OMAP4/5 Wake-up generator driver

[Jonathan Gray]

It turns out on OMAP4/OMAP5 there is a "Wake-up generator"
interrupt controller that routes interrupts to the GIC and does power
management comparable to imx with the i.MX6 General Power Controller
(GPC).

/ {
#address-cells = <0x0001>;
#size-cells = <0x0001>;
compatible = "ti,omap4-panda-es", "ti,omap4-panda", "ti,omap4460", 
"ti,omap4430", "ti,omap4";
interrupt-parent = <0x0001>;
model = "TI OMAP4 PandaBoard-ES";
...

interrupt-controller@48241000 {
compatible = "arm,cortex-a9-gic";
interrupt-controller;
#interrupt-cells = <0x0003>;
reg = <0x48241000 0x1000 0x48240100 0x0100>;
interrupt-parent = <0x0004>;
linux,phandle = <0x0004>;
phandle = <0x0004>;
};

interrupt-controller@48281000 {
compatible = "ti,omap4-wugen-mpu";
interrupt-controller;
#interrupt-cells = <0x0003>;
reg = <0x48281000 0x1000>;
interrupt-parent = <0x0004>;
linux,phandle = <0x0001>;
phandle = <0x0001>;
};

Reusing the imxgpc code to handle this allows interrupts on ommc(4) with
the pandaboard to work again and the board can now find it's root disk
once again.

Index: omap/files.omap
===
RCS file: /cvs/src/sys/arch/armv7/omap/files.omap,v
retrieving revision 1.17
diff -u -p -r1.17 files.omap
--- omap/files.omap 15 Aug 2016 13:42:49 -  1.17
+++ omap/files.omap 15 Sep 2016 04:33:56 -
@@ -42,6 +42,10 @@ device intc
 attach intc at fdt
 file   arch/armv7/omap/intc.c  intc
 
+device omwugen
+attach omwugen at fdt
+file   arch/armv7/omap/omwugen.c   omwugen
+
 device gptimer
 attach gptimer at omap
 file   arch/armv7/omap/gptimer.c   gptimer
Index: conf/GENERIC
===
RCS file: /cvs/src/sys/arch/armv7/conf/GENERIC,v
retrieving revision 1.53
diff -u -p -r1.53 GENERIC
--- conf/GENERIC12 Sep 2016 08:28:44 -  1.53
+++ conf/GENERIC15 Sep 2016 04:33:56 -
@@ -63,6 +63,7 @@ omapid*   at omap?
 
 # OMAP on-chip devices
 intc*  at fdt? # OMAP3 interrupt controller
+omwugen*   at fdt? # Wake-up generator
 #edma* at omap?# OMAP3 dma controller
 prcm*  at omap?# power/clock controller
 sitaracm*  at omap?# sitara control module
Index: conf/RAMDISK
===
RCS file: /cvs/src/sys/arch/armv7/conf/RAMDISK,v
retrieving revision 1.48
diff -u -p -r1.48 RAMDISK
--- conf/RAMDISK21 Aug 2016 06:36:23 -  1.48
+++ conf/RAMDISK15 Sep 2016 04:33:56 -
@@ -61,6 +61,7 @@ omapid*   at omap?
 
 # OMAP on-chip devices
 intc*  at fdt? # OMAP3 interrupt controller
+omwugen*   at fdt? # Wake-up generator
 #edma* at omap?# OMAP3 dma controller
 prcm*  at omap?# power/clock controller
 sitaracm*  at omap?# sitara control module
--- /dev/null   Thu Sep 15 14:35:46 2016
+++ omap/omwugen.c  Thu Sep 15 14:22:00 2016
@@ -0,0 +1,63 @@
+/* $OpenBSD$   */
+/*
+ * Copyright (c) 2016 Mark Kettenis
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+
+struct omwugen_softc {
+   struct device   sc_dev;
+   struct interrupt_controller sc_ic;
+};
+
+intomwugen_match(struct device *, void *, void *);
+void   omwugen_attach(struct device *, struct device *, void *);
+
+struct cfattach omwugen_ca = {
+   sizeof(struct omwugen_softc), omwugen_match, omwugen_attach
+};
+
+struct cfdriver omwugen_cd = {
+   NULL, "omwugen", DV_DULL
+};
+
+int
+omwugen_match(struct device *parent, void *match, void *aux)
+{
+   struct fdt_attach_args *faa = aux;
+
+   return OF_is_compatible(faa->fa_node, "ti,omap4-wugen-mpu");
+}
+
+void
+omwugen_attach(struct device *parent, struct device *self, void *aux)
+{
+   struct fdt_attach_args *faa = aux;
+   struct omwugen_softc *sc = (struct 

Re: rebound quantum entanglement

[Bob Beck]

BTW I'm not picking on you.. my DNS setup blew up this week for local
resolution and I've been dealing with the fallout - so the topic
is relatively near and dear to my heart.

On Wed, Sep 14, 2016 at 10:07 PM, Bob Beck  wrote:

>
> Yep.  and now you need to solve the problem that when prepending
> 127.0.0.1, and hitting rebound, which in turn is going to only grab the
> first dns server from my resolv.conf instead of all of them, that it now
> doubles my failure time when the first dns server doesn't respond (once for
> libc asking rebound, which asks only the first server it found, which
> fails) then falls back to libc asking resolv.conf which again... asks the
> first server, and fails again.
>
> So the problem here is that it's going to be great when things are working
> but become a failure multiplier when something breaks.
>
> Of course - perhaps you could query them all in parallel to mitigate this?
>   Rebound might need to become a real boy if we're going to do something
> like this.  If rebound were a "real boy" it would be it easier to say "just
> use rebound or if it's not there just use resolv.conf normally
>
> then nothing changes at *all* when it's not there.
>
>
> On Wed, Sep 14, 2016 at 8:39 PM, Ted Unangst  wrote:
>
>> Ted Unangst wrote:
>> > Bob Beck wrote:
>> > > how is rebound going to handle a change in resolv.conf? thats still a
>> > > problem here
>> >
>> > oh, that's easy. it watches the file for changes. i never quite got
>> around to
>> > that, but it's another five lines.
>>
>> ok, so it's a net +15 lines, including blanks.
>>
>> Index: rebound.8
>> ===
>> RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
>> retrieving revision 1.4
>> diff -u -p -r1.4 rebound.8
>> --- rebound.8   4 Dec 2015 04:50:43 -   1.4
>> +++ rebound.8   15 Sep 2016 00:57:21 -
>> @@ -33,9 +33,7 @@ The options are as follows:
>>  .Bl -tag -width Ds
>>  .It Fl c Ar config
>>  Specify an alternative configuration file, instead of the default
>> -.Pa /etc/rebound.conf .
>> -At present, the config file consists of a single line containing the next
>> -hop DNS server.
>> +.Pa /etc/resolv.conf .
>>  .Nm
>>  will reload the configuration file when sent a SIGHUP signal.
>>  .It Fl d
>> @@ -46,8 +44,8 @@ does not
>>  into the background.
>>  .El
>>  .Sh FILES
>> -.Bl -tag -width "/etc/rebound.confXX" -compact
>> -.It Pa /etc/rebound.conf
>> +.Bl -tag -width "/etc/resolv.confXX" -compact
>> +.It Pa /etc/resolv.conf
>>  Default
>>  .Nm
>>  configuration file.
>> Index: rebound.c
>> ===
>> RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
>> retrieving revision 1.70
>> diff -u -p -r1.70 rebound.c
>> --- rebound.c   1 Sep 2016 10:57:24 -   1.70
>> +++ rebound.c   15 Sep 2016 02:30:46 -
>> @@ -33,10 +33,12 @@
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>>  #include 
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>>
>>  #define MINIMUM(a,b) (((a)<(b))?(a):(b))
>>
>> @@ -455,34 +457,51 @@ fail:
>>  }
>>
>>  static int
>> -readconfig(FILE *conf, union sockun *remoteaddr)
>> +readconfig(int conffd, union sockun *remoteaddr)
>>  {
>> +   const char ns[] = "nameserver";
>> char buf[1024];
>> +   char *p;
>> struct sockaddr_in *sin = >i;
>> struct sockaddr_in6 *sin6 = >i6;
>> +   FILE *conf;
>> +   int rv = -1;
>>
>> -   if (fgets(buf, sizeof(buf), conf) == NULL)
>> -   return -1;
>> -   buf[strcspn(buf, "\n")] = '\0';
>> +   conf = fdopen(conffd, "r");
>>
>> -   memset(remoteaddr, 0, sizeof(*remoteaddr));
>> -   if (inet_pton(AF_INET, buf, >sin_addr) == 1) {
>> -   sin->sin_len = sizeof(*sin);
>> -   sin->sin_family = AF_INET;
>> -   sin->sin_port = htons(53);
>> -   return AF_INET;
>> -   } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) {
>> -   sin6->sin6_len = sizeof(*sin6);
>> -   sin6->sin6_family = AF_INET6;
>> -   sin6->sin6_port = htons(53);
>> -   return AF_INET6;
>> -   } else {
>> -   return -1;
>> +   while (fgets(buf, sizeof(buf), conf) != NULL) {
>> +   buf[strcspn(buf, "\n")] = '\0';
>> +
>> +   if (strncmp(buf, ns, strlen(ns)) != 0)
>> +   continue;
>> +   p = buf + strlen(ns) + 1;
>> +   while (isspace((unsigned char)*p))
>> +   p++;
>> +
>> +   /* this will not end well */
>> +   if (strcmp(p, "127.0.0.1") == 0)
>> +   continue;
>> +
>> +   memset(remoteaddr, 0, sizeof(*remoteaddr));
>> +   if (inet_pton(AF_INET, p, >sin_addr) == 1) {
>> +   sin->sin_len = sizeof(*sin);
>> +   sin->sin_family = AF_INET;
>> + 

Re: rebound quantum entanglement

[Bob Beck]

Yep.  and now you need to solve the problem that when prepending 127.0.0.1,
and hitting rebound, which in turn is going to only grab the first dns
server from my resolv.conf instead of all of them, that it now doubles my
failure time when the first dns server doesn't respond (once for libc
asking rebound, which asks only the first server it found, which fails)
then falls back to libc asking resolv.conf which again... asks the first
server, and fails again.

So the problem here is that it's going to be great when things are working
but become a failure multiplier when something breaks.

Of course - perhaps you could query them all in parallel to mitigate this?
  Rebound might need to become a real boy if we're going to do something
like this.  If rebound were a "real boy" it would be it easier to say "just
use rebound or if it's not there just use resolv.conf normally

then nothing changes at *all* when it's not there.


On Wed, Sep 14, 2016 at 8:39 PM, Ted Unangst  wrote:

> Ted Unangst wrote:
> > Bob Beck wrote:
> > > how is rebound going to handle a change in resolv.conf? thats still a
> > > problem here
> >
> > oh, that's easy. it watches the file for changes. i never quite got
> around to
> > that, but it's another five lines.
>
> ok, so it's a net +15 lines, including blanks.
>
> Index: rebound.8
> ===
> RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
> retrieving revision 1.4
> diff -u -p -r1.4 rebound.8
> --- rebound.8   4 Dec 2015 04:50:43 -   1.4
> +++ rebound.8   15 Sep 2016 00:57:21 -
> @@ -33,9 +33,7 @@ The options are as follows:
>  .Bl -tag -width Ds
>  .It Fl c Ar config
>  Specify an alternative configuration file, instead of the default
> -.Pa /etc/rebound.conf .
> -At present, the config file consists of a single line containing the next
> -hop DNS server.
> +.Pa /etc/resolv.conf .
>  .Nm
>  will reload the configuration file when sent a SIGHUP signal.
>  .It Fl d
> @@ -46,8 +44,8 @@ does not
>  into the background.
>  .El
>  .Sh FILES
> -.Bl -tag -width "/etc/rebound.confXX" -compact
> -.It Pa /etc/rebound.conf
> +.Bl -tag -width "/etc/resolv.confXX" -compact
> +.It Pa /etc/resolv.conf
>  Default
>  .Nm
>  configuration file.
> Index: rebound.c
> ===
> RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
> retrieving revision 1.70
> diff -u -p -r1.70 rebound.c
> --- rebound.c   1 Sep 2016 10:57:24 -   1.70
> +++ rebound.c   15 Sep 2016 02:30:46 -
> @@ -33,10 +33,12 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
>  #include 
> +#include 
>
>  #define MINIMUM(a,b) (((a)<(b))?(a):(b))
>
> @@ -455,34 +457,51 @@ fail:
>  }
>
>  static int
> -readconfig(FILE *conf, union sockun *remoteaddr)
> +readconfig(int conffd, union sockun *remoteaddr)
>  {
> +   const char ns[] = "nameserver";
> char buf[1024];
> +   char *p;
> struct sockaddr_in *sin = >i;
> struct sockaddr_in6 *sin6 = >i6;
> +   FILE *conf;
> +   int rv = -1;
>
> -   if (fgets(buf, sizeof(buf), conf) == NULL)
> -   return -1;
> -   buf[strcspn(buf, "\n")] = '\0';
> +   conf = fdopen(conffd, "r");
>
> -   memset(remoteaddr, 0, sizeof(*remoteaddr));
> -   if (inet_pton(AF_INET, buf, >sin_addr) == 1) {
> -   sin->sin_len = sizeof(*sin);
> -   sin->sin_family = AF_INET;
> -   sin->sin_port = htons(53);
> -   return AF_INET;
> -   } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) {
> -   sin6->sin6_len = sizeof(*sin6);
> -   sin6->sin6_family = AF_INET6;
> -   sin6->sin6_port = htons(53);
> -   return AF_INET6;
> -   } else {
> -   return -1;
> +   while (fgets(buf, sizeof(buf), conf) != NULL) {
> +   buf[strcspn(buf, "\n")] = '\0';
> +
> +   if (strncmp(buf, ns, strlen(ns)) != 0)
> +   continue;
> +   p = buf + strlen(ns) + 1;
> +   while (isspace((unsigned char)*p))
> +   p++;
> +
> +   /* this will not end well */
> +   if (strcmp(p, "127.0.0.1") == 0)
> +   continue;
> +
> +   memset(remoteaddr, 0, sizeof(*remoteaddr));
> +   if (inet_pton(AF_INET, p, >sin_addr) == 1) {
> +   sin->sin_len = sizeof(*sin);
> +   sin->sin_family = AF_INET;
> +   sin->sin_port = htons(53);
> +   rv = AF_INET;
> +   } else if (inet_pton(AF_INET6, p, >sin6_addr) == 1) {
> +   sin6->sin6_len = sizeof(*sin6);
> +   sin6->sin6_family = AF_INET6;
> +   sin6->sin6_port = htons(53);
> +   rv = AF_INET6;
> +   }
> + 

Re: regression tests and patch for calendar(1)

[Andy Bradford]

Thus said "Todd C. Miller" on Wed, 14 Sep 2016 10:04:58 -0600:

> I've committed the fix as well as the calendar regress.

Excellent. I've actually been working on  a program that can be put into
regress instead  of the large number  of files that currently  exist for
the expected output; it will generate the expected output files based on
a given  set of input and  a date, then  run calendar to test.  But, the
current regress will suffice until that is complete.

Thanks,

Andy
-- 
TAI64 timestamp: 400057da0b2f

Re: rebound quantum entanglement

[Ted Unangst]

Ted Unangst wrote:
> Bob Beck wrote:
> > how is rebound going to handle a change in resolv.conf? thats still a
> > problem here
> 
> oh, that's easy. it watches the file for changes. i never quite got around to
> that, but it's another five lines.

ok, so it's a net +15 lines, including blanks.

Index: rebound.8
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
retrieving revision 1.4
diff -u -p -r1.4 rebound.8
--- rebound.8   4 Dec 2015 04:50:43 -   1.4
+++ rebound.8   15 Sep 2016 00:57:21 -
@@ -33,9 +33,7 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Fl c Ar config
 Specify an alternative configuration file, instead of the default
-.Pa /etc/rebound.conf .
-At present, the config file consists of a single line containing the next
-hop DNS server.
+.Pa /etc/resolv.conf .
 .Nm
 will reload the configuration file when sent a SIGHUP signal.
 .It Fl d
@@ -46,8 +44,8 @@ does not
 into the background.
 .El
 .Sh FILES
-.Bl -tag -width "/etc/rebound.confXX" -compact
-.It Pa /etc/rebound.conf
+.Bl -tag -width "/etc/resolv.confXX" -compact
+.It Pa /etc/resolv.conf
 Default
 .Nm
 configuration file.
Index: rebound.c
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
retrieving revision 1.70
diff -u -p -r1.70 rebound.c
--- rebound.c   1 Sep 2016 10:57:24 -   1.70
+++ rebound.c   15 Sep 2016 02:30:46 -
@@ -33,10 +33,12 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
+#include 
 
 #define MINIMUM(a,b) (((a)<(b))?(a):(b))
 
@@ -455,34 +457,51 @@ fail:
 }
 
 static int
-readconfig(FILE *conf, union sockun *remoteaddr)
+readconfig(int conffd, union sockun *remoteaddr)
 {
+   const char ns[] = "nameserver";
char buf[1024];
+   char *p;
struct sockaddr_in *sin = >i;
struct sockaddr_in6 *sin6 = >i6;
+   FILE *conf;
+   int rv = -1;
 
-   if (fgets(buf, sizeof(buf), conf) == NULL)
-   return -1;
-   buf[strcspn(buf, "\n")] = '\0';
+   conf = fdopen(conffd, "r");
 
-   memset(remoteaddr, 0, sizeof(*remoteaddr));
-   if (inet_pton(AF_INET, buf, >sin_addr) == 1) {
-   sin->sin_len = sizeof(*sin);
-   sin->sin_family = AF_INET;
-   sin->sin_port = htons(53);
-   return AF_INET;
-   } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) {
-   sin6->sin6_len = sizeof(*sin6);
-   sin6->sin6_family = AF_INET6;
-   sin6->sin6_port = htons(53);
-   return AF_INET6;
-   } else {
-   return -1;
+   while (fgets(buf, sizeof(buf), conf) != NULL) {
+   buf[strcspn(buf, "\n")] = '\0';
+
+   if (strncmp(buf, ns, strlen(ns)) != 0)
+   continue;
+   p = buf + strlen(ns) + 1;
+   while (isspace((unsigned char)*p))
+   p++;
+
+   /* this will not end well */
+   if (strcmp(p, "127.0.0.1") == 0)
+   continue;
+
+   memset(remoteaddr, 0, sizeof(*remoteaddr));
+   if (inet_pton(AF_INET, p, >sin_addr) == 1) {
+   sin->sin_len = sizeof(*sin);
+   sin->sin_family = AF_INET;
+   sin->sin_port = htons(53);
+   rv = AF_INET;
+   } else if (inet_pton(AF_INET6, p, >sin6_addr) == 1) {
+   sin6->sin6_len = sizeof(*sin6);
+   sin6->sin6_family = AF_INET6;
+   sin6->sin6_port = htons(53);
+   rv = AF_INET6;
+   }
+   break;
}
+   fclose(conf);
+   return rv;
 }
 
 static int
-launch(FILE *conf, int ud, int ld, int kq)
+launch(int conffd, int ud, int ld)
 {
union sockun remoteaddr;
struct kevent ch[2], kev[4];
@@ -490,16 +509,13 @@ launch(FILE *conf, int ud, int ld, int k
struct request *req;
struct dnscache *ent;
struct passwd *pwd;
-   int i, r, af;
+   int i, r, af, kq;
pid_t parent, child;
 
parent = getpid();
if (!debug) {
-   if ((child = fork())) {
-   fclose(conf);
+   if ((child = fork()))
return child;
-   }
-   close(kq);
}
 
kq = kqueue();
@@ -526,8 +542,7 @@ launch(FILE *conf, int ud, int ld, int k
if (pledge("stdio inet", NULL) == -1)
logerr("pledge failed");
 
-   af = readconfig(conf, );
-   fclose(conf);
+   af = readconfig(conffd, );
if (af == -1)
logerr("parse error in config file");
 
@@ -647,6 +662,23 @@ launch(FILE *conf, int ud, int ld, int k
exit(1);
 }
 
+static int
+openconfig(const char *confname, int kq)
+{
+   struct kevent kev;
+ 

Re: rebound quantum entanglement

[Ted Unangst]

Bob Beck wrote:
> wont this also mean if it is not running i have to wait for the localhost
> attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i
> slow everything down for a timeout?

you get back unreachable and move on. it's fast. you can try it. :)

Re: rebound quantum entanglement

[Theo de Raadt]

> > wont this also mean if it is not running i have to wait for the localhost
> > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i
> > slow everything down for a timeout?
> 
> Not if he connects to the TCP port 53 instead of the UDP; it looks like
> rebound binds to both.

OK.  But I suspect this is multiple system-call roundtrip for everyone
not running rebound.

Re: rebound quantum entanglement

[Todd C. Miller]

On Wed, 14 Sep 2016 20:00:32 -0600, Bob Beck wrote:

> wont this also mean if it is not running i have to wait for the localhost
> attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i
> slow everything down for a timeout?

Not if he connects to the TCP port 53 instead of the UDP; it looks like
rebound binds to both.

 - todd

Re: rebound quantum entanglement

[Theo de Raadt]

> wont this also mean if it is not running i have to wait for the localhost
> attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i
> slow everything down for a timeout?

i think that is right.

ktrace would show what is going on.

if it stalls, this is not enough.

Re: rebound quantum entanglement

[Bob Beck]

wont this also mean if it is not running i have to wait for the localhost
attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i
slow everything down for a timeout?

dont get me wrong, it is an interesting direction, but I think maybe get
the rest of the five line changes into rebound to make it useful and then
look at libc which might need slightly more cleverness than just adding
localhost unconditionally.

On Wednesday, 14 September 2016, Ted Unangst  wrote:

> Bob Beck wrote:
> > how is rebound going to handle a change in resolv.conf? thats still a
> > problem here
>
> oh, that's easy. it watches the file for changes. i never quite got around
> to
> that, but it's another five lines.
>

Re: rebound quantum entanglement

[Ted Unangst]

Bob Beck wrote:
> how is rebound going to handle a change in resolv.conf? thats still a
> problem here

oh, that's easy. it watches the file for changes. i never quite got around to
that, but it's another five lines.

Re: rebound quantum entanglement

[Bob Beck]

how is rebound going to handle a change in resolv.conf? thats still a
problem here

On Wednesday, 14 September 2016, Ted Unangst  wrote:

> So the plan is for rebound to be the 'system' resolver, with libc talking
> to
> rbeound and rebound talking to the cloud. The main wrinkle is how does
> rebound
> find the cloud? rebound.conf, but dhclient doesn't know anything about
> rebound.conf, preferring to edit resolv.conf. But if rebound reads
> resolv.conf, what does libc read? This has been a bit of a tangle until
> now,
> especially in scenarios like upgrades where rebound may not even be
> running.
>
> And so I present the following diff to enable a smooth transition. It's
> 'quantum' because it works whether or not rebound is running. No need to
> open
> the box.
>
> 1. rebound reads resolv.conf. This remains the config file for upstream
> DNS.
>
> 2. libc now prepends its nameserver list with localhost, thus always
> searching
> for rebound. If it's not running, we just continue down the list.
>
> This covers the basic use case, where enabling rebound now requires no
> additional work. No need to edit dhclient.conf, etc. It also works on
> ramdisks. It also works with a mix of old and new binaries. Once you flip
> resolv.conf back to upstream, old binaries will bypass rebound, but that's
> ok.
> The new rebound checks to make sure it's not stuck in a time loop, which is
> never good.
>
> I also note this improves the situation for people who have been using
> unbound
> as a local cache, too. Just enable unbound and libc will use it
> automatically.
>
> Particular edge case: if resolv.conf has no nameservers, then the localhost
> default is not prepended. So libc won't try talking to rebound if it's
> specifically configured not to (chroot).
>
>
> Index: lib/libc/asr/asr.c
> ===
> RCS file: /cvs/src/lib/libc/asr/asr.c,v
> retrieving revision 1.54
> diff -u -p -r1.54 asr.c
> --- lib/libc/asr/asr.c  18 Jun 2016 15:25:28 -  1.54
> +++ lib/libc/asr/asr.c  15 Sep 2016 00:42:30 -
> @@ -549,6 +549,15 @@ pass0(char **tok, int n, struct asr_ctx
> return;
> if (n != 2)
> return;
> +   /* prepend localhost to list */
> +   if (ac->ac_nscount == 0) {
> +   if (asr_parse_nameserver((struct sockaddr *),
> "127.0.0.1"))
> +   return;
> +   if ((ac->ac_ns[ac->ac_nscount] = calloc(1,
> ss.ss_len)) == NULL)
> +   return;
> +   memmove(ac->ac_ns[ac->ac_nscount], ,
> ss.ss_len);
> +   ac->ac_nscount += 1;
> +   }
> if (asr_parse_nameserver((struct sockaddr *), tok[1]))
> return;
> if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) ==
> NULL)
> Index: usr.sbin/rebound/rebound.8
> ===
> RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
> retrieving revision 1.4
> diff -u -p -r1.4 rebound.8
> --- usr.sbin/rebound/rebound.8  4 Dec 2015 04:50:43 -   1.4
> +++ usr.sbin/rebound/rebound.8  15 Sep 2016 00:57:21 -
> @@ -33,9 +33,7 @@ The options are as follows:
>  .Bl -tag -width Ds
>  .It Fl c Ar config
>  Specify an alternative configuration file, instead of the default
> -.Pa /etc/rebound.conf .
> -At present, the config file consists of a single line containing the next
> -hop DNS server.
> +.Pa /etc/resolv.conf .
>  .Nm
>  will reload the configuration file when sent a SIGHUP signal.
>  .It Fl d
> @@ -46,8 +44,8 @@ does not
>  into the background.
>  .El
>  .Sh FILES
> -.Bl -tag -width "/etc/rebound.confXX" -compact
> -.It Pa /etc/rebound.conf
> +.Bl -tag -width "/etc/resolv.confXX" -compact
> +.It Pa /etc/resolv.conf
>  Default
>  .Nm
>  configuration file.
> Index: usr.sbin/rebound/rebound.c
> ===
> RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
> retrieving revision 1.70
> diff -u -p -r1.70 rebound.c
> --- usr.sbin/rebound/rebound.c  1 Sep 2016 10:57:24 -   1.70
> +++ usr.sbin/rebound/rebound.c  15 Sep 2016 00:53:26 -
> @@ -37,6 +37,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>
>  #define MINIMUM(a,b) (((a)<(b))?(a):(b))
>
> @@ -457,28 +458,41 @@ fail:
>  static int
>  readconfig(FILE *conf, union sockun *remoteaddr)
>  {
> +   const char ns[] = "nameserver";
> char buf[1024];
> +   char *p;
> struct sockaddr_in *sin = >i;
> struct sockaddr_in6 *sin6 = >i6;
>
> -   if (fgets(buf, sizeof(buf), conf) == NULL)
> -   return -1;
> -   buf[strcspn(buf, "\n")] = '\0';
> +   while (fgets(buf, sizeof(buf), conf) != NULL) {
> +   buf[strcspn(buf, "\n")] = '\0';
>
> -   memset(remoteaddr, 0, sizeof(*remoteaddr));
> -

rebound quantum entanglement

[Ted Unangst]

So the plan is for rebound to be the 'system' resolver, with libc talking to
rbeound and rebound talking to the cloud. The main wrinkle is how does rebound
find the cloud? rebound.conf, but dhclient doesn't know anything about
rebound.conf, preferring to edit resolv.conf. But if rebound reads
resolv.conf, what does libc read? This has been a bit of a tangle until now,
especially in scenarios like upgrades where rebound may not even be running.

And so I present the following diff to enable a smooth transition. It's
'quantum' because it works whether or not rebound is running. No need to open
the box.

1. rebound reads resolv.conf. This remains the config file for upstream DNS.

2. libc now prepends its nameserver list with localhost, thus always searching
for rebound. If it's not running, we just continue down the list.

This covers the basic use case, where enabling rebound now requires no
additional work. No need to edit dhclient.conf, etc. It also works on
ramdisks. It also works with a mix of old and new binaries. Once you flip
resolv.conf back to upstream, old binaries will bypass rebound, but that's ok.
The new rebound checks to make sure it's not stuck in a time loop, which is
never good.

I also note this improves the situation for people who have been using unbound
as a local cache, too. Just enable unbound and libc will use it automatically.

Particular edge case: if resolv.conf has no nameservers, then the localhost
default is not prepended. So libc won't try talking to rebound if it's
specifically configured not to (chroot).


Index: lib/libc/asr/asr.c
===
RCS file: /cvs/src/lib/libc/asr/asr.c,v
retrieving revision 1.54
diff -u -p -r1.54 asr.c
--- lib/libc/asr/asr.c  18 Jun 2016 15:25:28 -  1.54
+++ lib/libc/asr/asr.c  15 Sep 2016 00:42:30 -
@@ -549,6 +549,15 @@ pass0(char **tok, int n, struct asr_ctx 
return;
if (n != 2)
return;
+   /* prepend localhost to list */
+   if (ac->ac_nscount == 0) {
+   if (asr_parse_nameserver((struct sockaddr *), 
"127.0.0.1"))
+   return;
+   if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) 
== NULL)
+   return;
+   memmove(ac->ac_ns[ac->ac_nscount], , ss.ss_len);
+   ac->ac_nscount += 1;
+   }
if (asr_parse_nameserver((struct sockaddr *), tok[1]))
return;
if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) == NULL)
Index: usr.sbin/rebound/rebound.8
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
retrieving revision 1.4
diff -u -p -r1.4 rebound.8
--- usr.sbin/rebound/rebound.8  4 Dec 2015 04:50:43 -   1.4
+++ usr.sbin/rebound/rebound.8  15 Sep 2016 00:57:21 -
@@ -33,9 +33,7 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Fl c Ar config
 Specify an alternative configuration file, instead of the default
-.Pa /etc/rebound.conf .
-At present, the config file consists of a single line containing the next
-hop DNS server.
+.Pa /etc/resolv.conf .
 .Nm
 will reload the configuration file when sent a SIGHUP signal.
 .It Fl d
@@ -46,8 +44,8 @@ does not
 into the background.
 .El
 .Sh FILES
-.Bl -tag -width "/etc/rebound.confXX" -compact
-.It Pa /etc/rebound.conf
+.Bl -tag -width "/etc/resolv.confXX" -compact
+.It Pa /etc/resolv.conf
 Default
 .Nm
 configuration file.
Index: usr.sbin/rebound/rebound.c
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
retrieving revision 1.70
diff -u -p -r1.70 rebound.c
--- usr.sbin/rebound/rebound.c  1 Sep 2016 10:57:24 -   1.70
+++ usr.sbin/rebound/rebound.c  15 Sep 2016 00:53:26 -
@@ -37,6 +37,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define MINIMUM(a,b) (((a)<(b))?(a):(b))
 
@@ -457,28 +458,41 @@ fail:
 static int
 readconfig(FILE *conf, union sockun *remoteaddr)
 {
+   const char ns[] = "nameserver";
char buf[1024];
+   char *p;
struct sockaddr_in *sin = >i;
struct sockaddr_in6 *sin6 = >i6;
 
-   if (fgets(buf, sizeof(buf), conf) == NULL)
-   return -1;
-   buf[strcspn(buf, "\n")] = '\0';
+   while (fgets(buf, sizeof(buf), conf) != NULL) {
+   buf[strcspn(buf, "\n")] = '\0';
 
-   memset(remoteaddr, 0, sizeof(*remoteaddr));
-   if (inet_pton(AF_INET, buf, >sin_addr) == 1) {
-   sin->sin_len = sizeof(*sin);
-   sin->sin_family = AF_INET;
-   sin->sin_port = htons(53);
-   return AF_INET;
-   } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) {
-   sin6->sin6_len = sizeof(*sin6);
-   sin6->sin6_family = AF_INET6;
-   

video(1): Use read(2) to read file specified with -i

[Gregor Best]

Hi,

video(1) fails to read files that were previously recorded with -o
somefile, unless -g (to select read(2) as the input method) is also
specified:

   $ video -o foo
   ^C
   $ video -i foo
   video: ioctl VIDIOC_REQBUFS: Bad file descriptor
   $ video -g -i foo
   [ plays the file ]

mmap-mode doesn't work here because it uses a few v4l2-specific ioctls
to talk to the video device.

The patch below fixes that by always using read(2) when the -i option is
used.

-- 
Gregor

Index: video.1
===
RCS file: /mnt/media/cvs/xenocara/app/video/video.1,v
retrieving revision 1.13
diff -u -p -r1.13 video.1
--- video.1 4 Jun 2016 07:44:32 -   1.13
+++ video.1 14 Sep 2016 19:47:52 -
@@ -113,6 +113,10 @@ If
 is
 .Ql - ,
 frames will be read from standard input.
+This will use
+.Xr read 2
+to grab frames instead of
+.Xr mmap 2 .
 .It Fl O Ar output
 File to which frames will be written.
 If
Index: video.c
===
RCS file: /mnt/media/cvs/xenocara/app/video/video.c,v
retrieving revision 1.19
diff -u -p -r1.19 video.c
--- video.c 6 Jun 2016 19:31:22 -   1.19
+++ video.c 14 Sep 2016 19:46:39 -
@@ -1805,6 +1805,7 @@ main(int argc, char *argv[])
err++;
} else {
vid.mode = (vid.mode & ~M_IN_DEV) | M_IN_FILE;
+   vid.mmap_on = 0; /* mmap mode does not work for 
files */
snprintf(vid.iofile, sizeof(vid.iofile),
optarg);
}

Re: libsa, stop saving memory

[Todd C. Miller]

On Wed, 14 Sep 2016 20:41:48 +0200, Jasper Lievisse Adriaanse wrote:

> nothing defines SAVE_MEMORY nor has it been modified since -r1.1.
> ok to zap it?

OK millert@

 - todd

libsa, stop saving memory

[Jasper Lievisse Adriaanse]

Hi,

nothing defines SAVE_MEMORY nor has it been modified since -r1.1.
ok to zap it?

Index: cread.c
===
RCS file: /cvs/src/sys/lib/libsa/cread.c,v
retrieving revision 1.13
diff -u -p -r1.13 cread.c
--- cread.c 18 Jan 2009 21:46:50 -  1.13
+++ cread.c 14 Sep 2016 18:39:23 -
@@ -47,11 +47,7 @@
 
 #define zmemcpymemcpy
 
-#ifdef SAVE_MEMORY
-#define Z_BUFSIZE 1024
-#else
 #define Z_BUFSIZE 4096
-#endif
 
 static int gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */
 
@@ -210,11 +206,7 @@ open(const char *fname, int mode)
goto errout;
bzero(s, sizeof(struct sd));
 
-#ifdef SAVE_MEMORY
-   if (inflateInit2(&(s->stream), -11) != Z_OK)
-#else
if (inflateInit2(&(s->stream), -15) != Z_OK)
-#endif
goto errout;
 
s->stream.next_in  = s->inbuf = (unsigned char *)alloc(Z_BUFSIZE);

-- 
jasper

ftp5.usa.openbsd.org going down 7pm-1am Sunday September 18th

[Kurt Mosiejczuk]

Due to a just-announced power outage happening this Sunday night, 
ftp5.usa.openbsd.org will be going down around 7pm EDT (UTC-4) on
Sunday September 14th.  I will bring it back up when the power comes 
back at midnight EDT, so it should be back up by 1am EDT.

FYI

--Kurt Mosiejczuk

Re: random malloc junk

[Theo de Raadt]

> Daniel Micay wrote:
> > 
> > The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1,
> > and it similarly doesn't wipe at all with 'U' (even though junk-on-free
> > also serves the purpose of preventing information leaks, not just
> > mitigating use-after-free). IMO, optimizing large allocation perf like
> > this isn't worthwhile.
> 
> this requires some analysis of what programs do in the wild. some programs
> preemptively malloc large buffers, but don't touch them. it would be a serious
> reqression for free to fault in new pages, just to ditry them, then turn
> around and unmap them. some of this is because i believe the code is doing
> things at the wrong time. if you want to dirty whole pages, it should be when
> they go on the freelist, not immediately.
> 

Exactly.

Daniel the giant-allocation situation may not be normal in your
ecosystem, but it is common in general purpose code.  That is why an
upper bound was chosen.

I would also argue that that gigantic allocations have far fewer
security risks, requiring them to be smashed in this way.  We defend
against those problems by unmapping them, so that the address space
becomes unavailable -> SIGSEGV.

Re: random malloc junk

[Ted Unangst]

Daniel Micay wrote:
> 
> The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1,
> and it similarly doesn't wipe at all with 'U' (even though junk-on-free
> also serves the purpose of preventing information leaks, not just
> mitigating use-after-free). IMO, optimizing large allocation perf like
> this isn't worthwhile.

this requires some analysis of what programs do in the wild. some programs
preemptively malloc large buffers, but don't touch them. it would be a serious
reqression for free to fault in new pages, just to ditry them, then turn
around and unmap them. some of this is because i believe the code is doing
things at the wrong time. if you want to dirty whole pages, it should be when
they go on the freelist, not immediately.

Re: Remove ip6_pcbopts

[Mike Belopuhov]

On 14 September 2016 at 17:53, Jeremie Courreges-Anglas  wrote:
>
> Dead since the IPV6_PKTOPTIONS socket option was removed.
>
> ok?
>
>

Sure.

Re: regression tests and patch for calendar(1)

[Todd C. Miller]

On 31 Aug 2016 07:52:19 -0600, "Andy Bradford" wrote:

> While writing a  set of regression tests for calendar(1)  I discovered a
> bug introduced by my last patch.  The following patch fixes that and all
> regression tests in the attachment of tests passes.

I've committed the fix as well as the calendar regress.

 - todd

Remove ip6_pcbopts

[Jeremie Courreges-Anglas]

Dead since the IPV6_PKTOPTIONS socket option was removed.

ok?


Index: ip6_output.c
===
RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.214
diff -u -p -r1.214 ip6_output.c
--- ip6_output.c14 Sep 2016 15:26:05 -  1.214
+++ ip6_output.c14 Sep 2016 15:50:52 -
@@ -117,7 +117,6 @@ struct ip6_exthdrs {
 };
 
 int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **, int, int);
-int ip6_pcbopts(struct ip6_pktopts **, struct mbuf *, struct socket *);
 int ip6_getpcbopt(struct ip6_pktopts *, int, struct mbuf **);
 int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, int, int, int);
 int ip6_setmoptions(int, struct ip6_moptions **, struct mbuf *);
@@ -1698,48 +1697,6 @@ ip6_raw_ctloutput(int op, struct socket 
(void)m_free(m);
 
return (error);
-}
-
-/*
- * Set up IP6 options in pcb for insertion in output packets.
- * Store in mbuf with pointer in pcbopt, adding pseudo-option
- * with destination address if source routed.
- */
-int
-ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, struct socket *so)
-{
-   struct ip6_pktopts *opt = *pktopt;
-   int error = 0;
-   struct proc *p = curproc;   /* XXX */
-   int priv = 0;
-
-   /* turn off any old options. */
-   if (opt)
-   ip6_clearpktopts(opt, -1);
-   else
-   opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK);
-   *pktopt = 0;
-
-   if (!m || m->m_len == 0) {
-   /*
-* Only turning off any previous options, regardless of
-* whether the opt is just created or given.
-*/
-   free(opt, M_IP6OPT, sizeof(*opt));
-   return (0);
-   }
-
-   /*  set options specified by user. */
-   if (p && !suser(p, 0))
-   priv = 1;
-   if ((error = ip6_setpktopts(m, opt, NULL, priv,
-   so->so_proto->pr_protocol)) != 0) {
-   ip6_clearpktopts(opt, -1);  /* XXX discard all options */
-   free(opt, M_IP6OPT, sizeof(*opt));
-   return (error);
-   }
-   *pktopt = opt;
-   return (0);
 }
 
 /*


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: [PATCH] Callback-based interface to libtls

[Tobias Pape]

Hi
On 14.09.2016, at 14:21, Brent Cook  wrote:
> 
> On 14.09.2016, at 13:37, Brent Cook  wrote:
> 
> >
> > ​Once the expectations of the callbacks are finalized, this needs a good 
> > explanation in the manual.​
> 
> [...]
> ​Generally, what are the expectations of a callback, what should it return 
> and when.
> 

I have amended the manpage a little and added an example. Turns out I write a 
bit wordy, so feel free to re-word.
The example is also longer than the others, but I think this is necessary…

> A good example section and/or regression test would go a long way.​ We've 
> used nc(1) to test a lot of the other libtls features so far. There also are 
> some libtls golang bindings in tree under regress, though I'm not sure how 
> up-to-date they are.

ok. I am currently "test-driving" the interface with the SSL plugin for Squeak 
that I maintain[1] and
I think I can extract something afterwards.

Best regards
-Tobias
[1]: 
https://github.com/OpenSmalltalk/opensmalltalk-vm/blob/libtls/platforms/unix/plugins/SqueakSSL/sqUnixLibreSSL.c

diff --git src/lib/libtls/tls_init.3 src/lib/libtls/tls_init.3
index 12dc99a..bbf9e0d 100644
--- src/lib/libtls/tls_init.3
+++ src/lib/libtls/tls_init.3
@@ -189,13 +189,13 @@
 .Ft "int"
 .Fn tls_connect_socket "struct tls *ctx" "int s" "const char *servername"
 .Ft "int"
-.Fn tls_connect_cbs "struct tls *ctx" "ssize_t (*tls_read_cb)(struct tls *ctx, 
void *buf, size_t buflen, void *cb_arg)" "ssize_t (*tls_write_cb)(struct tls 
*ctx, const void *buf, size_t buflen, void *cb_arg)" "void *cb_arg" "const char 
*servername"
+.Fn tls_connect_cbs "struct tls *ctx" "tls_read_cb read_cb" "tls_write_cb 
write_cb" "void *cb_arg" "const char *servername"
 .Ft "int"
 .Fn tls_accept_fds "struct tls *tls" "struct tls **cctx" "int fd_read" "int 
fd_write"
 .Ft "int"
 .Fn tls_accept_socket "struct tls *tls" "struct tls **cctx" "int socket"
 .Ft "int"
-.Fn tls_accept_cbs "struct tls *ctx" "struct tls **cctx" "ssize_t 
(*tls_read_cb)(struct *ctx, void *buf, size_t buflen, void *cb_arg)" "ssize_t 
(*tls_write_cb)(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)" 
"void *cb_arg"
+.Fn tls_accept_cbs "struct tls *ctx" "struct tls **cctx" "tls_read_cb read_cb" 
"tls_write_cb write_cb" "void *cb_arg"
 .Ft "int"
 .Fn tls_handshake "struct tls *ctx"
 .Ft "ssize_t"
@@ -204,6 +204,10 @@
 .Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen"
 .Ft "int"
 .Fn tls_close "struct tls *ctx"
+.Ft typedef ssize_t
+.Fn (*tls_read_cb) "void *ctx" "void *buf" "size_t buflen" "void *cb_arg"
+.Ft typedef ssize_t
+.Fn (*tls_write_cb) "void *ctx" "const void *buf" "size_t buflen" "void 
*cb_arg"
 .Sh DESCRIPTION
 The
 .Nm tls
@@ -564,6 +568,35 @@ connects a client context to a pair of existing file 
descriptors.
 .Fn tls_connect_socket
 connects a client context to an already established socket connection.
 .It
+.Fn tls_connect_cbs
+connects a client context to a custom peer, with the data transfer handled by a
+read and a write callback provided by the caller. The
+.Fa read_cb
+callback should do what is necessary to read from the peer and write resulting
+data to its
+.Fa buf .
+Likewise, the
+.Fa write_cb
+callback should do what is necessary to write the data from its
+.Fa buf
+to the peer. If the callbacks represent non-blocking communication or if there
+is more data to be read or written, respectively, than stated by
+.Fa buflen ,
+the callbacks should return
+.Dv TLS_WANT_POLLOUT
+for more data
+.Em for
+the peer or
+.DV TLS_WANT_POLLIN
+for more data
+.Em from
+the peer. The callbacks can be passed arbitrary data in
+.Fa cb_arg .
+This will be what was passed to
+.Fn tls_connect_cbs
+in its
+.Fa cb_arg .
+.It
 .Fn tls_accept_fds
 creates a new context suitable for reading and writing on an existing pair of
 file descriptors and returns it in
@@ -578,6 +611,40 @@ established socket connection and returns it in
 A configured server context should be passed in
 .Fa ctx .
 .It
+.Fn tls_accept_cbs
+creates a new context suitable for reading from and writing to a peer and
+returns it in
+.Fa *cctx .
+The data transfer for
+.Fa *cctx
+is handled by a read and a write callback provided by the
+caller. The
+.Fa read_cb
+callback should do what is necessary to read from the peer and write resulting
+data to its
+.Fa buf .
+Likewise, the
+.Fa write_cb
+callback should do what is necessary to write the data from its
+.Fa buf
+to the peer. If the callbacks represent non-blocking communication or if there
+is more data to be read or written, respectively, than stated by
+.Fa buflen ,
+the callbacks should return
+.Dv TLS_WANT_POLLOUT
+for more data
+.Em for
+the peer or
+.DV TLS_WANT_POLLIN
+for more data
+.Em from
+the peer. The callbacks can be passed arbitrary data in
+.Fa cb_arg .
+This will be what was passed to
+.Fn tls_accept_cbs
+in its
+.Fa cb_arg .
+.It
 .Fn tls_handshake
 performs the TLS handshake.
 It is only necessary to call this 

Re: regression tests and patch for calendar(1)

[Aaron Poffenberger]

Hi Andy,

I just ran into this regression and wrote a similar patch (though I
missed the WEEKLY test).

Thanks for the fix! It solves the Easter-calculation problem I
noticed.

For anyone looking for a quick test, none of the pre- or post-Easter
dates will be displayed when executing:

calendar -t 20160101 -A 180 -f /usr/share/calendar/calendar.christian

After Andy's patch it resolves the issue.

--Aaron

* Andy Bradford  [2016-08-31 07:52:19 -0600]:

> Hello,
> 
> While writing a  set of regression tests for calendar(1)  I discovered a
> bug introduced by my last patch.  The following patch fixes that and all
> regression tests in the attachment of tests passes.
> 
> Thanks,
> 
> Andy
> 
> Index: day.c
> ===
> RCS file: /home/cvs/src/usr.bin/calendar/day.c,v
> retrieving revision 1.33
> diff -u -p -r1.33 day.c
> --- day.c 13 Jul 2016 21:32:01 -  1.33
> +++ day.c 31 Aug 2016 13:40:01 -
> @@ -543,7 +543,9 @@ isnow(char *endp, int bodun)
>   tdiff = difftime(ttmp, f_time)/ SECSPERDAY;
>   if (tdiff <= offset + f_dayAfter ||
>   (bodun && tdiff == -1)) {
> - if ((tmtmp.tm_mon == month) &&
> + if (((tmtmp.tm_mon == month) ||
> +  (flags & F_SPECIAL) ||
> +  (interval == WEEKLY)) &&
>   (tdiff >=  0 ||
>   (bodun && tdiff == -1))) {
>   if ((tmp = malloc(sizeof(struct 
> match))) == NULL)
> 

let openbgpd announce rtlabels

[Peter Hessler]

It is quite common to want to do a cross-protocol readvertisement from
IGP->EGP.  We can add rtlabels in bgpd and ospfd, but only advertise
in ospfd.

This diff lets bgpd announce routes based on rtlabels.  The existing
"cannot announce routes that point to localhost" and "cannot announce
defaults" still apply.  Should they?

OK?


Index: bgpd.conf.5
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.146
diff -u -p -u -p -r1.146 bgpd.conf.5
--- bgpd.conf.5 17 Aug 2016 08:14:40 -  1.146
+++ bgpd.conf.5 14 Sep 2016 14:21:52 -
@@ -268,6 +268,10 @@ Log received and sent updates.
 .Pq Ic inet Ns | Ns Ic inet6
 .Ic connected Op Ic set ...\&
 .Xc
+.It Xo
+.Ic network
+.Ic rtlabel Ar label Op Ic set ...\&
+.Xc
 Announce the specified network as belonging to our AS.
 If set to
 .Ic connected ,
@@ -275,6 +279,11 @@ routes to directly attached networks wil
 If set to
 .Ic static ,
 all static routes will be announced.
+If set to
+.Ic rtlabel ,
+routes with the specified
+.Ar label
+will be announced.
 .Bd -literal -offset indent
 network 192.168.7.0/24
 .Ed
Index: bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.295
diff -u -p -u -p -r1.295 bgpd.h
--- bgpd.h  2 Sep 2016 14:00:29 -   1.295
+++ bgpd.h  14 Sep 2016 14:21:52 -
@@ -85,6 +85,7 @@
 #defineF_CTL_ADJ_IN0x2000
 #defineF_CTL_ADJ_OUT   0x4000
 #defineF_CTL_ACTIVE0x8000
+#defineF_RTLABEL   0x1
 
 /*
  * Limit the number of control messages generated by the RDE and queued in
@@ -334,6 +335,7 @@ enum network_type {
NETWORK_DEFAULT,
NETWORK_STATIC,
NETWORK_CONNECTED,
+   NETWORK_RTLABEL,
NETWORK_MRTCLONE
 };
 
@@ -342,6 +344,7 @@ struct network_config {
struct filter_set_head   attrset;
struct rde_aspath   *asp;
u_intrtableid;
+   u_int16_trtlabel;
enum network_typetype;
u_int8_t prefixlen;
u_int8_t old;   /* used for reloading */
@@ -507,6 +510,7 @@ struct kroute_full {
struct bgpd_addrprefix;
struct bgpd_addrnexthop;
charlabel[RTLABEL_LEN];
+   u_int16_t   labelid;
u_int16_t   flags;
u_short ifindex;
u_int8_tprefixlen;
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.209
diff -u -p -u -p -r1.209 kroute.c
--- kroute.c8 Apr 2016 12:27:05 -   1.209
+++ kroute.c14 Sep 2016 14:21:52 -
@@ -,6 +,10 @@ kr_net_match(struct ktable *kt, struct k
if (kr->flags & F_CONNECTED)
return (xn);
break;
+   case NETWORK_RTLABEL:
+   if (kr->labelid == xn->net.rtlabel)
+   return (xn);
+   break;
case NETWORK_MRTCLONE:
/* can not happen */
break;
@@ -1143,6 +1147,10 @@ kr_net_match6(struct ktable *kt, struct 
if (kr6->flags & F_CONNECTED)
return (xn);
break;
+   case NETWORK_RTLABEL:
+   if (kr6->labelid == xn->net.rtlabel)
+   return (xn);
+   break;
case NETWORK_MRTCLONE:
/* can not happen */
break;
@@ -1269,6 +1277,7 @@ sendit:
net.prefix.aid = AID_INET;
net.prefix.v4.s_addr = kr->prefix.s_addr;
net.prefixlen = kr->prefixlen;
+   net.rtlabel = kr->labelid;
net.rtableid = kt->rtableid;
 
return (send_network(type, , match ? >net.attrset : NULL));
@@ -1337,6 +1346,7 @@ sendit:
net.prefix.aid = AID_INET6;
memcpy(, >prefix, sizeof(struct in6_addr));
net.prefixlen = kr6->prefixlen;
+   net.rtlabel = kr6->labelid;
net.rtableid = kt->rtableid;
 
return (send_network(type, , match ? >net.attrset : NULL));
@@ -1392,6 +1402,7 @@ kr_tofull(struct kroute *kr)
kf.nexthop.aid = AID_INET;
kf.nexthop.v4.s_addr = kr->nexthop.s_addr;
strlcpy(kf.label, rtlabel_id2name(kr->labelid), sizeof(kf.label));
+   kf.labelid = kr->labelid;
kf.flags = kr->flags;
kf.ifindex = kr->ifindex;
kf.prefixlen = kr->prefixlen;
@@ -1412,6 +1423,7 @@ kr6_tofull(struct kroute6 *kr6)
kf.nexthop.aid = AID_INET6;
memcpy(, >nexthop, sizeof(struct in6_addr));
strlcpy(kf.label, rtlabel_id2name(kr6->labelid), 

Re: random malloc junk

[Daniel Micay]

On Tue, 2016-09-13 at 13:27 +0200, Otto Moerbeek wrote:
> On Thu, Sep 08, 2016 at 06:42:33PM -0400, Daniel Micay wrote:
> 
> > A bit off-topic: 'J' enables junk-on-init which is for debugging,
> > but it
> > also currently has security improvements for large allocations.
> > There's
> > only partial junk-on-free by default (half a page), and 'U' disables
> > large allocation junk-on-free without 'J'. I think it would make
> > sense
> > to remove those optimizations since it's fine if the cost scales up
> > with
> > larger allocations and losing the guarantee of not leaking data via
> > uninitialized memory with 'U' is not great. Using 'U' is quite
> > expensive
> > regardless, and adds some pathological performance cases for small
> > size
> > allocations which is more important. I ended up removing both of
> > those
> > optimizations for the CopperheadOS port.
> 
> I would prefer to see a diff with this. For me, that should be easier
> to understand than you description.

This is the diff from the CopperheadOS port which won't apply directly
to malloc.c in OpenBSD, but should explain what I mean since it's just a
few lines. Just ignore the part where it removes malloc_junk=2, which is
because junk-on-init is split out (so this obsoleted the extra mode).

The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1,
and it similarly doesn't wipe at all with 'U' (even though junk-on-free
also serves the purpose of preventing information leaks, not just
mitigating use-after-free). IMO, optimizing large allocation perf like
this isn't worthwhile.

diff --git a/libc/bionic/omalloc.c b/libc/bionic/omalloc.c
index e451d79..9277ee7 100644
--- a/libc/bionic/omalloc.c
+++ b/libc/bionic/omalloc.c
@@ -504,7 +504,7 @@ map(struct dir_info *d, void *hint, size_t sz, int 
zero_fill)
    madvise(p, sz, MADV_NORMAL);
    if (zero_fill)
    memset(p, 0, sz);
-   else if (mopts.malloc_junk == 2 &&
+   else if (mopts.malloc_junk &&
    mopts.malloc_freeunmap)
    memset(p, SOME_FREEJUNK, sz);
    return p;
@@ -524,7 +524,7 @@ map(struct dir_info *d, void *hint, size_t sz, int 
zero_fill)
    d->free_regions_size -= psz;
    if (zero_fill)
    memset(p, 0, sz);
-   else if (mopts.malloc_junk == 2 && mopts.malloc_freeunmap)
+   else if (mopts.malloc_junk && mopts.malloc_freeunmap)
    memset(p, SOME_FREEJUNK, sz);
    return p;
    }
@@ -603,7 +603,7 @@ omalloc_parseopt(char opt)
    mopts.malloc_junk = 0;
    break;
    case 'J':
-   mopts.malloc_junk = 2;
+   mopts.malloc_junk = 1;
    break;
    case 'i':
    mopts.malloc_junk_init = 0;
@@ -1517,8 +1517,7 @@ ofree(struct dir_info *pool, void *p)
    STATS_SUB(pool->malloc_guarded, mopts.malloc_guard);
    }
    if (mopts.malloc_junk && !mopts.malloc_freeunmap) {
-   size_t amt = mopts.malloc_junk == 1 ? MALLOC_MAXCHUNK :
-   PAGEROUND(sz) - mopts.malloc_guard;
+   size_t amt = PAGEROUND(sz) - mopts.malloc_guard;
    memset(p, SOME_FREEJUNK, amt);
    }
    unmap(pool, p, PAGEROUND(sz));

teach BFD how to send route messages

[Peter Hessler]

This is a work-in-progress diff that I would like to commit.  I can print
a few things, but there is a problem when trying to bring in more
fields.  Printing is also ugly, but I can fix that in-tree.

While here, I print the descr's as ints, the same way Juniper does it.
I also had to add RTM_INVALIDATE, to keep the ordering correct.

Am I tying this into route(8) and rtsock.c correctly?

OK?

Index: sbin/route/route.c
===
RCS file: /cvs/openbsd/src/sbin/route/route.c,v
retrieving revision 1.190
diff -u -p -u -p -r1.190 route.c
--- sbin/route/route.c  4 Sep 2016 09:41:03 -   1.190
+++ sbin/route/route.c  14 Sep 2016 10:20:04 -
@@ -41,6 +41,10 @@
 #include 
 #include 
 
+#include 
+#include 
+#include 
+
 #include 
 #include 
 
@@ -90,6 +94,7 @@ void   sodump(sup, char *);
 char   *priorityname(uint8_t);
 uint8_t getpriority(char *);
 voidprint_getmsg(struct rt_msghdr *, int);
+voidprint_bfdmsg(struct bfd_msghdr *);
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
 voidpmsg_common(struct rt_msghdr *);
@@ -1240,6 +1245,7 @@ char *msgtypes[] = {
"RTM_IFINFO: iface status change",
"RTM_IFANNOUNCE: iface arrival/departure",
"RTM_DESYNC: route socket overflow",
+   "RTM_INVALIDATE: invalidate cache of L2 route",
"RTM_BFD: bidirectional forwarding detection",
 };
 
@@ -1277,6 +1283,7 @@ print_rtmsg(struct rt_msghdr *rtm, int m
struct if_msghdr *ifm;
struct ifa_msghdr *ifam;
struct if_announcemsghdr *ifan;
+   struct bfd_msghdr *bfd;
char ifname[IF_NAMESIZE];
 
if (verbose == 0)
@@ -1333,7 +1340,9 @@ print_rtmsg(struct rt_msghdr *rtm, int m
printf("\n");
break;
case RTM_BFD:
-   printf("bfd\n");/* XXX - expand*/
+   bfd = (struct bfd_msghdr *)rtm;
+   printf(", BFD ");
+   print_bfdmsg(bfd);
break;
default:
printf(", priority %d, table %u, ifidx %u, ",
@@ -1524,6 +1533,48 @@ print_getmsg(struct rt_msghdr *rtm, int 
putchar('\n');
}
 #undef RTA_IGN
+}
+
+void
+print_bfdmsg(struct bfd_msghdr *bfd)
+{
+   printf("mode ");
+   switch (bfd->mode) {
+   case BFD_MODE_ASYNC:
+   printf("ASYNC");
+   break;
+   case BFD_MODE_DEMAND:
+   printf("DEMAND");
+   break;
+   }
+   printf(" state ");
+   switch (bfd->state) {
+   case BFD_STATE_ADMINDOWN:
+   printf("AdminDown");
+   break;
+   case BFD_STATE_DOWN:
+   printf("Down");
+   break;
+   case BFD_STATE_INIT:
+   printf("Init");
+   break;
+   case BFD_STATE_UP:
+   printf("Up");
+   break;
+   }
+   printf(" error %d", bfd->error);
+   printf(" localdiscr %u", bfd->localdiscr);
+   printf(" remotediscr %u", bfd->remotediscr);
+   printf(" localdiag %u", bfd->localdiag);
+   printf(" remotediag %u", bfd->remotediag);
+   printf(" uptime %lld", bfd->uptime);
+   printf(" lastuptime %lld", bfd->lastuptime);
+
+   printf(" mintx %ums", bfd->mintx / 1000);
+   printf(" minrx %ums", bfd->minrx / 1000);
+   printf(" multiplier %ux", bfd->multiplier);
+
+   printf("\n");
 }
 
 void
Index: sys/net/bfd.c
===
RCS file: /cvs/openbsd/src/sys/net/bfd.c,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 bfd.c
--- sys/net/bfd.c   13 Sep 2016 07:56:05 -  1.24
+++ sys/net/bfd.c   14 Sep 2016 10:48:39 -
@@ -161,7 +161,7 @@ struct bfd_state {
uint32_tAuthSeqKnown;
 };
 
-struct pool bfd_pool, bfd_pool_peer, bfd_pool_time;
+struct pool bfd_pool, bfd_pool_peer, bfd_pool_time, bfd_pool_msghdr;
 struct taskq   *bfdtq;
 
 struct socket  *bfd_listener(struct bfd_softc *, unsigned int);
@@ -182,6 +182,7 @@ void bfd_senddown(struct bfd_softc *);
 voidbfd_reset(struct bfd_softc *);
 voidbfd_set_uptime(struct bfd_softc *);
 
+voidbfd_prepmsg(struct bfd_softc *);
 voidbfd_debug(struct bfd_softc *);
 
 TAILQ_HEAD(bfd_queue, bfd_softc)  bfd_queue;
@@ -224,9 +225,38 @@ bfd_rtalloc(struct rtentry *rt)
 
TAILQ_INSERT_TAIL(_queue, sc, bfd_next);
 
+   bfd_prepmsg(sc);
return (0);
 }
 
+void
+bfd_prepmsg(struct bfd_softc *sc)
+{
+   struct bfd_msghdr   *bfd;
+
+   bfd = pool_get(_pool_msghdr, PR_WAITOK | PR_ZERO);
+
+   bfd->mode = sc->mode;
+   bfd->mintx = sc->mintx;
+   bfd->minrx = sc->minrx;
+   bfd->multiplier = sc->multiplier;
+
+   bfd->uptime = sc->sc_time->tv_sec;
+   bfd->lastuptime = sc->lastuptime;
+   bfd->state = sc->state;
+   bfd->laststate = sc->laststate;
+   bfd->error = sc->error;
+
+   

Re: [PATCH] Callback-based interface to libtls

[Brent Cook]

On Wed, Sep 14, 2016 at 6:41 AM, Tobias Pape  wrote:

> Hi
>
> On 14.09.2016, at 13:37, Brent Cook  wrote:
>
> >
> > ​Once the expectations of the callbacks are finalized, this needs a good
> explanation in the manual.​
>
>
> Ok, how would I do that best?
> I admit to have amended the man page by sheer copy-and-paste-of-very-small-
> bits™,
> so what would you suggest me to write?
>
> Other than that, thanks for applying the patch.
>
> Best regards
> -Tobias


​Generally, what are the expectations of a callback, what should it return
and when.

A good example section and/or regression test would go a long way.​ We've
used nc(1) to test a lot of the other libtls features so far. There also
are some libtls golang bindings in tree under regress, though I'm not sure
how up-to-date they are.

Re: [PATCH] Callback-based interface to libtls

[Tobias Pape]

Hi

On 14.09.2016, at 13:37, Brent Cook  wrote:

> 
> ​Once the expectations of the callbacks are finalized, this needs a good 
> explanation in the manual.​


Ok, how would I do that best?
I admit to have amended the man page by sheer 
copy-and-paste-of-very-small-bits™,
so what would you suggest me to write?

Other than that, thanks for applying the patch.

Best regards
-Tobias

Re: [PATCH] Callback-based interface to libtls

[Brent Cook]

​Thanks!​

On Wed, Sep 14, 2016 at 4:48 AM,  wrote:

> Hi again,
>
> On 07.09.2016, at 18:08, tob...@netshed.de wrote:
> [..]
> >> On 05.09.2016, at 15:50, bust...@gmail.com wrote:
> >>
> >>> Hey, the typedef came in handy :) Ok bcook@
> >>>
> >>> On Sep 5, 2016, at 11:52 AM, Bob Beck  wrote:
> >>>
>  I am in agreement in principle, but please coordinate with bcook@
> and/or jsing@ who were possibly doing
>  some related adjustments.
> 
> 
> >>
> >> I have a minor adjustment: it should be able to instruct POLLIN/POLLOUT
> via the callbacks.
> >> I added this, see the diff.
> >
> > Aaand: a fix for the FLUSH BIO cntl, that happens at the end of SSL
> handshakes…
>
> Next fix: put the callback on the right context for tls_accept.
>
> Updated diff at the end.
>
> Best regards
> -Tobias
>
> diff --git src/lib/libtls/tls_bio_cb.c src/lib/libtls/tls_bio_cb.c
> index c4220df..e52f43c 100644
> --- src/lib/libtls/tls_bio_cb.c
> +++ src/lib/libtls/tls_bio_cb.c
> @@ -154,6 +154,7 @@ ctrl_cb(BIO *b, int cmd, long num, void *ptr)
> b->shutdown = (int)num;
> break;
> case BIO_CTRL_DUP:
> +   case BIO_CTRL_FLUSH:
> break;
> case BIO_CTRL_INFO:
> case BIO_CTRL_GET:
> @@ -169,14 +170,32 @@ static int
>  tls_bio_write_cb(BIO *h, const char *buf, int num, void *cb_arg)
>  {
> struct tls *ctx = cb_arg;
> -   return (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
> +   BIO_clear_retry_flags(h);
> +   int rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
> +   if (rv == TLS_WANT_POLLIN) {
> +   BIO_set_retry_read(h);
> +   rv = -1;
> +   } else if (rv == TLS_WANT_POLLOUT) {
> +   BIO_set_retry_write(h);
> +   rv = -1;
> +   }
> +   return (rv);
>  }
>
>  static int
>  tls_bio_read_cb(BIO *h, char *buf, int size, void *cb_arg)
>  {
> struct tls *ctx = cb_arg;
> -   return (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
> +   BIO_clear_retry_flags(h);
> +   int rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
> +   if (rv == TLS_WANT_POLLIN) {
> +   BIO_set_retry_read(h);
> +   rv = -1;
> +   } else if (rv == TLS_WANT_POLLOUT) {
> +   BIO_set_retry_write(h);
> +   rv = -1;
> +   }
> +   return (rv);
>  }
>

​Once the expectations of the callbacks are finalized, this needs a good
explanation in the manual.​


>  static BIO *
> diff --git src/lib/libtls/tls_server.c src/lib/libtls/tls_server.c
> index 09a83ca..ea37700 100644
> --- src/lib/libtls/tls_server.c
> +++ src/lib/libtls/tls_server.c
> @@ -346,12 +346,13 @@ int
>  tls_accept_cbs(struct tls *ctx, struct tls **cctx,
>  tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
>  {
> -   struct tls *conn_ctx;
> +   struct tls *conn_ctx = NULL;
> +
>
> if ((conn_ctx = tls_accept_common(ctx)) == NULL)
> goto err;
>
> -   if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) {
> +   if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0) {
> tls_set_errorx(ctx, "callback registration failure");
> goto err;
> }
>
>
​Oops. I took out the extra NULL assignment, but otherwise looks good,
applied.

Re: [PATCH] Callback-based interface to libtls

[tobias]

Hi again,

On 07.09.2016, at 18:08, tob...@netshed.de wrote:
[..]
>> On 05.09.2016, at 15:50, bust...@gmail.com wrote:
>> 
>>> Hey, the typedef came in handy :) Ok bcook@
>>> 
>>> On Sep 5, 2016, at 11:52 AM, Bob Beck  wrote:
>>> 
 I am in agreement in principle, but please coordinate with bcook@ and/or 
 jsing@ who were possibly doing
 some related adjustments. 
 
 
>> 
>> I have a minor adjustment: it should be able to instruct POLLIN/POLLOUT via 
>> the callbacks.
>> I added this, see the diff.
> 
> Aaand: a fix for the FLUSH BIO cntl, that happens at the end of SSL 
> handshakes…

Next fix: put the callback on the right context for tls_accept.

Updated diff at the end.

Best regards
-Tobias

diff --git src/lib/libtls/tls_bio_cb.c src/lib/libtls/tls_bio_cb.c
index c4220df..e52f43c 100644
--- src/lib/libtls/tls_bio_cb.c
+++ src/lib/libtls/tls_bio_cb.c
@@ -154,6 +154,7 @@ ctrl_cb(BIO *b, int cmd, long num, void *ptr)
b->shutdown = (int)num;
break;
case BIO_CTRL_DUP:
+   case BIO_CTRL_FLUSH:
break;
case BIO_CTRL_INFO:
case BIO_CTRL_GET:
@@ -169,14 +170,32 @@ static int
 tls_bio_write_cb(BIO *h, const char *buf, int num, void *cb_arg)
 {
struct tls *ctx = cb_arg;
-   return (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
+   BIO_clear_retry_flags(h);
+   int rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
+   if (rv == TLS_WANT_POLLIN) {
+   BIO_set_retry_read(h);
+   rv = -1;
+   } else if (rv == TLS_WANT_POLLOUT) {
+   BIO_set_retry_write(h);
+   rv = -1;
+   }
+   return (rv);
 }
 
 static int
 tls_bio_read_cb(BIO *h, char *buf, int size, void *cb_arg)
 {
struct tls *ctx = cb_arg;
-   return (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
+   BIO_clear_retry_flags(h);
+   int rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
+   if (rv == TLS_WANT_POLLIN) {
+   BIO_set_retry_read(h);
+   rv = -1;
+   } else if (rv == TLS_WANT_POLLOUT) {
+   BIO_set_retry_write(h);
+   rv = -1;
+   }
+   return (rv);
 }
 
 static BIO *
diff --git src/lib/libtls/tls_server.c src/lib/libtls/tls_server.c
index 09a83ca..ea37700 100644
--- src/lib/libtls/tls_server.c
+++ src/lib/libtls/tls_server.c
@@ -346,12 +346,13 @@ int
 tls_accept_cbs(struct tls *ctx, struct tls **cctx,
 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
 {
-   struct tls *conn_ctx;
+   struct tls *conn_ctx = NULL;
+
 
if ((conn_ctx = tls_accept_common(ctx)) == NULL)
goto err;
 
-   if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) {
+   if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0) {
tls_set_errorx(ctx, "callback registration failure");
goto err;
}

Re: STANDARDS in err.3

[Philip Guenther]

On Wed, Sep 14, 2016 at 12:32 AM, Michal Mazurek  wrote:
> Mention that these functions aren't standard.
>
> OK?

Per mdoc(5):
   STANDARDS
   References any standards implemented or used.  If not adhering to
   any standards, the HISTORY section should be used instead.

So we normally only include a STANDARDS section when something is
standardized and do not include that section when it is not part of
any standard.  The odd ball case may occur when a manpage describes a
mix of standardized and non-standard functions, but outside that
exception we do not say "STANDARDS: This is not standard"


...and anyway, err(3) has been proposed for standardization!


Philip Guenther

STANDARDS in err.3

[Michal Mazurek]

Mention that these functions aren't standard.

OK?

Index: lib/libc/gen/err.3
===
RCS file: /cvs/src/lib/libc/gen/err.3,v
retrieving revision 1.20
diff -u -p -r1.20 err.3
--- lib/libc/gen/err.3  23 Apr 2014 16:26:33 -  1.20
+++ lib/libc/gen/err.3  14 Sep 2016 07:28:26 -
@@ -189,6 +189,10 @@ if ((fd = open(block_device, O_RDONLY, 0
 .Xr perror 3 ,
 .Xr printf 3 ,
 .Xr strerror 3
+.Sh STANDARDS
+These functions are
+.Bx
+extensions.
 .Sh HISTORY
 The functions
 .Fn err ,

-- 
Michal Mazurek

Re: m_copym2 is unused, let's remove it

[Claudio Jeker]

On Wed, Sep 14, 2016 at 02:46:27PM +1000, David Gwynne wrote:
> Yes, this is just a conservative first step to that.

OK on the first step. I hope more follow :)
 
> On 14 Sep 2016 12:00 p.m., "Todd C. Miller" 
> wrote:
> 
> > Looks OK.  Do you intend to change m_copym0 to m_copym and remove
> > the deep copy code?
> >
> >  - todd
> >

-- 
:wq Claudio