Re: traceroute support for RFC 5837
On Fri, Sep 03, 2010 at 06:45:19PM -0700, Matthew Dempsky wrote: > On Tue, Sep 07, 2010 at 04:40:38PM +0200, Claudio Jeker wrote: > > + if (objhdr.ieo_ctype & 0x02) { > > + /* interface name */ > > + if (olen < buf[0]) { > > + printf("|)"); > > + return; > > + } > > + name = strndup(buf + 1, buf[0]); > > + olen -= buf[0]; > > + buf += buf[0]; > > + } > > buf[0] is the length of the entire sub-object not just the interface > name, so I think we should a) check that it's in the range [1,64] and > b) replace strndup(buf + 1, buf[0]) with strndup(buf + 1, buf[0] - 1). > > There's also a memory leak that name might not be free(3)'d before > return if the MTU field is truncated. > Ugh, you're right. Fixed diff attached. I will commit the non-ICMP_EXT_IFINFO part somewhen soon since the MPLS output is much nicer. traceroute to 192.168.237.242 (192.168.237.242), 64 hops max, 40 byte packets 1 192.168.237.2 (192.168.237.2) 1.426 ms 0.257 ms 0.195 ms 2 10.42.3.1 (10.42.3.1) 2.903 ms 1.741 ms 1.108 ms [MPLS Label 23, 666] 3 10.42.7.1 (10.42.7.1) 2.95 ms 1.515 ms 1.310 ms [MPLS Label 23, 666] 4 10.42.42.2 (10.42.42.2) 2.210 ms 1.520 ms 1.79 ms [MPLS Label 16, 666] 5 192.168.237.242 (192.168.237.242) 2.883 ms 1.334 ms 1.74 ms instead of traceroute to 192.168.237.242 (192.168.237.242), 64 hops max, 40 byte packets 1 192.168.237.2 (192.168.237.2) 3.31 ms 0.382 ms 0.256 ms 2 10.42.3.1 (10.42.3.1) 3.434 ms 1.235 ms 1.62 ms [MPLS: Label 23 Exp 0, Label 666 Exp 0] 3 10.42.7.1 (10.42.7.1) 2.148 ms 1.184 ms 1.551 ms [MPLS: Label 23 Exp 0, Label 666 Exp 0] 4 10.42.42.2 (10.42.42.2) 2.103 ms 1.151 ms 1 ms [MPLS: Label 16 Exp 0, Label 666 Exp 0] 5 192.168.237.242 (192.168.237.242) 2.140 ms 1.253 ms 1.39 ms -- :wq Claudio Index: traceroute.c === RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v retrieving revision 1.72 diff -u -p -r1.72 traceroute.c --- traceroute.c9 Jul 2010 12:27:09 - 1.72 +++ traceroute.c7 Sep 2010 14:37:48 - @@ -728,7 +728,9 @@ print_exthdr(u_char *buf, int cc) struct ip *ip; struct icmp *icp; int hlen, first; - u_int32_t label; + u_int32_t label, ifindex, mtu; + struct in_addr addr; + char *name; u_int16_t off, olen; u_int8_t type; @@ -805,13 +807,14 @@ print_exthdr(u_char *buf, int cc) olen -= sizeof(u_int32_t); if (first == 0) { - printf(" [MPLS: "); + printf(" [MPLS Label "); first++; } else printf(", "); - printf("Label %d Exp %d", - MPLS_LABEL(label), - MPLS_EXP(label)); + printf("%d", MPLS_LABEL(label)); + if (MPLS_EXP(label)) + printf(" (Exp %x)", + MPLS_EXP(label)); } if (olen > 0) { printf("|]"); @@ -826,6 +829,91 @@ print_exthdr(u_char *buf, int cc) } break; case ICMP_EXT_IFINFO: + /* RFC 5837: Extending ICMP for Interface and Next-Hop +* Identification */ + mtu = 0; + ifindex = 0; + addr.s_addr = INADDR_ANY; + name = NULL; + if (objhdr.ieo_ctype & 0x80) + printf("(fwd"); + else + printf("(recv"); + /* must parse in this order */ + if (objhdr.ieo_ctype & 0x08) { + /* ifIndex */ + if (olen < sizeof(u_int32_t)) { + printf("|)"); + return; + } + memcpy(&ifindex, buf, sizeof(u_int32_t)); + ifindex = ntohl(ifindex); + buf += sizeof(u_int32_t); +
Re: sender expansions for opensmtpd(try 2)
ok by me, commited gilles On 09/06/10 11:48, Gregory Edigarov wrote: Hi everybody, The following diff adds sender expansions to OpenSMTPD. %U for sender localpart %D for sender domainpart --- lka.c.orig Sun Jun 20 12:56:26 2010 +++ lka.c Sun Sep 5 16:41:37 2010 @@ -55,11 +55,11 @@ struct lkasession *lka_session_init(struct smtpd *, struct message *); void lka_request_forwardfile(struct smtpd *, struct lkasession *, struct path *); void lka_clear_expandtree(struct expandtree *); void lka_clear_deliverylist(struct deliverylist *); char *lka_encode_secret(struct map_secret *); -size_t lka_expand(char *, size_t, struct path *); +size_t lka_expand(char *, size_t, struct path *,struct path *); void lka_rcpt_action(struct smtpd *, char *, struct path *); void lka_session_destroy(struct smtpd *, struct lkasession *); void lka_expansion_done(struct smtpd *, struct lkasession *); void lka_session_fail(struct smtpd *, struct lkasession *); void lka_queue_append(struct smtpd *, struct lkasession *, int); @@ -370,20 +370,19 @@ { return 1; } size_t -lka_expand(char *buf, size_t len, struct path *path) +lka_expand(char *buf, size_t len, struct path *path, struct path *sender) { char *p, *pbuf; struct rule r; size_t ret; struct passwd *pw; bzero(r.r_value.path, MAXPATHLEN); pbuf = r.r_value.path; - ret = 0; for (p = path->rule.r_value.path; *p != '\0'; ++p) { if (p == path->rule.r_value.path&& *p == '~') { if (*(p + 1) == '/' || *(p + 1) == '\0') { pw = getpwnam(path->pw_name); @@ -422,10 +421,26 @@ pbuf += strlen(pw->pw_dir); p += strlen(username); continue; } } + if (strncmp(p, "%U", 2) == 0) { + ret += strlcat(pbuf, sender->user, len); + if (ret>= len) + return ret; + pbuf += strlen (sender->user); + ++p; + continue; + } + if (strncmp(p,"%D",2) == 0) { + ret += strlcat(pbuf, sender->domain, len); + if (ret>= len) + return ret; + pbuf += strlen(sender->domain); + ++p; + continue; + } if (strncmp(p, "%a", 2) == 0) { ret += strlcat(pbuf, path->user, len); if (ret>= len) return ret; pbuf += strlen(path->user); @@ -680,11 +695,11 @@ return; } /* send next item to queue */ message = s->message; - lka_expand(path->rule.r_value.path, sizeof(path->rule.r_value.path), path); + lka_expand(path->rule.r_value.path, sizeof(path->rule.r_value.path), path,&message.sender); message.recipient = *path; sep = strchr(message.session_hostname, '@'); if (sep) { *sep = '\0'; uid = strtonum(message.session_hostname, 0, UID_MAX,&errstr);
ipv6 support for tftp
hi, - ipv6 support for tftp client. based on an old itojun's diff. [demime 1.01d removed an attachment of type text/x-diff]
Stay connected to the latest restaurant products and services
If you have problems viewing this message, click below: http://www.magnetmail.net/actions/email_web_version.cfm?recipient_id=18203973 8&message_id=1082084&user_id=Lebhar_ENT&group_id=265105 Join over 1,000 users a day who visit Anything4Restaurants.com (http://www.Anything4Restaurants.com?utm_source=NRN%20Advertising&utm_medium= Newsletter&utm_term=POSITION&utm_content=NRN-MKT-A4R%20Social%20to%20Operator s%20Aug%202010&utm_campaign=Stay%20connected%20to%20the%20latest%20restaurant %20products%20and%20services) Since launching two years ago Anything4Restaurants.com (http://www.Anything4Restaurants.com?utm_source=NRN%20Advertising&utm_medium= Newsletter&utm_term=POSITION&utm_content=NRN-MKT-A4R%20Social%20to%20Operator s%20Aug%202010&utm_campaign=Stay%20connected%20to%20the%20latest%20restaurant %20products%20and%20services) has become established as the online marketplace built exclusively for the foodservice industry. With over 3,000 suppliers listed and more than 130,000 products to help run a restaurant, A4R.com has everything you need, all in one place. Staying connected is easy: Bookmark Anything4Restaurants.com (http://www.Anything4Restaurants.com?utm_source=NRN%20Advertising&utm_medium= Newsletter&utm_term=POSITION&utm_content=NRN-MKT-A4R%20Social%20to%20Operator s%20Aug%202010&utm_campaign=Stay%20connected%20to%20the%20latest%20restaurant %20products%20and%20services) and visit often to browse new products Follow A4R.com on Twitter: www.twitter.com/a4rdotcom (http://www.twitter.com/a4rdotcom) Become a fan of A4R.com on Facebook: www.facebook.com/A4Rdotcom (http://www.facebook.com/A4Rdotcom) If you need any more information on how to get connected with A4R.com, contact Tom Dillon at tdil...@anything4restaurants.com (mailto:tdil...@anything4restaurants.com). Become a fan of Nation's Restaurant News on Facebook and follow us on Twitter: www.facebook.com/RestaurantNews (http://www.facebook.com/RestaurantNews) http://twitter.com/NRNonline (http://twitter.com/NRNonline) http://twitter.com/NRNmarketing (http://twitter.com/NRNmarketing) ** 425 Park Avenue, New York, NY 10022 Periodically, we will inform you of related conferences, educational information, products and other offers that we believe you will find helpful in your profession. ** Use this link to unsubscribe: http://www.magnetmail.net/Actions/unsubscribe.cfm?message_id=1082084&user_id= Lebhar_ENT&recipient_id=182039738&email=t...@openbsd.org&group_id=265105
Re: ipv6 support for tftp
On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote: > hi, > > - ipv6 support for tftp client. > > based on an old itojun's diff. i forgot to attach the diff inline. Index: tftpsubs.c === RCS file: /cvs/src/usr.bin/tftp/tftpsubs.c,v retrieving revision 1.14 diff -u -r1.14 tftpsubs.c --- tftpsubs.c 27 Oct 2009 23:59:44 - 1.14 +++ tftpsubs.c 8 Sep 2010 14:01:19 - @@ -258,7 +258,7 @@ { int i, j = 0; charrbuf[SEGSIZE_MIN]; - struct sockaddr_in from; + struct sockaddr_storage from; socklen_t fromlen; for (;;) { Index: tftp.c === RCS file: /cvs/src/usr.bin/tftp/tftp.c,v retrieving revision 1.22 diff -u -r1.22 tftp.c --- tftp.c 27 Oct 2009 23:59:44 - 1.22 +++ tftp.c 8 Sep 2010 14:01:39 - @@ -58,7 +58,7 @@ #include "tftpsubs.h" static int makerequest(int, const char *, struct tftphdr *, const char *); -static voidnak(int); +static voidnak(int, struct sockaddr *); static voidtpacket(const char *, struct tftphdr *, int); static voidstartclock(void); static voidstopclock(void); @@ -67,7 +67,7 @@ static voidoack(struct tftphdr *, int, int); static int oack_set(const char *, const char *); -extern struct sockaddr_in peeraddr; /* filled in by main */ +extern struct sockaddr_storage peeraddr; /* filled in by main */ extern int f; /* the opened socket */ extern int trace; extern int verbose; @@ -124,7 +124,8 @@ sendfile(int fd, char *name, char *mode) { struct tftphdr *dp, *ap; /* data and ack packets */ - struct sockaddr_in from; + struct sockaddr_storage from; + struct sockaddr_storage peer; struct pollfdpfd[1]; unsigned longamount; socklen_tfromlen; @@ -138,6 +139,7 @@ convert = !strcmp(mode, "netascii"); block = 0; amount = 0; + memcpy(&peer, &peeraddr, peeraddr.ss_len); do { /* read data from file */ @@ -146,7 +148,7 @@ else { size = readit(file, &dp, convert, segment_size); if (size < 0) { - nak(errno + 100); + nak(errno + 100, (struct sockaddr *)&peer); break; } dp->th_opcode = htons((u_short)DATA); @@ -164,8 +166,8 @@ if (trace) tpacket("sent", dp, size + 4); if (sendto(f, dp, size + 4, 0, - (struct sockaddr *)&peeraddr, - sizeof(peeraddr)) != size + 4) { + (struct sockaddr *)&peer, + peer.ss_len) != size + 4) { warn("sendto"); goto abort; } @@ -202,7 +204,19 @@ warn("recvfrom"); goto abort; } - peeraddr.sin_port = from.sin_port; /* added */ + switch (peer.ss_family) { /* added */ + case AF_INET: + ((struct sockaddr_in *)&peer)->sin_port = + ((struct sockaddr_in *)&from)->sin_port; + break; + case AF_INET6: + ((struct sockaddr_in6 *)&peer)->sin6_port = + ((struct sockaddr_in6 *)&from)->sin6_port; + break; + default: + /* unsupported */ + break; + } if (trace) tpacket("received", ap, n); @@ -256,7 +270,8 @@ recvfile(int fd, char *name, char *mode) { struct tftphdr *dp, *ap; /* data and ack packets */ - struct sockaddr_in from; + struct sockaddr_storage from; + struct sockaddr_storage peer; struct pollfdpfd[1]; unsigned longamount; socklen_tfromlen; @@ -273,6 +288,7 @@ block = 1; amount = 0; firsttrip = 1; + memcpy(&peer, &peeraddr, peeraddr.ss_len); options: do { @@ -298,8 +314,8 @@ if (trace) tpacket("sent", ap, size); if (sendto(f, ackbuf, size, 0
Re: "generating new host key..."
On Tue, Sep 7, 2010 at 7:18 PM, Alexander Hall wrote: > $ which true false > /usr/bin/true > /usr/bin/false > > while those should be available to /etc/rc, I'd prefer not using them. -5 points for using which. :) $ whence -v true true is a shell builtin I happen to think that explicit true and false values make things easier to read, without as much [ ] noise.
Re: "generating new host key..."
On Wed, Sep 08, 2010 at 11:39:59AM -0400, Ted Unangst wrote: > On Tue, Sep 7, 2010 at 7:18 PM, Alexander Hall wrote: > > $ which true false > > /usr/bin/true > > /usr/bin/false > > > > while those should be available to /etc/rc, I'd prefer not using them. > > -5 points for using which. :) > > $ whence -v true > true is a shell builtin > > I happen to think that explicit true and false values make things > easier to read, without as much [ ] noise. > Truly, you do not grasp the simple elegance of a banana-shaped bikeshed.
Re: ipv6 support for tftp
On Wed, Sep 08, 2010 at 09:35:10AM -0300, Gleydson Soares wrote: | On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote: | > hi, | > | > - ipv6 support for tftp client. | > | > based on an old itojun's diff. | | i forgot to attach the diff inline. Works for me: [we...@impreza] $ tftp 2001:7b8:3af::1 tftp> get bsd.rd Received 7241454 bytes in 7.5 seconds Thanks, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: AES-GCM Part 3: isakmpd
changes: made sure that we won't generate quick mode config strings with gcm and other hashes (the very first hunk of the diff). pointed out by naddy. Index: conf.c === RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v retrieving revision 1.98 diff -u -p -r1.98 conf.c --- conf.c 4 Aug 2010 18:09:45 - 1.98 +++ conf.c 8 Sep 2010 17:04:57 - @@ -402,6 +402,11 @@ conf_load_defaults_qm(int tr, char *qme, if (pfs == 0 && strcmp(dhg_p, "")) return; + /* For GCM no additional authentication must be specified */ + if (proto == 0 && strcmp(qmh, "NONE") != 0 && + (strcmp(qme, "AESGCM") == 0 || strcmp(qme, "AESGMAC") == 0)) + return; + snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto), MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p); @@ -428,13 +433,19 @@ conf_load_defaults_qm(int tr, char *qme, if (strcmp(qme ,"BLOWFISH") == 0) conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0, 1); - else if (strcmp(qme_p ,"-AES-128") == 0) + else if (strcmp(qme_p, "-AES-128") == 0 || + strcmp(qme_p, "-AESGCM-128") == 0 || + strcmp(qme_p, "-AESGMAC-128") == 0) conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1); - else if (strcmp(qme_p ,"-AES-192") == 0) + else if (strcmp(qme_p, "-AES-192") == 0 || + strcmp(qme_p, "-AESGCM-192") == 0 || + strcmp(qme_p, "-AESGMAC-192")) conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1); -else if (strcmp(qme_p ,"-AES-256") == 0) -conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1); - else if (strcmp(qme ,"AES") == 0) + else if (strcmp(qme_p, "-AES-256") == 0 || + strcmp(qme_p, "-AESGCM-256") == 0 || + strcmp(qme_p, "-AESGMAC-256") == 0) + conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1); + else if (strcmp(qme, "AES") == 0) conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0, 1); @@ -472,9 +483,13 @@ conf_load_defaults(int tr) char*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", "-GRP15", 0}; char*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", - "AES", "AES", "AES", "AES_128_CTR", "NULL", "NONE", 0}; + "AES", "AES", "AES", "AESCTR", "AESGCM", "AESGCM", + "AESGCM", "AESGMAC", "AESGMAC", "AESGMAC", "NULL", + "NONE", 0}; char*qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES", - "-AES-128", "-AES-192", "-AES-256", "-AESCTR", "-NULL", + "-AES-128", "-AES-192", "-AES-256", "-AESCTR", + "-AESGCM-128", "-AESGCM-192", "-AESGCM-256", + "-AESGMAC-128", "-AESGMAC-192", "-AESGMAC-256", "-NULL", "", 0}; char*qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE", Index: ipsec.c === RCS file: /home/cvs/src/sbin/isakmpd/ipsec.c,v retrieving revision 1.135 diff -u -p -r1.135 ipsec.c --- ipsec.c 29 Jun 2010 19:50:16 - 1.135 +++ ipsec.c 6 Sep 2010 14:48:49 - @@ -975,7 +975,7 @@ ipsec_validate_transform_id(u_int8_t pro transform_id > IPSEC_AH_RIPEMD ? -1 : 0; case IPSEC_PROTO_IPSEC_ESP: return transform_id < IPSEC_ESP_DES_IV64 || - (transform_id > IPSEC_ESP_AES_128_CTR && + (transform_id > IPSEC_ESP_AES_GMAC && transform_id < IPSEC_ESP_AES_MARS) || transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; case IPSEC_PROTO_IPCOMP: @@ -1788,6 +1788,11 @@ ipsec_esp_enckeylength(struct proto *pro return iproto->keylen / 8; case IPSEC_ESP_AES_128_CTR: return 20; + case IPSEC_ESP_AES_GCM_16: + case IPSEC_ESP_AES_GMAC: + if (!iproto->keylen) + return 20; + return iproto->keylen / 8 + 4; case IPSEC_ESP_AES: if (!iproto->keylen) return 16; Index: ipsec_num.cst === RCS file: /home/cvs/src/sbin/isakmpd/ipsec_num.cst,v retrieving revision 1.16 diff -u -p -r1.16 ipsec_num.cst --- ipsec_num.cst 14 Jun 2005 10:50:47 - 1.16 +++ ipsec_num.cst 30 Aug 2010 18:15:03 - @@ -235,6 +235,8 @@ IPSEC_ESP NULL 11 AES 12 AES_128_CTR 13 + AES_GCM_16 20 + AES_GMAC 23 AES_MARS
Re: "generating new host key..."
On 09/08/10 17:39, Ted Unangst wrote: > On Tue, Sep 7, 2010 at 7:18 PM, Alexander Hall wrote: >> $ which true false >> /usr/bin/true >> /usr/bin/false >> >> while those should be available to /etc/rc, I'd prefer not using them. > > -5 points for using which. :) Ah fuck. Yes. Darn. :-d > $ whence -v true > true is a shell builtin > > I happen to think that explicit true and false values make things > easier to read, without as much [ ] noise. Yup. I totally agree then. :)
Re: AES-GCM Part 4: ipsecctl
changes: - don't allow other hashes with gcm. pointed out by naddy. Index: ike.c === RCS file: /home/cvs/src/sbin/ipsecctl/ike.c,v retrieving revision 1.67 diff -u -p -r1.67 ike.c --- ike.c 4 Oct 2009 11:39:32 - 1.67 +++ ike.c 6 Sep 2010 14:30:01 - @@ -161,6 +161,7 @@ static int ike_section_p2(struct ipsec_rule *r, FILE *fd) { char*exchange_type, *sprefix; + int needauth = 1; switch (r->p2ie) { case IKE_QM: @@ -224,6 +225,30 @@ ike_section_p2(struct ipsec_rule *r, FIL case ENCXF_AESCTR: fprintf(fd, "AESCTR"); break; + case ENCXF_AES_128_GCM: + fprintf(fd, "AESGCM-128"); + needauth = 0; + break; + case ENCXF_AES_192_GCM: + fprintf(fd, "AESGCM-192"); + needauth = 0; + break; + case ENCXF_AES_256_GCM: + fprintf(fd, "AESGCM-256"); + needauth = 0; + break; + case ENCXF_AES_128_GMAC: + fprintf(fd, "AESGMAC-128"); + needauth = 0; + break; + case ENCXF_AES_192_GMAC: + fprintf(fd, "AESGMAC-192"); + needauth = 0; + break; + case ENCXF_AES_256_GMAC: + fprintf(fd, "AESGMAC-256"); + needauth = 0; + break; case ENCXF_BLOWFISH: fprintf(fd, "BLF"); break; @@ -232,6 +257,7 @@ ike_section_p2(struct ipsec_rule *r, FIL break; case ENCXF_NULL: fprintf(fd, "NULL"); + needauth = 0; break; default: warnx("illegal transform %s", @@ -270,43 +296,44 @@ ike_section_p2(struct ipsec_rule *r, FIL warnx("illegal transform %s", r->p2xfs->authxf->name); return (-1); } - } else - fprintf(fd, "SHA2-256"); + fprintf(fd, "-"); + } else if (needauth) + fprintf(fd, "SHA2-256-"); if (r->p2xfs && r->p2xfs->groupxf) { switch (r->p2xfs->groupxf->id) { case GROUPXF_NONE: break; case GROUPXF_768: - fprintf(fd, "-PFS-GRP1"); + fprintf(fd, "PFS-GRP1"); break; case GROUPXF_1024: - fprintf(fd, "-PFS-GRP2"); + fprintf(fd, "PFS-GRP2"); break; case GROUPXF_1536: - fprintf(fd, "-PFS-GRP5"); + fprintf(fd, "PFS-GRP5"); break; case GROUPXF_2048: - fprintf(fd, "-PFS-GRP14"); + fprintf(fd, "PFS-GRP14"); break; case GROUPXF_3072: - fprintf(fd, "-PFS-GRP15"); + fprintf(fd, "PFS-GRP15"); break; case GROUPXF_4096: - fprintf(fd, "-PFS-GRP16"); + fprintf(fd, "PFS-GRP16"); break; case GROUPXF_6144: - fprintf(fd, "-PFS-GRP17"); + fprintf(fd, "PFS-GRP17"); break; case GROUPXF_8192: - fprintf(fd, "-PFS-GRP18"); + fprintf(fd, "PFS-GRP18"); break; default: warnx("illegal group %s", r->p2xfs->groupxf->name); return (-1); }; } else - fprintf(fd, "-PFS"); + fprintf(fd, "PFS"); fprintf(fd, "-SUITE force\n"); return (0); Index: ipsec.conf.5 === RCS file: /home/cvs/src/sbin/ipsecctl/ipsec.conf.5,v retrieving revision 1.126 diff -u -p -r1.126 ipsec.conf.5 --- ipsec.conf.57 Jun 2010 08:32:58 - 1.126 +++ ipsec.conf.56 Sep 2010 11:41:52 - @@ -612,6 +612,12 @@ keyword: .It Li aes-192 Ta "192 bits" .It Li aes-256 Ta "256 bits" .It Li aesctr Ta "160 bits" T
lookup -> vfs_lookup
i've always been annoyed with the oh so very generic name "lookup" for the vfs lookup routine, so rename it and the relookup routine to vfs_lookup and vfs_relookup. comments/oks? Index: kern/vfs_lookup.c === RCS file: /home/cvs/src/sys/kern/vfs_lookup.c,v retrieving revision 1.42 diff -u -p -r1.42 vfs_lookup.c --- kern/vfs_lookup.c 20 May 2010 02:32:02 - 1.42 +++ kern/vfs_lookup.c 8 Sep 2010 21:30:43 - @@ -179,7 +179,7 @@ namei(struct nameidata *ndp) } cnp->cn_nameptr = cnp->cn_pnbuf; ndp->ni_startdir = dp; - if ((error = lookup(ndp)) != 0) { + if ((error = vfs_lookup(ndp)) != 0) { pool_put(&namei_pool, cnp->cn_pnbuf); return (error); } @@ -293,7 +293,7 @@ badlink: * if WANTPARENT set, return unlocked parent in ni_dvp */ int -lookup(struct nameidata *ndp) +vfs_lookup(struct nameidata *ndp) { char *cp; /* pointer into pathname argument */ struct vnode *dp = 0; /* the directory we are searching */ @@ -613,7 +613,7 @@ bad: * Reacquire a path name component. */ int -relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) +vfs_relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) { struct proc *p = cnp->cn_proc; struct vnode *dp = 0; /* the directory we are searching */ Index: msdosfs/msdosfs_vnops.c === RCS file: /home/cvs/src/sys/msdosfs/msdosfs_vnops.c,v retrieving revision 1.73 diff -u -p -r1.73 msdosfs_vnops.c --- msdosfs/msdosfs_vnops.c 6 Sep 2010 23:44:10 - 1.73 +++ msdosfs/msdosfs_vnops.c 8 Sep 2010 21:36:24 - @@ -957,7 +957,7 @@ abortit: goto out; if ((tcnp->cn_flags & SAVESTART) == 0) panic("msdosfs_rename: lost to startdir"); - if ((error = relookup(tdvp, &tvp, tcnp)) != 0) + if ((error = vfs_relookup(tdvp, &tvp, tcnp)) != 0) goto out; dp = VTODE(tdvp); xp = tvp ? VTODE(tvp) : NULL; @@ -1007,7 +1007,7 @@ abortit: panic("msdosfs_rename: lost from startdir"); if (!newparent) VOP_UNLOCK(tdvp, 0, p); - (void) relookup(fdvp, &fvp, fcnp); + (void) vfs_relookup(fdvp, &fvp, fcnp); if (fvp == NULL) { /* * From name has disappeared. Index: nfs/nfs_serv.c === RCS file: /home/cvs/src/sys/nfs/nfs_serv.c,v retrieving revision 1.90 diff -u -p -r1.90 nfs_serv.c --- nfs/nfs_serv.c 29 Mar 2010 23:33:39 - 1.90 +++ nfs/nfs_serv.c 8 Sep 2010 21:31:30 - @@ -997,7 +997,7 @@ nfsrv_create(struct nfsrv_descript *nfsd nd.ni_cnd.cn_flags &= ~(LOCKPARENT | SAVESTART); nd.ni_cnd.cn_proc = procp; nd.ni_cnd.cn_cred = cred; - if ((error = lookup(&nd)) != 0) { + if ((error = vfs_lookup(&nd)) != 0) { pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf); nfsm_reply(0); error = 0; @@ -1194,7 +1194,7 @@ nfsrv_mknod(struct nfsrv_descript *nfsd, nd.ni_cnd.cn_flags &= ~(LOCKPARENT | SAVESTART); nd.ni_cnd.cn_proc = procp; nd.ni_cnd.cn_cred = procp->p_ucred; - error = lookup(&nd); + error = vfs_lookup(&nd); pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf); if (error) goto out; @@ -1712,7 +1712,7 @@ nfsrv_symlink(struct nfsrv_descript *nfs nd.ni_cnd.cn_flags |= (NOFOLLOW | LOCKLEAF); nd.ni_cnd.cn_proc = procp; nd.ni_cnd.cn_cred = cred; - error = lookup(&nd); + error = vfs_lookup(&nd); if (!error) { bzero((caddr_t)fhp, sizeof(nfh)); fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid; Index: nfs/nfs_subs.c === RCS file: /home/cvs/src/sys/nfs/nfs_subs.c,v retrieving revision 1.109 diff -u -p -r1.109 nfs_subs.c --- nfs/nfs_subs.c 6 Sep 2010 23:44:10 - 1.109 +++ nfs/nfs_subs.c 8 Sep 2010 21:40:04 - @@ -1252,7 +1252,7 @@ nfs_namei(struct nameidata *ndp, fhandle * And call lookup() to do the real work */ cnp->cn_proc = p; - error = lookup(ndp); + error = vfs_lookup(ndp); if (error) goto out; /* Index: sys/namei.h === RCS
Još samo 2 dana da obradujete mališane
Poštovani, Ostalo je još samo 2 dana da svoje mališane obradujete igraD kom i dodatnim poklonom. Obradujte svoje dete duplim poklonom i izmamite mu osmeh! PoE>urite, jer ostalo je još samo 5 kompleta Beach Circle Racket - deD ijih reketa koje dobijate na poklon uz svaku poruD enu igraD ku iz ove ponude! ⢠Doris - kreativna igra i slagalica za sve uzraste, uz POPUST! ⢠Art Kocke - jedinstvenog dizajna, razvijaju motoriD ke sposobnosti i pospešuju kreativnost! ⢠Hama Dizni princeze - perlice sa likom Dizni princeze. ⢠Hama Ben Ten - perlice sa likom Ben Tena, najpopularnijeg superheroja! ⢠Hama safari - sloE>ite figurice svojih omiljenih E>ivotinja sa safarija! ⢠Hama Winnie The Pooh - perlice D ine likove Vini Pua i njegove druE>ine! ⢠Klasici Crtanog filma - 5 DVD starih, dobrih crtaDa! PoE>urite i iskoristite ovu sjajnu ponudu za najmlaDe još danas - ova ponuda traje samo do 9. septembra! Najatraktivnije iz Quelle asortimana uz D ak 40% popusta na sve! Vaš Top Shop Ovu elektronsku poštu primate, ukoliko ste svojevoljno ostavili svoju e-mail adresu na nekom od sajtova Top Shop-a, uD estvovali u našoj poklon igri ili nagradnom kvizu ili se prijavili za e-D asopis Top Shop-a ili nekog od nasih brendova. Ponude date u ovom e-mailu vaE>e iskljuD ivo za porudE>bine upuDene putem Interneta ili broja telefona 021 489 26 60. Ukoliko ne E>elite više da primate naše elektronske poruke, za odjavljivanje sa naše e-mailing liste, kliknite ovde. Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021 489 26 60, Fax: 021 489 29 08, E-mail: i...@news.top-shop.rs [IMAGE]If you would no longer like to receive our emails please unsubscribe by clicking here.
pthread_join() not interruptable?
Hola, I'm not sure if the subject line is worded correctly, but chasing another problem I noticed that a thread (e.g., main thread) after call to pthread_join() isn't interrupted to handle signals. Same .c file on another OS works as expected. Is my expectation or .c file incorrect, or is this a bug in OpenBSD? I expect after compiling following .c file, and running the resulting executable, to be able to ^C and have it nicely quit. --patrick $ cat foo.c #include #include #include #include #include #include #include #include #include int quit; /* prototypes */ voidsigh(int); void*thr1(void*); void sigh(int sig) { quit = 1; printf("Caught signal:%d\n", sig); } void* thr1(void *arg) { sigset_tmask; sigfillset(&mask); if (0 != pthread_sigmask(SIG_SETMASK, &mask, NULL)) err(1, "pthread_sigmask()"); while (!quit) { fprintf(stderr, "."); sleep(1); } pthread_exit(NULL); } int main(int argc, char *argv[]) { void*prc; pthread_t a; struct sigactionsa; bzero(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_handler = sigh; sigaction(SIGTERM, &sa, NULL); sigaction(SIGINT, &sa, NULL); if (0 != pthread_create(&a, NULL, &thr1, NULL)) err(1, "pthread_create()"); #ifdef HACKAROUND // XXX // Compiling this bit in allows signal handler to // be invoked upon receiving desired signals. while (!quit) sleep(1); #endif if (0 != pthread_join(a, &prc)) err(1, "pthread_join()"); free(prc); exit(0); } $ cc -g -O0 -pthread foo.c -o foo $ ./foo ..^C.^C^C..^\Quit (core dumped) $ cc -g -O0 -pthread foo.c -o foo -DHACKAROUND $ ./foo ...^CCaught signal:2 $ sysctl kern.version kern.version=OpenBSD 4.8-beta (GENERIC) #84: Tue Aug 3 10:03:35 MDT 2010 dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC
Re: pthread_join() not interruptable?
> I'm not sure if the subject line is worded correctly, but chasing > another problem I noticed that a thread (e.g., main thread) after call > to pthread_join() isn't interrupted to handle signals. Known bug with OpenBSD pthreads. A sleeping thread will not get signaled until it wakes for some other reason. In the test program main is sleeping in the call to pthread join. It won't see any signals until thr1 exits. If you enable interrupts in thr1 the program will terminate as expected. Don't call printf from signal handlers. /\/\arc
various fixes in smtpd's lka.c
hi tech@, In lka.c:lka_expand(), there is a bug which causes the function to not compute correctly the remaining space in its expansion buffer. All strlcpy and strlcat truncation tests will use the bogus value making them useless. The consequence is that IF you hit that bug you will crash at RCPT time [1][2]. oga@ spotted the bug and rewrote a correct and simpler version of lka_expand() which fixes the crash and other known shortcomings. the caller now knows if an expansion has failed allowing us to reject recipient at RCPT time, rather than assuming the admin knows how to write a proper format :) please test, especially if you use rules with formats: accept [...] deliver to mda "/path/to/bin %u" [1] you are unlikely to hit the bug unless you have an insanely long format or many many many specifiers. [2] lka_expand() only processes sanitized inputs. lka_expand() rewrite by oga@, lka_queue_append() change by me Index: lka.c === RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v retrieving revision 1.116 diff -u -p -r1.116 lka.c --- lka.c 8 Sep 2010 13:46:18 - 1.116 +++ lka.c 8 Sep 2010 23:51:10 - @@ -62,7 +62,7 @@ void lka_rcpt_action(struct smtpd *, ch void lka_session_destroy(struct smtpd *, struct lkasession *); void lka_expansion_done(struct smtpd *, struct lkasession *); void lka_session_fail(struct smtpd *, struct lkasession *); -void lka_queue_append(struct smtpd *, struct lkasession *, int); +intlka_queue_append(struct smtpd *, struct lkasession *, int); u_int32_t lka_id; @@ -376,24 +376,24 @@ lka_expand(char *buf, size_t len, struct { char *p, *pbuf; struct rule r; - size_t ret; + size_t ret, lret = 0; struct passwd *pw; bzero(r.r_value.path, MAXPATHLEN); pbuf = r.r_value.path; ret = 0; - for (p = path->rule.r_value.path; *p != '\0'; ++p) { + for (p = path->rule.r_value.path; *p != '\0'; + ++p, len -= lret, pbuf += lret, ret += lret) { if (p == path->rule.r_value.path && *p == '~') { if (*(p + 1) == '/' || *(p + 1) == '\0') { pw = getpwnam(path->pw_name); if (pw == NULL) - continue; + return 0; - ret += strlcat(pbuf, pw->pw_dir, len); - if (ret >= len) - return ret; - pbuf += strlen(pw->pw_dir); + lret = strlcat(pbuf, pw->pw_dir, len); + if (lret >= len) + return 0; continue; } @@ -401,105 +401,81 @@ lka_expand(char *buf, size_t len, struct char username[MAXLOGNAME]; char *delim; - ret = strlcpy(username, p + 1, + lret = strlcpy(username, p + 1, sizeof(username)); - delim = strchr(username, '/'); - if (delim == NULL && ret >= sizeof(username)) { - continue; - } + if (lret >= sizeof(username)) + return 0; - if (delim != NULL) { - *delim = '\0'; - } + delim = strchr(username, '/'); + if (delim == NULL) + goto copy; + *delim = '\0'; pw = getpwnam(username); if (pw == NULL) - continue; + return 0; - ret += strlcat(pbuf, pw->pw_dir, len); - if (ret >= len) - return ret; - pbuf += strlen(pw->pw_dir); + lret = strlcat(pbuf, pw->pw_dir, len); + if (lret >= len) + return 0; p += strlen(username); continue; } } - if (strncmp(p, "%U", 2) == 0) { - ret += strlcat(pbuf, sender->user, len); - if (ret >= len) - return ret; - pbuf += strlen (sender->user)
pfctl(8) manpage minor addition
I couldn't find clarification on this in the manpages and it seems to be a common misconception. Perhaps a note like the following would be beneficial? (Apologies for gmail line mangling) Index: pfctl.8 === RCS file: /cvs/src/sbin/pfctl/pfctl.8,v retrieving revision 1.145 diff -u -p -r1.145 pfctl.8 --- pfctl.8 25 Jun 2010 23:27:47 - 1.145 +++ pfctl.8 9 Sep 2010 03:47:17 - @@ -231,6 +231,7 @@ may contain macros, tables, options, and normalization translation, and filtering rules. With the exception of macros and tables, the statements must appear in that order. +It is not necessary to flush existing rules before loading the new ruleset. .It Fl g Include output helpful for debugging. .It Fl h