Created
November 4, 2018 13:03
-
-
Save zeszyt/0509b47121b46865e2590013de6a318b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ur -x moduli 63/etc/examples/bgpd.conf 64/etc/examples/bgpd.conf | |
--- 63/etc/examples/bgpd.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/bgpd.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,146 +1,129 @@ | |
-# $OpenBSD: bgpd.conf,v 1.8 2017/09/29 11:00:39 phessler Exp $ | |
-# sample bgpd configuration file | |
-# see bgpd.conf(5) | |
- | |
-#macros | |
-peer1="10.1.0.2" | |
-peer2="10.1.0.3" | |
+# $OpenBSD: bgpd.conf,v 1.14 2018/09/10 09:10:36 claudio Exp $ | |
+# example bgpd configuration file, see bgpd.conf(5) | |
+ | |
+# define our own ASN as a macro | |
+ASN="65001" | |
# global configuration | |
-AS 65001 | |
-router-id 10.0.0.1 | |
-# holdtime 180 | |
-# holdtime min 3 | |
-# listen on 127.0.0.1 | |
-# listen on ::1 | |
-# fib-update no | |
-# route-collector no | |
-# log updates | |
-# network 10.0.1.0/24 | |
- | |
-# restricted socket for bgplg(8) | |
-# socket "/var/www/run/bgpd.rsock" restricted | |
- | |
-# neighbors and peers | |
-group "peering AS65002" { | |
- remote-as 65002 | |
- neighbor $peer1 { | |
- descr "AS 65001 peer 1" | |
- announce self | |
- tcp md5sig password mekmitasdigoat | |
+AS $ASN | |
+router-id 192.0.2.1 | |
+ | |
+# list of networks that may be originated by our ASN | |
+prefix-set mynetworks { \ | |
+ 192.0.2.0/24 \ | |
+ 2001:db8:abcd::/48 \ | |
+} | |
+ | |
+# define bogon prefixes which should not be part of the DFZ | |
+prefix-set bogons { | |
+ 0.0.0.0/8 # 'this' network [RFC1122] | |
+ 10.0.0.0/8 # private space [RFC1918] | |
+ 100.64.0.0/10 # CGN Shared [RFC6598] | |
+ 127.0.0.0/8 # localhost [RFC1122] | |
+ 169.254.0.0/16 # link local [RFC3927] | |
+ 172.16.0.0/12 # private space [RFC1918] | |
+ 192.0.2.0/24 # TEST-NET-1 [RFC5737] | |
+ 192.88.99.0/24 # 6to4 anycast relay [RFC7526] | |
+ 192.168.0.0/16 # private space [RFC1918] | |
+ 198.18.0.0/15 # benchmarking [RFC2544] | |
+ 198.51.100.0/24 # TEST-NET-2 [RFC5737] | |
+ 203.0.113.0/24 # TEST-NET-3 [RFC5737] | |
+ 224.0.0.0/4 # multicast | |
+ 240.0.0.0/4 # reserved for future use | |
+ ::/8 # RFC 4291 IPv4-compatible, loopback, et al | |
+ 0100::/64 # Discard-Only [RFC6666] | |
+ 2001:2::/48 # BMWG [RFC5180] | |
+ 2001:10::/28 # ORCHID [RFC4843] | |
+ 2001:db8::/32 # docu range [RFC3849] | |
+ 2002::/16 # 6to4 anycast relay [RFC7526] | |
+ 3ffe::/16 # old 6bone | |
+ fc00::/7 # unique local unicast | |
+ fe80::/10 # link local unicast | |
+ fec0::/10 # old site local unicast | |
+ ff00::/8 # multicast | |
+} | |
+ | |
+# Generate routes for the networks our ASN will originate. | |
+# The communities (read 'tags') are later used to match on what | |
+# is announced to EBGP neighbors | |
+network prefix-set mynetworks set large-community $ASN:1:1 | |
+ | |
+# assume simple network with 3 routers in IBGP full mesh | |
+group "ibgp mesh v4" { | |
+ remote-as $ASN | |
+ # use loopback for IBGP sessions, assume its distributed in OSPF | |
+ local-address 192.0.2.1 | |
+ neighbor 192.0.2.2 # router 2 ipv4 | |
+ neighbor 192.0.2.3 # router 3 ipv4 | |
+} | |
+# define the IPv6 IBGP sessions | |
+group "ibgp mesh v6" { | |
+ remote-as $ASN | |
+ local-address 2001:db8:abcd::1 | |
+ neighbor 2001:db8:abcd::2 # router 2 ipv6 | |
+ neighbor 2001:db8:abcd::3 # router 3 ipv6 | |
+} | |
+ | |
+# upstream providers | |
+group "upstreams" { | |
+ neighbor 203.0.113.1 { | |
+ remote-as 65002 | |
+ descr "IPv4 Transit Provider A" | |
} | |
- neighbor $peer2 { | |
- descr "AS 65001 peer 2" | |
- announce all | |
- local-address 10.0.0.8 | |
- ipsec esp ike | |
+ neighbor 198.51.100.0 { | |
+ remote-as 65123 | |
+ descr "IPv4 Transit provider B" | |
+ } | |
+ neighbor 2001:db8:666::2 { | |
+ remote-as 65123 | |
+ descr "IPv6 Transit provider B" | |
} | |
} | |
-group "peering AS65042" { | |
- descr "peering AS 65042" | |
- remote-as 65042 | |
- local-address 10.0.0.8 | |
- ipsec ah ike | |
- neighbor 10.2.0.1 | |
- neighbor 10.2.0.2 | |
-} | |
- | |
-neighbor 10.0.1.0 { | |
- remote-as 65003 | |
- descr upstream | |
- multihop 2 | |
- local-address 10.0.0.8 | |
- passive | |
- holdtime 180 | |
- holdtime min 3 | |
- announce none | |
- tcp md5sig key deadbeef | |
-} | |
+## rules section | |
-neighbor 10.0.2.0 { | |
- remote-as 65004 | |
- descr upstream2 | |
- local-address 10.0.0.8 | |
- ipsec ah ike | |
-} | |
+# uncomment the following two lines to accept a default route from upstreams | |
+#allow from group upstreams prefix 0.0.0.0/0 | |
+#allow from group upstreams prefix ::/0 | |
-neighbor 10.0.0.0/24 { | |
- descr "template for local peers" | |
- enforce neighbor-as no | |
-} | |
+### for simple BGP setups, no editing below this line is required ### | |
-neighbor 10.2.1.1 { | |
- remote-as 65023 | |
- local-address 10.0.0.8 | |
- ipsec esp in spi 1010 sha1 0a4f1d1f1a1c4f3c9e2f6f0f2a8e9c8c5a1b0b3b \ | |
- aes 0c1b3a6c7d7a8d2e0e7b4f3d5e8e6c1e | |
- ipsec esp out spi 1012 sha1 0e9c8f6a8e2c7d3a0b5d0d0f0a3c5c1d2b8e0f8b \ | |
- aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b | |
-} | |
+# Outbound EBGP: only allow self originated networks to ebgp peers | |
+# Don't leak any routes from upstream or peering sessions. This is done | |
+# by checking for routes that are tagged with the large-community $ASN:1:1 | |
+allow to ebgp prefix-set mynetworks large-community $ASN:1:1 | |
-# do not send or use routes from EBGP neighbors without | |
-# further explicit configuration | |
-deny from ebgp | |
-deny to ebgp | |
+# deny more-specifics of our own originated prefixes | |
+deny quick from ebgp prefix-set mynetworks or-longer | |
-# allow updates to and from IBGP neighbors | |
+# IBGP: allow all updates to and from our IBGP neighbors | |
allow from ibgp | |
allow to ibgp | |
+# Scrub normal and large communities relevant to our ASN from EBGP neighbors | |
+# https://tools.ietf.org/html/rfc7454#section-11 | |
+match from ebgp set { community delete $ASN:* } | |
+match from ebgp set { large-community delete $ASN:*:* } | |
+ | |
# filter out prefixes longer than 24 or shorter than 8 bits for IPv4 | |
# and longer than 48 or shorter than 16 bits for IPv6. | |
allow from any inet prefixlen 8 - 24 | |
allow from any inet6 prefixlen 16 - 48 | |
-# accept a default route (since the previous rule blocks this) | |
-#allow from any prefix 0.0.0.0/0 | |
-#allow from any prefix ::/0 | |
- | |
# Honor requests to gracefully shutdown BGP sessions | |
-# https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut | |
+# https://tools.ietf.org/html/rfc8326 | |
match from any community GRACEFUL_SHUTDOWN set { localpref 0 } | |
-# https://www.arin.net/announcements/2014/20140130.html | |
-# This block will be subject to a minimum size allocation of /28 and a | |
-# maximum size allocation of /24. ARIN should use sparse allocation when | |
-# possible within that /10 block. | |
-allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 # ARIN IPv6 transition | |
- | |
-# filter bogus networks according to RFC5735 | |
-deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network [RFC1122] | |
-deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space [RFC1918] | |
-deny from any prefix 100.64.0.0/10 prefixlen >= 10 # CGN Shared [RFC6598] | |
-deny from any prefix 127.0.0.0/8 prefixlen >= 8 # localhost [RFC1122] | |
-deny from any prefix 169.254.0.0/16 prefixlen >= 16 # link local [RFC3927] | |
-deny from any prefix 172.16.0.0/12 prefixlen >= 12 # private space [RFC1918] | |
-deny from any prefix 192.0.2.0/24 prefixlen >= 24 # TEST-NET-1 [RFC5737] | |
-deny from any prefix 192.168.0.0/16 prefixlen >= 16 # private space [RFC1918] | |
-deny from any prefix 198.18.0.0/15 prefixlen >= 15 # benchmarking [RFC2544] | |
-deny from any prefix 198.51.100.0/24 prefixlen >= 24 # TEST-NET-2 [RFC5737] | |
-deny from any prefix 203.0.113.0/24 prefixlen >= 24 # TEST-NET-3 [RFC5737] | |
-deny from any prefix 224.0.0.0/4 prefixlen >= 4 # multicast | |
-deny from any prefix 240.0.0.0/4 prefixlen >= 4 # reserved | |
- | |
-# filter bogus IPv6 networks according to IANA | |
-deny from any prefix ::/8 prefixlen >= 8 | |
-deny from any prefix 0100::/64 prefixlen >= 64 # Discard-Only [RFC6666] | |
-deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180] | |
-deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843] | |
-deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849] | |
-deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone | |
-deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast | |
-deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast | |
-deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast | |
-deny from any prefix ff00::/8 prefixlen >= 8 # multicast | |
+# use prefix-set to reject the bogons | |
+deny quick from any prefix-set bogons or-longer | |
# filter bogon AS numbers | |
-# http://www.iana.org/assignments/as-numbers/as-numbers.xhtml | |
-deny from any AS 23456 # AS_TRANS | |
-deny from any AS 64496 - 64511 # Reserved for use in docs and code RFC5398 | |
-deny from any AS 64512 - 65534 # Reserved for Private Use RFC6996 | |
-deny from any AS 65535 # Reserved RFC7300 | |
-deny from any AS 65536 - 65551 # Reserved for use in docs and code RFC5398 | |
-deny from any AS 65552 - 131071 # Reserved | |
-deny from any AS 4200000000 - 4294967294 # Reserved for Private Use RFC6996 | |
-deny from any AS 4294967295 # Reserved RFC7300 | |
+# AS_TRANS (23456) is not supposed to show up in any path and indicates a | |
+# missconfiguration. Additionally Private or Reserved ASNs have no place in | |
+# the public DFZ. http://www.iana.org/assignments/as-numbers/as-numbers.xhtml | |
+deny quick from any AS 23456 | |
+deny quick from any AS 64496 - 131071 | |
+deny quick from any AS 4200000000 - 4294967295 | |
+ | |
+# filter out too long paths | |
+deny from any max-as-len 100 | |
diff -ur -x moduli 63/etc/examples/httpd.conf 64/etc/examples/httpd.conf | |
--- 63/etc/examples/httpd.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/httpd.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,11 +1,10 @@ | |
-# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ | |
+# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ | |
server "example.com" { | |
listen on * port 80 | |
- listen on :: port 80 | |
location "/.well-known/acme-challenge/*" { | |
root "/acme" | |
- root strip 2 | |
+ request strip 2 | |
} | |
location * { | |
block return 302 "https://$HTTP_HOST$REQUEST_URI" | |
@@ -14,7 +13,6 @@ | |
server "example.com" { | |
listen on * tls port 443 | |
- listen on :: tls port 443 | |
tls { | |
certificate "/etc/ssl/example.com.fullchain.pem" | |
key "/etc/ssl/private/example.com.key" | |
@@ -24,6 +22,6 @@ | |
} | |
location "/.well-known/acme-challenge/*" { | |
root "/acme" | |
- root strip 2 | |
+ request strip 2 | |
} | |
} | |
diff -ur -x moduli 63/etc/examples/ldpd.conf 64/etc/examples/ldpd.conf | |
--- 63/etc/examples/ldpd.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/ldpd.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,7 +1,7 @@ | |
-# $OpenBSD: ldpd.conf,v 1.2 2016/06/05 03:29:33 renato Exp $ | |
+# $OpenBSD: ldpd.conf,v 1.3 2018/08/06 17:26:31 mestre Exp $ | |
# macros | |
-password="secret" | |
+peer1="192.168.1.10" | |
# global configuration | |
# router-id 10.0.0.1 | |
@@ -22,8 +22,8 @@ | |
targeted-neighbor 172.16.1.10 | |
} | |
-neighbor 192.168.1.10 { | |
- password $password | |
+neighbor $peer1 { | |
+ password "secret" | |
} | |
l2vpn CUST_A type vpls { | |
diff -ur -x moduli 63/etc/examples/ospfd.conf 64/etc/examples/ospfd.conf | |
--- 63/etc/examples/ospfd.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/ospfd.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,16 +1,16 @@ | |
-# $OpenBSD: ospfd.conf,v 1.1 2014/07/11 16:36:35 deraadt Exp $ | |
+# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $ | |
# macros | |
-password="secret" | |
+id="192.0.2.5" | |
# global configuration | |
-# router-id 10.0.0.1 | |
+# router-id $id | |
# fib-update no | |
# stub router no | |
# spf-delay 1 | |
# spf-holdtime 5 | |
-# auth-key $password | |
+# auth-key secret | |
# auth-type simple | |
# hello-interval 10 | |
# metric 10 | |
@@ -25,7 +25,7 @@ | |
area 0.0.0.5 { | |
interface em0 { | |
auth-type simple | |
- auth-key $password | |
+ auth-key secret | |
} | |
interface em1 { | |
diff -ur -x moduli 63/etc/examples/pf.conf 64/etc/examples/pf.conf | |
--- 63/etc/examples/pf.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/pf.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,11 +1,11 @@ | |
-# $OpenBSD: pf.conf,v 1.3 2017/11/29 00:15:34 mlarkin Exp $ | |
+# $OpenBSD: pf.conf,v 1.4 2018/07/10 19:28:35 henning Exp $ | |
# | |
# See pf.conf(5) for syntax and examples. | |
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 | |
# in /etc/sysctl.conf if packets are to be forwarded between interfaces. | |
-# increase default state limit from 10'000 states on busy systems | |
-#set limit states 100000 | |
+# increase default state limit from 100'000 states on busy systems | |
+#set limit states 500000 | |
set skip on lo | |
Only in 64/etc/examples: rad.conf | |
diff -ur -x moduli 63/etc/examples/relayd.conf 64/etc/examples/relayd.conf | |
--- 63/etc/examples/relayd.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/examples/relayd.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $ | |
+# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ | |
# | |
# Macros | |
# | |
@@ -42,8 +42,8 @@ | |
value "$SERVER_ADDR:$SERVER_PORT" | |
match request header set "Connection" value "close" | |
- # Various TCP performance options | |
- tcp { nodelay, sack, socket buffer 65536, backlog 128 } | |
+ # Various TCP options | |
+ tcp { sack, backlog 128 } | |
# tls { no tlsv1.0, ciphers HIGH } | |
# tls no session tickets | |
Only in 64/etc/firmware: ral-rt3290 | |
diff -ur -x moduli 63/etc/magic 64/etc/magic | |
--- 63/etc/magic 2018-03-24 21:23:54.000000000 +0100 | |
+++ 64/etc/magic 2018-10-11 21:33:26.000000000 +0200 | |
@@ -10675,7 +10675,7 @@ | |
# From: Josh Triplett <josh@freedesktop.org> | |
0 string XPCOM\nMozFASL\r\n\x1A Mozilla XUL fastload data | |
-# $OpenBSD: msdos,v 1.6 2016/01/29 11:50:40 tb Exp $ | |
+# $OpenBSD: msdos,v 1.7 2018/10/04 16:51:38 ccardenas Exp $ | |
#------------------------------------------------------------------------------ | |
# msdos: file(1) magic for MS-DOS files | |
@@ -11318,43 +11318,77 @@ | |
#-------------------------------------------------------------------- | |
# Qemu Emulator Images | |
# Lines written by Friedrich Schwittay (f.schwittay@yousable.de) | |
-# Made by reading sources and doing trial and error on existing | |
-# qcow files | |
-0 string QFI Qemu Image, Format: Qcow | |
+# Updated by Adam Buchbinder (adam.buchbinder@gmail.com) | |
+# Made by reading sources, reading documentation, and doing trial and error | |
+# on existing QCOW files | |
+0 string/b QFI\xFB QEMU QCOW Image | |
# Uncomment the following line to display Magic (only used for debugging | |
# this magic number) | |
-#>0 string x , Magic: %s | |
+#>0 string/b x , Magic: %s | |
-# There are currently 2 Versions: "1" and "2" | |
-# I do not use Version 2 and therefore branch here | |
-# but can assure: it works (tested on both versions) | |
-# Also my Qemu 0.9.0 which uses this Version 2 refuses | |
-# to start in its bios | |
->0x04 belong 2 , Version: 2 | |
->0x04 belong 1 , Version: 1 | |
+# There are currently 2 Versions: "1" and "2". | |
+# http://www.gnome.org/~markmc/qcow-image-format-version-1.html | |
+>4 belong 1 (v1) | |
-# Using the existence of the Backing File Offset to Branch or not | |
+# Using the existence of the Backing File Offset to determine whether | |
# to read Backing File Information | |
->>0xc belong >0 , Backing File( Offset: %lu | |
->>>(0xc.L) string >\0 , Path: %s | |
- | |
-# Didn't get the trick here how qemu stores the "Size" at this Position | |
-# There is actually something stored but nothing makes sense | |
-# The header in the sources talks about it | |
-#>>>16 lelong x , Size: %lu | |
+>>12 belong >0 \b, has backing file ( | |
+# Note that this isn't a null-terminated string; the length is actually | |
+# (16.L). Assuming a null-terminated string happens to work usually, but it | |
+# may spew junk until it reaches a \0 in some cases. | |
+>>>(12.L) string >\0 \bpath %s | |
# Modification time of the Backing File | |
# Really useful if you want to know if your backing | |
# file is still usable together with this image | |
->>>20 bedate x , Mtime: %s ) | |
+>>>>20 bedate >0 \b, mtime %s) | |
+>>>>20 default x \b) | |
+ | |
+# Size is stored in bytes in a big-endian u64. | |
+>>24 bequad x \b, %lld bytes | |
-# Don't know how to calculate in Magicfiles | |
-# Also: this Information is not reliably | |
-# stored in image-files | |
->>24 lelong x , Disk Size could be: %d * 256 bytes | |
+# 1 for AES encryption, 0 for none. | |
+>>36 belong 1 \b, AES-encrypted | |
-0 string QEVM QEMU's suspend to disk image | |
+# http://www.gnome.org/~markmc/qcow-image-format.html | |
+>4 belong 2 (v2) | |
+# Using the existence of the Backing File Offset to determine whether | |
+# to read Backing File Information | |
+>>8 bequad >0 \b, has backing file | |
+# Note that this isn't a null-terminated string; the length is actually | |
+# (16.L). Assuming a null-terminated string happens to work usually, but it | |
+# may spew junk until it reaches a \0 in some cases. Also, since there's no | |
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if | |
+# the file is over 4G, and the backing file path is stored after the first 4G, | |
+# the wrong filename will be printed. (This should be (8.Q), when that syntax | |
+# is introduced.) | |
+>>>(12.L) string >\0 (path %s) | |
+>>24 bequad x \b, %lld bytes | |
+>>32 belong 1 \b, AES-encrypted | |
+ | |
+>4 belong 3 (v3) | |
+# Using the existence of the Backing File Offset to determine whether | |
+# to read Backing File Information | |
+>>8 bequad >0 \b, has backing file | |
+# Note that this isn't a null-terminated string; the length is actually | |
+# (16.L). Assuming a null-terminated string happens to work usually, but it | |
+# may spew junk until it reaches a \0 in some cases. Also, since there's no | |
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if | |
+# the file is over 4G, and the backing file path is stored after the first 4G, | |
+# the wrong filename will be printed. (This should be (8.Q), when that syntax | |
+# is introduced.) | |
+>>>(12.L) string >\0 (path %s) | |
+>>24 bequad x \b, %lld bytes | |
+>>32 belong 1 \b, AES-encrypted | |
+ | |
+>4 default x (unknown version) | |
+ | |
+0 string/b QEVM QEMU suspend to disk image | |
+ | |
+# QEMU QED Image | |
+# http://wiki.qemu.org/Features/QED/Specification | |
+0 string/b QED\0 QEMU QED Image | |
0 string Bochs\ Virtual\ HD\ Image Bochs disk image, | |
>32 string x type %s, | |
diff -ur -x moduli 63/etc/mtree/4.4BSD.dist 64/etc/mtree/4.4BSD.dist | |
--- 63/etc/mtree/4.4BSD.dist 2018-03-24 21:23:21.000000000 +0100 | |
+++ 64/etc/mtree/4.4BSD.dist 2018-10-11 21:32:46.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: 4.4BSD.dist,v 1.301 2017/11/05 10:29:24 rpe Exp $ | |
+# $OpenBSD: 4.4BSD.dist,v 1.303 2018/08/16 17:40:54 millert Exp $ | |
/set type=dir uname=root gname=wheel mode=0755 | |
@@ -487,6 +487,8 @@ | |
.. | |
amd64 | |
.. | |
+ arm64 | |
+ .. | |
armv7 | |
.. | |
hppa | |
@@ -577,18 +579,18 @@ | |
.. | |
# ./usr/share/zoneinfo | |
- zoneinfo gname=bin uname=root mode=0555 | |
- Australia gname=bin uname=root mode=0555 | |
+ zoneinfo gname=bin uname=root mode=0755 | |
+ Australia gname=bin uname=root mode=0755 | |
.. | |
- Brazil gname=bin uname=root mode=0555 | |
+ Brazil gname=bin uname=root mode=0755 | |
.. | |
- Canada gname=bin uname=root mode=0555 | |
+ Canada gname=bin uname=root mode=0755 | |
.. | |
- Chile gname=bin uname=root mode=0555 | |
+ Chile gname=bin uname=root mode=0755 | |
.. | |
- Mexico gname=bin uname=root mode=0555 | |
+ Mexico gname=bin uname=root mode=0755 | |
.. | |
- US gname=bin uname=root mode=0555 | |
+ US gname=bin uname=root mode=0755 | |
.. | |
.. | |
.. | |
diff -ur -x moduli 63/etc/mtree/BSD.x11.dist 64/etc/mtree/BSD.x11.dist | |
--- 63/etc/mtree/BSD.x11.dist 2018-03-24 21:23:21.000000000 +0100 | |
+++ 64/etc/mtree/BSD.x11.dist 2018-10-11 21:32:46.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: BSD.x11.dist,v 1.45 2017/08/05 14:13:39 jsg Exp $ | |
+# $OpenBSD: BSD.x11.dist,v 1.46 2018/06/07 21:23:44 matthieu Exp $ | |
/set type=dir uname=root gname=wheel mode=0755 | |
. | |
@@ -358,6 +358,8 @@ | |
.. | |
dri2proto | |
.. | |
+ dri3proto | |
+ .. | |
fixesproto | |
.. | |
fontconfig | |
diff -ur -x moduli 63/etc/netstart 64/etc/netstart | |
--- 63/etc/netstart 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/netstart 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,10 +1,16 @@ | |
#!/bin/sh - | |
# | |
-# $OpenBSD: netstart,v 1.197 2018/03/04 10:12:26 jmc Exp $ | |
+# $OpenBSD: netstart,v 1.200 2018/08/29 11:30:48 krw Exp $ | |
# Turn off Strict Bourne shell mode. | |
set +o sh | |
+# Show usage of the netstart script and exit. | |
+usage() { | |
+ print -u2 "usage: ${0##*/} [[-n] interface ...]" | |
+ exit 1 | |
+} | |
+ | |
# Echo file $1 to stdout. Skip comment lines and delete everything | |
# after the first '#' from other lines. Strip leading and trailing | |
# whitespace if IFS is set. | |
@@ -59,7 +65,7 @@ | |
_cmds[$_prev]="${_c[@]}" | |
;; | |
dhcp) _c[0]= | |
- _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} down;dhclient $_if" | |
+ _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient $_if" | |
V4_DHCPCONF=true | |
;; | |
'!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g') | |
@@ -195,28 +201,31 @@ | |
done | |
} | |
+# Make sure the invoking user has the right privileges. Check for presence of | |
+# id(1) to avoid problems with diskless setups. | |
+if [[ -x /usr/bin/id ]] && (($(id -u) != 0)); then | |
+ echo "${0##*/}: need root privileges" | |
+ exit 1 | |
+fi | |
+ | |
# Get network related vars from rc.conf using the parsing routine from rc.subr. | |
FUNCS_ONLY=1 . /etc/rc.d/rc.subr | |
_rc_parse_conf | |
PRINT_ONLY=false | |
-USAGE="usage: ${0##*/} [[-n] interface ...]" | |
V4_DHCPCONF=false | |
V6_AUTOCONF=false | |
while getopts ":n" opt; do | |
case $opt in | |
n) PRINT_ONLY=true;; | |
- *) print -u2 "$USAGE"; exit 1;; | |
+ *) usage;; | |
esac | |
done | |
shift $((OPTIND-1)) | |
# Option -n is only supported if interface names are specified as parameters. | |
-if $PRINT_ONLY && (($# == 0)); then | |
- print -u2 "$USAGE" | |
- exit 1 | |
-fi | |
+$PRINT_ONLY && (($# == 0)) && usage | |
# Load key material for the generation of IPv6 Semantically Opaque Interface | |
# Identifiers (SOII) used for link local and SLAAC addresses. | |
Only in 63/etc: networks | |
diff -ur -x moduli 63/etc/rc 64/etc/rc | |
--- 63/etc/rc 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/rc 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc,v 1.525 2018/02/18 18:52:02 rpe Exp $ | |
+# $OpenBSD: rc,v 1.529 2018/07/23 11:54:49 florian Exp $ | |
# System startup script run by init on autoboot or after single-user. | |
# Output and error are redirected to console by init, and the console is the | |
@@ -337,6 +337,12 @@ | |
echo '.' | |
fi | |
+ if /etc/rc.d/vmd check > /dev/null; then | |
+ echo -n 'stopping VMs' | |
+ /etc/rc.d/vmd stop > /dev/null | |
+ echo '.' | |
+ fi | |
+ | |
[[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown | |
fi | |
@@ -575,15 +581,8 @@ | |
echo -n 'starting network daemons:' | |
start_daemon ldomd sshd switchd snmpd ldpd ripd ospfd ospf6d bgpd ifstated | |
-start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd | |
- | |
-if ifconfig lo0 inet6 >/dev/null 2>&1; then | |
- if (($(sysctl -n net.inet6.ip6.forwarding) == 1)); then | |
- start_daemon route6d rtadvd | |
- fi | |
-fi | |
- | |
-start_daemon hostapd lpd smtpd slowcgi httpd ftpd | |
+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd route6d | |
+start_daemon rad hostapd lpd smtpd slowcgi httpd ftpd | |
start_daemon ftpproxy ftpproxy6 tftpd tftpproxy identd inetd rarpd bootparamd | |
start_daemon rbootd mopd vmd spamd spamlogd sndiod | |
echo '.' | |
diff -ur -x moduli 63/etc/rc.conf 64/etc/rc.conf | |
--- 63/etc/rc.conf 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/rc.conf 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc.conf,v 1.216 2017/05/30 12:04:26 tb Exp $ | |
+# $OpenBSD: rc.conf,v 1.218 2018/07/23 11:54:49 florian Exp $ | |
# DO NOT EDIT THIS FILE!! | |
# | |
@@ -46,6 +46,7 @@ | |
ospfd_flags=NO | |
ospf6d_flags=NO | |
pflogd_flags= # add more flags, e.g. "-s 256" | |
+rad_flags=NO | |
radiusd_flags=NO | |
rarpd_flags=NO | |
rbootd_flags=NO | |
@@ -53,8 +54,6 @@ | |
rebound_flags=NO | |
ripd_flags=NO | |
route6d_flags=NO # be sure to set net.inet6.ip6.forwarding=1 | |
-rtadvd_flags=NO # for normal use: list of interfaces | |
- # be sure to set net.inet6.ip6.forwarding=1 | |
sasyncd_flags=NO | |
sensorsd_flags=NO | |
slaacd_flags= | |
Only in 64/etc/rc.d: rad | |
Only in 63/etc/rc.d: rtadvd | |
diff -ur -x moduli 63/etc/rc.d/vmd 64/etc/rc.d/vmd | |
--- 63/etc/rc.d/vmd 2018-03-24 21:23:21.000000000 +0100 | |
+++ 64/etc/rc.d/vmd 2018-10-11 21:32:46.000000000 +0200 | |
@@ -1,6 +1,6 @@ | |
#!/bin/ksh | |
# | |
-# $OpenBSD: vmd,v 1.7 2018/02/20 10:12:14 sthen Exp $ | |
+# $OpenBSD: vmd,v 1.9 2018/09/27 17:15:36 reyk Exp $ | |
daemon="/usr/sbin/vmd" | |
@@ -11,18 +11,8 @@ | |
${daemon} -n ${daemon_flags} | |
} | |
-list_running() { | |
- vmctl status | awk '$2 ~ "[0-9]" {print $8}' | |
-} | |
- | |
rc_stop() { | |
- for vm in $(list_running); do | |
- _rc_do vmctl stop "$vm" | |
- while list_running | fgrep -wq "$vm"; do | |
- sleep .1 | |
- done | |
- done | |
- | |
+ _rc_do vmctl stop -a -w | |
pkill -T "${daemon_rtable}" -xf "${pexp}" | |
} | |
diff -ur -x moduli 63/etc/services 64/etc/services | |
--- 63/etc/services 2018-03-24 21:23:20.000000000 +0100 | |
+++ 64/etc/services 2018-10-11 21:32:45.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: services,v 1.94 2015/07/27 11:02:39 sthen Exp $ | |
+# $OpenBSD: services,v 1.95 2018/07/03 23:52:27 dlg Exp $ | |
# | |
# Network services, Internet style | |
# https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt | |
@@ -244,6 +244,8 @@ | |
ipsec-nat-t 4500/udp ipsec-msft # IPsec NAT-Traversal | |
hylafax 4559/tcp # HylaFAX client-server protocol | |
hylafax 4559/udp # HylaFAX client-server protocol | |
+gre-in-udp 4754/udp # GRE-in-UDP Encapsulation | |
+gre-udp-dtls 4755/udp # GRE-in-UDP Encapsulation with DTLS | |
vxlan 4789/udp # VXLAN | |
rfe 5002/tcp # Radio Free Ethernet | |
rfe 5002/udp # Actually uses UDP only | |
Only in 63/etc/signify: openbsd-61-base.pub | |
Only in 63/etc/signify: openbsd-61-fw.pub | |
Only in 63/etc/signify: openbsd-61-pkg.pub | |
Only in 63/etc/signify: openbsd-61-syspatch.pub | |
Only in 64/etc/signify: openbsd-65-base.pub | |
Only in 64/etc/signify: openbsd-65-fw.pub | |
Only in 64/etc/signify: openbsd-65-pkg.pub | |
Only in 64/etc/signify: openbsd-65-syspatch.pub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment