nit-picking knf question
Where to declare local variables used in a small subordinate scope?
Specifically at the top of a routine or at the beginning of the
context where they're used?
I don't see it in style(9)
i.e.
extern int fum;
int
foo()
{
here 1> int a_local;
while (condition()) {
if (another_condition()) {
here 2> int a_local;
a_local = fum;
IIRC #1 is traditional and can be very clear but doesn't limit scope.
Most of the time the clarity & convenience are most important.
#2 has some advantages but not necessarily enough to outweigh #1.
Is the placement defined or is it up to the programmer?
thanks
geoff steckel
Re: Accessing LAN behind gateway from Road Warrior on wg(4) based tunnel
On Mon, Aug 30, 2021 at 07:42:43AM -, Stuart Henderson wrote: > On 2021-08-29, Erling Westenvik wrote: > > On Fri, Aug 27, 2021 at 07:36:21PM -, Stuart Henderson wrote: > >> > >> Make sure you have set wgaip to allow traffic from the machines on the > >> subnet on the other side of the tunnel. > > > > That was it. Thank you so much. Not directly intuitive to me that > > "access" to a remote subnet must be specified on the connecting client, > > but I think I understand the mechanisms a little better now. > > > > I can now access my home/office LAN which was my primary goal but I just > > found out that traffic to everything else leaves egress untunneled. > > However - trying something like: > > > > route change default 10.0.0.1 > > > > leaves the laptop dead in the water. Again a routing problem of some > > kind I guess. Any hints on where to start digging? > > Changing the default route means that wg won't be able to reach the > endpoint because the route to it is over the wg interface itself. If you > want to tunnel all traffic, the easiest way is: > > - set your physical interface in a different routing domain, e.g. > add "rdomain 2" to hostname.em0 > > - set wg to use the route table associated with that routing domain > when sending the encapsulated packets, e.g. add "wgrtable 2" to the wg > interface itself. > > - set your physical interface in a different routing domain, e.g. > add "rdomain 2" to hostname.em0 > > - set wg to use the route table assocoated with that routing domain > when sending the encapsulated packets, e.g. add "wgrtable 2" to > hostname.wg0 > > - on the machine you're connecting wg to, unless you use externally > routable IPs directly on the wg interface, you'll probably want > something like "match out on em0 received-on wg0 nat-to (em0)" > > - and because now you'll be receiving traffic from anywhere over the > wg interface you'll need wgaip 0.0.0.0/0 > > I think that covers everything but if not then tcpdump on various > interfaces and both wg endpoints to figure out where packets are > getting to, and that they have the expected address. Thanks again. I'll look into that information and compare and combine it with Matthieu Herrb's page "Setting up a WireGuard client with routing domains on OpenBSD" at https://codimd.laas.fr/s/NMc3qt5PQ#. (My father passed away the day after my initial post which was motivated by the need to access my LAN while watching over him at the nursery home. Thanks for putting time and effort into your answers despite my late replies.) Erling > > -- > Please keep replies on the mailing list. >
Re: resolvd recongizing unbound
On 2021-08-31, Paul de Weerd wrote: > 2. echo ::1 > /etc/resolv.conf I think it is a good idea to list a second nameserver, in case unbound dies or isn't running for some reason (for one, booting bsd.rd for an upgrade). -- Please keep replies on the mailing list.
Re: resolvd recongizing unbound
On Aug 31 16:32:23, we...@weirdnet.nl wrote: > On Tue, Aug 31, 2021 at 03:31:18PM +0200, Jan Stary wrote: > | The running resolvd recognizes if unwind is running, > | and places 127.0.0.1 at the top of resolv.conf accordingly. > | > | Could we have the same for unbound please? > | I run unbound insted of unwind to also serve some > | local names the machines around the office (beside resolution). > | > | But resolvd only recognizes unwind, not unbound; > | so resolv.conf lists just the external (dhcp) nameservers > | who don't know my local names of course. > | > | Or is there a reason resolvd only honors unwind > | but not unbound? > > In this case, why would you not simply disable resolvd and put ::1 in > /etc/resolv.conf yourself? > > resolvd is great for when the contents of resolv.conf change as you > move from network to network and you may want to use different > resolvers as you do. But if you're using unbound on the local system, > why would you still run resolvd? > > 1. rcctl disable resolvd > 2. echo ::1 > /etc/resolv.conf > 3. ... > 4. profit > > Just because there's a shiny new tool, doesn't mean you MUST use it. Right. Disabling resolvd seems the simplest way on this machine. Thanks, Jan
Re: resolvd recongizing unbound
On Tue, Aug 31, 2021 at 03:31:18PM +0200, Jan Stary wrote: | The running resolvd recognizes if unwind is running, | and places 127.0.0.1 at the top of resolv.conf accordingly. | | Could we have the same for unbound please? | I run unbound insted of unwind to also serve some | local names the machines around the office (beside resolution). | | But resolvd only recognizes unwind, not unbound; | so resolv.conf lists just the external (dhcp) nameservers | who don't know my local names of course. | | Or is there a reason resolvd only honors unwind | but not unbound? In this case, why would you not simply disable resolvd and put ::1 in /etc/resolv.conf yourself? resolvd is great for when the contents of resolv.conf change as you move from network to network and you may want to use different resolvers as you do. But if you're using unbound on the local system, why would you still run resolvd? 1. rcctl disable resolvd 2. echo ::1 > /etc/resolv.conf 3. ... 4. profit Just because there's a shiny new tool, doesn't mean you MUST use it. Cheers, Paul -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: resolvd recongizing unbound
Sebastien Marie wrote: > On Tue, Aug 31, 2021 at 03:31:18PM +0200, Jan Stary wrote: > > The running resolvd recognizes if unwind is running, > > and places 127.0.0.1 at the top of resolv.conf accordingly. > > > > Could we have the same for unbound please? > > I run unbound insted of unwind to also serve some > > local names the machines around the office (beside resolution). > > you could use the following: > > # route nameserver 127.0.0.1 > > it will tell resolvd(8) to use this particular nameserver. not the same. if resolvd is restarted, that nameserver is lost. the unwind thing is special; we don't think unbound configurations should receive the same treatment -- because unwind follows a different design principle which we believe makes it a higher class citizen.
Re: resolvd recongizing unbound
On Tue, Aug 31, 2021 at 03:31:18PM +0200, Jan Stary wrote: > The running resolvd recognizes if unwind is running, > and places 127.0.0.1 at the top of resolv.conf accordingly. > > Could we have the same for unbound please? > I run unbound insted of unwind to also serve some > local names the machines around the office (beside resolution). you could use the following: # route nameserver 127.0.0.1 it will tell resolvd(8) to use this particular nameserver. Thanks. -- Sebastien Marie
Re: resolvd recongizing unbound
On Tue, 31 Aug 2021, Jan Stary wrote: > The running resolvd recognizes if unwind is running, > and places 127.0.0.1 at the top of resolv.conf accordingly. > > Could we have the same for unbound please? > I run unbound insted of unwind to also serve some > local names the machines around the office (beside resolution). > > But resolvd only recognizes unwind, not unbound; > so resolv.conf lists just the external (dhcp) nameservers > who don't know my local names of course. > > Or is there a reason resolvd only honors unwind > but not unbound? Pretty sure that won't happen. You may want to take a look at unwind.conf(5), specially the `force` config option. That may do what you want if I understand correctly. Cheers, -- Paco Esteban. 0x5818130B8A6DBC03
resolvd recongizing unbound
The running resolvd recognizes if unwind is running, and places 127.0.0.1 at the top of resolv.conf accordingly. Could we have the same for unbound please? I run unbound insted of unwind to also serve some local names the machines around the office (beside resolution). But resolvd only recognizes unwind, not unbound; so resolv.conf lists just the external (dhcp) nameservers who don't know my local names of course. Or is there a reason resolvd only honors unwind but not unbound? Jan
