Re: usbdevs: small addition

2020-02-22 Thread Theo de Raadt
Jonathan Gray wrote: > > - add vendor id for "Synaptics, Inc. > > I'd just go with "Synaptics" It is critical to be as terse as possible, since these tables go into many kernels, some of which are space constrained.

Re: usbdevs: small addition

2020-02-22 Thread Jonathan Gray
On Sat, Feb 22, 2020 at 04:22:25PM +0100, Jasper Lievisse Adriaanse wrote: > Hi, > > - add an AMD product found on the APU2 I would not consider 0x7900 a root hub as it attaches to another hub uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.1

Re: ifconfig with UTF-8 nwid

2020-02-22 Thread Stuart Henderson
On 2020/02/22 17:24, Stefan Sperling wrote: > On Sat, Feb 22, 2020 at 02:56:54PM +0100, Mark Kettenis wrote: > > IMHO it is a bad idea to make the output of ifconfig locale-dependent. > > Fine. I'll drop this diff. > Pity, it is quite useful if you are somewhere that uses UTF-8 SSIDs, otherwise

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Tobias Heider
> > > > We should rather fix the defaults to do what we expect them to do. > > In your example case that would be using fqdn/D.example.com > Agreed; do you take a stab at it? I'm happy to test. > Try this Index: parse.y === RCS f

ifconfig man page fix

2020-02-22 Thread Stefan Sperling
SSIDs are required to contain printable ASCII only. Otherwise, they must be specified in hex. Let's document this explicitly. diff c20bd74017ceeadb2db0f78a352ed1f1e2b77c2b /usr/src blob - 3fb0780ba7cf1333894f5c3485a95e71885fbd6d file + sbin/ifconfig/ifconfig.8 --- sbin/ifconfig/ifconfig.8 +++ sbi

fix ifconfig joinlist width bug

2020-02-22 Thread Stefan Sperling
This fixes display of hex SSIDs in 'ifconfig joinlist' and prevents a negative number being passed to printf on the following line when 'maxlen' ends up being capped below the maximum value returned from len_string(): printf("%-*s", maxlen - len, " "); Hex SSIDs can be as wide as

Re: ifconfig with UTF-8 nwid

2020-02-22 Thread Stefan Sperling
On Sat, Feb 22, 2020 at 07:08:36AM -0700, Theo de Raadt wrote: > Stefan Sperling wrote: > > > + > > +/* UTF-8 support */ > > +#include > > +#include > > +#include > > +#include > > #endif /* SMALL */ > > I don't see how the installer will work with this. I cannot, and that wasn't the goal.

Re: ifconfig with UTF-8 nwid

2020-02-22 Thread Stefan Sperling
On Sat, Feb 22, 2020 at 02:56:54PM +0100, Mark Kettenis wrote: > IMHO it is a bad idea to make the output of ifconfig locale-dependent. Fine. I'll drop this diff.

usbdevs: small addition

2020-02-22 Thread Jasper Lievisse Adriaanse
Hi, - add an AMD product found on the APU2 - add vendor id for "Synaptics, Inc. - add synaptics fingerprint reader found on recent thinkpads; I couldn't find a proper name for this device in the Linux usb.ids repository so I went with the generic 'Fingerprint Reader" that's also used elsewhe

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Klemens Nanni
On Sat, Feb 22, 2020 at 02:33:17PM +0100, Tobias Heider wrote: > Peer can not be "any" in an active policy, somehow the initiator must know > where to send the messages. In this case the default currently is what I've > described before: the IP of peer. But in `passive' policies which is the defaul

Re: ifconfig with UTF-8 nwid

2020-02-22 Thread Theo de Raadt
Stefan Sperling wrote: > + > +/* UTF-8 support */ > +#include > +#include > +#include > +#include > #endif /* SMALL */ I don't see how the installer will work with this.

Re: ifconfig with UTF-8 nwid

2020-02-22 Thread Mark Kettenis
> Date: Sat, 22 Feb 2020 12:44:12 +0100 > From: Stefan Sperling > > This is another attempt at improving usability with non-ASCII network IDs. > > Previous attempts have been rejected in part because entering UTF-8 strings > is difficult to do for Americans and, to a lesser extent, Canadians. >

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Tobias Heider
On Sat, Feb 22, 2020 at 01:47:35PM +0100, Klemens Nanni wrote: > On Sat, Feb 22, 2020 at 01:18:13PM +0100, Tobias Heider wrote: > > It seems I was mistaken because I usually use IPs in local > > and peer. What I said is true for IPs. When using > > FQDNs for local/peer however, iked first does the

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Klemens Nanni
On Sat, Feb 22, 2020 at 01:18:13PM +0100, Tobias Heider wrote: > It seems I was mistaken because I usually use IPs in local > and peer. What I said is true for IPs. When using > FQDNs for local/peer however, iked first does the name > resolution and then uses the IP as default dstid value > to loo

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Tobias Heider
On Sat, Feb 22, 2020 at 12:50:27PM +0100, Klemens Nanni wrote: > On Sat, Feb 22, 2020 at 12:24:36PM +0100, Klemens Nanni wrote: > > On Sat, Feb 22, 2020 at 10:19:27AM +0100, Tobias Heider wrote: > > > This is not what dstid does. When setting 'dstid D.example.com' the > > > policy still > > > only

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Tobias Heider
On Sat, Feb 22, 2020 at 12:41:12PM +0100, Landry Breuil wrote: > On Sat, Feb 22, 2020 at 12:24:36PM +0100, Klemens Nanni wrote: > > On Sat, Feb 22, 2020 at 10:19:27AM +0100, Tobias Heider wrote: > > > This is not what dstid does. When setting 'dstid D.example.com' the > > > policy still > > > only

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Klemens Nanni
On Sat, Feb 22, 2020 at 12:24:36PM +0100, Klemens Nanni wrote: > On Sat, Feb 22, 2020 at 10:19:27AM +0100, Tobias Heider wrote: > > This is not what dstid does. When setting 'dstid D.example.com' the policy > > still > > only applies if the peer sends 'D.example.com' as it's identity in the ID >

ifconfig with UTF-8 nwid

2020-02-22 Thread Stefan Sperling
This is another attempt at improving usability with non-ASCII network IDs. Previous attempts have been rejected in part because entering UTF-8 strings is difficult to do for Americans and, to a lesser extent, Canadians. It occurred to me that the real issue might have been that previous attempts

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Landry Breuil
On Sat, Feb 22, 2020 at 12:24:36PM +0100, Klemens Nanni wrote: > On Sat, Feb 22, 2020 at 10:19:27AM +0100, Tobias Heider wrote: > > This is not what dstid does. When setting 'dstid D.example.com' the policy > > still > > only applies if the peer sends 'D.example.com' as it's identity in the ID >

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Klemens Nanni
On Sat, Feb 22, 2020 at 10:19:27AM +0100, Tobias Heider wrote: > This is not what dstid does. When setting 'dstid D.example.com' the policy > still > only applies if the peer sends 'D.example.com' as it's identity in the ID > payload. > Not setting dstid explicitly means iked will fall back to th

Re: some vulns

2020-02-22 Thread Maxime Villard
CVSROOT:/cvs Module name:src Changes by: morti...@cvs.openbsd.org2020/02/15 15:59:55 Modified files: sys/arch/amd64/amd64: vmm.c Log message: Add bounds check on addresses passed from guests in pvclock. Fixes an issue where a guest can write to host memory by pas

Re: iked.conf.5: Provide GRE tunnel in transport mode example

2020-02-22 Thread Tobias Heider
On Sat, Feb 22, 2020 at 12:26:01AM +0100, Klemens Nanni wrote: > On Fri, Feb 21, 2020 at 10:28:50PM +, Jason McIntyre wrote: > > it should be "a gre tunnel", not "an" > Sure, leftover from previous wording/reshuffling. > > > > +.Xr gre 4 > > > +tunnel from the local machine A to peer D using F