[patch] tcpdump print-tcp printf format tweaks

2015-11-02 Thread Kevin Reay
Change printf format to print unsigned values. Minor spacing change of casts to match file/style(9). Attempted to match printf formating of unsigned 32bits to rest of file. Index: print-tcp.c === RCS file: /cvs/src/usr.sbin/tcpdump/pr

replace ppp(4) sc_npqueue+sc_npqtail with an mbuf_list

2015-11-02 Thread David Gwynne
while im shining this turd... ok? Index: if_ppp.c === RCS file: /cvs/src/sys/net/if_ppp.c,v retrieving revision 1.92 diff -u -p -r1.92 if_ppp.c --- if_ppp.c2 Nov 2015 23:39:20 - 1.92 +++ if_ppp.c3 Nov 2015 06:28:46

[patch] hostapd iapp.h frame-type name array typo

2015-11-02 Thread Kevin Reay
Add a missing delimiter to the IEEE80211_IAPP_FRAME_TYPE_NAME array. The missing comma would cause the tcpdump IAPP printer to segfault when an i_command value of 15 was processed (as the array only contained 15 elements). The array definition doesn't appear to be used anywhere else in the tree.

Re: LibreSSL MIPS64 build with GCC5

2015-11-02 Thread Michael McConville
Ruslan Babayev wrote: > This fixes the portable LibreSSL build on Linux with GCC5 for MIPS64. Is __GNUC_PREREQ__ from /usr/include/sys/cdefs.h in other OSs? If not, you could probably just add it to the LibreSSL portability headers. It's probably the easiest and most readable solution if these sor

ml_purge for netinet/if_ether.c

2015-11-02 Thread David Gwynne
ml_purge returns how many mbufs they freed, so we can decrement the la_hold_total with that instead of inside an ml_dequeue/m_freem loop. ok? Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revisi

LibreSSL MIPS64 build with GCC5

2015-11-02 Thread Ruslan Babayev
This fixes the portable LibreSSL build on Linux with GCC5 for MIPS64. Index: lib/libssl/src/crypto/bn/bn_lcl.h === RCS file: /cvs/src/lib/libssl/src/crypto/bn/bn_lcl.h,v retrieving revision 1.21 diff -r1.21 bn_lcl.h 262c262 < # if _

Re: em(4) watchdog timeouts

2015-11-02 Thread Sonic
On Mon, Nov 2, 2015 at 2:11 PM, Mark Kettenis wrote: > Can those that are experiencing watchdog timeouts check if the diff > below gets rid of them? Sorry to report that the diff does not solve the timeout problem here. All was working fine with the if_em* versions from 2015/09/29 (I downgraded

tidy up pledge_ioctl

2015-11-02 Thread Ted Unangst
The last argument is always a file, so we can type it instead of using void. Also, as a safety belt, leave vp null if the file type isn't vnode. Index: kern/kern_pledge.c === RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving rev

Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Daniel Micay
> It may also be viable as a security feature in some situations, not just > a way of finding bugs. Depends on how far away the UAF is from the free > call since one other free is all that's needed to lose reliable > detection. It might work better with a FIFO ring buffer rather than the > current

Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Daniel Micay
On 02/11/15 06:40 AM, Theo Buehler wrote: > Sorry for this rather long mail: > > I have three small comments on the patch itself > (starting 80 lines below). > > For those who want to try both new features, I attached a patch against > -current that merges the three parts of Daniel's diff (plus t

Re: Drop register keyword from less(1)

2015-11-02 Thread Theo de Raadt
> I think we should move to the Illumos fork, it looks good. I've got it > building easily enough, will take a look at porting our changes at some > point. I was the first one to bring it up with Todd about 4 weeks ago. I am a big fan of this, becuase it will allow us to pledge^Wrefactor it also..

Re: cvs(1) simplification

2015-11-02 Thread Theo de Raadt
> I can tell that rev can be VERY large... Wait, am I remembering these > (Open)CVS internals all of a sudden again? :P Some of us have memories wired for guilt.

Re: cvs(1) simplification

2015-11-02 Thread Tobias Stoeckmann
I wouldn't call this definition readable: void cvs_ent_line_str(const char *name, char *rev, char *tstamp, char *opts, char *sticky, int isdir, int isremoved, char *buf, size_t len) So what about changing it to return allocated memory by itself, which would mean changing the internals from xs

at: remove privs.h

2015-11-02 Thread Todd C. Miller
at(1) tries to run as little code as possible with privileges. This creates a false sense of security since if there is an overflow an attacker can easily change the effective gid anyway. The only place we really need to drop the setgid crontab is when reading a file with the -f flag. - todd I

Re: cvs(1) simplification

2015-11-02 Thread Nicholas Marriott
Hi Sure, so what are you saying... we shouldn't change this? Or we should change it? If so, why not also change, for example, cvs_add_entry, cvs_remove_local and update_clear_conflict, which have very similar bits of code? On Mon, Nov 02, 2015 at 03:38:24PM -0500, Michael McConville wrote: >

Re: should pledge(2) allow raise(3) and abort(3)?

2015-11-02 Thread Ted Unangst
Theo Buehler wrote: > While playing with Daniel Micay's malloc patches, I ran into a lot of > pledge aborts since pledge("stdio") disallows raise(3) and abort(3). > That's because raise sends the to 'pid + THREAD_PID_OFFSET' instead > of the pid itself. The first sentence of the comment and the lo

Re: [PATCH] pledging dhclient

2015-11-02 Thread Jérémie Courrèges-Anglas
Loganaden Velvindron writes: > Hi guys, Hi, > I've been playing with pledge in base. Here's a small patch for dhclient. > It's still a WiP. > > I can kill -HUP dhclient, and so far no issues. > > I would like it to pledge before however, so that write operations (write_*) > that take their inpu

Re: Drop register keyword from less(1)

2015-11-02 Thread Ted Unangst
Todd C. Miller wrote: > On Mon, 02 Nov 2015 09:16:07 +, Nicholas Marriott wrote: > > > I looked briefly at this and it wouldn't be that hard. However, while it > > would be fantastic to clean up all the crap from less, it isn't clear if > > Garrett D'Amore is going to be keeping his fork up to

Re: ftp(1): pledge smaller subset in SMALL version

2015-11-02 Thread Jérémie Courrèges-Anglas
Frederic Nowak writes: > Hi there, Hi, > at the moment ftp pledges "proc exec" in its SMALL version, but not > otherwise. This seems wrong, because the SMALL version does not support > interactive mode (which needs "proc exec" for e.g. the page command), > while the !SMALL version does. > The p

Re: Drop register keyword from less(1)

2015-11-02 Thread Nicholas Marriott
On Mon, Nov 02, 2015 at 11:48:07AM -0500, Michael McConville wrote: > Todd C. Miller wrote: > > On Mon, 02 Nov 2015 09:16:07 +, Nicholas Marriott wrote: > > > I looked briefly at this and it wouldn't be that hard. However, > > > while it would be fantastic to clean up all the crap from less, it

crontab: remove useless gid swapping

2015-11-02 Thread Todd C. Miller
The only place we really need to drop setgid is when opening an arbitrary file, e.g. "crontab /foo/bar", which prevents the user from viewing other people's crontab files. Now that TMPDIR support is gone things are a bit simpler... - todd Index: crontab.c ===

Re: em(4) watchdog timeouts

2015-11-02 Thread Gregor Best
On Mon, Nov 02, 2015 at 08:11:30PM +0100, Mark Kettenis wrote: > Can those that are experiencing watchdog timeouts check if the diff > below gets rid of them? > [...] Looks good so far. I've run a few light tests and the usual load that caused the timeouts before, haven't seen any yet. For the re

Re: Drop register keyword from less(1)

2015-11-02 Thread Todd C. Miller
On Mon, 02 Nov 2015 21:13:31 +, Nicholas Marriott wrote: > I think we should move to the Illumos fork, it looks good. I've got it > building easily enough, will take a look at porting our changes at some > point. Awesome. - todd

Re: whois(1) -I (whois.iana.org)

2015-11-02 Thread Giovanni Bechis
Stuart Henderson ha scritto: >This seems quite a useful database now that there are 500+ TLDs, >OK to add a flag to use it more easily from whois(1)? > >Index: whois.1 >=== >RCS file: /cvs/src/usr.bin/whois/whois.1,v >retrieving revis

Re: cvs(1) simplification

2015-11-02 Thread Michael McConville
Nicholas Marriott wrote: > Sure, but this idiom is all over the place in opencvs, are you going to > change the rest? As Theo mentioned recently, there's an inherent tradeoff here. Stack allocation is faster at runtime and easier to write. However, we miss out on malloc's memory sanitization. So,

Re: crontab: use setegid() instead of swap functions

2015-11-02 Thread Nicholas Marriott
Looks good to me, ok nicm On Mon, Nov 02, 2015 at 11:35:21AM -0700, Todd C. Miller wrote: > Using setegid() directly makes the code easier to read. > Some of these calls will be removed in a later diff. > > - todd > > Index: crontab.c > =

Re: whois(1) -I (whois.iana.org)

2015-11-02 Thread Jérémie Courrèges-Anglas
Stuart Henderson writes: > This seems quite a useful database now that there are 500+ TLDs, > OK to add a flag to use it more easily from whois(1)? That's indeed nicer. :) ok jca@ [...] -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

Re: cvs(1) simplification

2015-11-02 Thread Nicholas Marriott
Sure, but this idiom is all over the place in opencvs, are you going to change the rest? On Mon, Nov 02, 2015 at 12:31:14PM -0500, Michael McConville wrote: > Don't bother mallocing a statically-sized 1,024-byte chunk of mem, for > simplicity and speed. > > ok? > > > Index: usr.bin/cvs/server.

Re: Unsigned char cast for ctype func in uniq(1)

2015-11-02 Thread Jérémie Courrèges-Anglas
Michael McConville writes: > ok? Sure. > > Index: usr.bin/uniq/uniq.c > === > RCS file: /cvs/src/usr.bin/uniq/uniq.c,v > retrieving revision 1.22 > diff -u -p -r1.22 uniq.c > --- usr.bin/uniq/uniq.c 9 Oct 2015 01:37:09 -

Re: crontab: use setegid() instead of swap functions

2015-11-02 Thread Jérémie Courrèges-Anglas
"Todd C. Miller" writes: > Using setegid() directly makes the code easier to read. > Some of these calls will be removed in a later diff. looks fine, ok jca@ [...] -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

RFC2292 remnants in ip6(4)

2015-11-02 Thread Jérémie Courrèges-Anglas
Hi, Ted recently removed the backwards compat for RFC2292 options, here's a small nit about documentation: IPV6_PKTOPTIONS is deprecated by RFC3542, and it doesn't appear anymore in /usr/src, except in this manpage. ok? Index: share/man/man4/ip6.4 ===

em(4) watchdog timeouts

2015-11-02 Thread Mark Kettenis
Can those that are experiencing watchdog timeouts check if the diff below gets rid of them? Index: if_em.h === RCS file: /home/cvs/src/sys/dev/pci/if_em.h,v retrieving revision 1.58 diff -u -p -r1.58 if_em.h --- if_em.h 30 Sep 20

Re: whois(1) -I (whois.iana.org)

2015-11-02 Thread Sebastian Benoit
ok you should have mentioned that freebsd uses -I for this purpose ;) Stuart Henderson(st...@openbsd.org) on 2015.11.02 18:12:44 +: > This seems quite a useful database now that there are 500+ TLDs, > OK to add a flag to use it more easily from whois(1)? > > Index: whois.1 >

crontab: use setegid() instead of swap functions

2015-11-02 Thread Todd C. Miller
Using setegid() directly makes the code easier to read. Some of these calls will be removed in a later diff. - todd Index: crontab.c === RCS file: /cvs/src/usr.sbin/cron/crontab.c,v retrieving revision 1.78 diff -u -p -u -r1.78 cron

whois(1) -I (whois.iana.org)

2015-11-02 Thread Stuart Henderson
This seems quite a useful database now that there are 500+ TLDs, OK to add a flag to use it more easily from whois(1)? Index: whois.1 === RCS file: /cvs/src/usr.bin/whois/whois.1,v retrieving revision 1.33 diff -u -p -r1.33 whois.1 --

cvs(1) simplification

2015-11-02 Thread Michael McConville
Don't bother mallocing a statically-sized 1,024-byte chunk of mem, for simplicity and speed. ok? Index: usr.bin/cvs/server.c === RCS file: /cvs/src/usr.bin/cvs/server.c,v retrieving revision 1.102 diff -u -p -r1.102 server.c --- usr

Re: support more nd options for tcpdump print-icmp6.c

2015-11-02 Thread Martin Pieuchot
On 02/11/15(Mon) 16:58, Stuart Henderson wrote: > This diff adds support for some more ND options to tcpdump: printing > v6 nameserver addresses from RDNSS options, and basic support to print > the option name (rather than just "unknown opt_type=XX") for DNSSL > and RFC4191 route information (no fu

Unsigned char cast for ctype func in uniq(1)

2015-11-02 Thread Michael McConville
ok? Index: usr.bin/uniq/uniq.c === RCS file: /cvs/src/usr.bin/uniq/uniq.c,v retrieving revision 1.22 diff -u -p -r1.22 uniq.c --- usr.bin/uniq/uniq.c 9 Oct 2015 01:37:09 - 1.22 +++ usr.bin/uniq/uniq.c 2 Nov 2015 17:17:13 -0

Unsigned char cast for ctype in whois(1)

2015-11-02 Thread Michael McConville
ok? Index: usr.bin/whois/whois.c === RCS file: /cvs/src/usr.bin/whois/whois.c,v retrieving revision 1.50 diff -u -p -r1.50 whois.c --- usr.bin/whois/whois.c 9 Oct 2015 01:37:09 - 1.50 +++ usr.bin/whois/whois.c 2

support more nd options for tcpdump print-icmp6.c

2015-11-02 Thread Stuart Henderson
This diff adds support for some more ND options to tcpdump: printing v6 nameserver addresses from RDNSS options, and basic support to print the option name (rather than just "unknown opt_type=XX") for DNSSL and RFC4191 route information (no full printer for these yet - for DNSSL the domain names ar

Re: Drop register keyword from less(1)

2015-11-02 Thread Michael McConville
Todd C. Miller wrote: > On Mon, 02 Nov 2015 09:16:07 +, Nicholas Marriott wrote: > > I looked briefly at this and it wouldn't be that hard. However, > > while it would be fantastic to clean up all the crap from less, it > > isn't clear if Garrett D'Amore is going to be keeping his fork up to >

Re: Drop register keyword from less(1)

2015-11-02 Thread Nicholas Marriott
On Mon, Nov 02, 2015 at 09:32:46AM -0700, Todd C. Miller wrote: > On Mon, 02 Nov 2015 09:16:07 +, Nicholas Marriott wrote: > > > I looked briefly at this and it wouldn't be that hard. However, while it > > would be fantastic to clean up all the crap from less, it isn't clear if > > Garrett D'A

Re: Drop register keyword from less(1)

2015-11-02 Thread Todd C. Miller
On Mon, 02 Nov 2015 09:16:07 +, Nicholas Marriott wrote: > I looked briefly at this and it wouldn't be that hard. However, while it > would be fantastic to clean up all the crap from less, it isn't clear if > Garrett D'Amore is going to be keeping his fork up to date - if he > doesn't then we

Re: [PATCH] rcs: buf_free/rcsnum_free

2015-11-02 Thread Todd C. Miller
On Mon, 02 Nov 2015 08:59:19 +, Nicholas Marriott wrote: > Any other oks for this? OK millert@ - todd

Re: snmpd loses ARP table information

2015-11-02 Thread Mike Belopuhov
On Mon, Nov 02, 2015 at 13:36 +0100, Gerhard Roth wrote: > Hi, > > snmpd pernanently loses its ARP table information: > > # snmpctl walk 127.0.0.1 oid ipNetToMediaPhysAddress > ipNetToMediaPhysAddress.2.192.168.16.1="xx:xx:xx:xx:xx:xx" > ipNetToMediaPhysAddress.2.192.168.16.126=

Re: IPv6 DHCP-PD/SLAAC - no /64 route in routing table

2015-11-02 Thread Martin Pieuchot
On 01/11/15(Sun) 17:41, Yury Shefer wrote: > Hi all, > > I'm having trouble with enabling IPv6 routing on my 5.8 gateway. > > (Internet)[DHCPv6+PD](em0-GW-axe0)[SLAAC/rtadvd] > > My box is connected to Comcast, I'm getting IPv6 address assignment over > DHCPv6 (wide dhcp6c) on WAN in

snmpd loses ARP table information

2015-11-02 Thread Gerhard Roth
Hi, snmpd pernanently loses its ARP table information: # snmpctl walk 127.0.0.1 oid ipNetToMediaPhysAddress ipNetToMediaPhysAddress.2.192.168.16.1="xx:xx:xx:xx:xx:xx" ipNetToMediaPhysAddress.2.192.168.16.126="xx:xx:xx:xx:xx:xx" ipNetToMediaPhysAddress.2.192.168.19.

should pledge(2) allow raise(3) and abort(3)?

2015-11-02 Thread Theo Buehler
While playing with Daniel Micay's malloc patches, I ran into a lot of pledge aborts since pledge("stdio") disallows raise(3) and abort(3). That's because raise sends the to 'pid + THREAD_PID_OFFSET' instead of the pid itself. The first sentence of the comment and the logic is taken from kern_sig.c

Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Theo Buehler
Sorry for this rather long mail: I have three small comments on the patch itself (starting 80 lines below). For those who want to try both new features, I attached a patch against -current that merges the three parts of Daniel's diff (plus the trivial two of the nits below) at the very end of thi

clean up ppp(4) "fastq"

2015-11-02 Thread David Gwynne
ppp(4) had code to prioritise IP packets with the low delay type of service set. maintaining this complicates refactoring the interface send queue, which im doing on the way to mpsafety for that side of the stack. id argue the functionality can be better implemented by using queues in pf. i can't

Re: pledge idea

2015-11-02 Thread Peter J. Philipp
On Thu, Oct 29, 2015 at 06:39:58PM +0100, Peter J. Philipp wrote: > Hi Reyk, > > deraadt already told me there was a patch for this already. Yes it > would be more cycles for stdio I see that. > > Thanks for your effort in making me see this. > > -peter > > > $ time obj/sleep 0.01 > > 0m0

Re: Drop register keyword from less(1)

2015-11-02 Thread Alexandr Shadchin
On Mon, Nov 2, 2015 at 2:16 PM, Nicholas Marriott < nicholas.marri...@gmail.com> wrote: > On Sun, Nov 01, 2015 at 06:22:53PM -0700, Todd C. Miller wrote: > > If we are going to diverge from upstream less, a better starting > > point would be https://github.com/gdamore/less-fork > > > > See also ht

Re: IPv6 DHCP-PD/SLAAC - no /64 route in routing table

2015-11-02 Thread Stuart Henderson
On 2015/11/01 17:41, Yury Shefer wrote: > I'm having trouble with enabling IPv6 routing on my 5.8 gateway. > > (Internet)[DHCPv6+PD](em0-GW-axe0)[SLAAC/rtadvd] > > My box is connected to Comcast, I'm getting IPv6 address assignment over > DHCPv6 (wide dhcp6c) on WAN interface(em0) tog

Re: Drop register keyword from less(1)

2015-11-02 Thread Nicholas Marriott
On Sun, Nov 01, 2015 at 06:22:53PM -0700, Todd C. Miller wrote: > If we are going to diverge from upstream less, a better starting > point would be https://github.com/gdamore/less-fork > > See also http://garrett.damore.org/2014_09_01_archive.html > > If you decide to tackle that you'll also want

Re: [PATCH] rcs: buf_free/rcsnum_free

2015-11-02 Thread Nicholas Marriott
Any other oks for this? On Sun, Nov 01, 2015 at 08:58:27AM +0800, Michael W. Bombardieri wrote: > Thanks again for checking this. > Correcting ci.c ... > > On Fri, Oct 30, 2015 at 03:53:58PM +, Nicholas Marriott wrote: > > Sorry, the one I pointed out in ci.c is wrong: > > > > >

[PATCH] pledging dhclient

2015-11-02 Thread Loganaden Velvindron
Hi guys, I've been playing with pledge in base. Here's a small patch for dhclient. It's still a WiP. I can kill -HUP dhclient, and so far no issues. I would like it to pledge before however, so that write operations (write_*) that take their input from the network are further tightened down. One