Re: BFD: route get and route monitor

[Claudio Jeker]

On Thu, Jan 19, 2017 at 06:26:25AM +0100, Peter Hessler wrote:
> On 2016 Dec 17 (Sat) at 14:05:40 +0100 (+0100), Peter Hessler wrote:
> :On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
> ::This diff makes route get and route monitor work.  sockaddr_bfd is so we
> ::can play like the other RTAX_* indexes in rti_info of route messages.
> ::
> 
> In route(8), only say "up" or "down" for the state of BFD.  use -v or
> -bfd to get details that only matter to debug BFD.
> 
> $ route -n get 203.0.113.9   
>route to: 203.0.113.9
> destination: 203.0.113.9
>mask: 255.255.255.255
>   interface: em1
>  if address: 203.0.113.1
>priority: 3 ()
>   flags: 
> BFD: up
>  use   mtuexpire
> 1402 0   922 
> sockaddrs: 
> 
> I also fixed a number of things that mpi@ noticed.
> 

You need to restructure sockaddr_bfd to be a) a power of 2 and b) so layed
out that there is no implicit padding on any arch. For example the 64bit
time_t values need to start on a 8byte offset.

Abusing sockaddrs for something that is only used on the routing socket
feels a but wrong but that is a different thing to fix.

> +struct sockaddr_bfd {
> + uint8_t bs_len; /* total length */
> + sa_family_t bs_family;  /* address family */
> + /* above matches sockaddr_storage */
> +
> + uint16_tbs_mode;
> + uint32_tbs_mintx;
> + uint32_tbs_minrx;
> + uint32_tbs_minecho;
> + uint16_tbs_multiplier;
> +
> + time_t  bs_uptime;
> + time_t  bs_lastuptime;
> + int bs_state;
> + int bs_remotestate;
> + int bs_laststate;
> + int bs_error;
> +
> + uint32_tbs_localdiscr;
> + uint32_tbs_localdiag;
> + uint32_tbs_remotediscr;
> + uint32_tbs_remotediag;
> +};
> +

-- 
:wq Claudio

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Dec 17 (Sat) at 14:05:40 +0100 (+0100), Peter Hessler wrote:
:On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
::This diff makes route get and route monitor work.  sockaddr_bfd is so we
::can play like the other RTAX_* indexes in rti_info of route messages.
::

In route(8), only say "up" or "down" for the state of BFD.  use -v or
-bfd to get details that only matter to debug BFD.

$ route -n get 203.0.113.9   
   route to: 203.0.113.9
destination: 203.0.113.9
   mask: 255.255.255.255
  interface: em1
 if address: 203.0.113.1
   priority: 3 ()
  flags: 
BFD: up
 use   mtuexpire
1402 0   922 
sockaddrs: 

I also fixed a number of things that mpi@ noticed.


Index: sbin/route/Makefile
===
RCS file: /cvs/openbsd/src/sbin/route/Makefile,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 Makefile
--- sbin/route/Makefile 19 Jul 2013 14:41:46 -  1.13
+++ sbin/route/Makefile 17 Dec 2016 12:47:35 -
@@ -4,7 +4,7 @@ PROG=   route
 MAN=   route.8
 SRCS=  route.c show.c
 
-CFLAGS+=   -Wall
+CFLAGS+=   -Wall -DBFD
 
 route.o .depend lint tags: keywords.h
 
Index: sbin/route/route.c
===
RCS file: /cvs/openbsd/src/sbin/route/route.c,v
retrieving revision 1.194
diff -u -p -u -p -r1.194 route.c
--- sbin/route/route.c  17 Jan 2017 19:05:47 -  1.194
+++ sbin/route/route.c  19 Jan 2017 03:39:55 -
@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
 const char *bfd_diag(unsigned int);
 const char *bfd_calc_uptime(time_t);
 voidprint_bfdmsg(struct rt_msghdr *);
+voidprint_sabfd(struct sockaddr_bfd *, int);
 #endif
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
@@ -1444,6 +1445,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
struct sockaddr_dl *ifp = NULL;
struct sockaddr_rtlabel *sa_rl = NULL;
+#ifdef BFD
+   struct sockaddr_bfd *sa_bfd = NULL;
+#endif
struct sockaddr *mpls = NULL;
struct sockaddr *sa;
char *cp;
@@ -1492,6 +1496,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
case RTA_LABEL:
sa_rl = (struct sockaddr_rtlabel *)sa;
break;
+#ifdef BFD
+   case RTA_BFD:
+   sa_bfd = (struct sockaddr_bfd *)sa;
+   break;
+#endif
}
ADVANCE(cp, sa);
}
@@ -1524,6 +1533,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
printf("\n");
if (sa_rl != NULL)
printf("  label: %s\n", sa_rl->sr_label);
+#ifdef BFD
+   if (sa_bfd)
+   print_sabfd(sa_bfd, rtm->rtm_fmask);
+#endif
 
 #define lock(f)((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
relative_expire = rtm->rtm_rmx.rmx_expire ?
@@ -1626,40 +1639,61 @@ void
 print_bfdmsg(struct rt_msghdr *rtm)
 {
struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
+
+   printf("\n");
+   print_sabfd(>bm_sa, rtm->rtm_fmask);
+   pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
+}
+
+void
+print_sabfd(struct sockaddr_bfd *sa_bfd, int fmask)
+{
struct timeval tv;
 
gettimeofday(, NULL);
 
-   printf(" mode ");
-   switch (bfdm->bm_mode) {
+   printf("BFD:");
+
+   /* only show the state, unless verbose or -bfd */
+   if (!verbose && ((fmask & RTF_BFD) != RTF_BFD)) {
+   printf(" %s\n", bfd_state(sa_bfd->bs_state));
+   return;
+   }
+
+   switch (sa_bfd->bs_mode) {
case BFD_MODE_ASYNC:
-   printf("async");
+   printf(" async");
break;
case BFD_MODE_DEMAND:
-   printf("demand");
+   printf(" demand");
break;
default:
-   printf("unknown %u", bfdm->bm_mode);
+   printf(" unknown %u", sa_bfd->bs_mode);
break;
}
-   printf(" state %s", bfd_state(bfdm->bm_state));
-   printf(" remotestate %s", bfd_state(bfdm->bm_remotestate));
-   printf(" laststate %s", bfd_state(bfdm->bm_laststate));
-
-   printf(" error %d", bfdm->bm_error);
-   printf(" localdiscr %u", bfdm->bm_localdiscr);
-   printf(" remotediscr %u", bfdm->bm_remotediscr);
-   printf(" localdiag %s", bfd_diag(bfdm->bm_localdiag));
-   printf(" remotediag %s", bfd_diag(bfdm->bm_remotediag));
-   printf(" uptime %s", bfd_calc_uptime(tv.tv_sec - bfdm->bm_uptime));
-   printf(" lastuptime %s", bfd_calc_uptime(bfdm->bm_lastuptime));
-
-   

Re: NET_LOCK() pr_sysctl

[Martin Pieuchot]

On 16/01/17(Mon) 23:53, Alexander Bluhm wrote:
> On Mon, Jan 16, 2017 at 08:34:43PM +0100, Alexander Bluhm wrote:
> > If I implement the same trick for newp, I can avoid the "netlock
> > locking against myself" with sysctl on memory mapped files over
> > NFS.  Of course other copyin/copyout paths like pf(4) ioctl(2) still
> > have to be checked.  IPsec pfkey seem to use the sysctl mechanism.
> 
> Hrvoje Popovski has tested the diff and found some ugly
> pmap_unwire: wiring for pmap 0xff00075f5210 va 0x7f7d5000 didn't 
> change!
> kernel printfs.  The happens when sysctl(8) writes a value.
> 
> If oldp and newp are in the same page, I have called uvm_vsunlock()
> twice on the same address.  I have added a simple check that does
> not cover complicated overlappings but catches the common case.
> 
> Also I think PROT_READ for the newp should be enough.
> Does anybody know, why the oldp is mapped PROT_READ | PROT_WRITE?
> Is PROT_WRITE not sufficient?

I don't think this is the way to go.  I'd prefer a solution that work
for the other code paths as well.

netinet/ipsec* vs splsoftnet()

[Martin Pieuchot]

We can remove these splsoftnet()/splx() dances because:

- pr_ctlinput* are now always called at IPL_SOFTNET
- ipsec_adjust_mtu() is only called in ip_output() so at the correct IPL.

ok?

Index: netinet/ipsec_input.c
===
RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.136
diff -u -p -r1.136 ipsec_input.c
--- netinet/ipsec_input.c   2 Sep 2016 09:39:32 -   1.136
+++ netinet/ipsec_input.c   19 Jan 2017 03:59:37 -
@@ -817,7 +817,6 @@ ipsec_common_ctlinput(u_int rdomain, int
 void *v, int proto)
 {
struct ip *ip = v;
-   int s;
 
if (cmd == PRC_MSGSIZE && ip && ip_mtudisc && ip->ip_v == 4) {
struct tdb *tdbp;
@@ -846,21 +845,16 @@ ipsec_common_ctlinput(u_int rdomain, int
 
bcopy((caddr_t)ip + hlen, , sizeof(u_int32_t));
 
-   s = splsoftnet();
tdbp = gettdb(rdomain, spi, (union sockaddr_union *),
proto);
-   if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID) {
-   splx(s);
+   if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID)
return (NULL);
-   }
 
/* Walk the chain backwards to the first tdb */
for (; tdbp; tdbp = tdbp->tdb_inext) {
if (tdbp->tdb_flags & TDBF_INVALID ||
-   (adjust = ipsec_hdrsz(tdbp)) == -1) {
-   splx(s);
+   (adjust = ipsec_hdrsz(tdbp)) == -1)
return (NULL);
-   }
 
mtu -= adjust;
 
@@ -873,8 +867,6 @@ ipsec_common_ctlinput(u_int rdomain, int
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust));
}
-   splx(s);
-   return (NULL);
}
return (NULL);
 }
@@ -890,7 +882,8 @@ udpencap_ctlinput(int cmd, struct sockad
ssize_t adjust;
struct sockaddr_in dst, src;
union sockaddr_union *su_dst, *su_src;
-   int s;
+
+   splsoftassert(IPL_SOFTNET);
 
icp = (struct icmp *)((caddr_t) ip - offsetof(struct icmp, icmp_ip));
mtu = ntohs(icp->icmp_nextmtu);
@@ -913,7 +906,6 @@ udpencap_ctlinput(int cmd, struct sockad
src.sin_addr.s_addr = ip->ip_src.s_addr;
su_src = (union sockaddr_union *)
 
-   s = splsoftnet();
tdbp = gettdbbysrcdst(rdomain, 0, su_src, su_dst, IPPROTO_ESP);
 
for (; tdbp != NULL; tdbp = tdbp->tdb_snext) {
@@ -934,7 +926,6 @@ udpencap_ctlinput(int cmd, struct sockad
}
}
}
-   splx(s);
return (NULL);
 }
 
Index: netinet/ipsec_output.c
===
RCS file: /cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.64
diff -u -p -r1.64 ipsec_output.c
--- netinet/ipsec_output.c  11 Oct 2016 22:08:01 -  1.64
+++ netinet/ipsec_output.c  19 Jan 2017 03:57:56 -
@@ -567,9 +567,8 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
struct tdb *tdbp;
struct m_tag *mtag;
ssize_t adjust;
-   int s;
 
-   s = splsoftnet();
+   splsoftassert(IPL_SOFTNET);
 
for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL); mtag;
 mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, mtag)) {
@@ -590,6 +589,4 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust, m));
}
-
-   splx(s);
 }

pfsync(4) vs splsoftnet()

[Martin Pieuchot]

pfsync_update_net_tdb() is only called by pfsync_input() which already
runs at IPL_SOFTNET.  So trade the spl dance for an assert, ok?

Index: net/if_pfsync.c
===
RCS file: /cvs/src/sys/net/if_pfsync.c,v
retrieving revision 1.239
diff -u -p -r1.239 if_pfsync.c
--- net/if_pfsync.c 19 Dec 2016 15:46:28 -  1.239
+++ net/if_pfsync.c 19 Jan 2017 03:52:57 -
@@ -1164,7 +1164,8 @@ void
 pfsync_update_net_tdb(struct pfsync_tdb *pt)
 {
struct tdb  *tdb;
-   int  s;
+
+   splsoftassert(IPL_SOFTNET);
 
/* check for invalid values */
if (ntohl(pt->spi) <= SPI_RESERVED_MAX ||
@@ -1172,7 +1173,6 @@ pfsync_update_net_tdb(struct pfsync_tdb 
 pt->dst.sa.sa_family != AF_INET6))
goto bad;
 
-   s = splsoftnet();
tdb = gettdb(ntohs(pt->rdomain), pt->spi,
(union sockaddr_union *)>dst, pt->sproto);
if (tdb) {
@@ -1182,14 +1182,12 @@ pfsync_update_net_tdb(struct pfsync_tdb 
/* Neither replay nor byte counter should ever decrease. */
if (pt->rpl < tdb->tdb_rpl ||
pt->cur_bytes < tdb->tdb_cur_bytes) {
-   splx(s);
goto bad;
}
 
tdb->tdb_rpl = pt->rpl;
tdb->tdb_cur_bytes = pt->cur_bytes;
}
-   splx(s);
return;
 
  bad:

Re: [patch] fake pv drivers installation on xen

[Dinar Talypov]

I use Xenserver 7.0 with xencenter management console.
without it doesn't allow shutdown or reboot.
Anyway I'll try with hostctl.

Thanks.

2017-01-18 21:53 GMT+03:00 Mike Belopuhov :

> On Wed, Jan 18, 2017 at 21:23 +0300, Dinar Talypov wrote:
> > +void
> > +xen_inform_host(struct xen_softc *sc)
> > +{
> > + char *os_name;
> > +
> > + /* Fake PV drivers version */
> > + xs_setnum(sc, "attr/PVAddons", "MajorVersion", 6);
> > + xs_setnum(sc, "attr/PVAddons", "MinorVersion", 2);
> > + xs_setnum(sc, "attr/PVAddons", "MicroVersion", 0);
> > + xs_setnum(sc, "attr/PVAddons", "BuildVersion", 76888);
> > + xs_setnum(sc, "attr/PVAddons", "Installed", 1);
> > +
> > + /* Set OS version */
> > + snprintf(os_name, sizeof((char *)ostype) + sizeof((char
> *)osrelease),
> > + "%s %s", ostype, osrelease);
>
> and btw, here you're corrupting kernel memory since os_name is
> an uninitialized pointer :-)
>

Re: [patch] fake pv drivers installation on xen

[Mike Belopuhov]

On Wed, Jan 18, 2017 at 21:23 +0300, Dinar Talypov wrote:
> +void
> +xen_inform_host(struct xen_softc *sc)
> +{
> + char *os_name;
> + 
> + /* Fake PV drivers version */
> + xs_setnum(sc, "attr/PVAddons", "MajorVersion", 6);
> + xs_setnum(sc, "attr/PVAddons", "MinorVersion", 2);
> + xs_setnum(sc, "attr/PVAddons", "MicroVersion", 0);
> + xs_setnum(sc, "attr/PVAddons", "BuildVersion", 76888);
> + xs_setnum(sc, "attr/PVAddons", "Installed", 1);
> +
> + /* Set OS version */
> + snprintf(os_name, sizeof((char *)ostype) + sizeof((char *)osrelease),
> + "%s %s", ostype, osrelease);

and btw, here you're corrupting kernel memory since os_name is
an uninitialized pointer :-)

Re: [patch] fake pv drivers installation on xen

[Mike Belopuhov]

On Wed, Jan 18, 2017 at 21:23 +0300, Dinar Talypov wrote:
> 
> Hi,
>

Privet, Dinar!

> The patch below fakes pv drivers installation.
> Version numbers are taken from FreeBSD sysutils/xe-guest-utilities.
> With this xen allows reboot or shutdown OpenBSD guest.
>

Which Xen version or what environment requires such properties?
Neither plain Xen 4.5+ on Ubuntu nor EC2 version have the "attr"
subtree and you can reboot and/or shutdown OpenBSD guests there
without any issues (for instance via xl on Ubuntu).

> Index: sys/dev/pv/xen.c
> ===
> RCS file: /cvs/src/sys/dev/pv/xen.c,v
> retrieving revision 1.71
> diff -u -p -u -r1.71 xen.c
> --- sys/dev/pv/xen.c  10 Jan 2017 17:16:39 -  1.71
> +++ sys/dev/pv/xen.c  18 Jan 2017 18:05:27 -
> @@ -35,6 +35,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -75,6 +76,7 @@ voidxen_disable_emulated_devices(struct
>  int  xen_match(struct device *, void *, void *);
>  void xen_attach(struct device *, struct device *, void *);
>  void xen_deferred(struct device *);
> +void xen_inform_host(struct xen_softc *);
>  void xen_control(void *);
>  void xen_hotplug(void *);
>  void xen_resume(struct device *);
> @@ -194,6 +196,29 @@ xen_deferred(struct device *self)
>   xen_control, sc))
>   printf("%s: failed to setup shutdown control watch\n",
>   sc->sc_dev.dv_xname);
> + xen_inform_host(sc);
> +}
> +void
> +xen_inform_host(struct xen_softc *sc)
> +{
> + char *os_name;
> + 
> + /* Fake PV drivers version */
> + xs_setnum(sc, "attr/PVAddons", "MajorVersion", 6);
> + xs_setnum(sc, "attr/PVAddons", "MinorVersion", 2);
> + xs_setnum(sc, "attr/PVAddons", "MicroVersion", 0);
> + xs_setnum(sc, "attr/PVAddons", "BuildVersion", 76888);

Where did you get this build version number from?
It looks rather arbitrary.

> + xs_setnum(sc, "attr/PVAddons", "Installed", 1);
> +
> + /* Set OS version */
> + snprintf(os_name, sizeof((char *)ostype) + sizeof((char *)osrelease),
> + "%s %s", ostype, osrelease);
> + xs_setprop(sc, "data", "os_name", (char *)os_name, strlen(os_name));
> + xs_setprop(sc, "data", "os_uname", (char *)osrelease, 
> strlen(osrelease));
> + xs_setprop(sc, "data", "os_distro", (char *)ostype, strlen(ostype));
> +
> + /* Update xenstore */
> + xs_setnum(sc, "data", "updated", 1);
>  }
>  
>  void
> 

In any case you can set these values yourself with hostctl(8),
i.e. 'hostctl attr/PVAddons/BuildVersion 123456'.  There should
be no need to do that from the kernel.

[patch] fake pv drivers installation on xen

[Dinar Talypov]

Hi,

The patch below fakes pv drivers installation.
Version numbers are taken from FreeBSD sysutils/xe-guest-utilities.
With this xen allows reboot or shutdown OpenBSD guest.

Index: sys/dev/pv/xen.c
===
RCS file: /cvs/src/sys/dev/pv/xen.c,v
retrieving revision 1.71
diff -u -p -u -r1.71 xen.c
--- sys/dev/pv/xen.c10 Jan 2017 17:16:39 -  1.71
+++ sys/dev/pv/xen.c18 Jan 2017 18:05:27 -
@@ -35,6 +35,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -75,6 +76,7 @@ void  xen_disable_emulated_devices(struct
 intxen_match(struct device *, void *, void *);
 void   xen_attach(struct device *, struct device *, void *);
 void   xen_deferred(struct device *);
+void   xen_inform_host(struct xen_softc *);
 void   xen_control(void *);
 void   xen_hotplug(void *);
 void   xen_resume(struct device *);
@@ -194,6 +196,29 @@ xen_deferred(struct device *self)
xen_control, sc))
printf("%s: failed to setup shutdown control watch\n",
sc->sc_dev.dv_xname);
+   xen_inform_host(sc);
+}
+void
+xen_inform_host(struct xen_softc *sc)
+{
+   char *os_name;
+   
+   /* Fake PV drivers version */
+   xs_setnum(sc, "attr/PVAddons", "MajorVersion", 6);
+   xs_setnum(sc, "attr/PVAddons", "MinorVersion", 2);
+   xs_setnum(sc, "attr/PVAddons", "MicroVersion", 0);
+   xs_setnum(sc, "attr/PVAddons", "BuildVersion", 76888);
+   xs_setnum(sc, "attr/PVAddons", "Installed", 1);
+
+   /* Set OS version */
+   snprintf(os_name, sizeof((char *)ostype) + sizeof((char *)osrelease),
+   "%s %s", ostype, osrelease);
+   xs_setprop(sc, "data", "os_name", (char *)os_name, strlen(os_name));
+   xs_setprop(sc, "data", "os_uname", (char *)osrelease, 
strlen(osrelease));
+   xs_setprop(sc, "data", "os_distro", (char *)ostype, strlen(ostype));
+
+   /* Update xenstore */
+   xs_setnum(sc, "data", "updated", 1);
 }
 
 void

IPv6 Atomic Fragments Considered Harmful

[Alexander Bluhm]

Hi,

There is a new RFC 8021 "IPv6 Atomic Fragments Considered Harmful".

Someone has even created CVE-2016-10142 because of it.  I don't
think that the constructed attacks are a big issue and I think that
similar attacks are still possible.  We prevent atomic fragments
for MTU < 1280 now.  But the same attacks can be done for MTU >=
1280.  Then real fragments get dropped by misbehaving routers.  It
does get better for TCP as fragments are not generated anymore.

Anyway, this RFC allows to remove some code, so it is good.

ok?

bluhm

Index: netinet6/icmp6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.195
diff -u -p -r1.195 icmp6.c
--- netinet6/icmp6.c19 Dec 2016 08:36:50 -  1.195
+++ netinet6/icmp6.c18 Jan 2017 15:51:28 -
@@ -981,11 +981,7 @@ icmp6_mtudisc_update(struct ip6ctlparam 
struct rtentry *rt = NULL;
struct sockaddr_in6 sin6;
 
-   /*
-* The MTU may not be less then the minimal IPv6 MTU except for the
-* hack in ip6_output/ip6_setpmtu where we always include a frag header.
-*/
-   if (mtu < IPV6_MMTU - sizeof(struct ip6_frag))
+   if (mtu < IPV6_MMTU)
return;
 
/*
Index: netinet6/ip6_output.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.220
diff -u -p -r1.220 ip6_output.c
--- netinet6/ip6_output.c   10 Jan 2017 09:04:19 -  1.220
+++ netinet6/ip6_output.c   18 Jan 2017 14:06:30 -
@@ -126,7 +126,7 @@ int ip6_insertfraghdr(struct mbuf *, str
struct ip6_frag **);
 int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t);
 int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *);
-int ip6_getpmtu(struct rtentry *, struct ifnet *, u_long *, int *);
+int ip6_getpmtu(struct rtentry *, struct ifnet *, u_long *);
 int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int);
 static __inline u_int16_t __attribute__((__unused__))
 in6_cksum_phdr(const struct in6_addr *, const struct in6_addr *,
@@ -160,7 +160,7 @@ ip6_output(struct mbuf *m0, struct ip6_p
struct sockaddr_in6 *dst, dstsock;
int error = 0;
u_long mtu;
-   int alwaysfrag, dontfrag;
+   int dontfrag;
u_int16_t src_scope, dst_scope;
u_int32_t optlen = 0, plen = 0, unfragpartlen = 0;
struct ip6_exthdrs exthdrs;
@@ -555,7 +555,7 @@ reroute:
}
 
/* Determine path MTU. */
-   if ((error = ip6_getpmtu(ro_pmtu->ro_rt, ifp, , )) != 0)
+   if ((error = ip6_getpmtu(ro_pmtu->ro_rt, ifp, )) != 0)
goto bad;
 
/*
@@ -654,19 +654,13 @@ reroute:
 * If necessary, do IPv6 fragmentation before sending.
 *
 * the logic here is rather complex:
-* 1: normal case (dontfrag == 0, alwaysfrag == 0)
+* 1: normal case (dontfrag == 0)
 * 1-a: send as is if tlen <= path mtu
 * 1-b: fragment if tlen > path mtu
 *
 * 2: if user asks us not to fragment (dontfrag == 1)
 * 2-a: send as is if tlen <= interface mtu
 * 2-b: error if tlen > interface mtu
-*
-* 3: if we always need to attach fragment header (alwaysfrag == 1)
-*  always fragment
-*
-* 4: if dontfrag == 1 && alwaysfrag == 1
-*  error, as we cannot handle this conflicting request
 */
tlen = m->m_pkthdr.len;
 
@@ -674,11 +668,6 @@ reroute:
dontfrag = 1;
else
dontfrag = 0;
-   if (dontfrag && alwaysfrag) {   /* case 4 */
-   /* conflicting request - can't transmit */
-   error = EMSGSIZE;
-   goto bad;
-   }
if (dontfrag && tlen > ifp->if_mtu) {   /* case 2-b */
error = EMSGSIZE;
goto bad;
@@ -687,13 +676,13 @@ reroute:
/*
 * transmit packet without fragmentation
 */
-   if (dontfrag || (!alwaysfrag && tlen <= mtu)) { /* case 1-a and 2-a */
+   if (dontfrag || (tlen <= mtu)) {/* case 1-a and 2-a */
error = ifp->if_output(ifp, m, sin6tosa(dst), ro->ro_rt);
goto done;
}
 
/*
-* try to fragment the packet.  case 1-b and 3
+* try to fragment the packet.  case 1-b
 */
if (mtu < IPV6_MMTU) {
/* path MTU cannot be less than IPV6_MMTU */
@@ -1021,11 +1010,9 @@ ip6_insertfraghdr(struct mbuf *m0, struc
 }
 
 int
-ip6_getpmtu(struct rtentry *rt, struct ifnet *ifp, u_long *mtup,
-int *alwaysfragp)
+ip6_getpmtu(struct rtentry *rt, struct ifnet *ifp, u_long *mtup)
 {
u_int32_t mtu = 0;
-   int alwaysfrag = 0;
int error = 0;
 
if (rt != NULL) {
@@ -1033,15 +1020,7 @@ ip6_getpmtu(struct rtentry *rt, struct i
if (mtu == 0)
 

Enable building wsfontload on Loongson

[Frederic Cambus]

Hi tech@,

Here is a diff to enable building wsfontload on Loongson.

Builds and works correctly, allowing loading and using custom fonts.

Comments? OK?

Index: distrib/sets/lists/base/md.loongson
===
RCS file: /cvs/src/distrib/sets/lists/base/md.loongson,v
retrieving revision 1.433
diff -u -p -r1.433 md.loongson
--- distrib/sets/lists/base/md.loongson 9 Nov 2016 16:24:17 -   1.433
+++ distrib/sets/lists/base/md.loongson 18 Jan 2017 11:55:56 -
@@ -452,4 +452,5 @@
 ./usr/sbin/hotplugd
 ./usr/sbin/pcidump
 ./usr/sbin/wsconscfg
+./usr/sbin/wsfontload
 ./usr/sbin/zzz
Index: usr.sbin/wsfontload/Makefile
===
RCS file: /cvs/src/usr.sbin/wsfontload/Makefile,v
retrieving revision 1.15
diff -u -p -r1.15 Makefile
--- usr.sbin/wsfontload/Makefile3 Sep 2016 13:37:46 -   1.15
+++ usr.sbin/wsfontload/Makefile18 Jan 2017 11:55:57 -
@@ -1,7 +1,8 @@
 #  $OpenBSD: Makefile,v 1.15 2016/09/03 13:37:46 guenther Exp $
 
 .if ${MACHINE} == "i386" || ${MACHINE} == "amd64" || \
-${MACHINE} == "alpha" || ${MACHINE} == "hppa"
+${MACHINE} == "alpha" || ${MACHINE} == "hppa" || \
+${MACHINE} == "loongson"
 
 PROG=  wsfontload
 SRCS=  wsfontload.c

Re: 11n support for athn(4)

[Stefan Sperling]

On Wed, Jan 18, 2017 at 09:19:28AM +0100, Uwe Werler wrote:
> On 16. Jan 17:46:48, Uwe Werler wrote:
> > 
> > Unfortunately the throughput is very low, only ~7 MBit. With mode 11g I get 
> > ~16 MBit.
> > 
> > 
> > zarathustra:~# tcpbench apu01
> >   elapsed_ms  bytes mbps   bwidth
> > 1004 7482725.962  100.00%
> > Conn:   1 Mbps:5.962 Peak Mbps:5.962 Avg Mbps:5.962
> > 2007 8396646.697  100.00%
> > Conn:   1 Mbps:6.697 Peak Mbps:6.697 Avg Mbps:6.697
> > 3010 8182446.533  100.00%
> > Conn:   1 Mbps:6.533 Peak Mbps:6.697 Avg Mbps:6.533
> > 4013 9096367.255  100.00%
> > Conn:   1 Mbps:7.255 Peak Mbps:7.255 Avg Mbps:7.255
> > 5014 8568006.848  100.00%
> > Conn:   1 Mbps:6.848 Peak Mbps:7.255 Avg Mbps:6.848
> > 6015 8682246.946  100.00%
> > Conn:   1 Mbps:6.946 Peak Mbps:7.255 Avg Mbps:6.946
> > 7021 8725086.945  100.00%
> > Conn:   1 Mbps:6.945 Peak Mbps:7.255 Avg Mbps:6.945
> > 8023 8353806.670  100.00%
> > Conn:   1 Mbps:6.670 Peak Mbps:7.255 Avg Mbps:6.670
> > 9025 8482326.779  100.00%
> > Conn:   1 Mbps:6.779 Peak Mbps:7.255 Avg Mbps:6.779
> >10028 8439486.731  100.00%
> > Conn:   1 Mbps:6.731 Peak Mbps:7.255 Avg Mbps:6.731
> >11036 8310966.596  100.00%
> > Conn:   1 Mbps:6.596 Peak Mbps:7.255 Avg Mbps:6.596
> > 
> > I'm now ready to test furhter.
> > 
> 
> I tested yesterday with my Android phone (Galaxy S7) and got only ~4 MBit.

Thank you for providing these numbers.

I would like to note though that there are many factors determining the
effective throughput of wifi, ranging from wifi hardware, across OS and
driver code, to specific AP/client behaviour and environmental RF conditions.

So when you report a number, you help with establishing a picture of the
overall range of throughput people are seeing. But a number does not tell
anybody anything about why throughput is lower than expected in your case.
So this number cannot be used to actually improve the driver.
It is just a data point.

What would help a small bit is a direct comparison with Linux running on the
same access point hardware in the exact same environment. That would indicate
which performance levels could be reached in your environment if OpenBSD was
optimally tuned. I assume Linux has reached optimal performance levels on
this several years old hardware by now.

In my testing I have noticed that Intel clients send data much faster than
athn APs/clients do. The AP is able to receive higher data rates than it
is sending. I don't know why that is happening and under which conditions
this is to be expected. But it points to a problem with the athn driver.
Perhaps the hardware is not tuned towards the specific way in which our
driver makes use of it.

For now, I am happy if your AP works without crashing.
As mentioned in the driver's man page, our 11n support is still incomplete
and a whole lot remains to be done.

Re: 11n support for athn(4)

[Uwe Werler]

On 16. Jan 17:46:48, Uwe Werler wrote:
> 
> Unfortunately the throughput is very low, only ~7 MBit. With mode 11g I get 
> ~16 MBit.
> 
> 
> zarathustra:~# tcpbench apu01
>   elapsed_ms  bytes mbps   bwidth
> 1004 7482725.962  100.00%
> Conn:   1 Mbps:5.962 Peak Mbps:5.962 Avg Mbps:5.962
> 2007 8396646.697  100.00%
> Conn:   1 Mbps:6.697 Peak Mbps:6.697 Avg Mbps:6.697
> 3010 8182446.533  100.00%
> Conn:   1 Mbps:6.533 Peak Mbps:6.697 Avg Mbps:6.533
> 4013 9096367.255  100.00%
> Conn:   1 Mbps:7.255 Peak Mbps:7.255 Avg Mbps:7.255
> 5014 8568006.848  100.00%
> Conn:   1 Mbps:6.848 Peak Mbps:7.255 Avg Mbps:6.848
> 6015 8682246.946  100.00%
> Conn:   1 Mbps:6.946 Peak Mbps:7.255 Avg Mbps:6.946
> 7021 8725086.945  100.00%
> Conn:   1 Mbps:6.945 Peak Mbps:7.255 Avg Mbps:6.945
> 8023 8353806.670  100.00%
> Conn:   1 Mbps:6.670 Peak Mbps:7.255 Avg Mbps:6.670
> 9025 8482326.779  100.00%
> Conn:   1 Mbps:6.779 Peak Mbps:7.255 Avg Mbps:6.779
>10028 8439486.731  100.00%
> Conn:   1 Mbps:6.731 Peak Mbps:7.255 Avg Mbps:6.731
>11036 8310966.596  100.00%
> Conn:   1 Mbps:6.596 Peak Mbps:7.255 Avg Mbps:6.596
> 
> I'm now ready to test furhter.
> 

I tested yesterday with my Android phone (Galaxy S7) and got only ~4 MBit.