On Wed, Mar 01, 2023 at 04:53:00PM +, Stuart Henderson wrote:
> How about this? Show a strong psk in the example
...
> -#psk "you-should-not-use-psk-authentication!"
> +#psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA"
I strongly disagree with this change.
Not only are you r
On Sun, Jan 29, 2023 at 08:16:06AM -0700, Todd C. Miller wrote:
> Unfortunately we cannot use strtonum(3) here since there may be
> non-digit characters following the number. So, strtoll(3)
> it is then.
Since strptime's %s is supposed to be the inverse of strftime's %s,
which is produced with mk
On Wed, Feb 22, 2023 at 03:31:28PM +0100, Stefan Sperling wrote:
> Below is my work-in-progress diff to update iwx(4) to latest firmware.
> Every system tracking -current should already have the new -77 firmware
> images.
>
> The new images contain security fixes of (to me) unknown severity.
> Un
Used but not initialised:
$ grep arp_list if_ether.c
LIST_ENTRY(llinfo_arp) la_list; /* [mN] global arp_list
*/
LIST_HEAD(, llinfo_arp) arp_list; /* [mN] list of all llinfo_arp
structures */
/* Net lock is exclusive, no arp mutex needed for
Hi Philip, thanks
1) ok, I’ll take it into account for my configurations
2) adding the route for 224.0.0.0/4 to the specific interface works
Thanks again
Luca
Il giorno mer 1 mar 2023 alle 22:47 Philip Guenther ha
scritto:
> On Wed, Mar 1, 2023 at 9:58 AM Luca Di Gregorio wrote:
>
>> 1) does
On Thu, Mar 02, 2023 at 09:36:52AM +, Klemens Nanni wrote:
> Used but not initialised:
>
> $ grep arp_list if_ether.c
> LIST_ENTRY(llinfo_arp) la_list; /* [mN] global arp_list
> */
> LIST_HEAD(, llinfo_arp) arp_list; /* [mN] list of all llinfo_arp
> structur
On Thu, Mar 02, 2023 at 01:53:34PM +0300, Vitaliy Makkoveev wrote:
> I like to use LIST_HEAD_INITIALIZER(9) for consistency with other global
> list initializations in netinet/. ok mvs@ with this.
Needs a little spacing and commment wording wrangling to stay < 80 chars.
OK?
Index: netinet/if_et
Hello and good day.
Finally found the actual reason.
The outer client is failed eap tls because of packet fragmentation. on
interface mtu is set as 1500, and packet is 1514.
from tshark:
RADIUS 1514 Access-Request id=4[BoundErrorUnreassembled Packet]
RADIUS 1514 Access-Request id=4, Duplicat
On Thu, 02 Mar 2023 07:25:17 +, Klemens Nanni wrote:
> The TERM handler also just sets a flag today, but etc/rc.d/mountd still
> has `rc_stop=NO' since 2013
>
> Do not allow stopping/restarting mountd using the rc.d(8) framework;
> if there is need to send a SIGTERM to mountd(8), it sh
We currently don't implement the /dev/full device, which is present in
NetBSD, FreeBSD, and Linux.
For those who haven't heard of it, it's basically the same as /dev/zero, but
writes to it always return ENOSPC.
The lack of /dev/full on OpenBSD has previously caused minor issues with
third party s
On 2023/03/01 22:15, A Tammy wrote:
> >
> > -# Configuration for clients connecting with EAP authentication.
> > +# Configuration for clients connecting with EAP authentication
> > +# and sending all traffic over the IKEv2 tunnel.
> > # Remember to set up a PKI, see ikectl(8) for more information.
Crystal Kolipe writes:
> We currently don't implement the /dev/full device, which is present in
> NetBSD, FreeBSD, and Linux.
>
> For those who haven't heard of it, it's basically the same as /dev/zero, but
> writes to it always return ENOSPC.
>
> The lack of /dev/full on OpenBSD has previously
On Thu, Mar 02, 2023 at 03:44:35PM +, Stuart Henderson wrote:
> Could add a couple more lines to make that more clear though,
> and give some hints for people who don't know what PKI is - see below.
>
> On 2023/03/02 05:35, Crystal Kolipe wrote:
Well done for the, (possibly unintentional), su
Le Thu, Mar 02, 2023 at 03:44:35PM +, Stuart Henderson a écrit :
> On 2023/03/01 22:15, A Tammy wrote:
> > >
> > > -# Configuration for clients connecting with EAP authentication.
> > > +# Configuration for clients connecting with EAP authentication
> > > +# and sending all traffic over the IKE
On Thu, Mar 02, 2023 at 10:50:08AM -0500, Dave Voutila wrote:
>
> Crystal Kolipe writes:
>
> > We currently don't implement the /dev/full device, which is present in
> > NetBSD, FreeBSD, and Linux.
> >
> > For those who haven't heard of it, it's basically the same as /dev/zero, but
> > writes to
While at it, maybe we need a /dev/bullshit linked to /dev/random??
This extra node looks like bullshit to me.
It is encouraging a large application to do a round-trip through the
kernel, for a rare occurance.
It should simply skip doing the round-trip through kernel.
What next? /dev/multiply --
On 2023/03/02 10:50, Dave Voutila wrote:
> Is this really a problem with ports? That Python issue was related to a
> Python 2.7 unit test and from 2014.
not really, no. there has been the odd patch over the years but nothing
current (no more than 4 including the Python one).
Hi Theo,
On Thu, Mar 02, 2023 at 09:06:17AM -0700, Theo de Raadt wrote:
> While at it, maybe we need a /dev/bullshit linked to /dev/random??
>
> This extra node looks like bullshit to me.
>
> It is encouraging a large application to do a round-trip through the
> kernel, for a rare occurance.
Th
Ping?
On Thu, Feb 23, 2023 at 08:05:07PM -0800, Greg Steuck wrote:
> Thanks Crystal. If somebody wants to commit this, it is OK gnezdo@
>
> Crystal Kolipe writes:
>
> > The iskmemdev function checks for minor number 14 in addition to 0 and 1 on
> > the following archs:
> >
> > amd64, arm64, i38
On Wed, Mar 01, 2023 at 04:31:07PM -0700, Todd C. Miller wrote:
> The SIGHUP handler only sets a flag these days, there is no longer
> any need to block it while using the exports list.
>
> OK?
OK bluhm@
In the previous version of the diff you also eliminated the useless
newline in new_exportlis
On 3/2/23 10:44, Stuart Henderson wrote:
> On 2023/03/01 22:15, A Tammy wrote:
>>>
>>> -# Configuration for clients connecting with EAP authentication.
>>> +# Configuration for clients connecting with EAP authentication
>>> +# and sending all traffic over the IKEv2 tunnel.
>>> # Remember to set
I don’t see the point of implementing /dev/full. The python regress test is the
only time I’ve personally run into this. And I think the issue was that
python’s test suite made wrong assumptions about what devices exist on a
particular system. Therefore the fix needed to be on the python side.
On Thu, Mar 02, 2023 at 04:57:10PM -0500, Daniel Dickman wrote:
> I don???t see the point of implementing /dev/full. The python regress test
> is the only time I???ve personally run into this. And I think the issue was
> that python???s test suite made wrong assumptions about what devices exist
> o
What is with the long mail?
Does anyone give a shit, besides you?
No.
Noone has any space for this bullshit, or this long explanation.
Crystal Kolipe wrote:
> On Thu, Mar 02, 2023 at 04:57:10PM -0500, Daniel Dickman wrote:
> > I don???t see the point of implementing /dev/full. The python regr
Hi, just another bit of info about this issue.
I've installed from github the newest version of mrouted on a Linux machine.
Just like the built-in OpenBSD's version of mrouted, this github version
sends DVMRP Prune messages
with IP Destination Address = Unicast Address of the adjacent router, and
25 matches
Mail list logo
