We use the -6 option and I agree with deprecating it for one OpenBSD
release instead.
Especially now with sysupgrade(8), after upgrading our remote servers, our
site-to-site VPN wouldn't come back up after upgrade.
On Mon, Jan 13, 2020 at 12:58 PM Klemens Nanni wrote:
> On Mon, Jan 13, 2020 at
On Mon, Jan 13, 2020 at 10:30:11AM -0700, Todd C. Miller wrote:
> On Mon, 13 Jan 2020 13:45:55 +0100, Jan Klemkow wrote:
> > This diff simplifies globbing for the ftpd(8) ls and stat command. And
> > it avoids to glob for the parameters "-lgA".
> >
> > Due, we just pass a single string to the ftpd
On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> iked by default blocks all IPv6 traffic on a host unless any
> of the configured policies use v6. This was originally meant
> as a measure to prevent VPN leakage for people who did not
> think of IPv6 when configuring IPsec. With th
On Mon, Jan 13, 2020 at 08:04:20PM +0100, Alexandr Nedvedicky wrote:
> yes, final 5/5 diff already contains the change you propose here.
> As I've said earlier the partial diffs are just code review. Those
> were created artificially, when I tried to split big change to
> smaller ch
Hello,
> > @@ -2109,7 +2112,20 @@ pfctl_debug(int dev, u_int32_t level, int opts)
> > }
> >
> > int
> > -pfctl_show_anchors(int dev, int opts, char *anchorname)
> > +pfctl_walk_show(int opts, struct pfioc_ruleset *pr, void *warg)
> > +{
> > + if (pr->path[0]) {
> > + if (pr->path[
On Mon, 13 Jan 2020 13:45:55 +0100, Jan Klemkow wrote:
> This diff simplifies globbing for the ftpd(8) ls and stat command. And
> it avoids to glob for the parameters "-lgA".
>
> Due, we just pass a single string to the ftpd_ls() function, we don't
> need to provide infrastructure for a dynamic l
On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> I think we should discuss whether we can remove the flow
> (and the -6 flag) as I constantly hear people complaining
> that it broke their setups and I don't think anyone
> expects some seemingly unrelated program breaking IPv6.
A mi
Hi,
iked by default blocks all IPv6 traffic on a host unless any
of the configured policies use v6. This was originally meant
as a measure to prevent VPN leakage for people who did not
think of IPv6 when configuring IPsec. With the -6 flag
set, iked does not install this IPv6 blocking flow.
I t
> Date: Mon, 13 Jan 2020 17:02:12 +0100
> From: Martin Pieuchot
>
> I'm facing a lock ordering issue while profiling the scheduler which
> cannot be solved without using a different lock for the global sleepqueue
> and the runqueues.
>
> The SCHED_LOCK() currently protects both data structures a
On Mon, Jan 13, 2020 at 03:53:41PM +0100, Alexandr Nedvedicky wrote:
> change below splits 'pfctl_show_anchors()' to two functions:
> - pfctl_walk_anchors() function, which can traverse all anchor
> tree loaded to PF driver and
>
> - pfctl_walk_show(), which is a call back for pfctl
I'm facing a lock ordering issue while profiling the scheduler which
cannot be solved without using a different lock for the global sleepqueue
and the runqueues.
The SCHED_LOCK() currently protects both data structures as well as the
related fields in 'struct proc'. One of this fields is `p_wchan
On Mon, Jan 13, 2020 at 04:42:22PM +0100, Martijn van Duren wrote:
> On 1/13/20 4:30 PM, Anders Andersson wrote:
> > On Mon, Jan 13, 2020 at 3:00 PM leeb wrote:
> >>
> >> Hello,
> >>
> >>
> >> Thanks,
> >>
> >> Lee.
> >
> > This email should be gold plated and moved to a permanent location
On Mon, Jan 13, 2020 at 4:42 PM Martijn van Duren
wrote:
>
> On 1/13/20 4:30 PM, Anders Andersson wrote:
> > On Mon, Jan 13, 2020 at 3:00 PM leeb wrote:
> >>
> >> Hello,
> >>
> >> I had an itch, so I scratched it.
> >>
> >> The umb(4) driver has a FIXME in if_umb.c for user name
> >> and passphra
On Mon, Jan 13, 2020 at 03:52:57PM +0100, Alexandr Nedvedicky wrote:
> pfctl diff bellow enables me to relax err(3) and errx(3) to warnings
> where needed. The idea is to introduce PF_OPT_IGNFAIL and pfctl_err()
> and pfctl_errx() wrappers around err(3) and errx(3) functions.
>
> the wrappers, whe
On 1/13/20 4:30 PM, Anders Andersson wrote:
> On Mon, Jan 13, 2020 at 3:00 PM leeb wrote:
>>
>> Hello,
>>
>> I had an itch, so I scratched it.
>>
>> The umb(4) driver has a FIXME in if_umb.c for user name
>> and passphrase support. My LTE provider happens to require
>> this so I thought I'd have a
On Mon, Jan 13, 2020 at 03:47:51PM +0100, Alexandr Nedvedicky wrote:
> Also kn@ was testing that change back in 2019 and found some glitches [2].
> IMO the issues pointed out by kn@ are present in code already, diff below
> just uncovers them. We can investigate/fix them once the change below will
On Mon, Jan 13, 2020 at 3:00 PM leeb wrote:
>
> Hello,
>
> I had an itch, so I scratched it.
>
> The umb(4) driver has a FIXME in if_umb.c for user name
> and passphrase support. My LTE provider happens to require
> this so I thought I'd have a go.
>
> The provider seems happy with my umb changes,
Hello,
this is the last piece, which makes everything fit together. The
change introduces three 'nuke()' functions:
- pfctl_call_clearrules()
- pfctl_call_cleartables()
- pfctl_call_clearanchors()
Those are callbacks for pfctl_recurse() we've introduced earlier. Those
functions just c
Hello,
change introduces a pfctl_recurse() function we use to implement
recursive flush operation. The pfctl_recurse() is built from
two pieces:
- pfctl_walk_get(), which itself is a new callback for pfctl_walk()
we introduced in earlier patch. The pfctl_walk_get() puts every
ancho
Hello,
change below splits 'pfctl_show_anchors()' to two functions:
- pfctl_walk_anchors() function, which can traverse all anchor
tree loaded to PF driver and
- pfctl_walk_show(), which is a call back for pfctl_walk_anchors()
it just prints anchor name
this change is a foun
Hello,
pfctl diff bellow enables me to relax err(3) and errx(3) to warnings
where needed. The idea is to introduce PF_OPT_IGNFAIL and pfctl_err()
and pfctl_errx() wrappers around err(3) and errx(3) functions.
the wrappers, when acting in warning mode (PF_OPT_IGNFAIL set), would
also set exit_val
Hello,
below is a complete change I'd like to commit. Diff below enables pfctl to
recursively flush objects (tables, rules, anchors) from PF. The same change
has been discussed last spring [1]. But the discussion died and all effort
dropped down on the floor. I'd like to restart the effort now.
Hello,
I had an itch, so I scratched it.
The umb(4) driver has a FIXME in if_umb.c for user name
and passphrase support. My LTE provider happens to require
this so I thought I'd have a go.
The provider seems happy with my umb changes, and I've
added some bits in ifconfig(8) to allow setting of
Currently we only support noSuchObject by overloading BER_TYPE_EOC.
This is wrong.
Diff below adds support for all 3 exception cases.
OK?
martijn@
Index: smi.c
===
RCS file: /cvs/src/usr.bin/snmp/smi.c,v
retrieving revision 1.6
dif
On 13/01/20(Mon) 13:35, Mark Kettenis wrote:
> > Date: Mon, 13 Jan 2020 13:20:45 +0100
> > From: Martin Pieuchot
> >
> > vdsp(4) uses a workaround to not block forever in case the hypervisor
> > doesn't generate an interrupt. The current behavior is to wait the
> > smallest possible interval: on
On Sat, Jan 11, 2020 at 03:43:45PM +0100, Martin Pieuchot wrote:
> The custom semaphores used by softdep always use infinite tsleep(9). So
> remove the `timo' argument from sema_init() and switch the implementation
> to tsleep_nsec(9) and INFSLP.
>
> ok?
OK bluhm@
> Index: ufs/ffs/ffs_softdep.c
Hi,
This diff simplifies globbing for the ftpd(8) ls and stat command. And
it avoids to glob for the parameters "-lgA".
Due, we just pass a single string to the ftpd_ls() function, we don't
need to provide infrastructure for a dynamic list of arguments.
Tested it manually and by regression test
OK bluhm@
On Mon, Jan 13, 2020 at 12:27:12PM +0100, Martin Pieuchot wrote:
> Index: kern/uipc_socket.c
> ===
> RCS file: /cvs/src/sys/kern/uipc_socket.c,v
> retrieving revision 1.238
> diff -u -p -r1.238 uipc_socket.c
> --- kern/uipc_
> Date: Mon, 13 Jan 2020 13:20:45 +0100
> From: Martin Pieuchot
>
> vdsp(4) uses a workaround to not block forever in case the hypervisor
> doesn't generate an interrupt. The current behavior is to wait the
> smallest possible interval: one tick.
The hypervisor is known not to generate an inter
So apparently I use IPv6 more often than the end-users.
This diff allows us to actually skip the {ud,tc}p6 prefix if we actually
present an IPv6 address as described in the manpage and done by
net-snmp.
While here I also made it possible possible to do a retry if
IPv6-address:port fails by pastin
vdsp(4) uses a workaround to not block forever in case the hypervisor
doesn't generate an interrupt. The current behavior is to wait the
smallest possible interval: one tick.
Since this is a documented workaround the value doesn't matter much, so
convert the driver to tsleep_nsec(9) with a conser
On Sun, Jan 12, 2020 at 01:42:44PM +0100, Martin Pieuchot wrote:
> The consensus is now to switch syscall doing sleeps to use tsleep_nsec(9).
> Our direct goal is to stop expressing time as ticks, more might come
> later.
>
> Diff below introduces the previously discussed TIMESPEC_TO_NSEC(9) macro
On Sun, Jan 05, 2020 at 07:09:46PM +0100, Klemens Nanni wrote:
> Domains get to define their cores and memory only once unlike the other
> parameters of which it makes sense to have more than one.
>
> $ cat dup.conf
> domain primary {
> vcpu 2
> vcpu 2
>
On 13/01/20(Mon) 12:27, Martin Pieuchot wrote:
> On 13/01/20(Mon) 12:16, Alexander Bluhm wrote:
> > On Sun, Jan 12, 2020 at 01:33:43PM +0100, Martin Pieuchot wrote:
> > > @@ -304,7 +306,7 @@ soclose(struct socket *so, int flags)
> > > while (so->so_state & SS_ISCONNECTED) {
> > >
Dropping modp1024 will cause some pain for Windows users, unfortunately you
need to either set a registry key or use a PowerShell applet to have it use
modp2048 or better.
I'm wondering if we should have some simple way to choose from various
default settings, similar to tls_config_set_ciphers
On 13/01/20(Mon) 12:16, Alexander Bluhm wrote:
> On Sun, Jan 12, 2020 at 01:33:43PM +0100, Martin Pieuchot wrote:
> > @@ -304,7 +306,7 @@ soclose(struct socket *so, int flags)
> > while (so->so_state & SS_ISCONNECTED) {
> > error = sosleep(so, &so->so
On Mon, Jan 13, 2020 at 11:58:11AM +0100, Klemens Nanni wrote:
> On Sun, Oct 13, 2019 at 09:28:26PM -0500, joshua stein wrote:
> > When responding to hardware keys to increment or decrement screen
> > brightness, don't just adjust by 1 BCL level as there may be 100
> > levels. Find the next brig
On Sun, Jan 12, 2020 at 01:33:43PM +0100, Martin Pieuchot wrote:
> @@ -304,7 +306,7 @@ soclose(struct socket *so, int flags)
> while (so->so_state & SS_ISCONNECTED) {
> error = sosleep(so, &so->so_timeo,
> PSOCK |
> From: Hrvoje Popovski
> Date: Mon, 13 Jan 2020 11:53:36 +0100
>
> Hi all,
>
> with today's snapshot i'm seeing acpipci log below in dmesg. is this ok?
> do i need to report it ?
Not if everything on these machines works ;)
The messages are debug information that will help diagnosing problems
On Sun, Oct 13, 2019 at 09:28:26PM -0500, joshua stein wrote:
> When responding to hardware keys to increment or decrement screen
> brightness, don't just adjust by 1 BCL level as there may be 100
> levels. Find the next brightness level that is at least 5% up or
> down, and use that.
r
Hi all,
with today's snapshot i'm seeing acpipci log below in dmesg. is this ok?
do i need to report it ?
acpipci0 at acpi0 PC00: 0x 0x0011 0x0001
extent `acpipci0 pcibus' (0x0 - 0xff), flags=0
0x40 - 0xff
extent `acpipci0 pciio' (0x0 - 0x), flags=0
0x3b0 - 0x3d
> Date: Mon, 13 Jan 2020 10:59:30 +0100
> From: Klemens Nanni
>
> On Fri, Jan 03, 2020 at 08:30:42PM +0100, Mark Kettenis wrote:
> > Can we leave out the #ifdef __sparc64__? Unless somebody can come up
> > with a really good reason for it...
> The code should be safe on all platforms but I put i
On Fri, Jan 03, 2020 at 08:30:42PM +0100, Mark Kettenis wrote:
> Can we leave out the #ifdef __sparc64__? Unless somebody can come up
> with a really good reason for it...
The code should be safe on all platforms but I put it in to ensure I'm
not breaking stuff I cannot test, e.g. anything else th
On 12/01/20(Sun) 18:37, Philip Guenther wrote:
> On Sun, Jan 12, 2020 at 4:44 AM Martin Pieuchot wrote:
>
> > The consensus is now to switch syscall doing sleeps to use tsleep_nsec(9).
> > Our direct goal is to stop expressing time as ticks, more might come
> > later.
> >
>
> The API futex(2) ha
On 12/01/20(Sun) 16:29, Scott Cheloha wrote:
> On Sun, Jan 12, 2020 at 12:52:53PM +0100, Martin Pieuchot wrote:
> [...]
> > > > However we should raise the IPL level of this thread to ensure no other
> > > > timeout can run in the middle of another one.
> > >
> > > This makes sense, though I have
45 matches
Mail list logo
