Re: How do I publish default router preferences using rad?
If it interests anyone, I've also implemented the route option
described in https://tools.ietf.org/html/rfc4191#section-2.3
I find sharing patches via this mailing list particularly unwieldy,
so I've pushed my work to a git branch at
https://github.com/cqcallaw/src/tree/rfc-4191
On Wed, Aug 7, 2019 at 11:27 PM Caleb wrote:
>
> Thank you for the code and review! I've synthesized the existing patch
> and review into something that successfully advertises router
> preferences in local testing (verified w/ rdisc6). This patch does not
> implement the route information option specified in RFC 4191 section
> 2.3.
>
> diff --git a/usr.sbin/rad/frontend.c b/usr.sbin/rad/frontend.c
> index 8178b058629..4031da6b99d 100644
> --- a/usr.sbin/rad/frontend.c
> +++ b/usr.sbin/rad/frontend.c
> @@ -411,7 +411,7 @@ frontend_dispatch_main(int fd, short event, void *bula)
> ra_prefix_conf))
>fatalx("%s: IMSG_RECONF_RA_PREFIX wrong "
> "length: %lu", __func__,
> -IMSG_DATA_SIZE(imsg));
> +IMSG_DATA_SIZE(imsg));
>if ((ra_prefix_conf = malloc(sizeof(struct
> ra_prefix_conf))) == NULL)
>fatal(NULL);
> @@ -1023,6 +1023,18 @@ build_packet(struct ra_iface *ra_iface)
>ra->nd_ra_router_lifetime =
> htons(ra_options_conf->router_lifetime);
>}
> +
> + /* add router preference flags */
> + if (ra_options_conf->preference == ND_RA_FLAG_RTPREF_RSV) {
> + fatalx("Invalid router preference found during RA packet
> construction.");
> + }
> +
> + if (ra_options_conf->router_lifetime == 0) {
> + log_debug("Router lifetime set to zero; ignoring router
> preference per https://tools.ietf.org/html/rfc4191#section-2.2;);
> + } else {
> + ra->nd_ra_flags_reserved |= ra_options_conf->preference;
> + }
> +
>ra->nd_ra_reachable = htonl(ra_options_conf->reachable_time);
>ra->nd_ra_retransmit = htonl(ra_options_conf->retrans_timer);
>p += sizeof(*ra);
> diff --git a/usr.sbin/rad/parse.y b/usr.sbin/rad/parse.y
> index 004e5e22f92..74480148246 100644
> --- a/usr.sbin/rad/parse.y
> +++ b/usr.sbin/rad/parse.y
> @@ -32,6 +32,7 @@
> #include
> #include
> +#include
> #include
> #include
> @@ -117,10 +118,12 @@ typedef struct {
> %token CONFIGURATION OTHER LIFETIME REACHABLE TIME RETRANS TIMER
> %token AUTO PREFIX VALID PREFERRED LIFETIME ONLINK AUTONOMOUS
> %token ADDRESS_CONFIGURATION DNS NAMESERVER SEARCH MTU
> +%token PREFERENCE LOW MEDIUM HIGH
> %token STRING
> %token NUMBER
> %typeyesno
> +%typepreference
> %typestring
> %%
> @@ -166,6 +169,11 @@ yesno : YES { $$ = 1; }
>| NO{ $$ = 0; }
>;
> +preference : LOW { $$ = ND_RA_FLAG_RTPREF_LOW; }
> + | MEDIUM { $$ = ND_RA_FLAG_RTPREF_MEDIUM; }
> + | HIGH { $$ = ND_RA_FLAG_RTPREF_HIGH; }
> + ;
> +
> varset : STRING '=' string {
>char *s = $1;
>if (cmd_opts & OPT_VERBOSE)
> @@ -213,6 +221,9 @@ ra_opt_block: DEFAULT ROUTER yesno {
>| MTU NUMBER {
>ra_options->mtu = $2;
>}
> + | PREFERENCE preference {
> + ra_options->preference = $2;
> + }
>| DNS dns_block
>;
> @@ -426,16 +437,20 @@ lookup(char *s)
>{"default", DEFAULT},
>{"dns", DNS},
>{"hop", HOP},
> + {"high",HIGH},
>{"include", INCLUDE},
>{"interface", RA_IFACE},
>{"lifetime",LIFETIME},
>{"limit", LIMIT},
> + {"low", LOW},
>{"managed", MANAGED},
> + {"medium", MEDIUM},
>{"mtu", MTU},
>{"nameserver", NAMESERVER},
>{"no", NO},
>{"on-link", ONLINK},
>{"other", OTHER},
> + {"preference", PREFERENCE},
>{"preferred", PREFERRED},
>{"prefix", PREFIX},
>{"reachable", REACHABLE},
> diff --git a/usr.sbin/rad/printconf.c b/usr.sbin/rad/printconf.c
> index d42890da518..c2173d2142f 100644
> --- a/usr.sbin/rad/printconf.c
> +++ b/usr.sbin/rad/printconf.c
> @@ -26,6 +26,7 @@
> #include
> #include
> +#include
> #include
> #include
> @@ -34,6 +35,7 @@
> #include "rad.h"
> const char*yesno(int);
> +const char*preference(int);
> void print_ra_options(const char*, const struct ra_options_conf*);
> void print_prefix_options(const char*, const struct ra_prefix_conf*);
> @@ -42,6 +44,20 @@ yesno(int flag)
> {
>return flag ? "yes" : "no";
> }
> +const char*
> +preference(int p)
> +{
> + switch (p) {
> + case ND_RA_FLAG_RTPREF_LOW:
> + return "low";
> + case ND_RA_FLAG_RTPREF_MEDIUM:
> + return "medium";
> + case ND_RA_FLAG_RTPREF_HIGH:
> + return "high";
> + default:
> + return "invalid";
> + }
> +}
> void
> print_ra_options(const char *indent, const struct ra_options_conf
Re: IPv6 problems
> From: list > I've restarted my VM over the official > Webinterface but still... > When trying to ping the gateway on fe80::1 I don't get any icmp > echoreplies. > What is the behavior of pf when disabled ? Is there some kind of > default blocking rule that is still active ? Have you tried /etc/hostname.vio0 with inet6 autoconf autoconfprivacy soii inet6 instead of specifying a LL route? Just in case, you could try /etc/pf.conf with only pass log all instead of disabling pf. Is the installion of OpenBSD provider by your VPS, or do they let you use a custom ISO? Maybe a trial installation using a differnt VPS but a similar configuration would indicate it's a problem with the VPS.
dkim on openbsd mailing lists.
Hi misc@, First, I do not consider myself an expert on this, by any means. It's just genuine curiosity. I noticed that the project mailing lists I'm subscribed to (ports and misc at this time) remove the dkim signature of the emails I sent to them (luckily I did not activate the dmarc detailed failure reports). It seems weird to me to do so, as those lists do not modify the headers signed by dkim (well, at least not the usually signed), so dkim should be still valid even when the list re-sends the email to all subscribers. Other mailing lists I'm subscribed to of course fail spf, but not dkim if they do not touch body or subject (as many do ...). If there's a list admin listening that could explain that to me, I would really appreciate it. Cheers, Paco. p.s: I'm pretty sure somebody else asked for this, but I could not find anything on the archives. -- Paco Esteban. https://onna.be/gpgkey.asc 9A6B 6083 AD9E FDC2 0EAF 5CB3 5818 130B 8A6D BC03
Re: IPv6 problems
Hi, i did specify it correctly now and the entry in my routing table is made. However that doesn't change my situation. I've restarted my VM over the official Webinterface but still... When trying to ping the gateway on fe80::1 I don't get any icmp echoreplies. When asking the provider I am given a link to the wiki and that this isn't their responsibility. What is the behavior of pf when disabled ? Is there some kind of default blocking rule that is still active ? I have no idea what to do. With kind regards, Stephan On 8/15/19 7:03 PM, Denis Fondras wrote: > On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote: >> Hi, >> >> EDIT: >> >> I have taken a look at the website of my hosting provider. >> >> My IPv6 gateway would be fe80::1. >> >> When trying to add the route manually i get "network unreachable". >> > Did you specify the output interface ? With LL addresses, you need to specify > it. > > route add -inet6 default fe80::1%vio0 > >
Re: can't find libpcap
On 8/17/19 1:07 PM, Noth wrote: > On 17/08/2019 14:01, shadrock uhuru wrote: >> hi everyone >> is there a package for pcap or libpcap >> or do i have to download the source and compile >> shadrock >> > libpcap is in base, see man pcap. It lives in /usr/lib. thanks
Re: openrsync out of memory
Joe Davis(m...@jo.ie) on 2019.08.16 12:26:36 +0100:
> By the looks of it, openrsync does attempt to map the entire file, from
> usr.bin/rsync/uploader.c:
>
> mapsz = st.st_size;
> map = mmap(NULL, mapsz, PROT_READ, MAP_SHARED, *fileinfd, 0);
>
> The likely reason for your out of memory error is the default datasize
> in login.conf. IIRC on some arches it's set to 768MB by default, which
> would allow your 300MB file to transfer, but would cause mmap to fail
> upon attempting to map the 1.6GB one.
>
> Increasing the default limits in /etc/login.conf should fix the problem.
>
> Note that rsync (not openrsync), doesn't use mmap for other reasons,
> from rsync-3.1.3/fileio.c:
>
> /* This provides functionality somewhat similar to mmap() but using read().
> * It gives sliding window access to a file. mmap() is not used because of
> * the possibility of another program (such as a mailer) truncating the
> * file thus giving us a SIGBUS. */
>
> Cheers,
> Joe
Hi,
this replaces the mmap() with pread(), please try it out.
I dont much like the error handling here, but its a start.
ok?
diff --git usr.bin/rsync/uploader.c usr.bin/rsync/uploader.c
index fd07b22caeb..cce8b47a4c9 100644
--- usr.bin/rsync/uploader.c
+++ usr.bin/rsync/uploader.c
@@ -158,8 +158,8 @@ init_blk(struct blk *p, const struct blkset *set, off_t
offs,
p->len = idx < set->blksz - 1 ? set->len : set->rem;
p->offs = offs;
- p->chksum_short = hash_fast(map + offs, p->len);
- hash_slow(map + offs, p->len, p->chksum_long, sess);
+ p->chksum_short = hash_fast(map, p->len);
+ hash_slow(map, p->len, p->chksum_long, sess);
}
/*
@@ -741,8 +741,9 @@ rsync_uploader(struct upload *u, int *fileinfd,
{
struct blkset blk;
struct stat st;
- void *map, *bufp;
- size_t i, mapsz, pos, sz;
+ void *mbuf, *bufp;
+ ssize_t msz;
+ size_t i, pos, sz;
off_t offs;
int c;
const struct flist *f;
@@ -909,35 +910,46 @@ rsync_uploader(struct upload *u, int *fileinfd,
blk.csum = u->csumlen;
if (*fileinfd != -1 && st.st_size > 0) {
- mapsz = st.st_size;
- map = mmap(NULL, mapsz, PROT_READ, MAP_SHARED, *fileinfd, 0);
- if (map == MAP_FAILED) {
- ERR("%s: mmap", u->fl[u->idx].path);
- close(*fileinfd);
- *fileinfd = -1;
- return -1;
- }
-
init_blkset(, st.st_size);
assert(blk.blksz);
blk.blks = calloc(blk.blksz, sizeof(struct blk));
if (blk.blks == NULL) {
ERR("calloc");
- munmap(map, mapsz);
+ close(*fileinfd);
+ *fileinfd = -1;
+ return -1;
+ }
+
+ if ((mbuf = calloc(1, blk.len)) == NULL) {
+ ERR("calloc");
close(*fileinfd);
*fileinfd = -1;
return -1;
}
offs = 0;
- for (i = 0; i < blk.blksz; i++) {
- init_blk([i],
- , offs, i, map, sess);
+ i = 0;
+ do {
+ msz = pread(*fileinfd, mbuf, blk.len, offs);
+ if (msz < 0) {
+ ERR("pread");
+ close(*fileinfd);
+ *fileinfd = -1;
+ return -1;
+ }
+ if ((size_t)msz != blk.len && (size_t)msz != blk.rem) {
+ /* short read, try again */
+ continue;
+ }
+ init_blk([i], , offs, i, mbuf, sess);
offs += blk.len;
- }
+ LOG3(
+ "i=%ld, offs=%lld, msz=%ld, blk.len=%lu,
blk.rem=%lu",
+ i, offs, msz, blk.len, blk.rem);
+ i++;
+ } while (i < blk.blksz);
- munmap(map, mapsz);
close(*fileinfd);
*fileinfd = -1;
LOG3("%s: mapped %jd B with %zu blocks",
Re: can't find libpcap
On 17/08/2019 14:01, shadrock uhuru wrote: hi everyone is there a package for pcap or libpcap or do i have to download the source and compile shadrock libpcap is in base, see man pcap. It lives in /usr/lib.
Re: can't find libpcap
Hi, shadrock uhuru wrote on Sat, Aug 17, 2019 at 01:01:08PM +0100: > is there a package for pcap or libpcap > or do i have to download the source and compile to answer such questions, use pkg_locate(1). # pkg_add pkglocatedb $ man pkg_locate $ pkg_locate libpcap.so This may also provide a clue: $ ldd $(which tcpdump) Yours, Ingo
can't find libpcap
hi everyone is there a package for pcap or libpcap or do i have to download the source and compile shadrock
[no subject]
� 0� � C TURKEY� P Ankara� T Cankaya� Z 06510� A 2139. Street 2/11� O Rakort Information Technologies� I Ibrahim Topbasi� M open...@rakort.com� U http://www.rakort.com� B 90-850-460-10-58� X 90-850-460-10-58� N More than 5 years, OpenBSD setup/installation/remote administration. Network engineering, software development� � � � (C/Python/PHP/PostgreSQL/MySQL). Also experienced with Solaris and Linux.� � � We specialize in providing solid open source solutions for businesses using OpenBSD,� � � � and Linux. MCSE, CCNA, RHCE certifications, VPNs, firewalls, wireless, DNS, squidGuard, mail - even training with OpenBSD.�
(Konu yok)
� 0� � C TURKEY� P Ankara� T Cankaya� Z 06510� A 2139. Street 2/11� O Rakort Information Technologies� I Ibrahim Topbasi� M� ibra...@rakort.com� U� http://www.rakort.com� B� 90-850-460-10-58� X� 90-850-460-10-58� N More than 5 years, OpenBSD setup/installation/remote administration. Network engineering, software development� � � � (C/Python/PHP/PostgreSQL/MySQL). Also experienced with Solaris and Linux.� � � We specialize in providing solid open source solutions for businesses using OpenBSD,� � � � and Linux. MCSE, CCNA, RHCE certifications, VPNs, firewalls, wireless, DNS, squidGuard, mail - even training with OpenBSD.
