Re: login_yubikey case-insensitive hex decoding

On Fri, 23 Nov 2012, Alexander Hall wrote: > On 11/23/12 02:17, Philip Guenther wrote: ... > > The argument to tolower() must be a value in the range [EOF, > > 0..UCHAR_MAX]. When taking characters from a char * string, you need > > to cast the value to (unsigned char), ala > > tolower((un

Re: powerpc: Keep track of uncached managed memory

> Date: Fri, 23 Nov 2012 12:23:19 +0100 > From: Martin Pieuchot > > Ok, a bit of explanation first. > > On macppc because the AGP chips do not translate pages, the kernel and > the applications have access to the AGP memory regions through standard > mappings. Because these regions are mean to s

Re: Display hardmtu with ifconfig hwfeatures

On Fri, Nov 23, 2012 at 5:16 PM, Reyk Floeter wrote: > On Fri, Nov 23, 2012 at 04:04:20PM +, Stuart Henderson wrote: >> This adds an ioctl to retrieve if_hardmtu, and adds code to >> display it via ifconfig hwfeatures. >> >> $ ifconfig em0 hwfeatures >> em0: flags=8b43 mtu >> 1500 >> hw

Re: Display hardmtu with ifconfig hwfeatures

On 2012/11/23 17:46, Christian Weisgerber wrote: > Stuart Henderson wrote: > > > This adds an ioctl to retrieve if_hardmtu, and adds code to > > display it via ifconfig hwfeatures. > > I'm worried that our drivers don't set this or that the value doesn't > accurately reflect the capabilities of

Re: Display hardmtu with ifconfig hwfeatures

On Fri, Nov 23, 2012 at 05:46:27PM +, Christian Weisgerber wrote: > Stuart Henderson wrote: > > > This adds an ioctl to retrieve if_hardmtu, and adds code to > > display it via ifconfig hwfeatures. > > I'm worried that our drivers don't set this or that the value doesn't > accurately reflect

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On Fri, Nov 23, 2012 at 05:01:16PM +0100, Reyk Floeter wrote: > Actually, in the iked(8)/IPsec case we could even block all v6 traffic > without using PF by simply inserting a single "deny" flow. > For example: > > # ping6 -w ff02::1%em0 > # ipsecctl -vf /etc/ipsec-block.conf > flow esp out from

Re: Display hardmtu with ifconfig hwfeatures

Stuart Henderson wrote: > This adds an ioctl to retrieve if_hardmtu, and adds code to > display it via ifconfig hwfeatures. I'm worried that our drivers don't set this or that the value doesn't accurately reflect the capabilities of chip/driver. -- Christian "naddy" Weisgerber

Re: Display hardmtu with ifconfig hwfeatures

On Fri, Nov 23, 2012 at 04:04:20PM +, Stuart Henderson wrote: > This adds an ioctl to retrieve if_hardmtu, and adds code to > display it via ifconfig hwfeatures. > > $ ifconfig em0 hwfeatures > em0: flags=8b43 mtu > 1500 > hwfeatures=30 hardmtu=16110 > lladdr f0:de:f1:f9:a7:52 >

Display hardmtu with ifconfig hwfeatures

This adds an ioctl to retrieve if_hardmtu, and adds code to display it via ifconfig hwfeatures. $ ifconfig em0 hwfeatures em0: flags=8b43 mtu 1500 hwfeatures=30 hardmtu=16110 lladdr f0:de:f1:f9:a7:52 priority: 0 trunk: trunkdev trunk0 media: Ethernet autose

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On Fri, Nov 23, 2012 at 12:01:07PM -0300, Fernando Gont wrote: > On 11/23/2012 11:12 AM, Reyk Floeter wrote: > > In the section "Mitigations to VPN traffic-leakage vulnerabilities" of > > Fernando's paper it is suggested that a VPN client disables IPv6 > > globally if it is not going to send all IP

Re: login_yubikey case-insensitive hex decoding

On 11/23/12 02:17, Philip Guenther wrote: > On Thu, Nov 22, 2012 at 5:28 PM, Alexander Hall wrote: >> The corresponding part in yubikey_hex_decode is for consistency and, >> IMO, sanity, allowing mixed case hex strings, e.g. /var/db/yubikey/*. >> >> Comments? OK? (Don't mess with the from-upstream

Re: set ifp->if_baudrate with IF_Gbps() / IF_Mbps()

It might be me not understanding this code, but is it correct that you appear to convert 10Mb numbers into 100Mb in several places ? e.g.: > Index: if_txp.c > === > RCS file: /cvs/src/sys/dev/pci/if_txp.c,v > retrieving revision 1.1

Re: set ifp->if_baudrate with IF_Gbps() / IF_Mbps()

On 2012/11/23 11:57, Gleydson Soares wrote: > set ifp->if_baudrate with IF_Gbps() / IF_Mbps(). The change makes sense, but.. > --- if_ste.c 18 Oct 2012 21:44:21 - 1.48 > --- if_tl.c 22 Jun 2011 16:44:27 - 1.51 > --- if_txp.c 5 Apr 2011 18:01:21 - 1.104 > --- if_vr.

Re: set ifp->if_baudrate with IF_Gbps() / IF_Mbps()

On Fri, Nov 23, 2012 at 11:57:50AM -0200, Gleydson Soares wrote: > set ifp->if_baudrate with IF_Gbps() / IF_Mbps(). > > OK ? > Index: if_ste.c > === > RCS file: /cvs/src/sys/dev/pci/if_ste.c,v > retrieving revision 1.48 > diff -u -p -

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On 11/23/2012 11:12 AM, Reyk Floeter wrote: > In the section "Mitigations to VPN traffic-leakage vulnerabilities" of > Fernando's paper it is suggested that a VPN client disables IPv6 > globally if it is not going to send all IPv6 traffic over the tunnel > as well. The problem is that even if yo

set ifp->if_baudrate with IF_Gbps() / IF_Mbps()

set ifp->if_baudrate with IF_Gbps() / IF_Mbps(). OK ? Index: if_ste.c === RCS file: /cvs/src/sys/dev/pci/if_ste.c,v retrieving revision 1.48 diff -u -p -r1.48 if_ste.c --- if_ste.c18 Oct 2012 21:44:21 - 1.48 +++ if_ste.c

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On 11/23/2012 08:44 AM, Henning Brauer wrote: > * Fernando Gont [2012-11-23 12:09]: >> FYI. This is might affect OpenBSD users employing e.g. OpenVPN: >> . > > we're way less affected than other OSes, since we prefer inet over > inet6 by d

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On Fri, Nov 23, 2012 at 12:44:32PM +0100, Henning Brauer wrote: > * Fernando Gont [2012-11-23 12:09]: > > FYI. This is might affect OpenBSD users employing e.g. OpenVPN: > > . > > we're way less affected than other OSes, since we prefer in

Re: upstream vendors and why they can be really harmful

> Guys are not probably reading you enough. See > http://lists.gnu.org/archive/html/gnu-system-discuss/2012-11/msg0.html > and https://news.ycombinator.com/item?id=4821488 :-) Can you please take this to another mailing list or off-list? "Developer's Lists These lists are for technical discus

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

* Fernando Gont [2012-11-23 12:09]: > FYI. This is might affect OpenBSD users employing e.g. OpenVPN: > . we're way less affected than other OSes, since we prefer inet over inet6 by default. targeted attacks could still work. I recommend

Re: upstream vendors and why they can be really harmful

On Fri, Nov 23, 2012 at 5:11 AM, Marc Espie wrote: > On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote: >> why would the runtime be attractive for rop? what configuration vm >> needs syscalls that would be attractive to an attacker that can change >> the address of a jump? does the run

powerpc: Keep track of uncached managed memory

Ok, a bit of explanation first. On macppc because the AGP chips do not translate pages, the kernel and the applications have access to the AGP memory regions through standard mappings. Because these regions are mean to share commands and data and the AGP bridges are not cache-coherent, they are ma

VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

Folks, FYI. This is might affect OpenBSD users employing e.g. OpenVPN: . For a project such as OpenVPN, a (portable) fix might be non-trivial. However, I guess OpenBSD might hook some PF rules when establishing the VPN tunnel, such that e.

Apple AGP support

Diff below adds support for Uninorth AGP bridges found in most if not all the macppc machines with a G3 or G4 microprocessor. These chips do not translate individual pages using the GART like it is the case for most of the AGP chips on i386/amd64. This is why the memory bounded here, which is shar