Re: [patch] wpi(4): add promiscuous mode
On Mon, Jul 09, 2012 at 02:18:48AM +0300, Lazaros Koromilas wrote:
> On Sun, Jul 08, 2012 at 01:31:43PM -0400, Kenneth R Westerback wrote:
> > On Sun, Jul 08, 2012 at 07:17:21PM +0200, Stefan Sperling wrote:
> > > On Sun, Jul 08, 2012 at 08:00:28PM +0300, Lazaros Koromilas wrote:
> > > > On Sun, Jul 08, 2012 at 10:59:09AM +0200, Stefan Sperling wrote:
> > > > > The linux driver ("iwlegacy") doesn't run this command in async mode.
> > > > > Is there a reason why you're passing 1 for the last param, i.e. not
> > > > > waiting for a command-complete interrupt when sending
> > > > > WPI_CMD_ASSOCIATE?
> > > >
> > > > Not really, no. Fixed that. I added printing because all sync
> > > > command calls are handled this way, but can be removed if it's
> > > > not acceptable.
> > >
> > > I think that printf() is fine.
> > >
> > > > > You don't need all of if_flags, just the IFF_PROMISC bit.
> > > > > Why not add a new flag to sc->sc_flags and use that instead?
> > > >
> > > > You are right, I originally added the extra sc_if_flags in order to XOR
> > > > with if_flags and detect the promisc status change. Does this logic
> > > > seem simpler/better? Also removed the initialization above.
> > >
> > > I don't like this approach because it is adding a new 32bit flags field
> > > to the softc, all for checking a single bit from this flags field,
> > > while the existing sc_flags field has lots of unused bits.
> > >
> > > The xor is cute but usually we just use & to check for flags.
>
> Saw this when studying other if_ drivers and thought so too.
Unfortunately those are bad examples.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: [patch] wpi(4): add promiscuous mode
On Sun, Jul 08, 2012 at 01:31:43PM -0400, Kenneth R Westerback wrote:
> On Sun, Jul 08, 2012 at 07:17:21PM +0200, Stefan Sperling wrote:
> > On Sun, Jul 08, 2012 at 08:00:28PM +0300, Lazaros Koromilas wrote:
> > > On Sun, Jul 08, 2012 at 10:59:09AM +0200, Stefan Sperling wrote:
> > > > The linux driver ("iwlegacy") doesn't run this command in async mode.
> > > > Is there a reason why you're passing 1 for the last param, i.e. not
> > > > waiting for a command-complete interrupt when sending WPI_CMD_ASSOCIATE?
> > >
> > > Not really, no. Fixed that. I added printing because all sync
> > > command calls are handled this way, but can be removed if it's
> > > not acceptable.
> >
> > I think that printf() is fine.
> >
> > > > You don't need all of if_flags, just the IFF_PROMISC bit.
> > > > Why not add a new flag to sc->sc_flags and use that instead?
> > >
> > > You are right, I originally added the extra sc_if_flags in order to XOR
> > > with if_flags and detect the promisc status change. Does this logic
> > > seem simpler/better? Also removed the initialization above.
> >
> > I don't like this approach because it is adding a new 32bit flags field
> > to the softc, all for checking a single bit from this flags field,
> > while the existing sc_flags field has lots of unused bits.
> >
> > The xor is cute but usually we just use & to check for flags.
Saw this when studying other if_ drivers and thought so too.
>
> Or ISSET()!
:)
>
> Ken
>
> >
> > So adding, say, WPI_FLAG_PROMISC to sc_flags and then cross-checking
> > that with the IFF_PROMISC flag will look nicer IMO.
Diff updated.
Index: if_wpivar.h
===
RCS file: /cvs/src/sys/dev/pci/if_wpivar.h,v
retrieving revision 1.23
diff -u -p -r1.23 if_wpivar.h
--- if_wpivar.h 7 Sep 2010 16:21:45 - 1.23
+++ if_wpivar.h 8 Jul 2012 22:57:59 -
@@ -143,6 +143,7 @@ struct wpi_softc {
u_int sc_flags;
#define WPI_FLAG_HAS_5GHZ (1 << 0)
#define WPI_FLAG_BUSY (1 << 1)
+#define WPI_FLAG_PROMISC (1 << 2)
/* Shared area. */
struct wpi_dma_info shared_dma;
Index: if_wpi.c
===
RCS file: /cvs/src/sys/dev/pci/if_wpi.c,v
retrieving revision 1.110
diff -u -p -r1.110 if_wpi.c
--- if_wpi.c2 Jun 2011 18:36:53 - 1.110
+++ if_wpi.c8 Jul 2012 22:58:00 -
@@ -120,6 +120,7 @@ int wpi_ioctl(struct ifnet *, u_long, c
intwpi_cmd(struct wpi_softc *, int, const void *, int, int);
intwpi_mrr_setup(struct wpi_softc *);
void wpi_updateedca(struct ieee80211com *);
+intwpi_set_promisc(struct wpi_softc *);
void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
intwpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
void wpi_power_calibration(struct wpi_softc *);
@@ -2002,7 +2003,15 @@ wpi_ioctl(struct ifnet *ifp, u_long cmd,
/* FALLTHROUGH */
case SIOCSIFFLAGS:
if (ifp->if_flags & IFF_UP) {
- if (!(ifp->if_flags & IFF_RUNNING))
+ if (ifp->if_flags & IFF_RUNNING) {
+ if (((ifp->if_flags & IFF_PROMISC) &&
+!(sc->sc_flags & WPI_FLAG_PROMISC)) ||
+ (!(ifp->if_flags & IFF_PROMISC) &&
+(sc->sc_flags & WPI_FLAG_PROMISC))) {
+ error = wpi_set_promisc(sc);
+ sc->sc_flags ^= WPI_FLAG_PROMISC;
+ }
+ } else
error = wpi_init(ifp);
} else {
if (ifp->if_flags & IFF_RUNNING)
@@ -2203,6 +2212,34 @@ wpi_updateedca(struct ieee80211com *ic)
}
(void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
#undef WPI_EXP2
+}
+
+int
+wpi_set_promisc(struct wpi_softc *sc)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ifnet *ifp = &ic->ic_if;
+ struct wpi_assoc cmd;
+ int error;
+
+ if (ifp->if_flags & IFF_PROMISC)
+ sc->rxon.filter |= htole32(WPI_FILTER_PROMISC |
+ WPI_FILTER_CTL);
+ else
+ sc->rxon.filter &= ~htole32(WPI_FILTER_PROMISC |
+ WPI_FILTER_CTL);
+
+ memset(&cmd, 0, sizeof cmd);
+ cmd.flags = sc->rxon.flags;
+ cmd.filter = sc->rxon.filter;
+ cmd.ofdm_mask = sc->rxon.ofdm_mask;
+ cmd.cck_mask = sc->rxon.cck_mask;
+ error = wpi_cmd(sc, WPI_CMD_ASSOCIATE, &cmd, sizeof cmd, 0);
+ if (error != 0) {
+ printf("%s: could not set filter\n", sc->sc_dev.dv_xname);
+ return error;
+ }
+ return 0;
}
void
PCI IDs for Ivy Bridge board
The patch below adds PCI IDs for the five (previously) "unknown" devices on my Panther Point / Z77-chipset motherboard. dmesg follows diff. Seth Index: pcidevs === RCS file: /cvsroot/OpenBSD/src/sys/dev/pci/pcidevs,v retrieving revision 1.1651 diff -u -p -r1.1651 pcidevs --- pcidevs 8 Jul 2012 09:48:38 - 1.1651 +++ pcidevs 8 Jul 2012 21:30:15 - @@ -2370,6 +2370,7 @@ product INTEL CORE2G_GT2 0x0112 HD Graph product INTEL CORE2G_M_GT2 0x0116 HD Graphics 3000 product INTEL CORE2G_GT2_PLUS 0x0122 HD Graphics 3000 product INTEL CORE2G_M_GT2_PLUS0x0126 HD Graphics 3000 +productINTEL XEONE3_1200_HB_1 0x0150 Xeon E3-1200 2G/3G Host product INTEL CORE3G_D_GT1 0x0152 HD Graphics 2500 productINTEL CORE3G_M_HB 0x0154 Core 3G Host product INTEL CORE3G_M_GT1 0x0156 HD Graphics 2500 @@ -2697,7 +2698,8 @@ product INTEL C600_MEI_1 0x1d3a C600 MEI product INTEL C600_MEI_2 0x1d3b C600 MEI product INTEL C600_VPCIE 0x1d3e C600 Virtual PCIE product INTEL C600_LPC 0x1d41 C600 LPC -productINTEL 7SERIES_AHCI 0x1e03 7 Series AHCI +productINTEL 7SERIES_AHCI 0x1e02 7 Series AHCI +productINTEL 7SERIES_AHCI_10x1e03 7 Series AHCI productINTEL 7SERIES_PCIE_10x1e10 7 Series PCIE productINTEL 7SERIES_PCIE_20x1e12 7 Series PCIE productINTEL 7SERIES_PCIE_30x1e14 7 Series PCIE @@ -2712,6 +2714,7 @@ product INTEL 7SERIES_EHCI_10x1e26 7 Se productINTEL 7SERIES_EHCI_20x1e2d 7 Series USB productINTEL 7SERIES_MEI_1 0x1e3a 7 Series MEI productINTEL 7SERIES_MEI_2 0x1e3b 7 Series MEI +productINTEL 7SERIES_LPC 0x1e44 Z77 Express LPC productINTEL QM77_LPC 0x1e55 QM77 LPC product INTEL 82801AA_LPC 0x2410 82801AA LPC product INTEL 82801AA_IDE 0x2411 82801AA IDE @@ -3586,6 +3589,7 @@ product ITEXPRESS IT8212F 0x8212 IT8212F product ITEXPRESS IT8213F 0x8213 IT8213F product ITEXPRESS IT8330G 0x8330 IT8330G product ITEXPRESS ITF_ISA 0x ITF ISA +product ITEXPRESS IT8892E_ISA 0x8892 IT8892E ISA /* JMicron */ product JMICRON JMC250 0x0250 JMC250 @@ -3788,6 +3792,7 @@ product MARVELL 88SE6141 0x6141 88SE6141 product MARVELL 88SE6145 0x6145 88SE6145 SATA product MARVELL 88SX7042 0x7042 88SX7042 SATA product MARVELL2 88SE9123 0x9123 88SE9123 SATA +product MARVELL2 88SE9172 0x9172 88SE9172 SATA /* Matrox products */ product MATROX ATLAS 0x0518 MGA PX2085 (Atlas) -- dmesg: OpenBSD 5.2-beta (GENERIC.MP) #5: Sun Jul 8 17:20:04 EDT 2012 s...@ivy.crosse.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17072521216 (16281MB) avail mem = 16595693568 (15826MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb5c0 (57 entries) bios0: vendor Intel Corp. version "BHZ7710H.86A.0057.2012.0208.1904" date 02/08/2012 bios0: Intel Corporation DZ77BH-55K acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT acpi0: wakeup devices PS2K(S3) PS2M(S3) CIRP(S3) P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) ITEE(S3) SLT1(S3) SLT2(S3) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S3) EHC2(S3) XHC_(S4) HDEF(S4) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz, 3392.84 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz, 3392.30 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz, 3392.30 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz, 3392.30 MHz cpu3: FPU,VME,DE,PSE,TS
bgpd speedup fix
Found today while wondering why the EOR records take multiple minutes to
be processed by bgpd on a full view.
Found the problem in a commit that is 7.5 years old which should not
monopolise the SE by a single session. Since not all data is processed
done by a single read we end up depending on additional incoming data to
process the remaining data in the buffer.
Split the read part from the data processing and process all peers in the
poll loop after reading in new data. With this the EOR shows up without
needing 4 or so KEEPALIVES trickling in.
OK?
--
:wq Claudio
Index: session.c
===
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.321
diff -u -p -r1.321 session.c
--- session.c 12 Apr 2012 17:26:09 - 1.321
+++ session.c 8 Jul 2012 18:22:53 -
@@ -78,6 +78,7 @@ void session_notification(struct peer *,
ssize_t);
void session_rrefresh(struct peer *, u_int8_t);
intsession_dispatch_msg(struct pollfd *, struct peer *);
+intsession_process_msg(struct peer *);
intparse_header(struct peer *, u_char *, u_int16_t *, u_int8_t *);
intparse_open(struct peer *);
intparse_update(struct peer *);
@@ -448,6 +449,9 @@ session_main(int pipe_m2s[2], int pipe_s
events = POLLIN;
if (p->wbuf.queued > 0 || p->state == STATE_CONNECT)
events |= POLLOUT;
+ /* is there still work to do? */
+ if (p->rbuf->wpos)
+ timeout = 0;
/* poll events */
if (p->fd != -1 && events != 0) {
@@ -548,6 +552,10 @@ session_main(int pipe_m2s[2], int pipe_s
nfds -= session_dispatch_msg(&pfd[j],
peer_l[j - idx_listeners]);
+ for (p = peers; p != NULL; p = p->next)
+ if (p->rbuf && p->rbuf->wpos)
+ session_process_msg(p);
+
for (; nfds > 0 && j < idx_mrts; j++)
if (pfd[j].revents & POLLOUT) {
nfds--;
@@ -1575,11 +1583,9 @@ session_rrefresh(struct peer *p, u_int8_
int
session_dispatch_msg(struct pollfd *pfd, struct peer *p)
{
- ssize_t n, rpos, av, left;
+ ssize_t n;
socklen_t len;
- int error, processed = 0;
- u_int16_t msglen;
- u_int8_tmsgtype;
+ int error;
if (p->state == STATE_CONNECT) {
if (pfd->revents & POLLOUT) {
@@ -1649,71 +1655,83 @@ session_dispatch_msg(struct pollfd *pfd,
return (1);
}
- rpos = 0;
- av = p->rbuf->wpos + n;
+ p->rbuf->wpos += n;
p->stats.last_read = time(NULL);
+ return (1);
+ }
+ return (0);
+}
- /*
-* session might drop to IDLE -> buffers deallocated
-* we MUST check rbuf != NULL before use
-*/
- for (;;) {
- if (rpos + MSGSIZE_HEADER > av)
- break;
- if (p->rbuf == NULL)
- break;
- if (parse_header(p, p->rbuf->buf + rpos, &msglen,
- &msgtype) == -1)
- return (0);
- if (rpos + msglen > av)
- break;
- p->rbuf->rptr = p->rbuf->buf + rpos;
+int
+session_process_msg(struct peer *p)
+{
+ ssize_t rpos, av, left;
+ int processed = 0;
+ u_int16_t msglen;
+ u_int8_tmsgtype;
- switch (msgtype) {
- case OPEN:
- bgp_fsm(p, EVNT_RCVD_OPEN);
- p->stats.msg_rcvd_open++;
- break;
- case UPDATE:
- bgp_fsm(p, EVNT_RCVD_UPDATE);
- p->stats.msg_rcvd_update++;
- break;
- case NOTIFICATION:
- bgp_fsm(p, EVNT_RCVD_NOTIFICATION);
- p->stats.msg_rcvd_notification++;
- break;
- case KEEPALIVE:
- bgp_fsm(p, EVNT_RCVD_KEEPALIVE);
- p->stats.msg_rcvd_keepalive++;
- break;
- case RREFRESH:
- parse_refresh(p);
- p->stats.msg_rcvd_rrefresh++;
- break;
- default:/* cannot happen */
-
Re: ipv6 /sbin/route prefixlen annoyance
On Sun, Jul 08, 2012 at 08:13:08PM +0200, Sebastian Benoit wrote: > Consider > > route add -inet6 -prefixlen 64 2a00:cafe::: -prefixlen 56 ::1 > > This currently works (sets the route with /56), as does > > route add -inet6 -prefixlen 56 2a00:cafe::: ::1 > > (sets the route with /64). > > patch: > > * dissallow use of argument -prefixlen twice > > * when -prefixlen is given before an ipv6 destination, > the prefixlen argument is is used instead of implicit /64 inet4 silently ignores -prefixlen before the prefix: [florian@openbsd:~]$ sudo route add -inet -prefixlen 23 10.123.0.0 127.0.0.1 add host 10.123.0.0: gateway 127.0.0.1 [florian@openbsd:~]$ route -n get 10.123.0.0 route to: 10.123.0.0 destination: 10.123.0.0 gateway: 127.0.0.1 interface: lo0 if address: 127.0.0.1 priority: 8 (static) flags: use mtuexpire 0 33196 0 > > /Benno > -- I'm not entirely sure you are real.
ipv6 /sbin/route prefixlen annoyance
Consider
route add -inet6 -prefixlen 64 2a00:cafe::: -prefixlen 56 ::1
This currently works (sets the route with /56), as does
route add -inet6 -prefixlen 56 2a00:cafe::: ::1
(sets the route with /64).
patch:
* dissallow use of argument -prefixlen twice
* when -prefixlen is given before an ipv6 destination,
the prefixlen argument is is used instead of implicit /64
/Benno
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.156
diff -u -p -r1.156 route.c
--- route.c 17 Mar 2012 10:16:40 - 1.156
+++ route.c 8 Jul 2012 18:10:01 -
@@ -71,6 +71,7 @@ int rtm_addrs, s;
intforcehost, forcenet, Fflag, nflag, af, qflag, tflag, Tflag;
intiflag, verbose, aflen = sizeof(struct sockaddr_in);
intlocking, lockrest, debugonly;
+intseenprefixlen = 0;
u_long mpls_flags = MPLS_OP_LOCAL;
u_long rtm_inits;
uid_t uid;
@@ -550,6 +551,9 @@ newroute(int argc, char **argv)
case K_PREFIXLEN:
if (!--argc)
usage(1+*argv);
+ if (seenprefixlen)
+ errx(1, "cannot set prefixlen twice");
+ seenprefixlen = 1;
ishost = prefixlen(*++argv);
break;
case K_MPATH:
@@ -755,6 +759,9 @@ inet6_makenetandmask(struct sockaddr_in6
if (!plen || strcmp(plen, "128") == 0)
return (1);
else {
+ if (rtm_addrs & RTA_NETMASK) {
+ return (0);
+ }
rtm_addrs |= RTA_NETMASK;
prefixlen(plen);
return (0);
Re: [patch] wpi(4): add promiscuous mode
On Sun, Jul 08, 2012 at 07:17:21PM +0200, Stefan Sperling wrote:
> On Sun, Jul 08, 2012 at 08:00:28PM +0300, Lazaros Koromilas wrote:
> > On Sun, Jul 08, 2012 at 10:59:09AM +0200, Stefan Sperling wrote:
> > > The linux driver ("iwlegacy") doesn't run this command in async mode.
> > > Is there a reason why you're passing 1 for the last param, i.e. not
> > > waiting for a command-complete interrupt when sending WPI_CMD_ASSOCIATE?
> >
> > Not really, no. Fixed that. I added printing because all sync
> > command calls are handled this way, but can be removed if it's
> > not acceptable.
>
> I think that printf() is fine.
>
> > > You don't need all of if_flags, just the IFF_PROMISC bit.
> > > Why not add a new flag to sc->sc_flags and use that instead?
> >
> > You are right, I originally added the extra sc_if_flags in order to XOR
> > with if_flags and detect the promisc status change. Does this logic
> > seem simpler/better? Also removed the initialization above.
>
> I don't like this approach because it is adding a new 32bit flags field
> to the softc, all for checking a single bit from this flags field,
> while the existing sc_flags field has lots of unused bits.
>
> The xor is cute but usually we just use & to check for flags.
Or ISSET()!
Ken
>
> So adding, say, WPI_FLAG_PROMISC to sc_flags and then cross-checking
> that with the IFF_PROMISC flag will look nicer IMO.
>
> >
> >
> > Index: if_wpivar.h
> > ===
> > RCS file: /cvs/src/sys/dev/pci/if_wpivar.h,v
> > retrieving revision 1.23
> > diff -u -p -r1.23 if_wpivar.h
> > --- if_wpivar.h 7 Sep 2010 16:21:45 - 1.23
> > +++ if_wpivar.h 8 Jul 2012 16:45:14 -
> > @@ -144,6 +144,8 @@ struct wpi_softc {
> > #define WPI_FLAG_HAS_5GHZ (1 << 0)
> > #define WPI_FLAG_BUSY (1 << 1)
> >
> > + int sc_if_flags;
> > +
> > /* Shared area. */
> > struct wpi_dma_info shared_dma;
> > struct wpi_shared *shared;
> > Index: if_wpi.c
> > ===
> > RCS file: /cvs/src/sys/dev/pci/if_wpi.c,v
> > retrieving revision 1.110
> > diff -u -p -r1.110 if_wpi.c
> > --- if_wpi.c2 Jun 2011 18:36:53 - 1.110
> > +++ if_wpi.c8 Jul 2012 16:45:15 -
> > @@ -120,6 +120,7 @@ int wpi_ioctl(struct ifnet *, u_long, c
> > intwpi_cmd(struct wpi_softc *, int, const void *, int,
> > int);
> > intwpi_mrr_setup(struct wpi_softc *);
> > void wpi_updateedca(struct ieee80211com *);
> > +intwpi_set_promisc(struct wpi_softc *);
> > void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t,
> > uint8_t);
> > intwpi_set_timing(struct wpi_softc *, struct
> > ieee80211_node *);
> > void wpi_power_calibration(struct wpi_softc *);
> > @@ -2002,12 +2003,17 @@ wpi_ioctl(struct ifnet *ifp, u_long cmd,
> > /* FALLTHROUGH */
> > case SIOCSIFFLAGS:
> > if (ifp->if_flags & IFF_UP) {
> > - if (!(ifp->if_flags & IFF_RUNNING))
> > + if (ifp->if_flags & IFF_RUNNING) {
> > + if ((ifp->if_flags ^ sc->sc_if_flags) &
> > + IFF_PROMISC)
> > + error = wpi_set_promisc(sc);
> > + } else
> > error = wpi_init(ifp);
> > } else {
> > if (ifp->if_flags & IFF_RUNNING)
> > wpi_stop(ifp, 1);
> > }
> > + sc->sc_if_flags = ifp->if_flags;
> > break;
> >
> > case SIOCADDMULTI:
> > @@ -2203,6 +2209,34 @@ wpi_updateedca(struct ieee80211com *ic)
> > }
> > (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
> > #undef WPI_EXP2
> > +}
> > +
> > +int
> > +wpi_set_promisc(struct wpi_softc *sc)
> > +{
> > + struct ieee80211com *ic = &sc->sc_ic;
> > + struct ifnet *ifp = &ic->ic_if;
> > + struct wpi_assoc cmd;
> > + int error;
> > +
> > + if (ifp->if_flags & IFF_PROMISC)
> > + sc->rxon.filter |= htole32(WPI_FILTER_PROMISC |
> > + WPI_FILTER_CTL);
> > + else
> > + sc->rxon.filter &= ~htole32(WPI_FILTER_PROMISC |
> > + WPI_FILTER_CTL);
> > +
> > + memset(&cmd, 0, sizeof cmd);
> > + cmd.flags = sc->rxon.flags;
> > + cmd.filter = sc->rxon.filter;
> > + cmd.ofdm_mask = sc->rxon.ofdm_mask;
> > + cmd.cck_mask = sc->rxon.cck_mask;
> > + error = wpi_cmd(sc, WPI_CMD_ASSOCIATE, &cmd, sizeof cmd, 0);
> > + if (error != 0) {
> > + printf("%s: could not set filter\n", sc->sc_dev.dv_xname);
> > + return error;
> > + }
> > + return 0;
> > }
> >
> > void
Re: [patch] wpi(4): add promiscuous mode
On Sun, Jul 08, 2012 at 08:00:28PM +0300, Lazaros Koromilas wrote:
> On Sun, Jul 08, 2012 at 10:59:09AM +0200, Stefan Sperling wrote:
> > The linux driver ("iwlegacy") doesn't run this command in async mode.
> > Is there a reason why you're passing 1 for the last param, i.e. not
> > waiting for a command-complete interrupt when sending WPI_CMD_ASSOCIATE?
>
> Not really, no. Fixed that. I added printing because all sync
> command calls are handled this way, but can be removed if it's
> not acceptable.
I think that printf() is fine.
> > You don't need all of if_flags, just the IFF_PROMISC bit.
> > Why not add a new flag to sc->sc_flags and use that instead?
>
> You are right, I originally added the extra sc_if_flags in order to XOR
> with if_flags and detect the promisc status change. Does this logic
> seem simpler/better? Also removed the initialization above.
I don't like this approach because it is adding a new 32bit flags field
to the softc, all for checking a single bit from this flags field,
while the existing sc_flags field has lots of unused bits.
The xor is cute but usually we just use & to check for flags.
So adding, say, WPI_FLAG_PROMISC to sc_flags and then cross-checking
that with the IFF_PROMISC flag will look nicer IMO.
>
>
> Index: if_wpivar.h
> ===
> RCS file: /cvs/src/sys/dev/pci/if_wpivar.h,v
> retrieving revision 1.23
> diff -u -p -r1.23 if_wpivar.h
> --- if_wpivar.h 7 Sep 2010 16:21:45 - 1.23
> +++ if_wpivar.h 8 Jul 2012 16:45:14 -
> @@ -144,6 +144,8 @@ struct wpi_softc {
> #define WPI_FLAG_HAS_5GHZ(1 << 0)
> #define WPI_FLAG_BUSY(1 << 1)
>
> + int sc_if_flags;
> +
> /* Shared area. */
> struct wpi_dma_info shared_dma;
> struct wpi_shared *shared;
> Index: if_wpi.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_wpi.c,v
> retrieving revision 1.110
> diff -u -p -r1.110 if_wpi.c
> --- if_wpi.c 2 Jun 2011 18:36:53 - 1.110
> +++ if_wpi.c 8 Jul 2012 16:45:15 -
> @@ -120,6 +120,7 @@ int wpi_ioctl(struct ifnet *, u_long, c
> int wpi_cmd(struct wpi_softc *, int, const void *, int, int);
> int wpi_mrr_setup(struct wpi_softc *);
> void wpi_updateedca(struct ieee80211com *);
> +int wpi_set_promisc(struct wpi_softc *);
> void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
> int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
> void wpi_power_calibration(struct wpi_softc *);
> @@ -2002,12 +2003,17 @@ wpi_ioctl(struct ifnet *ifp, u_long cmd,
> /* FALLTHROUGH */
> case SIOCSIFFLAGS:
> if (ifp->if_flags & IFF_UP) {
> - if (!(ifp->if_flags & IFF_RUNNING))
> + if (ifp->if_flags & IFF_RUNNING) {
> + if ((ifp->if_flags ^ sc->sc_if_flags) &
> + IFF_PROMISC)
> + error = wpi_set_promisc(sc);
> + } else
> error = wpi_init(ifp);
> } else {
> if (ifp->if_flags & IFF_RUNNING)
> wpi_stop(ifp, 1);
> }
> + sc->sc_if_flags = ifp->if_flags;
> break;
>
> case SIOCADDMULTI:
> @@ -2203,6 +2209,34 @@ wpi_updateedca(struct ieee80211com *ic)
> }
> (void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
> #undef WPI_EXP2
> +}
> +
> +int
> +wpi_set_promisc(struct wpi_softc *sc)
> +{
> + struct ieee80211com *ic = &sc->sc_ic;
> + struct ifnet *ifp = &ic->ic_if;
> + struct wpi_assoc cmd;
> + int error;
> +
> + if (ifp->if_flags & IFF_PROMISC)
> + sc->rxon.filter |= htole32(WPI_FILTER_PROMISC |
> + WPI_FILTER_CTL);
> + else
> + sc->rxon.filter &= ~htole32(WPI_FILTER_PROMISC |
> + WPI_FILTER_CTL);
> +
> + memset(&cmd, 0, sizeof cmd);
> + cmd.flags = sc->rxon.flags;
> + cmd.filter = sc->rxon.filter;
> + cmd.ofdm_mask = sc->rxon.ofdm_mask;
> + cmd.cck_mask = sc->rxon.cck_mask;
> + error = wpi_cmd(sc, WPI_CMD_ASSOCIATE, &cmd, sizeof cmd, 0);
> + if (error != 0) {
> + printf("%s: could not set filter\n", sc->sc_dev.dv_xname);
> + return error;
> + }
> + return 0;
> }
>
> void
Re: [patch] wpi(4): add promiscuous mode
On Sun, Jul 08, 2012 at 10:59:09AM +0200, Stefan Sperling wrote:
> On Sun, Jul 08, 2012 at 01:45:45AM +0300, Lazaros Koromilas wrote:
> > Hello all,
> >
> > I'm resending a diff that enables network cards running with
> > the wpi driver to enter promiscuous mode. I have changed
> > WPI_CMD_ASSOCIATE to WPI_CMD_ASSOCIATED to better designate its
>
> You forgot to update a reference to this constant in a comment.
> Personally I'd prefer to leave the name alone to make the diff smaller.
>
> > purpose: alter options while in associated state. I'm running
> > with this for some time now without problems on a Thinkpad X60s.
> >
> > Can anyone test? Comments?
>
> I can test, but already have some questions after review, see below.
Thanks for looking at it. Reverted the naming change.
Sending new diff.
> > + (void)wpi_cmd(sc, WPI_CMD_ASSOCIATED, &cmd, sizeof cmd, 1);
>
> The linux driver ("iwlegacy") doesn't run this command in async mode.
> Is there a reason why you're passing 1 for the last param, i.e. not
> waiting for a command-complete interrupt when sending WPI_CMD_ASSOCIATE?
Not really, no. Fixed that. I added printing because all sync
command calls are handled this way, but can be removed if it's
not acceptable.
> > @@ -3327,6 +3357,7 @@ wpi_init(struct ifnet *ifp)
> >
> > ifp->if_flags &= ~IFF_OACTIVE;
> > ifp->if_flags |= IFF_RUNNING;
> > + sc->sc_if_flags = ifp->if_flags;
>
> You don't need all of if_flags, just the IFF_PROMISC bit.
> Why not add a new flag to sc->sc_flags and use that instead?
You are right, I originally added the extra sc_if_flags in order to XOR
with if_flags and detect the promisc status change. Does this logic
seem simpler/better? Also removed the initialization above.
Index: if_wpivar.h
===
RCS file: /cvs/src/sys/dev/pci/if_wpivar.h,v
retrieving revision 1.23
diff -u -p -r1.23 if_wpivar.h
--- if_wpivar.h 7 Sep 2010 16:21:45 - 1.23
+++ if_wpivar.h 8 Jul 2012 16:45:14 -
@@ -144,6 +144,8 @@ struct wpi_softc {
#define WPI_FLAG_HAS_5GHZ (1 << 0)
#define WPI_FLAG_BUSY (1 << 1)
+ int sc_if_flags;
+
/* Shared area. */
struct wpi_dma_info shared_dma;
struct wpi_shared *shared;
Index: if_wpi.c
===
RCS file: /cvs/src/sys/dev/pci/if_wpi.c,v
retrieving revision 1.110
diff -u -p -r1.110 if_wpi.c
--- if_wpi.c2 Jun 2011 18:36:53 - 1.110
+++ if_wpi.c8 Jul 2012 16:45:15 -
@@ -120,6 +120,7 @@ int wpi_ioctl(struct ifnet *, u_long, c
intwpi_cmd(struct wpi_softc *, int, const void *, int, int);
intwpi_mrr_setup(struct wpi_softc *);
void wpi_updateedca(struct ieee80211com *);
+intwpi_set_promisc(struct wpi_softc *);
void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
intwpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
void wpi_power_calibration(struct wpi_softc *);
@@ -2002,12 +2003,17 @@ wpi_ioctl(struct ifnet *ifp, u_long cmd,
/* FALLTHROUGH */
case SIOCSIFFLAGS:
if (ifp->if_flags & IFF_UP) {
- if (!(ifp->if_flags & IFF_RUNNING))
+ if (ifp->if_flags & IFF_RUNNING) {
+ if ((ifp->if_flags ^ sc->sc_if_flags) &
+ IFF_PROMISC)
+ error = wpi_set_promisc(sc);
+ } else
error = wpi_init(ifp);
} else {
if (ifp->if_flags & IFF_RUNNING)
wpi_stop(ifp, 1);
}
+ sc->sc_if_flags = ifp->if_flags;
break;
case SIOCADDMULTI:
@@ -2203,6 +2209,34 @@ wpi_updateedca(struct ieee80211com *ic)
}
(void)wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
#undef WPI_EXP2
+}
+
+int
+wpi_set_promisc(struct wpi_softc *sc)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ifnet *ifp = &ic->ic_if;
+ struct wpi_assoc cmd;
+ int error;
+
+ if (ifp->if_flags & IFF_PROMISC)
+ sc->rxon.filter |= htole32(WPI_FILTER_PROMISC |
+ WPI_FILTER_CTL);
+ else
+ sc->rxon.filter &= ~htole32(WPI_FILTER_PROMISC |
+ WPI_FILTER_CTL);
+
+ memset(&cmd, 0, sizeof cmd);
+ cmd.flags = sc->rxon.flags;
+ cmd.filter = sc->rxon.filter;
+ cmd.ofdm_mask = sc->rxon.ofdm_mask;
+ cmd.cck_mask = sc->rxon.cck_mask;
+ error = wpi_cmd(sc, WPI_CMD_ASSOCIATE, &cmd, sizeof cmd, 0);
+ if (error != 0) {
+ printf("%s: could not set filter\n", sc->sc_dev.dv_xname);
+ return error;
+ }
+ return 0;
}
void
Re: ipsecctl: disable some algorithms for manual SAs
New attempt. This performs the check at parse time in validate_sa().
(Yes, I'm aware that the regression tests will also require some
tweaking.)
Index: ipsecctl.h
===
RCS file: /cvs/src/sbin/ipsecctl/ipsecctl.h,v
retrieving revision 1.65
diff -u -p -r1.65 ipsecctl.h
--- ipsecctl.h 5 Jul 2012 09:02:20 - 1.65
+++ ipsecctl.h 8 Jul 2012 13:54:02 -
@@ -143,7 +143,8 @@ struct ipsec_xf {
u_int16_tid;
size_t keymin;
size_t keymax;
- int noauth;
+ u_int8_t noauth;
+ u_int8_t nostatic;
};
struct ipsec_transforms {
Index: parse.y
===
RCS file: /cvs/src/sbin/ipsecctl/parse.y,v
retrieving revision 1.154
diff -u -p -r1.154 parse.y
--- parse.y 7 Jul 2012 20:29:23 - 1.154
+++ parse.y 8 Jul 2012 14:10:26 -
@@ -98,28 +98,28 @@ const struct ipsec_xf authxfs[] = {
};
const struct ipsec_xf encxfs[] = {
- { "unknown",ENCXF_UNKNOWN, 0, 0, 0 },
- { "none", ENCXF_NONE, 0, 0, 0 },
- { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0 },
- { "des-cbc",ENCXF_DES_CBC, 8, 8, 0 },
- { "aes",ENCXF_AES, 16, 32, 0 },
- { "aes-128",ENCXF_AES_128, 16, 16, 0 },
- { "aes-192",ENCXF_AES_192, 24, 24, 0 },
- { "aes-256",ENCXF_AES_256, 32, 32, 0 },
- { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0 },
- { "aes-128-ctr",ENCXF_AES_128_CTR, 16+4, 16+4, 0 },
- { "aes-192-ctr",ENCXF_AES_192_CTR, 24+4, 24+4, 0 },
- { "aes-256-ctr",ENCXF_AES_256_CTR, 32+4, 32+4, 0 },
- { "aes-128-gcm",ENCXF_AES_128_GCM, 16+4, 16+4, 1 },
- { "aes-192-gcm",ENCXF_AES_192_GCM, 24+4, 24+4, 1 },
- { "aes-256-gcm",ENCXF_AES_256_GCM, 32+4, 32+4, 1 },
- { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1 },
- { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1 },
- { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1 },
- { "blowfish", ENCXF_BLOWFISH, 5, 56, 0 },
- { "cast128",ENCXF_CAST128, 5, 16, 0 },
- { "null", ENCXF_NULL, 0, 0, 0 },
- { NULL, 0, 0, 0, 0 },
+ { "unknown",ENCXF_UNKNOWN, 0, 0, 0, 0 },
+ { "none", ENCXF_NONE, 0, 0, 0, 0 },
+ { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0, 0 },
+ { "des-cbc",ENCXF_DES_CBC, 8, 8, 0, 0 },
+ { "aes",ENCXF_AES, 16, 32, 0, 0 },
+ { "aes-128",ENCXF_AES_128, 16, 16, 0, 0 },
+ { "aes-192",ENCXF_AES_192, 24, 24, 0, 0 },
+ { "aes-256",ENCXF_AES_256, 32, 32, 0, 0 },
+ { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0, 1 },
+ { "aes-128-ctr",ENCXF_AES_128_CTR, 16+4, 16+4, 0, 1 },
+ { "aes-192-ctr",ENCXF_AES_192_CTR, 24+4, 24+4, 0, 1 },
+ { "aes-256-ctr",ENCXF_AES_256_CTR, 32+4, 32+4, 0, 1 },
+ { "aes-128-gcm",ENCXF_AES_128_GCM, 16+4, 16+4, 1, 1 },
+ { "aes-192-gcm",ENCXF_AES_192_GCM, 24+4, 24+4, 1, 1 },
+ { "aes-256-gcm",ENCXF_AES_256_GCM, 32+4, 32+4, 1, 1 },
+ { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1, 1 },
+ { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1, 1 },
+ { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1, 1 },
+ { "blowfish", ENCXF_BLOWFISH, 5, 56, 0, 0 },
+ { "cast128",ENCXF_CAST128, 5, 16, 0, 0 },
+ { "null", ENCXF_NULL, 0, 0, 0, 0 },
+ { NULL, 0, 0, 0, 0, 0 },
};
const struct ipsec_xf compxfs[] = {
@@ -2219,6 +2219,11 @@ validate_sa(u_int32_t spi, u_int8_t saty
}
if (!xfs->encxf)
xfs->encxf = &encxfs[ENCXF_AES];
+ if (xfs->encxf->nostatic) {
+ yyerror("%s is disallowed with static keys",
+ xfs->encxf->name);
+ return 0;
+ }
if (xfs->encxf->noauth && xfs->au
Re: rtadvd(8) patch 2/2 : finalize server-side RFC 6106 support
This has been committed, many thanks for the diffs and sorry for the delay.
On 2012 Feb 23 (Thu) at 21:18:30 -0800 (-0800), Stephane A. Sezer wrote:
:On Fri, 27 Jan 2012 15:20:29 +0100
:"Stephane A. Sezer" wrote:
:
:> Hello again tech@,
:>
:> Here's also the updated version of a patch I wrote approx. one year ago
:> to support RFC 6106 in rtadvd(8). J.R. Oldroyd told me there was a bug
:> in the generation of the DNS search list and that the format of the
:> packets generated was not valid.
:>
:> I fixed that, so here is the patch.
:>
:> Regards,
:
:Same thing here: updated patch that applies correctly on -current.
:
:--
:Stephane A. Sezer
:
:
:Index: sys/netinet/icmp6.h
:===
:RCS file: /cvs/src/sys/netinet/icmp6.h,v
:retrieving revision 1.33
:diff -u sys/netinet/icmp6.h
:--- sys/netinet/icmp6.h22 Mar 2010 12:23:32 - 1.33
:+++ sys/netinet/icmp6.h22 Feb 2012 03:52:17 -
:@@ -282,6 +282,8 @@
: #define ND_OPT_PREFIX_INFORMATION 3
: #define ND_OPT_REDIRECTED_HEADER 4
: #define ND_OPT_MTU5
:+#define ND_OPT_RDNSS 25
:+#define ND_OPT_DNSSL 31
:
: struct nd_opt_prefix_info { /* prefix information */
: u_int8_tnd_opt_pi_type;
:@@ -310,6 +312,22 @@
: u_int8_tnd_opt_mtu_len;
: u_int16_t nd_opt_mtu_reserved;
: u_int32_t nd_opt_mtu_mtu;
:+} __packed;
:+
:+struct nd_opt_rdnss { /* RDNSS option */
:+ u_int8_tnd_opt_rdnss_type;
:+ u_int8_tnd_opt_rdnss_len;
:+ u_int16_t nd_opt_rdnss_reserved;
:+ u_int32_t nd_opt_rdnss_lifetime;
:+ /* followed by list of recursive DNS servers */
:+} __packed;
:+
:+struct nd_opt_dnssl { /* DNSSL option */
:+ u_int8_tnd_opt_dnssl_type;
:+ u_int8_tnd_opt_dnssl_len;
:+ u_int16_t nd_opt_dnssl_reserved;
:+ u_int32_t nd_opt_dnssl_lifetime;
:+ /* followed by list of DNS search domains */
: } __packed;
:
: /*
:Index: usr.sbin/rtadvd/config.c
:===
:RCS file: /cvs/src/usr.sbin/rtadvd/config.c,v
:retrieving revision 1.26
:diff -u usr.sbin/rtadvd/config.c
:--- usr.sbin/rtadvd/config.c 23 Apr 2008 10:17:50 - 1.26
:+++ usr.sbin/rtadvd/config.c 22 Feb 2012 03:52:25 -
:@@ -109,6 +109,8 @@
: fatal("malloc");
:
: TAILQ_INIT(&tmp->prefixes);
:+ TAILQ_INIT(&tmp->rdnsss);
:+ TAILQ_INIT(&tmp->dnssls);
: SLIST_INIT(&tmp->soliciters);
:
: /* check if we are allowed to forward packets (if not determined) */
:@@ -323,6 +325,106 @@
: if (tmp->pfxs == 0)
: get_prefix(tmp);
:
:+ tmp->rdnsscnt = 0;
:+ for (i = -1; i < MAXRDNSS; ++i) {
:+ struct rdnss *rds;
:+ char entbuf[256];
:+ char *tmpaddr;
:+
:+ makeentry(entbuf, sizeof(entbuf), i, "rdnss");
:+ addr = agetstr(entbuf, &bp);
:+ if (addr == NULL)
:+ continue;
:+
:+ /* servers are separated by commas in the config file */
:+ val = 1;
:+ tmpaddr = addr;
:+ while (*tmpaddr++)
:+ if (*tmpaddr == ',')
:+ ++val;
:+
:+ rds = malloc(sizeof(struct rdnss) + val * sizeof(struct
in6_addr));
:+ if (rds == NULL)
:+ fatal("malloc");
:+
:+ TAILQ_INSERT_TAIL(&tmp->rdnsss, rds, entry);
:+ tmp->rdnsscnt++;
:+
:+ rds->servercnt = val;
:+
:+ makeentry(entbuf, sizeof(entbuf), i, "rdnssltime");
:+ MAYHAVE(val, entbuf, (tmp->maxinterval * 3) / 2);
:+ if (val < tmp->maxinterval || val > tmp->maxinterval * 2) {
:+ log_warnx("%s (%ld) on %s is invalid "
:+ "(should be between %d and %d)",
:+ entbuf, val, intface, tmp->maxinterval,
:+ tmp->maxinterval * 2);
:+ }
:+ rds->lifetime = val;
:+
:+ val = 0;
:+ while ((tmpaddr = strsep(&addr, ","))) {
:+ if (inet_pton(AF_INET6, tmpaddr, &rds->servers[val]) !=
1) {
:+ log_warn("inet_pton failed for %s", tmpaddr);
:+ exit(1);
:+ }
:+ val++;
:+ }
:+ }
:+
:+ tmp->dnsslcnt = 0;
:+ for (i = -1; i < MAXDNSSL; ++i) {
:+ struct dnssl *dsl;
:+ char entbuf[256];
:+ char *tmpsl;
:+
:+ makeentry(entbuf, sizeof(entbuf), i, "dnssl");
:+ addr = agetstr(entbuf, &bp);
:+ if (addr == NULL)
:+ continue;
:+
:+ dsl = malloc(sizeof(struct dnssl));
:+ if (
Re: rtadvd(8) patch 1/2 : `noifprefix` support
This has been committed, many thanks for the diffs and sorry for the delay.
On 2012 Feb 23 (Thu) at 21:04:32 -0800 (-0800), Stephane A. Sezer wrote:
:On Fri, 27 Jan 2012 15:13:59 +0100
:"Stephane A. Sezer" wrote:
:
:> Hello tech@,
:>
:> I discussed a little with brad@ of some features of the rtadvd(8)
:> daemon in OpenBSD and of the state of the support for some IPv6
:> features and he asked me if it was possible to add a `noifprefix`
:> option to the deamon, to disable automatic prefix information querying
:> on the interface in case no `addr` option is present in the config file.
:>
:> Here is the (very simple) patch for this.
:>
:> Regards,
:
:Updated the diff. Now it applies correctly on -current and tabs are kept
:(they replaced by spaces in my previous mail).
:
:Hope this works this time.
:
:--
:Stephane A. Sezer
:
:
:Index: usr.sbin/rtadvd/config.c
:===
:RCS file: usr.sbin/rtadvd/config.c,v
:retrieving revision 1.26
:diff -u -r1.26 config.c
:--- usr.sbin/rtadvd/config.c 23 Apr 2008 10:17:50 - 1.26
:+++ usr.sbin/rtadvd/config.c 25 Jan 2012 03:30:54 -
:@@ -320,7 +320,7 @@
: now.tv_sec + pfx->preflifetime;
: }
: }
:- if (tmp->pfxs == 0)
:+ if (tmp->pfxs == 0 && !agetflag("noifprefix"))
: get_prefix(tmp);
:
: MAYHAVE(val, "mtu", 0);
:Index: usr.sbin/rtadvd/rtadvd.conf.5
:===
:RCS file: usr.sbin/rtadvd/rtadvd.conf.5,v
:retrieving revision 1.25
:diff -u -r1.25 rtadvd.conf.5
:--- usr.sbin/rtadvd/rtadvd.conf.5 19 Sep 2010 21:59:23 - 1.25
:+++ usr.sbin/rtadvd/rtadvd.conf.5 25 Jan 2012 03:30:54 -
:@@ -142,7 +142,9 @@
: These items can be omitted, then
: .Nm rtadvd
: will automatically get appropriate prefixes from the kernel's routing table,
:-and advertise the prefixes with the default parameters.
:+and advertise the prefixes with the default parameters, unless the
:+.Cm noifprefix
:+flag is specified.
: Keywords other than
: .Cm clockskew
: can be augmented with a number, like
:@@ -184,6 +186,18 @@
: .Xr termcap 5
: file format as well as IPv6 numeric addresses, the field MUST be quoted
: using double quotes.
:+.It Cm \&noifprefix
:+(bool) Specifies whether
:+.Nm rtadvd
:+should gather prefix information from the interface if no
:+.Cm addr
:+is specified. If no
:+.Cm addr
:+is given, and
:+.Cm noifprefix
:+is set,
:+.Nm rtadvd
:+will send RA packets with no prefix information.
: .It Cm \&vltime
: (num) Valid lifetime field
: .Pq unit: seconds .
:
--
Abandon the search for Truth; settle for a good fantasy.
Re: Xsearch(3) nit
On Sun, Feb 12, 2012 at 11:05 AM, Joachim Schipper wrote: > bsearch(3), tsearch(3) contains some superfluous spaces. committed. Thanks! (sorry about the delay) Philip Guenther
Re: pfctl: make -P work with -ss
On Thu, May 31, 2012 at 12:07:18AM -0400, Lawrence Teo wrote:
> pfctl's -P flag (introduced in OpenBSD 5.1) makes pfctl print ports
> using their names in /etc/services. It was originally intended to be
> used with -sr.
>
> The diff extends it to make it work with -ss.
>
> Example:
>
> # pfctl -P -ss
> all tcp 192.168.6.7:ssh (172.16.88.25:6688) <- 172.16.88.22:49622
> ESTABLISHED:ESTABLISHED
> all udp 172.16.88.25:37076 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:18253 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:36447 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:16927 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all tcp 172.16.88.25:4461 -> 142.244.12.42:www FIN_WAIT_2:FIN_WAIT_2
> all udp 172.16.88.25:21053 -> 65.49.70.244:ntp MULTIPLE:MULTIPLE
> all tcp 2001:470:e3b6:1:20c:29ff:fe9b:22f7[28976] -> 2001:4860:800a::93[www]
> FIN_WAIT_2:FIN_WAIT_2
> all ipv6-icmp 2001:470:e3b6:1:20c:29ff:fe9b:22f7[135] <-
> 2001:470:e3b6:1::ff[30569] 0:0
Here's a revised diff. I have verified that this new version does not
break tcpdump and "make build". :)
BTW tcpdump's pf_print_state.c has diverged significantly from pfctl's,
so the change to tcpdump's pf_print_state.c is not exactly the same as
pfctl's.
Comments? ok?
Lawrence
Index: sbin/pfctl/pf_print_state.c
===
RCS file: /cvs/src/sbin/pfctl/pf_print_state.c,v
retrieving revision 1.61
diff -u -p -r1.61 pf_print_state.c
--- sbin/pfctl/pf_print_state.c 1 Jun 2012 08:35:45 - 1.61
+++ sbin/pfctl/pf_print_state.c 7 Jul 2012 17:23:35 -
@@ -166,8 +166,11 @@ print_name(struct pf_addr *addr, sa_fami
void
print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, u_int16_t
rdom,
-int opts)
+const char *proto, int opts)
{
+ struct servent *s = NULL;
+ charps[6];
+
if (rdom)
printf("(%u) ", ntohs(rdom));
@@ -188,10 +191,13 @@ print_host(struct pf_addr *addr, u_int16
}
if (port) {
+ snprintf(ps, sizeof(ps), "%u", ntohs(port));
+ if (opts & PF_OPT_PORTNAMES)
+ s = getservbyport(port, proto);
if (af == AF_INET)
- printf(":%u", ntohs(port));
+ printf(":%s", s ? s->s_name : ps);
else
- printf("[%u]", ntohs(port));
+ printf("[%s]", s ? s->s_name : ps);
}
}
@@ -212,6 +218,7 @@ print_state(struct pfsync_state *s, int
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
struct protoent *p;
+ char *pn = NULL;
int min, sec;
int afto = (s->key[PF_SK_STACK].af != s->key[PF_SK_WIRE].af);
int idx;
@@ -232,33 +239,34 @@ print_state(struct pfsync_state *s, int
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
- if ((p = getprotobynumber(s->proto)) != NULL)
- printf("%s ", p->p_name);
- else
+ if ((p = getprotobynumber(s->proto)) != NULL) {
+ pn = p->p_name;
+ printf("%s ", pn);
+ } else
printf("%u ", s->proto);
- print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, pn, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
nk->port[1] != sk->port[1] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 0 : 1;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
- sk->rdomain, opts);
+ sk->rdomain, pn, opts);
printf(")");
}
if (s->direction == PF_OUT || (afto && s->direction == PF_IN))
printf(" -> ");
else
printf(" <- ");
- print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, pn, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
nk->port[0] != sk->port[0] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 1 : 0;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
- sk->rdomain, opts);
+ sk->rdomain, pn, opts);
printf(")");
}
Index: sbin/pfctl/pfctl.h
===
RCS file: /cvs/src/sbin/pfctl/pfctl.h,v
retrieving revision 1.49
diff -u -p -r1.49 pfctl.h
--- sbin/pfctl/pfctl.h 1 Jun 2012 08:35:45 - 1.49
+++ sbin/pfctl/pfctl.h 7 Jul 2012 17:23:35 -
@@ -106,7 +106,7 @@ struct pf_altq *pfaltq_lookup(const char
char *rate2str(doub
Re: Build cpu topology on amd64.
On Sun, Jul 08, 2012 at 11:47:42AM +0200, Christiano F. Haesbaert wrote: > [...] > Do we want this ? > [...] I definitely want it, at least for my EEVDF experiments (maybe that patch is the kick in the butt I needed to finally get that into some sensible shape). So yeah, even if it won't get into the tree, I'll have a use for it. Thanks :) -- Gregor Best [demime 1.01d removed an attachment of type application/pgp-signature]
Build cpu topology on amd64.
Heya,
I have this rotting in my tree, since actually using it effectively is
way harder than it seems, anyhow, this correctly builds the topology in
amd64, we know 3 things about each cpu now:
- thread id (smt id)
- core id
- package id
This is not complete but is enough IMHO, it lacks x2apic detection.
I've tried to trim it up, but the mask logic is a bit cryptic.
obs: I left a print on dmesg just so that people can test, I intend to
remove if it goes in.
an atom d270 reports the following:
cpu0: smt 0, core 0, package 0
cpu1: smt 1, core 0, package 0
cpu2: smt 0, core 1, package 0
cpu3: smt 1, core 1, package 0
a core2duo L7500:
cpu0: smt 0, core 0, package 0
cpu1: smt 0, core 1, package 0
Do we want this ?
Index: arch/amd64/amd64/identcpu.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.36
diff -d -u -p -r1.36 identcpu.c
--- arch/amd64/amd64/identcpu.c 22 Apr 2012 19:36:09 - 1.36
+++ arch/amd64/amd64/identcpu.c 8 Jul 2012 09:03:02 -
@@ -446,4 +446,123 @@ identifycpu(struct cpu_info *ci)
sensordev_install(&ci->ci_sensordev);
#endif
}
+
+ cpu_topology(ci);
+}
+
+/*
+ * Base 2 logarithm of an int. returns 0 for 0 (yeye, I know).
+ */
+static int
+log2(unsigned int i)
+{
+ int ret = 0;
+
+ while (i >>= 1)
+ ret++;
+
+ return (ret);
+}
+
+static int
+mask_width(u_int x)
+{
+ int bit;
+ int mask;
+ int powerof2;
+
+ powerof2 = ((x - 1) & x) == 0;
+ mask = (x << (1 - powerof2)) - 1;
+
+ /* fls */
+ if (mask == 0)
+ return (0);
+ for (bit = 1; mask != 1; bit++)
+ mask = (unsigned int)mask >> 1;
+
+ return (bit);
+}
+
+/*
+ * Build up cpu topology for given cpu, must run on the core itself.
+ */
+void
+cpu_topology(struct cpu_info *ci)
+{
+ u_int32_t eax, ebx, ecx, edx;
+ u_int32_t apicid, max_apicid, max_coreid;
+ u_int32_t smt_bits, core_bits, pkg_bits;
+ u_int32_t smt_mask, core_mask, pkg_mask;
+
+ /* We need at least apicid at CPUID 1 */
+ CPUID(0, eax, ebx, ecx, edx);
+ if (eax < 1)
+ goto no_topology;
+
+ /* Initial apicid */
+ CPUID(1, eax, ebx, ecx, edx);
+ apicid = (ebx >> 24) & 0xff;
+
+ if (strcmp(cpu_vendor, "AuthenticAMD") == 0) {
+ /* We need at least apicid at CPUID 0x8008 */
+ CPUID(0x8000, eax, ebx, ecx, edx);
+ if (eax < 0x8008)
+ goto no_topology;
+
+ CPUID(0x8008, eax, ebx, ecx, edx);
+ core_bits = (ecx >> 12) & 0xf;
+ if (core_bits == 0)
+ goto no_topology;
+ /* So coreidsize 2 gives 3, 3 gives 7... */
+ core_mask = (1 << core_bits) - 1;
+ /* Core id is the least significant considering mask */
+ ci->ci_core_id = apicid & core_mask;
+ /* Pkg id is the upper remaining bits */
+ ci->ci_pkg_id = apicid & ~core_mask;
+ ci->ci_pkg_id >>= core_bits;
+ } else if (strcmp(cpu_vendor, "GenuineIntel") == 0) {
+ /* We only support leaf 1/4 detection */
+ CPUID(0, eax, ebx, ecx, edx);
+ if (eax < 4)
+ goto no_topology;
+ /* Get max_apicid */
+ CPUID(1, eax, ebx, ecx, edx);
+ max_apicid = (ebx >> 16) & 0xff;
+ /* Get max_coreid */
+ CPUID2(4, 0, eax, ebx, ecx, edx);
+ max_coreid = ((eax >> 26) & 0x3f) + 1;
+ /* SMT */
+ smt_bits = mask_width(max_apicid / max_coreid);
+ smt_mask = (1 << smt_bits) - 1;
+ /* Core */
+ core_bits = log2(max_coreid);
+ core_mask = (1 << (core_bits + smt_bits)) - 1;
+ core_mask ^= smt_mask;
+ /* Pkg */
+ pkg_bits = core_bits + smt_bits;
+ pkg_mask = -1 << core_bits;
+
+ ci->ci_smt_id = apicid & smt_mask;
+ ci->ci_core_id = (apicid & core_mask) >> smt_bits;
+ ci->ci_pkg_id = (apicid & pkg_mask) >> pkg_bits;
+ } else
+ goto no_topology;
+#ifdef DEBUG
+ printf("cpu%d: smt %u, core %u, pkg %u "
+ "(apicid 0x%x, max_apicid 0x%x, max_coreid 0x%x, smt_bits 0x%x,
smt_mask 0x%x, "
+ "core_bits 0x%x, core_mask 0x%x, pkg_bits 0x%x, pkg_mask 0x%x)\n",
+ ci->ci_cpuid, ci->ci_smt_id, ci->ci_core_id, ci->ci_pkg_id,
+ apicid, max_apicid, max_coreid, smt_bits, smt_mask, core_bits,
+ core_mask, pkg_bits, pkg_mask);
+#else
+ printf("cpu%d: smt %u, core %u, package %u\n", ci->ci_cpuid,
+ ci->ci_smt_id, ci->ci_core_id, ci->ci_pkg_id);
+
Re: set { tos ..., prio ... }
I agree with this. Others to consider:
- 'tag': we could then replace the nasty 'tagged' keyword with 'tag' and
do proper 'tag != FOO' syntax.
- synproxy and modulate state - could go into 'scrub' also?
On Sat, Jul 07, 2012 at 07:24:23PM +0200, Henning Brauer wrote:
> so, we have some utter confusion in pf about filter criteria versus
> packet modifying options. I propose we move the ones that "write" into
> a set block, while the filter criteria remain as they are. for the
> moment this diff handles tos (I always disliked set-tos...) and prio.
> rdomain/rtable stuff should be done the same way (afterwards).
> no backwards compat for prio because i clearly stated it's not the
> final syntax all the time.
>
> no manpage bits yet.
>
> "match set { prio 6, tos lowdelay }"
> "match set prio 6"
>
> Index: sbin/pfctl/parse.y
> ===
> RCS file: /cvs/src/sbin/pfctl/parse.y,v
> retrieving revision 1.614
> diff -u -p -r1.614 parse.y
> --- sbin/pfctl/parse.y7 Jul 2012 16:24:32 - 1.614
> +++ sbin/pfctl/parse.y7 Jul 2012 17:09:19 -
> @@ -508,6 +508,7 @@ int parseport(char *, struct range *r, i
> %type hfscopts_list hfscopts_item hfsc_opts
> %typebandwidth
> %type filter_opts filter_opt filter_opts_l
> +%type filter_sets filter_set filter_sets_l
> %type antispoof_opts antispoof_opt
> antispoof_opts_l
> %type queue_opts queue_opt queue_opts_l
> %type scrub_opts scrub_opt scrub_opts_l
> @@ -979,7 +980,7 @@ scrub_opt : NODF {
> scrub_opts.marker |= FOM_MAXMSS;
> scrub_opts.maxmss = $2;
> }
> - | SETTOS tos {
> + | SETTOS tos { /* XXX remove in 5.4-current */
> if (scrub_opts.marker & FOM_SETTOS) {
> yyerror("set-tos cannot be respecified");
> YYERROR;
> @@ -2379,7 +2380,21 @@ filter_opt : USER uids {
> }
> filter_opts.rcv = $2;
> }
> - | prio {
> + | ONCE {
> + filter_opts.marker |= FOM_ONCE;
> + }
> + | filter_sets
> + ;
> +
> +filter_sets : SET '{' filter_sets_l '}' { $$ = filter_opts; }
> + | SET filter_set{ $$ = filter_opts; }
> + ;
> +
> +filter_sets_l: filter_sets_l comma filter_set
> + | filter_set
> + ;
> +
> +filter_set : prio {
> if (filter_opts.marker & FOM_SETPRIO) {
> yyerror("prio cannot be redefined");
> YYERROR;
> @@ -2388,8 +2403,13 @@ filter_opt : USER uids {
> filter_opts.set_prio[0] = $1.b1;
> filter_opts.set_prio[1] = $1.b2;
> }
> - | ONCE {
> - filter_opts.marker |= FOM_ONCE;
> + | TOS tos {
> + if (filter_opts.marker & FOM_SETTOS) {
> + yyerror("tos cannot be respecified");
> + YYERROR;
> + }
> + filter_opts.marker |= FOM_SETTOS;
> + filter_opts.settos = $2;
> }
> ;
>
> Index: sbin/pfctl/pfctl_parser.c
> ===
> RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
> retrieving revision 1.285
> diff -u -p -r1.285 pfctl_parser.c
> --- sbin/pfctl/pfctl_parser.c 7 Jul 2012 16:24:32 - 1.285
> +++ sbin/pfctl/pfctl_parser.c 7 Jul 2012 17:08:31 -
> @@ -843,6 +843,25 @@ print_rule(struct pf_rule *r, const char
> if (r->tos)
> printf(" tos 0x%2.2x", r->tos);
>
> + if (r->set_prio[0] != PF_PRIO_NOTSET ||
> + r->scrub_flags & PFSTATE_SETTOS) {
> + char *comma = "";
> + printf(" set {");
> + if (r->set_prio[0] != PF_PRIO_NOTSET) {
> + if (r->set_prio[0] == r->set_prio[1])
> + printf("%s prio %u", comma, r->set_prio[0]);
> + else
> + printf("%s prio(%u, %u)", comma, r->set_prio[0],
> + r->set_prio[1]);
> + comma = ",";
> + }
> + if (r->scrub_flags & PFSTATE_SETTOS) {
> + printf("%s tos 0x%2.2x", comma, r->set_tos);
> + comma = ",";
> + }
> + printf(" }");
> + }
> +
> ropts = 0;
> if (r->max_states || r->max_src_nodes || r->max_src_states)
> ropts = 1;
> @@ -998,12 +1017,6 @@ print_rule(struct pf_rule *r, const char
> printf("min-ttl %d", r->mi
ipsecctl: disable some algorithms for manual SAs
Here's a tentative diff to disable AES-CTR/-GCM/-GMAC for manual
security associations, in accordance with RFC 3686/4106/4543 that
explicitly forbid the use of these algorithms with static keys.
Should this be better handled in the grammar?
For ipsec.conf.5, it also includes a tweak to the key length section
I've been going over with jmc@, but maybe the whole paragraph should
be dropped now?
Index: ipsec.conf.5
===
RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v
retrieving revision 1.138
diff -u -p -r1.138 ipsec.conf.5
--- ipsec.conf.530 Jun 2012 14:51:31 - 1.138
+++ ipsec.conf.58 Jul 2012 08:54:26 -
@@ -614,16 +614,16 @@ keyword:
.It Li aes-128 Ta "128 bits" Ta ""
.It Li aes-192 Ta "192 bits" Ta ""
.It Li aes-256 Ta "256 bits" Ta ""
-.It Li aesctr Ta "160 bits" Ta "[phase 2 only]"
-.It Li aes-128-ctr Ta "160 bits" Ta "[phase 2 only]"
-.It Li aes-192-ctr Ta "224 bits" Ta "[phase 2 only]"
-.It Li aes-256-ctr Ta "288 bits" Ta "[phase 2 only]"
-.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only]"
-.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only]"
-.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only]"
-.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only]"
-.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only]"
-.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only]"
+.It Li aesctr Ta "160 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-128-ctr Ta "160 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-192-ctr Ta "224 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-256-ctr Ta "288 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only, IKE only]"
+.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only, IKE only]"
.It Li blowfish Ta "160 bits" Ta ""
.It Li cast Ta "128 bits" Ta ""
.It Li null Ta "(none)" Ta "[phase 2 only]"
@@ -636,9 +636,9 @@ DES requires 8 bytes to form a 56-bit ke
to form its 168-bit key.
This is because the most significant bit of each byte is used for parity.
.Pp
-The keysize of AES-CTR is actually 128-bit.
+The keysize of AES-CTR can be 128, 192, or 256 bits.
However as well as the key, a 32-bit nonce has to be supplied.
-Thus 160 bits of key material have to be supplied.
+Thus 160, 224, or 288 bits of key material, respectively, have to be supplied.
The same applies to AES-GCM and AES-GMAC.
.Pp
Using AES-GMAC or NULL with ESP will only provide authentication.
Index: pfkey.c
===
RCS file: /cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.53
diff -u -p -r1.53 pfkey.c
--- pfkey.c 30 Jun 2012 14:51:31 - 1.53
+++ pfkey.c 8 Jul 2012 09:12:28 -
@@ -493,30 +493,28 @@ pfkey_sa(int sd, u_int8_t satype, u_int8
case ENCXF_AES_256:
sa.sadb_sa_encrypt = SADB_X_EALG_AES;
break;
+ case ENCXF_BLOWFISH:
+ sa.sadb_sa_encrypt = SADB_X_EALG_BLF;
+ break;
+ case ENCXF_CAST128:
+ sa.sadb_sa_encrypt = SADB_X_EALG_CAST;
+ break;
+ case ENCXF_NULL:
+ sa.sadb_sa_encrypt = SADB_EALG_NULL;
+ break;
case ENCXF_AESCTR:
case ENCXF_AES_128_CTR:
case ENCXF_AES_192_CTR:
case ENCXF_AES_256_CTR:
- sa.sadb_sa_encrypt = SADB_X_EALG_AESCTR;
- break;
case ENCXF_AES_128_GCM:
case ENCXF_AES_192_GCM:
case ENCXF_AES_256_GCM:
- sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16;
- break;
case ENCXF_AES_128_GMAC:
case ENCXF_AES_192_GMAC:
case ENCXF_AES_256_GMAC:
- sa.sadb_sa_encrypt = SADB_X_EALG_AESGMAC;
- break;
- case ENCXF_BLOWFISH:
- sa.sadb_sa_encrypt = SADB_X_EALG_BLF;
- break;
- case ENCXF_CAST128:
- sa.sadb_sa_encrypt = SADB_X_EALG_CAST;
- break;
- case ENCXF_NULL:
- sa.sadb_sa_encrypt = SADB_EALG_NULL;
+ warnx("algorithm %s disallowed for static keys",
+ xfs->encxf->name);
+ return -1;
break;
default:
warnx("unsupported encryption algorithm %d",
--
Christian "naddy" Weisgerber na...@mips.inka.de
Re: [patch] wpi(4): add promiscuous mode
> Date: Sun, 8 Jul 2012 01:45:45 +0300 > From: Lazaros Koromilas > > Hello all, > > I'm resending a diff that enables network cards running with > the wpi driver to enter promiscuous mode. I have changed > WPI_CMD_ASSOCIATE to WPI_CMD_ASSOCIATED to better designate its > purpose: alter options while in associated state. Well, WPI_CMD_ASSOCIATED makes even less sense.
Re: [patch] wpi(4): add promiscuous mode
On Sun, Jul 08, 2012 at 01:45:45AM +0300, Lazaros Koromilas wrote:
> Hello all,
>
> I'm resending a diff that enables network cards running with
> the wpi driver to enter promiscuous mode. I have changed
> WPI_CMD_ASSOCIATE to WPI_CMD_ASSOCIATED to better designate its
You forgot to update a reference to this constant in a comment.
Personally I'd prefer to leave the name alone to make the diff smaller.
> purpose: alter options while in associated state. I'm running
> with this for some time now without problems on a Thinkpad X60s.
>
> Can anyone test? Comments?
I can test, but already have some questions after review, see below.
>
> Thanx!
> Lazaros.
>
>
> Index: if_wpi.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_wpi.c,v
> retrieving revision 1.110
> diff -u -p -r1.110 if_wpi.c
> --- if_wpi.c 2 Jun 2011 18:36:53 - 1.110
> +++ if_wpi.c 7 Jul 2012 18:01:54 -
> @@ -120,6 +120,7 @@ int wpi_ioctl(struct ifnet *, u_long, c
> int wpi_cmd(struct wpi_softc *, int, const void *, int, int);
> int wpi_mrr_setup(struct wpi_softc *);
> void wpi_updateedca(struct ieee80211com *);
> +void wpi_set_promisc(struct wpi_softc *, int);
> void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
> int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
> void wpi_power_calibration(struct wpi_softc *);
> @@ -2002,12 +2003,21 @@ wpi_ioctl(struct ifnet *ifp, u_long cmd,
> /* FALLTHROUGH */
> case SIOCSIFFLAGS:
> if (ifp->if_flags & IFF_UP) {
> - if (!(ifp->if_flags & IFF_RUNNING))
> + if (ifp->if_flags & IFF_RUNNING) {
> + if (ifp->if_flags & IFF_PROMISC &&
> + !(sc->sc_if_flags & IFF_PROMISC)) {
> + wpi_set_promisc(sc, 1);
> + } else if (!(ifp->if_flags & IFF_PROMISC) &&
> + sc->sc_if_flags & IFF_PROMISC) {
> + wpi_set_promisc(sc, 0);
> + }
> + } else
> error = wpi_init(ifp);
> } else {
> if (ifp->if_flags & IFF_RUNNING)
> wpi_stop(ifp, 1);
> }
> + sc->sc_if_flags = ifp->if_flags;
> break;
>
> case SIOCADDMULTI:
> @@ -2206,6 +2216,26 @@ wpi_updateedca(struct ieee80211com *ic)
> }
>
> void
> +wpi_set_promisc(struct wpi_softc *sc, int turnon)
> +{
> + struct wpi_assoc cmd;
> +
> + if (turnon)
> + sc->rxon.filter |= htole32(WPI_FILTER_PROMISC |
> + WPI_FILTER_CTL);
> + else
> + sc->rxon.filter &= ~htole32(WPI_FILTER_PROMISC |
> + WPI_FILTER_CTL);
> +
> + memset(&cmd, 0, sizeof cmd);
> + cmd.flags = sc->rxon.flags;
> + cmd.filter = sc->rxon.filter;
> + cmd.ofdm_mask = sc->rxon.ofdm_mask;
> + cmd.cck_mask = sc->rxon.cck_mask;
> + (void)wpi_cmd(sc, WPI_CMD_ASSOCIATED, &cmd, sizeof cmd, 1);
The linux driver ("iwlegacy") doesn't run this command in async mode.
Is there a reason why you're passing 1 for the last param, i.e. not
waiting for a command-complete interrupt when sending WPI_CMD_ASSOCIATE?
> +}
> +
> +void
> wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on)
> {
> struct wpi_cmd_led led;
> @@ -3327,6 +3357,7 @@ wpi_init(struct ifnet *ifp)
>
> ifp->if_flags &= ~IFF_OACTIVE;
> ifp->if_flags |= IFF_RUNNING;
> + sc->sc_if_flags = ifp->if_flags;
You don't need all of if_flags, just the IFF_PROMISC bit.
Why not add a new flag to sc->sc_flags and use that instead?
>
> if (ic->ic_opmode != IEEE80211_M_MONITOR)
> ieee80211_begin_scan(ifp);
> Index: if_wpireg.h
> ===
> RCS file: /cvs/src/sys/dev/pci/if_wpireg.h,v
> retrieving revision 1.27
> diff -u -p -r1.27 if_wpireg.h
> --- if_wpireg.h 24 Oct 2009 20:17:17 - 1.27
> +++ if_wpireg.h 7 Jul 2012 18:01:54 -
> @@ -252,7 +252,7 @@ struct wpi_rx_desc {
> struct wpi_tx_cmd {
> uint8_t code;
> #define WPI_CMD_RXON 16
> -#define WPI_CMD_ASSOCIATE 17
> +#define WPI_CMD_ASSOCIATED17
> #define WPI_CMD_EDCA_PARAMS 19
> #define WPI_CMD_TIMING20
> #define WPI_CMD_ADD_NODE 24
> Index: if_wpivar.h
> ===
> RCS file: /cvs/src/sys/dev/pci/if_wpivar.h,v
> retrieving revision 1.23
> diff -u -p -r1.23 if_wpivar.h
> --- if_wpivar.h 7 Sep 2010 16:21:45 - 1.23
> +++ if_wpivar.h 7 Jul 2012 18:01:54 -
> @@ -144,6 +144,8 @@ struct wpi_softc {
> #define WPI_FLAG_HAS_5GHZ(1 << 0)
> #defi
rt2560 tx/prio queue fixes
The rt2560 part of the ral driver uses a prio queue for management
frames and a tx queue for data frames.
Both queues currently use a shared flag to tell the network stack that they
are full (IFF_OACTIVE). It seems that IFF_OACTIVE can get cleared by the
interrupt handler for one queue while the other queue is still loaded,
so the network layer might try to push more frames down while we can't
actually handle them. With the diff below we reset IFF_OACTIVE only if
both prio and tx queues have been drained.
Also, don't reset the tx watchdog counter if the tx/prio queues still have
frames queued when we exit the frame-processing loop in either interrupt
handler. Else, it seems the watchdog might fail to run rt2560_init() even
though we failed to transmit some frames.
Both changes from sephe@dragonfly
[[[
commit b77254ce33366a140b2dc273fa7b4439aac4b07c
Author: Sepherosa Ziehau
Date: Fri Jan 25 14:43:10 2008 +
There are actually two TX queues for 2560 parts, so add two softc private
flags which are used to mark that the TX queues are "over active". Clear
IFF_OACTIVE iff all of the private OACT flags are off.
commit c22d69a1955e146448ea0708347dbcaa72c3647f
Author: Sepherosa Ziehau
Date: Fri Jan 25 14:26:14 2008 +
Don't reset watchdog timeout value, if there are still TX descs pending
on either data queue or prio(management) queue.
]]]
This diff survived tcpbench traffic to ral hostap in an x60s thinkpad over
night, with flags=<..,OACTIVE,...> showing up very often in ifconfig output.
A concurrent ping from AP to STA resulted in:
42744 packets transmitted, 42698 packets received, 0.1% packet loss
I'm not sure yet if this fixes the bug where ral gets stuck with OACTIVE
on soekris and requires "ifconfig ral0 down up" to unwedge.
Tests on soekris or similarly slow hardware are very welcome.
Index: rt2560.c
===
RCS file: /cvs/src/sys/dev/ic/rt2560.c,v
retrieving revision 1.58
diff -u -p -r1.58 rt2560.c
--- rt2560.c22 Feb 2011 20:05:03 - 1.58
+++ rt2560.c8 Jul 2012 07:48:08 -
@@ -995,9 +995,14 @@ rt2560_tx_intr(struct rt2560_softc *sc)
sc->txq.next = (sc->txq.next + 1) % RT2560_TX_RING_COUNT;
}
- sc->sc_tx_timer = 0;
- ifp->if_flags &= ~IFF_OACTIVE;
- rt2560_start(ifp);
+ if (sc->txq.queued == 0 && sc->prioq.queued == 0)
+ sc->sc_tx_timer = 0;
+ if (sc->txq.queued < RT2560_TX_RING_COUNT - 1) {
+ sc->sc_flags &= ~RT2560_DATA_OACTIVE;
+ if (!(sc->sc_flags & (RT2560_DATA_OACTIVE|RT2560_PRIO_OACTIVE)))
+ ifp->if_flags &= ~IFF_OACTIVE;
+ rt2560_start(ifp);
+ }
}
void
@@ -1061,9 +1066,14 @@ rt2560_prio_intr(struct rt2560_softc *sc
sc->prioq.next = (sc->prioq.next + 1) % RT2560_PRIO_RING_COUNT;
}
- sc->sc_tx_timer = 0;
- ifp->if_flags &= ~IFF_OACTIVE;
- rt2560_start(ifp);
+ if (sc->txq.queued == 0 && sc->prioq.queued == 0)
+ sc->sc_tx_timer = 0;
+ if (sc->prioq.queued < RT2560_PRIO_RING_COUNT) {
+ sc->sc_flags &= ~RT2560_PRIO_OACTIVE;
+ if (!(sc->sc_flags & (RT2560_DATA_OACTIVE|RT2560_PRIO_OACTIVE)))
+ ifp->if_flags &= ~IFF_OACTIVE;
+ rt2560_start(ifp);
+ }
}
/*
@@ -1931,6 +1941,7 @@ rt2560_start(struct ifnet *ifp)
if (m0 != NULL) {
if (sc->prioq.queued >= RT2560_PRIO_RING_COUNT) {
ifp->if_flags |= IFF_OACTIVE;
+ sc->sc_flags |= RT2560_PRIO_OACTIVE;
break;
}
IF_DEQUEUE(&ic->ic_mgtq, m0);
@@ -1952,6 +1963,7 @@ rt2560_start(struct ifnet *ifp)
break;
if (sc->txq.queued >= RT2560_TX_RING_COUNT - 1) {
ifp->if_flags |= IFF_OACTIVE;
+ sc->sc_flags |= RT2560_DATA_OACTIVE;
break;
}
IFQ_DEQUEUE(&ifp->if_snd, m0);
@@ -2685,6 +2697,7 @@ rt2560_stop(struct ifnet *ifp, int disab
struct ieee80211com *ic = &sc->sc_ic;
sc->sc_tx_timer = 0;
+ sc->sc_flags &= ~(RT2560_PRIO_OACTIVE|RT2560_DATA_OACTIVE);
ifp->if_timer = 0;
ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
Index: rt2560var.h
===
RCS file: /cvs/src/sys/dev/ic/rt2560var.h,v
retrieving revision 1.9
diff -u -p -r1.9 rt2560var.h
--- rt2560var.h 7 Sep 2010 16:21:42 - 1.9
+++ rt2560var.h 7 Jul 2012 15:58:58 -
@@ -116,6 +116,8 @@ struct rt2560_softc {
#define RT2560_ENABLED (1 << 0)
#define RT2560_UPDATE_SLOT (1 << 1)
#define RT2560_SET_SLOTTIME(1 <<
