Re: IPv6 DoS sysctl man page additions

2014-04-22 Thread Mike Belopuhov
On 19 April 2014 13:20, Loganaden Velvindron lo...@elandsys.com wrote: On Sat, Apr 19, 2014 at 04:04:30AM -0700, Loganaden Velvindron wrote: Hi All, I'm taking a short break from playing with pf statistics. There were 4 sysctls added from KAME, but the man pages weren't updated accordingly.

Re: iked + isakmpd on the same machine

2014-04-22 Thread Mike Belopuhov
On 22 April 2014 17:13, Philipp e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote: It happened! A remote peer *requires* IKEv2 - and I've to do that on a machine running isakmpd with somewhat 25+ IKEv1 peers. First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad workaround:

Re: iked + isakmpd on the same machine

2014-04-24 Thread Mike Belopuhov
On 22 April 2014 17:40, Claer cl...@claer.hammock.fr wrote: On Tue, Apr 22 2014 at 28:17, Mike Belopuhov wrote: On 22 April 2014 17:13, Philipp e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote: It happened! A remote peer *requires* IKEv2 - and I've to do that on a machine running isakmpd

Re: iked + isakmpd on the same machine

2014-04-24 Thread Mike Belopuhov
On 24 April 2014 12:12, Philipp e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote: Am 22.04.2014 17:28 schrieb Mike Belopuhov: more like it's not supported and is not supposed to work. not supposed as in 'not wanted'? not supposed. it's like running nginx and apache at the same time

Re: Kill in_localaddr()

2014-04-24 Thread Mike Belopuhov
On 24 April 2014 16:41, Martin Pieuchot mpieuc...@nolizard.org wrote: in_localaddr() is used only once in our tree and only if the sysctl net.inet.ip.mtudisc is set to 0. It is used to optimize the size of the MSS if the forward address correspond to a host on one of our subnets. Since it's

Re: iked + isakmpd on the same machine

2014-04-24 Thread Mike Belopuhov
On 24 April 2014 20:25, Chris Cappuccio ch...@nmedia.net wrote: Mike Belopuhov [m...@belopuhov.com] wrote: more like it's not supported and is not supposed to work. it's like running nginx and apache at the same time hey, nginx and httpd run concurrently quite fine on different IP addresses

Re: iked + isakmpd on the same machine

2014-04-24 Thread Mike Belopuhov
On 24 April 2014 22:25, Alexander Hall alexan...@beard.se wrote: On 04/24/14 21:53, Stuart Henderson wrote: On 2014/04/24 20:30, Mike Belopuhov wrote: On 24 April 2014 20:25, Chris Cappuccio ch...@nmedia.net wrote: Mike Belopuhov [m...@belopuhov.com] wrote: more like it's not supported

snmpd: add backend from bgpd to support multiple routing tables

2014-04-28 Thread Mike Belopuhov
This adds ktable code from bgpd to fetch, store and perform lookups in multiple routing tables. Currently it doesn't do anything useful but it's a prerequisite for any future work in this direction. OK to get this in? diff --git usr.sbin/snmpd/kroute.c usr.sbin/snmpd/kroute.c index

Re: data modified on freelist, tmpfs-related?

2014-04-30 Thread Mike Belopuhov
On 30 April 2014 15:55, Mark Kettenis mark.kette...@xs4all.nl wrote: Date: Wed, 30 Apr 2014 15:38:39 +0200 (CEST) From: Mark Kettenis mark.kette...@xs4all.nl Date: Wed, 30 Apr 2014 13:39:20 +0100 From: Stuart Henderson st...@openbsd.org Seen when running e2fsprogs regression tests with

Re: data modified on freelist, tmpfs-related?

2014-04-30 Thread Mike Belopuhov
On 30 April 2014 16:55, Mark Kettenis mark.kette...@xs4all.nl wrote: From: Mike Belopuhov m...@belopuhov.com Date: Wed, 30 Apr 2014 16:00:45 +0200 On 30 April 2014 15:55, Mark Kettenis mark.kette...@xs4all.nl wrote: Date: Wed, 30 Apr 2014 15:38:39 +0200 (CEST) From: Mark Kettenis

Re: Annoying emacs variable in if_spppsubr.c

2014-05-02 Thread Mike Belopuhov
On 2 May 2014 12:09, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote: This one is bugging me each time I start my Emacs session (because Emacs now asks confirmation for most variables). This one would be useful only with hilit19.el (obsolete) from editors/emacs21... if the size of the file

Re: m-m_pkthdr.rcvif and ip6_input()

2014-05-12 Thread Mike Belopuhov
On 12 May 2014 15:12, Martin Pieuchot mpieuc...@nolizard.org wrote: Like the previous diffs, it reduces the number of m-m_pkthdr.rcvif occurrences, this time in ip6_input(). Should be no functional change. Ok? OK

Re: Remove p2p loopback hack in nd6_rtrequest()

2014-05-13 Thread Mike Belopuhov
On Mon, May 12, 2014 at 12:48 +0200, Martin Pieuchot wrote: On 07/05/14(Wed) 12:46, Martin Pieuchot wrote: Diff below stops abusing nd6_rtrequest() for loopback interfaces, which means we can remove the special hack below and reduce the differences with arp_rtrequest(). This diff

Re: snmpd: add backend from bgpd to support multiple routing tables

2014-05-13 Thread Mike Belopuhov
On Mon, Apr 28, 2014 at 14:20 +0200, Mike Belopuhov wrote: This adds ktable code from bgpd to fetch, store and perform lookups in multiple routing tables. Currently it doesn't do anything useful but it's a prerequisite for any future work in this direction. OK to get this in? Any

Re: MI MTU size for lo(4)

2014-05-13 Thread Mike Belopuhov
On 13 May 2014 15:45, Claudio Jeker cje...@diehard.n-r-g.com wrote: With KAME the MTU size of the loopback interface became strange and is actually dependend on the architecture. I see no point in all this just go back to the way it was long long long ago and just use 32k as the MTU. AFAIK all

Re: MI MTU size for lo(4)

2014-05-13 Thread Mike Belopuhov
On 13 May 2014 16:05, Mike Belopuhov m...@belopuhov.com wrote: On 13 May 2014 15:45, Claudio Jeker cje...@diehard.n-r-g.com wrote: With KAME the MTU size of the loopback interface became strange and is actually dependend on the architecture. I see no point in all this just go back to the way

Re: PRU_BIND in raw ip

2014-06-02 Thread Mike Belopuhov
On 28 May 2014 13:36, Martin Pieuchot mpieuc...@nolizard.org wrote: On 28/05/14(Wed) 09:30, Jérémie Courrèges-Anglas wrote: Martin Pieuchot mpieuc...@nolizard.org writes: Diff below replace in_iawithaddr() + in_broadcast() - ifa_ifwithaddr(), that does the same for IPv4 since broadcast

Re: Remove a global variable in ip_input

2014-06-04 Thread Mike Belopuhov
On 4 June 2014 12:30, Martin Pieuchot mpieuc...@nolizard.org wrote: ok? sure

Re: in_pcbbind() and in_broadcast/in_iawithaddr

2014-06-04 Thread Mike Belopuhov
On 3 June 2014 09:18, Martin Pieuchot mpieuc...@nolizard.org wrote: On 02/06/14(Mon) 15:45, Martin Pieuchot wrote: This diff is similar to the one that has been committed to handle the SOCK_RAW binding. I'd like to stop using in_iawithaddr() *and* in_broadcast(). Since these functions are

Re: pf anchor references

2014-06-05 Thread Mike Belopuhov
On Mon, Jun 02, 2014 at 17:51 +0200, Mike Belopuhov wrote: Hi, I've been chasing some bugs in the pfctl anchor code for a couple of weeks and I'm not astonished at how loose the handling is in general. Lot's of rules and checks are being violated by some code paths while honoured by others

Re: pfctl: stricter redirect specs

2014-06-24 Thread Mike Belopuhov
On Tue, Jun 24, 2014 at 15:07 +0200, Mike Belopuhov wrote: I have carefully tested that and do not expect any unrelated fallout. And for the reasons stated above I don't believe anyone is using this since it's largely error prone. and a regress chunk that avoids using such combination

pfctl: better af-to translation specs handling

2014-06-25 Thread Mike Belopuhov
Hi, collapse_redirspec is one of my pet peeve since the af-to support. Unfortunately we didn't put much effort in making it work well back then, but now it is time for a change! Improving upon the last diff here's a collapsed version of the collapse_redirspec, so to speak. Instead of having two

Re: ANONCVS MIRROR MAINTAINERS.. YOU NEED TO READ THIS!

2014-06-26 Thread Mike Belopuhov
On 26 June 2014 08:53, patrick keshishian sids...@boxsoft.com wrote: On Wed, Jun 25, 2014 at 10:01:06PM -0700, patrick keshishian wrote: On Thu, Jun 26, 2014 at 06:37:00AM +0200, Alexander Hall wrote: On 06/25/14 20:52, Bob Beck wrote: If you or someone you love runs an anoncvs server, they

Re: PF Once rules are not removed from main anchor

2014-07-02 Thread Mike Belopuhov
On 21 June 2014 15:36, Alexandr Nedvedicky alexandr.nedvedi...@oracle.com wrote: Hello, I'm not sure it is the right place to submit patches. Let me know if there is better/more appropriate address for this. during our testing we've found the once rules are not removed, when used in main

Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Mike Belopuhov
On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote: Hello all, I use rdomains to split routing domains per company and also separate administration interfaces from routing interfaces on my routers (sshd, bacula,

pf: fixup pf_step_into_anchor to save current anchor rule pointer (2)

2014-07-22 Thread Mike Belopuhov
Hi, This is a second diff and it makes sure that pf_step_into_anchor always saves a pointer to the rule that owns the anchor on the pf anchor stack. There's no reason why we should check for depth here. As a side effect this makes sure that the correct nested anchor gets it's counter bumped

pf: once for match rules?

2014-07-22 Thread Mike Belopuhov
Hi, Before I send a diff for pfctl to disable once on match rules, I've decided to try and see how much work is it to make it actually work. Turns out that I need to extend pf_rule_item by 3 pointers to track the match rule ruleset, anchor rule and the ruleset it belongs to. Here's what this

Re: pf: once for match rules?

2014-08-12 Thread Mike Belopuhov
On Tue, Jul 22, 2014 at 19:03 +0200, Mike Belopuhov wrote: Hi, Before I send a diff for pfctl to disable once on match rules, I've decided to try and see how much work is it to make it actually work. Turns out that I need to extend pf_rule_item by 3 pointers to track the match rule ruleset

Re: Kill MRT_{ADD,DEL}_BW_UPCALL

2014-08-13 Thread Mike Belopuhov
On 13 August 2014 10:56, Martin Pieuchot mpieuc...@nolizard.org wrote: Our multicast routing code is insert your adjective and for the most part unused. We discussed with claudio@ during t2k13 to rewrite only the parts that people currently use, any volunteer? In the meantime, I'd like to

Re: Fix pppoe(4) with rdomain != 0

2014-08-13 Thread Mike Belopuhov
OK On 13 August 2014 11:56, Martin Pieuchot mpieuc...@nolizard.org wrote: ok? Index: net/if_pppoe.c === RCS file: /home/ncvs/src/sys/net/if_pppoe.c,v retrieving revision 1.40 diff -u -p -r1.40 if_pppoe.c --- net/if_pppoe.c

[regress] convert aes testcase from /dev/crypto

2014-08-13 Thread Mike Belopuhov
in order to deprecate crypto(4) interface regress tests need to be converted. this aes test case actually uses ecb vectors, therefore no chaining is required and the code looks very simple. OK? diff --git regress/sys/crypto/aes/Makefile regress/sys/crypto/aes/Makefile index 459aedb..826d98c

[regress] convert aes-ctr test from /dev/crypto

2014-08-13 Thread Mike Belopuhov
this test is converted the same way jsing@ has recently converted an xts test by pulling in xform.c code. OK? diff --git regress/sys/crypto/aesctr/Makefile regress/sys/crypto/aesctr/Makefile index 31ae500..7310dbc 100644 --- regress/sys/crypto/aesctr/Makefile +++

[regress] convert enc (3des) test from /dev/crypto

2014-08-13 Thread Mike Belopuhov
this one with a bit of cheating however (manual cbc implementation). OK? diff --git regress/sys/crypto/enc/Makefile regress/sys/crypto/enc/Makefile index cc29b32..8725f0c 100644 --- regress/sys/crypto/enc/Makefile +++ regress/sys/crypto/enc/Makefile @@ -1,12 +1,21 @@ # $OpenBSD:

/dev/crypto removal (1/3): unlink pseudo device

2014-08-18 Thread Mike Belopuhov
first step is to unlink crypto(4) pseudo device from the architecture dependant character device tables and kernel config files. OK? diff --git sys/arch/alpha/alpha/conf.c sys/arch/alpha/alpha/conf.c index 83cea34..7d103af 100644 --- sys/arch/alpha/alpha/conf.c +++ sys/arch/alpha/alpha/conf.c @@

/dev/crypto removal (2/3): remove kernel support

2014-08-18 Thread Mike Belopuhov
this removes /dev/crypto device interface and public key functionality that is only usable via /dev/crypto. OK? diff --git sys/conf/files sys/conf/files index 3941639..9af78cc 100644 --- sys/conf/files +++ sys/conf/files @@ -870,11 +870,10 @@ file crypto/blf.c (inet ipsec) |

/dev/crypto removal (3/3): userland bits

2014-08-18 Thread Mike Belopuhov
please note that the commented out example usage in etc/MAKEDEV.common remains till someone feels the need to change it. OK? diff --git etc/MAKEDEV.common etc/MAKEDEV.common index bfcd943..b656d46 100644 --- etc/MAKEDEV.common +++ etc/MAKEDEV.common @@ -131,11 +131,10 @@ target(all, wd, 0, 1, 2,

Re: /dev/crypto removal (2/3): remove kernel support

2014-08-18 Thread Mike Belopuhov
On Mon, Aug 18, 2014 at 16:03 +0200, Mike Belopuhov wrote: this removes /dev/crypto device interface and public key functionality that is only usable via /dev/crypto. OK? minor correction: preserve #ifdef _KERNEL in the cryptodev.h. while there are no userland programs including it atm

/dev/crypto removal (3bis): DTYPE_CRYPTO

2014-08-18 Thread Mike Belopuhov
I don't know if we recycle them somehow, but just in case... diff --git sys/sys/file.h sys/sys/file.h index d98118e..64c0f31 100644 --- sys/sys/file.h +++ sys/sys/file.h @@ -67,11 +67,11 @@ struct file { short f_flag; /* see fcntl.h */ #defineDTYPE_VNODE 1 /*

Re: pf: once for match rules?

2014-08-20 Thread Mike Belopuhov
On Tue, Aug 12, 2014 at 18:26 +0200, Mike Belopuhov wrote: On Tue, Jul 22, 2014 at 19:03 +0200, Mike Belopuhov wrote: Hi, Before I send a diff for pfctl to disable once on match rules, I've decided to try and see how much work is it to make it actually work. Turns out that I need

Re: let vlan(4) mtu be limited by the parents hardmtu instead of current mtu

2014-08-27 Thread Mike Belopuhov
On 27 August 2014 13:17, David Gwynne da...@gwynne.id.au wrote: On Tue, Aug 26, 2014 at 09:11:14PM -0400, Brad Smith wrote: On 20/08/14 8:03 PM, David Gwynne wrote: sthen@ says this is likely a bit optimistic. while most of our drivers unconditionally configure their max mru, there's some

Re: let vlan(4) mtu be limited by the parents hardmtu instead of current mtu

2014-08-27 Thread Mike Belopuhov
On 27 August 2014 13:23, David Gwynne da...@gwynne.id.au wrote: On Tue, Aug 26, 2014 at 09:11:14PM -0400, Brad Smith wrote: On 20/08/14 8:03 PM, David Gwynne wrote: sthen@ says this is likely a bit optimistic. while most of our drivers unconditionally configure their max mru, there's some

Re: bge(4) Jumbo support for newer chipsets

2014-08-27 Thread Mike Belopuhov
On 27 August 2014 08:25, Brad Smith b...@comstyle.com wrote: Looking for some testing of the following diff to add Jumbo support for the BCM5714 / BCM5780 and BCM5717 / BCM5719 / BCM5720 / BCM57765 / BCM57766 chipsets. i have tested this on Broadcom BCM5719 rev 0x01, unknown BCM5719

Re: bge(4) Jumbo support for newer chipsets

2014-08-28 Thread Mike Belopuhov
On 28 August 2014 12:32, David Gwynne da...@gwynne.id.au wrote: On 28 Aug 2014, at 3:02 am, Mike Belopuhov m...@belopuhov.com wrote: On 27 August 2014 08:25, Brad Smith b...@comstyle.com wrote: Looking for some testing of the following diff to add Jumbo support for the BCM5714 / BCM5780

Re: minphys woes

2014-08-29 Thread Mike Belopuhov
On 29 August 2014 11:26, Stefan Fritsch s...@sfritsch.de wrote: On Fri, 29 Aug 2014, Miod Vallat wrote: sc-sc_xfer_max is computed according to the host's capabilities. What I want to simulate with this diff is a host adapter that can only cope with transfers 64k == MAXPHYS. Back to your

Re: newfs.8

2014-08-29 Thread Mike Belopuhov
On 29 August 2014 08:19, Jason McIntyre j...@kerhand.co.uk wrote: is this correct? i'm not a user myself, but the text states that special, for mount_mfs, is typically that of the primary swap area. how would you even define the swap area without a disklabel? jmc sort of yes. mount_mfs(8)

Re: newfs.8

2014-08-29 Thread Mike Belopuhov
On 29 August 2014 13:44, Jason McIntyre j...@kerhand.co.uk wrote: On Fri, Aug 29, 2014 at 01:39:57PM +0200, Mike Belopuhov wrote: On 29 August 2014 08:19, Jason McIntyre j...@kerhand.co.uk wrote: is this correct? i'm not a user myself, but the text states that special, for mount_mfs

Re: reduce the number of missed PCB cache with tcpbench -su

2014-08-31 Thread Mike Belopuhov
Daniel, don't reply anything to Damien just yet. Can you please run a simple test on Monday. Try tcpbench -u -n 2 ip (as in multi- connection test) without your patch and then with the patch and see if behavior is changed. Thanks On 29 August 2014 18:01, Damien Miller d...@mindrot.org wrote:

Re: minphys woes

2014-09-01 Thread Mike Belopuhov
On 29 August 2014 22:39, Stefan Fritsch s...@sfritsch.de wrote: On Fri, 29 Aug 2014, Mike Belopuhov wrote: correct me if i'm wrong, but what happens is that bread being a block read reads up to MAXBSIZE which is conveniently set to 64k and you can't create a filesystem with a larger block size

Re: reduce the number of missed PCB cache with tcpbench -su

2014-09-01 Thread Mike Belopuhov
On 29 August 2014 18:01, Damien Miller d...@mindrot.org wrote: What's the benefit of this? This creates a UDP PCB per connection. Otherwise we always rely on matching the wildcard PCB. I've never seen an application do this; I doubt that. However, things like NTP or DNS servers usually

Re: minphys woes

2014-09-01 Thread Mike Belopuhov
On 1 September 2014 13:06, Stefan Fritsch s...@sfritsch.de wrote: On Mon, 1 Sep 2014, Mike Belopuhov wrote: On 29 August 2014 22:39, Stefan Fritsch s...@sfritsch.de wrote: Yes, that seems to be what happens. But if every adapter needs to support transfers of MAXBSIZE == MAXPHYS anyway

Re: bge(4) Jumbo support for newer chipsets

2014-09-02 Thread Mike Belopuhov
On 2 September 2014 03:54, Brad Smith b...@comstyle.com wrote: On Wed, Aug 27, 2014 at 02:25:27AM -0400, Brad Smith wrote: Looking for some testing of the following diff to add Jumbo support for the BCM5714 / BCM5780 and BCM5717 / BCM5719 / BCM5720 / BCM57765 / BCM57766 chipsets. Here is an

Re: splnet() and SIOCSIFADDR

2014-09-03 Thread Mike Belopuhov
On 3 September 2014 15:53, Martin Pieuchot mpieuc...@nolizard.org wrote: On 03/09/14(Wed) 15:25, Martin Pieuchot wrote: Drivers that need a splnet() protection inside their SIOCSIFADDR generally raise the spl level themselves, so we should not need to do that in in{6,}_ifinit(). One exception

Re: RTFREE - rtfree

2014-10-08 Thread Mike Belopuhov
On 8 October 2014 12:24, Martin Pieuchot mpieuc...@nolizard.org wrote: Diff below kills the macro and use the fonction instead since they are equivalent. It also replaces some 0 - NULL where it applies. It does not include the manpage bits, I'll deal with that afterward. I'd appreciate

Re: improving OpenBSD's gmac.c...

2014-10-08 Thread Mike Belopuhov
On 8 October 2014 00:48, John-Mark Gurney j...@funkthat.com wrote: Christian Weisgerber wrote this message on Tue, Oct 07, 2014 at 23:08 +0200: John-Mark Gurney: So, as I was working on FreeBSD's implementation of gmac.c, I noticed that I was able to get a significant speed up by using a

Re: A system without interface?

2014-10-14 Thread Mike Belopuhov
On 14 October 2014 11:01, Martin Pieuchot mpieuc...@nolizard.org wrote: On 08/10/14(Wed) 14:29, Martin Pieuchot wrote: I'm looking after the uses of the global list of interface. These ones are pointless, you always have at least one interface on your system. Ok? Anyone? looks good to

Re: pool page colouring

2014-10-28 Thread Mike Belopuhov
On 28 October 2014 17:02, Ted Unangst t...@tedunangst.com wrote: On Tue, Oct 28, 2014 at 16:49, David Gwynne wrote: when i shuffled the locking in pools around, page colouring was left behind. page colouring is where you offset items within a page if you have enough slack space. the previous

Re: pool page colouring

2014-10-29 Thread Mike Belopuhov
On 29 October 2014 22:52, Ted Unangst t...@tedunangst.com wrote: On Wed, Oct 29, 2014 at 07:25, David Gwynne wrote: i dunno. im fine with either removing colouring altogether or setting it from something else completely. i just want a decision to be made cos right now ph_color isnt set,

Re: Multipath for HOST p2p routes

2014-11-04 Thread Mike Belopuhov
On 4 November 2014 12:51, Martin Pieuchot mpieuc...@nolizard.org wrote: How are we suppose to support configuration with multiple p2p interfaces pointing to the same destination address? Right now only one route to host is added. Diff below replaces a hack that move a host route from one p2p

Re: Kill in_iawithaddr()

2014-11-04 Thread Mike Belopuhov
On 4 November 2014 12:52, Martin Pieuchot mpieuc...@nolizard.org wrote: This function is just a wrapper around ifa_ifwithaddr() and I'd prefer to have less function iterating over the global list of interfaces. ok? what's not immediately apparent is that it also makes sure that the address

Re: network pool names

2014-11-04 Thread Mike Belopuhov
On 4 November 2014 13:23, Martin Pieuchot mpieuc...@nolizard.org wrote: Remove pl suffix, ok? ok with a syncache instead of syn

Re: pool page colouring

2014-11-04 Thread Mike Belopuhov
On 5 November 2014 01:12, Mike Belopuhov m...@belopuhov.com wrote: well, first of all, right now this is a rather theoretical gain. we need to test it to understand if it makes things easier. err. i meant to say go faster not easier.

Re: pool page colouring

2014-11-04 Thread Mike Belopuhov
On 5 November 2014 00:38, David Gwynne da...@gwynne.id.au wrote: On 30 Oct 2014, at 07:52, Ted Unangst t...@tedunangst.com wrote: On Wed, Oct 29, 2014 at 07:25, David Gwynne wrote: i dunno. im fine with either removing colouring altogether or setting it from something else completely. i

Re: iked responds with esp over external ips.

2014-11-05 Thread Mike Belopuhov
On 4 November 2014 17:06, Martin Larsson martin.larss...@gmail.com wrote: Hello! I've setup a tunnel between OpenBSD 5.6 using iked and an openwrt router running strongswan. The tunnel works great with ping and other traffic but traffic between the two external ip's dies. This is a

Re: iked responds with esp over external ips.

2014-11-05 Thread Mike Belopuhov
On 5 November 2014 13:28, Mike Belopuhov m...@belopuhov.com wrote: On 4 November 2014 17:06, Martin Larsson martin.larss...@gmail.com wrote: Hello! I've setup a tunnel between OpenBSD 5.6 using iked and an openwrt router running strongswan. The tunnel works great with ping and other traffic

Re: 5.6 Icmp6 checksum / pf

2014-11-10 Thread Mike Belopuhov
On Sun, Nov 09, 2014 at 10:17 +0100, Bastien Durel wrote: Hi, I recently upgraded to 5.6, and got problems with icmpv6 I have a gif tunnel for IPv6: [root@fremen root]# ifconfig gif0

Re: improving OpenBSD's gmac.c...

2014-11-12 Thread Mike Belopuhov
On 10 October 2014 02:39, Damien Miller d...@mindrot.org wrote: On Thu, 9 Oct 2014, Christian Weisgerber wrote: John-Mark Gurney: I also have an implementation of ghash that does a 4 bit lookup table version with the table split between cache lines in p4 at:

Re: divert-to with sockets bound to any

2013-06-19 Thread Mike Belopuhov
On 19 June 2013 20:20, Reyk Floeter r...@openbsd.org wrote: On Wed, Jun 19, 2013 at 08:00:01PM +0200, Reyk Floeter wrote: OK? I forgot the in6_pcblookup_listen() case, updated diff below. Reyk it boils down to the pcb lookup magic as i thought; ok mikeb.

Re: pf(4) man page: fix two errors

2013-07-02 Thread Mike Belopuhov
On 2 July 2013 17:38, Lawrence Teo l...@openbsd.org wrote: This diff fixes two errors on the pf(4) man page: 1. DIOCSETSTATUSIF has not used struct pfioc_if since pf_ioctl.c rev 1.234; it now uses struct pfioc_iface. Since the definition of pfioc_iface is already listed under

Stop calling IPsec and pf under splnet

2013-07-12 Thread Mike Belopuhov
Hi, As it was pointed out by dhill there are some rogue splnets in the tcp_input that shouldn't be there really. The only reason they're still there is to match overzealous splnets in bridge_ broadcast. bridge_ifenqueue is the only function call in there that requires splnet protection since

ix(4) driver update to latest FreeBSD/Intel source code

2013-07-12 Thread Mike Belopuhov
Hi, The following diff updates most of the ix(4) driver to what FreeBSD and Intel have today. Most importantly it introduces support for the Ethernet flow control. Please test and report. OK's are welcome as well. http://theapt.org/~mike/ix.diff http://theapt.org/~mike/ix-w.diff (less

Re: include netinet/in_var.h in dev

2013-08-06 Thread Mike Belopuhov
On 6 August 2013 03:54, Alexander Bluhm alexander.bl...@gmx.net wrote: Hi, For an upcoming change in in6_var.h I would like to minimize the impact. Most network drivers include netinet/in_var.h, but apparently they don't have to. Can we remove these includes? compiled on amd64 and i386

Re: Insert new IPv4 addresses at only one place

2013-08-07 Thread Mike Belopuhov
On 7 August 2013 15:07, Martin Pieuchot mpieuc...@nolizard.org wrote: Diff below deduplicate and move the code adding a new address to the global list into in_ifinit(), there's no functional change. While here add a comment about why we always delete addresses from the tree during update.

Re: Constify the null sockaddr in arp_rtrequest()

2013-08-08 Thread Mike Belopuhov
On 8 August 2013 12:35, Martin Pieuchot mpieuc...@nolizard.org wrote: arp_rtrequest() uses a default static sockaddr_dl which is only used read-only: it is copied by rt_setgate(). I'd like to constify this structure to make it clear no value can be trashed if code using it is run in parallel.

Re: tedu netatm

2013-08-09 Thread Mike Belopuhov
On 9 August 2013 09:36, Martin Pieuchot mpieuc...@nolizard.org wrote: It's me again :) With a freshly updated and tested diff to tedu netatm. I got no objection since I raised the issue 5 months ago [0], so I'm now looking for oks. [0] http://marc.info/?l=openbsd-techm=136335787207091w=2 i

ray(4) removal

2013-08-13 Thread Mike Belopuhov
to make mpi's life a tad easier and also lose some weight, i'd like to move rat(4) to the attic. mpi, kettenis, jsg and henning agree. i'll commit the diff if noone objects. henning has also suggested to remove the pre-wifi era cnw(4). if there's interest i can cook a diff for that as well, but

Re: rtsold ioctl sysctl

2013-08-15 Thread Mike Belopuhov
On Thu, Aug 15, 2013 at 00:39 +0200, Alexander Bluhm wrote: Hi, I would like to replace the obsolete ioctl(SIOCGDRLST_IN6) interface with sysctl(net.inet6.icmp6.nd6_drlist) in rtsold. Code copied from ndp. ok? looks good to me. OK

Re: remove obsolete nd6 ioctls

2013-08-15 Thread Mike Belopuhov
On 15 August 2013 17:34, Alexander Bluhm alexander.bl...@gmx.net wrote: Hi, After converting the last user of ioctl(SIOCGDRLST_IN6) to sysctl, I would like to remove dead kernel ioctl code. Is it save to just delete this? ok? bluhm if ports are fine with it, i'm fine as well (:

Re: threaded prof signals

2013-08-16 Thread Mike Belopuhov
On 16 August 2013 09:23, Ted Unangst t...@tedunangst.com wrote: Actually, here's my concern. There's only one timeout for the process. What happens when two threads are running on two CPUs? Is there a guarantee that cpu0 will both set and execute the timeout before cpu1 sets it, or is there a

Re: Stop using static variables in ICMP

2013-08-19 Thread Mike Belopuhov
On 9 August 2013 11:04, Martin Pieuchot mpieuc...@nolizard.org wrote: This is the last episode from the first season of the serie, move your variables to the stack. Like in the previous episodes, this one will let us execute the various icmp functions in parallel without risk of trashing a

Re: src/sbin/ifconfig: missing include

2013-08-19 Thread Mike Belopuhov
On 19 August 2013 12:52, David Coppa dco...@gmail.com wrote: This misses util.h: cc -O2 -pipe -fno-pie -Wall -DINET6 -c /usr/src/sbin/ifconfig/ifconfig.c /usr/src/sbin/ifconfig/ifconfig.c: In function 'setifwpakey': /usr/src/sbin/ifconfig/ifconfig.c:1759: warning: implicit declaration of

bge: call if_link_state_change when state is actually different

2013-08-23 Thread Mike Belopuhov
hi, bge(4) is the last driver in the tree that is willing to call if_link_state_change whenever, while others do so only when the link state does change. there should be no real change in functionality. ok? diff --git sys/dev/pci/if_bge.c sys/dev/pci/if_bge.c index 5cd56e2..233ccab 100644 ---

defer routing table updates on link state changes

2013-08-26 Thread Mike Belopuhov
hi, in order to make our life a bit easier and prevent rogue accesses to the routing table from the hardware interrupt context violating all kinds of spl assumptions we would like if_link_state_change that is called by network device drivers in their interrupt service routines to defer its work

Re: defer routing table updates on link state changes

2013-08-27 Thread Mike Belopuhov
On 27 August 2013 13:39, Martin Pieuchot mpieuc...@nolizard.org wrote: I think that's the right approach but the current code generating interfaces indexes is too clever from my point of view, it tries to reuse the last index if possible. This could lead to some funny races if we detach and

Re: Remove unused argument from *rtrequest()

2013-08-27 Thread Mike Belopuhov
On 27 August 2013 15:58, Martin Pieuchot mpieuc...@nolizard.org wrote: In order to define a proper API for our routine table, I'd like to turn the struct rt_addrinfo into a private type (ie: only used in route.c and rtsock.c). This type is used by a lost of code in our network stack to add or

Re: defer routing table updates on link state changes

2013-09-02 Thread Mike Belopuhov
On Mon, Aug 26, 2013 at 13:36 +0200, Mike Belopuhov wrote: hi, in order to make our life a bit easier and prevent rogue accesses to the routing table from the hardware interrupt context violating all kinds of spl assumptions we would like if_link_state_change that is called by network

Re: ix(4): enable checksum offload

2013-09-09 Thread Mike Belopuhov
On 9 September 2013 21:48, Brad Smith b...@comstyle.com wrote: Here is a diff to enable the checksum offload support for ix(4). Looking for any testing. last time i checked this broke ospf traffic. please make sure at least ip/tcp, ip/udp, ip/icmp, ip/ip, ip/gre, ip/esp, ip/ah and ip/ospf

Re: em(4): enable checksum offload

2013-09-09 Thread Mike Belopuhov
On 9 September 2013 21:44, Brad Smith b...@comstyle.com wrote: Since I have been asked to send out these diffs again here is a diff to enable the checksum offload support for em(4). Looking for any testing. tx checksum offloading will not work on 75, 76, 80, i350.

Re: unknown products found in Dell Optiplex 9020

2013-09-09 Thread Mike Belopuhov
On 9 September 2013 22:46, STeve Andre' and...@msu.edu wrote: On 09/09/13 07:45, Paul de Weerd wrote: Found a couple of unknown Intel products in a Dell Optiplex 9020: vendor Intel, unknown product 0x153a (class network subclass ethernet, rev 0x04) at pci0 dev 25 function 0 not configured

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 17:18, Martin Pieuchot mpieuc...@nolizard.org wrote: FWIW it would be interesting to modify tun(4) so that it doesn't need to detach/reattach itself when switching between mode, this would allow us to stop reusing the last index. this definitely makes a lot of sense.

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 17:31, Reyk Floeter r...@openbsd.org wrote: On Thu, Sep 12, 2013 at 05:18:39PM +0200, Martin Pieuchot wrote: For example, you have to query the IfIndex via SNMP to get further information, like the ifName or statistics, and most monitoring systems would save interface

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 18:28, Mike Belopuhov m...@belopuhov.com wrote: On 12 September 2013 18:14, Reyk Floeter r...@openbsd.org wrote: On Thu, Sep 12, 2013 at 05:53:42PM +0200, Mike Belopuhov wrote: looks like you misunderstand the problem we're dealing with here. Sure, I do. You're trying

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 18:14, Reyk Floeter r...@openbsd.org wrote: On Thu, Sep 12, 2013 at 05:53:42PM +0200, Mike Belopuhov wrote: looks like you misunderstand the problem we're dealing with here. Sure, I do. You're trying to push one thing and you don't want to hear the concerns about

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 19:07, Reyk Floeter r...@openbsd.org wrote: On Thu, Sep 12, 2013 at 06:59:13PM +0200, Mike Belopuhov wrote: Ok, let's stop this. I don't think you read what I replied before. I didn't say that we're static with if_indexes, just that we shouldn't make it worse

Re: defer routing table updates on link state changes

2013-09-12 Thread Mike Belopuhov
On 12 September 2013 18:48, Reyk Floeter r...@openbsd.org wrote: On Thu, Sep 12, 2013 at 06:28:15PM +0200, Mike Belopuhov wrote: Sure, I do. You're trying to push one thing and you don't want to hear the concerns about a specific detail of it. with all respect, i think you don't

Re: enc interface errno

2013-09-27 Thread Mike Belopuhov
On 27 September 2013 15:24, Alexander Bluhm alexander.bl...@gmx.net wrote: Hi, The error return codes for the enc interface seem quite inconsistent. Always return the appropriate errno. ok? bluhm OK

Re: 5.4 html Security Improvements section

2013-10-09 Thread Mike Belopuhov
On 9 October 2013 19:51, Alexey E. Suslikov alexey.susli...@gmail.com wrote: * Added AES-XTS support to aesni crypto(4) driver on amd64. Allows softraid(4) to benefit from the AES-NI instructions on newer Intel CPUs not at the moment, though.

Re: pf dropping window updates and acks

2013-10-11 Thread Mike Belopuhov
On Fri, Oct 11, 2013 at 12:09 +0200, Gerhard Roth wrote: In January bluhm@ introduced 'data_end' to pf.c:tcp_track_full(). Now this breaks the handling of non-data packets. They may be rejected because the SEQ_GEQ(src-seqhi, data_end) check fails. The patch below should fix this. Makes

defer routing table updates on link state changes (again)

2013-10-19 Thread Mike Belopuhov
hi, since mpi's if_index diff is now in, this should probably go in as well. it has received some testing in the meantime. original description: in order to make our life a bit easier and prevent rogue accesses to the routing table from the hardware interrupt context violating all kinds of spl

Re: Make bioctl(4) print cache policy

2013-10-22 Thread Mike Belopuhov
On 22 October 2013 15:22, Mark Kettenis mark.kette...@xs4all.nl wrote: Diff below makes bioctl(4) print the cache policy for that's currently in effect for RAID volumes. It only prints the state (WB for write-back, WT for write-through) if the RAID controller driver fills in the details in

convert crypto queue to the task(9) api

2013-10-30 Thread Mike Belopuhov
Tested on amd64 SP and MP, i386 SP so far. sparc64 MP test is in progress. I've also tested the crypto(4) interface (doesn't use queue) so softraid should work as well. ok? diff --git sys/crypto/crypto.c sys/crypto/crypto.c index 7df0c435..fbdcd97 100644 --- sys/crypto/crypto.c +++

  1   2   3   4   5   6   7   8   9   10   >