OMAP4/5 Wake-up generator driver
It turns out on OMAP4/OMAP5 there is a "Wake-up generator" interrupt controller that routes interrupts to the GIC and does power management comparable to imx with the i.MX6 General Power Controller (GPC). / { #address-cells = <0x0001>; #size-cells = <0x0001>; compatible = "ti,omap4-panda-es", "ti,omap4-panda", "ti,omap4460", "ti,omap4430", "ti,omap4"; interrupt-parent = <0x0001>; model = "TI OMAP4 PandaBoard-ES"; ... interrupt-controller@48241000 { compatible = "arm,cortex-a9-gic"; interrupt-controller; #interrupt-cells = <0x0003>; reg = <0x48241000 0x1000 0x48240100 0x0100>; interrupt-parent = <0x0004>; linux,phandle = <0x0004>; phandle = <0x0004>; }; interrupt-controller@48281000 { compatible = "ti,omap4-wugen-mpu"; interrupt-controller; #interrupt-cells = <0x0003>; reg = <0x48281000 0x1000>; interrupt-parent = <0x0004>; linux,phandle = <0x0001>; phandle = <0x0001>; }; Reusing the imxgpc code to handle this allows interrupts on ommc(4) with the pandaboard to work again and the board can now find it's root disk once again. Index: omap/files.omap === RCS file: /cvs/src/sys/arch/armv7/omap/files.omap,v retrieving revision 1.17 diff -u -p -r1.17 files.omap --- omap/files.omap 15 Aug 2016 13:42:49 - 1.17 +++ omap/files.omap 15 Sep 2016 04:33:56 - @@ -42,6 +42,10 @@ device intc attach intc at fdt file arch/armv7/omap/intc.c intc +device omwugen +attach omwugen at fdt +file arch/armv7/omap/omwugen.c omwugen + device gptimer attach gptimer at omap file arch/armv7/omap/gptimer.c gptimer Index: conf/GENERIC === RCS file: /cvs/src/sys/arch/armv7/conf/GENERIC,v retrieving revision 1.53 diff -u -p -r1.53 GENERIC --- conf/GENERIC12 Sep 2016 08:28:44 - 1.53 +++ conf/GENERIC15 Sep 2016 04:33:56 - @@ -63,6 +63,7 @@ omapid* at omap? # OMAP on-chip devices intc* at fdt? # OMAP3 interrupt controller +omwugen* at fdt? # Wake-up generator #edma* at omap?# OMAP3 dma controller prcm* at omap?# power/clock controller sitaracm* at omap?# sitara control module Index: conf/RAMDISK === RCS file: /cvs/src/sys/arch/armv7/conf/RAMDISK,v retrieving revision 1.48 diff -u -p -r1.48 RAMDISK --- conf/RAMDISK21 Aug 2016 06:36:23 - 1.48 +++ conf/RAMDISK15 Sep 2016 04:33:56 - @@ -61,6 +61,7 @@ omapid* at omap? # OMAP on-chip devices intc* at fdt? # OMAP3 interrupt controller +omwugen* at fdt? # Wake-up generator #edma* at omap?# OMAP3 dma controller prcm* at omap?# power/clock controller sitaracm* at omap?# sitara control module --- /dev/null Thu Sep 15 14:35:46 2016 +++ omap/omwugen.c Thu Sep 15 14:22:00 2016 @@ -0,0 +1,63 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2016 Mark Kettenis + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include + +#include + +struct omwugen_softc { + struct device sc_dev; + struct interrupt_controller sc_ic; +}; + +intomwugen_match(struct device *, void *, void *); +void omwugen_attach(struct device *, struct device *, void *); + +struct cfattach omwugen_ca = { + sizeof(struct omwugen_softc), omwugen_match, omwugen_attach +}; + +struct cfdriver omwugen_cd = { + NULL, "omwugen", DV_DULL +}; + +int +omwugen_match(struct device *parent, void *match, void *aux) +{ + struct fdt_attach_args *faa = aux; + + return OF_is_compatible(faa->fa_node, "ti,omap4-wugen-mpu"); +} + +void +omwugen_attach(struct device *parent, struct device *self, void *aux) +{ + struct fdt_attach_args *faa = aux; + struct omwugen_softc *sc = (struct
Re: rebound quantum entanglement
BTW I'm not picking on you.. my DNS setup blew up this week for local resolution and I've been dealing with the fallout - so the topic is relatively near and dear to my heart. On Wed, Sep 14, 2016 at 10:07 PM, Bob Beckwrote: > > Yep. and now you need to solve the problem that when prepending > 127.0.0.1, and hitting rebound, which in turn is going to only grab the > first dns server from my resolv.conf instead of all of them, that it now > doubles my failure time when the first dns server doesn't respond (once for > libc asking rebound, which asks only the first server it found, which > fails) then falls back to libc asking resolv.conf which again... asks the > first server, and fails again. > > So the problem here is that it's going to be great when things are working > but become a failure multiplier when something breaks. > > Of course - perhaps you could query them all in parallel to mitigate this? > Rebound might need to become a real boy if we're going to do something > like this. If rebound were a "real boy" it would be it easier to say "just > use rebound or if it's not there just use resolv.conf normally > > then nothing changes at *all* when it's not there. > > > On Wed, Sep 14, 2016 at 8:39 PM, Ted Unangst wrote: > >> Ted Unangst wrote: >> > Bob Beck wrote: >> > > how is rebound going to handle a change in resolv.conf? thats still a >> > > problem here >> > >> > oh, that's easy. it watches the file for changes. i never quite got >> around to >> > that, but it's another five lines. >> >> ok, so it's a net +15 lines, including blanks. >> >> Index: rebound.8 >> === >> RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v >> retrieving revision 1.4 >> diff -u -p -r1.4 rebound.8 >> --- rebound.8 4 Dec 2015 04:50:43 - 1.4 >> +++ rebound.8 15 Sep 2016 00:57:21 - >> @@ -33,9 +33,7 @@ The options are as follows: >> .Bl -tag -width Ds >> .It Fl c Ar config >> Specify an alternative configuration file, instead of the default >> -.Pa /etc/rebound.conf . >> -At present, the config file consists of a single line containing the next >> -hop DNS server. >> +.Pa /etc/resolv.conf . >> .Nm >> will reload the configuration file when sent a SIGHUP signal. >> .It Fl d >> @@ -46,8 +44,8 @@ does not >> into the background. >> .El >> .Sh FILES >> -.Bl -tag -width "/etc/rebound.confXX" -compact >> -.It Pa /etc/rebound.conf >> +.Bl -tag -width "/etc/resolv.confXX" -compact >> +.It Pa /etc/resolv.conf >> Default >> .Nm >> configuration file. >> Index: rebound.c >> === >> RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v >> retrieving revision 1.70 >> diff -u -p -r1.70 rebound.c >> --- rebound.c 1 Sep 2016 10:57:24 - 1.70 >> +++ rebound.c 15 Sep 2016 02:30:46 - >> @@ -33,10 +33,12 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> #include >> #include >> +#include >> >> #define MINIMUM(a,b) (((a)<(b))?(a):(b)) >> >> @@ -455,34 +457,51 @@ fail: >> } >> >> static int >> -readconfig(FILE *conf, union sockun *remoteaddr) >> +readconfig(int conffd, union sockun *remoteaddr) >> { >> + const char ns[] = "nameserver"; >> char buf[1024]; >> + char *p; >> struct sockaddr_in *sin = >i; >> struct sockaddr_in6 *sin6 = >i6; >> + FILE *conf; >> + int rv = -1; >> >> - if (fgets(buf, sizeof(buf), conf) == NULL) >> - return -1; >> - buf[strcspn(buf, "\n")] = '\0'; >> + conf = fdopen(conffd, "r"); >> >> - memset(remoteaddr, 0, sizeof(*remoteaddr)); >> - if (inet_pton(AF_INET, buf, >sin_addr) == 1) { >> - sin->sin_len = sizeof(*sin); >> - sin->sin_family = AF_INET; >> - sin->sin_port = htons(53); >> - return AF_INET; >> - } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) { >> - sin6->sin6_len = sizeof(*sin6); >> - sin6->sin6_family = AF_INET6; >> - sin6->sin6_port = htons(53); >> - return AF_INET6; >> - } else { >> - return -1; >> + while (fgets(buf, sizeof(buf), conf) != NULL) { >> + buf[strcspn(buf, "\n")] = '\0'; >> + >> + if (strncmp(buf, ns, strlen(ns)) != 0) >> + continue; >> + p = buf + strlen(ns) + 1; >> + while (isspace((unsigned char)*p)) >> + p++; >> + >> + /* this will not end well */ >> + if (strcmp(p, "127.0.0.1") == 0) >> + continue; >> + >> + memset(remoteaddr, 0, sizeof(*remoteaddr)); >> + if (inet_pton(AF_INET, p, >sin_addr) == 1) { >> + sin->sin_len = sizeof(*sin); >> + sin->sin_family = AF_INET; >> +
Re: rebound quantum entanglement
Yep. and now you need to solve the problem that when prepending 127.0.0.1, and hitting rebound, which in turn is going to only grab the first dns server from my resolv.conf instead of all of them, that it now doubles my failure time when the first dns server doesn't respond (once for libc asking rebound, which asks only the first server it found, which fails) then falls back to libc asking resolv.conf which again... asks the first server, and fails again. So the problem here is that it's going to be great when things are working but become a failure multiplier when something breaks. Of course - perhaps you could query them all in parallel to mitigate this? Rebound might need to become a real boy if we're going to do something like this. If rebound were a "real boy" it would be it easier to say "just use rebound or if it's not there just use resolv.conf normally then nothing changes at *all* when it's not there. On Wed, Sep 14, 2016 at 8:39 PM, Ted Unangstwrote: > Ted Unangst wrote: > > Bob Beck wrote: > > > how is rebound going to handle a change in resolv.conf? thats still a > > > problem here > > > > oh, that's easy. it watches the file for changes. i never quite got > around to > > that, but it's another five lines. > > ok, so it's a net +15 lines, including blanks. > > Index: rebound.8 > === > RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v > retrieving revision 1.4 > diff -u -p -r1.4 rebound.8 > --- rebound.8 4 Dec 2015 04:50:43 - 1.4 > +++ rebound.8 15 Sep 2016 00:57:21 - > @@ -33,9 +33,7 @@ The options are as follows: > .Bl -tag -width Ds > .It Fl c Ar config > Specify an alternative configuration file, instead of the default > -.Pa /etc/rebound.conf . > -At present, the config file consists of a single line containing the next > -hop DNS server. > +.Pa /etc/resolv.conf . > .Nm > will reload the configuration file when sent a SIGHUP signal. > .It Fl d > @@ -46,8 +44,8 @@ does not > into the background. > .El > .Sh FILES > -.Bl -tag -width "/etc/rebound.confXX" -compact > -.It Pa /etc/rebound.conf > +.Bl -tag -width "/etc/resolv.confXX" -compact > +.It Pa /etc/resolv.conf > Default > .Nm > configuration file. > Index: rebound.c > === > RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v > retrieving revision 1.70 > diff -u -p -r1.70 rebound.c > --- rebound.c 1 Sep 2016 10:57:24 - 1.70 > +++ rebound.c 15 Sep 2016 02:30:46 - > @@ -33,10 +33,12 @@ > #include > #include > #include > +#include > #include > #include > #include > #include > +#include > > #define MINIMUM(a,b) (((a)<(b))?(a):(b)) > > @@ -455,34 +457,51 @@ fail: > } > > static int > -readconfig(FILE *conf, union sockun *remoteaddr) > +readconfig(int conffd, union sockun *remoteaddr) > { > + const char ns[] = "nameserver"; > char buf[1024]; > + char *p; > struct sockaddr_in *sin = >i; > struct sockaddr_in6 *sin6 = >i6; > + FILE *conf; > + int rv = -1; > > - if (fgets(buf, sizeof(buf), conf) == NULL) > - return -1; > - buf[strcspn(buf, "\n")] = '\0'; > + conf = fdopen(conffd, "r"); > > - memset(remoteaddr, 0, sizeof(*remoteaddr)); > - if (inet_pton(AF_INET, buf, >sin_addr) == 1) { > - sin->sin_len = sizeof(*sin); > - sin->sin_family = AF_INET; > - sin->sin_port = htons(53); > - return AF_INET; > - } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) { > - sin6->sin6_len = sizeof(*sin6); > - sin6->sin6_family = AF_INET6; > - sin6->sin6_port = htons(53); > - return AF_INET6; > - } else { > - return -1; > + while (fgets(buf, sizeof(buf), conf) != NULL) { > + buf[strcspn(buf, "\n")] = '\0'; > + > + if (strncmp(buf, ns, strlen(ns)) != 0) > + continue; > + p = buf + strlen(ns) + 1; > + while (isspace((unsigned char)*p)) > + p++; > + > + /* this will not end well */ > + if (strcmp(p, "127.0.0.1") == 0) > + continue; > + > + memset(remoteaddr, 0, sizeof(*remoteaddr)); > + if (inet_pton(AF_INET, p, >sin_addr) == 1) { > + sin->sin_len = sizeof(*sin); > + sin->sin_family = AF_INET; > + sin->sin_port = htons(53); > + rv = AF_INET; > + } else if (inet_pton(AF_INET6, p, >sin6_addr) == 1) { > + sin6->sin6_len = sizeof(*sin6); > + sin6->sin6_family = AF_INET6; > + sin6->sin6_port = htons(53); > + rv = AF_INET6; > + } > +
Re: regression tests and patch for calendar(1)
Thus said "Todd C. Miller" on Wed, 14 Sep 2016 10:04:58 -0600: > I've committed the fix as well as the calendar regress. Excellent. I've actually been working on a program that can be put into regress instead of the large number of files that currently exist for the expected output; it will generate the expected output files based on a given set of input and a date, then run calendar to test. But, the current regress will suffice until that is complete. Thanks, Andy -- TAI64 timestamp: 400057da0b2f
Re: rebound quantum entanglement
Ted Unangst wrote: > Bob Beck wrote: > > how is rebound going to handle a change in resolv.conf? thats still a > > problem here > > oh, that's easy. it watches the file for changes. i never quite got around to > that, but it's another five lines. ok, so it's a net +15 lines, including blanks. Index: rebound.8 === RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v retrieving revision 1.4 diff -u -p -r1.4 rebound.8 --- rebound.8 4 Dec 2015 04:50:43 - 1.4 +++ rebound.8 15 Sep 2016 00:57:21 - @@ -33,9 +33,7 @@ The options are as follows: .Bl -tag -width Ds .It Fl c Ar config Specify an alternative configuration file, instead of the default -.Pa /etc/rebound.conf . -At present, the config file consists of a single line containing the next -hop DNS server. +.Pa /etc/resolv.conf . .Nm will reload the configuration file when sent a SIGHUP signal. .It Fl d @@ -46,8 +44,8 @@ does not into the background. .El .Sh FILES -.Bl -tag -width "/etc/rebound.confXX" -compact -.It Pa /etc/rebound.conf +.Bl -tag -width "/etc/resolv.confXX" -compact +.It Pa /etc/resolv.conf Default .Nm configuration file. Index: rebound.c === RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v retrieving revision 1.70 diff -u -p -r1.70 rebound.c --- rebound.c 1 Sep 2016 10:57:24 - 1.70 +++ rebound.c 15 Sep 2016 02:30:46 - @@ -33,10 +33,12 @@ #include #include #include +#include #include #include #include #include +#include #define MINIMUM(a,b) (((a)<(b))?(a):(b)) @@ -455,34 +457,51 @@ fail: } static int -readconfig(FILE *conf, union sockun *remoteaddr) +readconfig(int conffd, union sockun *remoteaddr) { + const char ns[] = "nameserver"; char buf[1024]; + char *p; struct sockaddr_in *sin = >i; struct sockaddr_in6 *sin6 = >i6; + FILE *conf; + int rv = -1; - if (fgets(buf, sizeof(buf), conf) == NULL) - return -1; - buf[strcspn(buf, "\n")] = '\0'; + conf = fdopen(conffd, "r"); - memset(remoteaddr, 0, sizeof(*remoteaddr)); - if (inet_pton(AF_INET, buf, >sin_addr) == 1) { - sin->sin_len = sizeof(*sin); - sin->sin_family = AF_INET; - sin->sin_port = htons(53); - return AF_INET; - } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) { - sin6->sin6_len = sizeof(*sin6); - sin6->sin6_family = AF_INET6; - sin6->sin6_port = htons(53); - return AF_INET6; - } else { - return -1; + while (fgets(buf, sizeof(buf), conf) != NULL) { + buf[strcspn(buf, "\n")] = '\0'; + + if (strncmp(buf, ns, strlen(ns)) != 0) + continue; + p = buf + strlen(ns) + 1; + while (isspace((unsigned char)*p)) + p++; + + /* this will not end well */ + if (strcmp(p, "127.0.0.1") == 0) + continue; + + memset(remoteaddr, 0, sizeof(*remoteaddr)); + if (inet_pton(AF_INET, p, >sin_addr) == 1) { + sin->sin_len = sizeof(*sin); + sin->sin_family = AF_INET; + sin->sin_port = htons(53); + rv = AF_INET; + } else if (inet_pton(AF_INET6, p, >sin6_addr) == 1) { + sin6->sin6_len = sizeof(*sin6); + sin6->sin6_family = AF_INET6; + sin6->sin6_port = htons(53); + rv = AF_INET6; + } + break; } + fclose(conf); + return rv; } static int -launch(FILE *conf, int ud, int ld, int kq) +launch(int conffd, int ud, int ld) { union sockun remoteaddr; struct kevent ch[2], kev[4]; @@ -490,16 +509,13 @@ launch(FILE *conf, int ud, int ld, int k struct request *req; struct dnscache *ent; struct passwd *pwd; - int i, r, af; + int i, r, af, kq; pid_t parent, child; parent = getpid(); if (!debug) { - if ((child = fork())) { - fclose(conf); + if ((child = fork())) return child; - } - close(kq); } kq = kqueue(); @@ -526,8 +542,7 @@ launch(FILE *conf, int ud, int ld, int k if (pledge("stdio inet", NULL) == -1) logerr("pledge failed"); - af = readconfig(conf, ); - fclose(conf); + af = readconfig(conffd, ); if (af == -1) logerr("parse error in config file"); @@ -647,6 +662,23 @@ launch(FILE *conf, int ud, int ld, int k exit(1); } +static int +openconfig(const char *confname, int kq) +{ + struct kevent kev; +
Re: rebound quantum entanglement
Bob Beck wrote: > wont this also mean if it is not running i have to wait for the localhost > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i > slow everything down for a timeout? you get back unreachable and move on. it's fast. you can try it. :)
Re: rebound quantum entanglement
> > wont this also mean if it is not running i have to wait for the localhost > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i > > slow everything down for a timeout? > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > rebound binds to both. OK. But I suspect this is multiple system-call roundtrip for everyone not running rebound.
Re: rebound quantum entanglement
On Wed, 14 Sep 2016 20:00:32 -0600, Bob Beck wrote: > wont this also mean if it is not running i have to wait for the localhost > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i > slow everything down for a timeout? Not if he connects to the TCP port 53 instead of the UDP; it looks like rebound binds to both. - todd
Re: rebound quantum entanglement
> wont this also mean if it is not running i have to wait for the localhost > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i > slow everything down for a timeout? i think that is right. ktrace would show what is going on. if it stalls, this is not enough.
Re: rebound quantum entanglement
wont this also mean if it is not running i have to wait for the localhost attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so i slow everything down for a timeout? dont get me wrong, it is an interesting direction, but I think maybe get the rest of the five line changes into rebound to make it useful and then look at libc which might need slightly more cleverness than just adding localhost unconditionally. On Wednesday, 14 September 2016, Ted Unangstwrote: > Bob Beck wrote: > > how is rebound going to handle a change in resolv.conf? thats still a > > problem here > > oh, that's easy. it watches the file for changes. i never quite got around > to > that, but it's another five lines. >
Re: rebound quantum entanglement
Bob Beck wrote: > how is rebound going to handle a change in resolv.conf? thats still a > problem here oh, that's easy. it watches the file for changes. i never quite got around to that, but it's another five lines.
Re: rebound quantum entanglement
how is rebound going to handle a change in resolv.conf? thats still a problem here On Wednesday, 14 September 2016, Ted Unangstwrote: > So the plan is for rebound to be the 'system' resolver, with libc talking > to > rbeound and rebound talking to the cloud. The main wrinkle is how does > rebound > find the cloud? rebound.conf, but dhclient doesn't know anything about > rebound.conf, preferring to edit resolv.conf. But if rebound reads > resolv.conf, what does libc read? This has been a bit of a tangle until > now, > especially in scenarios like upgrades where rebound may not even be > running. > > And so I present the following diff to enable a smooth transition. It's > 'quantum' because it works whether or not rebound is running. No need to > open > the box. > > 1. rebound reads resolv.conf. This remains the config file for upstream > DNS. > > 2. libc now prepends its nameserver list with localhost, thus always > searching > for rebound. If it's not running, we just continue down the list. > > This covers the basic use case, where enabling rebound now requires no > additional work. No need to edit dhclient.conf, etc. It also works on > ramdisks. It also works with a mix of old and new binaries. Once you flip > resolv.conf back to upstream, old binaries will bypass rebound, but that's > ok. > The new rebound checks to make sure it's not stuck in a time loop, which is > never good. > > I also note this improves the situation for people who have been using > unbound > as a local cache, too. Just enable unbound and libc will use it > automatically. > > Particular edge case: if resolv.conf has no nameservers, then the localhost > default is not prepended. So libc won't try talking to rebound if it's > specifically configured not to (chroot). > > > Index: lib/libc/asr/asr.c > === > RCS file: /cvs/src/lib/libc/asr/asr.c,v > retrieving revision 1.54 > diff -u -p -r1.54 asr.c > --- lib/libc/asr/asr.c 18 Jun 2016 15:25:28 - 1.54 > +++ lib/libc/asr/asr.c 15 Sep 2016 00:42:30 - > @@ -549,6 +549,15 @@ pass0(char **tok, int n, struct asr_ctx > return; > if (n != 2) > return; > + /* prepend localhost to list */ > + if (ac->ac_nscount == 0) { > + if (asr_parse_nameserver((struct sockaddr *), > "127.0.0.1")) > + return; > + if ((ac->ac_ns[ac->ac_nscount] = calloc(1, > ss.ss_len)) == NULL) > + return; > + memmove(ac->ac_ns[ac->ac_nscount], , > ss.ss_len); > + ac->ac_nscount += 1; > + } > if (asr_parse_nameserver((struct sockaddr *), tok[1])) > return; > if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) == > NULL) > Index: usr.sbin/rebound/rebound.8 > === > RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v > retrieving revision 1.4 > diff -u -p -r1.4 rebound.8 > --- usr.sbin/rebound/rebound.8 4 Dec 2015 04:50:43 - 1.4 > +++ usr.sbin/rebound/rebound.8 15 Sep 2016 00:57:21 - > @@ -33,9 +33,7 @@ The options are as follows: > .Bl -tag -width Ds > .It Fl c Ar config > Specify an alternative configuration file, instead of the default > -.Pa /etc/rebound.conf . > -At present, the config file consists of a single line containing the next > -hop DNS server. > +.Pa /etc/resolv.conf . > .Nm > will reload the configuration file when sent a SIGHUP signal. > .It Fl d > @@ -46,8 +44,8 @@ does not > into the background. > .El > .Sh FILES > -.Bl -tag -width "/etc/rebound.confXX" -compact > -.It Pa /etc/rebound.conf > +.Bl -tag -width "/etc/resolv.confXX" -compact > +.It Pa /etc/resolv.conf > Default > .Nm > configuration file. > Index: usr.sbin/rebound/rebound.c > === > RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v > retrieving revision 1.70 > diff -u -p -r1.70 rebound.c > --- usr.sbin/rebound/rebound.c 1 Sep 2016 10:57:24 - 1.70 > +++ usr.sbin/rebound/rebound.c 15 Sep 2016 00:53:26 - > @@ -37,6 +37,7 @@ > #include > #include > #include > +#include > > #define MINIMUM(a,b) (((a)<(b))?(a):(b)) > > @@ -457,28 +458,41 @@ fail: > static int > readconfig(FILE *conf, union sockun *remoteaddr) > { > + const char ns[] = "nameserver"; > char buf[1024]; > + char *p; > struct sockaddr_in *sin = >i; > struct sockaddr_in6 *sin6 = >i6; > > - if (fgets(buf, sizeof(buf), conf) == NULL) > - return -1; > - buf[strcspn(buf, "\n")] = '\0'; > + while (fgets(buf, sizeof(buf), conf) != NULL) { > + buf[strcspn(buf, "\n")] = '\0'; > > - memset(remoteaddr, 0, sizeof(*remoteaddr)); > -
rebound quantum entanglement
So the plan is for rebound to be the 'system' resolver, with libc talking to rbeound and rebound talking to the cloud. The main wrinkle is how does rebound find the cloud? rebound.conf, but dhclient doesn't know anything about rebound.conf, preferring to edit resolv.conf. But if rebound reads resolv.conf, what does libc read? This has been a bit of a tangle until now, especially in scenarios like upgrades where rebound may not even be running. And so I present the following diff to enable a smooth transition. It's 'quantum' because it works whether or not rebound is running. No need to open the box. 1. rebound reads resolv.conf. This remains the config file for upstream DNS. 2. libc now prepends its nameserver list with localhost, thus always searching for rebound. If it's not running, we just continue down the list. This covers the basic use case, where enabling rebound now requires no additional work. No need to edit dhclient.conf, etc. It also works on ramdisks. It also works with a mix of old and new binaries. Once you flip resolv.conf back to upstream, old binaries will bypass rebound, but that's ok. The new rebound checks to make sure it's not stuck in a time loop, which is never good. I also note this improves the situation for people who have been using unbound as a local cache, too. Just enable unbound and libc will use it automatically. Particular edge case: if resolv.conf has no nameservers, then the localhost default is not prepended. So libc won't try talking to rebound if it's specifically configured not to (chroot). Index: lib/libc/asr/asr.c === RCS file: /cvs/src/lib/libc/asr/asr.c,v retrieving revision 1.54 diff -u -p -r1.54 asr.c --- lib/libc/asr/asr.c 18 Jun 2016 15:25:28 - 1.54 +++ lib/libc/asr/asr.c 15 Sep 2016 00:42:30 - @@ -549,6 +549,15 @@ pass0(char **tok, int n, struct asr_ctx return; if (n != 2) return; + /* prepend localhost to list */ + if (ac->ac_nscount == 0) { + if (asr_parse_nameserver((struct sockaddr *), "127.0.0.1")) + return; + if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) == NULL) + return; + memmove(ac->ac_ns[ac->ac_nscount], , ss.ss_len); + ac->ac_nscount += 1; + } if (asr_parse_nameserver((struct sockaddr *), tok[1])) return; if ((ac->ac_ns[ac->ac_nscount] = calloc(1, ss.ss_len)) == NULL) Index: usr.sbin/rebound/rebound.8 === RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v retrieving revision 1.4 diff -u -p -r1.4 rebound.8 --- usr.sbin/rebound/rebound.8 4 Dec 2015 04:50:43 - 1.4 +++ usr.sbin/rebound/rebound.8 15 Sep 2016 00:57:21 - @@ -33,9 +33,7 @@ The options are as follows: .Bl -tag -width Ds .It Fl c Ar config Specify an alternative configuration file, instead of the default -.Pa /etc/rebound.conf . -At present, the config file consists of a single line containing the next -hop DNS server. +.Pa /etc/resolv.conf . .Nm will reload the configuration file when sent a SIGHUP signal. .It Fl d @@ -46,8 +44,8 @@ does not into the background. .El .Sh FILES -.Bl -tag -width "/etc/rebound.confXX" -compact -.It Pa /etc/rebound.conf +.Bl -tag -width "/etc/resolv.confXX" -compact +.It Pa /etc/resolv.conf Default .Nm configuration file. Index: usr.sbin/rebound/rebound.c === RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v retrieving revision 1.70 diff -u -p -r1.70 rebound.c --- usr.sbin/rebound/rebound.c 1 Sep 2016 10:57:24 - 1.70 +++ usr.sbin/rebound/rebound.c 15 Sep 2016 00:53:26 - @@ -37,6 +37,7 @@ #include #include #include +#include #define MINIMUM(a,b) (((a)<(b))?(a):(b)) @@ -457,28 +458,41 @@ fail: static int readconfig(FILE *conf, union sockun *remoteaddr) { + const char ns[] = "nameserver"; char buf[1024]; + char *p; struct sockaddr_in *sin = >i; struct sockaddr_in6 *sin6 = >i6; - if (fgets(buf, sizeof(buf), conf) == NULL) - return -1; - buf[strcspn(buf, "\n")] = '\0'; + while (fgets(buf, sizeof(buf), conf) != NULL) { + buf[strcspn(buf, "\n")] = '\0'; - memset(remoteaddr, 0, sizeof(*remoteaddr)); - if (inet_pton(AF_INET, buf, >sin_addr) == 1) { - sin->sin_len = sizeof(*sin); - sin->sin_family = AF_INET; - sin->sin_port = htons(53); - return AF_INET; - } else if (inet_pton(AF_INET6, buf, >sin6_addr) == 1) { - sin6->sin6_len = sizeof(*sin6); - sin6->sin6_family = AF_INET6; -
video(1): Use read(2) to read file specified with -i
Hi, video(1) fails to read files that were previously recorded with -o somefile, unless -g (to select read(2) as the input method) is also specified: $ video -o foo ^C $ video -i foo video: ioctl VIDIOC_REQBUFS: Bad file descriptor $ video -g -i foo [ plays the file ] mmap-mode doesn't work here because it uses a few v4l2-specific ioctls to talk to the video device. The patch below fixes that by always using read(2) when the -i option is used. -- Gregor Index: video.1 === RCS file: /mnt/media/cvs/xenocara/app/video/video.1,v retrieving revision 1.13 diff -u -p -r1.13 video.1 --- video.1 4 Jun 2016 07:44:32 - 1.13 +++ video.1 14 Sep 2016 19:47:52 - @@ -113,6 +113,10 @@ If is .Ql - , frames will be read from standard input. +This will use +.Xr read 2 +to grab frames instead of +.Xr mmap 2 . .It Fl O Ar output File to which frames will be written. If Index: video.c === RCS file: /mnt/media/cvs/xenocara/app/video/video.c,v retrieving revision 1.19 diff -u -p -r1.19 video.c --- video.c 6 Jun 2016 19:31:22 - 1.19 +++ video.c 14 Sep 2016 19:46:39 - @@ -1805,6 +1805,7 @@ main(int argc, char *argv[]) err++; } else { vid.mode = (vid.mode & ~M_IN_DEV) | M_IN_FILE; + vid.mmap_on = 0; /* mmap mode does not work for files */ snprintf(vid.iofile, sizeof(vid.iofile), optarg); }
Re: libsa, stop saving memory
On Wed, 14 Sep 2016 20:41:48 +0200, Jasper Lievisse Adriaanse wrote: > nothing defines SAVE_MEMORY nor has it been modified since -r1.1. > ok to zap it? OK millert@ - todd
libsa, stop saving memory
Hi, nothing defines SAVE_MEMORY nor has it been modified since -r1.1. ok to zap it? Index: cread.c === RCS file: /cvs/src/sys/lib/libsa/cread.c,v retrieving revision 1.13 diff -u -p -r1.13 cread.c --- cread.c 18 Jan 2009 21:46:50 - 1.13 +++ cread.c 14 Sep 2016 18:39:23 - @@ -47,11 +47,7 @@ #define zmemcpymemcpy -#ifdef SAVE_MEMORY -#define Z_BUFSIZE 1024 -#else #define Z_BUFSIZE 4096 -#endif static int gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */ @@ -210,11 +206,7 @@ open(const char *fname, int mode) goto errout; bzero(s, sizeof(struct sd)); -#ifdef SAVE_MEMORY - if (inflateInit2(&(s->stream), -11) != Z_OK) -#else if (inflateInit2(&(s->stream), -15) != Z_OK) -#endif goto errout; s->stream.next_in = s->inbuf = (unsigned char *)alloc(Z_BUFSIZE); -- jasper
ftp5.usa.openbsd.org going down 7pm-1am Sunday September 18th
Due to a just-announced power outage happening this Sunday night, ftp5.usa.openbsd.org will be going down around 7pm EDT (UTC-4) on Sunday September 14th. I will bring it back up when the power comes back at midnight EDT, so it should be back up by 1am EDT. FYI --Kurt Mosiejczuk
Re: random malloc junk
> Daniel Micay wrote: > > > > The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1, > > and it similarly doesn't wipe at all with 'U' (even though junk-on-free > > also serves the purpose of preventing information leaks, not just > > mitigating use-after-free). IMO, optimizing large allocation perf like > > this isn't worthwhile. > > this requires some analysis of what programs do in the wild. some programs > preemptively malloc large buffers, but don't touch them. it would be a serious > reqression for free to fault in new pages, just to ditry them, then turn > around and unmap them. some of this is because i believe the code is doing > things at the wrong time. if you want to dirty whole pages, it should be when > they go on the freelist, not immediately. > Exactly. Daniel the giant-allocation situation may not be normal in your ecosystem, but it is common in general purpose code. That is why an upper bound was chosen. I would also argue that that gigantic allocations have far fewer security risks, requiring them to be smashed in this way. We defend against those problems by unmapping them, so that the address space becomes unavailable -> SIGSEGV.
Re: random malloc junk
Daniel Micay wrote: > > The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1, > and it similarly doesn't wipe at all with 'U' (even though junk-on-free > also serves the purpose of preventing information leaks, not just > mitigating use-after-free). IMO, optimizing large allocation perf like > this isn't worthwhile. this requires some analysis of what programs do in the wild. some programs preemptively malloc large buffers, but don't touch them. it would be a serious reqression for free to fault in new pages, just to ditry them, then turn around and unmap them. some of this is because i believe the code is doing things at the wrong time. if you want to dirty whole pages, it should be when they go on the freelist, not immediately.
Re: Remove ip6_pcbopts
On 14 September 2016 at 17:53, Jeremie Courreges-Anglaswrote: > > Dead since the IPV6_PKTOPTIONS socket option was removed. > > ok? > > Sure.
Re: regression tests and patch for calendar(1)
On 31 Aug 2016 07:52:19 -0600, "Andy Bradford" wrote: > While writing a set of regression tests for calendar(1) I discovered a > bug introduced by my last patch. The following patch fixes that and all > regression tests in the attachment of tests passes. I've committed the fix as well as the calendar regress. - todd
Remove ip6_pcbopts
Dead since the IPV6_PKTOPTIONS socket option was removed. ok? Index: ip6_output.c === RCS file: /cvs/src/sys/netinet6/ip6_output.c,v retrieving revision 1.214 diff -u -p -r1.214 ip6_output.c --- ip6_output.c14 Sep 2016 15:26:05 - 1.214 +++ ip6_output.c14 Sep 2016 15:50:52 - @@ -117,7 +117,6 @@ struct ip6_exthdrs { }; int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **, int, int); -int ip6_pcbopts(struct ip6_pktopts **, struct mbuf *, struct socket *); int ip6_getpcbopt(struct ip6_pktopts *, int, struct mbuf **); int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, int, int, int); int ip6_setmoptions(int, struct ip6_moptions **, struct mbuf *); @@ -1698,48 +1697,6 @@ ip6_raw_ctloutput(int op, struct socket (void)m_free(m); return (error); -} - -/* - * Set up IP6 options in pcb for insertion in output packets. - * Store in mbuf with pointer in pcbopt, adding pseudo-option - * with destination address if source routed. - */ -int -ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, struct socket *so) -{ - struct ip6_pktopts *opt = *pktopt; - int error = 0; - struct proc *p = curproc; /* XXX */ - int priv = 0; - - /* turn off any old options. */ - if (opt) - ip6_clearpktopts(opt, -1); - else - opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK); - *pktopt = 0; - - if (!m || m->m_len == 0) { - /* -* Only turning off any previous options, regardless of -* whether the opt is just created or given. -*/ - free(opt, M_IP6OPT, sizeof(*opt)); - return (0); - } - - /* set options specified by user. */ - if (p && !suser(p, 0)) - priv = 1; - if ((error = ip6_setpktopts(m, opt, NULL, priv, - so->so_proto->pr_protocol)) != 0) { - ip6_clearpktopts(opt, -1); /* XXX discard all options */ - free(opt, M_IP6OPT, sizeof(*opt)); - return (error); - } - *pktopt = opt; - return (0); } /* -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [PATCH] Callback-based interface to libtls
Hi On 14.09.2016, at 14:21, Brent Cookwrote: > > On 14.09.2016, at 13:37, Brent Cook wrote: > > > > > Once the expectations of the callbacks are finalized, this needs a good > > explanation in the manual. > > [...] > Generally, what are the expectations of a callback, what should it return > and when. > I have amended the manpage a little and added an example. Turns out I write a bit wordy, so feel free to re-word. The example is also longer than the others, but I think this is necessary… > A good example section and/or regression test would go a long way. We've > used nc(1) to test a lot of the other libtls features so far. There also are > some libtls golang bindings in tree under regress, though I'm not sure how > up-to-date they are. ok. I am currently "test-driving" the interface with the SSL plugin for Squeak that I maintain[1] and I think I can extract something afterwards. Best regards -Tobias [1]: https://github.com/OpenSmalltalk/opensmalltalk-vm/blob/libtls/platforms/unix/plugins/SqueakSSL/sqUnixLibreSSL.c diff --git src/lib/libtls/tls_init.3 src/lib/libtls/tls_init.3 index 12dc99a..bbf9e0d 100644 --- src/lib/libtls/tls_init.3 +++ src/lib/libtls/tls_init.3 @@ -189,13 +189,13 @@ .Ft "int" .Fn tls_connect_socket "struct tls *ctx" "int s" "const char *servername" .Ft "int" -.Fn tls_connect_cbs "struct tls *ctx" "ssize_t (*tls_read_cb)(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)" "ssize_t (*tls_write_cb)(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)" "void *cb_arg" "const char *servername" +.Fn tls_connect_cbs "struct tls *ctx" "tls_read_cb read_cb" "tls_write_cb write_cb" "void *cb_arg" "const char *servername" .Ft "int" .Fn tls_accept_fds "struct tls *tls" "struct tls **cctx" "int fd_read" "int fd_write" .Ft "int" .Fn tls_accept_socket "struct tls *tls" "struct tls **cctx" "int socket" .Ft "int" -.Fn tls_accept_cbs "struct tls *ctx" "struct tls **cctx" "ssize_t (*tls_read_cb)(struct *ctx, void *buf, size_t buflen, void *cb_arg)" "ssize_t (*tls_write_cb)(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)" "void *cb_arg" +.Fn tls_accept_cbs "struct tls *ctx" "struct tls **cctx" "tls_read_cb read_cb" "tls_write_cb write_cb" "void *cb_arg" .Ft "int" .Fn tls_handshake "struct tls *ctx" .Ft "ssize_t" @@ -204,6 +204,10 @@ .Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen" .Ft "int" .Fn tls_close "struct tls *ctx" +.Ft typedef ssize_t +.Fn (*tls_read_cb) "void *ctx" "void *buf" "size_t buflen" "void *cb_arg" +.Ft typedef ssize_t +.Fn (*tls_write_cb) "void *ctx" "const void *buf" "size_t buflen" "void *cb_arg" .Sh DESCRIPTION The .Nm tls @@ -564,6 +568,35 @@ connects a client context to a pair of existing file descriptors. .Fn tls_connect_socket connects a client context to an already established socket connection. .It +.Fn tls_connect_cbs +connects a client context to a custom peer, with the data transfer handled by a +read and a write callback provided by the caller. The +.Fa read_cb +callback should do what is necessary to read from the peer and write resulting +data to its +.Fa buf . +Likewise, the +.Fa write_cb +callback should do what is necessary to write the data from its +.Fa buf +to the peer. If the callbacks represent non-blocking communication or if there +is more data to be read or written, respectively, than stated by +.Fa buflen , +the callbacks should return +.Dv TLS_WANT_POLLOUT +for more data +.Em for +the peer or +.DV TLS_WANT_POLLIN +for more data +.Em from +the peer. The callbacks can be passed arbitrary data in +.Fa cb_arg . +This will be what was passed to +.Fn tls_connect_cbs +in its +.Fa cb_arg . +.It .Fn tls_accept_fds creates a new context suitable for reading and writing on an existing pair of file descriptors and returns it in @@ -578,6 +611,40 @@ established socket connection and returns it in A configured server context should be passed in .Fa ctx . .It +.Fn tls_accept_cbs +creates a new context suitable for reading from and writing to a peer and +returns it in +.Fa *cctx . +The data transfer for +.Fa *cctx +is handled by a read and a write callback provided by the +caller. The +.Fa read_cb +callback should do what is necessary to read from the peer and write resulting +data to its +.Fa buf . +Likewise, the +.Fa write_cb +callback should do what is necessary to write the data from its +.Fa buf +to the peer. If the callbacks represent non-blocking communication or if there +is more data to be read or written, respectively, than stated by +.Fa buflen , +the callbacks should return +.Dv TLS_WANT_POLLOUT +for more data +.Em for +the peer or +.DV TLS_WANT_POLLIN +for more data +.Em from +the peer. The callbacks can be passed arbitrary data in +.Fa cb_arg . +This will be what was passed to +.Fn tls_accept_cbs +in its +.Fa cb_arg . +.It .Fn tls_handshake performs the TLS handshake. It is only necessary to call this
Re: regression tests and patch for calendar(1)
Hi Andy, I just ran into this regression and wrote a similar patch (though I missed the WEEKLY test). Thanks for the fix! It solves the Easter-calculation problem I noticed. For anyone looking for a quick test, none of the pre- or post-Easter dates will be displayed when executing: calendar -t 20160101 -A 180 -f /usr/share/calendar/calendar.christian After Andy's patch it resolves the issue. --Aaron * Andy Bradford[2016-08-31 07:52:19 -0600]: > Hello, > > While writing a set of regression tests for calendar(1) I discovered a > bug introduced by my last patch. The following patch fixes that and all > regression tests in the attachment of tests passes. > > Thanks, > > Andy > > Index: day.c > === > RCS file: /home/cvs/src/usr.bin/calendar/day.c,v > retrieving revision 1.33 > diff -u -p -r1.33 day.c > --- day.c 13 Jul 2016 21:32:01 - 1.33 > +++ day.c 31 Aug 2016 13:40:01 - > @@ -543,7 +543,9 @@ isnow(char *endp, int bodun) > tdiff = difftime(ttmp, f_time)/ SECSPERDAY; > if (tdiff <= offset + f_dayAfter || > (bodun && tdiff == -1)) { > - if ((tmtmp.tm_mon == month) && > + if (((tmtmp.tm_mon == month) || > + (flags & F_SPECIAL) || > + (interval == WEEKLY)) && > (tdiff >= 0 || > (bodun && tdiff == -1))) { > if ((tmp = malloc(sizeof(struct > match))) == NULL) >
let openbgpd announce rtlabels
It is quite common to want to do a cross-protocol readvertisement from IGP->EGP. We can add rtlabels in bgpd and ospfd, but only advertise in ospfd. This diff lets bgpd announce routes based on rtlabels. The existing "cannot announce routes that point to localhost" and "cannot announce defaults" still apply. Should they? OK? Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.146 diff -u -p -u -p -r1.146 bgpd.conf.5 --- bgpd.conf.5 17 Aug 2016 08:14:40 - 1.146 +++ bgpd.conf.5 14 Sep 2016 14:21:52 - @@ -268,6 +268,10 @@ Log received and sent updates. .Pq Ic inet Ns | Ns Ic inet6 .Ic connected Op Ic set ...\& .Xc +.It Xo +.Ic network +.Ic rtlabel Ar label Op Ic set ...\& +.Xc Announce the specified network as belonging to our AS. If set to .Ic connected , @@ -275,6 +279,11 @@ routes to directly attached networks wil If set to .Ic static , all static routes will be announced. +If set to +.Ic rtlabel , +routes with the specified +.Ar label +will be announced. .Bd -literal -offset indent network 192.168.7.0/24 .Ed Index: bgpd.h === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v retrieving revision 1.295 diff -u -p -u -p -r1.295 bgpd.h --- bgpd.h 2 Sep 2016 14:00:29 - 1.295 +++ bgpd.h 14 Sep 2016 14:21:52 - @@ -85,6 +85,7 @@ #defineF_CTL_ADJ_IN0x2000 #defineF_CTL_ADJ_OUT 0x4000 #defineF_CTL_ACTIVE0x8000 +#defineF_RTLABEL 0x1 /* * Limit the number of control messages generated by the RDE and queued in @@ -334,6 +335,7 @@ enum network_type { NETWORK_DEFAULT, NETWORK_STATIC, NETWORK_CONNECTED, + NETWORK_RTLABEL, NETWORK_MRTCLONE }; @@ -342,6 +344,7 @@ struct network_config { struct filter_set_head attrset; struct rde_aspath *asp; u_intrtableid; + u_int16_trtlabel; enum network_typetype; u_int8_t prefixlen; u_int8_t old; /* used for reloading */ @@ -507,6 +510,7 @@ struct kroute_full { struct bgpd_addrprefix; struct bgpd_addrnexthop; charlabel[RTLABEL_LEN]; + u_int16_t labelid; u_int16_t flags; u_short ifindex; u_int8_tprefixlen; Index: kroute.c === RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v retrieving revision 1.209 diff -u -p -u -p -r1.209 kroute.c --- kroute.c8 Apr 2016 12:27:05 - 1.209 +++ kroute.c14 Sep 2016 14:21:52 - @@ -,6 +,10 @@ kr_net_match(struct ktable *kt, struct k if (kr->flags & F_CONNECTED) return (xn); break; + case NETWORK_RTLABEL: + if (kr->labelid == xn->net.rtlabel) + return (xn); + break; case NETWORK_MRTCLONE: /* can not happen */ break; @@ -1143,6 +1147,10 @@ kr_net_match6(struct ktable *kt, struct if (kr6->flags & F_CONNECTED) return (xn); break; + case NETWORK_RTLABEL: + if (kr6->labelid == xn->net.rtlabel) + return (xn); + break; case NETWORK_MRTCLONE: /* can not happen */ break; @@ -1269,6 +1277,7 @@ sendit: net.prefix.aid = AID_INET; net.prefix.v4.s_addr = kr->prefix.s_addr; net.prefixlen = kr->prefixlen; + net.rtlabel = kr->labelid; net.rtableid = kt->rtableid; return (send_network(type, , match ? >net.attrset : NULL)); @@ -1337,6 +1346,7 @@ sendit: net.prefix.aid = AID_INET6; memcpy(, >prefix, sizeof(struct in6_addr)); net.prefixlen = kr6->prefixlen; + net.rtlabel = kr6->labelid; net.rtableid = kt->rtableid; return (send_network(type, , match ? >net.attrset : NULL)); @@ -1392,6 +1402,7 @@ kr_tofull(struct kroute *kr) kf.nexthop.aid = AID_INET; kf.nexthop.v4.s_addr = kr->nexthop.s_addr; strlcpy(kf.label, rtlabel_id2name(kr->labelid), sizeof(kf.label)); + kf.labelid = kr->labelid; kf.flags = kr->flags; kf.ifindex = kr->ifindex; kf.prefixlen = kr->prefixlen; @@ -1412,6 +1423,7 @@ kr6_tofull(struct kroute6 *kr6) kf.nexthop.aid = AID_INET6; memcpy(, >nexthop, sizeof(struct in6_addr)); strlcpy(kf.label, rtlabel_id2name(kr6->labelid),
Re: random malloc junk
On Tue, 2016-09-13 at 13:27 +0200, Otto Moerbeek wrote: > On Thu, Sep 08, 2016 at 06:42:33PM -0400, Daniel Micay wrote: > > > A bit off-topic: 'J' enables junk-on-init which is for debugging, > > but it > > also currently has security improvements for large allocations. > > There's > > only partial junk-on-free by default (half a page), and 'U' disables > > large allocation junk-on-free without 'J'. I think it would make > > sense > > to remove those optimizations since it's fine if the cost scales up > > with > > larger allocations and losing the guarantee of not leaking data via > > uninitialized memory with 'U' is not great. Using 'U' is quite > > expensive > > regardless, and adds some pathological performance cases for small > > size > > allocations which is more important. I ended up removing both of > > those > > optimizations for the CopperheadOS port. > > I would prefer to see a diff with this. For me, that should be easier > to understand than you description. This is the diff from the CopperheadOS port which won't apply directly to malloc.c in OpenBSD, but should explain what I mean since it's just a few lines. Just ignore the part where it removes malloc_junk=2, which is because junk-on-init is split out (so this obsoleted the extra mode). The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1, and it similarly doesn't wipe at all with 'U' (even though junk-on-free also serves the purpose of preventing information leaks, not just mitigating use-after-free). IMO, optimizing large allocation perf like this isn't worthwhile. diff --git a/libc/bionic/omalloc.c b/libc/bionic/omalloc.c index e451d79..9277ee7 100644 --- a/libc/bionic/omalloc.c +++ b/libc/bionic/omalloc.c @@ -504,7 +504,7 @@ map(struct dir_info *d, void *hint, size_t sz, int zero_fill) madvise(p, sz, MADV_NORMAL); if (zero_fill) memset(p, 0, sz); - else if (mopts.malloc_junk == 2 && + else if (mopts.malloc_junk && mopts.malloc_freeunmap) memset(p, SOME_FREEJUNK, sz); return p; @@ -524,7 +524,7 @@ map(struct dir_info *d, void *hint, size_t sz, int zero_fill) d->free_regions_size -= psz; if (zero_fill) memset(p, 0, sz); - else if (mopts.malloc_junk == 2 && mopts.malloc_freeunmap) + else if (mopts.malloc_junk && mopts.malloc_freeunmap) memset(p, SOME_FREEJUNK, sz); return p; } @@ -603,7 +603,7 @@ omalloc_parseopt(char opt) mopts.malloc_junk = 0; break; case 'J': - mopts.malloc_junk = 2; + mopts.malloc_junk = 1; break; case 'i': mopts.malloc_junk_init = 0; @@ -1517,8 +1517,7 @@ ofree(struct dir_info *pool, void *p) STATS_SUB(pool->malloc_guarded, mopts.malloc_guard); } if (mopts.malloc_junk && !mopts.malloc_freeunmap) { - size_t amt = mopts.malloc_junk == 1 ? MALLOC_MAXCHUNK : - PAGEROUND(sz) - mopts.malloc_guard; + size_t amt = PAGEROUND(sz) - mopts.malloc_guard; memset(p, SOME_FREEJUNK, amt); } unmap(pool, p, PAGEROUND(sz));
teach BFD how to send route messages
This is a work-in-progress diff that I would like to commit. I can print a few things, but there is a problem when trying to bring in more fields. Printing is also ugly, but I can fix that in-tree. While here, I print the descr's as ints, the same way Juniper does it. I also had to add RTM_INVALIDATE, to keep the ordering correct. Am I tying this into route(8) and rtsock.c correctly? OK? Index: sbin/route/route.c === RCS file: /cvs/openbsd/src/sbin/route/route.c,v retrieving revision 1.190 diff -u -p -u -p -r1.190 route.c --- sbin/route/route.c 4 Sep 2016 09:41:03 - 1.190 +++ sbin/route/route.c 14 Sep 2016 10:20:04 - @@ -41,6 +41,10 @@ #include #include +#include +#include +#include + #include #include @@ -90,6 +94,7 @@ void sodump(sup, char *); char *priorityname(uint8_t); uint8_t getpriority(char *); voidprint_getmsg(struct rt_msghdr *, int); +voidprint_bfdmsg(struct bfd_msghdr *); const char *get_linkstate(int, int); voidprint_rtmsg(struct rt_msghdr *, int); voidpmsg_common(struct rt_msghdr *); @@ -1240,6 +1245,7 @@ char *msgtypes[] = { "RTM_IFINFO: iface status change", "RTM_IFANNOUNCE: iface arrival/departure", "RTM_DESYNC: route socket overflow", + "RTM_INVALIDATE: invalidate cache of L2 route", "RTM_BFD: bidirectional forwarding detection", }; @@ -1277,6 +1283,7 @@ print_rtmsg(struct rt_msghdr *rtm, int m struct if_msghdr *ifm; struct ifa_msghdr *ifam; struct if_announcemsghdr *ifan; + struct bfd_msghdr *bfd; char ifname[IF_NAMESIZE]; if (verbose == 0) @@ -1333,7 +1340,9 @@ print_rtmsg(struct rt_msghdr *rtm, int m printf("\n"); break; case RTM_BFD: - printf("bfd\n");/* XXX - expand*/ + bfd = (struct bfd_msghdr *)rtm; + printf(", BFD "); + print_bfdmsg(bfd); break; default: printf(", priority %d, table %u, ifidx %u, ", @@ -1524,6 +1533,48 @@ print_getmsg(struct rt_msghdr *rtm, int putchar('\n'); } #undef RTA_IGN +} + +void +print_bfdmsg(struct bfd_msghdr *bfd) +{ + printf("mode "); + switch (bfd->mode) { + case BFD_MODE_ASYNC: + printf("ASYNC"); + break; + case BFD_MODE_DEMAND: + printf("DEMAND"); + break; + } + printf(" state "); + switch (bfd->state) { + case BFD_STATE_ADMINDOWN: + printf("AdminDown"); + break; + case BFD_STATE_DOWN: + printf("Down"); + break; + case BFD_STATE_INIT: + printf("Init"); + break; + case BFD_STATE_UP: + printf("Up"); + break; + } + printf(" error %d", bfd->error); + printf(" localdiscr %u", bfd->localdiscr); + printf(" remotediscr %u", bfd->remotediscr); + printf(" localdiag %u", bfd->localdiag); + printf(" remotediag %u", bfd->remotediag); + printf(" uptime %lld", bfd->uptime); + printf(" lastuptime %lld", bfd->lastuptime); + + printf(" mintx %ums", bfd->mintx / 1000); + printf(" minrx %ums", bfd->minrx / 1000); + printf(" multiplier %ux", bfd->multiplier); + + printf("\n"); } void Index: sys/net/bfd.c === RCS file: /cvs/openbsd/src/sys/net/bfd.c,v retrieving revision 1.24 diff -u -p -u -p -r1.24 bfd.c --- sys/net/bfd.c 13 Sep 2016 07:56:05 - 1.24 +++ sys/net/bfd.c 14 Sep 2016 10:48:39 - @@ -161,7 +161,7 @@ struct bfd_state { uint32_tAuthSeqKnown; }; -struct pool bfd_pool, bfd_pool_peer, bfd_pool_time; +struct pool bfd_pool, bfd_pool_peer, bfd_pool_time, bfd_pool_msghdr; struct taskq *bfdtq; struct socket *bfd_listener(struct bfd_softc *, unsigned int); @@ -182,6 +182,7 @@ void bfd_senddown(struct bfd_softc *); voidbfd_reset(struct bfd_softc *); voidbfd_set_uptime(struct bfd_softc *); +voidbfd_prepmsg(struct bfd_softc *); voidbfd_debug(struct bfd_softc *); TAILQ_HEAD(bfd_queue, bfd_softc) bfd_queue; @@ -224,9 +225,38 @@ bfd_rtalloc(struct rtentry *rt) TAILQ_INSERT_TAIL(_queue, sc, bfd_next); + bfd_prepmsg(sc); return (0); } +void +bfd_prepmsg(struct bfd_softc *sc) +{ + struct bfd_msghdr *bfd; + + bfd = pool_get(_pool_msghdr, PR_WAITOK | PR_ZERO); + + bfd->mode = sc->mode; + bfd->mintx = sc->mintx; + bfd->minrx = sc->minrx; + bfd->multiplier = sc->multiplier; + + bfd->uptime = sc->sc_time->tv_sec; + bfd->lastuptime = sc->lastuptime; + bfd->state = sc->state; + bfd->laststate = sc->laststate; + bfd->error = sc->error; + +
Re: [PATCH] Callback-based interface to libtls
On Wed, Sep 14, 2016 at 6:41 AM, Tobias Papewrote: > Hi > > On 14.09.2016, at 13:37, Brent Cook wrote: > > > > > Once the expectations of the callbacks are finalized, this needs a good > explanation in the manual. > > > Ok, how would I do that best? > I admit to have amended the man page by sheer copy-and-paste-of-very-small- > bits™, > so what would you suggest me to write? > > Other than that, thanks for applying the patch. > > Best regards > -Tobias Generally, what are the expectations of a callback, what should it return and when. A good example section and/or regression test would go a long way. We've used nc(1) to test a lot of the other libtls features so far. There also are some libtls golang bindings in tree under regress, though I'm not sure how up-to-date they are.
Re: [PATCH] Callback-based interface to libtls
Hi On 14.09.2016, at 13:37, Brent Cookwrote: > > Once the expectations of the callbacks are finalized, this needs a good > explanation in the manual. Ok, how would I do that best? I admit to have amended the man page by sheer copy-and-paste-of-very-small-bits™, so what would you suggest me to write? Other than that, thanks for applying the patch. Best regards -Tobias
Re: [PATCH] Callback-based interface to libtls
Thanks! On Wed, Sep 14, 2016 at 4:48 AM,wrote: > Hi again, > > On 07.09.2016, at 18:08, tob...@netshed.de wrote: > [..] > >> On 05.09.2016, at 15:50, bust...@gmail.com wrote: > >> > >>> Hey, the typedef came in handy :) Ok bcook@ > >>> > >>> On Sep 5, 2016, at 11:52 AM, Bob Beck wrote: > >>> > I am in agreement in principle, but please coordinate with bcook@ > and/or jsing@ who were possibly doing > some related adjustments. > > > >> > >> I have a minor adjustment: it should be able to instruct POLLIN/POLLOUT > via the callbacks. > >> I added this, see the diff. > > > > Aaand: a fix for the FLUSH BIO cntl, that happens at the end of SSL > handshakes… > > Next fix: put the callback on the right context for tls_accept. > > Updated diff at the end. > > Best regards > -Tobias > > diff --git src/lib/libtls/tls_bio_cb.c src/lib/libtls/tls_bio_cb.c > index c4220df..e52f43c 100644 > --- src/lib/libtls/tls_bio_cb.c > +++ src/lib/libtls/tls_bio_cb.c > @@ -154,6 +154,7 @@ ctrl_cb(BIO *b, int cmd, long num, void *ptr) > b->shutdown = (int)num; > break; > case BIO_CTRL_DUP: > + case BIO_CTRL_FLUSH: > break; > case BIO_CTRL_INFO: > case BIO_CTRL_GET: > @@ -169,14 +170,32 @@ static int > tls_bio_write_cb(BIO *h, const char *buf, int num, void *cb_arg) > { > struct tls *ctx = cb_arg; > - return (ctx->write_cb)(ctx, buf, num, ctx->cb_arg); > + BIO_clear_retry_flags(h); > + int rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg); > + if (rv == TLS_WANT_POLLIN) { > + BIO_set_retry_read(h); > + rv = -1; > + } else if (rv == TLS_WANT_POLLOUT) { > + BIO_set_retry_write(h); > + rv = -1; > + } > + return (rv); > } > > static int > tls_bio_read_cb(BIO *h, char *buf, int size, void *cb_arg) > { > struct tls *ctx = cb_arg; > - return (ctx->read_cb)(ctx, buf, size, ctx->cb_arg); > + BIO_clear_retry_flags(h); > + int rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg); > + if (rv == TLS_WANT_POLLIN) { > + BIO_set_retry_read(h); > + rv = -1; > + } else if (rv == TLS_WANT_POLLOUT) { > + BIO_set_retry_write(h); > + rv = -1; > + } > + return (rv); > } > Once the expectations of the callbacks are finalized, this needs a good explanation in the manual. > static BIO * > diff --git src/lib/libtls/tls_server.c src/lib/libtls/tls_server.c > index 09a83ca..ea37700 100644 > --- src/lib/libtls/tls_server.c > +++ src/lib/libtls/tls_server.c > @@ -346,12 +346,13 @@ int > tls_accept_cbs(struct tls *ctx, struct tls **cctx, > tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg) > { > - struct tls *conn_ctx; > + struct tls *conn_ctx = NULL; > + > > if ((conn_ctx = tls_accept_common(ctx)) == NULL) > goto err; > > - if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) { > + if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0) { > tls_set_errorx(ctx, "callback registration failure"); > goto err; > } > > Oops. I took out the extra NULL assignment, but otherwise looks good, applied.
Re: [PATCH] Callback-based interface to libtls
Hi again, On 07.09.2016, at 18:08, tob...@netshed.de wrote: [..] >> On 05.09.2016, at 15:50, bust...@gmail.com wrote: >> >>> Hey, the typedef came in handy :) Ok bcook@ >>> >>> On Sep 5, 2016, at 11:52 AM, Bob Beckwrote: >>> I am in agreement in principle, but please coordinate with bcook@ and/or jsing@ who were possibly doing some related adjustments. >> >> I have a minor adjustment: it should be able to instruct POLLIN/POLLOUT via >> the callbacks. >> I added this, see the diff. > > Aaand: a fix for the FLUSH BIO cntl, that happens at the end of SSL > handshakes… Next fix: put the callback on the right context for tls_accept. Updated diff at the end. Best regards -Tobias diff --git src/lib/libtls/tls_bio_cb.c src/lib/libtls/tls_bio_cb.c index c4220df..e52f43c 100644 --- src/lib/libtls/tls_bio_cb.c +++ src/lib/libtls/tls_bio_cb.c @@ -154,6 +154,7 @@ ctrl_cb(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num; break; case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: break; case BIO_CTRL_INFO: case BIO_CTRL_GET: @@ -169,14 +170,32 @@ static int tls_bio_write_cb(BIO *h, const char *buf, int num, void *cb_arg) { struct tls *ctx = cb_arg; - return (ctx->write_cb)(ctx, buf, num, ctx->cb_arg); + BIO_clear_retry_flags(h); + int rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg); + if (rv == TLS_WANT_POLLIN) { + BIO_set_retry_read(h); + rv = -1; + } else if (rv == TLS_WANT_POLLOUT) { + BIO_set_retry_write(h); + rv = -1; + } + return (rv); } static int tls_bio_read_cb(BIO *h, char *buf, int size, void *cb_arg) { struct tls *ctx = cb_arg; - return (ctx->read_cb)(ctx, buf, size, ctx->cb_arg); + BIO_clear_retry_flags(h); + int rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg); + if (rv == TLS_WANT_POLLIN) { + BIO_set_retry_read(h); + rv = -1; + } else if (rv == TLS_WANT_POLLOUT) { + BIO_set_retry_write(h); + rv = -1; + } + return (rv); } static BIO * diff --git src/lib/libtls/tls_server.c src/lib/libtls/tls_server.c index 09a83ca..ea37700 100644 --- src/lib/libtls/tls_server.c +++ src/lib/libtls/tls_server.c @@ -346,12 +346,13 @@ int tls_accept_cbs(struct tls *ctx, struct tls **cctx, tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg) { - struct tls *conn_ctx; + struct tls *conn_ctx = NULL; + if ((conn_ctx = tls_accept_common(ctx)) == NULL) goto err; - if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) { + if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0) { tls_set_errorx(ctx, "callback registration failure"); goto err; }
Re: STANDARDS in err.3
On Wed, Sep 14, 2016 at 12:32 AM, Michal Mazurekwrote: > Mention that these functions aren't standard. > > OK? Per mdoc(5): STANDARDS References any standards implemented or used. If not adhering to any standards, the HISTORY section should be used instead. So we normally only include a STANDARDS section when something is standardized and do not include that section when it is not part of any standard. The odd ball case may occur when a manpage describes a mix of standardized and non-standard functions, but outside that exception we do not say "STANDARDS: This is not standard" ...and anyway, err(3) has been proposed for standardization! Philip Guenther
STANDARDS in err.3
Mention that these functions aren't standard. OK? Index: lib/libc/gen/err.3 === RCS file: /cvs/src/lib/libc/gen/err.3,v retrieving revision 1.20 diff -u -p -r1.20 err.3 --- lib/libc/gen/err.3 23 Apr 2014 16:26:33 - 1.20 +++ lib/libc/gen/err.3 14 Sep 2016 07:28:26 - @@ -189,6 +189,10 @@ if ((fd = open(block_device, O_RDONLY, 0 .Xr perror 3 , .Xr printf 3 , .Xr strerror 3 +.Sh STANDARDS +These functions are +.Bx +extensions. .Sh HISTORY The functions .Fn err , -- Michal Mazurek
Re: m_copym2 is unused, let's remove it
On Wed, Sep 14, 2016 at 02:46:27PM +1000, David Gwynne wrote: > Yes, this is just a conservative first step to that. OK on the first step. I hope more follow :) > On 14 Sep 2016 12:00 p.m., "Todd C. Miller"> wrote: > > > Looks OK. Do you intend to change m_copym0 to m_copym and remove > > the deep copy code? > > > > - todd > > -- :wq Claudio