OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
d2k17 Hackathon Report: Alexander Bluhm on Network Stack Improvements and more
Contributed by rueda on Wed Jun 28 07:49:16 2017 (GMT)
from the ref-ac-to-ring dept.

Alexander Bluhm (bluhm@) wrote in with a hackathon report:

As usual hackathons are a great time to get things commited. All the other developers are around, you can discuss ideas and get code reviewed quickly.

To move towards network input without big kernel lock, I have looked at the protocol functions and refactored them. Especially IP-in-IP input that is used for IPsec tunnel mode needed some love. I have fixed several bugs and have a diff ready that avoids one additional queuing of the packets. This work had to be coordinated with mpi@, who removed the kernel big lock from the forwarding path.

[ 0 comments ] (flat) (expanded)

OpenBSD now has Trapsleds to make life harder for ROPers
Contributed by pitrh on Thu Jun 22 06:55:25 2017 (GMT)
from the just enough ROP to TRAP yourself dept.

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.

Todd's message to tech says,

I have attached a patch that converts NOP padding from the assembler into INT3 padding on amd64. The idea is to remove potentially conveinent NOP sleds from programs and libraries, which makes it harder for an attacker to hit any ROP gadgets or other instructions after a NOP sled.

[ 1 comment 6d13:29 ago ] (flat) (expanded)

KARL - kernel address randomized link
Contributed by rueda on Tue Jun 13 02:52:37 2017 (GMT)
from the Charlemagne dept.

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) has announced a new randomization feature for kernel protection:

Over the last three weeks I've been working on a new randomization
feature which will protect the kernel.
Recently I moved all our kernels to a new mapping model, with patrick
and visa taking care of two platforms.
As a result, every new kernel is unique.  The relative offsets between
functions and data are unique.
However, snapshots of -current contain a futher change, which I
worked on with Robert Peichaer (rpe@):

That change is scaffolding to ensure you boot a newly-linked kernel
upon every reboot.[...]

Read the full message for the juicy details.

Note that, because of the new mechanisms, unhibernate does not work on -current (for now).

[ 18 comments 2d3:00 ago ] (flat) (expanded)

OpenBSD Daily, code review, and you
Contributed by pitrh on Fri Jun 9 16:48:32 2017 (GMT)
from the a-source-a-day-keeps-the-bugs-away dept.

OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at

I made a new years resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development.

[ 2 comments 10d17:55 ago ] (flat) (expanded)

Running OpenBSD on Azure
Contributed by rueda on Fri Jun 09 11:21:52 2017 (GMT)
from the bright blue puffy dept.

A new Microsoft Azure blog entry, Running OpenBSD on Azure, describes OpenBSD support:

Today we are happy to share you that Azure supports OpenBSD 6.1 with the collaboration effort from Esdenera and Microsoft. Meanwhile Esdenera brings their firewall product based on OpenBSD on board Azure Marketplace now.

[Esdenera is Reyk (reyk@) Flöter's company.]

The Register covers this development in Microsoft Azure adds OpenBSD support. Repeat. Azure adds OpenBSD support.

This results from the efforts of mikeb@, reyk@, jsg@, and others.

[ 2 comments 16d15:38 ago ] (flat) (expanded)

d2k17 Hackathon Report: Florian Obser on slaacd(8)
Contributed by rueda on Fri Jun 09 01:34:09 2017 (GMT)
from the in this case, keep slaacing dept.

Florian Obser (florian@) kindly supplied a report on his d2k17 activities:

I wanted to take an overnight train from Amsterdam to Munich but that service had been cancelled sometime last year. So I had to fly to not lose too much time.

[ 1 comment 19d6:33 ago ] (flat) (expanded)

d2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more
Contributed by rueda on Thu Jun 08 06:33:25 2017 (GMT)
from the shell be right, mate dept.

Our next d2k17 report comes from Antoine Jacoutot (ajacoutot@), who writes:

My name is Antoine Jacoutot. After five hours on a hellish train ride, I have come to Starnberg with only one goal: to fix rc.d. But to do that, I can't be the OpenBSD developer I once was. To honor systemd's memory, I must be someone else. I must be something else.

[ 6 comments 19d10:14 ago ] (flat) (expanded)

d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection
Contributed by rueda on Mon Jun 05 01:21:08 2017 (GMT)
from the sequential improvement dept.

Our second d2k17 report is from Ken Westerback (krw@), who writes:

I arrived at Starnberg with a clear and overriding focus -- to finally expunge the obsolete XS_NO_CCB construct from our SCSI code. In fact I was so focused on this issue I walked right past my pre-d2k17 hotel and wandered the streets of Starnberg for 30 minutes until I found it sitting right across the street from the BahnHof I started at.

[ 0 comments ] (flat) (expanded)

d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress
Contributed by pitrh on Fri Jun 02 01:39:40 2017 (GMT)
from the sunshine and krautwerk dept.

The first report from the recently completed d2k17 hackathon comes from Stefan Sperling, who writes:

This hackathon I took time to kick off a project I have been wanting to try for some time but never got around to: Adding sound support for my laptop which uses an internal USB audio device wired to xhci(4). Our xhci(4) driver lacks support for data transfers with guaranteed bandwidth and timing constraints (aka isochronous transfers). The first step is to add support for such transfers (mpi@ tells me the rabbit hole ends up in uaudio(4) but I'll worry about that later). To get started, I spent some time reading parts of the USB 2.0 and USB 3.1 specs, as well Intel's data sheet for the xHC interface (linked from Equipped with this new knowledge, I started brushing up an old work-in-progress diff that mpi@ shared with me. I did not make much progress and eventually got side-tracked into the wireless stack. But having finally explored this problem space feels good! I will try to keep exploring.

[ 0 comments ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Tuesday, May 30
09:58 MWL's "Relayd and Httpd Mastery" Published (2)
23:32 Ted Unangst on notable recent changes in OpenBSD (1)
Wednesday, May 10
23:39 OpenBSD Community Goes Gold (0)
Wednesday, May 03
07:11 Official OpenBSD 6.1 CD - There's only One! (12)
04:10 Errata and (First) Binary Patches Announced (7)
Monday, May 01
10:25 OpenSSH Removes SSHv1 Support (7)
Thursday, April 27
20:57 OpenBSD 6.1 Song Released (1)
Tuesday, April 25
04:12 The many ways of running firefox on OpenBSD (6)
Friday, April 21
00:19 clang(1) added to base on amd64 and i386 (3)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata

OpenBSD Resources

Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]