Re: gif(4) vs splnet()

On Mon, May 15, 2017 at 03:11:20PM +0200, Martin Pieuchot wrote: > Similar to gre(4), the global list of interfaces needs to be protected > by the NET_LOCK(). > > ok? OK bluhm@ > > Index: net/if_gif.c > === > RCS file:

Re: struct mbuf revisited

That's OK with me. Maybe the __LP64__ will be annoying enough that someone does a m_hdr / pkthdr cleanup anyways.

struct mbuf revisited

Turns out the __aligned(8) solution has some unforeseen side effects: /usr/src/sys/dev/ic/re.c:1602: warning: ignoring alignment for stack allocated 'mh' While that warning is probably false in the sense that we don't actually need the 8-byte alignment that we're asking for, the compiler

Reenable ASN1_DN IDs with certificates in iked

A sample configuration: ikev2 "win10host" passive esp \ from 0.0.0.0/0 to 10.1.1.51 \ local any peer any \ ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \ childsa enc aes-256-gcm group modp2048 \ srcid "/C=US/ST=New York/L=NYC/O=Stoo Labs/OU=iked/CN=foo.stoo.org"

Add Diffie-Hellman group negotiation to iked

This patch teaches iked to reject a KE with a Notify payload of type INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group than is configured locally. The rejection indicates the desired group. In my environment, this patch allows stock strongSwan on Android from the Google Play

better inline asm for spllower on hppa

this simplifies the asm in spllower. the trap that break forces to run reads the new cpl value out of arg0 (r26) and puts the old valud in r28 (ret0). the current asm is convoluted in how it gets the compiler to avoid those regs across the asm. right now it has gcc place the ncpl value in ret0,

Re: Reenable ASN1_DN IDs with certificates in iked

Here is a version of the previous patch that preserves tabs properly. Apologies. -TimS Index: parse.y === RCS file: /cvs/src/sbin/iked/parse.y,v retrieving revision 1.65 diff -u -p -r1.65 parse.y --- parse.y 24 Apr 2017

Re: pf queue definition: bandwidth resolution problem

At the end is the patch I mentioned against pftop.c v1.37, using a guard digit. WARNING: Untested. I couldn't even try to compile it. At this point I don't see anything wrong with your patch, Mike. On Mon, 5/15/17, Mike Belopuhov

Re: copyin32(9) for i386 and amd64

Mark Kettenis wrote: > We can just call copyin(9) since it already is atomic. But check > whether the userland futex is properly aligned and return EFAULT if it > isn't such that this system call behaves like it does on strict > alignment architectures. hmm. do we want this? i understand the

Re: pf queue definition: bandwidth resolution problem

On Tue, May 16, 2017 at 18:19 +, Carl Mascott wrote: > At the end is the patch I mentioned against pftop.c v1.37, using a guard > digit. > WARNING: Untested. I couldn't even try to compile it. > > At this point I don't see anything wrong with your patch, Mike. > > >

Re: avoid clang warnings and signed underflow in adventure(6)

On Tue, May 16, 2017 at 11:18:01AM +0200, Theo Buehler wrote: > Part of adventure's interesting internal obfuscation scheme makes clang > very unhappy. It spews 240+ warnings of this kind: > > /usr/src/games/adventure/wizard.c:71:17: warning: implicit conversion from > 'int' to 'char' changes

avoid clang warnings and signed underflow in adventure(6)

Part of adventure's interesting internal obfuscation scheme makes clang very unhappy. It spews 240+ warnings of this kind: /usr/src/games/adventure/wizard.c:71:17: warning: implicit conversion from 'int' to 'char' changes value from 143 to -113 [-Wconstant-conversion]

copyin32(9) for i386 and amd64

We can just call copyin(9) since it already is atomic. But check whether the userland futex is properly aligned and return EFAULT if it isn't such that this system call behaves like it does on strict alignment architectures. Also, add a prototype to such that we can actually use it. ok?

inet protosw #ifdef cleanup

Hi, The large and nested GIF #ifdefs in protosw make it hard to figure out what is going on. There are also some inconsistencies that seem to be oversights. So I would like to make the #ifdef more specific. This has been changed: - In the GIF case, IPPROTO_IPV6 in inetsw got a rip_ctloutput.

Minor annoyances in the pfctl queue parser

jmc@ has pointed out some inconsistencies in how bandwidth parameters are parsed and printed out. I agree that we can fix or improve this: 1) Bit/B/bit/b are parsed incorrectly. Ditching them is another option. 2) Should we make lowercase K, M and G parseable as well? I'd like that. 3) Avoid an