iked + isakmpd on the same machine

2014-04-22 Thread Philipp
It happened! A remote peer *requires* IKEv2 - and I've to do that on a machine running isakmpd with somewhat 25+ IKEv1 peers. First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad workaround: start isakmpd (with Listen-on) first. Second hurdle: iked loads its SAs and eventually

Re: iked + isakmpd on the same machine

2014-04-24 Thread Philipp
Am 22.04.2014 17:28 schrieb Mike Belopuhov: more like it's not supported and is not supposed to work. not supposed as in 'not wanted'? it's like running nginx and apache at the same time but Quite frankly: I'm doing that in some locations ;-) worse since there are kernel tentacles involved

Re: use mallocarray in kern

2014-07-14 Thread Philipp
Sorry to break the threading, but I already expunged the original message.. Re: http://marc.info/?l=openbsd-techm=140529530814733w=2 The second and third hunk should use mallocarray() instead of malloc() in my eyes. sizeof(Elf_Phdr) as type just doesnt make sense to me. Hope not everyone is

-DDEBUG misses DUMP_REGS on amd64 libsa

2013-11-14 Thread Philipp
Hi, from: sys/arch/amd64/stand/libsa/cmd_i386.c: #ifdef DEBUG int Xregs(void) { DUMP_REGS; return 0; } #endif which is undeclared. i386 has one in sys/arch/i386/stand/libsa/debug_md.h --pb

Re: Request for Funding our Electricity

2014-01-18 Thread Philipp
Am 17.01.2014 22:14 schrieb Kevin Lyda: That's a bug to be filed against an emulator. And it's easier to do that *now* when the older hardware is around to test for bug compatibility. And how do you do that when the hardware has gone? And I must admit the resistance to this is weird. This

Re: Routing issues

2014-02-16 Thread Philipp
Am 16.02.2014 14:08 schrieb Stuart Henderson: Some ideas: check that the pf statetable (full or src-con) is not overflowing.. lately I had 'no route' where it was just peeking over the limit of 10,000 states spuriously. Went me crazy. pfctl -sm ; pfctl -si -vv

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 09:22 schrieb Alex Mathiasen: Thank you! This solved my problem. Cheers.. found the hard way the other day. There should really be some dmesg when state-tables overflow. This silent dropping is wasting time in debugging such situations. Sorry for talk instead of diff :-}

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 12:22 schrieb Stuart Henderson: Writing messages that show up in dmesg is not cheap, particularly on systems with serial console. Well, ok. How about pflog?

Re: Routing issues

2014-02-17 Thread Philipp
Am 17.02.2014 13:11 schrieb Henning Brauer: how do you emit such a maessage in pcap? as payload with a dummy packet header? (N!!) pf is taking action without telling anyone - and that's not nice. There *are* other log() entries in pf.c already so I wonder how the initial

Re: autoinstall(8) tweaks

2015-04-15 Thread Philipp
Am 15.04.2015 01:20 schrieb Ryan McBride: On other systems where I don't know how the data will grow, I typically configure them with something close to the auto layout, but a smaller /home, and leave the remaining disk empty. When I get a feel for what the data usage is in /var/daemon or /home

Re: autoinstall(8) tweaks

2015-04-07 Thread Philipp
Am 07.04.2015 16:55 schrieb Kirill Bychkov: disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n Oh, please yes. I know that this will be PITA around (non)escaping and all, but the default labelling just isnt cutting it. + _mode=$(sed -E '/^ *filename

Re: autoinstall(8): using multiple set sources?

2015-08-08 Thread Philipp
Am 08.08.2015 01:26 schrieb Alexander Hall: Try adding Set name(s) = done Here, like you would manually do (albeit likely implicit by just pressing enter). Bit counterintuitive at first, but works! Thanks a bunch.

autoinstall(8): using multiple set sources?

2015-08-07 Thread Philipp
While heavy playing with autoinstall(8), I came across that I cannot make it happen to install the usual sets from CD/ISO and additional ones like site58.tgz from a webserver. install.conf snips: root disk = wd0 Use (W)hole disk = W Location of sets = cd Set name(s) = all Location of sets =

smtpd workarounds for KAME sin6_scope_id

2021-10-17 Thread Philipp
for this problem? Philipp

[diff] usr.sbin/smtpd add missing includes

2021-10-17 Thread Philipp
Hello I'm currently working on getting OpenSMTPD-portable build. During this I found some missing includes. diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 7de52a1c568..b1307c4daa6 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -28,6 +28,8 @@ #include

Re: [diff] usr.sbin/smtpd add missing includes

2021-10-17 Thread Philipp
[2021-10-18 11:09] Jonathan Gray > On Sun, Oct 17, 2021 at 04:23:50PM +0200, Philipp wrote: > > Hello > > > > I'm currently working on getting OpenSMTPD-portable build. During this > > I found some missing includes. > > It would help if you could descr

Re: write(2) man page

2013-02-24 Thread Philipp Schafft
.) Hope that helped! :) -- Philipp. (Rah of PH2) signature.asc Description: This is a digitally signed message part

Re: atw testers required

2009-08-17 Thread Philipp Schafft
'the bit 0 set' (for example in context of flags) and use decimal numers only for numbers. maybe the auther in this case want to say the same thing. -- Philipp. (Rah of PH2) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Make alpha 2038-safe

2016-02-17 Thread Philipp Schafft
base) > [...] > + if (year < MINYEAR || ct.mon < 1 || ct.mon > 12 || ct.day < 1 || > ct.day > 31 || ct.hour > 23 || ct.min > 59 || ct.sec > 59) { > [...] I'm not sure if this applies here as well. In some places sec == 60 is used for leap seconds. Th

RELAYD_ANCHOR as a relayd.conf option

2016-04-22 Thread Philipp Buehler
Moin, while trying to push rdomain setups a bit further, I noticed that relayd is using a fixed anchor. For the pre-rdomain days this was sufficient, but nowadays that might look a bit different. Some dance with 'match pftag', carefully crafted (read:unique) rdr-subanchor-names can make

Re: multiple routing tables

2016-05-15 Thread Philipp Buehler
Am 15.05.2016 12:10 schrieb Stefan Sperling: They key point seems to be that you're trying to route between different rdomains. I believe you must use pf to route traffic coming from this IP (which is in rdomain 0) to vether1 (which is in rdomain 2) or look into pair(4), also. -- pb

undocumented -P/-I in relayd, vmd, httpd, ...

2017-02-28 Thread Philipp Buehler
Hi there, while crawling through relayd source, I noticed that there is I:P: in getopt. P is obviously setting the proc-title, but I am unsure what to "get" from an instance-number via -I. This found way into httpd, snmpd, switchd and vmd also; mainly while g2k16. If someone dares to

relayd(8): more rdomain integration diff

2017-03-01 Thread Philipp Buehler
Hi folks, after trying forth and back to overcome some limitations in relayd along multiple "instances" and rdomain/rtable I decided to scrub some rust of my C/yacc and produced the following diffs against -current to relayd and relayctl. Feats: - relayd/relayctl: -s sockname; obviously and

Re: usermod.8 patch

2017-03-31 Thread Philipp Buehler
Am 31.03.2017 15:39 schrieb Jeremie Courreges-Anglas: I think the current wording is fine; no need for an option to set _default_ values. options are good - as long as they're optional --art -- pb

Re: sysupgrade: select sets to install

2019-07-12 Thread Philipp Buehler
Am 10.07.2019 20:18 schrieb Theo de Raadt: Ofcourse there are also custom sets, like site${VERSION}-*.tgz . Which is something to keep in mind. Yeah, we could delete support for that entirely Those of you so used to pushing buttons and requiring special features used by a limited subset of

Re: man.cgi(8): turn off HTML5 autocomplete for the query input field

2020-01-10 Thread Philipp Buehler
Am 10.01.2020 15:58 schrieb Tim Baumgard: I found out that Apple requires nonstandard [1] attributes to fully The other day nonstandard "gave" us javascript around the globe... Cheers for putting this one in, was really kinda PITA and I didn't know about this attribute. -- pb

Re: Request for Funding our Electricity

2014-01-14 Thread Peter J. Philipp
On 01/14/14 21:56, Theo de Raadt wrote: Hi, Anyone want to suggest we hold a bake sale? I just donated a little bit. Looking for roughly 10 dozen like minded people. I'm not suggesting a bake sale but one thing I noticed with the freebsdfoundation.org's website, that I think works out good,

Re: 5.5 and dual-boot

2014-03-07 Thread jean-philipp luiggi
Le 07/03/2014 12:02 PM, Bob Beck a écrit : actually more painful than having to boot windows is to always have something handy to boot the snap from in order to dd the bootblock off in case you forget to do it before rebooting, or you're fucked. Hi Bob, Yeah and hopefully, with a recent post

Re: 5.5 and dual-boot

2014-03-07 Thread jean-philipp luiggi
Le 07/03/2014 12:13 PM, Theo de Raadt a écrit : actually more painful than having to boot windows is to always have something handy to boot the snap from in order to dd the bootblock off in case you forget to do it before rebooting, or you're fucked. The new installboot was enabled around a

IP option IP_RECVTTL question

2011-02-03 Thread Peter J. Philipp
Hi, I wrote a DNS server and I'm collecting TTL information from the remote nameservers that query my daemon. Everything works well, when I view the logs I see: Feb 3 10:43:48 uranus wildcarddnsd[5705]: request on descriptor 14 interface em0 from XXX.XXX.XXX.XX (ttl=113, region=255) for

Re: IP option IP_RECVTTL question

2011-02-03 Thread Peter J. Philipp
On Thu, Feb 03, 2011 at 01:51:47PM +0100, Otto Moerbeek wrote: cmsg_len = CMSG_LEN(sizeof(struct in_addr)) cmsg_level = IPPROTO_IP cmsg_type = IP_RECVTTL And if I'm not mistaken the size of struct in_addr is 4. This looks like a documentation error.

last patch, idea

2011-04-09 Thread Peter J. Philipp
Hi, while going through my wtmp with last(1) I noticed there could be a better way than always gunzip'ing wtmp files and then using last -f. I've made a patch for your consideration that does the following: a) it checks if the file is a gzipped file by looking at the wtmp's file magic b) it

Re: last patch, idea

2011-04-11 Thread Peter J. Philipp
On Sun, Apr 10, 2011 at 10:08:24AM -0400, Ian Darwin wrote: Having tried to do things like gzcat /var/log/wtmp.0.gz | last -f /dev/stdin before, I'd certainly find it useful and this is less intrusive than modifying last(8) so it could work with standard input. Unless you run an

Anyone interested in writing a driver for this?

2011-07-07 Thread Peter J. Philipp
Hi, I have a USB device called a USB FM transmitter from Keene Electronics. It looks like this when I plug it in. uaudio0 at uhub1 port 1 configuration 1 interface 0 HOLTEK B-LINK USB Audio rev 1.10/1.00 addr 3 uaudio0: audio rev 1.00, 2 mixer controls audio1 at uaudio0 uhidev0 at uhub1 port 1

Re: Anyone interested in writing a driver for this?

2011-07-07 Thread Peter J. Philipp
On Thu, Jul 07, 2011 at 07:45:48PM +0200, Peter J. Philipp wrote: Hi, I have a USB device called a USB FM transmitter from Keene Electronics. It looks like this when I plug it in. I've found someone to send it to. If they have no luck they said they'd take it along to the next hackathon

smtpd.conf.5 match reality

2011-11-22 Thread Peter J. Philipp
Thanks to kdump I was able to figure this one out before reading the source. -peter ? smtpd.conf.5.patch Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.45 diff -u -r1.45 smtpd.conf.5

path correction

2012-04-13 Thread Peter J. Philipp
This probably saw some debate in the past, which I did not see. On my IRC channel it is concensus that the path given out is dangerous. -peter Index: dot.profile === RCS file: /cvs/src/etc/skel/dot.profile,v retrieving revision 1.4

Re: path correction

2012-04-13 Thread Peter J. Philipp
On Fri, Apr 13, 2012 at 05:08:32PM +0200, Peter J. Philipp wrote: This probably saw some debate in the past, which I did not see. On my IRC channel it is concensus that the path given out is dangerous. I'd like to retract this patch. I lied. Yes I told a lie. Danger talking or discussing

ip6(4) manpage update

2012-06-11 Thread Peter J. Philipp
Hi, I just got through a thread in misc@, http://marc.info/?l=openbsd-miscm=133934252713974w=2 and it seems like the sample code in ip6(4) is wrong. I've made adjustments but it doesn't look as nice anymore, perhaps someone can look over it? These changes will really help someone first time

Re: ip6(4) manpage update

2012-06-17 Thread Peter J. Philipp
On Sat, Jun 16, 2012 at 07:17:16PM -0700, Philip Guenther wrote: You can expect the same issue with IPV6_PKTINFO, IPV6_HOPOPTS, IPV6_DSTOPTS, and IPV6_RTHDR. The RECV part was added to them in RFC3542. Yep. In addition, the text should be clarified to indicate that turning on IPV6_RECV*

Re: ip6(4) manpage update

2012-06-17 Thread Peter J. Philipp
On Sun, Jun 17, 2012 at 12:49:08PM +0200, Peter J. Philipp wrote: On Sat, Jun 16, 2012 at 07:17:16PM -0700, Philip Guenther wrote: You can expect the same issue with IPV6_PKTINFO, IPV6_HOPOPTS, IPV6_DSTOPTS, and IPV6_RTHDR. The RECV part was added to them in RFC3542. Yep

Re: ip6(4) manpage update

2012-06-18 Thread Peter J. Philipp
On Mon, Jun 18, 2012 at 08:06:06AM +0100, Jason McIntyre wrote: the blank line above should be a .Pp. also this diff adds trailing whitespace at eol in a few places. please remove it. except for that, i'm fine with this diff, if some developer wants to take it. jmc Awesome! Well here

tftpd patch

2012-06-28 Thread Peter J. Philipp
Hi, I have the weird scenario when I try to tftp a file from a remote tftpd that's also openbsd that my pf doesn't keep a state open. This is something I need to fix, however I found this in the logs on the remote tftpd and it's misleading: Jun 28 14:03:21 hostname tftpd[2506]: recv:

USB Wireless Micro Adapter IWL 4000 support

2012-11-20 Thread Peter J. Philipp
First off I'd like to say that today luck was with me. Big time. I went to a local store (saturn.de) to buy a wireless usb adapter and picked one out that I thought was supported. I did not take my netbook with me so I didn't know if it would work or not. So when I got home it was detected as

Re: USB Wireless Micro Adapter IWL 4000 support

2012-11-20 Thread Peter J. Philipp
On Tue, Nov 20, 2012 at 04:33:27PM +0100, Peter J. Philipp wrote: urtwn0 at uhub0 port 1 Realtek Belkin Wireless Adapter rev 2.00/2.00 addr 2 urtwn0: MAC/BB RTL8192CU, RF 6052 2T2R, address ec:1a:59:0d:fa:1c Hrmm, sometimes it does not detect right. I had to cold boot my netbook last

urtwn(4) patch

2013-05-11 Thread Peter J. Philipp
Hi, I previously sent out a patch for this device support here: Linkname: 'USB Wireless Micro Adapter IWL 4000 support' - MARC URL: http://marc.info/?l=openbsd-techm=135342591418924w=2 Now I've looked at the usbdevs file a little closer and finally replaced my PJPUK device with

Re: smtpd w/ async DNS

2010-10-14 Thread Peter J. Philipp
On Thu, Oct 14, 2010 at 04:47:26PM +0200, Gilles Chehade wrote: A tarball to test: http://www.poolp.org/~gilles/smtpd-asyncdns.tar.gz This is smtpd-current, queue is unchanged, please test as it is experimental code. I will run it for a few days and commit if I see no drawbacks and I do not

Re: smtpd w/ async DNS

2010-10-30 Thread Peter J. Philipp
On Sat, Oct 30, 2010 at 04:55:36PM +0200, Gilles Chehade wrote: Hi tech@, A new tarball with all reported issues fixed is available at: http://www.poolp.org/~gilles/smtpd-asyncdns.tar.gz smtpd now catches changes in /etc/resolv.conf and should work fine with inet6 records. I have

Re: smtpd w/ async DNS

2010-10-30 Thread Peter J. Philipp
On Sat, Oct 30, 2010 at 05:28:42PM +0200, Gilles Chehade wrote: It was a typo indeed, tarball has been updated and also contains a fix for a crash experienced by todd@ when using relay via Gilles I had a look at the pack.c file where the DNS compression is being handled. It looks good to me.

/bsd: nd6_ns_input: duplicate IP6 address 2001:0a60:f074:0004::0001

2011-01-08 Thread Peter J. Philipp
Hi, I got a new firewall and had to do some plumbing, and _reused_ an IPv6 address block that was already on an interface (tun0). Everything worked still but I got these messages on the firewall (uranus): Jan 7 16:55:47 uranus /bsd: nd6_ns_input: duplicate IP6 address

Re: cksum(1) patch

2009-05-13 Thread Peter J. Philipp
On Wed, May 13, 2009 at 10:40:13AM +0200, Otto Moerbeek wrote: Come to think of it, why don't you just putchar(tolower(hf-name[i])) in a loop? Saves you the calloc and error handling. Also, don't forget to fix usage(). -Otto Yeah, thanks. Well I got good and critical feedback and

Re: cksum(1) patch

2009-05-13 Thread Peter J. Philipp
On Wed, May 13, 2009 at 12:20:44PM +0200, Otto Moerbeek wrote: You forgot to fix usage(). Also, I think it makes sense to allow -l for sum(1) too, so that both commands that take -a also take -l. -Otto Eeek. Ok this will do then: Regards, -p ? cksum.1-orig ? cksum.patch ?

Re: cksum(1) patch

2009-05-13 Thread Peter J. Philipp
And I seem to remember the diff was inspired by Solaris. $ uname -a SunOS foo 5.10 Generic_127128-11 i86pc i386 i86pc $ cksum -l cksum: illegal option -- l Usage: cksum [file ...] It was inspired by digest(1) not cksum. sycorax$ uname -a SunOS sycorax 5.10 Generic_137138-09 i86pc i386

an XOR improvement of 1%

2015-06-08 Thread Peter J. Philipp
Hi, I have made a patch against 5.7 that improves the speed of xor for amd64 by 1% (timed on a seperate userland program). I tested the userland program against an i386 and a amd64 host, didn't have access to any other architectures. If a hardcore developer thinks this is worth it ... feel

pledge idea

2015-10-29 Thread Peter J. Philipp
Hi deraadt, I know you know I don't code well, but in order to show you what's on my mind I had to write code, I took the bsearch() from the ieee80211 code, so perhaps there is a better way (like always) perhaps to unify the function between these two areas. The reason I did this is to save on

Re: pledge idea

2015-10-29 Thread Peter J. Philipp
On 10/29/15 18:51, Reyk Floeter wrote: > On Thu, Oct 29, 2015 at 04:32:25PM +, Peter J. Philipp wrote: >> Hi deraadt, >> >> I know you know I don't code well, but in order to show you what's on my >> mind I had to write code, I took the bsearch() from the ie

Re: pledge idea

2015-11-02 Thread Peter J. Philipp
On Thu, Oct 29, 2015 at 06:39:58PM +0100, Peter J. Philipp wrote: > Hi Reyk, > > deraadt already told me there was a patch for this already. Yes it > would be more cycles for stdio I see that. > > Thanks for your effort in making me see this. > > -peter >

httpd patch

2016-01-15 Thread Peter J. Philipp
Hello, I had nothing better to do tonight after work so I read a little in httpd. I have come up with a patch for i386 and any architecture where off_t != size_t. So on i386 there is this: uranus$ ./sizetest off_t = 8 size_t = 4 and I have these files in a directory: uranus$ ls -lhi total

Re: httpd patch

2016-01-15 Thread Peter J. Philipp
On Fri, Jan 15, 2016 at 08:36:05PM +, Peter J. Philipp wrote: > Hello, > > I had nothing better to do tonight after work so I read a little in httpd. > I have come up with a patch for i386 and any architecture where off_t != > size_t. > > So on i386 there is this: &g

Re: httpd patch

2016-01-15 Thread Peter J. Philipp
On Sat, Jan 16, 2016 at 04:35:16AM +, Peter J. Philipp wrote: > Hello again, > > I couldn't sleep because for some reason my head was spinning around this > code. In sleep I reviewed what I remembered of this code and noticed two > things. > > 1. My patch was against

Re: I have a program I wish to submit for the base

2016-01-29 Thread Peter J. Philipp
Luke, don't feel bad. Very little code that is "offered" gets taken by the OpenBSD project. OpenBSD really only takes when they see benefit for the project. An example for that is openssh. What you really want to do is focus on your own projects and make them available somewhere so that when

TSIG authentication in libasr

2016-02-27 Thread Peter J. Philipp
Hi, I have a patch for TSIG authentication in libasr. It is enabled by the "tsig" keyword in /etc/resolv.conf. My /etc/resolv.conf looks like this: search centroid.eu #nameserver 192.168.34.1 nameserver 200.46.208.61 tsig secret-key.:DONTTRY lookup file bind The HMAC over the TSIG is

Re: asr: support for RES_USE_DNSSEC

2017-02-25 Thread Peter J. Philipp
Hi, I'm not the best in reading patches, so I'm going to query you. Does your patch check for the "AD" flag from the resolver? As basically a DNSSEC able recursive nameserver should set this meaning it has authenticated the data. I wrote a patch for DNSSEC (possibly erroneous by comparing it

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 12:35:33AM +0100, Jeremie Courreges-Anglas wrote: > Setting the AD flag for a query is possible, however those semantics are > newer than the EDNS0 extension. As far as I know, rfc6840 introduced > AD=1 for queries in 2013, whereas rfc3225 specifies the DO flag since >

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 10:19:52AM +0100, Jeremie Courreges-Anglas wrote: > > Thanks for considering my patch. OpenBSD tremendously improves with this > > work of yours, I'm all for it! However to make use of this DNSSEC mode, > > the channel to the recursive DNS server has to be absolutely

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote: > I had a patch somewhere for TSIG as well somewhere, give me some time to > find it. TSIG can secure the channel as well, but my implementation wasn't > all that pretty. Here is the patch, it would need fixing up, an

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Peter J. Philipp
On Mon, Feb 27, 2017 at 11:14:13AM +0100, Jeremie Courreges-Anglas wrote: > "Peter J. Philipp" <p...@centroid.eu> writes: > > > On Mon, Feb 27, 2017 at 10:26:48AM +0100, Peter J. Philipp wrote: > >> I had a patch somewhere for TSIG as well somewhere, give me

pf.conf.5 patch

2016-09-24 Thread Peter J. Philipp
Hi, Please consider this patch for the pf.conf.5 manpage, it took me hours to figure out what went wrong with my network after parts stopped working due to this example. Changing it to what I have now makes it work right. Symptoms without this fix caused IPv6 neighbours to stop pinging/being

pointer corruption in exec_script.c

2017-05-09 Thread Peter J. Philipp
Hi, In my tinkering with the ELFSEC mechanism, I have noticed something possibly troubling. In /sys/kern/exec_script.c shellname is a pointer to cp which is a pointer to hdrstr which is a pointer to epp->ep_hdr... When calling the intended set shellname variable, later, I get part of the ELF

Re: pointer corruption in exec_script.c

2017-05-09 Thread Peter J. Philipp
On Tue, May 09, 2017 at 10:05:28PM +0200, Peter J. Philipp wrote: > Hi, > > In my tinkering with the ELFSEC mechanism, I have noticed something > possibly troubling. In /sys/kern/exec_script.c shellname is a pointer > to cp which is a pointer to hdrstr which is a pointer to epp-&g

Re: pointer corruption in exec_script.c

2017-05-10 Thread Peter J. Philipp
indirectly, again sorry. -peter On 05/09/17 23:14, Ted Unangst wrote: > Peter J. Philipp wrote: >> In my tinkering with the ELFSEC mechanism, I have noticed something >> possibly troubling. In /sys/kern/exec_script.c shellname is a pointer >> to cp which is a pointer to hdrstr whic

My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Peter J. Philipp
/* * System call names. @@ -393,4 +393,5 @@ char *syscallnames[] = { "#328 (obsolete __tfork51)",/* 328 = obsolete __tfork51 */ "__set_tcb",/* 329 = __set_tcb */ "__get_tcb",/

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Peter J. Philipp
On Fri, May 05, 2017 at 05:25:57PM +0100, Kevin Chadwick wrote: > > There was concern about my use of MD5 HMAC's so I > > took them out. The ELF header of 32 bit systems is too small to fit > > SHA256 checksums, so I'm leaving it out. > > Have you considered CMAC which can be truncated if need

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-06 Thread Peter J. Philipp
On Fri, May 05, 2017 at 10:48:30PM +, Christian Weisgerber wrote: > On 2017-05-05, "Peter J. Philipp" <p...@centroid.eu> wrote: > > > This is my second official contribution to what I call ELFSEC, it places a > > signature in binaries, in the ELF header t

save_errno for SHA256File()

2017-10-23 Thread Peter J. Philipp
Hi, I have a program that constantly stalls on reading /etc/spwd.db with SHA256File() (from sha2.h). Here is the program flow: > sha256file: Operation not permitted on file: /etc/spwd.db 2f6574632f737077642e6462 ^C beta$ stat /etc/spwd.db 1024 78977 -rw-r- 1 root _shadow 327856

nice side-effect, but rebound doesn't play

2018-07-13 Thread Peter J. Philipp
Hi, Yesterday I was messing with my network and particularily my workstation with the goal of having an internal nameserver serve "internal.centroid.eu" zones for my computers at home, and also do "168.192.in-addr.arpa" reverse. I had no luck diverting this from BIND, and then something

Re: nice side-effect, but rebound doesn't play

2018-07-14 Thread Peter J. Philipp
in theory my request is right and it would be cool to have multiple nameserver entries that it reads from the resolv.conf and then tries. (Oh noI'm a feature creep!) Apologies, -peter On Sat, Jul 14, 2018 at 07:24:09AM +0200, Peter J. Philipp wrote: > Hi, > > Yesterday I was messing with m

define rebound magic numbers

2018-07-13 Thread Peter J. Philipp
Hi, While reading through rebound, I noticed the author uses a lot of magic numbers in DNS flags field. I present OpenBSD a set of #defines that I wrote in 2002 on an OpenBSD/macppc iBook in Montreal. If I didn't write all of it then, I followed up with it in 2005 when my own DNS server came

httpd/logger.c patch

2018-03-11 Thread Peter J. Philipp
Hi, While auditing something in and around /usr/src/usr.sbin/httpd/logger.c (didn't find what I was looking for), I noticed that logger_log() was returning with an int but the return value was not processed at all. Here is a small patch that makes the return value void. I tested this patch

this fixes gif(4) on 6.3

2018-04-07 Thread Peter J. Philipp
Hello, Yesterday I wrote to misc@ with this: https://marc.info/?l=openbsd-misc=152302592426018=2 I apologize with the inline paste, thunderbird is just not good enough for this stuff. Anyhow I have produced this patch after upgrading the 6.2 box to 6.3. It all works now: Here is my config:

fstat -r flag to display rdomains on sockets

2018-04-07 Thread Peter J. Philipp
Hi, I've been running iked for a while now and have been able to guess which iked belongs to which rdomain by the cpu counter but as I'm using the other iked more the cpu counter is about the same and it's confusing when I have to restart iked with route exec. I introduce the -r flag to fstat

Re: return packets may not be desired to be scrubbed

2018-03-30 Thread Peter J. Philipp
On Thu, Mar 29, 2018 at 10:01:02PM +0200, Peter J. Philipp wrote: ... > The end result is here. I add 2 arguments to pf_scrub() for rule/state > direction that is desired and direction that the packet is taking. Then > in random-id the logic does not scrub when we had an "

return packets may not be desired to be scrubbed

2018-03-29 Thread Peter J. Philipp
Hi, While writing my own patches to the OpenBSD kernel and the pf subsystem, I noticed that random-id packets scrub twice. I noticed this by copying random-id's code and modifying it a little. From that grew a little patch for scrub and random-id and I'd like OpenBSD to consider it. I sent a

if_pppoe.c patch

2019-01-18 Thread Peter J. Philipp
I have "covered" up PPPoE Session ID's from users because it is a value that is only gotten on the Data Link layer and historically non-root users did not have access to that. It really is a value that doesn't concern them. I have wrapped the display with a suser() conditional. The magic value

Re: if_pppoe.c patch

2019-01-20 Thread Peter J. Philipp
On Sun, Jan 20, 2019 at 12:56:22PM +, Stuart Henderson wrote: > On 2019/01/18 10:59, Peter J. Philipp wrote: > > I have "covered" up PPPoE Session ID's from users because it is a value that > > is only gotten on the Data Link layer and historically non-root users did

handling of magic number in LCP echo replies

2019-01-18 Thread Peter J. Philipp
Hi, I'd like to get some help determining if this is a problem per se. In /sys/net/if_spppsubr.c lines 1323-1327 the nmagic is assembled and checked against sp->lcp.magic, and if it doesn't match then it does something weird. It resets the sp->pp_alivecnt to 0. This to me does nothing much

ntpd is too noisy about 'DNS lookup tempfail' on IPv6 only hosts

2019-11-05 Thread Peter J. Philipp
Hi, I have an IPv6 only host arrowhead.ip6.centroid.eu, that has very noisy: Oct 29 09:12:48 arrowhead ntpd[18744]: DNS lookup tempfail Oct 29 09:21:45 arrowhead last message repeated 2 times in fact: arrowhead# grep 'DNS lookup tempfail' /var/log/daemon | wc -l 1354 This is because the

Re: ntpd is too noisy about 'DNS lookup tempfail' on IPv6 only hosts

2019-11-06 Thread Peter J. Philipp
On Wed, Nov 06, 2019 at 11:30:32AM +0100, Florian Obser wrote: > > @@ -94,7 +95,7 @@ host_dns1(const char *s, struct ntp_addr > > struct ntp_addr *h, *hh = NULL; > > > > memset(, 0, sizeof(hints)); > > - hints.ai_family = AF_UNSPEC; > > + hints.ai_family = (test_v4_gw() == 0)

Re: ppppoe octeon kernel panic .6.6

2019-10-24 Thread Peter J. Philipp
Hi Miod, Thanks for helping. With this patch unfortunatly I still get a trap 2 on my small unifi security gateway which I pulled out again to test your patch. ---> cnmac0: 192.168.177.35 lease accepted from 192.168.177.1 (24:a4:3c:06:9f:16) pppoe0: received unexpected PADO pppoe0: host

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
+0200, Janne Johansson wrote: > Den ons 23 okt. 2019 kl 09:15 skrev Peter J. Philipp : > > > Hi Holger & Tech, > > > > I have made my octeon router work again and I have a patch. > > > > > Truncated it a lot, leaving the things I reacted on: > > >

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
On Wed, Oct 23, 2019 at 08:21:50AM +0200, Holger Glaess wrote: > hi > > > here the traceback , i hope ;) Hi Holger & Tech, I have made my octeon router work again and I have a patch. But I'm not an openbsd developer, nor is this patch official in any way. It was a lot of debugging and

Re: ppppoe octeon kernel panic .6.6

2019-10-23 Thread Peter J. Philipp
On Wed, Oct 23, 2019 at 11:18:11AM +0200, Martin Pieuchot wrote: > On 23/10/19(Wed) 08:43, Peter J. Philipp wrote: > > Hi Holger & Tech, > > Hello Peter, > > > I have made my octeon router work again and I have a patch. But I'm not an > > openbsd developer, nor

patch for dump for high percentages

2020-02-29 Thread Peter J. Philipp
Hi, I have a patch for dump(8) if it is generally considered bad if percentage done is over 100.0%. I checked the archives on marc.info for this and didn't see any discussion whether this was a topic before. Here is the odd DUMP message I got on a host: DUMP: 102.41% done, finished in 0:00

add DIOCRADDADDRS ioctl to kern_pledge pf

2020-01-14 Thread Peter J. Philipp
Hi, I'm in the process of building a program that adds IP addresses to a table, from the network, It is HMAC'ed. I was stopped by a pledge, it seems it was not configured. Here is the ktrace snippet: 40051 table-server CALL open(0xbb705fb11f6,0x2) 40051 table-server NAMI "/dev/pf" 40051

Re: add DIOCRADDADDRS ioctl to kern_pledge pf

2020-01-14 Thread Peter J. Philipp
On Tue, Jan 14, 2020 at 11:05:38AM -0700, Theo de Raadt wrote: > Some of the pledges (such as "pf") exist to support a cluster of > programs -- not just 1 program -- and improve their security by limiting > what they can do. So that when the program gets subverted due something > on it's input,

Re: powerpc: mplock & WITNESS

2020-04-10 Thread Peter J. Philipp
On Thu, Apr 09, 2020 at 10:58:29PM -0400, George Koehler wrote: > In the trace, #0 and #1 are wrong, but the rest of the trace looks > good enough for WITNESS. I added an artificial lock order reversal to > ums(4) for WITNESS to catch. I got this trace, > > #0 0xe4d764 > #1

arm64 mainbus.c patch

2020-04-09 Thread Peter J. Philipp
Hi, While code-reading the riscv64 port (which leans on some arm64 code), I have found a small gotcha in /sys/arch/arm64/dev/mainbus.c. The patch is self explanatory and leans on the fix from simplebus.c line 210. Index: mainbus.c

Re: powerpc: mplock & WITNESS

2020-04-09 Thread Peter J. Philipp
It's April 9th for me, so no chance for April 1st things. Both patches didn't boot (they loaded on ofwboot though) for me. I assume you wanted me to enable WITNESS option which I did. The kernel did not print anything so it must have done something before openfirmware... I'm going to check out

Re: powerpc: mplock & WITNESS

2020-04-09 Thread Peter J. Philipp
On Thu, Apr 09, 2020 at 01:08:12PM +0200, Martin Pieuchot wrote: > On 09/04/20(Thu) 12:20, Peter J. Philipp wrote: > > It's April 9th for me, so no chance for April 1st things. Both patches > > didn't > > boot (they loaded on ofwboot though) for me. I assume you wan

Re: Fwd: explicit_bzero vs. alternatives

2020-08-11 Thread Philipp Klaus Krause
think a broader approach could work. In general, the standard is only concerned with state observable in the C abstract machine. Everything else can only be hinted at (e.g. via volatile or something like bzero/memset_explicit, etc). Philipp

  1   2   >