The router doesn't know the size of the internet...

2015-10-24 Thread Martin Pieuchot 
...at least better than OpenBSD's source code.

This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit.
Alexander verified that this is not mandatory in the corresponding RFCs
and what really matters is the per-PCB specified hop limit.

See how this simplifies a lot of rt_ifp usages?

Ok?

Index: netinet/in_pcb.h
===
RCS file: /cvs/src/sys/netinet/in_pcb.h,v
retrieving revision 1.90
diff -u -p -r1.90 in_pcb.h
--- netinet/in_pcb.h22 Sep 2015 09:34:39 -  1.90
+++ netinet/in_pcb.h24 Oct 2015 13:49:47 -
@@ -287,7 +287,7 @@ struct rtentry *
 intin6_pcbnotify(struct inpcbtable *, struct sockaddr_in6 *,
u_int, const struct sockaddr_in6 *, u_int, u_int, int, void *,
void (*)(struct inpcb *, int));
-intin6_selecthlim(struct inpcb *, struct ifnet *);
+intin6_selecthlim(struct inpcb *);
 intin6_pcbsetport(struct in6_addr *, struct inpcb *, struct proc *);
 #endif /* _KERNEL */
 #endif /* _NETINET_IN_PCB_H_ */
Index: netinet/tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.305
diff -u -p -r1.305 tcp_input.c
--- netinet/tcp_input.c 11 Sep 2015 08:17:06 -  1.305
+++ netinet/tcp_input.c 24 Oct 2015 13:50:20 -
@@ -4363,8 +4363,7 @@ syn_cache_respond(struct syn_cache *sc, 
break;
 #ifdef INET6
case AF_INET6:
-   ip6->ip6_hlim = in6_selecthlim(NULL,
-   ro->ro_rt ? ro->ro_rt->rt_ifp : NULL);
+   ip6->ip6_hlim = in6_selecthlim(NULL);
 
error = ip6_output(m, NULL /*XXX*/, (struct route_in6 *)ro, 0,
NULL, NULL);
Index: netinet/tcp_output.c
===
RCS file: /cvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.114
diff -u -p -r1.114 tcp_output.c
--- netinet/tcp_output.c11 Sep 2015 08:17:06 -  1.114
+++ netinet/tcp_output.c24 Oct 2015 13:50:25 -
@@ -1108,7 +1108,7 @@ send:
sizeof(struct ip6_hdr);
packetlen = m->m_pkthdr.len;
ip6->ip6_nxt = IPPROTO_TCP;
-   ip6->ip6_hlim = in6_selecthlim(tp->t_inpcb, NULL);
+   ip6->ip6_hlim = in6_selecthlim(tp->t_inpcb);
 #ifdef TCP_ECN
if (needect)
ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
Index: netinet/tcp_subr.c
===
RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.149
diff -u -p -r1.149 tcp_subr.c
--- netinet/tcp_subr.c  2 Oct 2015 09:51:54 -   1.149
+++ netinet/tcp_subr.c  24 Oct 2015 13:50:04 -
@@ -254,7 +254,7 @@ tcp_template(tp)
 
ip6->ip6_nxt = IPPROTO_TCP;
ip6->ip6_plen = htons(sizeof(struct tcphdr)); /*XXX*/
-   ip6->ip6_hlim = in6_selecthlim(inp, NULL);  /*XXX*/
+   ip6->ip6_hlim = in6_selecthlim(inp);/*XXX*/
 
th = (struct tcphdr *)(mtod(m, caddr_t) +
sizeof(struct ip6_hdr));
@@ -400,7 +400,7 @@ tcp_respond(struct tcpcb *tp, caddr_t te
case AF_INET6:
ip6->ip6_flow = htonl(0x6000);
ip6->ip6_nxt  = IPPROTO_TCP;
-   ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL, NULL);  
/*XXX*/
+   ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL);
/*XXX*/
ip6->ip6_plen = tlen - sizeof(struct ip6_hdr);
ip6->ip6_plen = htons(ip6->ip6_plen);
ip6_output(m, tp ? tp->t_inpcb->inp_outputopts6 : NULL,
Index: netinet6/in6_pcb.c
===
RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.81
diff -u -p -r1.81 in6_pcb.c
--- netinet6/in6_pcb.c  20 Oct 2015 18:04:03 -  1.81
+++ netinet6/in6_pcb.c  24 Oct 2015 13:54:05 -
@@ -369,7 +369,6 @@ in6_pcbconnect(struct inpcb *inp, struct
 {
struct in6_addr *in6a = NULL;
struct sockaddr_in6 *sin6 = mtod(nam, struct sockaddr_in6 *);
-   struct ifnet *ifp = NULL;   /* outgoing interface */
int error = 0;
struct sockaddr_in6 tmp;
 
@@ -412,10 +411,7 @@ in6_pcbconnect(struct inpcb *inp, struct
if (error)
return (error);
 
-   if (rtisvalid(inp->inp_route6.ro_rt))
-   ifp = inp->inp_route6.ro_rt->rt_ifp;
-
-   inp->inp_ipv6.ip6_hlim = (u_int8_t)in6_selecthlim(inp, ifp);
+   inp->inp_ipv6.ip6_hlim = (u_int8_t)in6_selecthlim(inp);
 
if (in_pcblookup(inp->inp_table, >sin6_addr, sin6->sin6_port,
IN6_IS_ADDR_UNSPECIFIED(>inp_laddr6) ? in6a : >inp_laddr6,
Index: netinet6/in6_src.c

STANDARDS for nl_langinfo(3)

2015-10-24 Thread Anthony J. Bentley 
ok?

Index: nl_langinfo.3
===
RCS file: /cvs/src/lib/libc/locale/nl_langinfo.3,v
retrieving revision 1.10
diff -u -p -r1.10 nl_langinfo.3
--- nl_langinfo.3   21 Jan 2014 03:15:45 -  1.10
+++ nl_langinfo.3   24 Oct 2015 13:02:04 -
@@ -30,3 +30,8 @@ returns a pointer to an empty string if
 is invalid.
 .Sh SEE ALSO
 .Xr setlocale 3
+.Sh STANDARDS
+The
+.Fn nl_langinfo
+function conforms to
+.St -p1003.1-2008 .

Re: The router doesn't know the size of the internet...

2015-10-24 Thread Alexander Bluhm 
On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote:
> ...at least better than OpenBSD's source code.
> 
> This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit.
> Alexander verified that this is not mandatory in the corresponding RFCs
> and what really matters is the per-PCB specified hop limit.
> 
> See how this simplifies a lot of rt_ifp usages?
> 
> Ok?

It is a SHOULD in RFC 4861 and we are OpenBSD and don't believe in
what those Cisco routers claim anyway.

   Router Advertisement messages also contain Internet parameters such
   as the hop limit that hosts should use in outgoing packets and,
   optionally, link parameters such as the link MTU.  This facilitates
   centralized administration of critical parameters that can be set on
   routers and automatically propagated to all attached hosts.

   If the received Cur Hop Limit value is non-zero, the host SHOULD set
   its CurHopLimit variable to the received value.

> + if (nd_ra->nd_ra_curhoplimit) {
> + /*
> +  * Ignore it.  The router doesn't know the size of the
> +  * internet better than this source code.
> +  */
> + }

s/size/diameter/ to quote RFC 2461 correctly

The value should be set to that current diameter of the Internet.

OK bluhm@

rt_missmsg takes interface index

2015-10-24 Thread Alexander Bluhm 
Hi,

Instead of doing the the if_get() dance for rt_missmsg(), change the
function to take an interface index.

ok?

bluhm

Index: net/route.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/route.c,v
retrieving revision 1.260
diff -u -p -r1.260 route.c
--- net/route.c 24 Oct 2015 11:58:46 -  1.260
+++ net/route.c 24 Oct 2015 16:55:36 -
@@ -235,7 +235,7 @@ rtalloc(struct sockaddr *dst, int flags,
rtstat.rts_unreach++;
 miss:
if (ISSET(flags, RT_REPORT))
-   rt_missmsg(RTM_MISS, , 0, NULL, error, tableid);
+   rt_missmsg(RTM_MISS, , 0, 0, error, tableid);
}
KERNEL_UNLOCK();
splx(s);
@@ -398,7 +398,7 @@ rt_sendmsg(struct rtentry *rt, int cmd, 
info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
}
 
-   rt_missmsg(cmd, , rt->rt_flags, ifp, 0, rtableid);
+   rt_missmsg(cmd, , rt->rt_flags, rt->rt_ifidx, 0, rtableid);
if_put(ifp);
 }
 
@@ -431,7 +431,7 @@ rtredirect(struct sockaddr *dst, struct 
u_int32_t   *stat = NULL;
struct rt_addrinfo   info;
struct ifaddr   *ifa;
-   struct ifnet*ifp = NULL;
+   unsigned int ifidx;
 
splsoftassert(IPL_SOFTNET);
 
@@ -440,7 +440,7 @@ rtredirect(struct sockaddr *dst, struct 
error = ENETUNREACH;
goto out;
}
-   ifp = ifa->ifa_ifp;
+   ifidx = ifa->ifa_ifp->if_index;
rt = rtalloc(dst, 0, rdomain);
/*
 * If the redirect isn't from our current router for this dst,
@@ -521,7 +521,7 @@ out:
info.rti_info[RTAX_GATEWAY] = gateway;
info.rti_info[RTAX_NETMASK] = netmask;
info.rti_info[RTAX_AUTHOR] = src;
-   rt_missmsg(RTM_REDIRECT, , flags, ifp, error, rdomain);
+   rt_missmsg(RTM_REDIRECT, , flags, ifidx, error, rdomain);
 }
 
 /*
@@ -532,7 +532,7 @@ rtdeletemsg(struct rtentry *rt, u_int ta
 {
int error;
struct rt_addrinfo  info;
-   struct ifnet*ifp;
+   unsigned intifidx;
 
/*
 * Request the new route so that the entry is not actually
@@ -544,12 +544,11 @@ rtdeletemsg(struct rtentry *rt, u_int ta
info.rti_info[RTAX_NETMASK] = rt_mask(rt);
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
info.rti_flags = rt->rt_flags;
-   ifp = if_get(rt->rt_ifidx);
+   ifidx = rt->rt_ifidx;
error = rtrequest1(RTM_DELETE, , rt->rt_priority, , tableid);
-   rt_missmsg(RTM_DELETE, , info.rti_flags, ifp, error, tableid);
+   rt_missmsg(RTM_DELETE, , info.rti_flags, ifidx, error, tableid);
if (error == 0)
rtfree(rt);
-   if_put(ifp);
return (error);
 }
 
Index: net/route.h
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/route.h,v
retrieving revision 1.116
diff -u -p -r1.116 route.h
--- net/route.h 24 Oct 2015 11:47:07 -  1.116
+++ net/route.h 24 Oct 2015 16:38:15 -
@@ -357,8 +357,7 @@ void rt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);
 voidrt_sendmsg(struct rtentry *, int, u_int);
 voidrt_sendaddrmsg(struct rtentry *, int);
-voidrt_missmsg(int, struct rt_addrinfo *, int, struct ifnet *, int,
-   u_int);
+voidrt_missmsg(int, struct rt_addrinfo *, int, u_int, int, u_int);
 int rt_setgate(struct rtentry *, struct sockaddr *, unsigned int);
 int rt_checkgate(struct ifnet *, struct rtentry *, struct sockaddr *,
unsigned int, struct rtentry **);
Index: net/rtsock.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/rtsock.c,v
retrieving revision 1.176
diff -u -p -r1.176 rtsock.c
--- net/rtsock.c24 Oct 2015 11:58:47 -  1.176
+++ net/rtsock.c24 Oct 2015 16:37:27 -
@@ -1075,8 +1075,8 @@ again:
  * destination.
  */
 void
-rt_missmsg(int type, struct rt_addrinfo *rtinfo, int flags,
-struct ifnet *ifp, int error, u_int tableid)
+rt_missmsg(int type, struct rt_addrinfo *rtinfo, int flags, u_int ifidx,
+int error, u_int tableid)
 {
struct rt_msghdr*rtm;
struct mbuf *m;
@@ -1092,8 +1092,7 @@ rt_missmsg(int type, struct rt_addrinfo 
rtm->rtm_errno = error;
rtm->rtm_tableid = tableid;
rtm->rtm_addrs = rtinfo->rti_addrs;
-   if (ifp != NULL)
-   rtm->rtm_index = ifp->if_index;
+   rtm->rtm_index = ifidx;
if (sa == NULL)
route_proto.sp_protocol = 0;
else
Index: netinet/in_pcb.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.186
diff -u -p -r1.186 in_pcb.c
--- netinet/in_pcb.c

pair(4) is not vether(4)

2015-10-24 Thread Reyk Floeter 
Hi,

some people asked me if pair(4) is a superset of vether(4).
It is not (anymore).

The most important difference is the link state handling: while the
link of vether(4) is always active as soon as it is configured up, the
link state of pair(4) is up when it is patched into a second pair(4).
And, like proper real Ethernet interfaces, the link state is not
depending on the administrative state up or down.

Due to this fact, you cannot use "just one" stand-alone pair(4) in a
bridge(4) - it is not a drop-in replacement for vether(4) - as all
associated routes will remain down until you patch it.

For the manpage, OK?

Reyk

Index: pair.4
===
RCS file: /cvs/src/share/man/man4/pair.4,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 pair.4
--- pair.4  24 Oct 2015 10:52:05 -  1.1
+++ pair.4  24 Oct 2015 14:54:22 -
@@ -71,6 +71,18 @@ It has been extended and turned into
 .Xr pair 4
 by
 .An Reyk Floeter Aq Mt r...@openbsd.org .
+.Sh CAVEATS
+Unlike
+.Xr vether 4 ,
+the
+.Xr pair 4
+interface cannot be used as a stand-alone member in a
+.Xr bridge 4 ;
+the link state remains down until it is connected to the second interface.
+Any associated routes will be marked down until it is patched.
+Use
+.Xr vether 4
+as a bridge endpoint for routing purposes instead.
 .Sh BUGS
 Like
 .Xr tun 4 ,

Re: two simple netinet6 rt_ifidx conversion

2015-10-24 Thread Alexander Bluhm 
OK bluhm@

On Sat, Oct 24, 2015 at 03:25:46PM +0200, Martin Pieuchot wrote:
> Index: netinet6/in6_ifattach.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
> retrieving revision 1.97
> diff -u -p -r1.97 in6_ifattach.c
> --- netinet6/in6_ifattach.c   22 Oct 2015 15:37:47 -  1.97
> +++ netinet6/in6_ifattach.c   24 Oct 2015 12:56:50 -
> @@ -546,7 +546,7 @@ in6_ifdetach(struct ifnet *ifp)
>   sin6.sin6_addr = in6addr_intfacelocal_allnodes;
>   sin6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
>   rt = rtalloc(sin6tosa(), 0, ifp->if_rdomain);
> - if (rt && rt->rt_ifp == ifp) {
> + if (rt && rt->rt_ifidx == ifp->if_index) {
>   rtdeletemsg(rt, ifp->if_rdomain);
>   rtfree(rt);
>   }
> @@ -558,7 +558,7 @@ in6_ifdetach(struct ifnet *ifp)
>   sin6.sin6_addr = in6addr_linklocal_allnodes;
>   sin6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
>   rt = rtalloc(sin6tosa(), 0, ifp->if_rdomain);
> - if (rt && rt->rt_ifp == ifp) {
> + if (rt && rt->rt_ifidx == ifp->if_index) {
>   rtdeletemsg(rt, ifp->if_rdomain);
>   rtfree(rt);
>   }
> Index: netinet6/in6_src.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6_src.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 in6_src.c
> --- netinet6/in6_src.c24 Oct 2015 12:33:16 -  1.66
> +++ netinet6/in6_src.c24 Oct 2015 13:00:19 -
> @@ -233,8 +233,12 @@ in6_selectsrc(struct in6_addr **in6src, 
>   rt = nd6_lookup(_next->sin6_addr, 1, NULL,
>   rtableid);
>   if (rt != NULL) {
> - ia6 = in6_ifawithscope(rt->rt_ifp, dst,
> - rtableid);
> + ifp = if_get(rt->rt_ifidx);
> + if (ifp != NULL) {
> + ia6 = in6_ifawithscope(ifp, dst,
> + rtableid);
> + if_put(ifp);
> + }
>   if (ia6 == NULL)
>   ia6 = ifatoia6(rt->rt_ifa);
>   rtfree(rt);
> @@ -285,8 +289,11 @@ in6_selectsrc(struct in6_addr **in6src, 
>*/
>  
>   if (ro->ro_rt) {
> - ia6 = in6_ifawithscope(ro->ro_rt->rt_ifp, dst,
> - rtableid);
> + ifp = if_get(ro->ro_rt->rt_ifidx);
> + if (ifp != NULL) {
> + ia6 = in6_ifawithscope(ifp, dst, rtableid);
> + if_put(ifp);
> + }
>   if (ia6 == NULL) /* xxx scope error ?*/
>   ia6 = ifatoia6(ro->ro_rt->rt_ifa);
>   }

Introduce if_rtrequest()

2015-10-24 Thread Martin Pieuchot 
Revamping the network stack design continue here at u2k15... 

This times it's about the L2 resolution mechanism plugged into the
routing table.  While discussing with Alexander we figured out that
the actual ifa_rtrequest() is always called with a valid ``ifp''...

So this diff change this function into a per-ifp one an pass an ifp
pointer as first argument.  This makes obvious that if_get/if_put is
not needed there.

As a side effect arp_ifinit() can now die since every Ethernet driver
initialize if_rtrequest in ether_ifattach().

ok?

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.394
diff -u -p -r1.394 if.c
--- net/if.c24 Oct 2015 10:52:05 -  1.394
+++ net/if.c24 Oct 2015 15:01:30 -
@@ -1278,9 +1278,8 @@ ifaof_ifpforaddr(struct sockaddr *addr, 
  * interface.
  */
 void
-p2p_rtrequest(int req, struct rtentry *rt)
+p2p_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
 {
-   struct ifnet *ifp = rt->rt_ifp;
struct ifaddr *ifa, *lo0ifa;
 
switch (req) {
Index: net/if_bridge.c
===
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.268
diff -u -p -r1.268 if_bridge.c
--- net/if_bridge.c 12 Oct 2015 10:03:25 -  1.268
+++ net/if_bridge.c 24 Oct 2015 15:59:58 -
@@ -115,6 +115,7 @@
 void   bridgeattach(int);
 intbridge_ioctl(struct ifnet *, u_long, caddr_t);
 void   bridge_start(struct ifnet *);
+void   bridge_rtrequest(struct ifnet *, int, struct rtentry *);
 void   bridge_process(struct ifnet *, struct mbuf *);
 void   bridgeintr_frame(struct bridge_softc *, struct ifnet *, struct mbuf *);
 void   bridge_broadcast(struct bridge_softc *, struct ifnet *,
@@ -686,6 +687,11 @@ bridge_ioctl(struct ifnet *ifp, u_long c
 
splx(s);
return (error);
+}
+
+void
+bridge_rtrequest(struct ifnet *ifp, int cmd, struct rtentry *rt)
+{
 }
 
 /* Detach an interface from a bridge.  */
Index: net/if_enc.c
===
RCS file: /cvs/src/sys/net/if_enc.c,v
retrieving revision 1.62
diff -u -p -r1.62 if_enc.c
--- net/if_enc.c22 Oct 2015 17:48:34 -  1.62
+++ net/if_enc.c24 Oct 2015 15:59:33 -
@@ -49,6 +49,7 @@ void   enc_start(struct ifnet *);
 int enc_output(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
 int enc_ioctl(struct ifnet *, u_long, caddr_t);
+voidenc_rtrequest(struct ifnet *, int, struct rtentry *);
 
 int enc_setif(struct ifnet *, u_int);
 voidenc_unsetif(struct ifnet *);
@@ -89,6 +90,7 @@ enc_clone_create(struct if_clone *ifc, i
ifp->if_start = enc_start;
ifp->if_output = enc_output;
ifp->if_ioctl = enc_ioctl;
+   ifp->if_rtrequest = enc_rtrequest;
ifp->if_hdrlen = ENC_HDRLEN;
 
snprintf(ifp->if_xname, sizeof(ifp->if_xname), "%s%d",
@@ -203,6 +205,11 @@ enc_ioctl(struct ifnet *ifp, u_long cmd,
}
 
return (0);
+}
+
+void
+enc_rtrequest(struct ifnet *ifp, int cmd, struct rtentry *rt)
+{
 }
 
 struct ifnet *
Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.229
diff -u -p -r1.229 if_ethersubr.c
--- net/if_ethersubr.c  22 Oct 2015 15:37:47 -  1.229
+++ net/if_ethersubr.c  24 Oct 2015 15:58:24 -
@@ -161,6 +161,23 @@ ether_ioctl(struct ifnet *ifp, struct ar
return (error);
 }
 
+
+void
+ether_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
+{
+   switch (rt_key(rt)->sa_family) {
+   case AF_INET:
+   arp_rtrequest(ifp, req, rt);
+   break;
+#ifdef INET6
+   case AF_INET6:
+   nd6_rtrequest(ifp, req, rt);
+   break;
+#endif
+   default:
+   break;
+   }
+}
 /*
  * Ethernet output routine.
  * Encapsulate a packet of type family for the local net.
@@ -505,6 +522,7 @@ ether_ifattach(struct ifnet *ifp)
ifp->if_hdrlen = ETHER_HDR_LEN;
ifp->if_mtu = ETHERMTU;
ifp->if_output = ether_output;
+   ifp->if_rtrequest = ether_rtrequest;
 
if_ih_insert(ifp, ether_input, NULL);
 
Index: net/if_gif.c
===
RCS file: /cvs/src/sys/net/if_gif.c,v
retrieving revision 1.80
diff -u -p -r1.80 if_gif.c
--- net/if_gif.c28 Sep 2015 08:32:05 -  1.80
+++ net/if_gif.c24 Oct 2015 15:42:24 -
@@ -120,6 +120,7 @@ gif_clone_create(struct if_clone *ifc, i
sc->gif_if.if_ioctl  = gif_ioctl;
sc->gif_if.if_start  = gif_start;
sc->gif_if.if_output = gif_output;
+   sc->gif_if.if_rtrequest = p2p_rtrequest;
sc->gif_if.if_type   = IFT_GIF;
IFQ_SET_MAXLEN(>gif_if.if_snd, IFQ_MAXLEN);
IFQ_SET_READY(>gif_if.if_snd);
@@ -326,7 +327,6 @@

telnet: kill dead IP source route

2015-10-24 Thread Jérémie Courrèges-Anglas 

Hi,

until today I did not know that some of our code did check for IP SSRR
and LSRR IP options in incoming packets.

That made me look for software that tried to use these options in
outgoing packets.  That code, in telnet(1), has been broken since 1998,
says cvs log.  I doubt that anyone will miss it.

Also stop mentioning source route in the manpage.

ok?

Index: commands.c
===
RCS file: /cvs/src/usr.bin/telnet/commands.c,v
retrieving revision 1.71
diff -u -p -r1.71 commands.c
--- commands.c  16 Jan 2015 06:40:13 -  1.71
+++ commands.c  24 Oct 2015 15:49:21 -
@@ -54,8 +54,6 @@
 #define PATH_SKEY  "/usr/bin/skey"
 #endif
 
-static unsigned long sourceroute(char *arg, char **cpp, int *lenp);
-
 int tos = -1;
 
 char   *hostname;
@@ -1852,9 +1850,6 @@ tn(int argc, char *argv[])
 struct addrinfo hints, *res, *res0;
 int error;
 struct sockaddr_in sin;
-unsigned long temp;
-char *srp = 0;
-int srlen;
 char *cmd, *hostp = 0, *portp = 0, *user = 0, *aliasp = 0;
 int retry;
 const int niflags = NI_NUMERICHOST;
@@ -1918,47 +1913,26 @@ tn(int argc, char *argv[])
 if (hostp == 0)
goto usage;
 
-if (hostp[0] == '@' || hostp[0] == '!') {
-   if ((hostname = strrchr(hostp, ':')) == NULL)
-   hostname = strrchr(hostp, '@');
-   hostname++;
-   srp = 0;
-   temp = sourceroute(hostp, , );
-   if (temp == 0) {
-   herror(srp);
-   return 0;
-   } else if (temp == -1) {
-   printf("Bad source route option: %s\r\n", hostp);
-   return 0;
-   } else {
-   abort();
-   }
+hostname = hostp;
+memset(, 0, sizeof(hints));
+hints.ai_family = family;
+hints.ai_socktype = SOCK_STREAM;
+hints.ai_flags = AI_CANONNAME;
+if (portp == NULL) {
+portp = "telnet";
+telnetport = 1;
+} else if (*portp == '-') {
+portp++;
+telnetport = 1;
 } else
-{
-   hostname = hostp;
-   memset(, 0, sizeof(hints));
-   hints.ai_family = family;
-   hints.ai_socktype = SOCK_STREAM;
-   hints.ai_flags = AI_CANONNAME;
-   if (portp == NULL) {
-   portp = "telnet";
-   telnetport = 1;
-   } else if (*portp == '-') {
-   portp++;
-   telnetport = 1;
-   } else
-   telnetport = 0;
-   h_errno = 0;
-   error = getaddrinfo(hostp, portp, , );
-   if (error) {
-   if (error == EAI_SERVICE)
-   warnx("%s: bad port", portp);
-   else
-   warnx("%s: %s", hostp, gai_strerror(error));
-   if (h_errno)
-   herror(hostp);
-   return 0;
-   }
+telnetport = 0;
+error = getaddrinfo(hostp, portp, , );
+if (error) {
+if (error == EAI_SERVICE)
+warnx("%s: bad port", portp);
+else
+warnx("%s: %s", hostp, gai_strerror(error));
+return 0;
 }
 
 net = -1;
@@ -2004,9 +1978,6 @@ tn(int argc, char *argv[])
 }
freeaddrinfo(ares);
}
-   if (srp && res->ai_family == AF_INET
-&& setsockopt(net, IPPROTO_IP, IP_OPTIONS, srp, srlen) < 0)
-   perror("setsockopt (IP_OPTIONS)");
if (res->ai_family == AF_INET) {
if (tos < 0)
tos = IPTOS_LOWDELAY;   /* Low Delay bit */
@@ -2236,144 +2207,4 @@ help(int argc, char *argv[])
printf("%s\r\n", c->help);
}
return 0;
-}
-
-/*
- * Source route is handed in as
- * [!]@hop1@hop2...[@|:]dst
- * If the leading ! is present, it is a
- * strict source route, otherwise it is
- * assmed to be a loose source route.
- *
- * We fill in the source route option as
- * hop1,hop2,hop3...dest
- * and return a pointer to hop1, which will
- * be the address to connect() to.
- *
- * Arguments:
- * arg:pointer to route list to decipher
- *
- * cpp:If *cpp is not equal to NULL, this is a
- * pointer to a pointer to a character array
- * that should be filled in with the option.
- *
- * lenp:   pointer to an integer that contains the
- * length of *cpp if *cpp != NULL.
- *
- * Return values:
- *
- * Returns the address of the host to connect to.  If the
- * return value is -1, there was a syntax error in the
- * option, either unknown characters, or too many hosts.
- * If the return value is 0, one of the hostnames in the
- * path is unknown, and *cpp is set to point to the bad
- * hostname.
- *
- * *cpp:   If *cpp was equal to NULL, it will be filled
- * in with a pointer to our static area that has
- * the option filled in.  This will be 32bit aligned.
- *
- * *lenp:  This will be filled in with how long the option
- * pointed to by *cpp is.
- *
- */
-
-static unsigned long
-sourceroute(char *arg, char **cpp, int

Re: The router doesn't know the size of the internet...

2015-10-24 Thread Florian Obser 
On Sat, Oct 24, 2015 at 06:15:48PM +0200, Sebastian Benoit wrote:
> Alexander Bluhm(alexander.bl...@gmx.net) on 2015.10.24 17:21:27 +0200:
> > On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote:
> > > ...at least better than OpenBSD's source code.
> > > 
> > > This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit.
> > > Alexander verified that this is not mandatory in the corresponding RFCs
> > > and what really matters is the per-PCB specified hop limit.
> > > 
> > > See how this simplifies a lot of rt_ifp usages?
> > > 
> > > Ok?
> > 
> > It is a SHOULD in RFC 4861 and we are OpenBSD and don't believe in
> > what those Cisco routers claim anyway.
> > 
> >Router Advertisement messages also contain Internet parameters such
> >as the hop limit that hosts should use in outgoing packets and,
> >optionally, link parameters such as the link MTU.  This facilitates
> >centralized administration of critical parameters that can be set on
> >routers and automatically propagated to all attached hosts.
> > 
> >If the received Cur Hop Limit value is non-zero, the host SHOULD set
> >its CurHopLimit variable to the received value.
> > 
> > > + if (nd_ra->nd_ra_curhoplimit) {
> > > + /*
> > > +  * Ignore it.  The router doesn't know the size of the
> > > +  * internet better than this source code.
> > > +  */
> > > + }
> > 
> > s/size/diameter/ to quote RFC 2461 correctly
> > 
> > The value should be set to that current diameter of the Internet.
> 
> who measures that and tells me what to set there?

The universe^Winternet is a spheroid region, 705 meters in diameter.

> 
> ok on the diff.
> 

already ok'ed in private.

-- 
I'm not entirely sure you are real.

Re: Introduce if_rtrequest()

2015-10-24 Thread Martin Pieuchot 
On 24/10/15(Sat) 18:01, Martin Pieuchot wrote:
> Revamping the network stack design continue here at u2k15... 
> 
> This times it's about the L2 resolution mechanism plugged into the
> routing table.  While discussing with Alexander we figured out that
> the actual ifa_rtrequest() is always called with a valid ``ifp''...
> 
> So this diff change this function into a per-ifp one an pass an ifp
> pointer as first argument.  This makes obvious that if_get/if_put is
> not needed there.
> 
> As a side effect arp_ifinit() can now die since every Ethernet driver
> initialize if_rtrequest in ether_ifattach().

Now with a dummy function as suggested by Claudio.

ok?

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.394
diff -u -p -r1.394 if.c
--- net/if.c24 Oct 2015 10:52:05 -  1.394
+++ net/if.c24 Oct 2015 16:19:49 -
@@ -520,6 +520,7 @@ if_attach_common(struct ifnet *ifp)
M_TEMP, M_WAITOK);
TAILQ_INIT(ifp->if_detachhooks);
 
+   ifp->if_rtrequest = if_rtrequest_dummy;
ifp->if_slowtimo = malloc(sizeof(*ifp->if_slowtimo), M_TEMP,
M_WAITOK|M_ZERO);
ifp->if_watchdogtask = malloc(sizeof(*ifp->if_watchdogtask),
@@ -1273,14 +1274,18 @@ ifaof_ifpforaddr(struct sockaddr *addr, 
return (ifa_maybe);
 }
 
+void
+if_rtrequest_dummy(struct ifnet *ifp, int req, struct rtentry *rt)
+{
+}
+
 /*
  * Default action when installing a local route on a point-to-point
  * interface.
  */
 void
-p2p_rtrequest(int req, struct rtentry *rt)
+p2p_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
 {
-   struct ifnet *ifp = rt->rt_ifp;
struct ifaddr *ifa, *lo0ifa;
 
switch (req) {
Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.229
diff -u -p -r1.229 if_ethersubr.c
--- net/if_ethersubr.c  22 Oct 2015 15:37:47 -  1.229
+++ net/if_ethersubr.c  24 Oct 2015 16:19:49 -
@@ -161,6 +161,23 @@ ether_ioctl(struct ifnet *ifp, struct ar
return (error);
 }
 
+
+void
+ether_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
+{
+   switch (rt_key(rt)->sa_family) {
+   case AF_INET:
+   arp_rtrequest(ifp, req, rt);
+   break;
+#ifdef INET6
+   case AF_INET6:
+   nd6_rtrequest(ifp, req, rt);
+   break;
+#endif
+   default:
+   break;
+   }
+}
 /*
  * Ethernet output routine.
  * Encapsulate a packet of type family for the local net.
@@ -505,6 +522,7 @@ ether_ifattach(struct ifnet *ifp)
ifp->if_hdrlen = ETHER_HDR_LEN;
ifp->if_mtu = ETHERMTU;
ifp->if_output = ether_output;
+   ifp->if_rtrequest = ether_rtrequest;
 
if_ih_insert(ifp, ether_input, NULL);
 
Index: net/if_gif.c
===
RCS file: /cvs/src/sys/net/if_gif.c,v
retrieving revision 1.80
diff -u -p -r1.80 if_gif.c
--- net/if_gif.c28 Sep 2015 08:32:05 -  1.80
+++ net/if_gif.c24 Oct 2015 16:19:49 -
@@ -120,6 +120,7 @@ gif_clone_create(struct if_clone *ifc, i
sc->gif_if.if_ioctl  = gif_ioctl;
sc->gif_if.if_start  = gif_start;
sc->gif_if.if_output = gif_output;
+   sc->gif_if.if_rtrequest = p2p_rtrequest;
sc->gif_if.if_type   = IFT_GIF;
IFQ_SET_MAXLEN(>gif_if.if_snd, IFQ_MAXLEN);
IFQ_SET_READY(>gif_if.if_snd);
@@ -326,7 +327,6 @@ gif_ioctl(struct ifnet *ifp, u_long cmd,
 {
struct gif_softc *sc  = (struct gif_softc*)ifp;
struct ifreq *ifr = (struct ifreq *)data;
-   struct ifaddr*ifa = (struct ifaddr *)data;
int error = 0, size;
struct sockaddr *dst, *src;
struct sockaddr *sa;
@@ -335,7 +335,6 @@ gif_ioctl(struct ifnet *ifp, u_long cmd,
 
switch (cmd) {
case SIOCSIFADDR:
-   ifa->ifa_rtrequest = p2p_rtrequest;
break;
 
case SIOCSIFDSTADDR:
Index: net/if_gre.c
===
RCS file: /cvs/src/sys/net/if_gre.c,v
retrieving revision 1.75
diff -u -p -r1.75 if_gre.c
--- net/if_gre.c16 Jul 2015 16:12:15 -  1.75
+++ net/if_gre.c24 Oct 2015 16:19:49 -
@@ -132,6 +132,7 @@ gre_clone_create(struct if_clone *ifc, i
sc->sc_if.if_flags = IFF_POINTOPOINT|IFF_MULTICAST;
sc->sc_if.if_output = gre_output;
sc->sc_if.if_ioctl = gre_ioctl;
+   sc->sc_if.if_rtrequest = p2p_rtrequest;
sc->sc_if.if_collisions = 0;
sc->sc_if.if_ierrors = 0;
sc->sc_if.if_oerrors = 0;
@@ -436,7 +437,6 @@ gre_ioctl(struct ifnet *ifp, u_long cmd,
 {
 
struct ifreq *ifr = (struct ifreq *)data;
-   struct ifaddr *ifa = (struct ifaddr *)data;
struct if_laddrreq *lifr = (struct if_laddrreq *)data;
struct ifkalivereq

Re: [patch] tcpdump segfault on invalid DECnet packet

2015-10-24 Thread Sebastian Benoit 
Stuart Henderson(st...@openbsd.org) on 2015.10.20 16:37:58 +0100:
> On 2015/10/14 11:11, Kevin Reay wrote:
> > Thanks for the review and feedback.
> > Updated patch with removed whitespace changes included.
> 
> This is fine with me. Any OKs to commit it?

yes, ok
 
> > Index: print-decnet.c
> > ===
> > RCS file: /cvs/src/usr.sbin/tcpdump/print-decnet.c,v
> > retrieving revision 1.14
> > diff -u -p -r1.14 print-decnet.c
> > --- print-decnet.c  21 Aug 2015 02:07:32 -  1.14
> > +++ print-decnet.c  14 Oct 2015 22:49:03 -
> > @@ -44,13 +44,13 @@ struct rtentry;
> >  #include "addrtoname.h"
> >  
> >  /* Forwards */
> > -static void print_decnet_ctlmsg(const union routehdr *, u_int);
> > +static int print_decnet_ctlmsg(const union routehdr *, u_int, u_int);
> >  static void print_t_info(int);
> > -static void print_l1_routes(const char *, u_int);
> > -static void print_l2_routes(const char *, u_int);
> > +static int print_l1_routes(const char *, u_int);
> > +static int print_l2_routes(const char *, u_int);
> >  static void print_i_info(int);
> > -static void print_elist(const char *, u_int);
> > -static void print_nsp(const u_char *, u_int);
> > +static int print_elist(const char *, u_int);
> > +static int print_nsp(const u_char *, u_int);
> >  static void print_reason(int);
> >  #ifdef PRINT_NSPDATA
> >  static void pdata(u_char *, int);
> > @@ -76,12 +76,23 @@ decnet_print(register const u_char *ap, 
> > return;
> > }
> >  
> > +   TCHECK2(*ap, sizeof(short));
> > pktlen = EXTRACT_LE_16BITS(ap);
> > +   if (pktlen < sizeof(struct shorthdr)) {
> > +   (void)printf("[|decnet]");
> > +   return;
> > +   }
> > +   if (pktlen > length) {
> > +   (void)printf("[|decnet]");
> > +   return;
> > +   }
> > +   length = pktlen;
> >  
> > rhlen = min(length, caplen);
> > rhlen = min(rhlen, sizeof(*rhp));
> > memcpy((char *)rhp, (char *)&(ap[sizeof(short)]), rhlen);
> >  
> > +   TCHECK(rhp->rh_short.sh_flags);
> > mflags = EXTRACT_LE_8BITS(rhp->rh_short.sh_flags);
> >  
> > if (mflags & RMF_PAD) {
> > @@ -89,6 +100,11 @@ decnet_print(register const u_char *ap, 
> > u_int padlen = mflags & RMF_PADMASK;
> > if (vflag)
> > (void) printf("[pad:%d] ", padlen);
> > +   if (length < padlen + 2) {
> > +   (void)printf("[|decnet]");
> > +   return;
> > +   }
> > +   TCHECK2(ap[sizeof(short)], padlen);
> > ap += padlen;
> > length -= padlen;
> > caplen -= padlen;
> > @@ -100,38 +116,43 @@ decnet_print(register const u_char *ap, 
> >  
> > if (mflags & RMF_FVER) {
> > (void) printf("future-version-decnet");
> > -   default_print(ap, length);
> > +   default_print(ap, min(length, caplen));
> > return;
> > }
> >  
> > /* is it a control message? */
> > if (mflags & RMF_CTLMSG) {
> > -   print_decnet_ctlmsg(rhp, min(length, caplen));
> > +   if(!print_decnet_ctlmsg(rhp, length, caplen))
> > +   goto trunc;
> > return;
> > }
> >  
> > switch (mflags & RMF_MASK) {
> > case RMF_LONG:
> > +   if (length < sizeof(struct longhdr)) {
> > +   (void)printf("[|decnet]");
> > +   return;
> > +   }
> > +   TCHECK(rhp->rh_long);
> > dst =
> > EXTRACT_LE_16BITS(rhp->rh_long.lg_dst.dne_remote.dne_nodeaddr);
> > src =
> > EXTRACT_LE_16BITS(rhp->rh_long.lg_src.dne_remote.dne_nodeaddr);
> > hops = EXTRACT_LE_8BITS(rhp->rh_long.lg_visits);
> > nspp = &(ap[sizeof(short) + sizeof(struct longhdr)]);
> > -   nsplen = min((length - sizeof(struct longhdr)),
> > -(caplen - sizeof(struct longhdr)));
> > +   nsplen = length - sizeof(struct longhdr);
> > break;
> > case RMF_SHORT:
> > +   TCHECK(rhp->rh_short);
> > dst = EXTRACT_LE_16BITS(rhp->rh_short.sh_dst);
> > src = EXTRACT_LE_16BITS(rhp->rh_short.sh_src);
> > hops = (EXTRACT_LE_8BITS(rhp->rh_short.sh_visits) & VIS_MASK)+1;
> > nspp = &(ap[sizeof(short) + sizeof(struct shorthdr)]);
> > -   nsplen = min((length - sizeof(struct shorthdr)),
> > -(caplen - sizeof(struct shorthdr)));
> > +   nsplen = length - sizeof(struct shorthdr);
> > break;
> > default:
> > (void) printf("unknown message flags under mask");
> > -   default_print((u_char *)ap, length);
> > +   default_print((u_char *)ap, min(length, caplen));
> > return;
> > }
> >  
> > @@ -147,11 +168,18 @@ decnet_print(register const u_char *ap, 
> > (void)printf("%d hops ", hops);
> > }
> >  
> > -   print_nsp(nspp, nsplen);
> > +   if (!print_nsp(nspp, nsplen))
> > +   goto trunc;
> > +   return;
> > +
> > +trunc:
> > +   (void)printf("[|decnet]");
> > +   return;
> >  }
> >

in6_selectroute regression (from c2k15)

2015-10-24 Thread Martin Pieuchot 
When I changed rt_ifp to no longer point to lo0 for RTF_LOCAL routes I
forgot the chunk below and introduced a regression.

Checking for (rt_ifp->if_flags & IFF_LOOPBACK) was the old way to check
for RTF_LOCAL.

ok?

Index: netinet6/in6_src.c
===
RCS file: /cvs/src/sys/netinet6/in6_src.c,v
retrieving revision 1.66
diff -u -p -r1.66 in6_src.c
--- netinet6/in6_src.c  24 Oct 2015 12:33:16 -  1.66
+++ netinet6/in6_src.c  24 Oct 2015 14:09:00 -
@@ -396,8 +396,8 @@ in6_selectroute(struct sockaddr_in6 *dst
if (opts && opts->ip6po_pktinfo &&
opts->ip6po_pktinfo->ipi6_ifindex) {
if (ro->ro_rt != NULL &&
-   (ro->ro_rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0 &&
-   ro->ro_rt->rt_ifp->if_index !=
+   !ISSET(ro->ro_rt->rt_flags, RTF_LOCAL) &&
+   ro->ro_rt->rt_ifidx !=
opts->ip6po_pktinfo->ipi6_ifindex) {
return (NULL);
}

Re: The router doesn't know the size of the internet...

2015-10-24 Thread Sebastian Benoit 
Alexander Bluhm(alexander.bl...@gmx.net) on 2015.10.24 17:21:27 +0200:
> On Sat, Oct 24, 2015 at 04:02:59PM +0200, Martin Pieuchot wrote:
> > ...at least better than OpenBSD's source code.
> > 
> > This diff gets rid of the horrible per-ifp autoconf'd-ndp only hoplimit.
> > Alexander verified that this is not mandatory in the corresponding RFCs
> > and what really matters is the per-PCB specified hop limit.
> > 
> > See how this simplifies a lot of rt_ifp usages?
> > 
> > Ok?
> 
> It is a SHOULD in RFC 4861 and we are OpenBSD and don't believe in
> what those Cisco routers claim anyway.
> 
>Router Advertisement messages also contain Internet parameters such
>as the hop limit that hosts should use in outgoing packets and,
>optionally, link parameters such as the link MTU.  This facilitates
>centralized administration of critical parameters that can be set on
>routers and automatically propagated to all attached hosts.
> 
>If the received Cur Hop Limit value is non-zero, the host SHOULD set
>its CurHopLimit variable to the received value.
> 
> > +   if (nd_ra->nd_ra_curhoplimit) {
> > +   /*
> > +* Ignore it.  The router doesn't know the size of the
> > +* internet better than this source code.
> > +*/
> > +   }
> 
> s/size/diameter/ to quote RFC 2461 correctly
> 
> The value should be set to that current diameter of the Internet.

who measures that and tells me what to set there?

ok on the diff.

Re: kill NLS (native language support) libc errno message

2015-10-24 Thread Stefan Sperling 
On Sat, Oct 24, 2015 at 04:07:59PM +0200, Alexander Bluhm wrote:
> Hi,
> 
> The only thing that is translated into multiple languages in OpenBSD
> are the errno messages and signal names.  Everything else is in
> English.  We are not planning to translate more text.  Running a
> mixed system with less than 1% of the text in native language makes
> no sense.  So I suggest to remove the NLS support from libc messages.
> The catopen(3) functions stay as they are.
> 
> I already saw performance issues with NLS as generating error
> messages currently requires disk access.
> 
> I will take care of mtree and bsd.nls.mk if we agree on this
> direction.
> 
> There are some NLS leftovers in pledge(2).  I will remove them later
> after people have updated libc.
> 
> ok for the libc part?

I am very happy to see this go away. There's no point in translating
just strerror() strings, and there are no plans to translate the
base system.

Many ports will still use their own translations with gettext. The
errno strings will be in English regardless of language settings,
but everything else about gettext in ports will still work.

OK by me.

kill NLS (native language support) libc errno message

2015-10-24 Thread Alexander Bluhm 
Hi,

The only thing that is translated into multiple languages in OpenBSD
are the errno messages and signal names.  Everything else is in
English.  We are not planning to translate more text.  Running a
mixed system with less than 1% of the text in native language makes
no sense.  So I suggest to remove the NLS support from libc messages.
The catopen(3) functions stay as they are.

I already saw performance issues with NLS as generating error
messages currently requires disk access.

I will take care of mtree and bsd.nls.mk if we agree on this
direction.

There are some NLS leftovers in pledge(2).  I will remove them later
after people have updated libc.

ok for the libc part?

bluhm

Index: lib/libc/Makefile
===
RCS file: /data/mirror/openbsd/cvs/src/lib/libc/Makefile,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile
--- lib/libc/Makefile   29 Aug 2015 06:08:49 -  1.36
+++ lib/libc/Makefile   24 Oct 2015 12:07:13 -
@@ -1,9 +1,5 @@
 #  $OpenBSD: Makefile,v 1.36 2015/08/29 06:08:49 deraadt Exp $
 #
-# The NLS (message catalog) functions are always in libc.  To choose that
-# strerror(), perror(), strsignal(), psignal(), etc. actually call the NLS
-# functions, put -DNLS on the CFLAGS line below.
-#
 # The YP functions are always in libc. To choose that getpwent() and friends
 # actually call the YP functions, put -DYP on the CFLAGS line below.
 
@@ -22,12 +18,6 @@ SYMBOL_LISTS=${LIBCSRCDIR}/Symbols.list
 
 LIBCSRCDIR=${.CURDIR}
 .include "${LIBCSRCDIR}/Makefile.inc"
-
-NLS=   C.msg Pig.msg da.ISO8859-1.msg da.UTF-8.msg de.ISO8859-1.msg \
-   de.UTF-8.msg es.ISO8859-1.msg es.UTF-8.msg fi.ISO8859-1.msg \
-   fi.UTF-8.msg fr.ISO8859-1.msg fr.UTF-8.msg it.UTF-8.msg \
-   nl.ISO8859-1.msg nl.UTF-8.msg no.ISO8859-1.msg no.UTF-8.msg \
-   ru.KOI8-R.msg ru.UTF-8.msg sv.ISO8859-1.msg sv.UTF-8.msg
 
 all: tags
 tags: ${SRCS}
Index: lib/libc/Makefile.inc
===
RCS file: /data/mirror/openbsd/cvs/src/lib/libc/Makefile.inc,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile.inc
--- lib/libc/Makefile.inc   10 Sep 2015 18:13:46 -  1.25
+++ lib/libc/Makefile.inc   24 Oct 2015 12:09:50 -
@@ -66,5 +66,3 @@ AINC+=  -nostdinc -idirafter ${DESTDIR}/
 .endif
 
 ${OBJS} ${GOBJS} ${POBJS} ${SOBJS} ${DOBJS}: ${LIBCSRCDIR}/include/namespace.h
-
-CFLAGS+=-DNLS
Index: lib/libc/nls/C.msg
===
RCS file: lib/libc/nls/C.msg
diff -N lib/libc/nls/C.msg
--- lib/libc/nls/C.msg  24 Oct 2015 10:42:02 -  1.3
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,246 +0,0 @@
-$set 1
-$ EPERM
-1 Operation not permitted
-$ ENOENT
-2 No such file or directory
-$ ESRCH
-3 No such process
-$ EINTR
-4 Interrupted system call
-$ EIO
-5 Input/output error
-$ ENXIO
-6 Device not configured
-$ E2BIG
-7 Argument list too long
-$ ENOEXEC
-8 Exec format error
-$ EBADF
-9 Bad file descriptor
-$ ECHILD
-10 No child processes
-$ EDEADLK
-11 Resource deadlock avoided
-$ ENOMEM
-12 Cannot allocate memory
-$ EACCES
-13 Permission denied
-$ EFAULT
-14 Bad address
-$ ENOTBLK
-15 Block device required
-$ EBUSY
-16 Device busy
-$ EEXIST
-17 File exists
-$ EXDEV
-18 Cross-device link
-$ ENODEV
-19 Operation not supported by device
-$ ENOTDIR
-20 Not a directory
-$ EISDIR
-21 Is a directory
-$ EINVAL
-22 Invalid argument
-$ ENFILE
-23 Too many open files in system
-$ EMFILE
-24 Too many open files
-$ ENOTTY
-25 Inappropriate ioctl for device
-$ ETXTBSY
-26 Text file busy
-$ EFBIG
-27 File too large
-$ ENOSPC
-28 No space left on device
-$ ESPIPE
-29 Illegal seek
-$ EROFS
-30 Read-only file system
-$ EMLINK
-31 Too many links
-$ EPIPE
-32 Broken pipe
-$ EDOM
-33 Numerical argument out of domain
-$ ERANGE
-34 Result too large
-$ EAGAIN, EWOULDBLOCK
-35 Resource temporarily unavailable
-$ EINPROGRESS
-36 Operation now in progress
-$ EALREADY
-37 Operation already in progress
-$ ENOTSOCK
-38 Socket operation on non-socket
-$ EDESTADDRREQ
-39 Destination address required
-$ EMSGSIZE
-40 Message too long
-$ EPROTOTYPE
-41 Protocol wrong type for socket
-$ ENOPROTOOPT
-42 Protocol not available
-$ EPROTONOSUPPORT
-43 Protocol not supported
-$ ESOCKTNOSUPPORT
-44 Socket type not supported
-$ EOPNOTSUPP
-45 Operation not supported
-$ EPFNOSUPPORT
-46 Protocol family not supported
-$ EAFNOSUPPORT
-47 Address family not supported by protocol family
-$ EADDRINUSE
-48 Address already in use
-$ EADDRNOTAVAIL
-49 Can't assign requested address
-$ ENETDOWN
-50 Network is down
-$ ENETUNREACH
-51 Network is unreachable
-$ ENETRESET
-52 Network dropped connection on reset
-$ ECONNABORTED
-53 Software caused connection abort
-$ ECONNRESET
-54 Connection reset by peer
-$ ENOBUFS
-55 No buffer space available
-$ EISCONN
-56 Socket is already connected
-$ ENOTCONN
-57 Socket is not connected
-$ ESHUTDOWN
-58 Can't send after socket shutdown

Re: unify errno messages

2015-10-24 Thread Todd C. Miller 
On Sat, 24 Oct 2015 00:41:18 +0200, Alexander Bluhm wrote:

> Before removig nls, I would like to unify all error messages in
> - include comment
> - libc comment
> - nls C
> - man page
> 
> The EPROGUNAVAIL change is just beautification.  Any objections
> against that?

OK millert@

 - todd

Re: syslogd pledge rpath cacert

2015-10-24 Thread Todd C. Miller 
On Sat, 24 Oct 2015 01:03:28 +0200, Alexander Bluhm wrote:

> When loading the CA certificates at startup fails, the syslogd child
> tries to load the default CA file when it connects to a TLS server.
> This always fails, as the child is chrooted to /var/empty.  Set the
> CA storage to an empty string, to remove the pledge "rpath".

OK millert@

 - todd

More easy rt_ifix conversions

2015-10-24 Thread Martin Pieuchot 
ok?

Index: netinet/if_ether.c
===
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.176
diff -u -p -r1.176 if_ether.c
--- netinet/if_ether.c  22 Oct 2015 18:14:53 -  1.176
+++ netinet/if_ether.c  24 Oct 2015 12:39:24 -
@@ -141,7 +141,7 @@ arp_rtrequest(int req, struct rtentry *r
 {
struct sockaddr *gate = rt->rt_gateway;
struct llinfo_arp *la = (struct llinfo_arp *)rt->rt_llinfo;
-   struct ifnet *ifp = rt->rt_ifp;
+   struct ifnet *ifp;
struct ifaddr *ifa;
struct mbuf *m;
 
@@ -166,8 +166,9 @@ arp_rtrequest(int req, struct rtentry *r
if (rt->rt_flags & (RTF_GATEWAY|RTF_BROADCAST))
return;
 
-   switch (req) {
+   ifp = if_get(rt->rt_ifidx);
 
+   switch (req) {
case RTM_ADD:
/*
 * XXX: If this is a manually added route to interface
@@ -251,6 +252,8 @@ arp_rtrequest(int req, struct rtentry *r
}
pool_put(_pool, la);
}
+
+   if_put(ifp);
 }
 
 /*
Index: netinet/in_pcb.c
===
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.186
diff -u -p -r1.186 in_pcb.c
--- netinet/in_pcb.c23 Oct 2015 13:26:07 -  1.186
+++ netinet/in_pcb.c24 Oct 2015 12:41:54 -
@@ -624,19 +624,22 @@ in_pcbnotifyall(struct inpcbtable *table
 void
 in_losing(struct inpcb *inp)
 {
+   struct ifnet *ifp;
struct rtentry *rt;
struct rt_addrinfo info;
 
if ((rt = inp->inp_route.ro_rt)) {
-   inp->inp_route.ro_rt = 0;
+   inp->inp_route.ro_rt = NULL;
 
memset(, 0, sizeof(info));
info.rti_flags = rt->rt_flags;
info.rti_info[RTAX_DST] = >inp_route.ro_dst;
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
info.rti_info[RTAX_NETMASK] = rt_mask(rt);
-   rt_missmsg(RTM_LOSING, , rt->rt_flags, rt->rt_ifp, 0,
+   ifp = if_get(rt->rt_ifidx);
+   rt_missmsg(RTM_LOSING, , rt->rt_flags, ifp, 0,
inp->inp_rtableid);
+   if_put(ifp);
if (rt->rt_flags & RTF_DYNAMIC)
(void)rtrequest1(RTM_DELETE, , rt->rt_priority,
NULL, inp->inp_rtableid);
Index: netinet/ip_input.c
===
RCS file: /cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.258
diff -u -p -r1.258 ip_input.c
--- netinet/ip_input.c  19 Oct 2015 11:59:26 -  1.258
+++ netinet/ip_input.c  24 Oct 2015 12:52:35 -
@@ -1452,7 +1452,7 @@ ip_forward(struct mbuf *m, struct ifnet 
 * Don't send redirect if we advertise destination's arp address
 * as ours (proxy arp).
 */
-   if (rt->rt_ifp == ifp &&
+   if ((rt->rt_ifidx == ifp->if_index) &&
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 &&
satosin(rt_key(rt))->sin_addr.s_addr != 0 &&
ipsendredirects && !srcrt &&
Index: netinet/tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.305
diff -u -p -r1.305 tcp_input.c
--- netinet/tcp_input.c 11 Sep 2015 08:17:06 -  1.305
+++ netinet/tcp_input.c 24 Oct 2015 12:26:49 -
@@ -2989,7 +2989,7 @@ tcp_mss(struct tcpcb *tp, int offer)
if (rt == NULL)
goto out;
 
-   ifp = rt->rt_ifp;
+   ifp = if_get(rt->rt_ifidx);
 
switch (tp->pf) {
 #ifdef INET6
@@ -3065,6 +3065,7 @@ tcp_mss(struct tcpcb *tp, int offer)
}
 
  out:
+   if_put(ifp);
/*
 * The current mss, t_maxseg, is initialized to the default value.
 * If we compute a smaller value, reduce the current mss.

two simple netinet6 rt_ifidx conversion

2015-10-24 Thread Martin Pieuchot 
Index: netinet6/in6_ifattach.c
===
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.97
diff -u -p -r1.97 in6_ifattach.c
--- netinet6/in6_ifattach.c 22 Oct 2015 15:37:47 -  1.97
+++ netinet6/in6_ifattach.c 24 Oct 2015 12:56:50 -
@@ -546,7 +546,7 @@ in6_ifdetach(struct ifnet *ifp)
sin6.sin6_addr = in6addr_intfacelocal_allnodes;
sin6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
rt = rtalloc(sin6tosa(), 0, ifp->if_rdomain);
-   if (rt && rt->rt_ifp == ifp) {
+   if (rt && rt->rt_ifidx == ifp->if_index) {
rtdeletemsg(rt, ifp->if_rdomain);
rtfree(rt);
}
@@ -558,7 +558,7 @@ in6_ifdetach(struct ifnet *ifp)
sin6.sin6_addr = in6addr_linklocal_allnodes;
sin6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
rt = rtalloc(sin6tosa(), 0, ifp->if_rdomain);
-   if (rt && rt->rt_ifp == ifp) {
+   if (rt && rt->rt_ifidx == ifp->if_index) {
rtdeletemsg(rt, ifp->if_rdomain);
rtfree(rt);
}
Index: netinet6/in6_src.c
===
RCS file: /cvs/src/sys/netinet6/in6_src.c,v
retrieving revision 1.66
diff -u -p -r1.66 in6_src.c
--- netinet6/in6_src.c  24 Oct 2015 12:33:16 -  1.66
+++ netinet6/in6_src.c  24 Oct 2015 13:00:19 -
@@ -233,8 +233,12 @@ in6_selectsrc(struct in6_addr **in6src, 
rt = nd6_lookup(_next->sin6_addr, 1, NULL,
rtableid);
if (rt != NULL) {
-   ia6 = in6_ifawithscope(rt->rt_ifp, dst,
-   rtableid);
+   ifp = if_get(rt->rt_ifidx);
+   if (ifp != NULL) {
+   ia6 = in6_ifawithscope(ifp, dst,
+   rtableid);
+   if_put(ifp);
+   }
if (ia6 == NULL)
ia6 = ifatoia6(rt->rt_ifa);
rtfree(rt);
@@ -285,8 +289,11 @@ in6_selectsrc(struct in6_addr **in6src, 
 */
 
if (ro->ro_rt) {
-   ia6 = in6_ifawithscope(ro->ro_rt->rt_ifp, dst,
-   rtableid);
+   ifp = if_get(ro->ro_rt->rt_ifidx);
+   if (ifp != NULL) {
+   ia6 = in6_ifawithscope(ifp, dst, rtableid);
+   if_put(ifp);
+   }
if (ia6 == NULL) /* xxx scope error ?*/
ia6 = ifatoia6(ro->ro_rt->rt_ifa);
}

Re: pledge(2) in quiz(6)

2015-10-24 Thread Jan Stary 
Any comments/OK?

On Oct 22 13:49:28, h...@stare.cz wrote:
> games/quiz.c popen()s a PAGER to display the help message.
> Throw that away and let the use pipe into a PAGER if needed.
> Then we can just pledge "stdio rpath".
> 
>   Jan
> 
> 
> Index: quiz.c
> ===
> RCS file: /cvs/src/games/quiz/quiz.c,v
> retrieving revision 1.21
> diff -u -p -u -p -r1.21 quiz.c
> --- quiz.c29 Aug 2013 20:22:18 -  1.21
> +++ quiz.c22 Oct 2015 11:42:42 -
> @@ -66,6 +66,9 @@ main(int argc, char *argv[])
>   int ch;
>   const char *indexfile;
>  
> + if (pledge("stdio rpath", NULL) == -1)
> + err(1, "pledge");
> +
>   indexfile = _PATH_QUIZIDX;
>   while ((ch = getopt(argc, argv, "i:t")) != -1)
>   switch(ch) {
> @@ -144,30 +147,21 @@ show_index(void)
>  {
>   QE *qp;
>   const char *p, *s;
> - FILE *pf;
> - const char *pager;
>  
> - if (!isatty(1))
> - pager = "/bin/cat";
> - else if (!(pager = getenv("PAGER")) || (*pager == 0))
> - pager = _PATH_PAGER;
> - if ((pf = popen(pager, "w")) == NULL)
> - err(1, "%s", pager);
> - (void)fprintf(pf, "Subjects:\n\n");
> + printf("Subjects:\n\n");
>   for (qp = qlist.q_next; qp; qp = qp->q_next) {
>   for (s = next_cat(qp->q_text); s; s = next_cat(s)) {
>   if (!rxp_compile(s))
>   errx(1, "%s", rxperr);
>   if ((p = rxp_expand()))
> - (void)fprintf(pf, "%s ", p);
> + printf("%s ", p);
>   }
> - (void)fprintf(pf, "\n");
> + printf("\n");
>   }
> - (void)fprintf(pf, "\n%s\n%s\n%s\n",
> + printf("\n%s\n%s\n%s\n",
>  "For example, \"quiz victim killer\" prints a victim's name and you reply",
>  "with the killer, and \"quiz killer victim\" works the other way around.",
>  "Type an empty line to get the correct answer.");
> - (void)pclose(pf);
>  }
>  
>  void

pledge(2) spamdb(8)

2015-10-24 Thread Ricardo Mestre 

Hi tech@,

spamdb(8) can pledge(2) for "stdio rpath wpath flock" and "flock" 
permission can be dropped after "/var/db/spamd" is opened with dbopen(3).


Index: spamdb.c
===
RCS file: /cvs/src/usr.sbin/spamdb/spamdb.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 spamdb.c
--- spamdb.c24 Nov 2013 01:06:19 -  1.29
+++ spamdb.c24 Oct 2015 20:23:24 -
@@ -276,6 +276,9 @@ main(int argc, char **argv)
HASHINFOhashinfo;
DB  *db;

+   if (pledge("stdio rpath wpath flock", NULL) == -1)
+   err(1, "pledge");
+
while ((ch = getopt(argc, argv, "adtT")) != -1) {
switch (ch) {
case 'a':
@@ -307,6 +310,9 @@ main(int argc, char **argv)
err(1, "cannot open %s for %s", PATH_SPAMD_DB,
action ? "writing" : "reading");
}
+
+   if (pledge("stdio rpath wpath", NULL) == -1)
+   err(1, "pledge");

switch (action) {
case 0:

Best regards,
Ricardo Mestre

[patch] tcpdump - better BGP UPDATE AS_PATH size calculations

2015-10-24 Thread Kevin Reay 
Adopt an updated version of the tcpdump.org ASN size calculation for
BGP UPDATE message AS_PATHs. This corrects some bad behaviour due to
incorrect ASN size calculations.

I believe that the current way of calculating the ASN size for an
UPDATE AS_PATH attribute is flawed.

Currently, the ASN length (2 or 4 bytes) is calculated by dividing the
total length of the AS_PATH attribute by the number of ASNs (p[1]) in
the *first set encountered*:

asn_bytes = (len-2)/p[1];

The assumption that this first segment length describes the entire
attribute is incorrect; there could be multiple path segment lengths
in the attribute. The current method only uses the first encountered
segment length (while using the entire attribute's byte length).

This very often works fine, and when the calculation is incorrect the
printf code only prints the first 2 bytes due to the way the if
statements are structured, so it usually appears to work. 

(Sometimes the calculated ASN length isn't even 2 or 4 bytes, often
causing 2 separate ASNs to be printed together as one ASN in ASDOT
notation.)

Example: here's the original OpenBSD output for a 2-byte encoded
AS_PATH:
(AS_PATH[T] 30)
here's tcpdump.org 4.5.1 on Linux:
AS Path (2), length: 10, Flags [T]: 30 { 10 20 }
and here's OpenBSD with the changes in this patch:
(AS_PATH[T] 30 {10 20})

A comment in the original code claims:
 ...
 * To identify which is the case, compare the length of the path
 * segment value in bytes, with the path segment length from the
 * message (counted in # of AS)

This incorrectly describes the calculation being performed; the length
being compared isn't just the length of the "path segment value" but of
the entire attribute.

I've attached an updated version of the upstream's heuristics function
for calculating the ASN size: bgp_attr_get_as_size(). The updated
version contains style(9) changes, simplifications, an additional
validity check (non-zero segment lengths), and comment re-writes.

I'm interested in hearing any feedback. I'm also interested if anyone
with experience using tcpdump with BGP packets can report seeing the
incorrect behaviour described here in the past.

Index: print-bgp.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
retrieving revision 1.18
diff -u -p -r1.18 print-bgp.c
--- print-bgp.c 20 Oct 2015 11:29:07 -  1.18
+++ print-bgp.c 24 Oct 2015 18:21:55 -
@@ -140,6 +140,9 @@ struct bgp_attr {
 #define BGP_CONFED_AS_SEQUENCE 3 /* draft-ietf-idr-rfc3065bis-01 */
 #define BGP_CONFED_AS_SET  4 /* draft-ietf-idr-rfc3065bis-01  */
 
+#define BGP_AS_SEG_TYPE_MINBGP_AS_SET
+#define BGP_AS_SEG_TYPE_MAXBGP_CONFED_AS_SET
+
 static struct tok bgp_as_path_segment_open_values[] = {
{ BGP_AS_SET,   " {" },
{ BGP_AS_SEQUENCE,  " " },
@@ -400,6 +403,55 @@ trunc:
 }
 #endif
 
+/*
+ * Try to determine the size of the ASs encoded in an AS-path. It is
+ * not obvious as both speaker types exchange AS-paths with the same
+ * path-attribute type.
+ */
+static int
+bgp_attr_get_as_size(u_int8_t bgpa_type, const u_char *dat, int len)
+{
+   const u_char *p;
+
+   p = dat;
+
+   /* AS4 path types are always encoded in 4-byte format */
+   if (bgpa_type == BGPTYPE_AS4_PATH) {
+   return 4;
+   }
+
+   /*
+* Start by assuming 2-byte ASs. Iterate through the path data using the
+* segment length values. Switch to 4-bytes if we encounter an invalid
+* field value/if the AS-Path length is invalid for the assumed size.
+*/
+   while (p < dat + len) {
+   TCHECK(p[0]);
+
+   /* check segment type: invalid value means wrong size */
+   if (p[0] < BGP_AS_SEG_TYPE_MIN || p[0] > BGP_AS_SEG_TYPE_MAX)
+   goto trunc;
+
+   TCHECK(p[1]);
+
+   /* check segment length: invalid indicates wrong size */
+   if (p[1] == 0)
+   goto trunc;
+
+   p += 2 + p[1] * 2;
+   }
+
+   /* matching length: it's very likely the ASs were encoded as 2-bytes */
+   if (p == dat + len)
+   return 2;
+trunc:
+   /*
+* Either there was not enough data or we tried to decode 4-byte ASs
+* with an incorrect size of 2-bytes.
+*/
+   return 4;
+}
+
 static int
 bgp_attr_print(const struct bgp_attr *attr, const u_char *dat, int len)
 {
@@ -425,17 +477,7 @@ bgp_attr_print(const struct bgp_attr *at
}
break;
case BGPTYPE_AS4_PATH:
-   asn_bytes = 4;
-   /* FALLTHROUGH */
case BGPTYPE_AS_PATH:
-   /*
-* 2-byte speakers will receive AS4_PATH as well AS_PATH (2-byte).
-* 4-byte speakers will only receive AS_PATH but it will be 4-byte.
-* To identify which is the case, compare the length of the

Re: pledge(2) date(1) earlier

2015-10-24 Thread Ricardo Mestre 

I meant pledge(2) of course :)

On 24/10/2015 18:52, Ricardo Mestre wrote:

Hi tech@

Now that settime is available in pledge(6) then date(1) can pledge 
earlier, and afterwards drop the settime privilege (this is already in):


Index: date.c
===
RCS file: /cvs/src/bin/date/date.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 date.c
--- date.c  9 Oct 2015 01:37:06 -   1.49
+++ date.c  24 Oct 2015 17:50:58 -
@@ -66,6 +66,9 @@ main(int argc, char *argv[])

setlocale(LC_ALL, "");

+if (pledge("stdio rpath wpath settime", NULL) == -1)
+   err(1, "pledge");
+
tz.tz_dsttime = tz.tz_minuteswest = 0;
rflag = 0;
while ((ch = getopt(argc, argv, "ad:jr:ut:z:")) != -1)

Best regards,
Ricardo Mestre

httpd and FastCGI - incorrect assumption?

2015-10-24 Thread Adam Wysocki 
Hi tech@ reader,

I am running OpenBSD 5.8 on amd64 and I have encountered a non-deterministic 
and incorrect behavior of httpd and slowcgi. I traced the problem to be that 
httpd is assuming that only first FastCGI FCGI_STDOUT record will contain 
headers and all subsequent records contain body (regardless of occurence of 
two newline characters that should separate header and body section), while 
for slowcgi it is not true.

This is intentional in httpd. See server_fcgi.c, line 549:

---
case FCGI_STDOUT:
if (++clt->clt_chunk == 1) {
if (server_fcgi_header(clt,
server_fcgi_getheaders(clt))
== -1) {
server_abort_http(clt, 500,
"malformed fcgi headers");
return;
}
---

Are there any reasons for such assumption?

Instructions for replication are below.

My server config is:

---
ext_addr="*"

chroot "/var/www"
logdir "/var/www/logs"
prefork 3

types {
include "/usr/share/misc/mime.types"
}

[... other unrelated server blocks ...]

server "test.domain" {
listen on $ext_addr port 80
fastcgi socket "/run/slowcgi.sock"
root "/cgi-bin/test.cgi"
log access "access-test.log"
log error "error-test.log"
}
---

/var/www/cgi-bin/test.cgi:

---
#!/bin/sh

echo Header1: value
echo Header2: value
echo
echo Body
---

Of course /var/www/bin/sh is present, too.

Request is always the same:

---
GET / HTTP/1.1
Host: test.domain:80
---

But it generates different results. Most of the time results are 
incorrect, with Header2 placed in the Body section but in separate 
http chunks:

---
HTTP/1.1 200 OK
Connection: keep-alive
Date: Sat, 24 Oct 2015 19:08:48 GMT
Header1: value
Server: OpenBSD httpd
Transfer-Encoding: chunked

f
Header2: value

6

Body

0
---

Sometimes they are in one chunk:

---
HTTP/1.1 200 OK
Connection: keep-alive
Date: Sat, 24 Oct 2015 19:08:49 GMT
Header1: value
Server: OpenBSD httpd
Transfer-Encoding: chunked

15
Header2: value

Body

0
---

And sometimes (rarely) the result is correct:

---
HTTP/1.1 200 OK
Connection: keep-alive
Date: Sat, 24 Oct 2015 19:09:28 GMT
Header1: value
Header2: value
Server: OpenBSD httpd
Transfer-Encoding: chunked

6

Body

0
---

This of course is wrong and prevents a real-life server (cgit) from 
working, as sometimes headers generated by cgit.cgi go into the body 
part of http response (that's why I started digging).

Sniffing on the slowcgi socket with socat:

mv fastcgi.sock fastcgi-orig.sock
socat -t100 -x -v UNIX-LISTEN:fastcgi.sock,mode=777,reuseaddr,fork \
UNIX-CONNECT:fastcgi-orig.sock

revealed that sometimes slowcgi sends:

- FCGI_STDOUT record with the first header
- FCGI_STDOUT record with the second header and body
- FCGI_STDOUT with empty data
- FCGI_STDERR with empty data
- FCGI_END_REQUEST

---
< 2015/10/24 21:19:47.072936  length=23 from=0 to=22
 01 06 00 01 00 0f 00 00 48 65 61 64 65 72 31 3a  Header1:
 20 76 61 6c 75 65 0a  value.
--
< 2015/10/24 21:19:47.073572  length=29 from=23 to=51
 01 06 00 01 00 15 00 00 48 65 61 64 65 72 32 3a  Header2:
 20 76 61 6c 75 65 0a  value.
 0a   .
 42 6f 64 79 0a   Body.
--
< 2015/10/24 21:19:47.075855  length=32 from=52 to=83
 01 06 00 01 00 00 00 00 01 07 00 01 00 00 00 00  
 01 03 00 01 00 08 00 00 00 00 00 00 00 00 00 00  
---

In the case that is handled correctly by the httpd, it sends:

- FCGI_STDOUT record with both headers and body
- FCGI_STDERR with empty data
- FCGI_STDOUT with empty data
- FCGI_END_REQUEST

---
< 2015/10/24 21:21:05.291454  length=44 from=0 to=43
 01 06 00 01 00 24 00 00 48 65 61

inteldrm(4) diff that needs testing

2015-10-24 Thread Mark Kettenis 
The diff below makes inteldrm(4) attach directly to pci(4) instead of
vga(1).  Because inteldrm(4) depends on intagp(4), this also make
intagp(4) a child of inteldrm(4).  Ultimately I'd like to integrate
intagp(4) into inteldrm(4), but that's going to be a bit more work.

This diff is needed to make inteldrm(4) work when OpenBSD gets booted
by UEFI firmware.  It will also make inteldrm(4) work on machines with
discrete graphics.

This diff needs to be tested on a wide range of hardware.  So if you
have a machine with inteldrm(4), please give it a shot.  I'm
particularly interested in testing on an x40.


Index: arch/amd64/conf/GENERIC
===
RCS file: /cvs/src/sys/arch/amd64/conf/GENERIC,v
retrieving revision 1.398
diff -u -p -r1.398 GENERIC
--- arch/amd64/conf/GENERIC 30 Sep 2015 12:24:44 -  1.398
+++ arch/amd64/conf/GENERIC 9 Oct 2015 20:40:52 -
@@ -300,15 +300,16 @@ wsdisplay0at vga? console 1
 wskbd* at pckbd? mux 1
 wsmouse*   at pms? mux 0
 
-intagp*at vga? # intel integrated graphics
 #mmuagp*   at pchb?# amd64 mmu agp.
-
-agp*   at intagp?
 #agp*  at mmuagp?
 
-inteldrm*  at vga? # Intel i915, i945 DRM driver
+inteldrm*  at pci? # Intel i915, i945 DRM driver
+intagp*at inteldrm?
+agp*   at intagp?
 drm0   at inteldrm? console 1
 drm*   at inteldrm?
+wsdisplay0 at inteldrm? console 1
+wsdisplay* at inteldrm?
 radeondrm* at pci? # ATI Radeon DRM driver
 drm0   at radeondrm? console 1
 drm*   at radeondrm?
Index: arch/amd64/conf/files.amd64
===
RCS file: /cvs/src/sys/arch/amd64/conf/files.amd64,v
retrieving revision 1.81
diff -u -p -r1.81 files.amd64
--- arch/amd64/conf/files.amd64 4 Sep 2015 23:22:56 -   1.81
+++ arch/amd64/conf/files.amd64 9 Oct 2015 16:36:41 -
@@ -133,7 +133,7 @@ attach  amas at pci
 file   dev/pci/amas.c  amas
 
 # AGP bridge support. most attach at pchb
-file   arch/amd64/pci/agp_machdep.cagp
+file   arch/amd64/pci/agp_machdep.cagp | inteldrm
 
 #
 # CARDBUS
Index: arch/i386/conf/GENERIC
===
RCS file: /cvs/src/sys/arch/i386/conf/GENERIC,v
retrieving revision 1.806
diff -u -p -r1.806 GENERIC
--- arch/i386/conf/GENERIC  30 Sep 2015 12:15:12 -  1.806
+++ arch/i386/conf/GENERIC  10 Oct 2015 15:50:43 -
@@ -358,7 +358,6 @@ wsdisplay0  at pcdisplay? console 1
 wskbd* at pckbd? mux 1
 wsmouse*   at pms? mux 0
 
-intagp*at vga? # intel integrated graphics agp
 aliagp*at pchb?
 amdagp*at pchb?
 intelagp*  at pchb?
@@ -366,7 +365,6 @@ sisagp* at pchb?
 viaagp*at pchb?
 #mmuagp*   at pchb?
 
-agp*   at intagp?  # AGP bridges
 agp*   at aliagp?  # AGP bridges
 agp*   at amdagp?  # AGP bridges
 agp*   at intelagp?# AGP bridges
@@ -374,9 +372,13 @@ agp*   at sisagp?  # AGP bridges
 agp*   at viaagp?  # AGP bridges
 #agp*  at mmuagp?  
 
-inteldrm*  at vga? # Intel i915, i945 DRM driver
+inteldrm*  at pci? # Intel i915, i945 DRM driver
+intagp*at inteldrm?
+agp*   at intagp?
 drm0   at inteldrm? console 1
 drm*   at inteldrm?
+wsdisplay0 at inteldrm? console 1
+wsdisplay* at inteldrm?
 radeondrm* at pci? # ATI Radeon DRM driver
 drm0   at radeondrm? console 1
 drm*   at radeondrm?
Index: arch/i386/conf/files.i386
===
RCS file: /cvs/src/sys/arch/i386/conf/files.i386,v
retrieving revision 1.226
diff -u -p -r1.226 files.i386
--- arch/i386/conf/files.i386   20 Aug 2015 04:41:46 -  1.226
+++ arch/i386/conf/files.i386   24 Oct 2015 21:28:00 -
@@ -113,7 +113,7 @@ attach  amas at pci
 filedev/pci/amas.c amas
 
 # AGP bridge support. most attach at pchb
-file   arch/i386/pci/agp_machdep.c agp
+file   arch/i386/pci/agp_machdep.c agp | inteldrm
 
 # AMD Elan SC520 System Controller (PCI-Host bridge)
 device elansc: gpiobus
Index: dev/pci/agp_i810.c
===
RCS file: /cvs/src/sys/dev/pci/agp_i810.c,v
retrieving revision 1.91
diff -u -p -r1.91 agp_i810.c
--- dev/pci/agp_i810.c  9 Oct 2015 13:22:54 -   1.91
+++ dev/pci/agp_i810.c  24 Oct 2015 21:17:05 -
@@ -43,11 +43,7 @@
 #include 
 #include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
+#include 
 
 #include 
 
@@ -84,7 +80,9 @@ struct agp_i810_softc {
struct agp_softc*agpdev;
struct agp_gatt

Re: use machdep.lidsuspend=2 for hibernate

2015-10-24 Thread Glenn Faustino 
This patch works fine on my Thinkpad x220. Hibernate/unhibernate works when
closing/opening the lid.

Thanks,
Glenn


dmesg:


OpenBSD 5.8-current (GENERIC.MP ) #0: Sat Oct 24
15:07:40 PHT 2015
root@X220.domain.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP

RTC BIOS diagnostic error 80
real mem = 8451125248 (8059MB)
avail mem = 8190869504 (7811MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
bios0: LENOVO 4291G36
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA
SSDT SSDT UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3)
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.53 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.41 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.41 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.41 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3(200@109 io@0x416), C2(500@80 io@0x414), C1(1000@1
halt), PSS
acpicpu1 at acpi0: C3(200@109 io@0x416), C2(500@80 io@0x414), C1(1000@1
halt), PSS
acpicpu2 at acpi0: C3(200@109 io@0x416), C2(500@80 io@0x414), C1(1000@1
halt), PSS
acpicpu3 at acpi0: C3(200@109 io@0x416), C2(500@80 io@0x414), C1(1000@1
halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4940" serial  4448 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit offline
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 797 MHz: speeds: 2501, 2500, 2200, 2000, 1800,
1600, 1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1366x768
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
f0:de:f1:d1:94:39
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 6

Re: inteldrm(4) diff that needs testing

2015-10-24 Thread Jonathan Gray 
On Sat, Oct 24, 2015 at 11:48:01PM +0200, Mark Kettenis wrote:
> The diff below makes inteldrm(4) attach directly to pci(4) instead of
> vga(1).  Because inteldrm(4) depends on intagp(4), this also make
> intagp(4) a child of inteldrm(4).  Ultimately I'd like to integrate
> intagp(4) into inteldrm(4), but that's going to be a bit more work.
> 
> This diff is needed to make inteldrm(4) work when OpenBSD gets booted
> by UEFI firmware.  It will also make inteldrm(4) work on machines with
> discrete graphics.
> 
> This diff needs to be tested on a wide range of hardware.  So if you
> have a machine with inteldrm(4), please give it a shot.  I'm
> particularly interested in testing on an x40.

x40 before the diff:

vga1 at pci0 dev 2 function 0 "Intel 82855GM Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: apic 1 int 16
inteldrm0: 1024x768
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 82855GM Video" rev 0x02 at pci0 dev 2 function 1 not configured

after with serial console:

inteldrm0 at pci0 dev 2 function 0 "Intel 82855GM Video" rev 0x02
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xe000, size 0x800
drm0 at inteldrm0
inteldrm0: can't map mmio space
inteldrm1 at pci0 dev 2 function 1 "Intel 82855GM Video" rev 0x02
intagp at inteldrm1 not configured
drm1 at inteldrm1
inteldrm1: couldn't map interrupt
Memory manager not clean. Delaying takedown

video mode doesn't switch and can't change to vt, goes
multiuser and can login via ssh.

With glass console it hangs after "root on wd0a" with no mode
switch.

 0:2:0: Intel 82855GM Video
0x: Vendor ID: 8086 Product ID: 3582
0x0004: Command: 0007 Status: 0090
0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem prefetchable 32bit addr: 0xe000/0x0800
0x0014: BAR mem 32bit addr: 0xd000/0x0008
0x0018: BAR io addr: 0x1800/0x0008
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1014 Product ID: 0557
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x00d0: Capability 0x01: Power Management
 0:2:1: Intel 82855GM Video
0x: Vendor ID: 8086 Product ID: 3582
0x0004: Command: 0003 Status: 0090
0x0008: Class: 03 Subclass: 80 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem prefetchable 32bit addr: 0xe800/0x0800
0x0014: BAR mem 32bit addr: 0xd008/0x0008
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1014 Product ID: 0557
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
0x00d0: Capability 0x01: Power Management

Re: unify errno messages

2015-10-24 Thread Alexander Bluhm 
On Sat, Oct 24, 2015 at 02:54:54AM +0159, Jiri Navratil wrote:
> Hi Alexander,
> 
> On Sat, Oct 24, 2015 at 12:41:18AM +0200, Alexander Bluhm wrote:
> > -#defineEOVERFLOW   87  /* Conversion overflow */
> > +#defineEOVERFLOW   87  /* Value too large to be stored in data 
> > type */
> 
> I noticed this "missing tab".
> 
> Thank you,
> Jiri

Actually that was intensional as the line would get too long.  An
alternative would be to remove some tabs.  But that makes the diff
unreadable.  If I get an ok, I will commit this version.

bluhm

Index: sys/sys/errno.h
===
RCS file: /data/mirror/openbsd/cvs/src/sys/sys/errno.h,v
retrieving revision 1.23
diff -u -p -r1.23 errno.h
--- sys/sys/errno.h 19 Sep 2014 16:50:20 -  1.23
+++ sys/sys/errno.h 24 Oct 2015 10:01:40 -
@@ -39,140 +39,140 @@
 
 #include 
 
-#defineEPERM   1   /* Operation not permitted */
-#defineENOENT  2   /* No such file or directory */
-#defineESRCH   3   /* No such process */
-#defineEINTR   4   /* Interrupted system call */
-#defineEIO 5   /* Input/output error */
-#defineENXIO   6   /* Device not configured */
-#defineE2BIG   7   /* Argument list too long */
-#defineENOEXEC 8   /* Exec format error */
-#defineEBADF   9   /* Bad file descriptor */
-#defineECHILD  10  /* No child processes */
-#defineEDEADLK 11  /* Resource deadlock avoided */
-   /* 11 was EAGAIN */
-#defineENOMEM  12  /* Cannot allocate memory */
-#defineEACCES  13  /* Permission denied */
-#defineEFAULT  14  /* Bad address */
+#define EPERM  1   /* Operation not permitted */
+#define ENOENT 2   /* No such file or directory */
+#define ESRCH  3   /* No such process */
+#define EINTR  4   /* Interrupted system call */
+#define EIO5   /* Input/output error */
+#define ENXIO  6   /* Device not configured */
+#define E2BIG  7   /* Argument list too long */
+#define ENOEXEC8   /* Exec format error */
+#define EBADF  9   /* Bad file descriptor */
+#define ECHILD 10  /* No child processes */
+#define EDEADLK11  /* Resource deadlock avoided */
+   /* 11 was EAGAIN */
+#define ENOMEM 12  /* Cannot allocate memory */
+#define EACCES 13  /* Permission denied */
+#define EFAULT 14  /* Bad address */
 #if __BSD_VISIBLE
-#defineENOTBLK 15  /* Block device required */
+#define ENOTBLK15  /* Block device required */
 #endif
-#defineEBUSY   16  /* Device busy */
-#defineEEXIST  17  /* File exists */
-#defineEXDEV   18  /* Cross-device link */
-#defineENODEV  19  /* Operation not supported by 
device */
-#defineENOTDIR 20  /* Not a directory */
-#defineEISDIR  21  /* Is a directory */
-#defineEINVAL  22  /* Invalid argument */
-#defineENFILE  23  /* Too many open files in 
system */
-#defineEMFILE  24  /* Too many open files */
-#defineENOTTY  25  /* Inappropriate ioctl for 
device */
-#defineETXTBSY 26  /* Text file busy */
-#defineEFBIG   27  /* File too large */
-#defineENOSPC  28  /* No space left on device */
-#defineESPIPE  29  /* Illegal seek */
-#defineEROFS   30  /* Read-only file system */
-#defineEMLINK  31  /* Too many links */
-#defineEPIPE   32  /* Broken pipe */
+#define EBUSY  16  /* Device busy */
+#define EEXIST 17  /* File exists */
+#define EXDEV  18  /* Cross-device link */
+#define ENODEV 19  /* Operation not supported by device */
+#define ENOTDIR20  /* Not a directory */
+#define EISDIR 21  /* Is a directory */
+#define EINVAL 22  /* Invalid argument */
+#define ENFILE 23  /* Too many open files in system */
+#define EMFILE 24  /* Too many open files */
+#define ENOTTY 25  /* Inappropriate ioctl for device */
+#define ETXTBSY26  /* Text file busy */
+#define EFBIG

Re: pair(4) (was: connect routing domains on layer 2)

2015-10-24 Thread Ted Unangst 
Reyk Floeter wrote:
> Hi,
> 
> as requested by Theo and discussed with many, the following diff moves
> it into a new driver.  This also allowed to improve the logic of link
> states related to the connection (as discussed with Claudio).
> 
> The new driver is called pair(4).
> 
>   # ifconfig pair1 rdomain 1 10.1.1.1/24 up
>   # ifconfig pair2 rdomain 2 10.1.1.2/24 up
>   # ifconfig pair1 patch pair2
>   # route -T 1 exec ping 10.1.1.2
>   # ifconfig pair1 -patch
> 
> manpages and documentation can be improved, but I'd like to continue
> in the tree if there are no other serious concerns.

We are doing this because we don't want a bridge of vethers? ok, but what if I
want to connect three rdomains together? I can put any number of vethers into
a bridge, but pair would seem limited to exactly two interfaces.

Re: unify errno messages

2015-10-24 Thread Ted Unangst 
Alexander Bluhm wrote:
> Hi,
> 
> Before removig nls, I would like to unify all error messages in
> - include comment
> - libc comment
> - nls C
> - man page
> 
> The EPROGUNAVAIL change is just beautification.  Any objections
> against that?

ok

Re: pair(4) (was: connect routing domains on layer 2)

2015-10-24 Thread Reyk Floeter 
On Sat, Oct 24, 2015 at 06:12:44AM -0400, Ted Unangst wrote:
> Reyk Floeter wrote:
> > Hi,
> > 
> > as requested by Theo and discussed with many, the following diff moves
> > it into a new driver.  This also allowed to improve the logic of link
> > states related to the connection (as discussed with Claudio).
> > 
> > The new driver is called pair(4).
> > 
> > # ifconfig pair1 rdomain 1 10.1.1.1/24 up
> > # ifconfig pair2 rdomain 2 10.1.1.2/24 up
> > # ifconfig pair1 patch pair2
> > # route -T 1 exec ping 10.1.1.2
> > # ifconfig pair1 -patch
> > 
> > manpages and documentation can be improved, but I'd like to continue
> > in the tree if there are no other serious concerns.
> 
> We are doing this because we don't want a bridge of vethers? ok, but what if I
> want to connect three rdomains together? I can put any number of vethers into
> a bridge, but pair would seem limited to exactly two interfaces.

vether doesn't help as it is not transmitting any traffic.

in other words,
"vether is a bridge endpoint"
"pair is a bridge link"

As with vether, you can add pairs to a bridge.  For example, add all
"rdomain 0" pairs to a central bridge (eg. for the common uplink), add
connect them with pairs in different rdomains.  This way, bridge0
becomes your "core switch".

Let's assume pair1-4 are all in rdomain 0:

# ifconfig bridge0 add pair1 add pair2 add pair3 add em0 up

And pair10,20,30 are in rdomain 1,2,3:

# ifconfig pair1 patch pair10
# ifconfig pair2 patch pair20
# ifconfig pair3 patch pair30

Now you can use rdomain 0 as an routing uplink from each rdomain as
well, assuming pair1 is 10.10.0.1 and pair10 in rdomain 1 is
10.10.0.10:

# route -T 1 add default 10.10.0.1

And, you can put the other pairs in bridges as well, to create
"distribution switches".  And pf will deal with is just fine.

btw., besides the patch, the main intentional difference between
vether(4) and pair(4) is the fact that pair(4)'s link state is down
until it is connected with another pair(4).  vether(4) is always up.
So you cannot use stand-alone pair(4) like vether(4).  I'm going to
document this in the manpage, but hodling it off until it is in the
tree.

Reyk

if_ref -> if_get

2015-10-24 Thread Martin Pieuchot 
Some trivial conversions, ok?

Index: netinet/ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.303
diff -u -p -r1.303 ip_output.c
--- netinet/ip_output.c 20 Oct 2015 20:22:42 -  1.303
+++ netinet/ip_output.c 24 Oct 2015 12:01:00 -
@@ -204,7 +204,7 @@ reroute:
if (ISSET(ro->ro_rt->rt_flags, RTF_LOCAL))
ifp = if_ref(lo0ifp);
else
-   ifp = if_ref(ro->ro_rt->rt_ifp);
+   ifp = if_get(ro->ro_rt->rt_ifidx);
if ((mtu = ro->ro_rt->rt_rmx.rmx_mtu) == 0)
mtu = ifp->if_mtu;
 
Index: netinet6/in6_src.c
===
RCS file: /cvs/src/sys/netinet6/in6_src.c,v
retrieving revision 1.65
diff -u -p -r1.65 in6_src.c
--- netinet6/in6_src.c  22 Oct 2015 16:33:32 -  1.65
+++ netinet6/in6_src.c  24 Oct 2015 12:00:32 -
@@ -457,7 +457,7 @@ in6_selectif(struct sockaddr_in6 *dstsoc
return (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
 
if (rt != NULL)
-   *retifp = if_ref(rt->rt_ifp);
+   *retifp = if_get(rt->rt_ifidx);
 
return (0);
 }
Index: netinet6/ip6_output.c
===
RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.190
diff -u -p -r1.190 ip6_output.c
--- netinet6/ip6_output.c   19 Oct 2015 12:11:28 -  1.190
+++ netinet6/ip6_output.c   24 Oct 2015 12:00:49 -
@@ -553,7 +553,7 @@ reroute:
if (ISSET(rt->rt_flags, RTF_LOCAL))
ifp = if_ref(lo0ifp);
else
-   ifp = if_ref(rt->rt_ifp);
+   ifp = if_get(rt->rt_ifidx);
} else {
*dst = dstsock;
}
@@ -2382,7 +2382,7 @@ ip6_setmoptions(int optname, struct ip6_
error = EADDRNOTAVAIL;
break;
}
-   ifp = if_ref(ro.ro_rt->rt_ifp);
+   ifp = if_get(ro.ro_rt->rt_ifidx);
rtfree(ro.ro_rt);
} else {
/*