Re: pckbd volume keys (part 1), diff to test

2014-05-24 Thread Remi Locherer
On Fri, May 23, 2014 at 12:42:31PM +0200, Alexandre Ratchov wrote: On Wed, Apr 30, 2014 at 01:06:48AM +0200, Alexandre Ratchov wrote: This diff attempts to unify volume keys; it makes pckbd and ukbd volume keys behave like all other volume keys (acpithinkpad, acpiasus, macppc/abtn and

remove appletalk from netintro(4)

2014-05-30 Thread Remi Locherer
Support for Appeltalk (sys/netatalk) was removed about 3 years ago but netintro(4) still mentions it. Remi Index: netintro.4 === RCS file: /cvs/src/share/man/man4/netintro.4,v retrieving revision 1.44 diff -u -p -r1.44 netintro.4

Re: acpiec(4): clear events based on vendor

2014-06-10 Thread Remi Locherer
On Tue, Jun 10, 2014 at 06:25:33PM +0300, Paul Irofti wrote: After discussions with Theo we decided to walk the table where needed instead of using the soft state variables. Also adding all the Samsung models to the quirks table (as per the Linux EC quirks table). I tried this diff with

Re: acpiec(4): clear events based on vendor

2014-06-11 Thread Remi Locherer
On Wed, Jun 11, 2014 at 09:11:54AM +0300, Paul Irofti wrote: On Tue, Jun 10, 2014 at 11:50:02PM +0200, Remi Locherer wrote: On Tue, Jun 10, 2014 at 06:25:33PM +0300, Paul Irofti wrote: After discussions with Theo we decided to walk the table where needed instead of using the soft state

Re: [PATCH] Atheros AR9281 miniPCI-E new product id 2nd try

2014-06-18 Thread Remi Locherer
On Mon, Jun 02, 2014 at 03:25:19PM +0200, Stefan Sperling wrote: On Mon, Jun 02, 2014 at 11:41:52AM +0200, Stefan Sperling wrote: On Sun, Jun 01, 2014 at 09:17:09PM +0200, mijenix wrote: Hope someone can commit the new product id. Connecting to a WLAN network works and also hostap mode.

Re: ksh history bug

2014-08-13 Thread Remi Locherer
On Wed, Aug 13, 2014 at 07:41:08PM +0100, Jason McIntyre wrote: hi! notice how ksh's history command (fc -l) does not list the last typed history command: $ ls $ date Wed Aug 13 19:29:59 BST 2014 $ history 1 ls 2 date the only thing

Re: acpi global lock diff that needs testing

2013-08-02 Thread Remi Locherer
Mark Kettenis mark.kettenis at xs4all.nl writes: On amd64/i386 there is this nasty thing called SMM mode. This allows BIOS writers to run code behind the back of the OS to do all sorts of crazy stuff like simulating a legacy PC keyboard controller on systems that don't have one, or spin up

new login style: yubikey-and-pwd

2014-01-04 Thread Remi Locherer
This patch privides a new login style: yubikey-and-pwd. The idea is from login_totp-and-pwd from the login_oath port. I tried to keep the patch small and not touch to many things. But probably it would be bette to chang more stuff (eg: there are now two backchannels: *back from login_passwd.c

Re: new login style: yubikey-and-pwd

2014-01-05 Thread Remi Locherer
On Sat, Jan 04, 2014 at 10:55:39AM +0100, Remi Locherer wrote: This patch privides a new login style: yubikey-and-pwd. The idea is from login_totp-and-pwd from the login_oath port. I tried to keep the patch small and not touch to many things. But probably it would be bette to chang more

Re: new login style: yubikey-and-pwd

2014-01-05 Thread Remi Locherer
password changes. Even without the encrypt/decrypt functionality a tool like ssh-keygen for yubikey in base would be nice. It could be used to generate the key and id file and write it to the yubikey. On Sat, Jan 04, 2014 at 10:55:39AM +0100, Remi Locherer wrote: This patch privides a new login

Re: new login style: yubikey-and-pwd

2014-01-05 Thread Remi Locherer
On Sun, Jan 05, 2014 at 12:26:05PM +, Stuart Henderson wrote: On 2014/01/05 13:10, Remi Locherer wrote: + /* only test the password if yubikey auth was successful */ This should be done even if Yubikey auth fails, to avoid disclosing information due to timing. Good point! I changed

Re: new login style: yubikey-and-pwd

2014-01-05 Thread Remi Locherer
On Sun, Jan 05, 2014 at 06:44:22PM -0600, Kent R. Spillner wrote: Still haven't tested, but I also saw: +password_pwd = malloc(password_pwd_len + 1); /* +1 for \0 */ + +/* extract the password */ +for ( cnt = 0 ; cnt password_pwd_len ; cnt++ ) +password_pwd[cnt] =

rdomain(4) man page additions

2015-06-29 Thread Remi Locherer
Hi I think the following additions to the rdomain(4) man page would be usefull for people that want to start using rdomains and rtables. Remi Index: rdomain.4 === RCS file: /home/remi/cvs/src/share/man/man4/rdomain.4,v retrieving

install efi bootloader into an additional directory

2016-01-28 Thread Remi Locherer
Hi Since we have efiboot creating a multiboot environment on amd64/i386 became simpler. One obstacle is that (all?) OSs write their bootloader to the default loction efi/boot/ on the EFI Sys partition. Some OSs also create an efi/XXX directory where they put most of their stuff (centos, ubuntu,

[PATCH] install efi bootloader into an additional directory

2016-02-19 Thread Remi Locherer
Nobody else using OpenBSD on in an UEFI multiboot setup? On Thu, Jan 28, 2016 at 09:04:40AM +0100, Remi Locherer wrote: > Hi > > Since we have efiboot creating a multiboot environment on amd64/i386 > became simpler. One obstacle is that (all?) OSs write their bootloader > to the

Re: axen improvements

2016-03-20 Thread Remi Locherer
On Sat, Mar 19, 2016 at 05:09:34PM -0400, Brandon Mercer wrote: > I've recently acquired a usb3.0->gigabit ethernet adapter. It did not > attach reliably, pass traffic reliably, and it made my machine panic > when I unplugged it. Takahiro HAYASHI suggested that the reset > code doesn't do anything

patch for resolv.conf(5)

2016-07-28 Thread Remi Locherer
The resolver supports more than 3 nameservers. Index: resolv.conf.5 === RCS file: /cvs/src/share/man/man5/resolv.conf.5,v retrieving revision 1.48 diff -u -p -r1.48 resolv.conf.5 --- resolv.conf.5 23 Nov 2015 18:04:53 -

small patch for relayd.conf.5

2016-08-17 Thread Remi Locherer
Hi I think there is a small mistake in relayd.conf.5. Remi Index: relayd.conf.5 === RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.170 diff -u -p -r1.170 relayd.conf.5 --- relayd.conf.5 29 Jul 2016

Re: rebound quantum entanglement

2016-09-15 Thread Remi Locherer
On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > wont this also mean if it is not running i have to wait for the localhost > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so > > > i > > > slow everything down for a timeout? > > > > Not if he

Re: rebound quantum entanglement

2016-09-15 Thread Remi Locherer
On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > On 2016/09/15 10:39, Remi Locherer wrote: > > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > > wont this also mean if it is not running i have to wait for the > > > > &

ospfd - handling mtu changes

2016-11-25 Thread Remi Locherer
Hi, I ran into problems with mtu sizes on interfaces (gif in my case) and ospfd. mtu was not the same on both sites so adjacency could not be formed. The mtu mismatch is also logged by ospfd. Just changing the MTU with ifconfig is not enough in such a case. I did not want to restart ospfd since

Re: ospfd - handling mtu changes

2016-11-26 Thread Remi Locherer
On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Anglas wrote: > Remi Locherer <remi.loche...@relo.ch> writes: > > > Hi, > > > > I ran into problems with mtu sizes on interfaces (gif in my case) and > > ospfd. mtu was not the same on both sites

ospfd - add metric and type to print_redistribute

2016-11-19 Thread Remi Locherer
Hi, In the output of ospfd -nv I miss metric and type for the redistribute statement. The below patch adds this. Sample output: remi@mistral:..in/ospfd% doas obj/ospfd -nv WARNING: IP forwarding NOT enabled, running as stub router router-id 10.10.10.1 fib-update yes rfc1583compat yes stub

Re: ospfd - handling mtu changes

2016-12-13 Thread Remi Locherer
On Mon, Dec 05, 2016 at 06:06:42PM +0100, Remi Locherer wrote: > On Tue, Nov 29, 2016 at 12:14:40PM +0100, Jeremie Courreges-Anglas wrote: > > Remi Locherer <remi.loche...@relo.ch> writes: > > > > > On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Angl

Re: ospfd - handling mtu changes

2016-12-05 Thread Remi Locherer
On Tue, Nov 29, 2016 at 12:14:40PM +0100, Jeremie Courreges-Anglas wrote: > Remi Locherer <remi.loche...@relo.ch> writes: > > > On Sat, Nov 26, 2016 at 09:39:40AM +0100, Jeremie Courreges-Anglas wrote: > >> Remi Locherer <remi.loche...@relo.ch> writes: >

Re: ospf6d: handle interface MTU changes

2016-12-22 Thread Remi Locherer
On Wed, Dec 21, 2016 at 12:08:23PM +0100, Jeremie Courreges-Anglas wrote: > > Hi, > > After ospfd here's a diff to make ospf6d refresh his view of an > interface's MTU at runtime. This needs a fresh kernel. > > The parent should pass the IFINFO message to its children first, and > then decide

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-07-16 Thread Remi Locherer
On Tue, Jul 04, 2017 at 11:00:18PM +0200, Remi Locherer wrote: > On Sun, Jun 25, 2017 at 11:47:09PM +0200, Remi Locherer wrote: > > Hi, > > > > ospfd does not react nicely when running "sh /etc/netstart if". > > > > This is because adding the

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-07-24 Thread Remi Locherer
On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > > On 06/25/17 23:47, Remi Locherer wrote: > > > Hi, > > > > > > ospfd does not react nicely when running "sh /etc/netstart

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-07-21 Thread Remi Locherer
On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > On 06/25/17 23:47, Remi Locherer wrote: > > Hi, > > > > ospfd does not react nicely when running "sh /etc/netstart if". > > > > This is because adding the same address again

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-07-04 Thread Remi Locherer
On Sun, Jun 25, 2017 at 11:47:09PM +0200, Remi Locherer wrote: > Hi, > > ospfd does not react nicely when running "sh /etc/netstart if". > > This is because adding the same address again do an interface results > in RTM_DELADDR and RTM_NEWADDR. ospfd hand

ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-06-25 Thread Remi Locherer
Hi, ospfd does not react nicely when running "sh /etc/netstart if". This is because adding the same address again do an interface results in RTM_DELADDR and RTM_NEWADDR. ospfd handles the former but the later. If this happens ospfd says "interface vether0:192.168.250.1 gone". Adjacencies on that

Re: hidmt: add support for hybrid mode

2017-10-08 Thread Remi Locherer
On Sun, Oct 08, 2017 at 09:22:46AM -0500, joshua stein wrote: > This adds support for Hybrid mode for Windows Precision Touchpads > (ihidev/imt). If yours only works with one finger, this should fix > that. > > This also changes the way SET_REPORTs are sent to put the touchpad > into touchpad

Re: ugold(4): add support for TEMPer1F_H1V1.5F

2017-10-05 Thread Remi Locherer
On Wed, Oct 04, 2017 at 10:52:31PM +0200, Jan Klemkow wrote: > Hi, > > This diff adds support for the "TEMPer1F_H1V1.5F" USB temperature and > humidity sensor to the ugold(4) driver. I got reasonable values from > the device, but as mentioned in this github issue [1] they are not very >

Re: imt/hidmt: tests with "Windows Precision Touchpads" needed

2017-09-25 Thread Remi Locherer
On Tue, Sep 19, 2017 at 09:43:37PM +0200, Ulf Brosziewski wrote: > This patch adapts hidmt - which is used by imt(4) - to the multitouch > interface of wsmouse, and it adds the compat-mode configuration required > by the wsmouse-internal touchpad input driver. > > Tests with both the synaptics

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-08-23 Thread Remi Locherer
On Wed, Aug 23, 2017 at 12:22:03AM +0200, Florian Riehm wrote: > On 08/21/17 18:57, Remi Locherer wrote: > > On Mon, Jul 24, 2017 at 04:59:46PM +0200, Remi Locherer wrote: > > > On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > > > > On Fri, Jul 21, 201

Re: ospfd: add IMSG_IFADDRADD to deal with "sh /etc/netstart if"

2017-08-21 Thread Remi Locherer
On Mon, Jul 24, 2017 at 04:59:46PM +0200, Remi Locherer wrote: > On Fri, Jul 21, 2017 at 06:24:06PM +0200, Remi Locherer wrote: > > On Fri, Jul 21, 2017 at 02:45:03PM +0200, Florian Riehm wrote: > > > On 06/25/17 23:47, Remi Locherer wrote: > > > > Hi, > > >

document how ospfd interacts with carp

2017-11-06 Thread Remi Locherer
Hi, ospfd.conf(5) should mention what ospfd does automatically when configured on carp interfaces. ok? Remi Index: ospfd.conf.5 === RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v retrieving revision 1.48 diff -u -p -r1.48

Re: dwiic: add pci attachment

2017-11-09 Thread Remi Locherer
On Fri, Nov 03, 2017 at 12:01:15PM -0500, joshua stein wrote: > Intel 100 Series laptops have the DesignWare I2C controller > attaching via PCI instead of ACPI, so move the guts of dwiic(4) into > ic/ and add dwiic_acpi and dwiic_pci files. Unfortunately the PCI > attachment still needs to

document capability dc in remote(5)

2017-10-30 Thread Remi Locherer
Hi, in 2015 remote(5) was trimmed down when tip was removed. It looks like documentation for capability "dc" was also removed by accident. cu(1) still supports this (src/usr.bin/cu/cu.c): 381 if (is_direct == -1 && cgetcap(cp, "dc", ':') != NULL) 382 is_direct = 1; Below

Re: dwiic(4) fix

2018-05-22 Thread Remi Locherer
On Tue, May 22, 2018 at 05:43:01PM +0200, Mark Kettenis wrote: > > Date: Mon, 21 May 2018 17:25:47 -0700 > > From: Mike Larkin > > > > On Mon, May 21, 2018 at 12:44:47PM +0200, Mark Kettenis wrote: > > > The diff below fixes I2C_OP_WRITE_WITH_STOP operations. Currently we

ospfd: deal with /etc/netstart, changes of netmask and dest_addr

2018-06-18 Thread Remi Locherer
Hi, in some circumstances ospfd behaves not the way a user would expect and it's not easy understand how to recover. With below diff ospfd recovers automatically from the following three cases. 1) netstart When someone runs the netstart script on a running system it most likely assigns the

ospf6d: fix resending LSAs on if change

2018-06-11 Thread Remi Locherer
Hi, ospf6d does not resend LSAs when a carp interface goes into backup state. This is unfortunate since other routers may still use the route to the backup router or they even do ECMP and send traffic to the master and backup. This minimal diff adds braces to fix it: Index: rde.c

ospf6d: MAX_METRIC for carp backup interfaces

2018-06-11 Thread Remi Locherer
Hi, ospfd sends LSAs with MAX_METRIC for carp interfaces in state backup. This does the same for ospf6d. While here also document how ospf6d treats carp interfaces. OK? Remi Index: ospf6d.conf.5 === RCS file:

Re: ospfd: deal with /etc/netstart, changes of netmask and dest_addr

2018-06-19 Thread Remi Locherer
On Tue, Jun 19, 2018 at 03:59:24PM +0100, Stuart Henderson wrote: > On 2018/06/18 08:53, Remi Locherer wrote: > > Index: ospfd.h > > === > > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v > > retrieving re

Re: ospfd/parse.y : fix line count

2018-06-03 Thread Remi Locherer
On Sat, Jun 02, 2018 at 10:33:11PM +0200, Denis Fondras wrote: > Applying otto@'s diff to ospfd. > Fixes an off-by-one line count when using include statements. > > Ok ? I applied your diff and verified that the line number for errors in included files is now correct. ok remi@ > > Index:

Re: ospf6d/parse.y : fix line count

2018-06-03 Thread Remi Locherer
On Sat, Jun 02, 2018 at 10:33:07PM +0200, Denis Fondras wrote: > Applying otto@'s diff to ospf6d. > Fixes an off-by-one line count when using include statements. > > Ok ? I applied your diff and verified that the line number for errors in included files is now correct. ok remi@ > > Index:

ospf6ctl sh data intra : print metric

2018-06-05 Thread Remi Locherer
Hi, this adds "Metric: " to the output of "ospf6ctl show database intra". It looks like this: -- LS age: 1152 LS Type: Intra Area (Prefix) Link State ID: 1.0.0.0

ospf6ctl.8 - document missing database filters

2018-06-05 Thread Remi Locherer
Hi, the ospf6ctl manual misses two database filters. OK? Remi Index: ospf6ctl.8 === RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.8,v retrieving revision 1.11 diff -u -p -r1.11 ospf6ctl.8 --- ospf6ctl.8 5 Nov 2017 17:45:02 -

ospf6d: fix metric for intra area prefix LSAs

2018-06-06 Thread Remi Locherer
Hi, RfC 5340 says that for intra area prefix LSAs metric should be set to 0 in case of point-to-multipoint or loopback interfaces. Otherwise metric should be set to the value of the interfaces output cost. ospf6d currently sends intra area prefix LSAs *always* with metric 0. Below diff fixes

Re: ospf6d: fix metric for intra area prefix LSAs

2018-06-06 Thread Remi Locherer
On Wed, Jun 06, 2018 at 09:01:49AM +0200, Claudio Jeker wrote: > On Wed, Jun 06, 2018 at 08:06:30AM +0200, Remi Locherer wrote: > > Hi, > > > > RfC 5340 says that for intra area prefix LSAs metric should be set to 0 > > in case of point-to-multipoint or loopback i

Re: ospfd: deal with /etc/netstart, changes of netmask and dest_addr

2018-06-25 Thread Remi Locherer
On Fri, Jun 22, 2018 at 12:25:40AM +0200, Jeremie Courreges-Anglas wrote: > On Tue, Jun 19 2018, Remi Locherer wrote: > > On Tue, Jun 19, 2018 at 03:59:24PM +0100, Stuart Henderson wrote: > >> On 2018/06/18 08:53, Remi Locherer wrote: >

Re: isakmpd.policy check

2018-01-04 Thread Remi Locherer
On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote: > On 2018/01/04 12:47, Martin Pieuchot wrote: > > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > > we do. > > This means you trust your ipsec peers not to request an invalid flow. > That's reasonable if

Re: bridge(4): protected interface (port)

2018-01-27 Thread Remi Locherer
On Wed, Jan 24, 2018 at 11:27:51PM +, Tom Smyth wrote: > Hello, Martin, Remi, All > Im very excited about this feature, Thanks Martin, > Please see Comments inline below > > On 23 January 2018 at 18:06, Remi Locherer <remi.loche...@relo.ch> wrote: > > On Mon, Jan 2

Re: ospfd: depend on interface (new feature)

2018-02-04 Thread Remi Locherer
On Sun, Feb 04, 2018 at 05:19:59AM +0100, Claudio Jeker wrote: > On Sun, Feb 04, 2018 at 12:42:22AM +0100, Remi Locherer wrote: > > Hi > > > > This adds a new feature to ospfd: depend on interface. > > > > A ospfd.conf using it looks like this: > > >

ospfd: depend on interface (new feature)

2018-02-03 Thread Remi Locherer
Hi This adds a new feature to ospfd: depend on interface. A ospfd.conf using it looks like this: --%<-- redistribute default depend on carp0 area 0.0.0.0 { interface em2 { depend on carp0 } [...] } --%<-- This router would send out the default route and the em2 network with

Re: ospf6d only needs AF_INET6 route messages

2018-02-08 Thread Remi Locherer
On Thu, Feb 08, 2018 at 11:52:01AM +0100, Sebastian Benoit wrote: > can someone confirm that ospf6d still works with this change? > > oks? ospf6d works as before with this change. It also matches what ospfd does. OK remi@ > > (benno_ospf6d_kroute.diff) > > diff --git usr.sbin/ospf6d/kroute.c

Re: ospfd getting confused about who is DR

2018-02-16 Thread Remi Locherer
On Fri, Feb 09, 2018 at 03:39:43AM +0100, Claudio Jeker wrote: > On netsplits it can happen that on join multiple ospfd end up as DR. > In my case with 3 routers the one cut off stays DR even though the rest of > the network already has a DR and BDR. > > Looking into this it seems that in some

Re: LACP Administrative Knobs

2018-08-10 Thread Remi Locherer
On 2018-08-09 03:53, Carlos Cardenas wrote: On Mon, Aug 06, 2018 at 08:18:23PM -0700, Carlos Cardenas wrote: Howdy. Attached is a patch from my work that started at g2k18 on adding administrative knobs to our LACP driver. The driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only has

ospfd: prevent additional ospfd from starting

2018-08-21 Thread Remi Locherer
Hi tech, recently we had a short outage in our network. A script started an additional ospfd instance because the -n flag for config test was missing. What then happend was not nice: - The new ospfd unlinked the control socket of the first ospfd - The new ospfd removed all routes from the first

Re: ospfd: prevent additional ospfd from starting

2018-08-24 Thread Remi Locherer
On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: > On Wed, Aug 22, 2018 at 12:12:10AM +0200, Remi Locherer wrote: > > On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > > > On 2018/08/21 17:16, Remi Locherer wrote: > > > > Hi tech, &g

Re: ospfd: prevent additional ospfd from starting

2018-08-21 Thread Remi Locherer
On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > On 2018/08/21 17:16, Remi Locherer wrote: > > Hi tech, > > > > recently we had a short outage in our network. A script started an > > additional > > ospfd instance because the -n

Re: ospfd: prevent additional ospfd from starting

2018-08-28 Thread Remi Locherer
On Tue, Aug 28, 2018 at 07:56:43AM +0200, Claudio Jeker wrote: > On Mon, Aug 27, 2018 at 11:33:19PM +0200, Remi Locherer wrote: > > On Fri, Aug 24, 2018 at 12:21:31PM +0200, Remi Locherer wrote: > > > On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: [ snip ]

Re: ospfd: prevent additional ospfd from starting

2018-08-27 Thread Remi Locherer
On Fri, Aug 24, 2018 at 12:21:31PM +0200, Remi Locherer wrote: > On Fri, Aug 24, 2018 at 08:58:12AM +0200, Claudio Jeker wrote: > > On Wed, Aug 22, 2018 at 12:12:10AM +0200, Remi Locherer wrote: > > > On Tue, Aug 21, 2018 at 05:54:18PM +0100, Stuart Henderson wrote: > >

ospfd: pledge parent process

2018-09-01 Thread Remi Locherer
Hi, Since slaacd is able to use pledge in the parent process I thought it may be possible for ospfd too. It works fine until ospfd gets reloaded. At this point it uses setsockopt to set the priority filter on the routing socket. Since I could not find a promise for this I extended wroute. Does

Re: ospfd: pledge parent process

2018-09-02 Thread Remi Locherer
On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > Hi, > > > > Since slaacd is able to use pledge in the parent process I thought it may > > be possible for ospfd too. > > &

Re: ospfd: pledge parent process

2018-09-02 Thread Remi Locherer
On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > Hi, > > > > Since slaacd is able to use pledge in the parent process I thought it may > > be possible for ospfd too. > > &

Re: ospfd: pledge parent process

2018-09-02 Thread Remi Locherer
On Sun, Sep 02, 2018 at 08:05:55AM +0200, Remi Locherer wrote: > On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote: > > Remi Locherer(remi.loche...@relo.ch) on 2018.09.01 21:53:21 +0200: > > > Hi, > > > > > > Since slaacd is able to use pledge in

ospf6d: prevent additional ospf6d from starting

2018-08-31 Thread Remi Locherer
Hi, this is the adaption of the recent ospfd commit to ospf6d. Early in the startup the main process checks if another process is listening on the control socket and exits if that is the case. Otherwise the master process opens the control socket and passes it on to the ospf engine. OK? Remi

ospf6d: depend on

2018-07-10 Thread Remi Locherer
Hi, With the "depend on" option routes are sent out with a metric of 65535 if the referenced interface is down or in state backup. This is especially useful on a carp cluster to ensure all traffic goes to the carp master. This is similar to what we have for ospfd. A configuration using this

ospfd: change control socket to ospfd.sock.

2018-07-10 Thread Remi Locherer
Hi, This changes the name of the ospfd control socket to include the rdomain. It's similar to what bgpd does. OK? Remi Index: ospfd/ospfd.c === RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v retrieving revision 1.98 diff -u -p

Re: pledge ospf6d

2018-07-10 Thread Remi Locherer
On Tue, Jul 10, 2018 at 07:12:01PM +0200, Florian Riehm wrote: > Hi, > > this adds pledge to the ospf6d route decision engine and the ospf engine. > It is compared to the ospfd quite simple, since ospf6d does not support > reload, > rdomains and kif-interfaces. > > ok? builds and runs fine. OK

Re: bgpd: announce prefixes with priority n

2018-07-11 Thread Remi Locherer
On Wed, Jul 11, 2018 at 12:43:41AM +0200, Sebastian Benoit wrote: > hi, > > allows you to announce prefixes from the kernel routing table selected by > priority. > > lightly tested, as in, the config part works. > > network inet priority 32 > > ok? works in my lab setup. OK remi@ > >

ospf6ctl parse.y: remove wrong comment

2018-07-11 Thread Remi Locherer
in parse.y from ospfd this comment is followed by md_list_clr(_list); which does not exist in ospd6d. OK? Remi Index: parse.y === RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v retrieving revision 1.34 diff -u -p -r1.34

Re: ospf6d: depend on

2018-07-11 Thread Remi Locherer
On Tue, Jul 10, 2018 at 03:22:43PM +0200, Remi Locherer wrote: > Hi, > > With the "depend on" option routes are sent out with a metric of 65535 if > the referenced interface is down or in state backup. This is especially > useful on a carp cluster to ensure all traffi

ospfd printconf: print rdomain

2018-07-11 Thread Remi Locherer
This makes "ospfd -nv" print the rdomain config option if present. OK? Remi Index: printconf.c === RCS file: /cvs/src/usr.sbin/ospfd/printconf.c,v retrieving revision 1.18 diff -u -p -r1.18 printconf.c --- printconf.c 5 Feb 2018

ospf6d: add support for rdomains

2018-07-11 Thread Remi Locherer
Hi, This adds rdomain support to ospf6d. It works the same as in ospfd. OK? Remi Index: ospf6ctl/ospf6ctl.c === RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v retrieving revision 1.48 diff -u -p -r1.48 ospf6ctl.c ---

Re: ospf6d: depend on

2018-07-11 Thread Remi Locherer
On Wed, Jul 11, 2018 at 02:59:30PM +0200, Florian Riehm wrote: > Hi, > > successfully tested. I like the feature! Thanks! > Some (mostly cosmetic) comments inline. I fixed them. Updated diff below. > Index: ospfe.c > === > RCS

Re: ospf6d: remove unneded log_setverbose()

2018-07-09 Thread Remi Locherer
On Mon, Jul 09, 2018 at 10:42:16AM +0200, Claudio Jeker wrote: > On Mon, Jul 09, 2018 at 10:31:15AM +0200, Remi Locherer wrote: > > later on it is set with: > > log_setverbose(ospfd_conf->opts & OSPFD_OPT_VERBOSE); > > > > OK? > > Shouldn't we in

ospf6d: remove unneded log_setverbose()

2018-07-09 Thread Remi Locherer
later on it is set with: log_setverbose(ospfd_conf->opts & OSPFD_OPT_VERBOSE); OK? Index: ospf6d.c === RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v retrieving revision 1.35 diff -u -p -r1.35 ospf6d.c --- ospf6d.c5 Nov 2017

Re: bridge(4): protected interface (port)

2018-01-23 Thread Remi Locherer
On Mon, Jan 22, 2018 at 04:23:59PM +0100, Martin Pieuchot wrote: > Diff below adds a new feature to bridge(4), similar to Cisco's Protected > Port but with more possibilities. > > The idea is to prevent traffic to flow between some members of a bridge(4). > For example: > - you want to prevent

Re: ospfd: depend on interface (new feature)

2018-04-20 Thread Remi Locherer
On 2018-04-20 14:46, Kapetanakis Giannis wrote: On 04/02/18 01:42, Remi Locherer wrote: Hi This adds a new feature to ospfd: depend on interface. A ospfd.conf using it looks like this: --%<-- redistribute default depend on carp0 area 0.0.0.0 { interface em2 { depend on ca

Re: ospfd: depend on interface (new feature)

2018-04-20 Thread Remi Locherer
On 2018-04-20 15:39, Kapetanakis Giannis wrote: On 20/04/18 16:20, Remi Locherer wrote: On 2018-04-20 14:46, Kapetanakis Giannis wrote: While it does the job for local connected/static networks (on the router), it doesn't do it for forwarded routes which I learn from remote OSPF routers

unveil ospfd's parent proc

2018-10-26 Thread Remi Locherer
Hi, this restricts ospfd's parent process to only read it's config file (reload) and unlink the control socket on exit. I added unveil after the setup of the control socket is done since chmod is used in control_init. OK? Remi Index: ospfd.c

Re: unveil ospfd's parent proc

2018-10-28 Thread Remi Locherer
st_list, entry); > free(r); > > On 15:58 Sun 28 Oct , Florian Obser wrote: > > Sorry, I'm on a phone. The diff context looks like the control FD is > > already open at this point. Does ospfd later re-open it? > > > > On October 27, 2018 11:2

Re: unveil ospfd's parent proc

2018-10-28 Thread Remi Locherer
11:25:58 PM GMT+02:00, Remi Locherer > wrote: > >On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > >> Remi Locherer wrote: > >> > >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > >> > > This breaks usage o

Re: unveil ospfd's parent proc

2018-10-28 Thread Remi Locherer
gt; > > ospfd_shutdown(); > > @@ -308,7 +313,6 @@ ospfd_shutdown(void) > > msgbuf_clear(_rde->ibuf.w); > > close(iev_rde->ibuf.fd); > > > > - control_cleanup(ospfd_conf->csock); > > while ((r = SIMPLEQ_FIRST(_conf->redist_list)) != NU

unveil ospf6d's parent proc

2018-10-29 Thread Remi Locherer
Hi, ospf6d does not support reloading so its parent proc does not need filesystem access with the exception of the control socket cleanup on exit. Once we teach it how to reload the config it is easy to unveil "/" readonly as I just did for ospfd. OK? Remi cvs diff: Diffing . Index: ospf6d.c

Re: unveil ospfd's parent proc

2018-10-26 Thread Remi Locherer
2018 5:26:06 PM GMT+02:00, Remi Locherer > wrote: > >Hi, > > > >this restricts ospfd's parent process to only read it's config file > >(reload) > >and unlink the control socket on exit. I added unveil after the setup > >of > >the control socket

Re: disable fs access on ripd

2018-10-30 Thread Remi Locherer
On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote: > Remi Locherer wrote: > > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote: > > > Hi, > > > > > > After all files are opened ripd(8) can have the fs access disabled just &g

Re: disable fs access on ripd

2018-10-30 Thread Remi Locherer
On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote: > Hi, > > After all files are opened ripd(8) can have the fs access disabled just before > each process main loop. Its 2 childs already run under chroot, but since they > are still not pledged at least they have no way to

Re: disable fs access on ripd

2018-11-03 Thread Remi Locherer
On Tue, Oct 30, 2018 at 05:31:04PM +, Ricardo Mestre wrote: > clearly an oversight due to looking at too many daemons at the same > time. since the only thing ripd needs to do is unlink the socket I think > we can remove control_cleanup, even though I'd rather do this > introducing pledge, but

Re: unveil ospfd's parent proc

2018-10-27 Thread Remi Locherer
On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > Remi Locherer wrote: > > > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > > > This breaks usage of the "include" keyword. Something that all the > > > parse.y daemon

Re: unveil dhclient (privileged process)

2018-11-05 Thread Remi Locherer
On Mon, Nov 05, 2018 at 12:30:08PM +, Ricardo Mestre wrote: > Hi, > > dhclient(8)'s privileged process cannot be pledged yet due to some route > related sysctl(2)'s, but it seems it only needs to access two files. One is > /etc/resolv.conf with write/create permissions and saved_argv[0]

ripd.conf man page fix

2018-11-10 Thread Remi Locherer
Hi, the default for triggered-updates is no. OK? Remi cvs diff: Diffing . Index: ripd.conf.5 === RCS file: /cvs/src/usr.sbin/ripd/ripd.conf.5,v retrieving revision 1.15 diff -u -p -r1.15 ripd.conf.5 --- ripd.conf.5 18 Jun 2018

ripd.conf: allow interface without { }

2018-11-10 Thread Remi Locherer
Hi, ripd wants curly braces for interface blocks even if no parameters are specified. This is inconsistent with other daemons and a bit annoying. Below diff makes ripd accepting interface if0 without { } afterwards. The example in the man page shows the interface statement with and

Re: ripd.conf: allow interface without { }

2018-11-11 Thread Remi Locherer
On Sun, Nov 11, 2018 at 09:48:38AM +0100, Claudio Jeker wrote: > On Sat, Nov 10, 2018 at 09:17:57PM +0100, Remi Locherer wrote: > > Hi, > > > > ripd wants curly braces for interface blocks even if no parameters are > > specified. This is inconsistent with other

Re: prevent bgpd from starting when control socket already used

2018-11-12 Thread Remi Locherer
On Mon, Nov 12, 2018 at 08:12:37AM +0100, Claudio Jeker wrote: > On Sun, Nov 11, 2018 at 04:40:54PM -0700, Theo de Raadt wrote: > > Makes sense to me, I suppose. > > > > Isn't another approach to swap the opening of the sockets? > > > > Or why does failure to control :179 sockets not stop

prevent bgpd from starting when control socket already used

2018-11-11 Thread Remi Locherer
Hi, I heard from two devs that started a 2nd bgpd by accident (forgot -n for a config check) which then caused downtime. Below diff adds a check to bgpd similar to the one we have now in ospfd and ospf6d: if another process is listening on the control socket bgpd exits. The situation is a bit

Re: OpenBGPd Feature Request / Question if the Feature Request

2018-09-22 Thread Remi Locherer
On Sat, Sep 22, 2018 at 08:22:52AM +0100, Tom Smyth wrote: > OpenBGPd Feature Request / Question if the Feature Request > is something the community would use ? > > Background, > Ideally we would run full tables so that we have visibility > on reachibility of a prefix via a transit provider, >

Re: prevent bgpd from starting when control socket already used

2018-11-19 Thread Remi Locherer
On Mon, Nov 19, 2018 at 09:45:55AM +0100, Claudio Jeker wrote: > On Sun, Nov 18, 2018 at 11:40:40PM +0100, Remi Locherer wrote: > > Hi, > > > > from the discussion I understand nobody rejects the functionality. > > > > To ease the review here again the diff

  1   2   >