zeszyt/etc-63-64.diff

## etc-63-64.diff
diff -ur -x moduli 63/etc/examples/bgpd.conf 64/etc/examples/bgpd.conf
--- 63/etc/examples/bgpd.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/bgpd.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,146 +1,129 @@
-# $OpenBSD: bgpd.conf,v 1.8 2017/09/29 11:00:39 phessler Exp $
-# sample bgpd configuration file
-# see bgpd.conf(5)
-
-#macros
-peer1="10.1.0.2"
-peer2="10.1.0.3"
+# $OpenBSD: bgpd.conf,v 1.14 2018/09/10 09:10:36 claudio Exp $
+# example bgpd configuration file, see bgpd.conf(5)
+
+# define our own ASN as a macro
+ASN="65001"

 # global configuration
-AS 65001
-router-id 10.0.0.1
-# holdtime 180
-# holdtime min 3
-# listen on 127.0.0.1
-# listen on ::1
-# fib-update no
-# route-collector no
-# log updates
-# network 10.0.1.0/24
-
-# restricted socket for bgplg(8)
-# socket "/var/www/run/bgpd.rsock" restricted
-
-# neighbors and peers
-group "peering AS65002" {
-	remote-as 65002
-	neighbor $peer1 {
-		descr	"AS 65001 peer 1"
-		announce self
-		tcp md5sig password mekmitasdigoat
+AS $ASN
+router-id 192.0.2.1
+
+# list of networks that may be originated by our ASN
+prefix-set mynetworks {		\
+	192.0.2.0/24		\
+	2001:db8:abcd::/48	\
+}
+
+# define bogon prefixes which should not be part of the DFZ
+prefix-set bogons {
+	0.0.0.0/8		# 'this' network [RFC1122]
+	10.0.0.0/8		# private space [RFC1918]
+	100.64.0.0/10		# CGN Shared [RFC6598]
+	127.0.0.0/8		# localhost [RFC1122]
+	169.254.0.0/16		# link local [RFC3927]
+	172.16.0.0/12		# private space [RFC1918]
+	192.0.2.0/24		# TEST-NET-1 [RFC5737]
+	192.88.99.0/24		# 6to4 anycast relay [RFC7526]
+	192.168.0.0/16		# private space [RFC1918]
+	198.18.0.0/15		# benchmarking [RFC2544]
+	198.51.100.0/24		# TEST-NET-2 [RFC5737]
+	203.0.113.0/24		# TEST-NET-3 [RFC5737]
+	224.0.0.0/4		# multicast
+	240.0.0.0/4		# reserved for future use
+	::/8			# RFC 4291 IPv4-compatible, loopback, et al
+	0100::/64		# Discard-Only [RFC6666]
+	2001:2::/48		# BMWG [RFC5180]
+	2001:10::/28		# ORCHID [RFC4843]
+	2001:db8::/32		# docu range [RFC3849]
+	2002::/16		# 6to4 anycast relay [RFC7526]
+	3ffe::/16		# old 6bone
+	fc00::/7		# unique local unicast
+	fe80::/10		# link local unicast
+	fec0::/10		# old site local unicast
+	ff00::/8		# multicast
+}
+
+# Generate routes for the networks our ASN will originate.
+# The communities (read 'tags') are later used to match on what
+# is announced to EBGP neighbors
+network prefix-set mynetworks set large-community $ASN:1:1
+
+# assume simple network with 3 routers in IBGP full mesh
+group "ibgp mesh v4" {
+	remote-as $ASN
+	# use loopback for IBGP sessions, assume its distributed in OSPF
+	local-address 192.0.2.1
+	neighbor 192.0.2.2		# router 2 ipv4
+	neighbor 192.0.2.3		# router 3 ipv4
+}
+# define the IPv6 IBGP sessions
+group "ibgp mesh v6" {
+	remote-as $ASN
+	local-address 2001:db8:abcd::1
+	neighbor 2001:db8:abcd::2	# router 2 ipv6
+	neighbor 2001:db8:abcd::3	# router 3 ipv6
+}
+
+# upstream providers
+group "upstreams" {
+	neighbor 203.0.113.1 {
+		remote-as 65002
+		descr "IPv4 Transit Provider A"
 	}
-	neighbor $peer2 {
-		descr "AS 65001 peer 2"
-		announce all
-		local-address 10.0.0.8
-		ipsec esp ike
+	neighbor 198.51.100.0 {
+		remote-as 65123
+		descr "IPv4 Transit provider B"
+	}
+	neighbor 2001:db8:666::2 {
+		remote-as 65123
+		descr "IPv6 Transit provider B"
 	}
 }

-group "peering AS65042" {
-	descr "peering AS 65042"
-	remote-as 65042
-	local-address 10.0.0.8
-	ipsec ah ike
-	neighbor 10.2.0.1
-	neighbor 10.2.0.2
-}
-
-neighbor 10.0.1.0 {
-	remote-as	65003
-	descr		upstream
-	multihop	2
-	local-address	10.0.0.8
-	passive
-	holdtime	180
-	holdtime min	3
-	announce	none
-	tcp md5sig key	deadbeef
-}
+## rules section

-neighbor 10.0.2.0 {
-	remote-as	65004
-	descr		upstream2
-	local-address	10.0.0.8
-	ipsec ah ike
-}
+# uncomment the following two lines to accept a default route from upstreams
+#allow from group upstreams prefix 0.0.0.0/0
+#allow from group upstreams prefix ::/0

-neighbor 10.0.0.0/24 {
-	descr		"template for local peers"
-	enforce neighbor-as no
-}
+### for simple BGP setups, no editing below this line is required ###

-neighbor 10.2.1.1 {
-	remote-as 65023
-	local-address 10.0.0.8
-	ipsec esp in  spi 1010 sha1 0a4f1d1f1a1c4f3c9e2f6f0f2a8e9c8c5a1b0b3b \
-	    aes 0c1b3a6c7d7a8d2e0e7b4f3d5e8e6c1e
-	ipsec esp out spi 1012 sha1 0e9c8f6a8e2c7d3a0b5d0d0f0a3c5c1d2b8e0f8b \
-	    aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b
-}
+# Outbound EBGP: only allow self originated networks to ebgp peers
+# Don't leak any routes from upstream or peering sessions. This is done
+# by checking for routes that are tagged with the large-community $ASN:1:1
+allow to ebgp prefix-set mynetworks large-community $ASN:1:1

-# do not send or use routes from EBGP neighbors without
-# further explicit configuration
-deny from ebgp
-deny to ebgp
+# deny more-specifics of our own originated prefixes
+deny quick from ebgp prefix-set mynetworks or-longer

-# allow updates to and from IBGP neighbors
+# IBGP: allow all updates to and from our IBGP neighbors
 allow from ibgp
 allow to ibgp

+# Scrub normal and large communities relevant to our ASN from EBGP neighbors
+# https://tools.ietf.org/html/rfc7454#section-11
+match from ebgp set { community delete $ASN:* }
+match from ebgp set { large-community delete $ASN:*:* }
+
 # filter out prefixes longer than 24 or shorter than 8 bits for IPv4
 # and longer than 48 or shorter than 16 bits for IPv6.
 allow from any inet prefixlen 8 - 24
 allow from any inet6 prefixlen 16 - 48

-# accept a default route (since the previous rule blocks this)
-#allow from any prefix 0.0.0.0/0
-#allow from any prefix ::/0
-
 # Honor requests to gracefully shutdown BGP sessions
-# https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut
+# https://tools.ietf.org/html/rfc8326
 match from any community GRACEFUL_SHUTDOWN set { localpref 0 }

-# https://www.arin.net/announcements/2014/20140130.html
-# This block will be subject to a minimum size allocation of /28 and a
-# maximum size allocation of /24. ARIN should use sparse allocation when
-# possible within that /10 block.
-allow from any prefix 23.128.0.0/10 prefixlen 24 - 28	# ARIN IPv6 transition
-
-# filter bogus networks according to RFC5735
-deny from any prefix 0.0.0.0/8 prefixlen >= 8		# 'this' network [RFC1122]
-deny from any prefix 10.0.0.0/8 prefixlen >= 8		# private space [RFC1918]
-deny from any prefix 100.64.0.0/10 prefixlen >= 10	# CGN Shared [RFC6598]
-deny from any prefix 127.0.0.0/8 prefixlen >= 8 	# localhost [RFC1122]
-deny from any prefix 169.254.0.0/16 prefixlen >= 16	# link local [RFC3927]
-deny from any prefix 172.16.0.0/12 prefixlen >= 12	# private space [RFC1918]
-deny from any prefix 192.0.2.0/24 prefixlen >= 24	# TEST-NET-1 [RFC5737]
-deny from any prefix 192.168.0.0/16 prefixlen >= 16	# private space [RFC1918]
-deny from any prefix 198.18.0.0/15 prefixlen >= 15	# benchmarking [RFC2544]
-deny from any prefix 198.51.100.0/24 prefixlen >= 24	# TEST-NET-2 [RFC5737]
-deny from any prefix 203.0.113.0/24 prefixlen >= 24	# TEST-NET-3 [RFC5737]
-deny from any prefix 224.0.0.0/4 prefixlen >= 4 	# multicast
-deny from any prefix 240.0.0.0/4 prefixlen >= 4 	# reserved
-
-# filter bogus IPv6 networks according to IANA
-deny from any prefix ::/8 prefixlen >= 8
-deny from any prefix 0100::/64 prefixlen >= 64		# Discard-Only [RFC6666]
-deny from any prefix 2001:2::/48 prefixlen >= 48	# BMWG [RFC5180]
-deny from any prefix 2001:10::/28 prefixlen >= 28	# ORCHID [RFC4843]
-deny from any prefix 2001:db8::/32 prefixlen >= 32	# docu range [RFC3849]
-deny from any prefix 3ffe::/16 prefixlen >= 16		# old 6bone
-deny from any prefix fc00::/7 prefixlen >= 7		# unique local unicast
-deny from any prefix fe80::/10 prefixlen >= 10		# link local unicast
-deny from any prefix fec0::/10 prefixlen >= 10		# old site local unicast
-deny from any prefix ff00::/8 prefixlen >= 8		# multicast
+# use prefix-set to reject the bogons
+deny quick from any prefix-set bogons or-longer

 # filter bogon AS numbers
-# http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
-deny from any AS 23456				# AS_TRANS
-deny from any AS 64496 - 64511			# Reserved for use in docs and code RFC5398
-deny from any AS 64512 - 65534			# Reserved for Private Use RFC6996
-deny from any AS 65535				# Reserved RFC7300
-deny from any AS 65536 - 65551			# Reserved for use in docs and code RFC5398
-deny from any AS 65552 - 131071			# Reserved
-deny from any AS 4200000000 - 4294967294	# Reserved for Private Use RFC6996
-deny from any AS 4294967295			# Reserved RFC7300
+# AS_TRANS (23456) is not supposed to show up in any path and indicates a
+# missconfiguration. Additionally Private or Reserved ASNs have no place in
+# the public DFZ. http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
+deny quick from any AS 23456
+deny quick from any AS 64496 - 131071
+deny quick from any AS 4200000000 - 4294967295
+
+# filter out too long paths
+deny from any max-as-len 100
diff -ur -x moduli 63/etc/examples/httpd.conf 64/etc/examples/httpd.conf
--- 63/etc/examples/httpd.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/httpd.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,11 +1,10 @@
-# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
+# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

 server "example.com" {
 	listen on * port 80
-	listen on :: port 80
 	location "/.well-known/acme-challenge/*" {
 		root "/acme"
-		root strip 2
+		request strip 2
 	}
 	location * {
 		block return 302 "https://$HTTP_HOST$REQUEST_URI"
@@ -14,7 +13,6 @@

 server "example.com" {
 	listen on * tls port 443
-	listen on :: tls port 443
 	tls {
 		certificate "/etc/ssl/example.com.fullchain.pem"
 		key "/etc/ssl/private/example.com.key"
@@ -24,6 +22,6 @@
 	}
 	location "/.well-known/acme-challenge/*" {
 		root "/acme"
-		root strip 2
+		request strip 2
 	}
 }
diff -ur -x moduli 63/etc/examples/ldpd.conf 64/etc/examples/ldpd.conf
--- 63/etc/examples/ldpd.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/ldpd.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,7 +1,7 @@
-#	$OpenBSD: ldpd.conf,v 1.2 2016/06/05 03:29:33 renato Exp $
+#	$OpenBSD: ldpd.conf,v 1.3 2018/08/06 17:26:31 mestre Exp $

 # macros
-password="secret"
+peer1="192.168.1.10"

 # global configuration
 # router-id 10.0.0.1
@@ -22,8 +22,8 @@
 	targeted-neighbor 172.16.1.10
 }

-neighbor 192.168.1.10 {
-	password $password
+neighbor $peer1 {
+	password "secret"
 }

 l2vpn CUST_A type vpls {
diff -ur -x moduli 63/etc/examples/ospfd.conf 64/etc/examples/ospfd.conf
--- 63/etc/examples/ospfd.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/ospfd.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,16 +1,16 @@
-# $OpenBSD: ospfd.conf,v 1.1 2014/07/11 16:36:35 deraadt Exp $
+# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $

 # macros
-password="secret"
+id="192.0.2.5"

 # global configuration
-# router-id 10.0.0.1
+# router-id $id
 # fib-update no
 # stub router no
 # spf-delay 1
 # spf-holdtime 5

-# auth-key $password
+# auth-key secret
 # auth-type simple
 # hello-interval 10
 # metric 10
@@ -25,7 +25,7 @@
 area 0.0.0.5 {
 	interface em0 {
 		auth-type simple
-		auth-key $password
+		auth-key secret
 	}

 	interface em1 {
diff -ur -x moduli 63/etc/examples/pf.conf 64/etc/examples/pf.conf
--- 63/etc/examples/pf.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/pf.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,11 +1,11 @@
-#	$OpenBSD: pf.conf,v 1.3 2017/11/29 00:15:34 mlarkin Exp $
+#	$OpenBSD: pf.conf,v 1.4 2018/07/10 19:28:35 henning Exp $
 #
 # See pf.conf(5) for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

-# increase default state limit from 10'000 states on busy systems
-#set limit states 100000
+# increase default state limit from 100'000 states on busy systems
+#set limit states 500000

 set skip on lo

Only in 64/etc/examples: rad.conf
diff -ur -x moduli 63/etc/examples/relayd.conf 64/etc/examples/relayd.conf
--- 63/etc/examples/relayd.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/examples/relayd.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,4 +1,4 @@
-# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $
+# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
 #
 # Macros
 #
@@ -42,8 +42,8 @@
 	    value "$SERVER_ADDR:$SERVER_PORT"
 	match request header set "Connection" value "close"

-	# Various TCP performance options
-	tcp { nodelay, sack, socket buffer 65536, backlog 128 }
+	# Various TCP options
+	tcp { sack, backlog 128 }

 #	tls { no tlsv1.0, ciphers HIGH }
 #	tls no session tickets
Only in 64/etc/firmware: ral-rt3290
diff -ur -x moduli 63/etc/magic 64/etc/magic
--- 63/etc/magic	2018-03-24 21:23:54.000000000 +0100
+++ 64/etc/magic	2018-10-11 21:33:26.000000000 +0200
@@ -10675,7 +10675,7 @@
 # From:	Josh Triplett <josh@freedesktop.org>

 0	string	XPCOM\nMozFASL\r\n\x1A		Mozilla XUL fastload data
-#	$OpenBSD: msdos,v 1.6 2016/01/29 11:50:40 tb Exp $
+#	$OpenBSD: msdos,v 1.7 2018/10/04 16:51:38 ccardenas Exp $

 #------------------------------------------------------------------------------
 # msdos:  file(1) magic for MS-DOS files
@@ -11318,43 +11318,77 @@
 #--------------------------------------------------------------------
 # Qemu Emulator Images
 # Lines written by Friedrich Schwittay (f.schwittay@yousable.de)
-# Made by reading sources and doing trial and error on existing
-# qcow files
-0       string  QFI     Qemu Image, Format: Qcow
+# Updated by Adam Buchbinder (adam.buchbinder@gmail.com)
+# Made by reading sources, reading documentation, and doing trial and error
+# on existing QCOW files
+0	string/b	QFI\xFB	QEMU QCOW Image

 # Uncomment the following line to display Magic (only used for debugging
 # this magic number)
-#>0     string  x       , Magic: %s
+#>0	string/b	x	, Magic: %s

-# There are currently 2 Versions: "1" and "2"
-# I do not use Version 2 and therefore branch here
-# but can assure: it works (tested on both versions)
-# Also my Qemu 0.9.0 which uses this Version 2 refuses
-# to start in its bios
->0x04   belong  2       , Version: 2
->0x04   belong  1       , Version: 1
+# There are currently 2 Versions: "1" and "2".
+# http://www.gnome.org/~markmc/qcow-image-format-version-1.html
+>4	belong	1	(v1)

-# Using the existence of the Backing File Offset to Branch or not
+# Using the existence of the Backing File Offset to determine whether
 # to read Backing File Information
->>0xc    belong  >0      , Backing File( Offset: %lu
->>>(0xc.L)       string >\0     , Path: %s
-
-# Didn't get the trick here how qemu stores the "Size" at this Position
-# There is actually something stored but nothing makes sense
-# The header in the sources talks about it
-#>>>16   lelong  x       , Size: %lu
+>>12	belong	 >0	 \b, has backing file (
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases.
+>>>(12.L)	 string >\0	\bpath %s

 # Modification time of the Backing File
 # Really useful if you want to know if your backing
 # file is still usable together with this image
->>>20    bedate x       , Mtime: %s )
+>>>>20	bedate >0	\b, mtime %s)
+>>>>20	default x	\b)
+
+# Size is stored in bytes in a big-endian u64.
+>>24	bequad	x	 \b, %lld bytes

-# Don't know how to calculate in Magicfiles
-# Also: this Information is not reliably
-#       stored in image-files
->>24     lelong  x       , Disk Size could be: %d * 256 bytes
+# 1 for AES encryption, 0 for none.
+>>36	belong	1	\b, AES-encrypted

-0	string	QEVM		QEMU's suspend to disk image
+# http://www.gnome.org/~markmc/qcow-image-format.html
+>4	belong	2	(v2)
+# Using the existence of the Backing File Offset to determine whether
+# to read Backing File Information
+>>8	bequad  >0	 \b, has backing file
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases. Also, since there's no
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if
+# the file is over 4G, and the backing file path is stored after the first 4G,
+# the wrong filename will be printed. (This should be (8.Q), when that syntax
+# is introduced.)
+>>>(12.L)	 string >\0	(path %s)
+>>24	bequad	x	\b, %lld bytes
+>>32	belong	1	\b, AES-encrypted
+
+>4	belong	3	(v3)
+# Using the existence of the Backing File Offset to determine whether
+# to read Backing File Information
+>>8	bequad  >0	 \b, has backing file
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases. Also, since there's no
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if
+# the file is over 4G, and the backing file path is stored after the first 4G,
+# the wrong filename will be printed. (This should be (8.Q), when that syntax
+# is introduced.)
+>>>(12.L)	 string >\0	(path %s)
+>>24	bequad	x	\b, %lld bytes
+>>32	belong	1	\b, AES-encrypted
+
+>4	default x	(unknown version)
+
+0	string/b	QEVM		QEMU suspend to disk image
+
+# QEMU QED Image
+# http://wiki.qemu.org/Features/QED/Specification
+0	string/b	QED\0		QEMU QED Image

 0	string	Bochs\ Virtual\ HD\ Image	Bochs disk image,
 >32	string	x				type %s,
diff -ur -x moduli 63/etc/mtree/4.4BSD.dist 64/etc/mtree/4.4BSD.dist
--- 63/etc/mtree/4.4BSD.dist	2018-03-24 21:23:21.000000000 +0100
+++ 64/etc/mtree/4.4BSD.dist	2018-10-11 21:32:46.000000000 +0200
@@ -1,4 +1,4 @@
-#	$OpenBSD: 4.4BSD.dist,v 1.301 2017/11/05 10:29:24 rpe Exp $
+#	$OpenBSD: 4.4BSD.dist,v 1.303 2018/08/16 17:40:54 millert Exp $

 /set type=dir uname=root gname=wheel mode=0755

@@ -487,6 +487,8 @@
                 ..
                 amd64
                 ..
+                arm64
+                ..
                 armv7
                 ..
                 hppa
@@ -577,18 +579,18 @@
         ..

         # ./usr/share/zoneinfo
-        zoneinfo		gname=bin uname=root mode=0555
-            Australia		gname=bin uname=root mode=0555
+        zoneinfo		gname=bin uname=root mode=0755
+            Australia		gname=bin uname=root mode=0755
             ..
-            Brazil		gname=bin uname=root mode=0555
+            Brazil		gname=bin uname=root mode=0755
             ..
-            Canada		gname=bin uname=root mode=0555
+            Canada		gname=bin uname=root mode=0755
             ..
-            Chile		gname=bin uname=root mode=0555
+            Chile		gname=bin uname=root mode=0755
             ..
-            Mexico		gname=bin uname=root mode=0555
+            Mexico		gname=bin uname=root mode=0755
             ..
-            US			gname=bin uname=root mode=0555
+            US			gname=bin uname=root mode=0755
             ..
         ..
    ..
diff -ur -x moduli 63/etc/mtree/BSD.x11.dist 64/etc/mtree/BSD.x11.dist
--- 63/etc/mtree/BSD.x11.dist	2018-03-24 21:23:21.000000000 +0100
+++ 64/etc/mtree/BSD.x11.dist	2018-10-11 21:32:46.000000000 +0200
@@ -1,4 +1,4 @@
-#       $OpenBSD: BSD.x11.dist,v 1.45 2017/08/05 14:13:39 jsg Exp $
+#       $OpenBSD: BSD.x11.dist,v 1.46 2018/06/07 21:23:44 matthieu Exp $

 /set type=dir uname=root gname=wheel mode=0755
 .
@@ -358,6 +358,8 @@
                     ..
                     dri2proto
                     ..
+                    dri3proto
+                    ..
                     fixesproto
                     ..
                     fontconfig
diff -ur -x moduli 63/etc/netstart 64/etc/netstart
--- 63/etc/netstart	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/netstart	2018-10-11 21:32:45.000000000 +0200
@@ -1,10 +1,16 @@
 #!/bin/sh -
 #
-#	$OpenBSD: netstart,v 1.197 2018/03/04 10:12:26 jmc Exp $
+#	$OpenBSD: netstart,v 1.200 2018/08/29 11:30:48 krw Exp $

 # Turn off Strict Bourne shell mode.
 set +o sh

+# Show usage of the netstart script and exit.
+usage() {
+	print -u2 "usage: ${0##*/} [[-n] interface ...]"
+	exit 1
+}
+
 # Echo file $1 to stdout. Skip comment lines and delete everything
 # after the first '#' from other lines. Strip leading and trailing
 # whitespace if IFS is set.
@@ -59,7 +65,7 @@
 		_cmds[$_prev]="${_c[@]}"
 		;;
 	dhcp)	_c[0]=
-		_cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} down;dhclient $_if"
+		_cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient $_if"
 		V4_DHCPCONF=true
 		;;
 	'!'*)	_cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
@@ -195,28 +201,31 @@
 	done
 }

+# Make sure the invoking user has the right privileges.  Check for presence of
+# id(1) to avoid problems with diskless setups.
+if [[ -x /usr/bin/id ]] && (($(id -u) != 0)); then
+	echo "${0##*/}: need root privileges"
+	exit 1
+fi
+
 # Get network related vars from rc.conf using the parsing routine from rc.subr.
 FUNCS_ONLY=1 . /etc/rc.d/rc.subr
 _rc_parse_conf

 PRINT_ONLY=false
-USAGE="usage: ${0##*/} [[-n] interface ...]"
 V4_DHCPCONF=false
 V6_AUTOCONF=false

 while getopts ":n" opt; do
 	case $opt in
 	n)	PRINT_ONLY=true;;
-	*)	print -u2 "$USAGE"; exit 1;;
+	*)	usage;;
 	esac
 done
 shift $((OPTIND-1))

 # Option -n is only supported if interface names are specified as parameters.
-if $PRINT_ONLY && (($# == 0)); then
-	print -u2 "$USAGE"
-	exit 1
-fi
+$PRINT_ONLY && (($# == 0)) && usage

 # Load key material for the generation of IPv6 Semantically Opaque Interface
 # Identifiers (SOII) used for link local and SLAAC addresses.
Only in 63/etc: networks
diff -ur -x moduli 63/etc/rc 64/etc/rc
--- 63/etc/rc	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/rc	2018-10-11 21:32:45.000000000 +0200
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.525 2018/02/18 18:52:02 rpe Exp $
+#	$OpenBSD: rc,v 1.529 2018/07/23 11:54:49 florian Exp $

 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -337,6 +337,12 @@
 			echo '.'
 		fi

+		if /etc/rc.d/vmd check > /dev/null; then
+			echo -n 'stopping VMs'
+			/etc/rc.d/vmd stop > /dev/null
+			echo '.'
+		fi
+
 		[[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown
 	fi

@@ -575,15 +581,8 @@

 echo -n 'starting network daemons:'
 start_daemon ldomd sshd switchd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
-start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd
-
-if ifconfig lo0 inet6 >/dev/null 2>&1; then
-	if (($(sysctl -n net.inet6.ip6.forwarding) == 1)); then
-		start_daemon route6d rtadvd
-	fi
-fi
-
-start_daemon hostapd lpd smtpd slowcgi httpd ftpd
+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd route6d
+start_daemon rad hostapd lpd smtpd slowcgi httpd ftpd
 start_daemon ftpproxy ftpproxy6 tftpd tftpproxy identd inetd rarpd bootparamd
 start_daemon rbootd mopd vmd spamd spamlogd sndiod
 echo '.'
diff -ur -x moduli 63/etc/rc.conf 64/etc/rc.conf
--- 63/etc/rc.conf	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/rc.conf	2018-10-11 21:32:45.000000000 +0200
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.conf,v 1.216 2017/05/30 12:04:26 tb Exp $
+#	$OpenBSD: rc.conf,v 1.218 2018/07/23 11:54:49 florian Exp $

 # DO NOT EDIT THIS FILE!!
 #
@@ -46,6 +46,7 @@
 ospfd_flags=NO
 ospf6d_flags=NO
 pflogd_flags=		# add more flags, e.g. "-s 256"
+rad_flags=NO
 radiusd_flags=NO
 rarpd_flags=NO
 rbootd_flags=NO
@@ -53,8 +54,6 @@
 rebound_flags=NO
 ripd_flags=NO
 route6d_flags=NO	# be sure to set net.inet6.ip6.forwarding=1
-rtadvd_flags=NO		# for normal use: list of interfaces
-			# be sure to set net.inet6.ip6.forwarding=1
 sasyncd_flags=NO
 sensorsd_flags=NO
 slaacd_flags=
Only in 64/etc/rc.d: rad
Only in 63/etc/rc.d: rtadvd
diff -ur -x moduli 63/etc/rc.d/vmd 64/etc/rc.d/vmd
--- 63/etc/rc.d/vmd	2018-03-24 21:23:21.000000000 +0100
+++ 64/etc/rc.d/vmd	2018-10-11 21:32:46.000000000 +0200
@@ -1,6 +1,6 @@
 #!/bin/ksh
 #
-# $OpenBSD: vmd,v 1.7 2018/02/20 10:12:14 sthen Exp $
+# $OpenBSD: vmd,v 1.9 2018/09/27 17:15:36 reyk Exp $

 daemon="/usr/sbin/vmd"

@@ -11,18 +11,8 @@
 	${daemon} -n ${daemon_flags}
 }

-list_running() {
-	vmctl status | awk '$2 ~ "[0-9]" {print $8}'
-}
-
 rc_stop() {
-	for vm in $(list_running); do
-		_rc_do vmctl stop "$vm"
-		while list_running | fgrep -wq "$vm"; do
-			sleep .1
-		done
-	done
-
+	_rc_do vmctl stop -a -w
 	pkill -T "${daemon_rtable}" -xf "${pexp}"
 }

diff -ur -x moduli 63/etc/services 64/etc/services
--- 63/etc/services	2018-03-24 21:23:20.000000000 +0100
+++ 64/etc/services	2018-10-11 21:32:45.000000000 +0200
@@ -1,4 +1,4 @@
-# $OpenBSD: services,v 1.94 2015/07/27 11:02:39 sthen Exp $
+# $OpenBSD: services,v 1.95 2018/07/03 23:52:27 dlg Exp $
 #
 # Network services, Internet style
 # https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
@@ -244,6 +244,8 @@
 ipsec-nat-t	4500/udp	ipsec-msft	# IPsec NAT-Traversal
 hylafax		4559/tcp			# HylaFAX client-server protocol
 hylafax		4559/udp			# HylaFAX client-server protocol
+gre-in-udp	4754/udp			# GRE-in-UDP Encapsulation
+gre-udp-dtls	4755/udp			# GRE-in-UDP Encapsulation with DTLS
 vxlan		4789/udp			# VXLAN
 rfe		5002/tcp			# Radio Free Ethernet
 rfe		5002/udp			# Actually uses UDP only
Only in 63/etc/signify: openbsd-61-base.pub
Only in 63/etc/signify: openbsd-61-fw.pub
Only in 63/etc/signify: openbsd-61-pkg.pub
Only in 63/etc/signify: openbsd-61-syspatch.pub
Only in 64/etc/signify: openbsd-65-base.pub
Only in 64/etc/signify: openbsd-65-fw.pub
Only in 64/etc/signify: openbsd-65-pkg.pub
Only in 64/etc/signify: openbsd-65-syspatch.pub