mention rpki-client(8) on openbgpd/index.html

2022-01-27 Thread Daniel Jakots 
Hi,

I think rpki-client is now an important piece of the DFZ, so it makes
sense to mention it.

Comments? OK?

BTW there's no mention of eigrpd, should we add it? Or there's no need
to list them all?

Cheers,
Daniel

Index: index.html
===
RCS file: /cvs/www/openbgpd/index.html,v
retrieving revision 1.61
diff -u -p -r1.61 index.html
--- index.html  5 Nov 2021 00:38:58 -   1.61
+++ index.html  27 Jan 2022 23:41:09 -
@@ -64,6 +64,8 @@ OpenBGPD's companions,
 add support for the respective protocols.
 https://man.openbsd.org/ldpd;>ldpd(8) and
 https://man.openbsd.org/mpe;>mpe(4) add MPLS support.
+https://man.openbsd.org/rpki-client;>rpki-client(8) facilitates
+validation of the Route Origin of a BGP announcement.
 
 
 OpenBGPD is primarily developed by Henning Brauer, Peter Hessler, and

Re: [Patch] - Add -u (update packages) to sysupgrade(8)

2021-08-27 Thread Daniel Jakots 
On Fri, 27 Aug 2021 20:17:51 -0500, Aaron Poffenberger
 wrote:

> + ${PKGS} && echo "pkg_add -Iu" >> /etc/rc.firsttime

I don't think this addition is worth it, but anyway this won't work for
people running -current when it's release time and the release isn't
available yet (-Dsnap).

Cheers,
Daniel

Re: wg(4) ipv6 ospf6d

2021-08-25 Thread Daniel Jakots 
On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson
 wrote:

> If I manually configure a link-local the interface is successfully
> added.
> 
> Anyone have an idea what the behaviour should be here? For passive
> would it make sense to accept an interface without link-local?

I discussed about that with remi@ a few months ago when I considered
using ospf6d, as I had the same cryptic error than you give. I was told:

> ospf6d can not work without a link-local address on the interface.
> RFC 5340 mandates the use of link-local addresses in section 2.5.

And here's a link to the mentioned section:
https://datatracker.ietf.org/doc/html/rfc5340#section-2.5

Cheers,
Daniel

highest/lowest weight in bgpd man pages

2021-04-03 Thread Daniel Jakots 
Hi,

I was reading bgpd.conf(5) on how to set the weight. It says:

> For prefixes with equally long paths, the prefix with the larger
> weight is selected.

However, in bgpd(8), it says:

> 8.  The path with the lowest local weight is selected.

I went to read rde_decide.c to find which is right, prefix_cmp()
comment says

> Returns an integer greater than or less than 0, according to
> whether the prefix p1 is more or less preferred than the prefix p2

and the code is

if (asp1->weight > asp2->weight)
return 1;


Comments? OK?

Index: bgpd.8
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.8,v
retrieving revision 1.64
diff -u -p -r1.64 bgpd.8
--- bgpd.8  16 Feb 2021 08:29:16 -  1.64
+++ bgpd.8  4 Apr 2021 02:38:17 -
@@ -90,7 +90,7 @@ Comparison of the BGP session type.
 Paths learned over an external (EBGP) session are preferred over those
 learned via an internal (IBGP) session.
 .It
-The path with the lowest local
+The path with the highest local
 .Em weight
 is selected.
 .It



Cheers,
Daniel

Re: fix ospf6d.conf example

2021-03-26 Thread Daniel Jakots 
On Fri, 26 Mar 2021 09:36:13 +0100, Remi Locherer
 wrote:

> Hi,
> 
> danj@ noticed that our ospf6d.conf example is using multiple areas.
> In the man page of ospf6d we state that multi area support is not
> available. The daemon accepts such a config but does not do the right
> thing if I remember correctly.
> 
> OK to change the example to use just one area?

ok danj@

Re: distrib: make rdsetroot -x to work again

2021-02-14 Thread Daniel Jakots 
On Sun, 14 Feb 2021 15:23:05 +0100, Sebastien Marie 
wrote:

> Hi,
> 
> The following diff makes rdsetroot -x (extract the disk.fs image) to
> work again for stripped bsd.rd.
>
> It passes options to keep rd_root_size and rd_root_image symbols while
> stripping. These symbols are the ones used by rdsetroot to insert or
> extract disk image into RAMDISK.
> 
> If it matter, on my i386 test, the bsd.rd size grows to 284 bytes
> before gzip and 113 bytes after gzip.
> 
> While here, uniformize a bit the sections removed (.comment section
> wasn't removed on some archs while stripping).
> 
> Comments or OK ?

In the alpha diff, I would put the "-R .eh_frame -R .shstrtab \" line
before the -K line so the -R things are grouped together.

Anyway, ok danj@

Cheers,
Daniel

Mention cvschroot in anoncvs.html

2021-02-08 Thread Daniel Jakots 
Hi,

My usual mirror died apparently. stsp kindly pointed out the cvschroot
in cvsutils package to switch to a new mirror. Here's a diff to add
this where I looked at how to do it.

Comments? OK?


Index: anoncvs.html
===
RCS file: /cvs/www/anoncvs.html,v
retrieving revision 1.512
diff -u -p -r1.512 anoncvs.html
--- anoncvs.html18 Oct 2020 02:37:42 -  1.512
+++ anoncvs.html8 Feb 2021 22:34:46 -
@@ -202,6 +202,9 @@ $ cd /usr/src
 $ cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd
 
 
+
+If you want to switch to a new server, you can use cvschroot from the cvsutils 
package.
+
 Getting the ports and xenocara trees

bgpd.8 control socket path

2021-01-31 Thread Daniel Jakots 
Hi,

Since
https://github.com/openbsd/src/commit/8d7b500c2ac3625a5b524c5e150619612af2dd36,
the control socket path is not exactly correct in bgpd.8.

Here's a diff to be precise. I took the wording from bgpd.conf.5.

Cheers,
Daniel


Index: bgpd.8
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.8,v
retrieving revision 1.62
diff -u -p -r1.62 bgpd.8
--- bgpd.8  10 Nov 2019 20:51:53 -  1.62
+++ bgpd.8  31 Jan 2021 16:40:18 -
@@ -210,10 +210,14 @@ Produce more verbose output.
 default
 .Nm
 configuration file
-.It Pa /var/run/bgpd.sock
+.It Pa /var/run/bgpd.sock.
 default
 .Nm
-control socket
+control socket, where
+.Ar 
+is the routing domain in which
+.Nm
+has been started.
 .El
 .Sh SEE ALSO
 .Xr bgpd.conf 5 ,

Re: Make df output more human friendly in daily(8)

2020-10-03 Thread Daniel Jakots 
On Sat, 3 Oct 2020 13:53:13 +0100, Stuart Henderson
 wrote:

> > +next_part "Backing up filesystems with dump:"
> > +dump w | grep -vB1 ^Dump  
> 
> The "next_part" header text is wrong, it isn't doing a backup here,
> it's only reporting which need to be dumped.

Thanks! Here's a version with
+next_part "Filesystems which need to be dumped:"

Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   3 Oct 2020 21:13:25 -
@@ -136,21 +136,8 @@ done
 next_part "Services that should be running but aren't:"
 rcctl ls failed
 
-next_part "Checking subsystem status:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   echo ""
-   echo "disks:"
-   df -ikl
-   echo ""
-   dump W
-else
-   dump w | grep -vB1 ^Dump
-fi
-
-next_part "network:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   netstat -ivn
-fi
+next_part "Filesystems which need to be dumped:"
+dump w | grep -vB1 ^Dump
 
 next_part "Running calendar in the background:"
 if [ "X$CALENDAR" != X0 -a \
Index: share/man/man8/daily.8
===
RCS file: /cvs/src/share/man/man8/daily.8,v
retrieving revision 1.28
diff -u -p -r1.28 daily.8
--- share/man/man8/daily.8  26 Jul 2020 13:27:24 -  1.28
+++ share/man/man8/daily.8  3 Oct 2020 21:13:25 -
@@ -114,15 +114,9 @@ Lists any daemons which are enabled in
 .Xr rc.conf.local 8
 but which are not actually running.
 .It
-Checks disk status.
-Reports on the amount of disk used/available via
-.Xr df 1 .
 Reports on which file systems need to be dumped via
 .Xr dump 8 .
 .It
-Reports networking statistics via
-.Xr netstat 1 .
-.It
 Runs the
 .Xr calendar 1
 utility unless the environment variable
@@ -205,15 +199,6 @@ If set to 1, run
 with the no-write flag.
 .It Ev ROOTBACKUP
 If set to 1, make a backup of the root file system.
-.It Ev VERBOSESTATUS
-If set to 0,
-.Xr df 1 ,
-.Xr dump 8 ,
-and
-.Xr netstat 1
-are skipped.
-Consequently, if none of the other commands produce any output,
-no mail will be sent to root.
 .El
 .Pp
 The following variables can be set in
@@ -250,9 +235,7 @@ Root
 .Sh SEE ALSO
 .Xr calendar 1 ,
 .Xr crontab 1 ,
-.Xr df 1 ,
 .Xr locate 1 ,
-.Xr netstat 1 ,
 .Xr rdist 1 ,
 .Xr whatis 1 ,
 .Xr crontab 5 ,
Index: share/man/man8/afterboot.8
===
RCS file: /cvs/src/share/man/man8/afterboot.8,v
retrieving revision 1.165
diff -u -p -r1.165 afterboot.8
--- share/man/man8/afterboot.8  9 Feb 2020 16:36:02 -
1.165 +++ share/man/man8/afterboot.83 Oct 2020 21:13:25 -
@@ -458,8 +458,6 @@ to understand what the periodic system m
 how to customize them:
 For example, to enable
 .Ev ROOTBACKUP
-or to disable
-.Ev VERBOSESTATUS ,
 or to add local maintenance code to
 .Pa /etc/daily.local , /etc/weekly.local ,
 or

Re: Make df output more human friendly in daily(8)

2020-10-03 Thread Daniel Jakots 
On Sat, 3 Oct 2020 08:00:44 +0200, Ingo Schwarze 
wrote:

> But this needs to remain:
> 
> > -Reports on which file systems need to be dumped via
> > -.Xr dump 8 .
> > -.It  

Indeed, I wrongly assumed that the other dump call was silent. Here's
the updated diff:


Index: share/man/man8/daily.8
===
RCS file: /cvs/src/share/man/man8/daily.8,v
retrieving revision 1.28
diff -u -p -r1.28 daily.8
--- share/man/man8/daily.8  26 Jul 2020 13:27:24 -  1.28
+++ share/man/man8/daily.8  3 Oct 2020 12:40:12 -
@@ -114,15 +114,9 @@ Lists any daemons which are enabled in
 .Xr rc.conf.local 8
 but which are not actually running.
 .It
-Checks disk status.
-Reports on the amount of disk used/available via
-.Xr df 1 .
 Reports on which file systems need to be dumped via
 .Xr dump 8 .
 .It
-Reports networking statistics via
-.Xr netstat 1 .
-.It
 Runs the
 .Xr calendar 1
 utility unless the environment variable
@@ -205,15 +199,6 @@ If set to 1, run
 with the no-write flag.
 .It Ev ROOTBACKUP
 If set to 1, make a backup of the root file system.
-.It Ev VERBOSESTATUS
-If set to 0,
-.Xr df 1 ,
-.Xr dump 8 ,
-and
-.Xr netstat 1
-are skipped.
-Consequently, if none of the other commands produce any output,
-no mail will be sent to root.
 .El
 .Pp
 The following variables can be set in
@@ -250,9 +235,7 @@ Root
 .Sh SEE ALSO
 .Xr calendar 1 ,
 .Xr crontab 1 ,
-.Xr df 1 ,
 .Xr locate 1 ,
-.Xr netstat 1 ,
 .Xr rdist 1 ,
 .Xr whatis 1 ,
 .Xr crontab 5 ,
Index: share/man/man8/afterboot.8
===
RCS file: /cvs/src/share/man/man8/afterboot.8,v
retrieving revision 1.165
diff -u -p -r1.165 afterboot.8
--- share/man/man8/afterboot.8  9 Feb 2020 16:36:02 -
1.165 +++ share/man/man8/afterboot.83 Oct 2020 12:40:12 -
@@ -458,8 +458,6 @@ to understand what the periodic system m
 how to customize them:
 For example, to enable
 .Ev ROOTBACKUP
-or to disable
-.Ev VERBOSESTATUS ,
 or to add local maintenance code to
 .Pa /etc/daily.local , /etc/weekly.local ,
 or
Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   3 Oct 2020 12:40:12 -
@@ -136,21 +136,8 @@ done
 next_part "Services that should be running but aren't:"
 rcctl ls failed
 
-next_part "Checking subsystem status:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   echo ""
-   echo "disks:"
-   df -ikl
-   echo ""
-   dump W
-else
-   dump w | grep -vB1 ^Dump
-fi
-
-next_part "network:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   netstat -ivn
-fi
+next_part "Backing up filesystems with dump:"
+dump w | grep -vB1 ^Dump
 
 next_part "Running calendar in the background:"
 if [ "X$CALENDAR" != X0 -a \

Re: Make df output more human friendly in daily(8)

2020-10-02 Thread Daniel Jakots 
On Fri, 2 Oct 2020 22:47:43 +0200, Klemens Nanni  wrote:

> That is OK with me, but you need to remove all mentions:
> 
>   $ man -k any=VERBOSESTATUS
>   afterboot(8) - things to check after the first complete boot
>   daily, monthly, weekly(8) - periodic system maintenance

Indeed, thanks!

Here's the afterboot.8 diff:

Index: share/man/man8/afterboot.8
===
RCS file: /cvs/src/share/man/man8/afterboot.8,v
retrieving revision 1.165
diff -u -p -r1.165 afterboot.8
--- share/man/man8/afterboot.8  9 Feb 2020 16:36:02 -   1.165
+++ share/man/man8/afterboot.8  2 Oct 2020 21:00:24 -
@@ -458,8 +458,6 @@ to understand what the periodic system m
 how to customize them:
 For example, to enable
 .Ev ROOTBACKUP
-or to disable
-.Ev VERBOSESTATUS ,
 or to add local maintenance code to
 .Pa /etc/daily.local , /etc/weekly.local ,
 or

Re: Make df output more human friendly in daily(8)

2020-10-02 Thread Daniel Jakots 
On Fri, 2 Oct 2020 21:04:20 +0200, Ingo Schwarze 
wrote:

> I certainly like this, and it works for me.
> 
> But i think a change like this would need more than one OK,
> and you should wait some days such that developers can raise
> objections.

Yes, of course.

> Just in case you get sufficient OKs and there are no serious
> objections, see below for two suggested tweaks.

Thanks for the help!

Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   2 Oct 2020 19:34:47 -
@@ -136,21 +136,8 @@ done
 next_part "Services that should be running but aren't:"
 rcctl ls failed
 
-next_part "Checking subsystem status:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   echo ""
-   echo "disks:"
-   df -ikl
-   echo ""
-   dump W
-else
-   dump w | grep -vB1 ^Dump
-fi
-
-next_part "network:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   netstat -ivn
-fi
+next_part "Backing up filesystems with dump:"
+dump w | grep -vB1 ^Dump
 
 next_part "Running calendar in the background:"
 if [ "X$CALENDAR" != X0 -a \
Index: share/man/man8/daily.8
===
RCS file: /cvs/src/share/man/man8/daily.8,v
retrieving revision 1.28
diff -u -p -r1.28 daily.8
--- share/man/man8/daily.8  26 Jul 2020 13:27:24 -  1.28
+++ share/man/man8/daily.8  2 Oct 2020 19:34:47 -
@@ -114,15 +114,6 @@ Lists any daemons which are enabled in
 .Xr rc.conf.local 8
 but which are not actually running.
 .It
-Checks disk status.
-Reports on the amount of disk used/available via
-.Xr df 1 .
-Reports on which file systems need to be dumped via
-.Xr dump 8 .
-.It
-Reports networking statistics via
-.Xr netstat 1 .
-.It
 Runs the
 .Xr calendar 1
 utility unless the environment variable
@@ -205,15 +196,6 @@ If set to 1, run
 with the no-write flag.
 .It Ev ROOTBACKUP
 If set to 1, make a backup of the root file system.
-.It Ev VERBOSESTATUS
-If set to 0,
-.Xr df 1 ,
-.Xr dump 8 ,
-and
-.Xr netstat 1
-are skipped.
-Consequently, if none of the other commands produce any output,
-no mail will be sent to root.
 .El
 .Pp
 The following variables can be set in
@@ -250,9 +232,7 @@ Root
 .Sh SEE ALSO
 .Xr calendar 1 ,
 .Xr crontab 1 ,
-.Xr df 1 ,
 .Xr locate 1 ,
-.Xr netstat 1 ,
 .Xr rdist 1 ,
 .Xr whatis 1 ,
 .Xr crontab 5 ,

Re: Make df output more human friendly in daily(8)

2020-10-02 Thread Daniel Jakots 
On Fri, 2 Oct 2020 19:55:53 +0200, Ingo Schwarze 
wrote:

> Hi,
> 
> Daniel Jakots wrote on Thu, Oct 01, 2020 at 10:32:31PM -0400:
> 
> > Currently daily(8) runs `df -ikl`.  
> 
> By default, it does not.  It only does that if you set VERBOSESTATUS.

Are you sure? It looks like it does not, *if* you set VERBOSESTATUS to
0. (And that's what daily(8) says as well).

> I would prefer deleting the VERBOSESTATUS parts completely,
> strictly enforcing the principle "daily(8) only produces output
> when something unexpected happens", and tell people to use
> daily.local(8) if they want to run df or netstat.  The code
> for those two parts is totally trivial and riddled with
> choices that look like personal preferences, like the one
> you suggest to change.

I agree, that would a better change indeed. I think I'll fix my
problem by setting VERBOSESTATUS to 0 and add what I want to my
daily.local.

> I dimly remember that some developers wanted to keep VERBOSESTATUS,
> though (i might misremember), so we'll probably keep it.  If we
> keep it, i absolutely don't care what it does.  So i'll neither OK
> this nor object to it.

Anyone cares about this one way or the other? Here's a diff for it. (If
we want to go this way, I'll craft a diff for current.html as well).


Index: ./share/man/man8/daily.8
===
RCS file: /cvs/src/share/man/man8/daily.8,v
retrieving revision 1.28
diff -u -p -r1.28 daily.8
--- ./share/man/man8/daily.826 Jul 2020 13:27:24 -
1.28 +++ ./share/man/man8/daily.8   2 Oct 2020 18:12:39 -
@@ -205,15 +205,6 @@ If set to 1, run
 with the no-write flag.
 .It Ev ROOTBACKUP
 If set to 1, make a backup of the root file system.
-.It Ev VERBOSESTATUS
-If set to 0,
-.Xr df 1 ,
-.Xr dump 8 ,
-and
-.Xr netstat 1
-are skipped.
-Consequently, if none of the other commands produce any output,
-no mail will be sent to root.
 .El
 .Pp
 The following variables can be set in
Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   2 Oct 2020 18:12:39 -
@@ -137,20 +137,7 @@ next_part "Services that should be runni
 rcctl ls failed
 
 next_part "Checking subsystem status:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   echo ""
-   echo "disks:"
-   df -ikl
-   echo ""
-   dump W
-else
-   dump w | grep -vB1 ^Dump
-fi
-
-next_part "network:"
-if [ "X$VERBOSESTATUS" != X0 ]; then
-   netstat -ivn
-fi
+dump w | grep -vB1 ^Dump
 
 next_part "Running calendar in the background:"
 if [ "X$CALENDAR" != X0 -a \

Make df output more human friendly in daily(8)

2020-10-01 Thread Daniel Jakots 
Hi,

Currently daily(8) runs `df -ikl`. I find reading daily(8) emails hard
because in today's disk size, kilobyte counts are not sensible. I'd
like to replace -k by -h so the output is more human friendly. I doubt
anyone parses daily(8) so this shouldn't break anyone setup.

It seems that historically it was `df -k`, back when it was imported
from NetBSD in October 95. On the other hand, df's -h was added only in
April 97.


Comments? OK?

Cheers,
Daniel


Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   2 Oct 2020 02:17:33 -
@@ -140,7 +140,7 @@ next_part "Checking subsystem status:"
 if [ "X$VERBOSESTATUS" != X0 ]; then
echo ""
echo "disks:"
-   df -ikl
+   df -hil
echo ""
dump W
 else

bioctl: Allow passphrase files to be chmod 400

2020-06-01 Thread Daniel Jakots 
Hi,

To be sure I don't accidentally overwrite the passphrase files, I'd
like to make them read only. The current code expects them to be
readable and writable. I took the new code from ssh (sshkey_perm_ok
function).

While there, I changed the error message (also based on ssh) so the
user has a better idea of what the program wants.

Index: bioctl.c
===
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.144
diff -u -p -r1.144 bioctl.c
--- bioctl.c25 Apr 2020 14:37:43 -  1.144
+++ bioctl.c1 Jun 2020 22:10:31 -
@@ -1328,8 +1328,8 @@ derive_key(u_int32_t type, int rounds, u
err(1, "can't stat passphrase file");
if (sb.st_uid != 0)
errx(1, "passphrase file must be owned by root");
-   if ((sb.st_mode & ~S_IFMT) != (S_IRUSR | S_IWUSR))
-   errx(1, "passphrase file has the wrong permissions");
+   if ((sb.st_mode & 077) != 0)
+   errx(1, "passphrase file must not be accessible by 
others");
 
if (fgets(passphrase, sizeof(passphrase), f) == NULL)
err(1, "can't read passphrase file");


Cheers,
Daniel

Re: Remove useless line from daemon class in login.conf

2020-05-23 Thread Daniel Jakots 
On Sat, 23 May 2020 22:08:11 +0100, Stuart Henderson
 wrote:

> I think bumping the minimum to 2^9 would be reasonable, there's a more
> noticeable delay on some machines but I think that's fair enough (any
> cracking is likely to be done on a fast machine, and the user can
> force it lower themselves if they want to take the risk).

I think it's a good move.

Isn't this is needed as well then?

Index: cryptutil.c
===
RCS file: /cvs/src/lib/libc/crypt/cryptutil.c,v
retrieving revision 1.12
diff -u -p -r1.12 cryptutil.c
--- cryptutil.c 13 Sep 2015 15:33:48 -  1.12
+++ cryptutil.c 24 May 2020 01:57:39 -
@@ -54,7 +54,7 @@ int
 crypt_newhash(const char *pass, const char *pref, char *hash, size_t
hashlen) {
int rv = -1;
-   const char *defaultpref = "blowfish,8";
+   const char *defaultpref = "blowfish,9";
const char *errstr;
const char *choices[] = { "blowfish", "bcrypt" };
size_t maxchoice = sizeof(choices) / sizeof(choices[0]);


Cheers,
Daniel

Remove useless line from daemon class in login.conf

2020-05-22 Thread Daniel Jakots 
Hi,

We used to have different numbers of blowfish rounds between the
default and daemon classes in login.conf. On Jun 26, 2016, tedu
committed "upgrade selected login.conf to use auto rounds for bcrypt"
for amd64, sparc64, i386, and maccpc [1].

Since the class daemon inherits from the default class, the 
:localcipher=blowfish,a:\
is a duplicate.

Here's a diff to remove them.

Cheers,
Daniel

[1]: 
https://github.com/openbsd/src/commit/69b58a8d03f019fa368cc0ddb22481f4f3f36671

Index: etc.amd64/login.conf
===
RCS file: /cvs/src/etc/etc.amd64/login.conf,v
retrieving revision 1.14
diff -u -p -r1.14 login.conf
--- etc.amd64/login.conf11 Mar 2020 15:41:48 -  1.14
+++ etc.amd64/login.conf22 May 2020 20:57:14 -
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
-   :localcipher=blowfish,a:\
:tc=default:
 
 #
Index: etc.i386/login.conf
===
RCS file: /cvs/src/etc/etc.i386/login.conf,v
retrieving revision 1.9
diff -u -p -r1.9 login.conf
--- etc.i386/login.conf 5 Nov 2019 19:03:46 -   1.9
+++ etc.i386/login.conf 22 May 2020 20:57:14 -
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
-   :localcipher=blowfish,a:\
:tc=default:
 
 #
Index: etc.macppc/login.conf
===
RCS file: /cvs/src/etc/etc.macppc/login.conf,v
retrieving revision 1.12
diff -u -p -r1.12 login.conf
--- etc.macppc/login.conf   12 Mar 2020 15:32:22 -  1.12
+++ etc.macppc/login.conf   22 May 2020 20:57:14 -
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
-   :localcipher=blowfish,a:\
:tc=default:
 
 #
Index: etc.sparc64/login.conf
===
RCS file: /cvs/src/etc/etc.sparc64/login.conf,v
retrieving revision 1.12
diff -u -p -r1.12 login.conf
--- etc.sparc64/login.conf  5 Nov 2019 19:03:47 -   1.12
+++ etc.sparc64/login.conf  22 May 2020 20:57:14 -
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
-   :localcipher=blowfish,a:\
:tc=default:
 
 #

Re: Teach du(1) the -m flag, disk usage in megabytes

2020-01-27 Thread Daniel Jakots 
On Mon, 27 Jan 2020 10:33:49 -0700, Todd C. Miller
 wrote:

> For example, I often do:
> 
> du -sk * | sort -rn | head
> 
> to see the largest disk users.
> 
> However, output in kilobytes is less useful than it used to be due
> to larger files now being common.

Can't you achieve what you want with `du -sh * | sort -h`? du(1)'s -h
options will automatically select the best suffix and sort(1)'s -h
will sort first using the suffix then the numerical value.

Also if you don't sort -r, you don't need to `| head`.

Cheers,
Daniel

Re: attention please: host's IP stack behavior got changed slightly

2019-12-19 Thread Daniel Jakots 
On Mon, 16 Dec 2019 14:13:50 +0100, Alexander Bluhm
 wrote:

> Daniel, is your sshd bound to a * or to a 127.0.0.1 socket?

According to fstat, it's *:22

> If it
> is a * socket, does it work to redirect to the IP address of the
> incoming interface?

Yes it does.

Cheers,
Daniel

Re: attention please: host's IP stack behavior got changed slightly

2019-12-15 Thread Daniel Jakots 
On Sun, 15 Dec 2019 15:17:26 +0100, Alexandr Nedvedicky
 wrote:

> > Should the rdr-to rule still work? I fixed it with using the "Port
> > foo" directive in my sshd config (and a simple "pass in to port
> > foo") in the meantime.  
> 
> My earlier indeed change omits your usecase. The rdr rule should
> still work. Patch below should fix it. The idea is to check whether
> the packet got NATed to loopback. We let packet in, if it got changed
> by PF.

That makes sense. I confirm your diff makes rdr-to 127.0.0.1 work
again, thanks!

> OK ?

ok danj@


Cheers,
Daniel

Re: attention please: host's IP stack behavior got changed slightly

2019-12-14 Thread Daniel Jakots 
Hello sashan,

On Sun, 8 Dec 2019 12:42:13 +0100, Alexandr Nedvedicky
 wrote:

> It is understood the behavior, which has been settled in IP stack
> since 80's, got changed. tech@openbsd.org (or b...@openbsd.org) wants
> to hear back from you, if this change breaks your existing set up.

My sshd doesn't listen on port 22 but I was too lazy to change it in my
sshd config so I have a rule

pass in [...] rdr-to 127.0.0.1 port ssh [...]

which now increases the "packets received on wrong interface" counter :)

I quickly tried to change 127.0.0.1 with "(self)" but it didn't help.


Should the rdr-to rule still work? I fixed it with using the "Port foo"
directive in my sshd config (and a simple "pass in to port foo") in the
meantime.

Cheers,
Daniel

Re: OpenSSH U2F/FIDO support in base

2019-11-20 Thread Daniel Jakots 
On Fri, 15 Nov 2019 08:45:23 +1100 (AEDT), Damien Miller
 wrote:

> Please test this thoroughly - it's a big change that we want to have
> stable before the next release.

Tested with a Solo key. Initially it had the firmware 2.0.0 and it
didn't work but updating to 3.0.0 made it work.

Cheers,
Daniel

register DoT in /etc/services?

2019-01-27 Thread Daniel Jakots 
Hi,

I know all the limitations with adding new stuff to services(5) but now
that a base software (unwind) implements DoT, would it make sense to
add it to services(5)?

Regarding the comments, I went with the wording from the iana website.


Cheers,
Daniel

Index: services
===
RCS file: /cvs/src/etc/services,v
retrieving revision 1.95
diff -u -p -r1.95 services
--- services3 Jul 2018 23:52:27 -   1.95
+++ services27 Jan 2019 13:50:35 -
@@ -179,6 +179,8 @@ silc706/tcp # 
Secure Live Internet 
 silc   706/udp
 kerberos-adm   749/tcp # Kerberos 5 kadmin
 kerberos-adm   749/udp # Kerberos 5 kadmin
+domain-s   853/tcp # DNS query-response protocol 
run over TLS/DTLS
+domain-s   853/udp # DNS query-response protocol 
run over TLS/DTLS
 rsync  873/tcp # rsync server
 cddb   888/tcp cddbp   # Audio CD Database
 imaps  993/tcp # imap4 protocol over TLS/SSL

Re: change nc(1) port range delimiter

2018-12-25 Thread Daniel Jakots 
On Sat, 22 Dec 2018 19:29:01 -0500, "Ted Unangst" 
wrote:

> Stuart Henderson wrote:
> > But I can't imagine scanning a range by name as being much used
> > (tcpmux-socks or something just doesn't make sense).
> > 
> > What I think would be least disruptive is to continue to allow -
> > where the rest of the parameter is numeric. For alphabetic
> > parameters try parsing the whole word as a service; use it if
> > valid. If not, *either* it could just error out (simple and
> > unambiguous) *or* it could try parsing as a named range. But I
> > don't think you will hurt anyone by just erroring out in that
> > case.  
> 
> This is my attempt at that.

I think it is the most sensible approach. Because otherwise someone will
probably complain that they tried `nc -z ms-sql-s-ms-sql-m` and it
didn't work.

I didn't want to manually test all the diffs for all the cases so I
wrote a regress test.
The tests listen on
ms-sql-s1433/tcpMicrosoft-SQL-Server
ms-sql-m1434/tcpMicrosoft-SQL-Monitor
because I think it's unlikely someone runs that on the machine where
the regress tests run and there's plenty of dash for testing.


I tried all the diff—genuine being nc without any patch and the one
called "sthedu" is the one tedu made based on the suggestion from
sthen ;).

The results are:
testing patch from genuine
# nc is /usr/src/usr.bin/nc/nc-genuine
FAILED: test number 2 with ms-sql-s with norange
FAILED: test number 2 with ms-sql-m with norange
FAILED: test number 4 with ms-sql-s with range-dash
FAILED: test number 4 with ms-sql-m with range-dash
FAILED: test number 5 with 1433 with range-colon
FAILED: test number 5 with 1434 with range-colon
FAILED: test number 6 with ms-sql-s with range-colon
FAILED: test number 6 with ms-sql-m with range-colon
*** Error 1 in /usr/src/regress/usr.bin/nc (Makefile:6 'regress': env 
NC=/usr/src/usr.bin/nc/nc-genuine sh /usr/src/regress/usr.bin/nc/regre...)

testing patch from jca
# nc is /usr/src/usr.bin/nc/nc-jca
FAILED: test number 4 with ms-sql-s with range-dash
FAILED: test number 4 with ms-sql-m with range-dash
*** Error 1 in /usr/src/regress/usr.bin/nc (Makefile:6 'regress': env 
NC=/usr/src/usr.bin/nc/nc-jca sh /usr/src/regress/usr.bin/nc/regress.s...)

testing patch from tedu
# nc is /usr/src/usr.bin/nc/nc-tedu
FAILED: test number 4 with ms-sql-s with range-dash
FAILED: test number 4 with ms-sql-m with range-dash
*** Error 1 in /usr/src/regress/usr.bin/nc (Makefile:6 'regress': env 
NC=/usr/src/usr.bin/nc/nc-tedu sh /usr/src/regress/usr.bin/nc/regress)

testing patch from sthedu
# nc is /usr/src/usr.bin/nc/nc-sthedu
FAILED: test number 4 with ms-sql-s with range-dash
FAILED: test number 4 with ms-sql-m with range-dash
FAILED: test number 5 with 1433 with range-colon
FAILED: test number 5 with 1434 with range-colon
FAILED: test number 6 with ms-sql-s with range-colon
FAILED: test number 6 with ms-sql-m with range-colon
*** Error 1 in /usr/src/regress/usr.bin/nc (Makefile:6 'regress': env 
NC=/usr/src/usr.bin/nc/nc-sthedu sh /usr/src/regress/usr.bin/nc/regres...)


Diff for the regress tests inline or you can fetch the directory from
https://chown.me/iota/nc.tgz

jca told me running the regress tests multiple times lead to different
results (it should not) but I haven't been able to reproduce it.


Cheers,
Daniel


Index: nc/Makefile
===
RCS file: nc/Makefile
diff -N nc/Makefile
--- /dev/null   1 Jan 1970 00:00:00 -
+++ nc/Makefile 25 Dec 2018 18:25:22 -
@@ -0,0 +1,8 @@
+# $OpenBSD$
+
+NC?=nc
+
+regress:
+   env NC=${NC} sh ${.CURDIR}/regress.sh
+
+.include 
Index: nc/regress.sh
===
RCS file: nc/regress.sh
diff -N nc/regress.sh
--- /dev/null   1 Jan 1970 00:00:00 -
+++ nc/regress.sh   25 Dec 2018 18:25:22 -
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+ret=0
+NC=${NC-nc}
+echo "# nc is ${NC}"
+
+# ms-sql-s1433/tcpMicrosoft-SQL-Server
+# ms-sql-m1434/tcpMicrosoft-SQL-Monitor
+
+clean(){
+   if [ "${2}" = "numerals" ]; then
+   ports[0]=1433
+   ports[1]=1434
+   fi
+   if [ "${2}" = "names" ]; then
+   ports[0]=ms-sql-s
+   ports[1]=ms-sql-m
+   fi
+   for port in "${ports[@]}"; do
+   # if pkill found a nc process, that's not good
+   pkill -xf "${NC} -l ${port}"
+   if [ $? -ne 1 ]; then
+   echo "FAILED: test number ${1} with ${port} with ${3}"
+   ret=1
+   fi
+   done
+}
+
+listen(){
+   ${NC} -l "${1}" &
+}
+
+connect(){
+   ${NC} -z localhost "${1}" 2> /dev/null
+}
+
+# test 1: ports through numbers and without range
+listen 1433
+listen 1434
+connect 1433
+connect 1434
+clean 1 numerals norange
+
+# test 2: ports through names and without range
+listen ms-sql-s
+listen ms-sql-m
+connect ms-sql-s
+connect

change nc(1) port range delimiter

2018-12-22 Thread Daniel Jakots 
Hi,

With nc(1) you can do:
nc -zv example.com 80
or
nc -zv example.com http
which does the same. This works well unless the service name has a dash:
$ nc -zv example.com syslog-tls
nc: service "tls" unknown

This is because nc(1) is able to do some port scanning and the
delimiter used for the range is the dash. When it sees a dash, it
thinks it's a port range.

nc(1) is not the only software that takes an input that can be a port,
a range or a service name: pf is in this case too. In pf the delimiter
used is ":" so this works fine.

Here's a diff that change the delimiter to ":". This breaks existing
scripts but it would make the syntax like pf.conf instead of using
another symbol for a port range.

If you have a better idea how to solve this problem, please share!


Cheers,
Daniel


Index: nc.1
===
RCS file: /cvs/src/usr.bin/nc/nc.1,v
retrieving revision 1.91
diff -u -p -r1.91 nc.1
--- nc.125 Sep 2018 20:05:07 -  1.91
+++ nc.122 Dec 2018 21:21:40 -
@@ -393,7 +393,7 @@ option is given).
 .Ar port
 can be a specified as a numeric port number, or as a service name.
 Ports may be specified in a range of the form
-.Ar nn Ns - Ns Ar mm .
+.Ar nn : Ns Ar mm .
 In general,
 a destination port must be specified,
 unless the
@@ -491,12 +491,12 @@ to report open ports,
 rather than initiate a connection.
 For example:
 .Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc -z host.example.com 20:30
 Connection to host.example.com 22 port [tcp/ssh] succeeded!
 Connection to host.example.com 25 port [tcp/smtp] succeeded!
 .Ed
 .Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 : 30.
 .Pp
 Alternatively, it might be useful to know which server software
 is running, and which versions.
@@ -509,7 +509,7 @@ flag, or perhaps by issuing a
 .Qq Dv QUIT
 command to the server:
 .Bd -literal -offset indent
-$ echo "QUIT" | nc host.example.com 20-30
+$ echo "QUIT" | nc host.example.com 20:30
 SSH-1.99-OpenSSH_3.6.1p2
 Protocol mismatch.
 220 host.example.com IMS SMTP Receiver Version 0.84 Ready
Index: netcat.c
===
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.199
diff -u -p -r1.199 netcat.c
--- netcat.c29 Nov 2018 14:25:06 -  1.199
+++ netcat.c22 Dec 2018 21:21:40 -
@@ -1427,7 +1427,7 @@ build_ports(char *p)
int hi, lo, cp;
int x = 0;
 
-   if ((n = strchr(p, '-')) != NULL) {
+   if ((n = strchr(p, ':')) != NULL) {
*n = '\0';
n++;

Re: opensmtpd faq commands

2017-01-30 Thread Daniel Jakots 
On Mon, 30 Jan 2017 18:38:12 -0500, Daniel Jakots <danj+o...@chown.me>
wrote:

> Hi,
> 
> When following the example from the OpenSMTPD faq [0], first thing is
> to create a new user with:
> 
> useradd -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
> 
> which raises
>   warnx("Warning: home directory `%s' doesn't exist, and -m was"
>   " not specified", home);
> 
> I don't think giving a command that produces a warning is a good thing
> in an official documentation. Also solving this problem make other
> commands useless so it's a bit shorter.
> 
> [0]: https://opensmtpd.org/faq/example1.html

While checking that my diff wasn't mangled, I noticed that it doesn't
follow html syntax from OpenBSD faq, so let's be consistent:

Index: opensmtpd/faq/example1.html
===
RCS file: /cvs/www/opensmtpd/faq/example1.html,v
retrieving revision 1.12
diff -u -p -r1.12 example1.html
--- opensmtpd/faq/example1.html 31 Oct 2016 20:52:22 -  1.12
+++ opensmtpd/faq/example1.html 30 Jan 2017 23:58:39 -
@@ -90,9 +90,7 @@ virtual users.
 This user needs to be created:
 
 
-# useradd -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin 
vmail
-# mkdir /var/vmail
-# chown vmail:vmail /var/vmail
+# useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin 
vmail
 
 
 Afterwards, the /etc/passwd file will contain an entry like
@@ -199,9 +197,9 @@ maildir folder are mapped to the single 
 In this example, Dovecot is used as an IMAP server.
 
 
-# export 
PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a
-# pkg_add dovecot
-# rcctl enable dovecot
+# export PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a
+# pkg_add dovecot
+# rcctl enable dovecot
 
 
 Virtual users access and read their mails via IMAP.

opensmtpd faq commands

2017-01-30 Thread Daniel Jakots 
Hi,

When following the example from the OpenSMTPD faq [0], first thing is to
create a new user with:

useradd -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail

which raises
  warnx("Warning: home directory `%s' doesn't exist, and -m was"
  " not specified", home);

I don't think giving a command that produces a warning is a good thing
in an official documentation. Also solving this problem make other
commands useless so it's a bit shorter.

[0]: https://opensmtpd.org/faq/example1.html

Cheers,
Daniel

Index: opensmtpd/faq/example1.html
===
RCS file: /cvs/www/opensmtpd/faq/example1.html,v
retrieving revision 1.12
diff -u -p -r1.12 example1.html
--- opensmtpd/faq/example1.html 31 Oct 2016 20:52:22 -  1.12
+++ opensmtpd/faq/example1.html 30 Jan 2017 23:35:54 -
@@ -90,9 +90,7 @@ virtual users.
 This user needs to be created:
 
 
-# useradd -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin 
vmail
-# mkdir /var/vmail
-# chown vmail:vmail /var/vmail
+# useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin 
vmail
 
 
 Afterwards, the /etc/passwd file will contain an entry like

Re: man page fix: bioctl -d does not delete anything

2016-11-26 Thread Daniel Jakots 
On Sat, 26 Nov 2016 16:40:41 +0100, Stefan Sperling 
wrote:

> I think "delete" is too strong a word and confusing in the context
> of hard disks. What really happens is that the volume is "detached"
> and can be reattached later (either manually with bioctl(8), or it
> will auto-assemble).
>
> ok?

Yes please. Because of this wording, there is a sentence in the FAQ
(last line): https://www.openbsd.org/faq/faq14.html#softraidCrypto
 
> Index: bioctl.8
> ===
> RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
> retrieving revision 1.102
> diff -u -p -r1.102 bioctl.8
> --- bioctl.8  21 Sep 2016 17:57:33 -  1.102
> +++ bioctl.8  26 Nov 2016 15:37:06 -
> @@ -231,7 +231,7 @@ be provided via
>  RAID 5 requires at least three devices
>  and the CRYPTO discipline requires exactly one.
>  .It Fl d
> -Delete volume specified by device.
> +Detach volume specified by device.
>  .It Fl k Ar keydisk
>  Use special device
>  .Ar keydisk
> @@ -308,7 +308,7 @@ This can be done with the following comm
>  # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
>  .Ed
>  .Pp
> -Deleting a softraid volume requires the exact volume name.
> +Detaching a softraid volume requires the exact volume name.
>  For example:
>  .Bd -literal -offset 3n
>  # bioctl -d sd2
>

Re: FAQ entry for vmm

2016-10-19 Thread Daniel Jakots 
On Wed, 19 Oct 2016 17:09:20 +0100, Edd Barrett 
wrote:

> On Mon, Oct 17, 2016 at 05:28:38PM +0100, Edd Barrett wrote:
> > Thanks. The general consensus was to try to reduce this a lot before
> > commit though. I will probably only include the wireless setup in
> > the FAQ.  
> 
> Here is the reduced version. I also moved this into the networking
> section.

The second sentence in the FAQ is 'It covers the latest release of
OpenBSD.'. Maybe it would be worth adding a sentence about the fact
that it covers mainly current (as in -stable vmm is not enabled).

Cheers,
Daniel

man update after login.conf uses auto rounds

2016-08-19 Thread Daniel Jakots 
Hi,

In June tedu@ committed [0] a diff to move login.conf to use auto
rounds for bcrypt on amd64, sparc64, i386 and macppc.

Here's a diff to update the man pages. Currently the man pages are
outdated on these four architectures but I guess it's still right for
other (old) architectures. After this diff, man page on these four
architectures will be up to date, but on others it will be wrong (as
they're still using 8 rounds). Is it possible to have different man
pages for different architectures or am I missing something?


[0]: https://marc.info/?l=openbsd-cvs=146697318611223=2

Cheers,
Daniel

Index: passwd.1
===
RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
retrieving revision 1.44
diff -u -p -r1.44 passwd.1
--- passwd.126 Nov 2015 19:01:47 -  1.44
+++ passwd.119 Aug 2016 09:25:41 -
@@ -70,7 +70,8 @@ Password encryption parameters depend on
 .Dq localcipher
 capability in
 .Xr login.conf 5 .
-If none is specified, then blowfish with 8 rounds is used.
+If none is specified, then blowfish with an automatically selected
+number of rounds, based on system performance is used.
 .Sh FILES
 .Bl -tag -width /etc/master.passwd -compact
 .It Pa /etc/login.conf
Index: login.conf.5
===
RCS file: /cvs/src/share/man/man5/login.conf.5,v
retrieving revision 1.62
diff -u -p -r1.62 login.conf.5
--- login.conf.530 Mar 2016 06:58:06 -  1.62
+++ login.conf.519 Aug 2016 09:26:23 -
@@ -159,7 +159,7 @@ See
 .Xr login 1 .
 .\"
 .Pp
-.It localcipher Ta string Ta blowfish,8 Ta
+.It localcipher Ta string Ta blowfish,a Ta
 The cipher to use for encrypting passwords.
 Refer to
 .Xr crypt_newhash 3

Re: changelist: rm unbound/db/root.key

2016-04-20 Thread Daniel Jakots 
On Wed, 20 Apr 2016 09:21:16 +0100, Stuart Henderson
 wrote:

> This file changes twice a day if you're validating dnssec and
> it's pretty pointless to warn about in security(8).
> 
> OK?

Yes please.

Re: UPDATE: xkeyboard-config 2.12

2014-09-01 Thread Daniel Jakots 
On Mon, 1 Sep 2014 20:52:49 +0600, Alexandr Shadchin
alexandr.shadc...@gmail.com wrote:

 Hi,
 
 This diff updates xkeyboard-config to the latest release 2.12.
 Also includes diff from
 http://marc.info/?l=openbsd-techm=140750210214198w=2 Tested on
 amd64 and i386.
 
 Comments ? OK ?
 

Compiled on amd64 on my x201, it works fine and I can confirm
that the bug is fixed, thanks.

-- 
Daniel

reduce the number of missed PCB cache with tcpbench -su

2014-08-29 Thread Daniel Jakots 
Hi,

When running tcpbench -su, a lot of them are counted as missed PCB
cache.

I reboot the computer then netstat -sp udp gives

udp:
10 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
0 input packets software-checksummed
0 output packets software-checksummed
0 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
0 dropped due to missing IPsec protection
0 dropped due to full socket buffers
10 delivered
14 datagrams output
0 missed PCB cache

I run tcpbench -su and use a client and I netstat -sp udp again :

udp:
1086364 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
0 input packets software-checksummed
0 output packets software-checksummed
0 dropped due to no socket
3 broadcast/multicast datagrams dropped due to no socket
0 dropped due to missing IPsec protection
1201 dropped due to full socket buffers
1085160 delivered
14 datagrams output
1086351 missed PCB cache

After the bind(2), a PCB is created with a wildcard source address which
is not a direct match for incoming packets which means that we need to
perform a second lookup to find the listener PCB. And the connect(2)
creates a new PCB for this connection thus avoiding a second lookup.

Patch with (a lot of) help from mikeb@

Reboot the laptop and run the test again:

udp:
1074985 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
0 input packets software-checksummed
0 output packets software-checksummed
0 dropped due to no socket
1 broadcast/multicast datagram dropped due to no socket
0 dropped due to missing IPsec protection
1295 dropped due to full socket buffers
1073689 delivered
14 datagrams output
6 missed PCB cache

Index: tcpbench.c
===
RCS file: /cvs/src/usr.bin/tcpbench/tcpbench.c,v
retrieving revision 1.42
diff -u -p -r1.42 tcpbench.c
--- tcpbench.c  19 Aug 2014 03:28:53 -  1.42
+++ tcpbench.c  29 Aug 2014 14:22:35 -
@@ -610,8 +610,17 @@ udp_server_handle_sc(int fd, short event
 {
ssize_t n;
struct statctx *sc = v_sc;
+   struct sockaddr_storage ss;
+   socklen_t slen;
 
-   n = read(fd, ptb-dummybuf, ptb-dummybuf_len);
+   /* If this was our first packet, perform a connect */
+   if (mainstats.peak_mbps == 0) {
+   n = recvfrom(fd, ptb-dummybuf, ptb-dummybuf_len, 0,
+   (struct sockaddr *)ss, slen);
+   if (n  0  connect(fd, (const struct sockaddr *)ss, slen))
+   warn(fail to connect);
+   } else
+   n = read(fd, ptb-dummybuf, ptb-dummybuf_len);
if (n == 0)
return;
else if (n == -1) {

patch from xorg repo for fr-oss layout

2014-08-08 Thread Daniel Jakots 
Hi,

While trying to push things upstream in Xorg, I found a bug [0] which
disable the right control key on the layout fr-oss and which has been
fixed on June 21 [1].

I've tested it, it works.

Index: dist/xkeyboard-config/symbols/fr
===
RCS file: /cvs/xenocara/dist/xkeyboard-config/symbols/fr,v
retrieving revision 1.7
diff -u -p -r1.7 fr
--- dist/xkeyboard-config/symbols/fr5 May 2014 18:05:34
-   1.7 +++ dist/xkeyboard-config/symbols/fr8 Aug 2014
12:01:49 - @@ -130,7 +130,6 @@ xkb_symbols oss {
 include latin
 include level3(ralt_switch)
 include nbsp(level4n)
-include level5(rctrl_switch)
 include keypad(oss)
 
 name[Group1]=French (alternative);


I don't know how you merge diff between xorg and xenocara repo, if it's
planned that's all good, I can wait. :)

[0]:
https://bugs.launchpad.net/ubuntu/+source/xkeyboard-config/+bug/1013881
[1]:
http://cgit.freedesktop.org/xkeyboard-config/commit/?id=39a226707b133ab5540c2d30176cb3857e74dcca

Cheers,
-- 
Vigdis

Re: dhcp reliability erratum

2014-08-07 Thread Daniel Jakots 
On Thu, 07 Aug 2014 09:49:54 -0400, Ted Unangst t...@tedunangst.com
wrote:

 OpenBSD 5.5 errata 9, June 30, 2014

That was July in fact.

Cheers,
-- 
Vigdis