OpenBSD src changes summary for 2016-07-20 ==========================================
lib/libc regress/usr.sbin sbin/dhclient sbin/iked sbin/sysctl sys/dev sys/dev/pci sys/dev/usb sys/net80211 sys/netinet sys/netinet6 sys/sys usr.bin/mandoc usr.bin/netstat usr.bin/openssl usr.bin/ssh usr.sbin/installboot usr.sbin/switchctl usr.sbin/switchd == lib =============================================================== 01/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/sysctl.3 > Make the size for the syn cache hash array tunable. As we are > swapping between two syn caches for random reseeding anyway, this > feature can be added easily. When the cache is empty, there is an > opportunity to change the hash size. This allows an admin under > SYN flood attack to defend his machine. > Suggested by claudio@; OK jung@ claudio@ jmc@ (bluhm@) == regress =========================================================== 02/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.sbin ~ relayd/README > s/sudo/doas/ (benno@) == sbin ============================================================== 03/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c > As a general rule, fchown before fchmod is a safer order (because many > systems throw away bits upon chown). Not in this case, but code gets > copied.. > ok krw (deraadt@) ~ dhclient.c ~ privsep.h > Shrink priv_write_file() API so that it does less, and the callers ask > it to do less. Discussion with guenther. > ok krw (deraadt@) iked ~ parse.y > When parsing the configuration. initialize the auth structure > correctly, as parse.y's $$ is not zero-initialized. > Found by Rene Ammerlaan > OK markus@ florian@ (reyk@) sysctl ~ sysctl.8 > Make the size for the syn cache hash array tunable. As we are > swapping between two syn caches for random reseeding anyway, this > feature can be added easily. When the cache is empty, there is an > opportunity to change the hash size. This allows an admin under > SYN flood attack to defend his machine. > Suggested by claudio@; OK jung@ claudio@ jmc@ (bluhm@) == sys =============================================================== 04/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev ~ softraid.c > Plug potential leak of device list. > Problem found by Michael McConville. > Tested & ok stsp@ (krw@) dev/pci ~ ehci_pci.c > ATI controllers seem to need the same workaround as VIA controllers. > This should hopefully help people reporting errors with SB700. > From FreeBSD, ok kettenis@, krw@ (mpi@) ~ if_iwn.c > Bring iwn_update_htprot() back, so iwn(4) will properly keep track > of HT protection changes while associated. > HT protection affects behaviour on Tx but is configured along with Rx > settings > (because Intel likes it that way). And our previous iwn_update_htprot() > implementation had a bug where it would accidentally clear bits which > enable > CCK rates for Rx. The Intel Wireless-N 2200 chip accordingly stopped > receiving > some frames (most notably broadcast frames) and the link broke down. > Also, restore the power-saving level after updating the Rx config (like > Linux does), and add some DELAYs for good measure to ensure the firmware > has time to process asynchronous commands we send. > tested by myself and mlarkin@ > ok mlarkin@ (stsp@) ~ if_iwn.c > Make the iwn(4) LED flash 10 times slower in monitor mode. > Makes running monitor mode over extended periods of time much less > annoying. > ok benno@ (stsp@) ~ if_iwm.c ~ if_iwmreg.h > Disable the beacon filter in iwm(4). This allows beacons to pass through to > the stack while associated, which in turn makes it possible to keep track > of > HT protection changes. > ok mpi@ (stsp@) dev/usb ~ ehci.c > ATI controllers seem to need the same workaround as VIA controllers. > This should hopefully help people reporting errors with SB700. > From FreeBSD, ok kettenis@, krw@ (mpi@) ~ if_ral.c > Unbreak ural(4), which had been dropping frames on Tx while > the IFF_RUNNING flag was set since last November (r1.138). > Apparently nobody is using this driver, except for martijn@. > Fix tested by martijn@ and myself. > ok dlg@ (stsp@) net80211 ~ ieee80211_proto.c > In net80211, enable RTS for frames above a particular size (currently 512 > bytes). This is what other OS have been doing for years. In our stack this > feature was present but disabled at compile-time by an #ifdef. > This is a low risk change because drivers were already required to use RTS > whenever the AP set the USE_PROTECTION flag in ERP elements of its beacons. > This change allows for reasonable throughput on loaded 11g networks > whereas before they were practically unusable. > tests and ok phessler@ (stsp@) netinet ~ tcp_input.c ~ tcp_usrreq.c ~ tcp_var.h > Make the size for the syn cache hash array tunable. As we are > swapping between two syn caches for random reseeding anyway, this > feature can be added easily. When the cache is empty, there is an > opportunity to change the hash size. This allows an admin under > SYN flood attack to defend his machine. > Suggested by claudio@; OK jung@ claudio@ jmc@ (bluhm@) ~ in_pcb.c ~ in_pcb.h ~ udp_usrreq.c > Split in6_selectsrc() into a low-level part and a pcb-level part, and > convert in_selectsrc() prototype to match. > Ok bluhm@ mpi@. (vgross@) ~ tcp_usrreq.c ~ tcp_var.h > To tune the TCP SYN cache we need more information. Print the > relevant counters with netstat -s -p tcp. > OK henning@ (bluhm@) netinet6 ~ icmp6.c ~ in6_pcb.c ~ in6_src.c ~ ip6_var.h ~ nd6_nbr.c ~ raw_ip6.c ~ udp6_output.c > Split in6_selectsrc() into a low-level part and a pcb-level part, and > convert in_selectsrc() prototype to match. > Ok bluhm@ mpi@. (vgross@) sys ~ malloc.h > Make the size for the syn cache hash array tunable. As we are > swapping between two syn caches for random reseeding anyway, this > feature can be added easily. When the cache is empty, there is an > opportunity to change the hash size. This allows an admin under > SYN flood attack to defend his machine. > Suggested by claudio@; OK jung@ claudio@ jmc@ (bluhm@) == usr.bin =========================================================== 05/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ tag.c > tag_signal() is dead; from LLVM via Christos Zoulas (schwarze@) netstat ~ inet.c ~ main.c ~ netstat.h > To tune the TCP SYN cache we need more information. Print the > relevant counters with netstat -s -p tcp. > OK henning@ (bluhm@) openssl ~ openssl.1 > strip back openssl ciphers: > - rearrange the descriptions of -V and -v to read more logically > - move the cipherlist text into the cipherlist description > - zap examples (jmc@) ssh ~ readconf.c > Do not clobber the global jump_host variables when parsing an inactive > configuration. ok djm@ (naddy@) == usr.sbin ========================================================== 06/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin installboot ~ Makefile > Use more compact idiom to select architecture dependent files to compile. > No > intentional functional change. > Diff from Miod. > ok millert@ deraadt@ (krw@) switchctl ~ switchctl.c > pledge switchctl (reyk@) switchd ~ switchd.conf.5 > Fix typo > from Atzm Watanabe (yasuoka@) ~ switchd.c ~ switchd.h > Add a -n flag to check the configuration and exit. Matches what almost > all the other daemons do. > ok reyk@ (jsg@) ~ Makefile > Fix dependencies of generated map files. (reyk@) ~ ofp.c ~ ofp10.c ~ ofp13.c ~ ofp_map.h ~ switchd.h > Update OpenFlow 1.3 stub based on the 1.0 code. (reyk@) ~ genmap.sh ~ ofp.h ~ ofp13.c ~ ofp_map.h > Parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match) - > no action yet. (reyk@) ~ packet.c ~ switch.c ~ switchd.h > Handle ports as uint32_t instead of in_port_t: OpenFlow 1.0 used 16bit > ports, but later versions switched to 32bit ports (for the case that a > virtual switch has more than 65535 switch ports, of course). (reyk@) ~ control.c ~ ofcconn.c ~ ofp.c ~ switchd.c ~ switchd.h > pledge(2) all the switchd processes. (reyk@) ~ ofcconn.c ~ ofp.c > fix typos in comments (reyk@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
