Re: signed packages

[Nicolai]

On Thu, Jan 23, 2014 at 02:33:56PM -0200, Giancarlo Razzolini wrote:

> DNSSEC would make things a little simpler

All the TLD and other massive outages say otherwise.

I can think of one project that uses DNSSEC to verify files via TXT
lookups.  Their last DNSSEC outage?  3 days ago.

Ed25519 in signify provides a 128-bit security level and is
decentralized.  DNSSEC provides 112 bits at best, via a
government-controlled hierarchy.

Nicolai

[PATCH] Fix getdtablecount(2) HISTORY

[Donovan Watteau]

Hi,

The following diff fixes getdtablecount(2) HISTORY: this function appeared
in OpenBSD 5.2, not OpenBSD 5.1.

No getdtablecount() here:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/syscalls.master?only_with_tag=OPENBSD_5_1

but it's there:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/syscalls.master?only_with_tag=OPENBSD_5_2

Found while trying to compile slowcgi(8) on OpenBSD 5.1, out of
curiousity...

Index: getdtablecount.2
===
RCS file: /cvs/src/lib/libc/sys/getdtablecount.2,v
retrieving revision 1.3
diff -u -p -r1.3 getdtablecount.2
--- getdtablecount.212 Apr 2012 22:15:21 -  1.3
+++ getdtablecount.226 Jan 2014 22:01:50 -
@@ -35,4 +35,4 @@ open.
 The
 .Nm
 function appeared in
-.Ox 5.1 .
+.Ox 5.2 .

tcpdump: invalid v6 UDP checksums

[Christian Weisgerber]

Over IPv6, UDP packets must have a non-zero checksum (RFC2460,
section 8.1).  Currently, tcpdump ignores this and will print
"udp sum ok".  Maybe the author didn't understand how the Internet
checksum works and thought the checksum calculation would catch
this.

OK?
Any better phrasing than "invalid cksum", consistent (haha) with
tcpdump's output?

Index: print-udp.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-udp.c,v
retrieving revision 1.34
diff -u -p -r1.34 print-udp.c
--- print-udp.c 12 Jan 2010 06:10:33 -  1.34
+++ print-udp.c 26 Jan 2014 16:01:09 -
@@ -581,7 +581,9 @@ udp_print(register const u_char *bp, u_i
if (ip->ip_v == 6 && ip6->ip6_plen && vflag) {
int sum = up->uh_sum;
/* for IPv6, UDP checksum is mandatory */
-   if (TTEST2(cp[0], length)) {
+   if (sum == 0) {
+   (void)printf(" [invalid cksum]");
+   } else if (TTEST2(cp[0], length)) {
sum = udp6_cksum(ip6, up, length + sizeof(struct 
udphdr));
if (sum != 0)
(void)printf(" [bad udp cksum %x!]", sum);
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: your mail

[Marc Espie]

On Sat, Jan 25, 2014 at 11:04:21PM -0600, Shawn K. Quinn wrote:
> On Sat, Jan 25, 2014, at 08:53 AM, Marc Espie wrote:
> > I agree with "so-called" having negative connotations.
> > 
> > I think both those instances are using it intentionally, namely there
> > are nasty surprises in some MBR blocks that are not covered by
> > the so-called MBR standard.
> 
> There's an actual MBR standard? If so, maintained by whom?

Precisely.

MBR is a dark art.

We know we produce valid MBR blocks because machines don't blow up on us...

Re: help needed from someone with an sk(4)

[Geoff Steckel]

On 01/24/2014 02:09 PM, Henning Brauer wrote:

* Ted Unangst  [2014-01-24 17:48]:


Are people still using sk, gem, or hme (!) in pps performance critical
situations?

doesn't make sense to do so, and hasn't in a long time...

Performance critical? Well, given the pathetic speeds available in
the USA for less than a small fortune, sk works well and was cheap.
Yes, this is an ancient release and an ancient/snail slow CPU...
it works and the system uses about 15W with only 1 tiny fan.
At max load (routing 20 mbit and forwarding 200 mbit or so) the
CPU is 25% loaded.

[Why an ancient release?

sysmerge didn't handle any of the crucial update cases (pf changes 
especially)

at all well. It didn't differentiate release-to-release changes from user
changes. Maybe it does now with diff3 - that's what I use.
(old release /etc <-> current system /etc <-> new release /etc).
This box will probably go to 5.5 or 5.4 current - not significantly less
work than a single release update.]

OpenBSD 5.2 (GENERIC) #278: Wed Aug  1 10:04:16 MDT 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,NXE,SSE3,EST,TM2

real mem  = 1005056000 (958MB)
avail mem = 96640 (932MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/16/06, BIOS32 rev. 0 @ 0xfb570, 
SMBIOS rev. 2.3 @ 0xf (34 entries)

bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 05/16/2006
apm0 at bios0: Power Management spec V1.2 (slowidle)
acpi at bios0 function 0x0 not configured
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
cpu0: apic clock running at 100MHz
mpbios0: bus 0 is type PCI
mpbios0: bus 1 is type PCI
mpbios0: bus 2 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 3, 24 pins
pcibios0 at bios0: rev 2.1 @ 0xf/0xdc84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbb0/208 (11 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 9 10 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xfe00 0xd/0x5000!
cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100f1308000f13
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1501 MHz: speeds: 1500, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00
viaagp0 at pchb0: v3
agp0 at viaagp0: aperture at 0xe800, size 0x1000
pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci_intr_map: bus 0 dev 1 func 0 pin 1; line 10
pci_intr_map: no MP mapping found
pci_intr_map: bus 0 dev 1 func 0 pin 2; line 11
pci_intr_map: no MP mapping found
pci_intr_map: bus 0 dev 1 func 0 pin 3; line 9
pci_intr_map: no MP mapping found
pci_intr_map: bus 0 dev 1 func 0 pin 4; line 5
pci_intr_map: no MP mapping found
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 8 function 0 "D-Link DGE-530T A1" rev 0x11, Yukon 
(0x1): apic 2 int 17

sk0 at skc0 port A: address 00:0d:88:c8:2b:c8
eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 3
"VIA VT6306 FireWire" rev 0x80 at pci0 dev 10 function 0 not configured
re0 at pci0 dev 11 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SCd 
(0x1800), apic 2 int 19, address 00:30:18:a8:10:76

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using apic 2 int 20 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA48, 15272MB, 31277232 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 
5/cdrom removable

cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev