OpenBSD errata, Dec 3, 2015

Four new OpenSSL CVE's were released today, which OpenSSL deemed to be not of sufficient severity to warrant advance disclosure. OpenBSD/LibreSSL is not vulnerable to two of these

Re: Kill rt_ifp

On Thu, Dec 03, 2015 at 10:04:39AM +0100, Martin Pieuchot wrote: > Now that we're good, we can get rid of this pointer. Thanks to > everybody involved in the process of replacing rt_ifp usages with > if_get()/if_put(). > > ok? > > Index: net/route.c >

Re: Building flavors with dpb

On Thu, Dec 03, 2015 at 09:04:54AM +, Tati Chevron wrote: > I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a > machine running 5.8-release, and it fails: > > # export FLAVOR=no_ada > # dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L /portswork/logs > -l

Re: Building flavors with dpb

On 12/03/15 09:04, Tati Chevron wrote: > I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a > machine running 5.8-release, and it fails: > > # export FLAVOR=no_ada > # dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L > /portswork/logs -l /portswork/locks lang/gcc/4.9 > >

Re: ip6 fragment nibble

On Thu, Dec 03, 2015 at 06:48:28AM -0500, Ted Unangst wrote: > Cleaner this way I think. > ok > > Index: frag6.c > === > RCS file: /cvs/src/sys/netinet6/frag6.c,v > retrieving revision 1.65 > diff -u -p -r1.65 frag6.c > ---

ip6 fragment nibble

Cleaner this way I think. Index: frag6.c === RCS file: /cvs/src/sys/netinet6/frag6.c,v retrieving revision 1.65 diff -u -p -r1.65 frag6.c --- frag6.c 22 Oct 2015 10:22:53 - 1.65 +++ frag6.c 3 Dec 2015 11:44:10 -

pledge ospfd first step

This is pledge for ospfd's SE and RDE process. The parent can't be pledged right now because of the same issue that bgpd has (carp demote). Had to shuffle some code around (as a benefit rdomain check is no longer a fatal error). Please test, running this on a test router and it seems to be OK.

Re: pf statekey inp chaining

Hello, OK sasha On Thu, Dec 03, 2015 at 12:29:15PM +0100, Alexander Bluhm wrote: > On Wed, Dec 02, 2015 at 07:45:09PM +0100, Alexander Bluhm wrote: > > Here is a new version of the diff. This is new: > > Now with feedback from sashan@ > > - merge > - no SS_ISCONNECTED check in tcp as it was

free sizes for most free calls in pf_ioctl

This should cover the simple free calls in pf_ioctl. -- :wq Claudio Index: pf_ioctl.c === RCS file: /cvs/src/sys/net/pf_ioctl.c,v retrieving revision 1.296 diff -u -p -r1.296 pf_ioctl.c --- pf_ioctl.c 3 Dec 2015 10:34:11 -

Re: ip6 fragment nibble

On Thu, Dec 03, 2015 at 06:48:28AM -0500, Ted Unangst wrote: > Cleaner this way I think. Yes, OK bluhm@ > > > Index: frag6.c > === > RCS file: /cvs/src/sys/netinet6/frag6.c,v > retrieving revision 1.65 > diff -u -p -r1.65 frag6.c

Re: free sizes for most free calls in pf_ioctl

Hello, OK regards sasha On Thu, Dec 03, 2015 at 01:21:32PM +0100, Claudio Jeker wrote: > This should cover the simple free calls in pf_ioctl. > > -- > :wq Claudio > > Index: pf_ioctl.c > === > RCS file:

Re: mpsafe bnx(4)

On 2.12.2015. 12:14, Jonathan Matthew wrote: > This is mostly a backout of if_bnx.c r1.77, which introduced lists of tx > descriptors, allocated on demand, in order to avoid allocating space per ring > slot. These days I think we can afford a few kb of memory overhead if it > makes the packets go

Re: explicitly check broadcast addresses on some ifa_ifwithaddr() uses

On 12/02/15 20:06, Martin Pieuchot wrote: > On 02/12/15(Wed) 16:18, Vincent Gross wrote: >> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa >> whose broadcast address match the input. This is used mainly to select >> ifa, and there can be trouble when you have 2 ifas on the

Building flavors with dpb

I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a machine running 5.8-release, and it fails: # export FLAVOR=no_ada # dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L /portswork/logs -l /portswork/locks lang/gcc/4.9 Fatal: Unknown flavor(s) no_ada (in test/a) (No

Kill rt_ifp

Now that we're good, we can get rid of this pointer. Thanks to everybody involved in the process of replacing rt_ifp usages with if_get()/if_put(). ok? Index: net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision

Re: doas password prompt

On Wed, Dec 02, 2015 at 04:40:33AM -0500, Ted Unangst wrote: > henning points out that if you are seven levels deep when doas asks for a > password, it can be hard to tell who is asking for what password. > > modify the prompt to include the program name and user@host. > - if (pledge("stdio

introducing ip_send()/ip6_send() to OpenBSD kernel

Hello, patch below introduces ip_send() function to OpenBSD kernel. ip_send() function takes an mbuf with packet and passes to ip_output(), which will be running in softnet task. the patch also changes icmp_error()/icmp6_error() to dispatch the ICMP error responses via ip_send(), so both

Re: explicitly check broadcast addresses on some ifa_ifwithaddr() uses

On 12/03/15 10:21, Vincent Gross wrote: > On 12/02/15 20:06, Martin Pieuchot wrote: >> On 02/12/15(Wed) 16:18, Vincent Gross wrote: >>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa >>> whose broadcast address match the input. This is used mainly to select >>> ifa, and

Re: explicitly check broadcast addresses on some ifa_ifwithaddr() uses

On Thu, Dec 03, 2015 at 02:52:59PM +0100, Vincent Gross wrote: > bluhm@ spotted one case where in_broadcast was needed. > > ok ? OK bluhm@ > > Index: sys/net/if.c > === > RCS file: /cvs/src/sys/net/if.c,v > retrieving revision

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

Hello, so after a feedback in a hackroom here is the third version of patch. The summary of changes is as follows: - ip*_send() function use softnettq to dispatch packet - ip*_output() functions running in ip*_send_dispatch() are protected KERNEL_LOCK() and running at

Re: relayd patch - delayed failover

thanks, commited Brian S. Vangsgaard(b...@avalanic.dk) on 2015.10.01 13:27:12 +0200: > Hi, > > Problem: > If a client have a state entry in the relayd anchor, and the target > server goes down, the client will be unable to "failover" for 10 sec + > (10 sec - elapsed time since last SLA check).

Re: newsyslog -r

ping On Nov 12 22:21:39, h...@stare.cz wrote: > The -r option of newsyslog(8) removes the requirement > that newsyslog runs as root. Would it also make sense > to not try to send the SIGHUP to syslogd in that case? > > Jan > > > Index: newsyslog.8 >

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

Hello, mikeb@ found a fundamental problem in my earlier patch. The ip_send() function was using `softnettq` (softnet task queue) to dispatch packet via ip*_output(). Doing so it's risky business as ip*_output() is not unlocked yet. So new patch version introduces a new task: ipsendtq. The

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

Hello, below is final patch I'm going to commit. Summary of changes: - softnettq declaration moved to net/if_var.h (by bluhm@) - lock order swapped: KERNEL_LOCK() goes first folllowed by spl (by bluhm@) - long line got fixed (by bluhm@) -

Re: libc: locale/rune.c input validation

Thanks Ingo for your extensive review! It contains lots of valuable input for me. I have applied all your recommendations, they make a lot of sense. > I would suggest to use uint32_t. Just while applying this, I noticed that the file has a mix of the types u_int32_t and uint32_t. I took

Re: [patch] tsec(4): enable TX interrupt coalescing

Refreshed patch against HEAD appears below, best, Richard. PS. Apologies for the quoted-printable encoding...looking now for an email client capable of 7-bit... On 10/11/2015, at 5:18 PM, Richard Procter wrote: > This reduces tsec(4) TX interrupts by over a factor of four per interface, >

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

> On 4 Dec 2015, at 06:44, Alexandr Nedvedicky > wrote: > > Hello, > > below is final patch I'm going to commit. Summary of changes: > - softnettq declaration moved to net/if_var.h (by bluhm@) > - lock order swapped: KERNEL_LOCK() goes first

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

On 03/12/15(Thu) 18:07, Alexandr Nedvedicky wrote: > Hello, > > so after a feedback in a hackroom here is the third version of patch. The > summary of changes is as follows: > - ip*_send() function use softnettq to dispatch packet > - ip*_output() functions running in

Re: introducing ip_send()/ip6_send() to OpenBSD kernel

On Thu, Dec 03, 2015 at 06:07:41PM +0100, Alexandr Nedvedicky wrote: > +#ifdef _KERNEL > +extern struct taskq *softnettq; > +#endif /* _KERNEL */ > #endif /* _NET_IF_H_ */ I think this should go to net/if_var.h > +static void > +ip_send_dispatch(void *cx) > +{ Maybe you should pass

Re: UTF-8 support for wc(1)

On Sun, 29 Nov 2015 17:45:55 +0100, Ingo Schwarze wrote: > our wc(1) utility currently violates POSIX in two ways: > > 1. The -m option counts bytes instead of characters. > The patch given below fixes that. > > 2. Word counting with -w only treats ASCII whitespace as word >