swofp_flow_timeout() use after free

swofp_flow_entry_delete -> swofp_flow_entry_free -> free(swfe) Index: switchofp.c === RCS file: /cvs/src/sys/net/switchofp.c,v retrieving revision 1.16 diff -u -p -U10 -r1.16 switchofp.c --- switchofp.c 23 Oct 2016 11:56:51 -

Re: per-cpu caches for pools

On Tue, Oct 25, 2016 at 10:35:45AM +1000, David Gwynne wrote: > On Mon, Oct 24, 2016 at 04:24:13PM +1000, David Gwynne wrote: > > ive posted this before as part of a much bigger diff, but smaller > > is better. > > > > it basically lets things ask for per-cpu item caches to be enabled > > on pools

Re: pf_route pf_pdesc

On Wed, Oct 19, 2016 at 11:49:56PM +0200, Alexander Bluhm wrote: > I would like to pass a struct pf_pdesc to pf_route() like it is > done in the other pf functions. That means less parameters, more > consistency and later I can call functions that need an pd from > pf_route(). After splitting pf_

Re: [PATCH] bgpctl.8

On Wed, Oct 26, 2016 at 06:31:17PM +0200, Julien Dhaille wrote: > Hi, > this is just a simple patch to fix the width. > fixed, thanks. jmc > Index: src/usr.sbin/bgpctl/bgpctl.8 > === > RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v >

[PATCH] bgpctl.8

Hi, this is just a simple patch to fix the width. Index: src/usr.sbin/bgpctl/bgpctl.8 === RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v retrieving revision 1.70 diff -u -p -u -r1.70 bgpctl.8 --- src/usr.sbin/bgpctl/bgpctl.814

Re: simplify vxlan_lookup return value handling

On Tue, Oct 25, 2016 at 21:22 +0200, Mike Belopuhov wrote: > After my previous commit to the vxlan(4) driver it can > no longer return -1 making this code path obsolete. > OK to remove it? Reyk has pointed out that the error assignment can be omitted. OK? diff --git sys/netinet/udp_usrreq.c sys/n

Re: PF once rule should not trigger removal of parent anchor rule

On 21 October 2016 at 17:39, Alexandr Nedvedicky wrote: > Hello Mike, > (I'm putting tech@ back) > >> Or some other changes if expire has happened with the deferred removal in >> the thread. What I saying is basically that the last fix I did for once >> rules was tested in the scenario you've des

Re: CVS: cvs.openbsd.org: xenocara - pledge update for xterm

> Unsurprisingly, xterm(1) still works for me. > > Should we just put it in? I spent a few hours reviewing as well with no conclusion. I would be in favor of committing the diff. It's easy to diagnose and fix in case we break something. I ran with this since semarie wrote, so basic functionali

Re: CVS: cvs.openbsd.org: xenocara - pledge update for xterm

> Should we just put it in? > I think we are still far enough away from the 6.1 release. > If people report that some arcane feature stops working, > a decision can be made whether it should or should not work. Yes, put it in. However I'm willing to bet it will break, but there is enough time to

Re: CVS: cvs.openbsd.org: xenocara - pledge update for xterm

Hi, Sebastien Marie wrote on Tue, Oct 25, 2016 at 08:46:10AM +0200: > On Mon, Oct 24, 2016 at 01:31:35PM -0600, Matthieu Herrb wrote: >> CVSROOT: /cvs >> Module name: xenocara >> Changes by: matth...@cvs.openbsd.org2016/10/24 13:31:35 >> >> Modified files: >> app/xterm : M

Re: Difference between ping mnaual page and behaviour

commited, thanks! On Wed, Oct 26, 2016 at 01:51:00PM +, Florian Obser wrote: > [moved to tech@] > > On Tue, Oct 25, 2016 at 04:49:28PM +0200, Horv??th Tam??s wrote: > > Dear List! > > > > I've found in the man page of ping the following: "If less than > > eight bytes of pad are specified, no

Re: Difference between ping mnaual page and behaviour

[moved to tech@] On Tue, Oct 25, 2016 at 04:49:28PM +0200, Horv??th Tam??s wrote: > Dear List! > > I've found in the man page of ping the following: "If less than > eight bytes of pad are specified, no round trip times are given." > However I experienced that round trip times are shown *only* whe

Re: pfctl skip invalid broadcast

On 25 October 2016 at 19:25, Alexander Bluhm wrote: > Hi, > > On my test machine I have added a vether0 with a /32 IPv4 address. > Since then the regress/sbin/pfctl pfi2 test fails. > > vether0: flags=8843 mtu 1500 > ... > inet 10.188.80.21 netmask 0x > > The test basically

LibreSSL should not allow too many consecutive warning alerts

Hi, This patch is for CVE-2016-8610. See http://seclists.org/oss-sec/2016/q4/224 . - Don't allow too many consecutive warning alerts up to MAX_WARN_ALERT_COUNT OpenSSL seems not to fix this issue on branch 1.0.1. Then I refer to these 2 commits on branch 1.0.2. - Don't allow too many consecut

Re: [PATCH] nsd(8): use SO_BINDANY for the ip-transparent option

On Wed, Oct 26, 2016 at 04:22:55PM +0800, Delan Azabani wrote: > > ip-transparent: > > Allows NSD to bind to non local addresses. This is useful to > > have NSD listen to IP addresses that are not (yet) added to the > > network interface, so that it can answer immediately when the > >

[PATCH] nsd(8): use SO_BINDANY for the ip-transparent option

I've written a patch to make the ip-transparent option in nsd.conf(5) work on OpenBSD, by trying SO_BINDANY in addition to IP_TRANSPARENT. This fixes an issue I've had with running nsd(8) and unbound(8) at the same time, with nsd(8) on the host's public addresses, and unbound(8) on the host's loca