Hi David,
Here are all the outputs you mentioned. Hopefully something will improve
our understanding of this story.
David Gwynne writes:
> Ofails are the sum of output errors and queue drops. Can you figure
> out which one it is with netstat -I igc0 -e and netstat -I igc0 -d?
% netstat -I igc2
Thus said Theo de Raadt on Wed, 30 Nov 2022 19:44:09 -0700:
> It makes ssh safer for people who don't use the fancy features,
> because the ssh client cannot perform a vast number of system calls if
> it gets fooled.
Got it, makes sense now; and as you say my understanding was backwards.
On Wed, 30 Nov 2022, Theo de Raadt wrote:
> >> It allows a much tighter pledge in the client, so less attack surface
> >> against a bad server.
> >
> >So it's to prevent a malicious SSH server from exploiting a client who
> >choses to use ~C to open up the ssh> prompt and create or destro
>> It allows a much tighter pledge in the client, so less attack surface
>> against a bad server.
>
>So it's to prevent a malicious SSH server from exploiting a client who
>choses to use ~C to open up the ssh> prompt and create or destroy
>tunnels?
No.
It makes ssh safer for people who
Thus said Stuart Henderson on Wed, 30 Nov 2022 16:13:36 +:
> It allows a much tighter pledge in the client, so less attack surface
> against a bad server.
So it's to prevent a malicious SSH server from exploiting a client who
choses to use ~C to open up the ssh> prompt and create or
On Wed, Nov 30, 2022 at 07:48:35PM +0100, Theo Buehler wrote:
> On Wed, Nov 30, 2022 at 07:05:25PM +0100, Claudio Jeker wrote:
> > Change ometric_set_int_with_label() to ometric_set_int_with_labels().
> > In rpki-client I need to add more than one extra label and extending this
> > interface seems
struct uvm_map's .addr is protected by the map's lock and .{min,max}_offset
are immutable.
uvm_map_inherit() locks the VM map upon entry, sets the desired inheritance
mode for the given address range (validated outside the lock) and unlocks
the map itself.
fork(2), i.e. uvm_mapent_forkcopy(), fir
On Wed, Nov 30, 2022 at 07:05:25PM +0100, Claudio Jeker wrote:
> Change ometric_set_int_with_label() to ometric_set_int_with_labels().
> In rpki-client I need to add more than one extra label and extending this
> interface seems to be the least ugly solution.
> I use C99 compound literals to make t
Follow up on how in6_ioctl() does it: grab the kernel lock in all the
ioctl specific functions, where needed and not earlier, i.e. exactly where
the net lock is currently taken/released.
Like in6_ioctl_get(), in_ioctl_get() simply grabs a net lock protected
interface address, may check net lock p
ok mvs@
> On 30 Nov 2022, at 20:50, Klemens Nanni wrote:
>
> First the right address is picked from the net lock protected if_addrlist.
> Then all ioctls just copy out the address, nothing requires the kernel lock.
>
> SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
> SIOCGIFALIFETIM
Change ometric_set_int_with_label() to ometric_set_int_with_labels().
In rpki-client I need to add more than one extra label and extending this
interface seems to be the least ugly solution.
I use C99 compound literals to make this less ugly and wrapped that magic
into the macro EV(). IMO this is a
First the right address is picked from the net lock protected if_addrlist.
Then all ioctls just copy out the address, nothing requires the kernel lock.
SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
SIOCGIFALIFETIME_IN6 computes lifetimes which only need the address.
Users of these io
On Wed, Nov 30, 2022 at 08:55:45AM -0700, Todd C. Miller wrote:
> On Wed, 30 Nov 2022 09:20:26 -0600, Scott Cheloha wrote:
>
> > Couple related things:
> >
> > - Use err(3) everywhere.
> >
> > For many of these errors we are not currently printing the errno
> > string. Is there any reason not
On 2022/11/30 08:53, Andy Bradford wrote:
> Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
>
> > A new "enablecommandline" configuration option re-enables those
> > particular features, and the diff later on will show why we feel these
> > features should be optional.
>
> Gl
On Wed, 30 Nov 2022 09:20:26 -0600, Scott Cheloha wrote:
> Couple related things:
>
> - Use err(3) everywhere.
>
> For many of these errors we are not currently printing the errno
> string. Is there any reason not to do so? The errno string is
> useful.
OK
> - Set ifile/ofile to "stdin"/
Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
> A new "enablecommandline" configuration option re-enables those
> particular features, and the diff later on will show why we feel these
> features should be optional.
Glad that the option is being retained as optional bu
Couple related things:
- Use err(3) everywhere.
For many of these errors we are not currently printing the errno
string. Is there any reason not to do so? The errno string is
useful.
- Set ifile/ofile to "stdin"/"stdout" if the user passes in
"-" to make the err(3) message a little mor
> On 30 Nov 2022, at 14:36, Greg Steuck wrote:
>
> Greg Steuck writes:
>
>> The watched kettle never boiled. No more crashes in over two weeks
>> (instead of two in the first week). I tried a loop of alternating iperf3
>> tcp and udp to no ill effect. I still see the growth in the metrics I
On Wed, Nov 30, 2022 at 11:01:01AM +0100, Theo Buehler wrote:
> On Wed, Nov 30, 2022 at 10:36:08AM +0100, Claudio Jeker wrote:
> > I want to use the bgpctl ometric.c code in rpki-client to implement a
> > metrics output. Currently ometric_output_all() just dumps to stdout but
> > that does not work
On Wed, Nov 30, 2022 at 10:36:08AM +0100, Claudio Jeker wrote:
> I want to use the bgpctl ometric.c code in rpki-client to implement a
> metrics output. Currently ometric_output_all() just dumps to stdout but
> that does not work for rpki-client. Instead pass a FILE pointer to
> ometric_output_all(
On Wed, Nov 30, 2022 at 12:24:32AM +, Klemens Nanni wrote:
> On Wed, Nov 30, 2022 at 02:25:46AM +0300, Vitaliy Makkoveev wrote:
> > I like to have current "error =" notation for both mrt6_ioctl()
> > and in6_ioctl() within in6_control().
>
> Alright.
>
> > Also, `data’ passed to in6_ioctl_cha
I want to use the bgpctl ometric.c code in rpki-client to implement a
metrics output. Currently ometric_output_all() just dumps to stdout but
that does not work for rpki-client. Instead pass a FILE pointer to
ometric_output_all() and also return -1 if an error occured. With this
ometric usage becom
22 matches
Mail list logo
