a few
years, mainly due to office moves and boxes of unpacked unsorted stuff.
I do clearly recall that it is useful to only enable some isa devices if
one has them.

I guess the question is, are we moving to a world where isa is not
supported and/or supportable?

Sure, if I'm doing build tests I'm going to load a box with mem and the
fastest disks and nics I have.

If I'm testing hardware support and such, I'm going to want to get
thorough coverage of the drivers we build and purport to support.

I'd wager a bet that I could make my sea(4) scsi adapter work more
reliably than any variant of usb wi(4), so perhaps we should disable usb
wi(4) to save you time building instead?

Thanks,
-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: cwm duplicate path names

2013-02-26 Thread Todd T. Fries
Given that cwm has origins in 9wm, wouldn't it be appropriate to
have firefox and firefox:0 and firefox:1 ?

Otherwise, your diff makes much sense as if you typed 'firefox'
from the command line, the shell would do what your diff does.

Thanks,

Penned by andre...@zoho.com on 20130226  7:07.23, we have:
| i have both ~/bin/firefox and /usr/local/bin/firefox in PATH
| 
| cwm will display both in preliminary results. this isn't useful
| because both have the same basename, so it's not possible to
| differentiate. not that i would want to distinguish anyway
| 
| patch below uniqs them, preferring programs first in PATH
| 
| Index: xenocara/app/cwm/search.c
| ===
| RCS file: /cvs/xenocara/app/cwm/search.c,v
| retrieving revision 1.26
| diff -p -u -r1.26 search.c
| --- xenocara/app/cwm/search.c 9 Nov 2012 03:52:02 -   1.26
| +++ xenocara/app/cwm/search.c 26 Feb 2013 13:00:57 -
| @@ -217,6 +217,7 @@ void
|  search_match_exec(struct menu_q *menuq, struct menu_q *resultq, char *search)
|  {
|   struct menu *mi, *mj;
| + int  r;
|  
|   TAILQ_INIT(resultq);
|  
| @@ -224,15 +225,16 @@ search_match_exec(struct menu_q *menuq, 
|   if (strsubmatch(search, mi-text, 1) == 0 
|   fnmatch(search, mi-text, 0) == FNM_NOMATCH)
|   continue;
| - for (mj = TAILQ_FIRST(resultq); mj != NULL;
| -  mj = TAILQ_NEXT(mj, resultentry)) {
| - if (strcasecmp(mi-text, mj-text)  0) {
| + TAILQ_FOREACH(mj, resultq, resultentry) {
| + r = strcasecmp(mi-text, mj-text);
| + if (r  0)
|   TAILQ_INSERT_BEFORE(mj, mi, resultentry);
| - break;
| - }
| + if (r = 0)
| + goto a;
|   }
| - if (mj == NULL)
| - TAILQ_INSERT_TAIL(resultq, mi, resultentry);
| + TAILQ_INSERT_TAIL(resultq, mi, resultentry);
| +a:
| + /* nil */;
|   }
|  }
|  

-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: sasync phase 1 issue

2013-02-22 Thread Todd T. Fries
Penned by sven falempin on 20130222 17:05.33, we have:
| On Fri, Feb 22, 2013 at 2:29 PM, sangdrax8 sangdr...@gmail.com wrote:
| 
|  I am new to OpenBSD, but would like to take advantage of a redundant
|  setup with ipsec/carp/sasyncd.  I have run into a situation which seems
|  to be a bug, and was directed to post to tech with config files.
| 
|  I believe my problem is that the phase 1 of an ipsec negotiation is not
|  being synced with sasyncd, causing a repeatable condition where tunnels
|  die for extended periods of time.  I have tried the following with all
|  three machines running 5.1-stable, 5.2-stable, and 5.2-stable with a
|  snapshot kernel from 2/17/2013.  My main problem exists across all three
|  setup types.  I am running 5.2 with the snapshot kernel now as it
|  provides the lifetime setting in ipsec phase 2 to make the testing
|  faster.
| 
| 
|  ### Setup Description ##
| 
|  172.16.10.0/24 behind the carp devices on vlan 2
|  172.16.20.0/24 the other side of the tunnel no vlan
|  1.1.1.0/24 is used for the internet
| 
|  vlan 3 is tagged on Fw's, untagged to the lab1 box connected with a
|  switch between them
| 
|  fw boxes use trunk ports as follows
|  em0 + em1 = trunk0
|  em2 + em3 = trunk1
| 
| 
|  ### Setup Drawing ##
| 
| 
|  172.16.10.0/24
|  
|  .  .   Vlan 2
|  . .3   . .7
| *.  .*
| *  fw1   *  *  fw2   *
| **  **
| *.  .*
|  . 1.1.1.2  .  1.1.1.3
|  .  .
|     Vlan 3 to switch
| . 1.1.1.1
| .
| .
| .
| .
| .
| . 1.1.1.5
|   **.**
|   *  Lab1 *
|   *   *
|   **.**
| .
|  172.16.20.0/24
| 
| 
| 
|  ## How to re-create the problem #
| 
|  Bring all machines up, and allow ipsec to come up (ensuring the fw1 is
|  the master)
| 
|  start ping from 172.16.10.0/24 net to 172.16.20.0/24 net
| 
|  tcpdump on vlan3 on both fw1 and fw2 (only fw1 should show active esp
|  traffic).  Note the spi's seen.  this is spi set 1
| 
|  carp demote fw1 'ifconfg -g carp carpdemote 128'.
| 
|  tcpdump on fw2 should now show the esp (same spi's as before, spi set
|  1), and a large increase in sequence numbers
| 
|  soon after transfer fw2 will do a full phase1 and phase2 re-negotiation
|  (can be seen on the tcpdump).  Spi's will change (referring to this as
|  spi set 2), sequence numbers will reset, and no pings are lost.  This is
|  where I believe the phase 1 is now renegotiated between fw2 and lab1
|  because it was not synced from fw1.
| 
|  recover fw1 as carp master 'ifconf -g carp -carpdemote 128'.
| 
|  tcpdump on fw1 should now show the esp packets (spi's now from set 2),
|  and a large increase in sequence numbers
| 
|  sometimes soon after transfer fw1 will attempt a phase 2 re-key and be
|  denied.  even if it doesn't do it quickly, when the phase 2 begins to
|  time out it will attempt to re-key and be denied at that time.  I have
|  reduced phase 2 to 5 minutes in my tests to allow this to happen more
|  quickly.
| 
|  when phase 2 times out, the pings through the tunnel fail and the tunnel
|  is down.
| 
|  You can fail back to fw2, and a new phase 2 negotiation will take place
|  to resume traffic, otherwise fw1 will not be able to re-build the tunnel
|  until the phase 1 times out (I believe 8 hours default)
| 
|  As a note, if you fail a firewall by actually rebooting it, this problem
|  goes undetected as this clears the SA's.
| 
|  I know this is a long e-mail, but I have tried to provide all the
|  details and configurations that could be needed to re-create this.  I
|  have been able to consistently re-create this issue every time across
|  multiple versions.  If there is anything I have left off, please let me
|  know.
| 
| 
|  ###
|  ## Configuration Files Below ##
|  ###
| 
| 
|  # fw1 configs #
| 
|  == sasyncd.conf ==
|  interface carp3
|  group carp
|  peer 172.16.10.7
|  sharedkey
|  0xf04c0d7fada85a2c0f3fec1db4e52e6d6cbd360936b163133df4917566308bd3
| 
| 
|  == hostname.carp2 ==
|  up
|  inet 172.16.10.1 255.255.255.0 172.16.10.255 vhid 2 pass password
|  carpdev vlan2
| 
|  == hostname.carp3 ==
|  up
|  inet 1.1.1.1 255.255.255.0 1.1.1.255 vhid 3 pass password carpdev vlan3
| 
|  == hostname.em0 ==
|  up
| 
|  == hostname.em1 ==
|  up
| 
|  == hostname.em2 ==
|  up
| 
|  == hostname.em3 ==
|  up
| 
|  == hostname.enc0 

Re: ip6 source address selection and down interfaces

2013-02-19 Thread Todd T. Fries
The source address selection mechanism in IPv4 is to my understanding:

 the first address on the interface associated with the route
 to the remote host

The source address selection mechanism in IPv6 is to my understanding:

 for each of the global addresses on a system, turn it into an integer
 and subtract it from the destination address.  The difference closest
 to zero decides what address will be selected because it is 'closest'.

Personally I'd be happy if IPv6 mimicked IPv4 in this regard.  Other OS's
permit configurable address selection criteria in the kernel, but I'll be
the first to suggest this is not the OpenBSD way.  The default should be
good enough and .. this is not good enough for me in every scenario I've
encountered it.

Naddy may pipe up as well, he's quite familiar with this scenario.

Thanks,

Penned by Stuart Henderson on 20130219 19:11.10, we have:
| Someone trying to replace some latvian boxes with bgpd/npppd mentioned
| a problem with v6 on carp interfaces in 'backup' state where their
| address was used as source address, despite there being an address
| on the carpdev which was up.
| 
| I don't have a proper v6 carp setup handy to test but got a test
| machine into a state with 'ifconfig carp0 down' (which seems should be
| a close enough equivalent to 'carp backup' for tests) which did
| indeed consider the 'down' carp interface as a source address.
| 
| It can be bodged around with pltime 0 of course, but from looking at
| in6_selectsrc() I don't see why it wouldn't just pick the address
| from the interface associated with the route i.e. the one on em0..
| but then I must be missing something as I don't see where pltime 0
| is handled either... does anyone have clues?
| 
| # ifconfig em0
| em0: 
flags=48b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,INET6_NOPRIVACY
 mtu 1500
|   lladdr f0:de:f1:f9:a7:52
|   priority: 0
|   groups: egress
|   media: Ethernet autoselect (1000baseT full-duplex)
|   status: active
|   inet6 fe80::f2de:f1ff:fef9:a752%em0 prefixlen 64 scopeid 0x1
|   inet6 2001:8b0:648e:cc01:f2de:f1ff:fef9:a752 prefixlen 64 autoconf 
pltime 604697 vltime 2591897
|   inet 85.158.44.149 netmask 0xfff0 broadcast 85.158.44.159
| # ifconfig carp0
| carp0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
|   lladdr 00:00:5e:00:01:01
|   priority: 0
|   carp: INIT carpdev em0 vhid 1 advbase 1 advskew 0
|   groups: carp
|   status: invalid
|   inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0xa
|   inet6 2001:8b0:648e:cc01:200:5eff:fe00:101 prefixlen 64 detached 
autoconf pltime 604690 vltime 2591890
|   inet6 2001:8b0:648e:cc01:5c46:9730:9899:1008 prefixlen 64 detached 
autoconf autoconfprivacy pltime 81660 vltime 600216
|   inet6 2001:8b0:648e:cc01::ca1f prefixlen 64
| # $ route -n get -inet6 2001:8b0:648e:cc01:20d:b9ff:fe04:a330
|route to: 2001:8b0:648e:cc01:20d:b9ff:fe04:a330
| destination: 2001:8b0:648e:cc01::
|mask: :::::
|   interface: em0
|  if address: fe80::f2de:f1ff:fef9:a752%em0
|priority: 4 (connected)
|   flags: UP,DONE,CLONING
|  use   mtuexpire
|0 0 0
| # ping6 jodrell
| PING6(56=40+8+8 bytes) 2001:8b0:648e:cc01::ca1f -- 
2001:8b0:648e:cc01:20d:b9ff:fe04:a330
| ^C
| --- jodrell.spacehopper.org ping6 statistics ---
| 3 packets transmitted, 0 packets received, 100.0% packet loss
| 
| 
| # netstat -rnfinet6|grep -e 2001:8b0:648e:cc01 -e carp0
| 2001:8b0:648e:cc01::/64link#1 UC 
70 - 4 em0  
| 2001:8b0:648e:cc01::1  00:0d:b9:17:0c:c4  UHLc   
05 - 4 em0  
| 2001:8b0:648e:cc01::ca1f   link#1 UHLc   
10 - 4 em0  
| 2001:8b0:648e:cc01:200:5eff:fe00:101 00:00:5e:00:01:01  UHL   
 00 - 4 lo0  
| 2001:8b0:648e:cc01:20d:93ff:fe63:da5a 00:0d:93:63:da:5a  UHLc 
  18 - 4 em0  
| 2001:8b0:648e:cc01:20d:b9ff:fe04:a330 00:0d:b9:17:0c:c4  UHLc 
  03 - 4 em0  
| 2001:8b0:648e:cc01:5c46:9730:9899:1008 00:00:5e:00:01:01  UHL 
   00 - 4 lo0  
| 2001:8b0:648e:cc01:f2de:f1ff:fef9:a752 f0:de:f1:f9:a7:52  UHLc
   00 - 4 lo0  
| fe80::%carp0/64link#10UC
120 - 4 carp0
| fe80::200:5eff:fe00:101%carp0  00:00:5e:00:01:01  UHL
00 - 4 lo0  
| fe80::20d:93ff:fe63:da5a%carp0 00:0d:93:63:da:5a  UHLc   
02 - 4 carp0
| fe80::20d:b9ff:fe17:cc4%carp0  00:0d:b9:17:0c:c4  UHLc   
00 - 4 carp0
| ff01::%carp0/32link#10UC 
00 - 4 carp0
| ff02::%carp0/32link#10  

Re: cloneable tun

2012-11-29 Thread Todd T. Fries
Penned by Reyk Floeter on 20121129  6:33.47, we have:
| On Thu, Nov 29, 2012 at 10:59 AM, Mike Belopuhov m...@belopuhov.com wrote:
|  But currently /dev/tunN is usable from any programming language that
|  that can do reads and writes.  With Reyk's changes you need to do an
|  ioctl even for basic usage, which is at best quirky in languages other
|  than C/C++.  That feels like a step backward to me.
| 
|  sure, we can totally leave tun for legacy use in the shell scripts.
|  so i guess reyk should go ahead and implement a dynamic tun interface
|  (dun?) with whatever semantics we need and want.
| 
| Or even better duh? ;-) I wrote this diff because I wanted to
| experiment with clonable device nodes, I still don't like the fact
| that you have to MAKEDEV a device per dynamic interface, and because
| it adds some extra flexibility. But it doesn't have to go anywhere, I
| didn't even waste much time with writing it yesterday in the
| afternoon.
| 
| btw., I like C and it is still my favorite language (sorry, CS
| people). But it shouldn't be a problem to do simple ioctls with most
| other languages except shell scripts.
| 
| #!/usr/bin/perl
| require sys/ioctl.ph;
| $TUNSIFUNIT = _IOC(IOC_INOUT, ord('t'), 90, 4);
| open(TUN0, +/dev/tun0) or die open;
| ioctl(TUN0, $TUNSIFUNIT, $unit = pack(i, -1)) or die ioctl $!;
| print Returned: tun.unpack(i, $unit).\n;
| close(TUN0);
| 
| reyk

Wouldn't it just be easier to auto assign on first read/write if the
$TUNSIFUNIT ioctl has not yet been called?

Thanks,
-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: hostname.if(5) clarification

2012-11-26 Thread Todd T. Fries
Penned by Kenneth R. Westerback on 20121126 12:58.45, we have:
| On Mon, Nov 26, 2012 at 05:40:06PM +, Jason McIntyre wrote:
|  On Mon, Nov 26, 2012 at 07:19:23PM +0200, Paul Irofti wrote:
|   On Mon, Nov 26, 2012 at 04:26:12PM +, Jason McIntyre wrote:
|On Mon, Nov 26, 2012 at 04:30:47PM +0200, Paul Irofti wrote:
| Be more specific about the order of interpretation. Okay?
| 
| diff --git share/man/man5/hostname.if.5 share/man/man5/hostname.if.5
| index b07459f..aa8446f 100644
| --- share/man/man5/hostname.if.5
| +++ share/man/man5/hostname.if.5
| @@ -49,6 +49,8 @@ A configuration file is not needed for lo0.
|  The configuration information is expressed in a line-by-line packed 
format
|  which makes the most common cases simpler; those dense formats are 
described
|  below.
| +The order of the configuration lines matters, they are interpreted 
from the
| +top down.
|  Any lines not matching these packed formats are passed directly to
|  .Xr ifconfig 8 .
|  The packed formats are converted using a somewhat inflexible parser 
and
| 
|
|if we say this, then we should provide guidance to folks about how to
|order the lines. what is the specific problem, or the general rule, that
|you are addressing?
|   
|   Problem:
|   
|   /etc/hostname.iwn0:
|   dhcp
|   nwid foo
|   wpakey bar
|   
|   Gets neighbour's lease then drops it then gets the lease from the foo
|   network using the bar wpakey.
|   
|   Solution:
|   
|   /etc/hostname.iwn0
|   nwid foo
|   wpakey bar
|   dhcp
|   
|   Sets the network to foo and associates a password to it and then tries
|   to get a lease.
|   
|   Order matters. Perhaps there's a better way to phrase it but, as far as
|   guidance goes, I guess it's not quite possible to do that because
|   ifconfig alone has a plethora of possible usages.
|   
|  
|  does dhcp nwid foo wpakey bar give you problems too? because
|  hostname.if(5) suggests it should not:
|  
|  A DHCP-configured network interface setup consists of
|  
|  dhcp options
| 
| There have been problems reported with doing everything on one line in the
| past.

In this scenario 'options' may as well be called 'ifconfig-options'.

|  
|  so if it isn;t working, isn;t that indicative of a worse problem? or
|  that we have not documented how dhcp works sufficiently?
| 
| Not sure how much more we can document here. I'm actually wondering if it
| wouldn't be more clear to eliminate the 'options' processing after 'dhcp',
| i.e. make people do those things on separate, preceeding lines.

Welcome to the pain that is 'do we break backwards compat?'

There is a lot we could do if we could break backwards compat.

|  we can;t just say order matters, but not provide any guidance. having
|  said that, i think the text The packed formats are converted, which i
|  think deraadt added, was meant to address something like this. maybe he
|  remembers?
| 
| Well, hostname.if is simply a mechanism to script ifconfig invocations. If
| you don't know in what order you need to issue the ifconfig invocations
| required to configure your network, I'm not sure if hostname.if can
| explain it in a reasonable amount of space.

Indeed.  The 'shorthand' or 'packed' syntax of hostname.if permits avoiding
typing 'netmask' in the v4 case and 'prefixlen' in the v6 case, for example.
 
|  anyway...i still dislike the idea of just saying order matters. also,
|  could someone really expect the file to not be parsed top down (i don;t
|  know, i'm just asking. it seems unlikely to me you'd start parsing from
|  the end and work up)?
|  
|  jmc
|  
| 
| The misunderstanding I have seen run along the lines that all the
| lines will be processed and then the system will issue a coherent set of
| commands to achieve the described network. When really it is, as I said,
| just a way to put all the ifconfig and related commands in one file.
| 
| . Ken

There is limited intelligence in the hostname.if parser implemented in
sh.  It passes things to ifconfig rather blindly and definitely does
things in order without regards to any intelligence.

If one were to have a hostname.if consisting of:

up
down
up
down
up
down
up
down

You'd need to understand that 'up' is passed to one invocation of
ifconfig, down to another, and so on, in order.

Generally speaking, one line in hostname.if (that is not a comment)
is one action.  The exception is the line beginning with 'dest' which
was invented to permit gif(4) tunnel configuration syntax.

If there are desires to improve this (I hear Naddy grumbling!) then the
stomach to break backwards compat must be present, or suggestions on how
to do it without breaking backwards compat must be suggested.  I'm out
of ideas, but will be glad to work with anyone towards any changes
desired so long as it is clear what the grammar of hostname.if should
look like 

Re: smtpd require auth

2012-10-09 Thread Todd T. Fries
Penned by Bob Beck on 20121009 10:05.42, we have:
| Gilles, I'm actually wondering - should there even be a difference?
| 
| Every practical implementation of 587 I've ever seen requires auth. Is there
| any sane reason to have enable auth not actually require it?  I.E. what
| I'm asking is is enable (without require) simply a silly knob that
| we're putting
| in place that nobody should use?
| 
| If you're accepting without auth, typically I find that's just done on
| port 25 - and
| anywhere I've deployed it that's what we've done.
| 
| does anyone have a real use of port 587 with auth turned on but not required?

Try stupid ISPs that think that filtering port 25 is going to gain them more
business class accounts without such filtering.

Having a single port with the option to accept inbound traffic as well as
authenticated traffic seems to be a use case that could apply to port 25
as well.  Though with the existence of spamd, any sane OpenBSD mail server
is going to have a 'delivery only protected by spamd' port and an 'authenticated
only port without spamd protection'.

I personally now could live w/out the ability to specify 'enable' instead of 
only
having 'require' but in the past I would have found it invaluable.  I am 
familiar
with the phrase 'permitting admins to shoot themselves in the foot', and it 
indeed
seems to be in this same vein of thinking to me.

Thanks,
 
| On Tue, Oct 9, 2012 at 7:48 AM, Gilles Chehade gil...@poolp.org wrote:
|  On Tue, Oct 09, 2012 at 03:43:03PM +0200, Alexander Hall wrote:
|  On 10/09/12 15:33, Gilles Chehade wrote:
|  Argh, you should have talked to me first ...
|  
|  Both require ssl and require auth are implemented already ... I did
|  not commit yet because we stabilized a release and decided to not
|  add new features to it unless they are critical.
|  
|  This feature should be committed in a few days
| 
|  well well, I got the pleasure of pretending to be a real hacker
|  anyway... ;-)
| 
| 
|  Actually, you're diff has a nice idea regarding the enable|require part
|  which we'll incorporate in my diff, so you didn't hack for nothing :-)
| 
|  --
|  Gilles Chehade
| 
|  https://www.poolp.org  @poolpOrg

-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| ..in support of free software solutions. \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: a question concerning make and the shell

2012-09-12 Thread Todd T. Fries
todd@leveno/q2 ~?3$ # $(echo hi  /dev/tty)
todd@leveno/q2 ~?4$ 

I can't say as though I am aware of anything that can be done after a # that
starts the line on the shell.

As a corilary, ':' is different:

todd@leveno/q2 ~?4$ : $(echo hi  /dev/tty)
hi
todd@leveno/q2 ~?5$ 


Penned by Marc Espie on 20120912 10:48.51, we have:
| Consider the common makefile idiom:
| 
| a:
|   # cmd that builds a
|   @cmd
| 
| The # line is actually a comment for the shell, that will be echo'd,
| and then passed to a new shell... which does nothing with it.
| 
| I'm wondering if there are any ways (possibly using \ or stuff like that)
| that there could be an actual command that starts with a #, and then
| would be passed to a shell, and actually get the shell to do something.
| 
| Baring that, the job executor in make can simply echo those #lines and
| skip the expensive fork a shell to do nothing part...
| 
| (I mostly know what our make does, I'm wondering if posix has some ways
| where this could start things, or some other make like solaris/free/net.
| and if we want it.)

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: usermod: lock/unlock local password

2012-09-11 Thread Todd T. Fries
I like the direction this is going.  I've implemented a shell
equivalent in the past for one scenario, but having it in the
tools directly definitely makes life easier.

1000 admins can implement it differently, but this at least
provides consistent behavior and provides a mechanism for
automation that is robust.

I look forward to the next version with '-' added/removed to/from
the users shell ;-)

Thanks,

Penned by Antoine Jacoutot on 20120910 10:01.13, we have:
| Hi.
| 
| This diff adds 2 new options to usermod(8):
| -U to unlock a user's password
| -Z to lock a user's password
| 
| In effect locking/unlocking the password means to add a '!' in front of
| the encrypted entry in master.passwd.
| Note that this disable the _password_ not the account of course (you
| could still connect using ssh+key for e.g.).
| 
| That said, I have some use for it and would like to be able to have this
| if at all possible.
| Behavior is basically the same as Linux's usermod(8) except that I am
| using -Z for locking the password (-Z is for SElinux in Linux land and
| -L is used instead but we use it ourselves for the login class).
| 
| Comments?
| 
| 
| 
| 
| 
| Index: user.c
| ===
| RCS file: /cvs/src/usr.sbin/user/user.c,v
| retrieving revision 1.90
| diff -u -r1.90 user.c
| --- user.c29 Jan 2012 08:38:54 -  1.90
| +++ user.c10 Sep 2012 15:00:21 -
| @@ -100,7 +100,9 @@
|   F_UID   = 0x0400,
|   F_USERNAME  = 0x0800,
|   F_CLASS = 0x1000,
| - F_SETSECGROUP   = 0x4000
| + F_SETSECGROUP   = 0x4000,
| + F_PWLOCK= 0x8000,
| + F_PWUNLOCK  = 0x1
|  };
|  
|  #define CONFFILE /etc/usermgmt.conf
| @@ -1339,11 +1341,14 @@
|   struct group*grp;
|   const char  *homedir;
|   charbuf[LINE_MAX];
| + charlocked_str[] = !;
| + charpw_len[PasswordLength + 1];
|   size_t  colonc, loginc;
|   size_t  cc;
|   FILE*master;
|   charnewdir[MaxFileNameLen];
|   char*colon;
| + char*pw_tmp;
|   int len;
|   int masterfd;
|   int ptmpfd;
| @@ -1359,6 +1364,9 @@
|   if (!is_local(login_name, _PATH_MASTERPASSWD)) {
|   errx(EXIT_FAILURE, User `%s' must be a local user, 
login_name);
|   }
| + if ((up-u_flags  (F_PWLOCK | F_PWUNLOCK))  (pwp-pw_uid == 0)) {
| + errx(EXIT_FAILURE, (un)locking is not supported for `%s', 
pwp-pw_name);
| + }
|   /* keep dir name in case we need it for '-m' */
|   homedir = pwp-pw_dir;
|  
| @@ -1410,6 +1418,29 @@
|   pwp-pw_passwd = up-u_password;
|   }
|   }
| + if (up-u_flags  F_PWLOCK) {
| + if (strncmp(pwp-pw_passwd, locked_str, 
sizeof(locked_str)-1) == 0) {
| +  warnx(user '%s' is already locked, 
pwp-pw_name);
| + } else {
| + pw_tmp = malloc(strlen(pwp-pw_passwd) + 
sizeof(locked_str));
| + if (pw_tmp == NULL) {
| + (void) close(ptmpfd);
| + pw_abort();
| + errx(EXIT_FAILURE, cannot allocate 
memory);
| + }
| + strlcpy(pw_tmp, locked_str, sizeof(pw_len));
| + strlcat(pw_tmp, pwp-pw_passwd, sizeof(pw_len));
| + pwp-pw_passwd = pw_tmp;
| + free (pw_tmp);
| + }
| + }
| + if (up-u_flags  F_PWUNLOCK) {
| + if (strncmp(pwp-pw_passwd, locked_str, 
sizeof(locked_str)-1) != 0) {
| + warnx(user '%s' is not locked, pwp-pw_name);
| + } else {
| + pwp-pw_passwd += sizeof(locked_str)-1;
| + }
| + }
|   if (up-u_flags  F_UID) {
|   /* check uid isn't already allocated */
|   if (!(up-u_flags  F_DUPUID)  
getpwuid((uid_t)(up-u_uid)) != NULL) {
| @@ -1617,7 +1648,7 @@
|   [-p password] [-r low..high]\n
|  [-s shell] [-u uid] user\n, prog);
|   } else if (strcmp(prog, usermod) == 0) {
| - (void) fprintf(stderr, usage: %s [-mov] 
| + (void) fprintf(stderr, usage: %s [-UZmov] 
|   [-c comment] [-d home-directory] [-e expiry-time]\n
|  [-f inactive-time] 
|   [-G secondary-group[,group,...]]\n
| @@ -1788,7 +1819,7 @@
|   free(u.u_primgrp);
|   u.u_primgrp = NULL;
|   have_new_user = 0;
| - while ((c = getopt(argc, argv, 

Re: dhclient ignore

2012-07-27 Thread Todd T. Fries
One can set a dhclient-script to ignore things and then call
the real dhclient-script, but I like this diff better.

Penned by Kenneth R Westerback on 20120726 21:43.39, we have:
| I like this on first read. In fact I thought this already existed.
| I'll actually look more closely at the code tomorrow.
| 
|  Ken
| 
| On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
|  I have a system with two network interfaces (em0 and em1), running dhcp
|  on both. Both dhcp servers provide me with a nameserver, but only one
|  of them works (I can't fix this).  There is a config file for dhclient
|  I can use, but it only supports the supersede keyword.  I don't want
|  to statically configure a nameserver override for em1, because the
|  whole point is that the good nameserver on em0 can change.  I just
|  want to say pretend this option did not arrive.
|  
|  Diff below adds a little support for an ignore keyword.  Like
|  supersede, except don't actually use the supplied value.
|  
|  Index: clparse.c
|  ===
|  RCS file: /cvs/src/sbin/dhclient/clparse.c,v
|  retrieving revision 1.38
|  diff -u -p -r1.38 clparse.c
|  --- clparse.c   10 Dec 2011 17:15:27 -  1.38
|  +++ clparse.c   27 Jul 2012 01:59:10 -
|  @@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
|  if (code != -1)
|  config-default_actions[code] = ACTION_SUPERSEDE;
|  return;
|  +   case TOK_IGNORE:
|  +   code = parse_option_decl(cfile, config-defaults[0]);
|  +   if (code != -1)
|  +   config-default_actions[code] = ACTION_IGNORE;
|  +   return;
|  case TOK_APPEND:
|  code = parse_option_decl(cfile, config-defaults[0]);
|  if (code != -1)
|  Index: conflex.c
|  ===
|  RCS file: /cvs/src/sbin/dhclient/conflex.c,v
|  retrieving revision 1.14
|  diff -u -p -r1.14 conflex.c
|  --- conflex.c   10 Dec 2011 17:36:40 -  1.14
|  +++ conflex.c   27 Jul 2012 01:15:19 -
|  @@ -337,6 +337,7 @@ static const struct keywords {
|  { filename,   TOK_FILENAME },
|  { fixed-address,  TOK_FIXED_ADDR },
|  { hardware,   TOK_HARDWARE },
|  +   { ignore, TOK_IGNORE },
|  { initial-interval,   TOK_INITIAL_INTERVAL },
|  { interface,  TOK_INTERFACE },
|  { lease,  TOK_LEASE },
|  Index: dhclient.c
|  ===
|  RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
|  retrieving revision 1.146
|  diff -u -p -r1.146 dhclient.c
|  --- dhclient.c  9 Jul 2012 16:21:21 -   1.146
|  +++ dhclient.c  27 Jul 2012 01:59:35 -
|  @@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
|  if (config-defaults[i].len) {
|  if (lease-options[i].len) {
|  switch (config-default_actions[i]) {
|  +   case ACTION_IGNORE:
|  +   /* handled below */
|  +   break;
|  case ACTION_DEFAULT:
|  dp = lease-options[i].data;
|  len = lease-options[i].len;
|  @@ -1588,6 +1591,9 @@ supersede:
|  len = lease-options[i].len;
|  dp = lease-options[i].data;
|  } else {
|  +   len = 0;
|  +   }
|  +   if (len  config-default_actions[i] == ACTION_IGNORE) {
|  len = 0;
|  }
|  if (len) {
|  Index: dhclient.conf.5
|  ===
|  RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
|  retrieving revision 1.21
|  diff -u -p -r1.21 dhclient.conf.5
|  --- dhclient.conf.5 9 Apr 2011 19:53:00 -   1.21
|  +++ dhclient.conf.5 27 Jul 2012 02:05:28 -
|  @@ -244,6 +244,14 @@ in the
|   .Ic supersede
|   statement.
|   .It Xo
|  +.Ic ignore No { Op Ar option declaration
|  +.Oo , Ar ... option declaration Oc }
|  +.Xc
|  +If for some set of options the client should always ignore the
|  +value supplied by the server, these values can be defined in the
|  +.Ic ignore
|  +statement.
|  +.It Xo
|   .Ic prepend No { Op Ar option declaration
|   .Oo , Ar ... option declaration Oc }
|   .Xc
|  Index: dhcpd.h
|  ===
|  RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
|  retrieving revision 1.76
|  diff -u -p -r1.76 dhcpd.h
|  --- dhcpd.h 9 Jul 2012 16:21:21 -   1.76
|  +++ dhcpd.h 27 Jul 2012 01:18:18 -
|  @@ -130,6 +130,7 @@ struct client_config {
|  struct option_data

Re: cwm tiling

2012-06-11 Thread Todd T. Fries
Penned by Thomas Pfaff on 20120610  4:35.00, we have:
| On Sun, 10 Jun 2012 00:23:42 -0500
| Todd T. Fries t...@fries.net wrote:
|  Penned by Mike Belopuhov on 20120609  6:17.29, we have:
|  | On Sat, Jun 9, 2012 at 12:41 PM, Stuart Henderson s...@spacehopper.org
|  | wrote:
|  |  personally, I do see benefit to having your diff or something like it 
with
|  |  commands which can be bound that rearrange windows into certain layouts
|  |  on-demand (though I think vtile would be a lot more useful than htile to
|  |  many people with restricted vertical space ;)
|  | 
|  |  but I think that's far enough; to get cwm to work as a full-time tiling
|  |  WM with window rearranging taking place all the time is going to need
|  |  various hacks which just seem at odds with the basic design of cwm.
| 
|  On the tiling thread, so long as tiling is contained behind non default
|  options and not seen otherwise, I don't see the harm.  Yes there's more
|  code, but in this day and age size of the binary is not going to make a
|  huge difference.
| 
| I'm not worried about the size of the binary, I'm more worried about
| the number of lines of code this will end up adding; soon enough people
| will send patches for this and that to suit their tiling needs.  Once
| you go down that road ...

You missed the rest of my email, but the sentiment remains the same.  Let
those that wish to hack on tiling have a playpen to work in that is not
effecting the rest of us.  Why not let tiling take on a life of its own
especially if it is an optional disabled-by-default part of cwm?  Is there
reason not to promote new development?

Best possible outcome would be a spectrwm compat mode to cwm, with perhaps
some options to do other manners of tiling as well.

I could honestly see myself using the ability to shuffle all windows in a
desktop into a cascade manner briefly if only to identify what all is going
on.  I could also use a layout shuffling function to (given space) move all
windows on a given desktop into a visible spot, without adjusting the size
of a given window.

My dream would be the ability to utilize cwm simplicity with the 3d GL API
and do some true 3d style windows management where it is more like navigating
the universe to get to all the open windows versus a limited single plane of
existence with z ordering.  That's a bit outside the scope of tiling, yet it
shows one could have fun and extend existing functionality.

Thanks,
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: cwm tiling

2012-06-09 Thread Todd T. Fries
Penned by Mike Belopuhov on 20120609  6:17.29, we have:
| On Sat, Jun 9, 2012 at 12:41 PM, Stuart Henderson s...@spacehopper.org
| wrote:
|  On 2012/06/09 14:09, Alexander Polakov wrote:
|   I appreciate that the defaults would stay the same, but really,
|   what is the point in doing this? ?cwm can't be everything to
|   everyone.
| 
|  The point is: when you want tiling from time to time, it's impractical
|  to switch to a tiling window manager.
| 
|  the basic tiling isn't really a problem but tiling WMs need various
|  hacks to cope with the many programs that just *don't work* with them.
| 
|  part of this is to cope with window layouts which are stupid when
|  they're tiled, part of it to cope with programs that plain don't like
|  having their windows resized on them immediately when they're created.
| 
|  personally, I do see benefit to having your diff or something like it with
|  commands which can be bound that rearrange windows into certain layouts
|  on-demand (though I think vtile would be a lot more useful than htile to
|  many people with restricted vertical space ;)
| 
|  but I think that's far enough; to get cwm to work as a full-time tiling
|  WM with window rearranging taking place all the time is going to need
|  various hacks which just seem at odds with the basic design of cwm.
| 
| 
|  so +1 for manually-triggered auto rearranging, -1 for turning cwm into
|  something which (dwm|ion|spectrwm|awesome|wmii|xmonad|...) already cater
| for.
| 
| 
| in my very humble opinion what cwm really needs is a nice minimum
| overlap window placement algorithm.  currently users have to point
| the mouse cursor to where they want a new window to be created.
| otherwise the whole thing quickly turns into a mess of overlapped
| windows in the center of the screen.

Given that cwm was started as a plan9 wm alike, and you'd draw the
xterm you wanted to open with the pointer, I think this is counter intuitive
to the current default behavior of cwm.

However, I'd be all for permitting a knob to change this behavior from the
default.

On the tiling thread, so long as tiling is contained behind non default
options and not seen otherwise, I don't see the harm.  Yes there's more
code, but in this day and age size of the binary is not going to make a
huge difference.  Code that is self contained behind knobs that are not
enabled by default seems quite sufficiently separated that there should
not be any issue (or it is not self contained, and will be readily
corrected).

The point about switching wm's is rather to the heart of the matter.  If one
wanted tiling only, one would use spectrwm.  If one wanted non tiling only,
one can use cwm.  If one wants a combination, one must create the diff that
created this thread.

Please commit, ok todd@!

Thanks,
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: Unbound in base

2012-02-17 Thread Todd T. Fries
Penned by Jan Klemkow on 20120217  3:38.24, we have:
| There is an other problem with replacing bind with unbound and nsd.
| If you have a setup where you need to do authoritative and recursive
| resolving of domains with the same socket and you have to synchronise
| with an extern dns server over zone transfers.
| 
| This setup is not possible at the moment with unbound and nsd.
| You need a feature in unbound that it forwards zone transfer requests
| to another dns server.
| 
| I think it could be possible with the unbound python-extension to
| implement such a feature, but in OpenBSD Base there will no unbound
| with this kind of extension.
| 
| I think we need modern bind in ports if we do the replacement. So that
| the admins out there could easily use OpenBSD as a DNS-Server with such
| extra features.
| -- 
| Jan Klemkow

I have totd resolving from unbound which gets some info from nsd on the
same system.  (yes, I should try Ryan's DNS64 unbound diff...)  It is
quite possible, you simply need to configure the various daemons to
see each other at alternate ports and let the recursive be port 53.

If you think you need both recursive and authoritative on the same IP
and port 53, then you miss the point of the separation.  You can
still accomplish this by using pf to redirect traffic based on the
need for recursion vs authoritative service, aka local systems tend to
need recursion while remote only need to see authoritative... but it
is arguably simpler to just use a different IP for each.

Thanks,
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: Unbound in base

2012-02-17 Thread Todd T. Fries
use the stub syntax in unbound.

Penned by Jan Klemkow on 20120217  6:18.33, we have:
| I was working on replacing bind with unbound and nsd a half year ago.
| I run into this problem. I think in local networks you get such setups
| where you have to serve clients with global request like google.de and
| local requests like mail.inhouse.company.com.
| 
| I just want to hint this problem.
| In my opinion the replacement of bind with unbound and nsd is more
| important than the support for this kind of setups :-)
| 
| On Fri, Feb 17, 2012 at 12:01:46PM +0100, Henning Brauer wrote:
|  * Jan Klemkow j.klem...@wemelug.de [2012-02-17 10:45]:
|   There is an other problem with replacing bind with unbound and nsd.
|   If you have a setup where you need to do authoritative and recursive
|   resolving of domains with the same socket and you have to synchronise
|   with an extern dns server over zone transfers.
|  
|  I see no reason to support or even remotely take such a stupid setup
|  into consideration.
|  
|  -- 
|  Henning Brauer, h...@bsws.de, henn...@openbsd.org
|  BS Web Services, http://bsws.de, Full-Service ISP
|  Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully 
Managed
|  Henning Brauer Consulting, http://henningbrauer.com/
|  
| 
| -- 
| Jan Klemkow

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: carp ipv6 ndp issue

2011-08-05 Thread Todd T. Fries
Are you using global IPv6 addresses for your test or link-local addresses
for your test?

I have found that you sometimes need to ping6 the link-local address
on a carp interface from a workstation before it will respond to ndp.

For reference, this scenario happens if you run rtadvd against a carp
interface for fail-over routers to advertise the carp address for routing.

Thanks,

Penned by Florian Fuessl on 20110805  7:00.21, we have:
| Feature or bug?
| 
|  
| 
| Latest snapshot /bsd kernel (03. Aug. 11) does not react to neighbor
| discovery requests for inet6 address on carp master interface, here.
| 
|  
| 
| -Florian

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: softraid crypto: preallocate crypops and dma buffers.

2011-06-20 Thread Todd T. Fries
Penned by roberth on 20110620 21:05.14, we have:
| On Mon, 20 Jun 2011 20:12:28 -0500
| Marco Peereboom sl...@peereboom.us wrote:
| 
|  I am liking this diff quite a bit but it needs more testers.  So if
|  you are using softraid crypto please try this diff.
| 
| Still working for me.

And me.

Volume  Status   Size Device  
softraid0 0 Online  262939136 sd0 RAID1
  0 Online  262939136 0:0.0   noencl wd0a
  1 Online  262939136 0:1.0   noencl wd1a
softraid0 1 Online99755925504 sd1 CRYPTO
  0 Online99755925504 1:0.0   noencl wd1d
softraid0 2 Online 9228489728 sd2 CRYPTO
  0 Online 9228489728 2:0.0   noencl wd0d

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: ifconfig(8) tunnel and address families

2011-05-18 Thread Todd T. Fries
Penned by Stuart Henderson on 20110516  5:59.19, we have:
| Re http://permalink.gmane.org/gmane.os.openbsd.misc/185629
| To set IPv6 tunnel endpoints for gif/gre, you have to use
| syntax like ifconfig gif0 inet6 tunnel 1::1 2::2 rather
| than just ifconfig gif0 tunnel 1::1 2::2.
| 
| This is because settunnel provides an af hint to getaddrinfo,
| so it only considers addresses of a specified family.
| 
| The code already checks that the families match, so the hint
| seems to be pointless. How about this diff? Works as expected
| in my tests with v4 and v6.
| 
| 
| Index: ifconfig.c
| ===
| RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
| retrieving revision 1.246
| diff -u -p -u -7 -r1.246 ifconfig.c
| --- ifconfig.c23 Mar 2011 18:36:41 -  1.246
| +++ ifconfig.c16 May 2011 10:53:39 -
| @@ -3151,27 +3151,23 @@ in6_status(int force)
|  }
|  #endif /*INET6*/
|  
|  #ifndef SMALL
|  void
|  settunnel(const char *src, const char *dst)
|  {
| - struct addrinfo hints, *srcres, *dstres;
| + struct addrinfo *srcres, *dstres;
|   int ecode;
|   struct if_laddrreq req;
|  
| - memset(hints, 0, sizeof(hints));
| - hints.ai_family = afp-af_af;
| - hints.ai_socktype = SOCK_DGRAM; /*dummy*/
| -
| - if ((ecode = getaddrinfo(src, NULL, hints, srcres)) != 0)
| + if ((ecode = getaddrinfo(src, NULL, NULL, srcres)) != 0)
|   errx(1, error in parsing address string: %s,
|   gai_strerror(ecode));
|  
| - if ((ecode = getaddrinfo(dst, NULL, hints, dstres)) != 0)
| + if ((ecode = getaddrinfo(dst, NULL, NULL, dstres)) != 0)
|   errx(1, error in parsing address string: %s,
|   gai_strerror(ecode));
|  
|   if (srcres-ai_addr-sa_family != dstres-ai_addr-sa_family)
|   errx(1,
|   source and destination address families do not match);

This solution is much better than what I've been doing in hostname.if(5) files:

 !ifconfig \$if inet6 tunnel ...

This looks ok to me, I really like this solution.
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: Optionally ignore host/network is down errors for ping(8)

2011-05-13 Thread Todd T. Fries
Penned by Alexander Hall on 20110513  2:22.36, we have:
| On 05/13/11 04:54, Todd T. Fries wrote:
| 
|  ping host 21 | awk '/is down/{next}{print}'
| 
| grep -v was too trivial, was it? ;-D

sed -n '/is down/{p;}'

Just depends on how granular and what makes most sense to you.

Multiple ways to skin this cat, er paint this bikeshed, etc..
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: Optionally ignore host/network is down errors for ping(8)

2011-05-12 Thread Todd T. Fries
Utilities which go into the install media should not be grown without
cause, or at the very least, growth wrapped with #ifndef SMALL.

I think if you want some messages quieted, maybe you should look up
some standard unix utilities.

ping host 21 | awk '/is down/{next}{print}'

Penned by Vadim Zhukov on 20110512 17:54.19, we have:
| Hello all.
| 
| Following diff adds new option to ping(8), making it not output
| messages host is down and network is down. Very useful when you're
| monitoring/fixing routing problems, with ping started in one window, and
| you already know that no packets mean problems, and error messages just
| spam your window. Works for me for a long time.
| 
| Mnemonic for -W is Wait until this shit comes up. :)
| 
| If this goes in, I'll do the same for ping6(8).
| 
| -- 
|   Best wishes,
| Vadim Zhukov
| 
| A: Because it messes up the order in which people normally read text.
| Q: Why is top-posting such a bad thing?
| A: Top-posting.
| Q: What is the most annoying thing in e-mail?
| 
| 
| Index: ping.8
| ===
| RCS file: /cvs/src/sbin/ping/ping.8,v
| retrieving revision 1.45
| diff -u -p -r1.45 ping.8
| --- ping.83 Jul 2010 04:44:51 -   1.45
| +++ ping.812 May 2011 22:46:41 -
| @@ -39,7 +39,7 @@
|  .Sh SYNOPSIS
|  .Nm ping
|  .Bk -words
| -.Op Fl DdEefLnqRrv
| +.Op Fl DdEefLnqRrvW
|  .Op Fl c Ar count
|  .Op Fl I Ar ifaddr
|  .Op Fl i Ar wait
| @@ -192,6 +192,13 @@ Verbose output.
|  ICMP packets other than
|  .Dv ECHO_REPLY
|  that are received are listed.
| +.It Fl W
| +Do not print
| +.Dq Host is down
| +or
| +.Dq Network is down
| +error messages.
| +Mnemonic: Wait until it come up.
|  .It Fl w Ar maxwait
|  Specifies the maximum number of seconds to wait for responses
|  after the last request has been sent.
| Index: ping.c
| ===
| RCS file: /cvs/src/sbin/ping/ping.c,v
| retrieving revision 1.88
| diff -u -p -r1.88 ping.c
| --- ping.c3 Jul 2010 04:44:51 -   1.88
| +++ ping.c12 May 2011 22:46:41 -
| @@ -108,6 +108,7 @@ int options;
|  #define  F_SO_JUMBO  0x1000
|  #define  F_AUD_RECV  0x2000
|  #define  F_AUD_MISS  0x4000
| +#define  F_NODOWN0x8000
|  
|  /* multicast options */
|  int moptions;
| @@ -201,7 +202,7 @@ main(int argc, char *argv[])
|   preload = 0;
|   datap = outpack[8 + sizeof(struct tvi)];
|   while ((ch = getopt(argc, argv,
| - DEI:LRS:c:defi:jl:np:qrs:T:t:V:vw:)) != -1)
| + c:DdEefI:i:jL:l:np:qRrS:s:T:t:V:vWw:)) != -1)
|   switch(ch) {
|   case 'c':
|   npackets = (unsigned long)strtonum(optarg, 0,
| @@ -319,6 +320,9 @@ main(int argc, char *argv[])
|   case 'v':
|   options |= F_VERBOSE;
|   break;
| + case 'W':
| + options |= F_NODOWN;
| + break;
|   case 'w':
|   maxwait = (unsigned int)strtonum(optarg, 1, INT_MAX,
|   errstr);
| @@ -653,11 +657,15 @@ pinger(void)
|   sizeof(whereto));
|  
|   if (i  0 || i != cc)  {
| - if (i  0)
| - perror(ping: sendto);
| - snprintf(buf, sizeof buf, ping: wrote %s %d chars, ret=%d\n,
| - hostname, cc, i);
| - write(STDOUT_FILENO, buf, strlen(buf));
| + if (i = 0 || (errno != ENETDOWN  errno != EHOSTDOWN) ||
| + (options  F_NODOWN) != F_NODOWN) {
| + if (i  0)
| + perror(ping: sendto);
| + snprintf(buf, sizeof buf,
| + ping: wrote %s %d chars, ret=%d\n,
| + hostname, cc, i);
| + write(STDOUT_FILENO, buf, strlen(buf));
| + }
|   }
|   if (!(options  F_QUIET)  options  F_FLOOD)
|   (void)write(STDOUT_FILENO, DOT, 1);
| @@ -1363,7 +1371,7 @@ void
|  usage(void)
|  {
|   (void)fprintf(stderr,
| - usage: ping [-DdEefLnqRrv] [-c count] [-I ifaddr] [-i wait]\n
| + usage: ping [-DdEefLnqRrWv] [-c count] [-I ifaddr] [-i wait]\n
|   \t[-l preload] [-p pattern] [-s packetsize] [-T tos] [-t ttl]\n
|   \t[-V rtable] [-w maxwait] host\n);
|   exit(1);

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 

Re: cksum(1), print MISSING rather than FAILED for nonexistent files

2011-04-08 Thread Todd T. Fries
I would find it more accurate to report 'fopen FAILED' rather than
expect that all failures to open a file are a result of a missing file.

Penned by Stuart Henderson on 20110408  4:23.44, we have:
| would anyone else find this (or a variation thereof) useful?
| 
| example use: if you download a partial snapshot and would like to
| check files, this makes it easy to identify whether a file actually
| fails the checksum, or whether you just don't have it.
| 
| Index: md5.c
| ===
| RCS file: /cvs/src/bin/md5/md5.c,v
| retrieving revision 1.52
| diff -u -p -r1.52 md5.c
| --- md5.c 27 Oct 2010 15:24:10 -  1.52
| +++ md5.c 8 Apr 2011 09:17:29 -
| @@ -655,7 +655,7 @@ digest_filelist(const char *file, struct
|  
|   if ((fp = fopen(filename, r)) == NULL) {
|   warn(cannot open %s, filename);
| - (void)printf((%s) %s: FAILED\n, algorithm, filename);
| + (void)printf((%s) %s: MISSING\n, algorithm, filename);
|   error = 1;
|   continue;
|   }

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



qemu-old .. relevent or not?

2011-03-21 Thread Todd T. Fries
I've gotten one request to decommission qemu-old.  It surprised me,
as I thought there were still issues with qemu/ even with the semi recent
thread fix as well as performance differences.

Does anybody have objection to retiring qemu-old to the attic or ?

I'd rather not do this prematurely but if the time has come, this is the
right time of release cycle to do it.

Thanks,
-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: qemu-old .. relevent or not?

2011-03-21 Thread Todd T. Fries
I withdraw any thoughts of removing qemu-old anytime soon based on feedback.

Henning confirms performance gains for keeping it.

And we have a reminder that while kqemu is not recommended, it is only usable
on qemu-old.

Penned by Todd T. Fries on 20110321 15:58.35, we have:
| I've gotten one request to decommission qemu-old.  It surprised me,
| as I thought there were still issues with qemu/ even with the semi recent
| thread fix as well as performance differences.
| 
| Does anybody have objection to retiring qemu-old to the attic or ?
| 
| I'd rather not do this prematurely but if the time has come, this is the
| right time of release cycle to do it.
| 
| Thanks,
| -- 
| Todd Fries .. t...@fries.net
| 
|  _
| | \  1.636.410.0632 (voice)
| | Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| | http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| | 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| | ..in support of free software solutions.  \  sip:4052279...@ekiga.net
|  \\
|  
|   37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
| http://todd.fries.net/pgp.txt

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: usb: don't wait if dying

2010-12-14 Thread Todd T. Fries
This makes a lot of sense.

Penned by Jacob Meuser on 20101214 10:41.43, we have:
| ok?
| 
| -- 
| jake...@sdf.lonestar.org
| SDF Public Access UNIX System - http://sdf.lonestar.org
| 
| Index: usb_subr.c
| ===
| RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v
| retrieving revision 1.75
| diff -u -p usb_subr.c
| --- usb_subr.c6 Dec 2010 04:30:57 -   1.75
| +++ usb_subr.c14 Dec 2010 16:16:32 -
| @@ -351,6 +351,9 @@ usb_delay_ms(usbd_bus_handle bus, u_int ms)
|  void
|  usbd_delay_ms(usbd_device_handle dev, u_int ms)
|  {
| + if (usbd_is_dying(dev))
| + return;
| +
|   usb_delay_ms(dev-bus, ms);
|  }

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: hotplug(4) r1.10 ignoring hotplug_put_event() prior to hotplugopen() [Was: hotplugd(8) ignoring devices attached before boot]

2010-12-13 Thread Todd T. Fries
I echo Mark's sentiments, though for a different reason.

Softraid crypto volumes take time to fsck, yet are useful to use.

In my case I can wait 20+min for my personal laptop to be useful, or I
can wait 5min and let the rest fsck while I get to be productive.  The
laptop has /usr, /var, /tmp, /home, /usr/obj, /usr/src, /usr/ports
amongst other partitions.  I've marked all but the first four as
'noauto' and then use the hotplug attach routine to fsck and mount the
rest, which are not necessary for me to be productive and check email.

Since this change, I've hardcoded the scripts, but would definately
prefer the prior behavior.

Thanks,

Penned by Mark Kettenis on 20101213  6:41.17, we have:
|  Date: Mon, 13 Dec 2010 12:48:55 +0100
|  From: MERIGHI Marcus mcmer-open...@tor.at
|  
|   That sounds good.  I was aware of the change, but didn't think anybody
|   would notice. :)
| 
| A bit late to the game, but I don't really agree with Tedu that the
| changed behaviour is an improvement.  Say I have configured
| hotplugd(8) such that it automatically mounts things when I plug in my
| camera.  Now I reboot my machine, without unplugging the camera.
| Previously hotplugd(8) would remount things upon boot.  Now suddenly
| it doesn't and I have to unplug and replug the camera.
| 
|  Index: share/man/man4/hotplug.4
|  ===
|  RCS file: /cvs/src/share/man/man4/hotplug.4,v
|  retrieving revision 1.3
|  diff -u -r1.3 hotplug.4
|  --- share/man/man4/hotplug.431 May 2007 19:19:50 -  1.3
|  +++ share/man/man4/hotplug.413 Dec 2010 11:29:30 -
|  @@ -31,7 +31,8 @@
|   .Nm
|   pseudo-device passes device attachment and detachment events to
|   userland.
|  -When a device attaches or detaches, the corresponding event is queued.
|  +Once the device is opened by userland, when a device attaches or detaches, 
|  +the corresponding event is queued.
|   The events can then be obtained from the queue through the
|   .Xr read 2
|   call on the
| 
| That looks like an improvement to me.
| 
|  Index: usr.sbin/hotplugd/hotplugd.8
|  ===
|  RCS file: /cvs/src/usr.sbin/hotplugd/hotplugd.8,v
|  retrieving revision 1.10
|  diff -u -r1.10 hotplugd.8
|  --- usr.sbin/hotplugd/hotplugd.820 Mar 2009 17:53:14 -  1.10
|  +++ usr.sbin/hotplugd/hotplugd.813 Dec 2010 11:26:51 -
|  @@ -26,9 +26,11 @@
|   .Sh DESCRIPTION
|   The
|   .Nm
|  -daemon monitors the
|  +daemon opens the
|   .Xr hotplug 4
|  -pseudo-device, acting on signaled events by executing the scripts in the
|  +pseudo-device and thus enables event signaling.
|  +It then monitors the device, acting on signaled events by executing the 
|  +scripts in the
|   .Pa /etc/hotplug
|   directory.
|   By default it uses the
| 
| But this just seems to change the wording without actually changing
| the meaning.  I think the existing wording is better.
| 
|  Index: sys/dev/hotplug.c
|  ===
|  RCS file: /cvs/src/sys/dev/hotplug.c,v
|  retrieving revision 1.10
|  diff -u -r1.10 hotplug.c
|  --- sys/dev/hotplug.c   2 Dec 2010 04:12:35 -   1.10
|  +++ sys/dev/hotplug.c   13 Dec 2010 11:41:59 -
|  @@ -89,6 +89,13 @@
|  printf(hotplug: event lost, queue full\n);
|  return (1);
|  }
|  +
|  +   /* 
|  +* Do not queue events prior to hotplugopen anymore. This prevents 
|  +* problems where the device is both attached and detached before 
|  +* the device is opened.
|  +*/
| 
| Adding comments like this, describing historical behaviour really
| isn't such a good idea.

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt



Re: hotplug(4) r1.10 ignoring hotplug_put_event() prior to hotplugopen() [Was: hotplugd(8) ignoring devices attached before boot]

2010-12-13 Thread Todd T. Fries
Depends, create an OpenBSD partition between mbr and 1st sector of the msdos fs,
lie and say there lies a 4.2BSD filessytem just enough to permit writing a 
disklabel,
and wallah:

t...@blue/pF ~9$ sudo fdisk sd1
Disk: sd1   geometry: 248/255/63 [3987456 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 06  0 130  60 -248  52  60 [8249: 3979207 ] DOS  32MB  
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
t...@blue/pF ~10$ sudo disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: BlackBerry SD   
duid: 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 248
total sectors: 3987456
boundstart: 0
boundend: 3987456
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  c:  39874560  unused   
  i:  3979207 8249   MSDOS  
t...@blue/pF ~11$ sudo fdisk -e sd1
Enter 'help' for information
fdisk: 1 e 3
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
Partition id ('0' to disable)  [0 - FF]: [0] (? for help) a6
Do you wish to edit in CHS mode? [n] 
offset: [0] 1
size: [0] 8248
fdisk:*1 p
Disk: sd1   geometry: 248/255/63 [3987456 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 06  0 130  60 -248  52  60 [8249: 3979207 ] DOS  32MB  
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: A6  0   0   2 -  0 130  59 [   1:8248 ] OpenBSD 
fdisk:*1 w
Writing MBR at offset 0.
fdisk: 1 q
t...@blue/pF ~12$ sudo disklabel -E sd1
Label editor (enter '?' for help at any prompt)
 a a
offset: [1] 
size: [8248] 
FS type: [4.2BSD] 
 p
OpenBSD area: 1-3987456; size: 3987455; free: 25
#size   offset  fstype [fsize bsize  cpg]
  a: 82231  4.2BSD   2048 163841 
  c:  39874560  unused   
  i:  3979207 8249   MSDOS   
 w
 q
No label changes.
 w
 q
No label changes.
t...@blue/pF ~14$ sudo disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: BlackBerry SD   
duid: 3b5828501def25dc
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 248
total sectors: 3987456
boundstart: 1
boundend: 8249
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a: 82231  4.2BSD   2048 163841 
  c:  39874560  unused   
  i:  3979207 8249   MSDOS

Some have smaller gaps, but it still is pleanty enough space for this.

Penned by Mark Kettenis on 20101213 14:27.51, we have:
|  Date: Mon, 13 Dec 2010 13:17:26 -0500
|  From: Ted Unangst ted.unan...@gmail.com
|  
|  On Mon, Dec 13, 2010 at 7:41 AM, Mark Kettenis mark.kette...@xs4all.nl 
wrote:
|   A bit late to the game, but I don't really agree with Tedu that the
|   changed behaviour is an improvement.  Say I have configured
|   hotplugd(8) such that it automatically mounts things when I plug in my
|   camera.  Now I reboot my machine, without unplugging the camera.
|   Previously hotplugd(8) would remount things upon boot.  Now suddenly
|   it doesn't and I have to unplug and replug the camera.
|  
|  I think the solution to that is to make adding the duid to fstab work.
|   At boot, if the duid exists, it's mounted.  If it doesn't, it doesn't
|  mount but also doesn't error out.  This may already work even, I
|  haven't tried it.
| 
| Sorry, but a FAT-formatted USB device (which most cameras effectively
| are) will never have a duid.

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| 

Re: How to find a uhid device from Vendor and Product ID?

2010-01-22 Thread Todd T. Fries
For the archive, this is what he is wanting to do, or something very similar..

#include stdio.h
#include stdlib.h
#include string.h
#include sys/types.h
#include fcntl.h
#include unistd.h
#include err.h
#include errno.h
#include dev/usb/usb.h

#define VID 0x16C0
#define PID 0x0478

int open_my_usb_device(int vid, int pid);

int
main(int argc, char **argv)
{
return open_my_usb_device(VID, PID);
}


#define UHIDEV  /dev/uhid

int open_my_usb_device(int vid, int pid)
{
struct usb_device_info  di;
const char *dev_name;
char buf[50];
int f,e,i,n;

for (n = 0, i = 0; i  10; i++) {
snprintf(buf, sizeof buf, %s%d, UHIDEV, i);
f = open(buf, O_RDWR);
if (f  0)
continue;

e = ioctl(f, USB_GET_DEVICEINFO, di);
if (e) {
close(f);
continue;
}
if (di.udi_vendorNo == vid  di.udi_productNo == pid)
printf(found one: );

printf(%s: %s(0x%04x), %s(0x%04x), rev %s\n,
buf, di.udi_product, di.udi_productNo,
di.udi_vendor, di.udi_vendorNo, di.udi_release);
n++;
break;
}
if (n == 0)
printf(no uhid found\n);

return f;
}


Penned by Paul Stoffregen on 20100121 12:50.58, we have:
| I'm hoping this is the right list for this question, and please
| forgive me if this is a dumb question or it's been asked before.
| I've tried google and man pages and about a day's worth of coding
| with little success.
| 
| I'm trying to support OpenBSD in a new version of this program
| http://www.pjrc.com/teensy/loader_cli.html  Based on an earlier
| patch from Chris Kuethe, it's working great on OpenBSD.  Well,
| except the /dev/uhid0 device name is hard-coded, and my next version
| will have a feature to use multiple devices at the same time (for
| different functions, based on their product IDs), so hard coding or
| expecting the user to supply the device names just isn't practical.
| 
| My question: how do I figure out which /dev/uhid device file(s), if
| any, corresponds to my device's product and vendor ID numbers?
| Basically, this is what I need to do:
| 
| int open_my_usb_device(int vid, int pid)
| {
|const char *dev_name;
| 
|// TODO: Perform some magic to figure out
|// which /dev/uhid# device is actually the
|// this vendor and product ID.
| 
|dev_name = /dev/uhid0;  // not hard coded like this, nor
| from user input
| 
|return open(dev_name, O_RDWR);
| }
| 
| I've tried opening the /dev/usb devices and calling the
| USB_DEVICEINFO ioctl (originally suggested to me by Todd T Fries).
| This gets very close, but the best I've been able to do is learn
| which uhidev driver (but not uhid) is connected to my device.  For
| example (this code copied at the end of this email):
| 
| $ ./test /dev/usb1
| addr 1: 0x, 0x106b, rev 1.00, drivers:  uhub1
| addr 2: 0x0478, 0x16c0, rev 1.20, drivers:  uhidev0
| 
| This tells me the uhidev0 driver is loaded for my device.  But the
| mapping from uhidev to uhid isn't necessarily 1-to-1.  I need to
| know which uhid device to open!
| 
| So far, the only way I've discovered to learn which uhid device
| corresponds to my hardware is by looking at /var/log/messages.
| 
| $ tail -3 /var/log/messages Jan 21 00:42:11 bsd /bsd: uhidev0 at
| uhub1 port 1 configuration 1 interface 0 vendor 0x16c0 product
| 0x0478 rev 1.10/1.20 addr 2
| Jan 21 00:42:11 bsd /bsd: uhidev0: iclass 3/0
| Jan 21 00:42:11 bsd /bsd: uhid0 at uhidev0: input=0, output=130, feature=0
| 
| I suppose I could write code to try parsing /var/log/messages, but
| that seems like a horribly ugly hack that's bound to fail at some
| point in the future.
| 
| 
| Here is the work in progress.
| 
| http://www.pjrc.com/tmp/teensy_loader_cli.work-in-progress.zip
| 
| I've finished Linux, Windows and Macos support, and BSD is working
| but the device name is hard coded.  I'm truly stuck on this last
| bit, so I'm hoping you might tell me how I can figure out how to
| find the right uhid device for my product/vendor IDs.  This is the
| last piece I need to support BSD as well as the other systems.
| 
| 
| Thanks,
| 
| -Paul
| p...@pjrc.com
| 
| 
| // test.c
| #include stdio.h
| #include string.h
| #include fcntl.h
| #include unistd.h
| #include err.h
| #include dev/usb/usb.h
| // originally suggested by Todd T. Fries
| 
| int
| main(int argc, char **argv)
| {
|struct usb_device_info   di;
|int  i, e,f,a;
| 
|f = open(argv[1], O_RDWR);
|if (f  0) err(1, %s, argv[1]);
| 
|for (a=0; a  USB_MAX_DEVICES; a++) {
|memset(di, 0, sizeof(struct usb_device_info));
|di.udi_addr = a;
|e = ioctl(f

Re: How to find a uhid device from Vendor and Product ID?

2010-01-22 Thread Todd T. Fries
You're right, it was added in November of 2009 .. current snaps required
for this to work. 

Penned by Paul Stoffregen on 20100122  7:19.59, we have:
| Todd T. Fries wrote:
| For the archive, this is what he is wanting to do, or something very 
similar..
| 
| Yes, thank you!  That is exactly what I need.
| 
| My only problem now is that ioctl always returns -1.  My OpenBSD
| test system doesn't seem to be new enough.
| 
| $ uname -a
| OpenBSD bsd.pjrc.com 4.6 GENERIC#58 i386
| 
| I'm downloading install46.iso from the snaphot directory now.
| 
| 
| #include stdio.h
| #include stdlib.h
| #include string.h
| #include sys/types.h
| #include fcntl.h
| #include unistd.h
| #include err.h
| #include errno.h
| #include dev/usb/usb.h
| 
| #define VID 0x16C0
| #define PID 0x0478
| 
| int open_my_usb_device(int vid, int pid);
| 
| int
| main(int argc, char **argv)
| {
|  return open_my_usb_device(VID, PID);
| }
| 
| 
| #define UHIDEV  /dev/uhid
| 
| int open_my_usb_device(int vid, int pid)
| {
| struct usb_device_info  di;
| const char *dev_name;
| char buf[50];
| int f,e,i,n;
| 
| for (n = 0, i = 0; i  10; i++) {
| snprintf(buf, sizeof buf, %s%d, UHIDEV, i);
| f = open(buf, O_RDWR);
| if (f  0)
| continue;
| 
| e = ioctl(f, USB_GET_DEVICEINFO, di);
| if (e) {
| close(f);
| continue;
| }
| if (di.udi_vendorNo == vid  di.udi_productNo == pid)
| printf(found one: );
| 
| printf(%s: %s(0x%04x), %s(0x%04x), rev %s\n,
| buf, di.udi_product, di.udi_productNo,
| di.udi_vendor, di.udi_vendorNo, di.udi_release);
| n++;
| break;
| }
| if (n == 0)
| printf(no uhid found\n);
| 
| return f;
| }
| 
| 
| Penned by Paul Stoffregen on 20100121 12:50.58, we have:
| | I'm hoping this is the right list for this question, and please
| | forgive me if this is a dumb question or it's been asked before.
| | I've tried google and man pages and about a day's worth of coding
| | with little success.
| | | I'm trying to support OpenBSD in a new version of this program
| | http://www.pjrc.com/teensy/loader_cli.html  Based on an earlier
| | patch from Chris Kuethe, it's working great on OpenBSD.  Well,
| | except the /dev/uhid0 device name is hard-coded, and my next version
| | will have a feature to use multiple devices at the same time (for
| | different functions, based on their product IDs), so hard coding or
| | expecting the user to supply the device names just isn't practical.
| | | My question: how do I figure out which /dev/uhid device
| file(s), if
| | any, corresponds to my device's product and vendor ID numbers?
| | Basically, this is what I need to do:
| | | int open_my_usb_device(int vid, int pid)
| | {
| |const char *dev_name;
| | |// TODO: Perform some magic to figure out
| |// which /dev/uhid# device is actually the
| |// this vendor and product ID.
| | |dev_name = /dev/uhid0;  // not hard coded like this,
| nor
| | from user input
| | |return open(dev_name, O_RDWR);
| | }
| | | I've tried opening the /dev/usb devices and calling the
| | USB_DEVICEINFO ioctl (originally suggested to me by Todd T Fries).
| | This gets very close, but the best I've been able to do is learn
| | which uhidev driver (but not uhid) is connected to my device.  For
| | example (this code copied at the end of this email):
| | | $ ./test /dev/usb1
| | addr 1: 0x, 0x106b, rev 1.00, drivers:  uhub1
| | addr 2: 0x0478, 0x16c0, rev 1.20, drivers:  uhidev0
| | | This tells me the uhidev0 driver is loaded for my device.  But
| the
| | mapping from uhidev to uhid isn't necessarily 1-to-1.  I need to
| | know which uhid device to open!
| | | So far, the only way I've discovered to learn which uhid
| device
| | corresponds to my hardware is by looking at /var/log/messages.
| | | $ tail -3 /var/log/messages Jan 21 00:42:11 bsd /bsd: uhidev0
| at
| | uhub1 port 1 configuration 1 interface 0 vendor 0x16c0 product
| | 0x0478 rev 1.10/1.20 addr 2
| | Jan 21 00:42:11 bsd /bsd: uhidev0: iclass 3/0
| | Jan 21 00:42:11 bsd /bsd: uhid0 at uhidev0: input=0, output=130, feature=0
| | | I suppose I could write code to try parsing /var/log/messages,
| but
| | that seems like a horribly ugly hack that's bound to fail at some
| | point in the future.
| | | | Here is the work in progress.
| | | http://www.pjrc.com/tmp/teensy_loader_cli.work-in-progress.zip
| | | I've finished Linux, Windows and Macos support, and BSD is
| working
| | but the device name is hard coded.  I'm truly stuck on this last
| | bit, so I'm hoping you might tell me how I can figure out how to
| | find the right uhid device for my product

Re: ppp(8) cleanup/fix

2009-07-01 Thread Todd T. Fries
Guys,

I tested this and it seems ppp in the tree is busted to the point of not
working without this diff.

If you use ppp please test current snaps to confirm it is busted then
apply claudio's diff below and test again.

If you use ppp and do not test, do not be surprised if it does not work in
the next release.

Thanks,

Penned by Claudio Jeker on 20090630 17:05.28, we have:
| So ppp(8) did insane routing message handling in its sysctl handlers. The
| worst thing about them are that their actually not needed and better
| replaced with libc functions (getifaddrs and if_nametoindex).
| 
| This diff is not haevily tested (my last ppp usage is years ago) so I'm
| hopeing people with ppp(8) issues could give this a whirl and see if it
| fixes the problems.
| -- 
| :wq Claudio
| 
| Index: ppp/arp.c
| ===
| RCS file: /cvs/src/usr.sbin/ppp/ppp/arp.c,v
| retrieving revision 1.15
| diff -u -p -r1.15 arp.c
| --- ppp/arp.c 6 May 2008 06:34:10 -   1.15
| +++ ppp/arp.c 30 Jun 2009 14:52:53 -
| @@ -38,6 +38,7 @@
|  #include sys/un.h
|  
|  #include errno.h
| +#include ifaddrs.h
|  #include stdio.h
|  #include stdlib.h
|  #include string.h
| @@ -229,93 +230,58 @@ int
|  arp_EtherAddr(int s, struct in_addr ipaddr, struct sockaddr_dl *hwaddr,
|int verbose)
|  {
| -  int mib[6], skip;
| -  size_t needed;
| -  char *buf, *ptr, *end;
| -  struct if_msghdr *ifm;
| -  struct ifa_msghdr *ifam;
| -  struct sockaddr_dl *dl;
| -  struct sockaddr *sa[RTAX_MAX];
| -
| -  mib[0] = CTL_NET;
| -  mib[1] = PF_ROUTE;
| -  mib[2] = 0;
| -  mib[3] = 0;
| -  mib[4] = NET_RT_IFLIST;
| -  mib[5] = 0;
| -
| -  if (sysctl(mib, 6, NULL, needed, NULL, 0)  0) {
| -log_Printf(LogERROR, arp_EtherAddr: sysctl: estimate: %s\n,
| -  strerror(errno));
| -return 0;
| -  }
| -
| -  if ((buf = malloc(needed)) == NULL)
| -return 0;
| +  struct sockaddr_dl *dl = NULL;
| +  struct ifaddrs *ifa, *ifap;
| +  int skip = 1;
|  
| -  if (sysctl(mib, 6, buf, needed, NULL, 0)  0) {
| -free(buf);
| +  if (getifaddrs(ifap) != 0) {
| +log_Printf(LogERROR, arp_EtherAddr: getifaddrs: %s\n, strerror(errno));
|  return 0;
|}
| -  end = buf + needed;
|  
| -  ptr = buf;
| -  while (ptr  end) {
| -ifm = (struct if_msghdr *)ptr;   /* On if_msghdr */
| -if (ifm-ifm_type != RTM_IFINFO)
| -  break;
| -ptr += ifm-ifm_msglen;
| -if (ifm-ifm_version != RTM_VERSION)
| -  continue;
| -dl = (struct sockaddr_dl *)(ifm + 1);/* Single _dl at end */
| -skip = (ifm-ifm_flags  (IFF_UP | IFF_BROADCAST | IFF_POINTOPOINT |
| +  for (ifa = ifap; ifa != NULL; ifa = ifa-ifa_next) {
| +if (ifa-ifa_addr-sa_family == AF_LINK) {
| +  dl = (struct sockaddr_dl *)ifa-ifa_addr;
| +  skip = (ifa-ifa_flags  (IFF_UP | IFF_BROADCAST | IFF_POINTOPOINT |
|  IFF_NOARP | IFF_LOOPBACK)) != (IFF_UP | IFF_BROADCAST);
| -while (ptr  end) {
| -  ifam = (struct ifa_msghdr *)ptr;   /* Next ifa_msghdr (alias) */
| -  if (ifam-ifam_type != RTM_NEWADDR)/* finished ? */
| -break;
| -  ptr += ifam-ifam_msglen;
| -  if (ifam-ifam_version != RTM_VERSION)
| -continue;
| -  if (skip || (ifam-ifam_addrs  (RTA_NETMASK|RTA_IFA)) !=
| -  (RTA_NETMASK|RTA_IFA))
| -continue;
| -  /* Found a candidate.  Do the addresses match ? */
| -  if (log_IsKept(LogDEBUG) 
| -  ptr == (char *)ifm + ifm-ifm_msglen + ifam-ifam_msglen)
| -log_Printf(LogDEBUG, %.*s interface is a candidate for proxy\n,
| -  dl-sdl_nlen, dl-sdl_data);
| -
| -  iface_ParseHdr(ifam, sa);
| -
| -  if (sa[RTAX_IFA]-sa_family == AF_INET) {
| -struct sockaddr_in *ifa, *netmask;
| -
| -ifa = (struct sockaddr_in *)sa[RTAX_IFA];
| -netmask = (struct sockaddr_in *)sa[RTAX_NETMASK];
| -
| -if (log_IsKept(LogDEBUG)) {
| -  char a[16];
| -
| -  strncpy(a, inet_ntoa(netmask-sin_addr), sizeof a - 1);
| -  a[sizeof a - 1] = '\0';
| -  log_Printf(LogDEBUG, Check addr %s, mask %s\n,
| - inet_ntoa(ifa-sin_addr), a);
| -}
| -
| -if ((ifa-sin_addr.s_addr  netmask-sin_addr.s_addr) ==
| -(ipaddr.s_addr  netmask-sin_addr.s_addr)) {
| -  log_Printf(verbose ? LogPHASE : LogDEBUG,
| - Found interface %.*s for %s\n, dl-sdl_nlen,
| - dl-sdl_data, inet_ntoa(ipaddr));
| -  memcpy(hwaddr, dl, dl-sdl_len);
| -  free(buf);
| -  return 1;
| -}
| +  continue;
| +}
| +if (skip)
| +  /* Skip unusable interface */
| +  continue;
| +
| +/* Found a candidate.  Do the addresses match ? */
| +if (log_IsKept(LogDEBUG))
| +  log_Printf(LogDEBUG, %.*s interface is a candidate for proxy\n,
| +dl-sdl_nlen, dl-sdl_data);
| +
| +if (ifa-ifa_addr-sa_family == AF_INET) {
| 

Re: 4.5 snapshot installer

2009-05-16 Thread Todd T. Fries
Glad you noticed.  It is a chicken and egg to include a hash on
install media that then itself gets hashed.  Don't expect bsd.rd
to happen.  X is another matter.  It's not realistic to build X
everytime base is built; for that and for other reasons, the
X hashes cannot (yet) be included in the bsd.rd.

Since you asked, I would recommend you not waste your time trying
to figure this out.

Penned by Peter J. Philipp on 20090516 23:42.43, we have:
| Hi,
| 
| I tested the installer from May 14th and noticed that downloaded sets get 
| checked against sha256.  Nice job!  However there is bsd.rd which doesn't 
| get checked and neither do the x* packages.  
| 
| I understand that the checksum of bsd.rd can't be created before the bsd.rd
| image is finished, but I'm left wondering that perhaps at the cost of
| pretty looks a warning be put in place that says warning set bsd.rd will
| not be checksummed.
| 
| Let me know if I should break my head over writing this change in 
| install.sub.
| 
| Regards,
| 
| -peter

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| ..in support of free software solutions.  \  250797 (FWD)
| \
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt