Hello,
Petr Hoffmann at Oracle discovered a glitch in ONCE rules and anchors.
Petr's test case, which shows a misbehavior looks as follows:
echo 'anchor "foo/*"' | pfctl -f -
pfctl -sr
# anchor "foo/*" all
echo 'pass' | pfctl -a foo/bar -f -
echo 'pass onc
Hello,
On Thu, Oct 20, 2016 at 08:45:09PM +0200, Alexander Bluhm wrote:
> On Fri, Sep 30, 2016 at 11:55:48PM +0200, Alexandr Nedvedicky wrote:
> > The patch makes PF to send 'challenge ACK' for SYN packet, which matches
> > session in established state.
>
> regress/sys/net/pf_forward has found a
Hi,
Empty IPv6 fragments are reassembled differently by our stack and
pf. If the payload length is 0, it does not change the content of
the fragment cache. So pf just drops it early during processing.
But IPv6 requires that when an overlapping fragment is detected,
the whole queue of the frageme
I have been prodded by dhill & brad, so here is a diff.
Running with it now but haven't reviewed it, yet.
(I have a git repo with all intermediate diffs if someone wants to
look at those...)
Tests / OKs? (I will review the diff myself before committing)
diff --git Makefile.in Makefile.in
index 3
On Wed, Oct 19, 2016 at 03:10:53PM +0300, Kapetanakis Giannis wrote:
> Hi,
>
> just a minor change to manual pages of switch daemon.
>
> G
>
fixed, thanks, but note:
>
> Index: switchd.8
> ===
> RCS file: /cvs/src/usr.sbin/switch
On Sun, Oct 16, 2016 at 07:15:41PM +0100, Edd Barrett wrote:
> Hi,
>
> In vm.conf(5):
>
> ---8<---
> Virtual switches can be configured at any point in the configuration
> file; they allow switchd to add network interfaces of VMs to the
> underlying switch interfaces automatically.
> --->8---
>
> Date: Thu, 20 Oct 2016 15:42:32 +0200
> From: Alexander Bluhm
>
> Hi,
>
> A while ago I made kernel logging interrupt safe by adding a
> splhigh(). When we are going MP this is not sufficient, so replace
> it with a mutex. The idea is to hold the mutex every time msgbufp
> is dereferenced.
>I found a few cases, where we should send a cache flush but don't.
>Unfortunately, none of these cases explain the problem seen by
>Jan and Darren.
>The cases I have found are:
>* When a R/W mount is updated to R/O. I will send patches for this in a
>separate mail.
>* When a R/W mount is unmount
On Fri, Sep 30, 2016 at 11:55:48PM +0200, Alexandr Nedvedicky wrote:
> The patch makes PF to send 'challenge ACK' for SYN packet, which matches
> session in established state.
regress/sys/net/pf_forward has found a bug in your code. Looks
like the route-to feature was affected. By splitting the
On Wed, Oct 19, 2016 at 09:51:47PM +0200, Mark Kettenis wrote:
> The bus number it reports will be totally bogus for devices behind PCI
> bridges. As a consequence AML will peek and poke at registers of the
> wrong device. This is what caused the suspend issues with Joris'
> Macbook.
>
> The dif
On Thu, Oct 20, 2016 at 09:55:33AM -0600, Todd C. Miller wrote:
> On Thu, 20 Oct 2016 15:22:44 +0200, Marc Espie wrote:
>
> Comments inline.
> I find "Expand the value" to be confusing. Would the following
> also be accurate?
>
> Perform variable expansion and pass the result to the shell fo
On Thu, 20 Oct 2016 15:22:44 +0200, Marc Espie wrote:
Comments inline.
> Index: make.1
> ===
> RCS file: /cvs/src/usr.bin/make/make.1,v
> retrieving revision 1.120
> diff -u -p -r1.120 make.1
> --- make.113 Mar 2015 19:58:41 -000
Hi,
A while ago I made kernel logging interrupt safe by adding a
splhigh(). When we are going MP this is not sufficient, so replace
it with a mutex. The idea is to hold the mutex every time msgbufp
is dereferenced. This allows to print to dmesg without kernel lock.
Note that we take the mutex
This is a new extension to make. I don't think it will hinder portability
all that much, since != is already an expansion.
VAR != cmd
executes cmd on the spot, and replaces the output into VAR. This is a
convenient feature, but it is rather expensive, since each such VAR
will require the executio
On Thu, Oct 20, 2016 at 10:53:17AM +0200, Claudio Jeker wrote:
> > Unfortunately pf_route() is called from pfsync which has no idea
> > of packet descriptors. As I do not want to rewrite pfsync, I create
> > a temporary pf_pdesc on the stack.
>
> I'm OK with the direction but am wondering if sett
On Thu, Oct 20, 2016 at 11:28:37AM +0200, Otto Moerbeek wrote:
> On Thu, Oct 20, 2016 at 11:21:26AM +0200, Otto Moerbeek wrote:
>
> > On Thu, Oct 20, 2016 at 11:17:25AM +0200, Otto Moerbeek wrote:
> >
> > > On Thu, Oct 20, 2016 at 04:42:13AM -0400, Ted Unangst wrote:
> > >
> > > > Otto Moerbeek
On Thu, Oct 20, 2016 at 11:21:26AM +0200, Otto Moerbeek wrote:
> On Thu, Oct 20, 2016 at 11:17:25AM +0200, Otto Moerbeek wrote:
>
> > On Thu, Oct 20, 2016 at 04:42:13AM -0400, Ted Unangst wrote:
> >
> > > Otto Moerbeek wrote:
> > > > That is certainly not correct: snprintf and friends return the
On Thu, Oct 20, 2016 at 11:17:25AM +0200, Otto Moerbeek wrote:
> On Thu, Oct 20, 2016 at 04:42:13AM -0400, Ted Unangst wrote:
>
> > Otto Moerbeek wrote:
> > > That is certainly not correct: snprintf and friends return the length as
> > > it would have been if an infinite buffer was passed in.
>
On Thu, Oct 20, 2016 at 04:42:13AM -0400, Ted Unangst wrote:
> Otto Moerbeek wrote:
> > That is certainly not correct: snprintf and friends return the length as
> > it would have been if an infinite buffer was passed in.
> > So the strlen should stay. I'll make a new diff soon though with the
> >
On Wed, Oct 19, 2016 at 11:49:56PM +0200, Alexander Bluhm wrote:
> Hi,
>
> I would like to pass a struct pf_pdesc to pf_route() like it is
> done in the other pf functions. That means less parameters, more
> consistency and later I can call functions that need an pd from
> pf_route().
>
> Unfort
Otto Moerbeek wrote:
> That is certainly not correct: snprintf and friends return the length as
> it would have been if an infinite buffer was passed in.
> So the strlen should stay. I'll make a new diff soon though with the
> error checking, although it might be overkill for this case.
I think w
Hello,
On Wed, Oct 19, 2016 at 11:49:56PM +0200, Alexander Bluhm wrote:
> Hi,
>
> I would like to pass a struct pf_pdesc to pf_route() like it is
> done in the other pf functions. That means less parameters, more
> consistency and later I can call functions that need an pd from
> pf_route().
>
On Thu, Oct 20, 2016 at 09:11:17AM +0200, Martin Natano wrote:
> On Wed, Oct 19, 2016 at 11:48:05PM +0200, Jan Stary wrote:
> > extern char *optarg is already declared in unistd.h
> > This is the only occurence in src/sbin and src/bin;
> > others will follow in separate mails.
> >
> > Jan
> >
On Wed, Oct 19, 2016 at 11:48:05PM +0200, Jan Stary wrote:
> extern char *optarg is already declared in unistd.h
> This is the only occurence in src/sbin and src/bin;
> others will follow in separate mails.
>
> Jan
>
OK.
>
> Index: bioctl.c
>
24 matches
Mail list logo
