gmane.os.openbsd.tech

Re: mandoc strlcat

Theo de Raadt — 2013-05-24T13:24:11

Well... we had to use something..

Re: Question about MP safe audio/video

Alexandre Ratchov — 2013-05-24T10:39:25

They are mp safe since they use the global kernel_lock; It's used
for everything, including interrupts. Basically this makes things
worse on MP systems than they are on SP systems.

Audio slightly different; cpu-intensive code is being moved to
user-space (preemptive, no explicit locking required). Interrupt
handlers (the most "sensive" code paths) don't need the kernel_lock
anymore, but still they are being delayed by other subsystems
because of side effects I don't understand yet. This is being
worked on. Syscall code-paths still take the kernel_lock.

Re: mandoc strlcat

Mark Kettenis — 2013-05-24T09:49:45

But the reason we did this was to reduce the amount of damage badly
written signal handlers could do.  Not to encourage people to actually
use the *printf(3) family of functions in signal handlers.

Re: mandoc strlcat

Marc Espie — 2013-05-24T09:35:59

From what I remember, the unsafe extensions were the $# positional
markers, that allow one to swap arguments around.

Question about MP safe audio/video

Alexey Suslikov — 2013-05-24T08:35:15

Hi tech< at >.

Are uvideo(4), bktr(4) and similar also MP safe or they somewhat different
in terms of a technique used to make audio MP safe?

Cheers,
Alexey

rtsold -a doc fix

Jason McIntyre — 2013-05-24T07:26:23

hi! mark johnston (markj< at >freebsd) just made the following change to
rtsold(8), related to the description of -a. it looks correct, but i'd
appreciate some verification.

my diff is a slightly tweaked version of mark's - i'll forward it, if we
end up committing it.

thanks,
jmc

Index: rtsold.8
===================================================================
RCS file: /cvs/src/usr.sbin/rtsold/rtsold.8,v
retrieving revision 1.28
diff -u -r1.28 rtsold.8
--- rtsold.823 Mar 2011 00:59:49 -00001.28
+++ rtsold.824 May 2013 07:21:01 -0000
< at >< at > -169,15 +169,10 < at >< at >
 .Ar interface ,
 then exit.
 .It Fl a
-Autoprobe outgoing interface.
+Autoprobe outgoing interfaces.
 .Nm
-will try to find a non-loopback, non-point-to-point, IPv6-capable interface.
-If
-.Nm
-finds multiple interfaces,
-.Nm
-will exit with error.
-.\"
+will try to find any non-loopback, non-point-to-point, IPv6-capable interfaces,
+and send router solicitation messages on all of them.
 .It Fl D
 Enable more debugging (than that offered by the
 .Fl d

Re: mandoc strlcat

Theo de Raadt — 2013-05-24T04:11:16

The *5 table, yes.

I tried to improve the situation there.  I nearly lost my mind.

Re: mandoc strlcat

Ted Unangst — 2013-05-24T04:09:12


Yes. I mean, what in the world is snprintf doing allocating some
locale crap to implement a behavior that strlcat clearly doesn't need
to allocate memory for?


It's in man signal.

The only thing you can't use is floating point, because dtoa is crazy,
but I think it'd even be possible to pass the buffer in from vfprintf
and make that signal safe too. Just nobody cares.

Re: mandoc strlcat

Theo de Raadt — 2013-05-24T03:38:57

In OpenBSD, snprintf is designed to be thread and signal-handler safe,
as long as you don't use certain dangerous features.  I'm afraid I
can't find documentation which defines which are dangerous or not, but
remember auditing our tree to improve the situation.


I don't know if we are commited to such a restriction.  We could add such
things, but then put them in the "dangerous" catagory, to not be used in
unsafe situations...

Hmm, where are our docs for that...

Re: mandoc strlcat

William Ahern — 2013-05-24T03:19:31

In glibc snprintf has a memory allocation failure mode. I'm curious: is
OpenBSD committed to avoiding extensions (locale features, etc) which might
trigger allocation failure?

simplify strlcat in tcpdump

Ted Unangst — 2013-05-23T21:35:13

just pfctl_osfp.c. harder to replace strlcat when it's in a loop, but
some of the straight line calls can be done as snprintf followed by
one strlcat. worth it?

Index: pfctl_osfp.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/pfctl_osfp.c,v
retrieving revision 1.7
diff -u -p -r1.7 pfctl_osfp.c
--- pfctl_osfp.c18 Oct 2010 15:55:28 -00001.7
+++ pfctl_osfp.c23 May 2013 21:28:31 -0000
< at >< at > -1001,33 +1001,28 < at >< at > const char *
 print_ioctl(struct pf_osfp_ioctl *fp)
 {
 static char buf[1024];
-char tmp[32];
+char tmp[1024];
 int i, opt;
+char *c;
 
-*buf = '\0';
+c = "";
+tmp[0] = '\0';
 if (fp->fp_flags & PF_OSFP_WSIZE_DC)
-strlcat(buf, "*", sizeof(buf));
+c = "*";
 else if (fp->fp_flags & PF_OSFP_WSIZE_MSS)
-strlcat(buf, "S", sizeof(buf));
+c = "S";
 else if (fp->fp_flags & PF_OSFP_WSIZE_MTU)
-strlcat(buf, "T", sizeof(buf));
+c = "T";
 else {
 if (fp->fp_flags & PF_OSFP_WSIZE_MOD)
-strlcat(buf, "%", sizeof(buf));
+c = "%";

mandoc strlcat

Ted Unangst — 2013-05-23T21:05:45

I was looking at mandoc and noticed it has too many strlcats (a common
affliction affecting quite a few programs.) It's faster and simpler to
use snprintf.

The code in roff.c was doing something twisty with the length argument
to strlcpy. Doing fancy length tricks kind of defeats the purpose of
having a simple to use function like strlcpy. I believe the intention
was to only copy part of the string, so I have retained that feature.

Index: html.c
===================================================================
RCS file: /cvs/src/usr.bin/mandoc/html.c,v
retrieving revision 1.30
diff -u -p -r1.30 html.c
--- html.c28 May 2012 13:00:51 -00001.30
+++ html.c23 May 2013 20:52:43 -0000
< at >< at > -618,10 +618,7 < at >< at > void
 bufcat_style(struct html *h, const char *key, const char *val)
 {
 
-bufcat(h, key);
-bufcat(h, ":");
-bufcat(h, val);
-bufcat(h, ";");
+bufcat_fmt(h, "%s:%s;", key, val);
 }
 
 void
Index: man_html.c
===================================================================
RCS file: /cvs/src/usr.bin/m

Re: [PATCH] add filter by host functionality to syslogd

Ted Unangst — 2013-05-23T17:19:25


Oh, my mistake. I thought host, like program, came via the network.
Thanks for explaining that. I should have looked at the whole program
again.

Re: [PATCH] add filter by host functionality to syslogd

Gregory Edigarov — 2013-05-23T16:55:34

yes, it doesn't do any host resolution itself and there is no need in this,
because syslogd already does this. (the resolution happens in main cycle, namely cvthname() function  call).
the changes just compare the hostname given in configs and the hostname reported by cvthname, then act accordinly.


--
With best regards,
      Gregory Edigarov

Re: [PATCH] add filter by host functionality to syslogd

Ted Unangst — 2013-05-23T16:20:30

I don't understand how that can be, since your patch isn't doing any
DNS resolution.

  if (f->f_program)
  if (strcmp(prog, f->f_program) != 0)
  continue;
+if (f->f_host)
+if (strcmp(from,f->f_host) != 0)
+continue;

That's just a string compare. The remote host can send any string it
wants.

Re: route(8) use -inet6 automatically for addresses containing :

Stuart Henderson — 2013-05-23T13:50:47

Possible manpage wording..

Index: route.8
===================================================================
RCS file: /cvs/src/sbin/route/route.8,v
retrieving revision 1.70
diff -u -p -r1.70 route.8
--- route.813 Jul 2012 10:15:53 -00001.70
+++ route.823 May 2013 13:49:50 -0000
< at >< at > -310,6 +310,9 < at >< at > Actual
 data, in hexadecimal format
 .El
 .Pp
+In the absence of modifiers, an address is assumed to be IPv4,
+unless containing a : character when it is treated as IPv6.
+.Pp
 The optional modifier
 .Fl link
 specifies that all subsequent addresses are specified as link-level addresses,

Re: route(8) use -inet6 automatically for addresses containing :

Sebastian Benoit — 2013-05-23T13:03:57

Stuart Henderson(sthen< at >openbsd.org) on 2013.05.22 21:18:05 +0100:

i see none other than making the maze of options of route(8) a bit more
bizarre.



ok

maybe a note in the manpage?

Re: [PATCH] add filter by host functionality to syslogd

Theo de Raadt — 2013-05-23T12:14:26

It is unsafe.

Re: [PATCH] add filter by host functionality to syslogd

Gregory Edigarov — 2013-05-23T09:57:38

no, it is really a resolvable hosts.
works correctly with name in /etc/hosts.

Re: pf state tracking and tos/dscp

Stuart Henderson — 2013-05-23T07:39:42

The TOS class isn't (and can't be) used to match packets to the state. Once you have created state from a packet with one TOS class, other packets with the same src/dest ip/port match this state even if the class is different. (It has to be this way - say you are natting - you wouldn't want a different source port if some packets  happen to use different TOS).

PF states include two queue names - one for normal traffic, one for "high prioroty" traffic: empty TCP ACKs and packets with TOS 'lowdelay' (0x10). So perhaps you would get somewhere by using 'match in from $work871 tos 0xB8 set tos lowdelay' to re-mark the incoming packets as 'lowdelay' and using e.g. 'set queue (vpn, vpn-fast)'.

Otherwise, if you don't need NAT, disabling state tracking for these packets might be an option.

Adam Gensler <openbsd< at >kristenandadam.net> wrote:

Re: pf state tracking and tos/dscp

Alexey E. Suslikov — 2013-05-23T06:55:55


Another possible thing I see, is a tunnel originating side.

Since tos rules you have are unidirectional (in terms of match),
they will create state if only first packet comes from $work871.

However, first packet coming from other side will match another
rule and create state, so all subsequent tunnel's packets will
not hit tos rules.