OpenBSD src changes summary for 2016-05-23 ==========================================
distrib/sets etc/etc.armv7/Makefile.inc gnu/usr.bin/binutils-2.17 include/setjmp.h include/unistd.h lib/libc regress/usr.bin sbin/sysctl share/man sys/arch sys/arch/alpha/alpha sys/arch/amd64/amd64 sys/arch/arm/arm sys/arch/arm/conf sys/arch/arm/simplebus sys/arch/armv7/conf sys/arch/armv7/stand sys/arch/armv7/stand/efiboot sys/arch/hppa/hppa sys/arch/i386/i386 sys/arch/macppc/dev sys/arch/macppc/macppc sys/arch/mips64/mips64 sys/arch/octeon/dev sys/arch/sh/sh sys/arch/socppc/socppc sys/arch/sparc/sparc sys/arch/sparc64/sparc64 sys/dev sys/dev/pci sys/dev/usb sys/kern sys/net sys/netinet sys/sys sys/ufs/ffs usr.bin/fold usr.bin/mandoc usr.bin/ssh usr.bin/tmux usr.sbin/installboot usr.sbin/ldpctl usr.sbin/ldpd == distrib =========================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.zaurus ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.zaurus ~ lists/comp/md.armish ~ lists/comp/md.armv7 ~ lists/comp/md.zaurus > sync (jsg@) == etc =============================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc etc.armv7/Makefile.inc ~ etc.armv7/Makefile.inc > build armv7 efiboot (jsg@) == gnu =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ bfd/elf64-sparc.c > On sparc64, make the PLT read-only. This allows the kernel and ld.so to > load binaries without violating W^X. ld.so will make the PLT temporarily > writable (making it non-executable at the same time) to set up the initial > PLT slots and to do non-lazy relocations and restore permissions > afterwards. > Make sure you install an updated ld.so before doing a full build. > ok deraadt@ (kettenis@) == include =========================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include setjmp.h ~ setjmp.h > Stop supporting longjmperror(); it's not used, not portable, and the checks > longjmp performs can't really be relied upon, even after we got rid of the > false positives... > ok millert@ deraadt@ (guenther@) unistd.h ~ unistd.h > Remove iruserok(_sa)? and __ivaliduser(sa)? > ok millert@ deraadt@ (guenther@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ Symbols.list ~ time/strptime.c ~ locale/__mb_cur_max.c ~ locale/_def_messages.c ~ locale/_def_monetary.c ~ locale/_def_numeric.c ~ locale/_def_time.c ~ locale/localeconv.c ~ locale/nl_langinfo.c ~ locale/rune.h ~ locale/setlocale.c + include/localedef.h > Stop exposing <sys/localedef.h> and various symbols internal to the libc > locale implementation: _{Current,Default}*Locale, __[mn]locale_changed, > __mb_len_max_runtime > ok millert@ schwarze@ deraadt@ (guenther@) ~ Symbols.list ~ net/ruserok.c > Eliminate __check_rhosts_file and __rcmd_errstr: they were only used by > rlogind and rshd (remember them?) > ok deraadt@ (guenther@) ~ Symbols.list ~ hidden/unistd.h ~ net/ruserok.c ~ net/rcmd.3 > Remove iruserok(_sa)? and __ivaliduser(sa)? > ok millert@ deraadt@ (guenther@) - gen/setjmperr.c ~ Symbols.list ~ gen/Makefile.inc ~ gen/setjmp.3 ~ arch/arm/gen/_setjmp.S ~ arch/arm/gen/setjmp.S ~ arch/m88k/gen/_setjmp.S ~ arch/m88k/gen/setjmp.S ~ arch/m88k/gen/sigsetjmp.S ~ arch/mips64/gen/_setjmp.S ~ arch/mips64/gen/setjmp.S > Stop supporting longjmperror(); it's not used, not portable, and the checks > longjmp performs can't really be relied upon, even after we got rid of the > false positives... > ok millert@ deraadt@ (guenther@) ~ stdio/fwalk.c ~ stdio/local.h > Make _fwalk and _cleanup completely internal to libc > ok deraadt@ (guenther@) ~ arch/hppa/gen/setjmp.S > Add XOR cookies for rp and sp. Switch from calling obsolete > sig{block,setmask} to directly using the sigprocmask syscall. > Remove longjmperror()-if-passed-real-sigcontext checks and the > filling in of sigcontext fields that longjmp ignores. > in snaps; ok deraadt@ (guenther@) ~ shlib_version > Major bump for the removal of the various locale, ruserok, and > longjmperror symbols (guenther@) ~ arch/sparc/gen/setjmp.S > Include SYS.h instead of DEFS.h now that this does a direct syscall > (guenther@) ~ arch/sparc/gen/setjmp.S > More fixes from miod (guenther@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ fold/fold.sh > UTF-8 support. > Using feedback about bugs in earlier versions from Matthew Martin > <phy1729 at gmail dot com> and from tsg@ who tested it with afl(1). > OK czarkoff@ tsg@ (schwarze@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin sysctl ~ sysctl.8 > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ sysctl.c > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/VOP_LOOKUP.9 > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch ~ armv7/Makefile > build armv7 efiboot (jsg@) arch/alpha/alpha ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/amd64/amd64 ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/arm/arm ~ conf.c ~ openprom.c > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) ~ sigcode.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/arm/conf ~ files.arm > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) arch/arm/simplebus ~ simplebus.c > Print the name from the corresponding FDT node to make identifying > simplebus(4) > instances easier. > ok jsg@, patrick@ (kettenis@) arch/armv7/conf ~ GENERIC ~ RAMDISK ~ files.armv7 > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) arch/armv7/stand + Makefile > build armv7 efiboot (jsg@) arch/armv7/stand/efiboot ~ Makefile > install into mdec (jsg@) ~ Makefile > build armv7 efiboot (jsg@) arch/hppa/hppa ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/i386/i386 ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/macppc/dev ~ thermal.c ~ thermal.h > Some of our fan scaling calculations with the muK temperature unit above > 59 degC require temporary values larger than 32bit signed. Therefore > bump those involved variables to int64_t and replace imin/imax with > ulmin/ulmax to get proper results. (mglocker@) ~ thermal.c > Fix shutdown sequence. (mglocker@) ~ maci2c.c > Pass the device node to ia_cookie so we can pick it up in the i2c driver. > ok deraadt kettenis (mglocker@) arch/macppc/macppc ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/mips64/mips64 ~ lcore_access.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/octeon/dev ~ if_cnmac.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) arch/sh/sh ~ locore_subr.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/socppc/socppc ~ machdep.c > repair typo of sizeof in copyin() (deraadt@) ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/sparc/sparc ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/sparc64/sparc64 ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) dev ~ rnd.c ~ rndvar.h > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) dev/pci ~ pcidevs > add the intel xl710 device ids from the documentation > i think some parts are called X710, not XL710, but i cant find where > and why. defaulting to XL710 for now. (dlg@) ~ pcidevs.h ~ pcidevs_data.h > regen (dlg@) ~ if_myx.c ~ if_nep.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ pcidevs > VIA VL805 xHCI (chris@) ~ pcidevs.h ~ pcidevs_data.h > regen (chris@) dev/usb ~ usb_subr.c ~ usbdivar.h > Get rid of usbd_get_device_strings() because we use it only once. > Return a char * rather using a void function for usbd_get_device_string() > ok patrick@ (mpi@) ~ umsm.c > Support Airprime/Sierra AirCard 313U, Netgear/Sierra AirCard 770S > ok mpi@ (chris@) kern ~ vfs_vops.c > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ uipc_mbuf.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ kern_sysctl.c > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ~ kern_exec.c > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) net ~ pf.c > Pass a route entry to if_output() instead of relying on arpresolve() magic. > This refactoring aims to reduce the number of places where a route entry is > inserted in the routing table. > ok bluhm@ (mpi@) ~ if_ppp.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) netinet ~ if_ether.c > Shorten en error string. (mpi@) ~ if_ether.c > Pass a 'struct in_addr *' to arplookup() instead of always dereferencing > one. (mpi@) sys - localedef.h > Stop exposing <sys/localedef.h> and various symbols internal to the libc > locale implementation: _{Current,Default}*Locale, __[mn]locale_changed, > __mb_len_max_runtime > ok millert@ schwarze@ deraadt@ (guenther@) ~ buf.h ~ vnode.h > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ mbuf.h > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ sysctl.h > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ufs/ffs ~ ffs_alloc.c ~ ffs_extern.h ~ ffs_vfsops.c ~ ffs_vnops.c > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ ffs_alloc.c > Use arc4random_uniform() instead of arc4random() to avoid modulus bias. > This eliminates the idiom 'arc4random() % X' (where X + 1 is not a > power of two) from base. > Part of a patch from Matthew Martin from end of last year. > ok tedu@ (a long time ago), natano@ (tb@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin fold ~ fold.1 ~ fold.c > UTF-8 support. > Using feedback about bugs in earlier versions from Matthew Martin > <phy1729 at gmail dot com> and from tsg@ who tested it with afl(1). > OK czarkoff@ tsg@ (schwarze@) mandoc ~ manpath.c > Trim trailing whitespace from man.conf lines. OK schwarze@. (millert@) ssh ~ compat.c > Plug mem leak in filter_proposal. ok djm@ (dtucker@) ~ sshconnect2.c > prefer agent-hosted keys to keys from PKCS#11; ok markus (djm@) tmux ~ window-copy.c > Remove unused variable, from Ben Boeckel. (nicm@) ~ format.c > Use a fixed buffer for strftime() because there is no portable way to > tell if the buffer is too small, and an expanding buffer is overkill > anyway. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin installboot ~ i386_installboot.c > Use PATH_MAX instead of a hardcoded minimal value. Stack space is cheap > and > this isn't the kernel. > requested by deraadt@ (kettenis@) ldpctl ~ ldpctl.c > Sync with ldpd. (renato@) ~ ldpctl.c ~ parser.c ~ parser.h > Change ldpctl(8) to use C99-style fixed-width integers. (renato@) ~ ldpctl.8 > s/routes/labels (renato@) ~ ldpctl.c ~ parser.c > Replace legacy bzero and bcopy by memset and memcpy. > bzero(), bcopy() and bcmp() were deprecated in POSIX.1-2001 and removed > in POSIX.1-2008 in deference to memset(), memcpy() and memcmp(). (renato@) ~ ldpctl.c > Add function that print labels to avoid code duplication. > In addition to that, print "exp-null" instead of "0" or "2". (renato@) ~ Makefile ~ ldpctl.8 ~ ldpctl.c ~ parser.c ~ parser.h > Sync with the latest IPv6 bits in ldpd(8). (renato@) ~ ldpctl.8 ~ ldpctl.c ~ parser.c ~ parser.h > Introduce the 'ldpctl clear neighbors' command. (renato@) ldpd ~ control.c ~ packet.c > Call accept_unpause() when any TCP socket is closed. > We were calling accept_unpause() only when an LDP session is shut > down. But, during the LDP session establishment process, we may have > TCP sockets that are not associated with any neighbor. If we close one > of these sockets, we must call accept_unpause() too. (renato@) ~ control.c ~ ldpe.c > Call accept_del() on exit. (renato@) ~ control.c > imsg_* returns ssize_t > Pulled from ospfd. Original author: claudio@ (renato@) ~ ldpd.h ~ ldpe.c > Explicitly close the pfkey socket on exit. (renato@) ~ pfkey.c > Pull explicit_bzero patch from bgpd. > Original author: Michael McConville. (renato@) ~ ldpd.8 > Update section of supported standards in the manpage. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ labelmapping.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ ldpe.c ~ log.c ~ neighbor.c ~ notification.c ~ packet.c > Replace manually written function names with __func__. (renato@) ~ kroute.c > Don't try to install pseudowires of unknown type. (renato@) ~ ldpe.c > Clear the configuration before closing the network sockets. > This fixes some errors and warnings when ldpd is shutting down. (renato@) ~ log.c > Fix logging of wildcard label mappings. > If snprintf fails, a value less than 0 is returned. (renato@) ~ parse.y > Bring in the findeol() fix from pfctl. > Pulled from ospfd. Original author: henning@ (renato@) ~ parse.y > Fix router-id selection if static router-id is not given. > First convert IP addresses to host byte-order before checking which one > is smaller. Additionally fix the check to find the lowest configured IP > as suggested by the RFC. > Pulled from ospfd. Original author: claudio@ (renato@) ~ ldpd.conf.5 ~ parse.y > Add support for including additional configuration files. > Pulled from ospfd. Original author: dlg@ (renato@) ~ ldpd.conf.5 > Sort configuration options in ldpd.conf(5). (renato@) ~ kroute.c > Filter our RTM_GET messages which are not from us. > Pulled from ospfd. Original author: claudio@ (renato@) ~ init.c ~ ldpd.c ~ ldpd.conf.5 ~ ldpe.h ~ neighbor.c ~ parse.y ~ printconf.c > Allow setting the session holdtime per neighbor. (renato@) ~ hello.c ~ init.c ~ ldpd.c ~ ldpd.conf.5 ~ ldpe.c ~ ldpe.h ~ neighbor.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c > Add knob to configure the transport address. > This will be especially important when we add support for IPv6, because > we'll not be able to use the router-id as the transport-address in > this case. (renato@) ~ adjacency.c ~ interface.c ~ l2vpn.c ~ lde.c ~ ldp.h ~ ldpd.c ~ ldpe.c ~ ldpe.h ~ log.c ~ neighbor.c ~ packet.c ~ printconf.c > Move some code around. > This patch doesn't introduce any logical change. (renato@) ~ address.c ~ interface.c ~ neighbor.c > We don't need a separate function for sending address withdraws. > Address and Address Withdraw messages have the exact same format, only > their type is different. (renato@) ~ ldpe.c > pledge() earlier on ldpe. (renato@) ~ hello.c ~ ldp.h ~ ldpd.conf.5 > Validate received hello holdtime and keepalive time. > Refuse a keepalive time of zero because it's invalid. For the hello > holdtime, zero is valid and means infinite. > Additionally, refuse values smaller than three for both the keepalive > timer and the hello holdtime. The keepalive/hello interval is calculated > as one third of their holdtime, which means that if the holdtime is one > or two, the calculated interval would be zero using integer arithmetic. > If anyone wants to use such a small holdtime, he or she should use > BFD instead. (renato@) ~ ldpd.c > Split merge_config() into smaller functions to improve readability. > The merge code will get bigger when we introduce IPv6 support, so we > better prepare the ground for it. (renato@) ~ adjacency.c ~ interface.c ~ neighbor.c > Remove duplicated code in timer functions. (renato@) ~ init.c ~ neighbor.c ~ notification.c > Fix issue with the exponential backoff timer. > Do not start the exponential backoff timer when playing the passive role > of the session establishment process. > RFC 5036 - Section 2.5.3 says: > "The specific session establishment action that must be > delayed is the attempt to open the session transport connection by > the LSR playing the active role". (renato@) ~ init.c ~ packet.c > Respect the received Max PDU Length field. (renato@) ~ address.c ~ hello.c ~ init.c ~ keepalive.c ~ labelmapping.c ~ ldp.h ~ notification.c ~ packet.c > Improve the parser of TCP/session packets. > Add more safeguards against malformed packets and fix existing ones. Also, > rename a few variables and constants to match their real meaning. For > example, rename gen_msg_tlv() to gen_msg_hdr() because this function > generates an LDP header, not a TLV. > Finally, clean-up all the send_* functions so they all follow the same > pattern. (renato@) ~ packet.c > Don't ignore notification messages before the session is operational. > This was preventing us from triggering the backoff exponential timer > after receiving a 'No Hello' notification. (renato@) ~ Makefile ~ hello.c ~ ldpd.h ~ packet.c ~ parse.y + util.c > Several improvements in the parsing of UDP/Hello packets. > * Fix check of the packet's size and the "PDU Length" field; > * Add check for the "Message Length" field; > * Check for invalid labelspace earlier. > * Use if_lookup() on disc_recv_iface() to reduce one level of identation; > Additionally, add the following safeguards: > * Check for unicast link hellos; > * Check for multicast targeted hellos; > * Validate packet's source address; > * Validate received transport-address. > Put the ancillary function bad_ip_addr() into a new file, util.c, which > will be used later for several other things. (renato@) ~ ldp.h ~ ldpd.h > Remove unused code. (renato@) ~ labelmapping.c ~ lde.c ~ lde_lib.c ~ ldp.h ~ log.c ~ notification.c > Rename a few constants to avoid confusion. > In ldpd we have the map structure, which is used to represent a label > message, > and the fec structure, used to store FECs in the LIB. > As of now, ldpd supports two type of FECs: > * IPv4 prefix (FEC_TYPE_IPV4); > * PWID (FEC_TYPE_PWID). > For the label messages, the following contants were being used: > * FEC_WILDCARD; > * FEC_PREFIX (IPv4 or IPv6); > * FEC_PWID. > Since these contants have similar names to the previous ones, rename > them to: > * MAP_TYPE_WILDCARD; > * MAP_TYPE_PREFIX; > * MAP_TYPE_PWID. (renato@) ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ parse.y ~ printconf.c > More renaming. > Rename a few more things to improve readability. > * s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) > * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) > * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) > * s/lde_nbr_address/lde_addr/ (shorter) > * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) > * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) > * s/ldp_sendboth/main_imsg_compose_both/ (consistency) > * s/cons/total/ (makes more sense) > * s/kaddr/ka/ (consistency with remaining code) > * Always use 'ln' for lde_nbrs (consistency) (renato@) ~ ldpe.h ~ neighbor.c ~ notification.c ~ packet.c > Rework the way we handle income connection requests. > The logic of the previous code was to accept all TCP connection requests > (destined to port 646) and create a tcp_conn structure for each them. Once > the first packet of a connection was received, we would analyze the > LDP Initialization message and identify its origin by looking at the > LSR-ID field. > When parsing a received TCP packet, we would need to distinguish between > two cases: tcp packet from an LDP neighbor and tcp packet from a newborn > connection (not associated with any neighbor yet). For this reason, > the session_read() function was quite complicated. > Also, we were not keeping track of the allocated tcp_conn structures. So, > we were subject to memory leaks and even DOS attacks. > With this patch, we also accept all TCP connection requests, but with two > major differences: > * We identify the neighbor by the source address of the SYN > packet. This is possible because we don't support label spaces, so > the transport-address by itself is enough to identify a neighbor, > we don't need to wait for the Initialization message; > * If there's no matching adjacency for this neighbor, then we start a > timer of 5 seconds. If we receive a Hello packet from this neighbor > within this interval, then we stop this timer and move on in > the Initialization state machine. Otherwise, we send a No Hello > Notification message and close the socket. We try to avoid sending > the No Hello notification as much as possible because it triggers the > backoff exponential in the remote peer, which considerably slow down > the session establishment process. > In summary, this new approach allows for a simpler code and fixes the > memory leak problem mentioned before. (renato@) ~ ldpd.c ~ ldpd.conf.5 ~ neighbor.c ~ packet.c ~ parse.y ~ printconf.c > Make neighbor parameters per lsr-id not per transport-address. > With the advent of IPv6 support, a single neighbor can have two different > transport-addresses: one for ipv4 and one for ipv6. In order to define > neighbor-specific parameters in an indistinguishable way, define them > by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep > the same configuration. (renato@) ~ adjacency.c ~ control.c ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ lde.c ~ log.c ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c > Standardize some log messages and fix some inconsistencies. > We were using several different names for the same thing in our log > messages: neighbor, neighbor ID, nbr ID and LSR ID. > Standardize to always use "lsr-id" to refer to a neighbor. > Also: > * Use log_warnx() instead of log_warn() when appropriate; > * Use fatal(x) instead of err(x) when appropriate; > * Fix some inconsistent log messages. (renato@) ~ neighbor.c > Reuse nbr_pending_connect() on nbr_del(). (renato@) ~ labelmapping.c ~ lde_lib.c ~ notification.c ~ pfkey.c > Remove unnecessary break statements. (renato@) ~ adjacency.c ~ interface.c > Simplify removal of targeted neighbors and adjacencies. > Unlink these structures inside their own delete function rather than from > the outside. (renato@) ~ lde_lib.c ~ notification.c > Fix byte order issues with notification messages. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ ldpd.h > Remove unnecessary mirroring of sockets. (renato@) ~ l2vpn.c ~ lde.h ~ ldp.h > Minor adjustments in l2vpn code. > * Define a new constant for the default pseudowire type; > * On l2vpn_new(), initialize the l2vpn lists with LIST_NEW (cosmetic > because the struct was calloc'ed); > * Add a const qualifier to the second parameter of l2vpn_find(); > * Remove l2vpn_if_del() and use just free() instead. (renato@) ~ l2vpn.c ~ parse.y ~ printconf.c > Do not accept incomplete pseudowires in the configuration. > There's no point on keeping in the config something that can not be used, > it just adds unnecessary complexity. Also, it's better to warn the user > that there's something wrong rather than play nice and ignore the problem. > (renato@) ~ l2vpn.c > Check for local label before trying to install pseudowire. > While here, add a comment about ECMP and pseudowires. (renato@) ~ parse.y > clear_config() should only deallocate memory and nothing else. > clear_config() is called when the parser fails (at startup or config > reload). While cleaning up the allocated memory, the parser should not > log anything, after all the daemon's running configuration is untouched. > So, in this case, we se should clear the partial config by hand and > avoid functions like if_del(). (renato@) ~ labelmapping.c ~ lde.c ~ lde_lib.c > Make send_labelmessage() more robust. > Immediately return from this function if the given list of mappings > is empty. This way we have more freedom when sending label messages, > not having to care with corner cases. (renato@) ~ labelmapping.c > Fix check of when a wildcard group PW-ID FEC is valid or not. > In addition to label mappings, wildcard group PW-ID FECs are invalid in > label requests and label abort requests too. (renato@) ~ ldpd.h > Fix warnings when compiling with -pedantic. (renato@) ~ ldpd.h > Release allocated memory before exiting. (renato@) ~ lde.c > Remove protection that was prevent pseudowires to be updated in the kernel. > During the setup of a pseudowire, it might change its parameters > (e.g. control-word) once the negotiation with the remote peer is done. > (renato@) ~ lde_lib.c > Fix bug in the processing of label withdraws and releases. > The F_MAP_PW_ID flag is only set for PW-ID mappings, which means that we > were ignoring all label withdraws and label releases for non PW-ID FECs. > (renato@) ~ l2vpn.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ log.c ~ notification.c ~ parse.y ~ printconf.c > Rework L2VPN code. (renato@) ~ neighbor.c > Fix fd leak in error path. (renato@) ~ Makefile ~ interface.c ~ ldpd.h ~ packet.c + socket.c > Move setsockopt helper functions to a separate file. > IPv6 support is coming and we don't want to pollute the interface.c file > with too many of these helper functions. > Also, rename these functions from if_set_* to sock_set_*. (renato@) ~ Makefile ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c ~ util.c > Fix mess caused by my commit script. > I screwed up everything... trying to fix now. (renato@) ~ ldpd.h ~ ldpe.c ~ socket.c > Move socket creation and setup into a specialized function. > Right now we use three network sockets in ldpd: > * the discovery socket (udp+mcast); > * the extended discovery socket (udp); > * the session socket (tcp). > When we introduce IPv6 support, we'll get three more sockets. In order > to prevent code duplication in the future, add a specialized function > that creates a socket according to the given type (and address-family > later). This also improves readability because it makes it easier to > see the differences between each socket. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ kroute.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ neighbor.c ~ parse.y ~ pfkey.c > Copy structs by assignment instead of memcpy. > Copying by straight assignment is shorter, easier to read and has a > higher level of abstraction. We'll only avoid it when copying from an > unaligned source (e.g., network buffers). > In addition, copy in_addr structs directly. (renato@) ~ l2vpn.c ~ lde.c ~ parse.y > Fix bugs in pseudowire parameters negotiation. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ l2vpn.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ socket.c > Create network sockets on the parent process. > We drop our privileges in ldpe right after we create the network sockets. > The problem is that we might want to change the transport-address and > reload the config, in which case we need new sockets. To allow that, > always create the network sockets in the parent process and pass them > to ldpe via imsg. (renato@) ~ lde_lib.c > Reuse lde_address_find() inside lde_check_mapping(). (renato@) ~ ldpe.c > Add an exception for kernels built without PFKEYv2 support. (renato@) ~ l2vpn.c ~ lde.h ~ ldpd.c ~ ldpe.c ~ parse.y > Don't create l2vpn targeted neighbors inside the config parser. > When removing a configured pseudowire, we remove the associated tnbr > in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it > makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things > consistent. (renato@) ~ interface.c ~ kroute.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h > Several fixes in the config reload handling. (renato@) ~ adjacency.c ~ interface.c ~ ldpd.c ~ ldpe.c ~ ldpe.h ~ parse.y > Enable changing the router-id via config reload. > Now ldpd can start without a router-id, since it can be set later. Since > a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors > will check for a valid router-id in order to be activated. > When the router-id is changed, all the neighborships are reset. (renato@) ~ ldpd.h ~ socket.c > Use SO_BINDANY before binding sockets to the transport-address. > This allows ldpd to start on a system without any IP address and bind > to the transport-address successfully. Without this patch, we'd need to > monitor the new addresses from the kernel and create the network sockets > only when the transport-address is available in the system. (renato@) ~ lde_lib.c > Simplify label allocation. > Whenever we lose a route, unset the local label. If the same route is > learned again later, allocate a new label for it. No need to be economic > with labels, it's not worth the added complexity. (renato@) ~ lde.c ~ lde.h ~ lde_lib.c > Introduce a garbage collector for dead entries in the LIB. > If we lose a route and all of its associated labels, then there's no > point on keeping an entry for it in the LIB. (renato@) ~ ldpd.conf.5 > Start sentences on new lines in ldpd.conf(5). (renato@) ~ labelmapping.c > Reject null labels for PW-ID FECs. (renato@) ~ printconf.c > Remove redundant new lines in print_config(). (renato@) ~ Makefile ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ kroute.c ~ l2vpn.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ parse.y ~ printconf.c ~ util.c > Assorted fixes and small cleanup. > Nothing really interesting here. (renato@) ~ address.c ~ adjacency.c ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c ~ util.c > Add support for IPv6 (RFC 7552). > This includes: > * Full compliance to RFC 7552; > * Support for MD5 on LDPov6 sessions; > * Support for pseudowires over IPv6 LSPs (we're probably the world's > first implementation doing this); > * Support for the IPv6 explicit-null label; > * Knob to specify the prefered address-family for TCP transport > connections; > * Knob to use cisco non-compliant format to send and interpret the > Dual-Stack capability TLV. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c > Make functions and variables static whenever possible. > The benefits of this include: > * clean up of the ldpd global namespace; > * improved readability; > * more hints to the compiler/linker to generate more efficient code. > Whenever possible, move global static variables to a smaller scope > (function). > All extern variables are now declared in header files to avoid unnecessary > duplication. > This patch also cleans up the indentation of all function prototypes > and global variables. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c > Remove superfluous includes. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ kroute.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ neighbor.c ~ packet.c ~ parse.y ~ printconf.c > Update copyright information. (renato@) ~ lde.c ~ lde.h ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ parse.y > Improve security by calling exec after fork. > For each child process (lde and ldpe), re-exec ldpd with a special > "per-role" getopt flag. This way we have seperate ASLR/cookies per > process. > Based on a similar patch for bgpd, from claudio@ > Requested by deraadt@ (renato@) ~ control.c ~ ldpd.h ~ ldpe.h ~ neighbor.c > Add support for manually resetting neighbors. (renato@) ~ ldpd.conf.5 > various tweaks; (jmc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
