syslogd keep running

[Alexander Bluhm]

Hi,

As discussed with millert@ a while ago, syslogd(8) should keep
running as long as possible.

On Sun, Jan 01, 2017 at 09:05:58PM +0100, Alexander Bluhm wrote:
> Regular programs should die as early as possible when an error
> occurs, then it can be fixed.  But syslogd is special.  If it dies,
> you become blind and don't see any errors at all.  An attacker could
> exploit this.  So I think syslogd should exit during startup e.g.
> if an invalid option was specified.  But then it should just log
> errors and run as many subsystems as possible.

ok?

bluhm

Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.230
diff -u -p -r1.230 syslogd.c
--- usr.sbin/syslogd/syslogd.c  16 Mar 2017 23:55:19 -  1.230
+++ usr.sbin/syslogd/syslogd.c  17 Mar 2017 01:32:19 -
@@ -506,47 +506,35 @@ main(int argc, char *argv[])
}
 
if (socket_bind("udp", NULL, "syslog", SecureMode,
-   _udp, _udp6) == -1) {
+   _udp, _udp6) == -1)
logerrorx("socket bind *");
-   if (!Debug)
-   die(0);
-   }
if ((fd_bind = reallocarray(NULL, nbind, sizeof(*fd_bind))) == NULL)
err(1, "bind fd");
for (i = 0; i < nbind; i++) {
if (socket_bind("udp", bind_host[i], bind_port[i], 0,
-   _bind[i], _bind[i]) == -1) {
+   _bind[i], _bind[i]) == -1)
logerrorx("socket bind udp");
-   if (!Debug)
-   die(0);
-   }
}
if ((fd_listen = reallocarray(NULL, nlisten, sizeof(*fd_listen)))
== NULL)
err(1, "listen fd");
for (i = 0; i < nlisten; i++) {
if (socket_bind("tcp", listen_host[i], listen_port[i], 0,
-   _listen[i], _listen[i]) == -1) {
+   _listen[i], _listen[i]) == -1)
logerrorx("socket listen tcp");
-   if (!Debug)
-   die(0);
-   }
}
fd_tls = -1;
if (tls_host && socket_bind("tls", tls_host, tls_port, 0,
-   _tls, _tls) == -1) {
+   _tls, _tls) == -1)
logerrorx("socket listen tls");
-   if (!Debug)
-   die(0);
-   }
 
if ((fd_unix = reallocarray(NULL, nunix, sizeof(*fd_unix))) == NULL)
err(1, "malloc unix");
for (i = 0; i < nunix; i++) {
fd_unix[i] = unix_socket(path_unix[i], SOCK_DGRAM, 0666);
if (fd_unix[i] == -1) {
-   if (i == 0 && !Debug)
-   die(0);
+   if (i == 0)
+   logerrorx("log socket failed");
continue;
}
double_sockbuf(fd_unix[i], SO_RCVBUF);
@@ -554,29 +542,28 @@ main(int argc, char *argv[])
 
if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, pair) == -1) {
logerror("socketpair");
-   die(0);
+   fd_sendsys = -1;
+   } else {
+   double_sockbuf(pair[0], SO_RCVBUF);
+   double_sockbuf(pair[1], SO_SNDBUF);
+   fd_sendsys = pair[0];
}
-   double_sockbuf(pair[0], SO_RCVBUF);
-   double_sockbuf(pair[1], SO_SNDBUF);
-   fd_sendsys = pair[0];
 
fd_ctlsock = fd_ctlconn = -1;
if (path_ctlsock != NULL) {
fd_ctlsock = unix_socket(path_ctlsock, SOCK_STREAM, 0600);
if (fd_ctlsock == -1) {
logdebug("can't open %s (%d)\n", path_ctlsock, errno);
-   if (!Debug)
-   die(0);
} else {
if (listen(fd_ctlsock, 5) == -1) {
logerror("ctlsock listen");
-   die(0);
+   close(fd_ctlsock);
+   fd_ctlsock = -1;
}
}
}
 
-   fd_klog = open(_PATH_KLOG, O_RDONLY, 0);
-   if (fd_klog == -1) {
+   if ((fd_klog = open(_PATH_KLOG, O_RDONLY, 0)) == -1) {
logdebug("can't open %s (%d)\n", _PATH_KLOG, errno);
} else {
if (ioctl(fd_klog, LIOCSFD, [1]) == -1)
@@ -916,7 +903,7 @@ socket_bind(const char *proto, const cha
"proto %s, host %s, port %s: %s",
proto, host ? host : "*", port, gai_strerror(error));
logerrorx(ebuf);
-   die(0);
+   return (-1);
}
 
for (res = res0; res; res = res->ai_next) {
@@ -3014,7 +3001,7 @@ unix_socket(char *path, int type, mode_t
sizeof(s_un.sun_path)) {
snprintf(ebuf, sizeof(ebuf), 

syslogd log_debug

[Alexander Bluhm]

Hi,

This is the next step for refactoring internal syslogd(8) logging.

Replace logdebug() with generic log_debug() from log.c.  Implement
log_debugadd() to construct debug message incrementally.

ok?

bluhm

Index: usr.sbin/syslogd/log.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/log.c,v
retrieving revision 1.1
diff -u -p -r1.1 log.c
--- usr.sbin/syslogd/log.c  16 Mar 2017 23:55:19 -  1.1
+++ usr.sbin/syslogd/log.c  17 Mar 2017 00:47:46 -
@@ -17,8 +17,10 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -30,6 +32,8 @@ static int debug;
 static int  verbose;
 static int  facility;
 static const char  *log_procname;
+static char*debug_ebuf;
+static size_t   debug_length;
 
 void
 log_init(int n_debug, int fac)
@@ -41,6 +45,12 @@ log_init(int n_debug, int fac)
facility = fac;
log_procinit(__progname);
 
+   if (debug_ebuf == NULL)
+   if ((debug_ebuf = malloc(ERRBUFSIZE)) == NULL)
+   err(1, "allocate debug buffer");
+   debug_ebuf[0] = '\0';
+   debug_length = 0;
+
tzset();
 }
 
@@ -150,16 +160,42 @@ log_info(int pri, const char *emsg, ...)
 void
 log_debug(const char *emsg, ...)
 {
-   char ebuf[ERRBUFSIZE];
va_list  ap;
int  saved_errno;
 
if (verbose) {
saved_errno = errno;
va_start(ap, emsg);
-   vsnprintf(ebuf, sizeof(ebuf), emsg, ap);
-   fprintf(stderr, "%s\n", ebuf);
+   if (debug_length < ERRBUFSIZE - 1)
+   vsnprintf(debug_ebuf + debug_length,
+   ERRBUFSIZE - debug_length, emsg, ap);
+   fprintf(stderr, "%s\n", debug_ebuf);
fflush(stderr);
+   va_end(ap);
+   errno = saved_errno;
+   }
+   debug_ebuf[0] = '\0';
+   debug_length = 0;
+}
+
+void
+log_debugadd(const char *emsg, ...)
+{
+   size_t   l;
+   va_list  ap;
+   int  saved_errno;
+
+   if (verbose) {
+   saved_errno = errno;
+   va_start(ap, emsg);
+   if (debug_length < ERRBUFSIZE - 1) {
+   l = vsnprintf(debug_ebuf + debug_length,
+   ERRBUFSIZE - debug_length, emsg, ap);
+   if (l < ERRBUFSIZE - debug_length)
+   debug_length += l;
+   else
+   debug_length = ERRBUFSIZE - 1;
+   }
va_end(ap);
errno = saved_errno;
}
Index: usr.sbin/syslogd/log.h
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/log.h,v
retrieving revision 1.1
diff -u -p -r1.1 log.h
--- usr.sbin/syslogd/log.h  16 Mar 2017 23:55:19 -  1.1
+++ usr.sbin/syslogd/log.h  17 Mar 2017 00:47:53 -
@@ -38,6 +38,8 @@ void  log_info(int, const char *, ...)
__attribute__((__format__ (printf, 2, 3)));
 void   log_debug(const char *, ...)
__attribute__((__format__ (printf, 1, 2)));
+void   log_debugadd(const char *, ...)
+   __attribute__((__format__ (printf, 1, 2)));
 void   logit(int, const char *, ...)
__attribute__((__format__ (printf, 2, 3)));
 void   vlog(int, const char *, va_list)
Index: usr.sbin/syslogd/privsep.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v
retrieving revision 1.66
diff -u -p -r1.66 privsep.c
--- usr.sbin/syslogd/privsep.c  30 Dec 2016 23:21:26 -  1.66
+++ usr.sbin/syslogd/privsep.c  17 Mar 2017 00:08:48 -
@@ -35,6 +35,7 @@
 #include 
 #include 
 
+#include "log.h"
 #include "syslogd.h"
 
 /*
@@ -208,7 +209,7 @@ priv_exec(char *conf, int numeric, int c
sigaction(SIGCHLD, , NULL);
 
setproctitle("[priv]");
-   logdebug("[priv]: fork+exec done\n");
+   log_debug("[priv]: fork+exec done");
 
sigemptyset();
if (sigprocmask(SIG_SETMASK, , NULL) == -1)
@@ -226,7 +227,7 @@ priv_exec(char *conf, int numeric, int c
break;
switch (cmd) {
case PRIV_OPEN_TTY:
-   logdebug("[priv]: msg PRIV_OPEN_TTY received\n");
+   log_debug("[priv]: msg PRIV_OPEN_TTY received");
/* Expecting: length, path */
must_read(sock, _len, sizeof(size_t));
if (path_len == 0 || path_len > sizeof(path))
@@ -244,7 +245,7 @@ priv_exec(char *conf, int numeric, int c
 
case PRIV_OPEN_LOG:
case PRIV_OPEN_PIPE:
-   logdebug("[priv]: 

roff(7) man page not rendering properly in its entirety on man.openbsd.org

[Raf Czlonka]

Hi all,

While looking at several manual pages on man.openbsd.org, I've
noticed that roff(7) man page does not render properly in its
entirety, i.e.:

- http://man.openbsd.org/roff

ends with:

"equal to, same effect as == (this differs from C)<"

- http://man.openbsd.org/roff.7

ends with:

"equal to, same effect as == (t"

while,

- http://man.openbsd.org/OpenBSD-current/man7/roff.7

with:

"equal to, same effect as == (this d"

The rendering is consistent across multiple devices.

Similar issues are seen with 6.0 version of the man page.

No idea what might be causing the issue, I'm afraid.

Regards,

Raf

Re: vmctl: show tap interface in status output

[Jon Bernard]

* Reyk Floeter  wrote:
> On Thu, Mar 16, 2017 at 11:27:24AM -0400, Jon Bernard wrote:
> > Hi,
> > 
> > I made a quick change to show the assigned tap interface in vmctl's
> > status listing.  mlarkin@ pointed out that ifconfig shows this
> > information already, so maybe this isn't useful but I wanted to post it
> > just in case.  I don't have a good answer for the case where multiple
> > interfaces are assigned to a single guest without making a mess of the
> > status output.
> > 
> 
> Well, my problem with this approach:
> 
> - It only shows the first interface, how is this useful?
> - Considering the 80 chars line limit, it shortens the space for VM name.
> 
> And, indeed, ifconfig description shows it already and the "switch"
> concept actually makes it less important to know (you can dynamically
> use switches and assign interface groups to create pf rules and
> everything without even caring about the individual tap names).

That makes a lot more sense, thanks.

> For the information, my suggestion is to put it into a detailed view:
> 
> 1. normal list as it is:
> $ vmctl status
> 
> 2. more detailed information including interfaces etc.:
> $ vmctl status myvm
> (it currently only adds VCPU state)
> 
> For 2., you don't have to put everything into struct vmop_info_result,
> you could just send an additional imsg including the original struct
> vmop_create_params that is part of each struct vmd_vm.

Okay, let me see what I can come up with.  Thanks for the feedback.

-- 
Jon

> 
> Reyk
> 
> > -- 
> > Jon
> > 
> > Index: usr.sbin/vmctl/vmctl.c
> > ===
> > RCS file: /var/cvs/openbsd/src/usr.sbin/vmctl/vmctl.c,v
> > retrieving revision 1.26
> > diff -u -p -r1.26 vmctl.c
> > --- usr.sbin/vmctl/vmctl.c  3 Mar 2017 09:12:40 -   1.26
> > +++ usr.sbin/vmctl/vmctl.c  13 Mar 2017 17:14:54 -
> > @@ -375,8 +375,8 @@ print_vm_info(struct vmop_info_result *l
> > struct passwd *pw;
> > struct group *gr;
> >  
> > -   printf("%5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID", "VCPUS",
> > -   "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
> > +   printf("%5s %5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID",
> > +  "VCPUS", "TAP", "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
> >  
> > for (i = 0; i < ct; i++) {
> > vmi = [i];
> > @@ -417,15 +417,15 @@ print_vm_info(struct vmop_info_result *l
> > (void)fmt_scaled(vir->vir_used_size, curmem);
> >  
> > /* running vm */
> > -   printf("%5u %5u %5zd %7s %7s %7s %12s %s\n",
> > +   printf("%5u %5u %5zd %5s %7s %7s %7s %12s %s\n",
> > vir->vir_id, vir->vir_creator_pid,
> > -   vir->vir_ncpus, maxmem, curmem,
> > +   vir->vir_ncpus, vmi->vir_ifname, maxmem, 
> > curmem,
> > tty, user, vir->vir_name);
> > } else {
> > /* disabled vm */
> > -   printf("%5s %5s %5zd %7s %7s %7s %12s %s\n",
> > +   printf("%5s %5s %5zd %5s %7s %7s %7s %12s %s\n",
> > "-", "-",
> > -   vir->vir_ncpus, maxmem, curmem,
> > +   vir->vir_ncpus, "-", maxmem, curmem,
> > "-", user, vir->vir_name);
> > }
> > }
> > Index: usr.sbin/vmd/vmd.c
> > ===
> > RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.c,v
> > retrieving revision 1.53
> > diff -u -p -r1.53 vmd.c
> > --- usr.sbin/vmd/vmd.c  2 Mar 2017 07:33:37 -   1.53
> > +++ usr.sbin/vmd/vmd.c  15 Mar 2017 11:26:16 -
> > @@ -265,6 +265,9 @@ vmd_dispatch_vmm(int fd, struct privsep_
> > if ((vm = vm_getbyid(vir.vir_info.vir_id)) != NULL) {
> > (void)strlcpy(vir.vir_ttyname, vm->vm_ttyname,
> > sizeof(vir.vir_ttyname));
> > +   if (vm->vm_ifs[0].vif_name != NULL)
> > +   (void)strlcpy(vir.vir_ifname, 
> > vm->vm_ifs[0].vif_name,
> > + sizeof(vir.vir_ifname));
> > /* get the user id who started the vm */
> > vir.vir_uid = vm->vm_uid;
> > vir.vir_gid = vm->vm_params.vmc_gid;
> > Index: usr.sbin/vmd/vmd.h
> > ===
> > RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.h,v
> > retrieving revision 1.47
> > diff -u -p -r1.47 vmd.h
> > --- usr.sbin/vmd/vmd.h  2 Mar 2017 07:33:37 -   1.47
> > +++ usr.sbin/vmd/vmd.h  13 Mar 2017 16:15:09 -
> > @@ -87,6 +87,7 @@ struct vmop_result {
> >  struct vmop_info_result {
> > struct 

Re: vmctl: show tap interface in status output

[Reyk Floeter]

On Thu, Mar 16, 2017 at 11:27:24AM -0400, Jon Bernard wrote:
> Hi,
> 
> I made a quick change to show the assigned tap interface in vmctl's
> status listing.  mlarkin@ pointed out that ifconfig shows this
> information already, so maybe this isn't useful but I wanted to post it
> just in case.  I don't have a good answer for the case where multiple
> interfaces are assigned to a single guest without making a mess of the
> status output.
> 

Well, my problem with this approach:

- It only shows the first interface, how is this useful?
- Considering the 80 chars line limit, it shortens the space for VM name.

And, indeed, ifconfig description shows it already and the "switch"
concept actually makes it less important to know (you can dynamically
use switches and assign interface groups to create pf rules and
everything without even caring about the individual tap names).

For the information, my suggestion is to put it into a detailed view:

1. normal list as it is:
$ vmctl status

2. more detailed information including interfaces etc.:
$ vmctl status myvm
(it currently only adds VCPU state)

For 2., you don't have to put everything into struct vmop_info_result,
you could just send an additional imsg including the original struct
vmop_create_params that is part of each struct vmd_vm.

Reyk

> -- 
> Jon
> 
> Index: usr.sbin/vmctl/vmctl.c
> ===
> RCS file: /var/cvs/openbsd/src/usr.sbin/vmctl/vmctl.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 vmctl.c
> --- usr.sbin/vmctl/vmctl.c3 Mar 2017 09:12:40 -   1.26
> +++ usr.sbin/vmctl/vmctl.c13 Mar 2017 17:14:54 -
> @@ -375,8 +375,8 @@ print_vm_info(struct vmop_info_result *l
>   struct passwd *pw;
>   struct group *gr;
>  
> - printf("%5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID", "VCPUS",
> - "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
> + printf("%5s %5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID",
> +"VCPUS", "TAP", "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
>  
>   for (i = 0; i < ct; i++) {
>   vmi = [i];
> @@ -417,15 +417,15 @@ print_vm_info(struct vmop_info_result *l
>   (void)fmt_scaled(vir->vir_used_size, curmem);
>  
>   /* running vm */
> - printf("%5u %5u %5zd %7s %7s %7s %12s %s\n",
> + printf("%5u %5u %5zd %5s %7s %7s %7s %12s %s\n",
>   vir->vir_id, vir->vir_creator_pid,
> - vir->vir_ncpus, maxmem, curmem,
> + vir->vir_ncpus, vmi->vir_ifname, maxmem, 
> curmem,
>   tty, user, vir->vir_name);
>   } else {
>   /* disabled vm */
> - printf("%5s %5s %5zd %7s %7s %7s %12s %s\n",
> + printf("%5s %5s %5zd %5s %7s %7s %7s %12s %s\n",
>   "-", "-",
> - vir->vir_ncpus, maxmem, curmem,
> + vir->vir_ncpus, "-", maxmem, curmem,
>   "-", user, vir->vir_name);
>   }
>   }
> Index: usr.sbin/vmd/vmd.c
> ===
> RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 vmd.c
> --- usr.sbin/vmd/vmd.c2 Mar 2017 07:33:37 -   1.53
> +++ usr.sbin/vmd/vmd.c15 Mar 2017 11:26:16 -
> @@ -265,6 +265,9 @@ vmd_dispatch_vmm(int fd, struct privsep_
>   if ((vm = vm_getbyid(vir.vir_info.vir_id)) != NULL) {
>   (void)strlcpy(vir.vir_ttyname, vm->vm_ttyname,
>   sizeof(vir.vir_ttyname));
> + if (vm->vm_ifs[0].vif_name != NULL)
> + (void)strlcpy(vir.vir_ifname, 
> vm->vm_ifs[0].vif_name,
> +   sizeof(vir.vir_ifname));
>   /* get the user id who started the vm */
>   vir.vir_uid = vm->vm_uid;
>   vir.vir_gid = vm->vm_params.vmc_gid;
> Index: usr.sbin/vmd/vmd.h
> ===
> RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.h,v
> retrieving revision 1.47
> diff -u -p -r1.47 vmd.h
> --- usr.sbin/vmd/vmd.h2 Mar 2017 07:33:37 -   1.47
> +++ usr.sbin/vmd/vmd.h13 Mar 2017 16:15:09 -
> @@ -87,6 +87,7 @@ struct vmop_result {
>  struct vmop_info_result {
>   struct vm_info_resultvir_info;
>   char vir_ttyname[VM_TTYNAME_MAX];
> + char vir_ifname[IF_NAMESIZE];
>   uid_tvir_uid;
>   int64_t  vir_gid;
>  };
> 

-- 

vmctl: show tap interface in status output

[Jon Bernard]

Hi,

I made a quick change to show the assigned tap interface in vmctl's
status listing.  mlarkin@ pointed out that ifconfig shows this
information already, so maybe this isn't useful but I wanted to post it
just in case.  I don't have a good answer for the case where multiple
interfaces are assigned to a single guest without making a mess of the
status output.

-- 
Jon

Index: usr.sbin/vmctl/vmctl.c
===
RCS file: /var/cvs/openbsd/src/usr.sbin/vmctl/vmctl.c,v
retrieving revision 1.26
diff -u -p -r1.26 vmctl.c
--- usr.sbin/vmctl/vmctl.c  3 Mar 2017 09:12:40 -   1.26
+++ usr.sbin/vmctl/vmctl.c  13 Mar 2017 17:14:54 -
@@ -375,8 +375,8 @@ print_vm_info(struct vmop_info_result *l
struct passwd *pw;
struct group *gr;
 
-   printf("%5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID", "VCPUS",
-   "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
+   printf("%5s %5s %5s %5s %7s %7s %7s %12s %s\n", "ID", "PID",
+  "VCPUS", "TAP", "MAXMEM", "CURMEM", "TTY", "OWNER", "NAME");
 
for (i = 0; i < ct; i++) {
vmi = [i];
@@ -417,15 +417,15 @@ print_vm_info(struct vmop_info_result *l
(void)fmt_scaled(vir->vir_used_size, curmem);
 
/* running vm */
-   printf("%5u %5u %5zd %7s %7s %7s %12s %s\n",
+   printf("%5u %5u %5zd %5s %7s %7s %7s %12s %s\n",
vir->vir_id, vir->vir_creator_pid,
-   vir->vir_ncpus, maxmem, curmem,
+   vir->vir_ncpus, vmi->vir_ifname, maxmem, 
curmem,
tty, user, vir->vir_name);
} else {
/* disabled vm */
-   printf("%5s %5s %5zd %7s %7s %7s %12s %s\n",
+   printf("%5s %5s %5zd %5s %7s %7s %7s %12s %s\n",
"-", "-",
-   vir->vir_ncpus, maxmem, curmem,
+   vir->vir_ncpus, "-", maxmem, curmem,
"-", user, vir->vir_name);
}
}
Index: usr.sbin/vmd/vmd.c
===
RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.c,v
retrieving revision 1.53
diff -u -p -r1.53 vmd.c
--- usr.sbin/vmd/vmd.c  2 Mar 2017 07:33:37 -   1.53
+++ usr.sbin/vmd/vmd.c  15 Mar 2017 11:26:16 -
@@ -265,6 +265,9 @@ vmd_dispatch_vmm(int fd, struct privsep_
if ((vm = vm_getbyid(vir.vir_info.vir_id)) != NULL) {
(void)strlcpy(vir.vir_ttyname, vm->vm_ttyname,
sizeof(vir.vir_ttyname));
+   if (vm->vm_ifs[0].vif_name != NULL)
+   (void)strlcpy(vir.vir_ifname, 
vm->vm_ifs[0].vif_name,
+ sizeof(vir.vir_ifname));
/* get the user id who started the vm */
vir.vir_uid = vm->vm_uid;
vir.vir_gid = vm->vm_params.vmc_gid;
Index: usr.sbin/vmd/vmd.h
===
RCS file: /var/cvs/openbsd/src/usr.sbin/vmd/vmd.h,v
retrieving revision 1.47
diff -u -p -r1.47 vmd.h
--- usr.sbin/vmd/vmd.h  2 Mar 2017 07:33:37 -   1.47
+++ usr.sbin/vmd/vmd.h  13 Mar 2017 16:15:09 -
@@ -87,6 +87,7 @@ struct vmop_result {
 struct vmop_info_result {
struct vm_info_resultvir_info;
char vir_ttyname[VM_TTYNAME_MAX];
+   char vir_ifname[IF_NAMESIZE];
uid_tvir_uid;
int64_t  vir_gid;
 };

Re: syslogd log.c

[Todd C. Miller]

On Thu, 16 Mar 2017 02:15:48 +0100, Alexander Bluhm wrote:

> The whole diff converting all the messages has more than 2000 lines
> as it touches every part of syslogd code.  I would refuse to review
> such a huge diff, so I have splitted it.  Let's start with the log.c
> implementation.

Looks good.  OK millert@

 - todd

Re: syslogd fd_tls variable

[Todd C. Miller]

On Thu, 16 Mar 2017 00:45:23 +0100, Alexander Bluhm wrote:

> On Mon, Jan 09, 2017 at 10:46:42AM +0100, Alexander Bluhm wrote:
> > To implement multiple tls listen sockets in syslogd, I have to get
> > rid of the global variable fd_tls first.
> 
> Looks like this diff got forgotten.  Any ok?

OK millert@

 - todd

[PATCH] pcidump - Enhanced Capabilities

[Simon Mages]

Hi,

right now i got the chance to play a little bit with PCIe. I read some
parts of the spec
and was interessted what my PCIe devices can do. I also found out that
pcidump can
not display the Enhanced Capabilites.

This patch enables pcidump to display them.

I did not find a good list of descriptions for the different
capabilities, the one im using
in this patch was taken from the linux kernel. Is it possible to get a
complete list
somewhere?

Here is an example output:
# pcidump -v
Domain /dev/pci0:
 0:0:0: Intel 82Q33 Host
0x: Vendor ID: 8086 Product ID: 29d0
0x0004: Command: 0006 Status: 2090
0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1734 Product ID: 10fc
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
0x00e0: Capability 0x09: Vendor Specific
 0:1:0: Intel 82Q33 PCIE
0x: Vendor ID: 8086 Product ID: 29d1
0x0004: Command: 0104 Status: 0010
0x0008: Class: 06 Subclass: 04 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 01 Latency Timer: 00 Cache Line Size: 08
0x0010: 
0x0014: 
0x0018: Primary Bus: 0 Secondary Bus: 1 Subordinate Bus: 1
Secondary Latency Timer: 00
0x001c: I/O Base: f0 I/O Limit: 00 Secondary Status: 
0x0020: Memory Base: fff0 Memory Limit: 
0x0024: Prefetch Memory Base: fff1 Prefetch Memory Limit: 0001
0x0028: Prefetch Memory Base Upper 32 Bits: 
0x002c: Prefetch Memory Limit Upper 32 Bits: 
0x0030: I/O Base Upper 16 Bits:  I/O Limit Upper 16 Bits: 
0x0038: Expansion ROM Base Address: 
0x003c: Interrupt Pin: 01 Line: 0b Bridge Control: 
0x0088: Capability 0x0d: PCI-PCI
0x0080: Capability 0x01: Power Management
State: D0
0x0090: Capability 0x05: Message Signalled Interrupts (MSI)
0x00a0: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 GT/s Link Width: x0 / x16
0x0100: Enhanced Capability 0x02: Virtual Channel Capability
0x0140: Enhanced Capability 0x05: Root Complex Link Declaration
 0:2:0: Intel 82Q33 Video
0x: Vendor ID: 8086 Product ID: 29d2
0x0004: Command: 0007 Status: 0090
0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 32bit addr: 0xd010/0x0008
0x0014: BAR io addr: 0x1c40/0x0008
0x0018: BAR mem prefetchable 32bit addr: 0xe000/0x1000
0x001c: BAR mem 32bit addr: 0xd000/0x0010
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1734 Product ID: 10fc
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x0090: Capability 0x05: Message Signalled Interrupts (MSI)
0x00d0: Capability 0x01: Power Management
State: D0
 0:26:0: Intel 82801I USB
0x: Vendor ID: 8086 Product ID: 2937
0x0004: Command: 0005 Status: 0290
0x0008: Class: 0c Subclass: 03 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR io addr: 0x1820/0x0020
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1734 Product ID: 10fd
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 00 Max Lat: 00
0x0050: Capability 0x13: PCI Advanced Features
 0:26:1: Intel 82801I USB
0x: Vendor ID: 8086 Product ID: 2938
0x0004: Command: 0005 Status: 0290
0x0008: Class: 0c Subclass: 03 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR io addr: 0x1840/0x0020
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1734 Product ID: 10fd

Re: pf: time since uptime instead of wall clock?

[Patrick Wildt]

On Mon, Mar 13, 2017 at 03:14:25PM +0100, Mike Belopuhov wrote:
> On 13 March 2017 at 15:09, Patrick Wildt  wrote:
> > On Mon, Mar 13, 2017 at 02:33:02PM +0100, Mike Belopuhov wrote:
> >> On Tue, Mar 07, 2017 at 10:36 +0100, Patrick Wildt wrote:
> >> > On Tue, Mar 07, 2017 at 10:17:16AM +0100, Patrick Wildt wrote:
> >> > > Hi,
> >> > >
> >> > > currently the pf status struct contains the time since pf was enabled 
> >> > > as
> >> > > seen on the wall clock.  This means when time drifts, or is set to some
> >> > > earlier value, the time will be off.  If we use time since uptime it
> >> > > always increments and shows how long pf has been running compared to
> >> > > its uptime.
> >> > >
> >> > > Does this make sense?  Opinions?
> >> > >
> >> > > Patrick
> >> >
> >> > Alternatively it might be nicer to still use the uptime, but only return
> >> > the delta since it was enabled.
> >> >
> >>
> >> I see nothing wrong with this diff.  OK mikeb
> >
> > On the one where we return the delta instead of an absolute time?
> >
> 
> It's only a status. You might have to go through ports that expect a
> timestamp and fix those, but that's a different question :-)
> 

Thanks to sthen@ I now know that 7 ports are using pf_status.  Only one
of them uses the "since" attribute, and it does so for internally
comparing timestamps to not calculate a diff between the current and
a previous value if the pf has since been toggled.

I wonder if this diff would work, but I don't feel it's reliable enough
to provide the same feature.

Patrick

diff --git a/net/pfstat/Makefile b/net/pfstat/Makefile
index 1f1cd6296b2..33aab9c8422 100644
--- a/net/pfstat/Makefile
+++ b/net/pfstat/Makefile
@@ -9,8 +9,8 @@ PKGNAME-main=   ${DISTNAME}
 PKGNAME-daemon=${DISTNAME:S/-/d-/}
 CATEGORIES=net
 MASTER_SITES=  http://www.benzedrine.ch/
-REVISION-daemon=1
-REVISION-main= 1
+REVISION-daemon=2
+REVISION-main= 2
 
 HOMEPAGE=  http://www.benzedrine.ch/pfstat.html
 
diff --git a/net/pfstat/patches/patch-pf_c b/net/pfstat/patches/patch-pf_c
index 8b9564e1ac8..0654883d56d 100644
--- a/net/pfstat/patches/patch-pf_c
+++ b/net/pfstat/patches/patch-pf_c
@@ -1,6 +1,6 @@
 $OpenBSD: patch-pf_c,v 1.2 2014/04/22 10:56:37 jca Exp $
 pf.c.orig  Tue Apr 22 05:08:25 2014
-+++ pf.c   Tue Apr 22 05:10:01 2014
+--- pf.c.orig  Thu Jan 11 17:01:58 2007
 pf.c   Thu Mar 16 14:16:00 2017
 @@ -38,10 +38,12 @@ static const char rcsid[] = "$Id: pf.c,v 1.1.1.1 2007/
  #include 
  #include 
@@ -14,7 +14,11 @@ $OpenBSD: patch-pf_c,v 1.2 2014/04/22 10:56:37 jca Exp $
  #include 
  #include 
  #include 
-@@ -53,6 +55,7 @@ static const char rcsid[] = "$Id: pf.c,v 1.1.1.1 2007/
+@@ -50,9 +52,11 @@ static const char rcsid[] = "$Id: pf.c,v 1.1.1.1 2007/
+ #include 
+ #include 
+ #include 
++#include 
  
  #include "pf.h"
  
@@ -22,7 +26,7 @@ $OpenBSD: patch-pf_c,v 1.2 2014/04/22 10:56:37 jca Exp $
  union altq_stats {
class_stats_tcbq;
struct priq_classstats   priq;
-@@ -138,6 +141,7 @@ query_queues(int fd, void (*cb)(int, const char *, int
+@@ -138,6 +142,7 @@ query_queues(int fd, void (*cb)(int, const char *, int
}
return (0);
  }
@@ -30,7 +34,28 @@ $OpenBSD: patch-pf_c,v 1.2 2014/04/22 10:56:37 jca Exp $
  
  static int
  query_ifaces(int fd, void (*cb)(int, const char *, int, double))
-@@ -195,9 +199,11 @@ pf_query(int fd, void (*cb)(int, const char *, int, do
+@@ -168,6 +173,7 @@ static int
+ query_counters(int fd, void (*cb)(int, const char *, int, double))
+ {
+   struct pf_status s;
++  struct timespec uptime;
+   int i;
+ 
+   memset(, 0, sizeof(s));
+@@ -175,7 +181,11 @@ query_counters(int fd, void (*cb)(int, const char *, i
+   fprintf(stderr, "ioctl: DIOCGETSTATUS: %s\n", strerror(errno));
+   return (1);
+   }
+-  (*cb)(COL_TYPE_SINCE, "", 0, s.since);
++  if (clock_gettime(CLOCK_UPTIME, )) {
++  fprintf(stderr, "query_counters: clock_gettime() failed\n");
++  return (1);
++  }
++  (*cb)(COL_TYPE_SINCE, "", 0, uptime.tv_sec - s.since);
+   (*cb)(COL_TYPE_GLOBAL, "", 0, s.states);
+   for (i = 0; i < FCNT_MAX; ++i)
+   (*cb)(COL_TYPE_GLOBAL, "", 1 + i, s.fcounters[i]);
+@@ -195,9 +205,11 @@ pf_query(int fd, void (*cb)(int, const char *, int, do
fprintf(stderr, "pf_query: query_ifaces() failed\n");
return (1);
}