Re: turn rb tree code into functions in the kernel

[David Gwynne]

On Fri, Aug 12, 2016 at 10:39:41AM -0400, Ted Unangst wrote:
> David Gwynne wrote:
> > i recently proposed replacing a hash with an rb tree somewhere in
> > the network stack, but it was pointed out that rb trees are big.
> > 
> > in hindsight i think the other person was talking about the size
> > of an RB_ENTRY inside each thing you're tracking, but it made me
> > look at the code size of rb trees again. it turns out on amd64 its
> > about 2.5k of code per type of rb tree. a type being each RB_ENTRY
> > inside a particular struct. ie, if a struct has two RB_ENTRYs in
> > it, then it generates two chunks of code, one for each of them.
> 
> I love everything about this, but didn't actually look much at the diff or try
> it out.

ok.

this is just the rb tree. i have moved the prototypes into sys/tree.h
and wrapped them in #if _KERNEL, and i renamed the .c file to
kern/subr_tree.c.

this does not include any of the conversions from RB_ to RBT_ code.
it is just the new code.

Index: sys/tree.h
===
RCS file: /cvs/src/sys/sys/tree.h,v
retrieving revision 1.14
diff -u -p -r1.14 tree.h
--- sys/tree.h  25 May 2015 03:07:49 -  1.14
+++ sys/tree.h  26 Aug 2016 04:36:04 -
@@ -745,4 +745,226 @@ name##_RB_MINMAX(struct name *head, int 
((x) != NULL) && ((y) = name##_RB_PREV(x), 1);  \
 (x) = (y))
 
+#ifdef _KERNEL
+
+/*
+ * Copyright (c) 2016 David Gwynne 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include  /* for NULL */
+
+struct rb_type {
+   int (*t_compare)(const void *, const void *);
+   void(*t_augment)(void *);
+   size_tt_offset; /* offset of rb_entry in type */
+};
+
+struct rb_entry {
+   struct rb_entry  *rbe_parent;
+   struct rb_entry  *rbe_left;
+   struct rb_entry  *rbe_right;
+   unsigned int  rbe_color;
+};
+
+struct rb_tree {
+   struct rb_entry *rbt_root;
+};
+
+static inline void
+_rb_init(struct rb_tree *rbt)
+{
+   rbt->rbt_root = NULL;
+}
+
+static inline int
+_rb_empty(struct rb_tree *rbt)
+{
+   return (rbt->rbt_root == NULL);
+}
+
+void   *_rb_insert(const struct rb_type *, struct rb_tree *, void *);
+void   *_rb_remove(const struct rb_type *, struct rb_tree *, void *);
+void   *_rb_find(const struct rb_type *, struct rb_tree *, const void *);
+void   *_rb_nfind(const struct rb_type *, struct rb_tree *, const void *);
+void   *_rb_root(const struct rb_type *, struct rb_tree *);
+void   *_rb_min(const struct rb_type *, struct rb_tree *);
+void   *_rb_max(const struct rb_type *, struct rb_tree *);
+void   *_rb_next(const struct rb_type *, void *);
+void   *_rb_prev(const struct rb_type *, void *);
+void   *_rb_left(const struct rb_type *, void *);
+void   *_rb_right(const struct rb_type *, void *);
+void   *_rb_parent(const struct rb_type *, void *);
+void   *_rb_color(const struct rb_type *, void *);
+
+#define RBT_HEAD(_name, _type) \
+struct _name { \
+   struct rb_tree rbh_root;\
+}
+
+#define RBT_INITIALIZER(_head) { { NULL } }
+
+#define RBT_ENTRY(_type)   struct rb_entry
+
+#define RBT_PROTOTYPE(_name, _type, _field, _cmp)  \
+extern const struct rb_type *const _name##_RBT_TYPE;   \
+   \
+static inline void \
+_name##_RBT_INIT(struct _name *head)   \
+{  \
+   _rb_init(>rbh_root);  \
+}  \
+   \
+static inline struct _type *   \
+_name##_RBT_INSERT(struct _name *head, struct _type *elm)  \
+{  \
+   return _rb_insert(_name##_RBT_TYPE, >rbh_root, elm);  \
+}   

Re: Enable Camellia ciphers with SHA-2 family HMAC

[Bob Beck]

On Thursday, 25 August 2016, Ted Unangst  wrote:

> Andreas Bartelt wrote:
> > On 08/25/16 15:58, Brent Cook wrote:
> > > No objection here. Anyone else?
> > >
> >
> > in general, I personally would only add further cryptographic primitives
> > to a TLS configuration in case they provide sufficiently distinctive
> > advantages over the already available primitives. I don't see this for
> > Camellia since it doesn't seem to provide any better trade-offs than
> > AES. Or am I missing something here?
>
> Oh, I don't think we should add this to any default config. But the option
> should be available for users to configure.
>

yes on both counts

Re: use strnlen() in vfprintf.c

[Ted Unangst]

Todd C. Miller wrote:
> > if (blah) {
> > size_t len;
> > ...
> > } else {
> > size_t len;
> > ...
> > }
> > 
> > looks noisy to me, so I would lean towards your latter idea.
> 
> Yeah, I just liked len being scoped that way.  However, I see other
> places we really want to use a size_t for length so I suppose we
> can use it elsewhere too.

fwiw, I'm all about tight scoping. Prevents the value from accidentally
bleeding from one block to another.

Re: use strnlen() in vfprintf.c

[Todd C. Miller]

On Thu, 25 Aug 2016 13:56:24 -0700, Philip Guenther wrote:

> This:
> 
> if (blah) {
> size_t len;
> ...
> } else {
> size_t len;
> ...
> }
> 
> looks noisy to me, so I would lean towards your latter idea.

Yeah, I just liked len being scoped that way.  However, I see other
places we really want to use a size_t for length so I suppose we
can use it elsewhere too.

 - todd

Index: lib/libc/stdio/vfprintf.c
===
RCS file: /cvs/src/lib/libc/stdio/vfprintf.c,v
retrieving revision 1.75
diff -u -p -u -r1.75 vfprintf.c
--- lib/libc/stdio/vfprintf.c   17 Aug 2016 22:15:08 -  1.75
+++ lib/libc/stdio/vfprintf.c   25 Aug 2016 21:39:16 -
@@ -486,6 +486,8 @@ __vfprintf(FILE *fp, const char *fmt0, _
 * Scan the format for conversions (`%' character).
 */
for (;;) {
+   size_t len;
+
cp = fmt;
while ((n = mbrtowc(, fmt, MB_CUR_MAX, )) > 0) {
fmt += n;
@@ -886,22 +888,10 @@ fp_common:
 
cp = "(null)";
}
-   if (prec >= 0) {
-   /*
-* can't use strlen; can only look for the
-* NUL in the first `prec' characters, and
-* strlen() will go further.
-*/
-   char *p = memchr(cp, 0, prec);
-
-   size = p ? (p - cp) : prec;
-   } else {
-   size_t len;
-
-   if ((len = strlen(cp)) > INT_MAX)
-   goto overflow;
-   size = (int)len;
-   }
+   len = prec >= 0 ? strnlen(cp, prec) : strlen(cp);
+   if (len > INT_MAX)
+   goto overflow;
+   size = (int)len;
sign = '\0';
break;
case 'U':

Re: use strnlen() in vfprintf.c

[Philip Guenther]

On Thu, Aug 25, 2016 at 11:15 AM, Todd C. Miller
 wrote:
> This is what strnlen(3) is for, let's use it...
>
> Alternately, we could unify things like:
>
> len = prec >= 0 ? strnlen(cp, prec) : strlen(cp);
> if (len > INT_MAX)
> goto overflow;
> size = (int)len;
>
> but that means declaring "size_t len" at the top of the for(;;) loop.

This:

if (blah) {
size_t len;
...
} else {
size_t len;
...
}

looks noisy to me, so I would lean towards your latter idea.


Philip

use strnlen() in vfprintf.c

[Todd C. Miller]

This is what strnlen(3) is for, let's use it...

Alternately, we could unify things like:

len = prec >= 0 ? strnlen(cp, prec) : strlen(cp);
if (len > INT_MAX)
goto overflow;
size = (int)len;

but that means declaring "size_t len" at the top of the for(;;) loop.

 - todd

Index: lib/libc/stdio/vfprintf.c
===
RCS file: /cvs/src/lib/libc/stdio/vfprintf.c,v
retrieving revision 1.75
diff -u -p -u -r1.75 vfprintf.c
--- lib/libc/stdio/vfprintf.c   17 Aug 2016 22:15:08 -  1.75
+++ lib/libc/stdio/vfprintf.c   25 Aug 2016 18:12:42 -
@@ -887,14 +887,11 @@ fp_common:
cp = "(null)";
}
if (prec >= 0) {
-   /*
-* can't use strlen; can only look for the
-* NUL in the first `prec' characters, and
-* strlen() will go further.
-*/
-   char *p = memchr(cp, 0, prec);
+   size_t len;
 
-   size = p ? (p - cp) : prec;
+   if ((len = strnlen(cp, prec)) > INT_MAX)
+   goto overflow;
+   size = (int)len;
} else {
size_t len;
 

Re: inconsistent error handling in fgetln(3)

[Andrey Chernov]

On 25.08.2016 17:50, Ingo Schwarze wrote:
> I strongly feel that fgetln(3) ought to behave the same: either
> succeed or fail.  It should not return a string but set errno and
> __SERR at the same time.  So i'd very much like to commit my fgetln.c
> patch.  I have an OK from millert@, which is sufficient for commit
> in OpenBSD.  Do you still object, given the above results and
> arguments?

Well, NetBSD implements fgetln() through getdelim() which fails on
partial line errors. Assuming your fgetln() fix below will be committed
to OpenBSD, I agree to make corresponding change in FreeBSD and do
something for fgetwln() too.

> 
> Index: fgetln.c
> ===
> RCS file: /cvs/src/lib/libc/stdio/fgetln.c,v
> retrieving revision 1.14
> diff -u -r1.14 fgetln.c
> --- fgetln.c  31 Aug 2015 02:53:57 -  1.14
> +++ fgetln.c  25 Aug 2016 14:45:08 -
> @@ -115,8 +115,11 @@
>   (void)memcpy((void *)(fp->_lb._base + off), (void *)fp->_p,
>   len - off);
>   off = len;
> - if (__srefill(fp))
> - break;  /* EOF or error: return partial line */
> + if (__srefill(fp)) {
> + if (fp->_flags & __SEOF)
> + break;
> + goto error;
> + }
>   if ((p = memchr((void *)fp->_p, '\n', fp->_r)) == NULL)
>   continue;
>  
> 

Re: Enable Camellia ciphers with SHA-2 family HMAC

[Ted Unangst]

Andreas Bartelt wrote:
> On 08/25/16 15:58, Brent Cook wrote:
> > No objection here. Anyone else?
> >
> 
> in general, I personally would only add further cryptographic primitives 
> to a TLS configuration in case they provide sufficiently distinctive 
> advantages over the already available primitives. I don't see this for 
> Camellia since it doesn't seem to provide any better trade-offs than 
> AES. Or am I missing something here?

Oh, I don't think we should add this to any default config. But the option
should be available for users to configure.

Re: Enable Camellia ciphers with SHA-2 family HMAC

[Ted Unangst]

Brent Cook wrote:
> No objection here. Anyone else?

No. Camellia doesn't get much attention, but if somebody cares to add new
modes for it, no reason to reject it.

Re: inconsistent error handling in fgetln(3)

[Ingo Schwarze]

Hi Andrej,

Andrey Chernov wrote on Wed, Aug 24, 2016 at 10:19:35PM +0300:
> On 24.08.2016 22:03, Ingo Schwarze wrote:
>> Andrey Chernov wrote:

>>> Could you show some code? In my testing fgetwln() fails on next read if
>>> previously there was partial line with tail EILSEQ. Stdio not advance
>>> its pointer over the sequence with EILSEQ.

>> See below for a radically stripped down version of FreeBSD rev(1).
>> When i revert my fgetwln(3) patch (as you did in FreeBSD) and compile
>> and run that stripped down rev(1) on OpenBSD, i get this:
>> 
>>$ export LC_CTYPE=en_US.UTF-8
>>$ printf "one\200two\200three" | ./frev 
>>   eno
>>   owt
>>   eerht
>>   frev: Illegal byte sequence
>> 
>> Is there maybe yet another bug, maybe somewhere in OpenBSD fgetwc(3),
>> advancing a pointer where it shouldn't?  What result do you see
>> when you run that test program on FreeBSD?

> Even on FreeBSD stable/10 I got different (i.e. correct) results:
> 
> $ export LC_CTYPE=en_US.UTF-8
> $ printf "one\200two\200three" | ./frev
> eno
> frev: Illegal byte sequence
> 
> It stops on the first \200 as it should.

I investigated and got the following result.

The function fgetwln(3) is implemented in terms of fgetwc(3).
Regarding fgetwc(3), POSIX says:

  If an error occurs, the resulting value of the file position
  indicator for the stream is unspecified.

And indeed, FreeBSD leaves the file position indicator unchanged
on failure, while OpenBSD advances it to the byte after the last
one that must be read to be able to detect the failure.

Relying on the FreeBSD fgetwc(3) behaviour for the fgetwln(3)
implementation inside the FreeBSD libc seems possible on first
sight, even though it means that the FreeBSD implementation of
fgetwln(3) is not portable - as i found when trying to run it on
OpenBSD.  Actually, "unspecified" is much worse than "implementation
defined", so strictly speaking, relying on the fgetwc(3) behaviour
is not even safe on FreeBSD, because theoretically, the C compiler
is free to optimize away a call to fgetwc(3) and destroy the file
position pointer if it can somehow determine that the call will
fail, or to just destroy the file position pointer during fgetwc(3)
failure.

If you really want to specify fgetwln(3) to set the file position
pointer to a well-defined position on encoding errors - currently,
nothing of that kind is documented - it would mean that you would
have to stop using fgetwc(3) in the fgetwln(3) implementation and
instead inspect the libc internal buffers directly.  That doesn't
seem reasonable to me.

But above all, i think it's a bad idea to have diverging requirements
for a non-standard high-level function like fgetwln(3) with respect
to the similar low-level standard function, here fgetwc(3).  So
given that fgetwc(3) is allowed to destroy the file position pointer
on failure, fgetwln(3) should be allowed to do that, too.  And given
that POSIX requires that fgetwc(3) must not change errno(2) when
successful, fgetwln(3) should satisfy the same restriction, which
means that it cannot return partial strings for two reasons: Both
the file position indicator and errno are already destroyed at the
point where the partial string could be returned.

I strongly feel that fgetln(3) ought to behave the same: either
succeed or fail.  It should not return a string but set errno and
__SERR at the same time.  So i'd very much like to commit my fgetln.c
patch.  I have an OK from millert@, which is sufficient for commit
in OpenBSD.  Do you still object, given the above results and
arguments?

To me, historic behaviour that nobody is likely to rely on is not
a strong argument.  We fix bugs in historic code all the time, and
even apply functional improvements where they make things better.

Yours,
  Ingo


Index: fgetln.c
===
RCS file: /cvs/src/lib/libc/stdio/fgetln.c,v
retrieving revision 1.14
diff -u -r1.14 fgetln.c
--- fgetln.c31 Aug 2015 02:53:57 -  1.14
+++ fgetln.c25 Aug 2016 14:45:08 -
@@ -115,8 +115,11 @@
(void)memcpy((void *)(fp->_lb._base + off), (void *)fp->_p,
len - off);
off = len;
-   if (__srefill(fp))
-   break;  /* EOF or error: return partial line */
+   if (__srefill(fp)) {
+   if (fp->_flags & __SEOF)
+   break;
+   goto error;
+   }
if ((p = memchr((void *)fp->_p, '\n', fp->_r)) == NULL)
continue;
 

Re: Enable Camellia ciphers with SHA-2 family HMAC

[Andreas Bartelt]

On 08/25/16 15:58, Brent Cook wrote:

No objection here. Anyone else?



in general, I personally would only add further cryptographic primitives 
to a TLS configuration in case they provide sufficiently distinctive 
advantages over the already available primitives. I don't see this for 
Camellia since it doesn't seem to provide any better trade-offs than 
AES. Or am I missing something here?

Re: smtpd: log ip/hostname for failed-command events

[Giovanni Bechis]

On 08/25/16 15:39, Gilles Chehade wrote:
> On Mon, Aug 22, 2016 at 11:10:28PM +0300, Pavel Korovin wrote:
>> Dear all,
>>
>> I have local patch which implements IP/hostname logging for all SMTP 
>> operations.
>> It simplifies log processing for me since I don't have to keep reference
>> between session ids and IPs/hostnames and check it every time I need to check
>> who's originating given SMTP transaction.
>> Does it make sense for anybody else?
>>
> 
> Yes, I'll take care of this during the general hackathon next week, thanks ;-)
>
I like the diff and proper testing is on my todo list for g2k16 as well.
 Cheers
   Giovanni

 
> 
>> Index: usr.sbin/smtpd/mta.c
>> ===
>> RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v
>> retrieving revision 1.201
>> diff -u -p -r1.201 mta.c
>> --- usr.sbin/smtpd/mta.c 22 May 2016 16:31:21 -  1.201
>> +++ usr.sbin/smtpd/mta.c 22 Aug 2016 19:33:08 -
>> @@ -1610,8 +1610,8 @@ mta_log(const struct mta_envelope *evp, 
>>  const char *relay, const char *status)
>>  {
>>  log_info("%016"PRIx64" mta event=delivery evpid=%016"PRIx64" "
>> -"from=<%s> to=<%s> rcpt=<%s> source=%s "
>> -"relay=%s delay=%s result=%s stat=%s",
>> +"from=<%s> to=<%s> rcpt=<%s> source=\"%s\" "
>> +"relay=\"%s\" delay=%s result=\"%s\" stat=\"%s\"",
>>  evp->session,
>>  evp->id,
>>  evp->task->sender,
>> Index: usr.sbin/smtpd/smtp_session.c
>> ===
>> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
>> retrieving revision 1.285
>> diff -u -p -r1.285 smtp_session.c
>> --- usr.sbin/smtpd/smtp_session.c29 Jul 2016 08:53:07 -  1.285
>> +++ usr.sbin/smtpd/smtp_session.c22 Aug 2016 19:33:08 -
>> @@ -903,9 +903,10 @@ smtp_session_imsg(struct mproc *p, struc
>>  s->tx->msgid);
>>  
>>  TAILQ_FOREACH(rcpt, >tx->rcpts, entry) {
>> -log_info("%016"PRIx64" smtp event=message msgid=%08x "
>> -"from=<%s%s%s> to=<%s%s%s> size=%zu ndest=%zu 
>> proto=%s",
>> +log_info("%016"PRIx64" smtp event=message address=%s 
>> host=%s "
>> +"msgid=%08x from=<%s%s%s> to=<%s%s%s> size=%zu 
>> ndest=%zu proto=%s",
>>  s->id,
>> +ss_to_text(>ss), s->hostname,
>>  s->tx->msgid,
>>  s->tx->evp.sender.user,
>>  s->tx->evp.sender.user[0] == '\0' ? "" : "@",
>> @@ -969,8 +970,9 @@ smtp_session_imsg(struct mproc *p, struc
>>  s = tree_xpop(_ssl_init, resp_ca_cert->reqid);
>>  
>>  if (resp_ca_cert->status == CA_FAIL) {
>> -log_info("%016"PRIx64" smtp event=closed 
>> reason=ca-failure",
>> -s->id);
>> +log_info("%016"PRIx64" smtp event=closed address=%s 
>> host=%s "
>> +"reason=ca-failure",
>> +s->id, ss_to_text(>ss), s->hostname);
>>  smtp_free(s, "CA failure");
>>  return;
>>  }
>> @@ -996,8 +998,8 @@ smtp_session_imsg(struct mproc *p, struc
>>  s->flags |= SF_VERIFIED;
>>  else if (s->listener->flags & F_TLS_VERIFY) {
>>  log_info("%016"PRIx64" smtp "
>> -"event=closed reason=cert-check-failed",
>> -s->id);
>> +"event=closed address=%s host=%s 
>> reason=cert-check-failed",
>> +s->id, ss_to_text(>ss), s->hostname);
>>  smtp_free(s, "SSL certificate check failed");
>>  return;
>>  }
>> @@ -1034,8 +1036,8 @@ smtp_filter_response(uint64_t id, int qu
>>  case QUERY_CONNECT:
>>  if (status != FILTER_OK) {
>>  log_info("%016"PRIx64" smtp "
>> -"event=closed reason=filter-reject",
>> -s->id);
>> +"event=closed address=%s host=%s 
>> reason=filter-reject",
>> +s->id, ss_to_text(>ss), s->hostname);
>>  smtp_free(s, "rejected by filter");
>>  return;
>>  }
>> @@ -1255,8 +1257,8 @@ smtp_io(struct io *io, int evt)
>>  switch (evt) {
>>  
>>  case IO_TLSREADY:
>> -log_info("%016"PRIx64" smtp event=starttls ciphers=\"%s\"",
>> -s->id, ssl_to_text(s->io.ssl));
>> +log_info("%016"PRIx64" smtp event=starttls address=%s host=%s 
>> ciphers=\"%s\"",
>> +s->id, ss_to_text(>ss), s->hostname, 
>> ssl_to_text(s->io.ssl));
>>  
>>  s->flags |= SF_SECURE;
>>  s->phase = PHASE_INIT;
>> @@ -1268,8 +1270,8 @@ smtp_io(struct io *io, int evt)
>>  
>>  if 

Re: Enable Camellia ciphers with SHA-2 family HMAC

[Brent Cook]

No objection here. Anyone else?

> On Aug 25, 2016, at 8:54 AM, Guenther Niess  wrote:
> 
> Hi,
> 
> is there a reason why the Camellia cipher suits with SHA2 HMAC is not
> supported?
> 
> I added them and tested the result with an Nginx server and the s_client
> command.
> 
> I would like to have a look to support the Camellia GCM based cipher
> suites, but if there is a reason why libressl shouldn't support them, I
> would spend my time with something else.
> 
> Best Regards,
> Guenther
> 
> 
> 
> Index: lib/libssl/src/ssl/s3_lib.c
> ===
> RCS file: /cvs/src/lib/libssl/src/ssl/s3_lib.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 s3_lib.c
> --- lib/libssl/src/ssl/s3_lib.c   28 Apr 2016 16:39:45 -  1.108
> +++ lib/libssl/src/ssl/s3_lib.c   25 Aug 2016 13:45:27 -
> @@ -1805,6 +1805,138 @@ SSL_CIPHER ssl3_ciphers[] = {
>   .strength_bits = 256,
>   .alg_bits = 256,
>   },
> +
> +#ifndef OPENSSL_NO_CAMELLIA
> + /* TLS 1.2 ECDH Camellia based ciphersuites from RFC 6367 */
> +
> + /* Cipher C072 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C073 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C074 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C075 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C076 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C077 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher 

Re: smtpd: log ip/hostname for failed-command events

[Gilles Chehade]

On Mon, Aug 22, 2016 at 11:10:28PM +0300, Pavel Korovin wrote:
> Dear all,
> 
> I have local patch which implements IP/hostname logging for all SMTP 
> operations.
> It simplifies log processing for me since I don't have to keep reference
> between session ids and IPs/hostnames and check it every time I need to check
> who's originating given SMTP transaction.
> Does it make sense for anybody else?
> 

Yes, I'll take care of this during the general hackathon next week, thanks ;-)


> Index: usr.sbin/smtpd/mta.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v
> retrieving revision 1.201
> diff -u -p -r1.201 mta.c
> --- usr.sbin/smtpd/mta.c  22 May 2016 16:31:21 -  1.201
> +++ usr.sbin/smtpd/mta.c  22 Aug 2016 19:33:08 -
> @@ -1610,8 +1610,8 @@ mta_log(const struct mta_envelope *evp, 
>  const char *relay, const char *status)
>  {
>   log_info("%016"PRIx64" mta event=delivery evpid=%016"PRIx64" "
> - "from=<%s> to=<%s> rcpt=<%s> source=%s "
> - "relay=%s delay=%s result=%s stat=%s",
> + "from=<%s> to=<%s> rcpt=<%s> source=\"%s\" "
> + "relay=\"%s\" delay=%s result=\"%s\" stat=\"%s\"",
>   evp->session,
>   evp->id,
>   evp->task->sender,
> Index: usr.sbin/smtpd/smtp_session.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
> retrieving revision 1.285
> diff -u -p -r1.285 smtp_session.c
> --- usr.sbin/smtpd/smtp_session.c 29 Jul 2016 08:53:07 -  1.285
> +++ usr.sbin/smtpd/smtp_session.c 22 Aug 2016 19:33:08 -
> @@ -903,9 +903,10 @@ smtp_session_imsg(struct mproc *p, struc
>   s->tx->msgid);
>  
>   TAILQ_FOREACH(rcpt, >tx->rcpts, entry) {
> - log_info("%016"PRIx64" smtp event=message msgid=%08x "
> - "from=<%s%s%s> to=<%s%s%s> size=%zu ndest=%zu 
> proto=%s",
> + log_info("%016"PRIx64" smtp event=message address=%s 
> host=%s "
> + "msgid=%08x from=<%s%s%s> to=<%s%s%s> size=%zu 
> ndest=%zu proto=%s",
>   s->id,
> + ss_to_text(>ss), s->hostname,
>   s->tx->msgid,
>   s->tx->evp.sender.user,
>   s->tx->evp.sender.user[0] == '\0' ? "" : "@",
> @@ -969,8 +970,9 @@ smtp_session_imsg(struct mproc *p, struc
>   s = tree_xpop(_ssl_init, resp_ca_cert->reqid);
>  
>   if (resp_ca_cert->status == CA_FAIL) {
> - log_info("%016"PRIx64" smtp event=closed 
> reason=ca-failure",
> - s->id);
> + log_info("%016"PRIx64" smtp event=closed address=%s 
> host=%s "
> + "reason=ca-failure",
> + s->id, ss_to_text(>ss), s->hostname);
>   smtp_free(s, "CA failure");
>   return;
>   }
> @@ -996,8 +998,8 @@ smtp_session_imsg(struct mproc *p, struc
>   s->flags |= SF_VERIFIED;
>   else if (s->listener->flags & F_TLS_VERIFY) {
>   log_info("%016"PRIx64" smtp "
> - "event=closed reason=cert-check-failed",
> - s->id);
> + "event=closed address=%s host=%s 
> reason=cert-check-failed",
> + s->id, ss_to_text(>ss), s->hostname);
>   smtp_free(s, "SSL certificate check failed");
>   return;
>   }
> @@ -1034,8 +1036,8 @@ smtp_filter_response(uint64_t id, int qu
>   case QUERY_CONNECT:
>   if (status != FILTER_OK) {
>   log_info("%016"PRIx64" smtp "
> - "event=closed reason=filter-reject",
> - s->id);
> + "event=closed address=%s host=%s 
> reason=filter-reject",
> + s->id, ss_to_text(>ss), s->hostname);
>   smtp_free(s, "rejected by filter");
>   return;
>   }
> @@ -1255,8 +1257,8 @@ smtp_io(struct io *io, int evt)
>   switch (evt) {
>  
>   case IO_TLSREADY:
> - log_info("%016"PRIx64" smtp event=starttls ciphers=\"%s\"",
> - s->id, ssl_to_text(s->io.ssl));
> + log_info("%016"PRIx64" smtp event=starttls address=%s host=%s 
> ciphers=\"%s\"",
> + s->id, ss_to_text(>ss), s->hostname, 
> ssl_to_text(s->io.ssl));
>  
>   s->flags |= SF_SECURE;
>   s->phase = PHASE_INIT;
> @@ -1268,8 +1270,8 @@ smtp_io(struct io *io, int evt)
>  
>   if (s->listener->flags & F_TLS_VERIFY) {
>   log_info("%016"PRIx64" smtp "
> - "event=closed reason=no-client-cert",
> - 

Re: No 'struct route_in6' in ip6_getpmtu()

[Martin Pieuchot]

On 24/08/16(Wed) 21:49, Alexander Bluhm wrote:
> On Wed, Aug 24, 2016 at 05:52:39PM +0200, Martin Pieuchot wrote:
> > Diff below simplifies ip6_getpmtu() to use a 'struct rtentry *' instead
> > of two 'struct route_in6'.
> > 
> > ok?
> 
> I have tested it with regress/sys/netinet/pmtu .
> 
> OK bluhm@

thanks!
 
> > +   if (rt != NULL) {
> ...
> > -   } else if (ifp0) {
> > -   mtu = ifp0->if_mtu;
> > +   } else if (ifp) {
> > +   mtu = ifp->if_mtu;
> > } else
> > error = EHOSTUNREACH; /* XXX */
> 
> Isn't your style to write ifp != NULL?  And I doubt that ifp can
> ever be NULL here.  But better safe than sorry.

Hey you're right, you know me better than myself!  I double checked and
removed the ifp != NULL check, it cannot be NULL when the function is
called.

Re: rtadvd.conf(5) pinfoflags - bad example

[Jeremie Courreges-Anglas]

Stuart Henderson  writes:

> I don't see any code to support setting pinfoflags from a string,
> it looks like it must be numeric.
>
> OK?

yup

> (If someone wants to add string support sometime that would be
> nice, but let's fix the example in the first case).

Someone(tm) is working on it.

> Index: rtadvd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/rtadvd/rtadvd.conf.5,v
> retrieving revision 1.37
> diff -u -p -r1.37 rtadvd.conf.5
> --- rtadvd.conf.5 7 May 2016 19:33:03 -   1.37
> +++ rtadvd.conf.5 25 Aug 2016 09:22:22 -
> @@ -367,7 +367,7 @@ YOU DO NOT NEED TO HAVE IT AT ALL.
>  .Bd -literal -offset indent
>  default:\e
>   :chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\e
> - :pinfoflags="la":vltime#2592000:pltime#604800:mtu#0:
> + :pinfoflags#192:vltime#2592000:pltime#604800:mtu#0:
>  ef0:\e
>   :addr="2001:db8::1000::":prefixlen#64:tc=default:
>  .Ed
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: armv7 pmap nodom

[Mark Kettenis]

> Date: Wed, 24 Aug 2016 15:43:13 +0300
> From: Artturi Alm 
> 
> Hi,
> 
> been running w/this on wandboard for some days building ports.
> pm_cstate should go too, but it's another small diff.

Thanks.  I think I came to the same conclusion when removed the first
bit of cruft from cpuswitch7.S.  I'm planning to take a closer look
somewhere in the next few days.  Need to read up a bit about the
domain stuff first.

> diff --git a/sys/arch/arm/arm/cpuswitch7.S b/sys/arch/arm/arm/cpuswitch7.S
> index 2eeecec..3196c8e 100644
> --- a/sys/arch/arm/arm/cpuswitch7.S
> +++ b/sys/arch/arm/arm/cpuswitch7.S
> @@ -232,25 +232,6 @@ ENTRY(cpu_switchto)
>   ldr r10, [r8, #(PCB_PAGEDIR)]   /* r10 = old L1 */
>   ldr r11, [r9, #(PCB_PAGEDIR)]   /* r11 = new L1 */
>  
> - ldr r0, [r8, #(PCB_DACR)]   /* r0 = old DACR */
> - ldr r1, [r9, #(PCB_DACR)]   /* r1 = new DACR */
> -
> - teq r10, r11/* Same L1? */
> - cmpeq   r0, r1  /* Same DACR? */
> - beq .Lcs_context_switched   /* yes! */
> -
> - mov r2, #DOMAIN_CLIENT
> - cmp r1, r2, lsl #(PMAP_DOMAIN_KERNEL * 2) /* Sw to kernel thread? */
> - beq .Lcs_cache_purge_skipped/* Yup. Don't flush cache */
> -
> - stmfd   sp!, {r0-r3}
> - ldr r1, .Lcpufuncs
> - mov lr, pc
> - ldr pc, [r1, #CF_ICACHE_SYNC_ALL]
> - ldmfd   sp!, {r0-r3}
> -
> -.Lcs_cache_purge_skipped:
> - /* rem: r1 = new DACR */
>   /* rem: r6 = new proc */
>   /* rem: r9 = new PCB */
>   /* rem: r10 = old L1 */
> @@ -263,8 +244,6 @@ ENTRY(cpu_switchto)
>*/
>   IRQdisableALL
>  
> - mcr CP15_DACR(r1)   /* Update DACR for new context */
> -
>   cmp r10, r11/* Switching to the same L1? */
>   ldr r10, .Lcpufuncs
>   beq .Lcs_context_switched   /* Yup. */
> diff --git a/sys/arch/arm/arm/genassym.cf b/sys/arch/arm/arm/genassym.cf
> index 6322e93..517a393 100644
> --- a/sys/arch/arm/arm/genassym.cf
> +++ b/sys/arch/arm/arm/genassym.cf
> @@ -86,7 +86,9 @@ member  pcb_tf
>  member   pcb_pagedir
>  member   pcb_pl1vec
>  member   pcb_l1vec
> +ifndef CPU_ARMv7
>  member   pcb_dacr
> +endif
>  member   pcb_cstate
>  member   pcb_flags
>  member   PCB_R8  pcb_un.un_32.pcb32_r8
> diff --git a/sys/arch/arm/arm/pmap7.c b/sys/arch/arm/arm/pmap7.c
> index 402393c..d7e0e39 100644
> --- a/sys/arch/arm/arm/pmap7.c
> +++ b/sys/arch/arm/arm/pmap7.c
> @@ -388,7 +388,7 @@ struct pv_entry *pmap_remove_pv(struct vm_page *, pmap_t, 
> vaddr_t);
>  u_intpmap_modify_pv(struct vm_page *, pmap_t, vaddr_t,
>   u_int, u_int);
>  
> -void pmap_alloc_l1(pmap_t, int);
> +void pmap_alloc_l1(pmap_t);
>  void pmap_free_l1(pmap_t);
>  
>  struct l2_bucket *pmap_get_l2_bucket(pmap_t, vaddr_t);
> @@ -622,7 +622,7 @@ uint nl1;
>   * This is called at pmap creation time.
>   */
>  void
> -pmap_alloc_l1(pmap_t pm, int domain)
> +pmap_alloc_l1(pmap_t pm)
>  {
>   struct l1_ttable *l1;
>   struct pglist plist;
> @@ -632,7 +632,7 @@ pmap_alloc_l1(pmap_t pm, int domain)
>   int error;
>  
>  #ifdef PMAP_DEBUG
> -printf("%s: %d %d\n", __func__, domain, ++nl1);
> +printf("%s: %d\n", __func__, ++nl1);
>  #endif
>   /* XXX use a pool? or move to inside struct pmap? */
>   l1 = malloc(sizeof(*l1), M_VMPMAP, M_WAITOK);
> @@ -666,7 +666,6 @@ printf("%s: %d %d\n", __func__, domain, ++nl1);
>   pmap_init_l1(l1, pl1pt);
>  
>   pm->pm_l1 = l1;
> - pm->pm_domain = domain;
>  }
>  
>  /*
> @@ -843,11 +842,10 @@ pmap_free_l2_bucket(pmap_t pm, struct l2_bucket *l2b, 
> u_int count)
>   pl1pd = >pm_l1->l1_kva[l1idx];
>  
>   /*
> -  * If the L1 slot matches the pmap's domain
> -  * number, then invalidate it.
> +  * If the L1 slot matches, then invalidate it.
>*/
> - l1pd = *pl1pd & (L1_TYPE_MASK | L1_C_DOM_MASK);
> - if (l1pd == (L1_C_DOM(pm->pm_domain) | L1_TYPE_C)) {
> + l1pd = *pl1pd & L1_TYPE_MASK;
> + if (l1pd == L1_TYPE_C) {
>   *pl1pd = L1_TYPE_INV;
>   PTE_SYNC(pl1pd);
>   pmap_tlb_flushID_SE(pm, l1idx << L1_S_SHIFT);
> @@ -1071,7 +1069,7 @@ pmap_create(void)
>  
>   pm->pm_refs = 1;
>   pm->pm_stats.wired_count = 0;
> - pmap_alloc_l1(pm, PMAP_DOMAIN_USER_V7);
> + pmap_alloc_l1(pm);
>  
>   return (pm);
>  }
> @@ -1270,14 +1268,12 @@ pmap_enter(pmap_t pm, vaddr_t va, paddr_t pa, 
> vm_prot_t prot, int flags)
>   /*
>* This mapping is likely to be accessed as
>* soon as we return to userland. Fix up the
> -  * L1 entry to avoid taking another
> -  * page/domain fault.
> +  * L1 entry to avoid taking another page fault.

rtadvd.conf(5) pinfoflags - bad example

[Stuart Henderson]

I don't see any code to support setting pinfoflags from a string,
it looks like it must be numeric.

OK?

(If someone wants to add string support sometime that would be
nice, but let's fix the example in the first case).

Index: rtadvd.conf.5
===
RCS file: /cvs/src/usr.sbin/rtadvd/rtadvd.conf.5,v
retrieving revision 1.37
diff -u -p -r1.37 rtadvd.conf.5
--- rtadvd.conf.5   7 May 2016 19:33:03 -   1.37
+++ rtadvd.conf.5   25 Aug 2016 09:22:22 -
@@ -367,7 +367,7 @@ YOU DO NOT NEED TO HAVE IT AT ALL.
 .Bd -literal -offset indent
 default:\e
:chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\e
-   :pinfoflags="la":vltime#2592000:pltime#604800:mtu#0:
+   :pinfoflags#192:vltime#2592000:pltime#604800:mtu#0:
 ef0:\e
:addr="2001:db8::1000::":prefixlen#64:tc=default:
 .Ed

Re: 60.html on ntpd and pledge

[Theo Buehler]

On Thu, Aug 25, 2016 at 03:51:52AM -0400, Rob Pierce wrote:
> ntpd was pledged in 5.9.

Right. In fact, unless I'm missing something, the only pledge-related
commit to ntpd was due to the removal of chroot from the supported
syscalls, so I think "Improved pledge(2) support" is still overstating
the case a bit. I think it would be better to remove that bullet point.

Objections?

> Rob
> 
> Index: 60.html
> ===
> RCS file: /cvs/www/60.html,v
> retrieving revision 1.70
> diff -u -p -r1.70 60.html
> --- 60.html   24 Aug 2016 20:47:30 -  1.70
> +++ 60.html   25 Aug 2016 07:48:55 -
> @@ -598,7 +598,7 @@ to 6.0.
>  Moved the execution of constraints from the ntp process to the
>  parent process, allowing for better privilege separation since the
>  ntp process can be further restricted.
> -Added
> +Improved
>  http://man.openbsd.org/pledge.2;>pledge(2)
>  support.
>  Fixed high CPU usage when the network is down.
> 

60.html on ntpd and pledge

[Rob Pierce]

ntpd was pledged in 5.9.

Rob

Index: 60.html
===
RCS file: /cvs/www/60.html,v
retrieving revision 1.70
diff -u -p -r1.70 60.html
--- 60.html 24 Aug 2016 20:47:30 -  1.70
+++ 60.html 25 Aug 2016 07:48:55 -
@@ -598,7 +598,7 @@ to 6.0.
 Moved the execution of constraints from the ntp process to the
 parent process, allowing for better privilege separation since the
 ntp process can be further restricted.
-Added
+Improved
 http://man.openbsd.org/pledge.2;>pledge(2)
 support.
 Fixed high CPU usage when the network is down.