Re: pflow(4) percpu counters

2017-02-20 Thread Jeremie Courreges-Anglas 
Florian Obser  writes:

> On Sat, Feb 18, 2017 at 06:06:01PM +0100, Jeremie Courreges-Anglas wrote:
>> 
>> This one is a bit weird, the driver doesn't just increment the stats but
>> also uses them at runtime, hence the additional helper functions.
>
> I'm wondering if we should just drop the reading.
> We have two cases, the init case and the packet sending case.
> First the sending case:
> Isn't this always true?
>   if (pflowstats.pflow_flows == sc->sc_gcounter)
> If yes we can just skip that and do the inc.
>
> The init case tries to preserve the flow counter betwen ifdown/ifup
> Maybe we should just init the global counter to 0, like on reboot.
> Benno?

  revision 1.9
  date: 2009/01/03 21:47:32;  author: gollo;  state: Exp;  lines: +11 -7;
  sync flow sequence ids on all used pflow interfaces.

Right now I can't tell whether this change makes little or a lot of
sense, so I'd better not touch this.  :)

In any case, the use of the counters API in this first diff doesn't
make sense, please disregard it.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: npppd: reload enables stripping NT domains on radius

2017-02-20 Thread Patrick Wildt 
On Tue, Feb 21, 2017 at 02:11:05PM +0900, YASUOKA Masahiko wrote:
> Hi,
> 
> On Mon, 20 Feb 2017 11:38:19 +0100
> Patrick Wildt  wrote:
> > when using RADIUS, the NT domains should not be stripped from the
> > username.
> 
> I suppose it depends on the use-case.
> 
> npppd.conf(5) mentions "strip-nt-domain" is "yes" by default and
> adding "strip-nt-domain no" in "authentication  type radius"
> section of npppd.conf should be able to change that behavior.
> 
>   authentication RADIUS type radius {
>   strip-nt-domain no
>   authentication-server {
> :
> 
> Doesn't this help?
> 
> > When a base object is instantiated based on an auth object,
> > the "strip_nt_domain" variable is always enforced to zero in case of
> > using RADIUS.  The auth object itself though has it set to one by
> > default.
> > 
> > Now on configuration reload in npppd_auth_reload(), the value is copied
> > from the corresponding auth object to the base object.
> > 
> > base->strip_nt_domain = auth->strip_nt_domain;
> > 
> > Unfortunately in the case of RADIUS, this means that the RADIUS base
> > object gets overridden.  So in that case reset it to zero like it's
> > done in npppd_auth_create().
> 
> Thank you for pointing this out.
> 
> Code in npppd_auth.c seems to be misleading.  I'd like to make it
> clear that the default values always come from the configuration like
> below.
> 
> diff --git a/usr.sbin/npppd/npppd/npppd_auth.c 
> b/usr.sbin/npppd/npppd/npppd_auth.c
> index 101f8cc..11943c2 100644
> --- a/usr.sbin/npppd/npppd/npppd_auth.c
> +++ b/usr.sbin/npppd/npppd/npppd_auth.c
> @@ -75,8 +75,6 @@ npppd_auth_create(int auth_type, const char *name, void 
> *_npppd)
>   case NPPPD_AUTH_TYPE_LOCAL:
>   if ((base = calloc(1, sizeof(npppd_auth_local))) != NULL) {
>   base->type = NPPPD_AUTH_TYPE_LOCAL;
> - base->strip_nt_domain = 1;
> - base->strip_atmark_realm = 0;
>   strlcpy(base->name, name, sizeof(base->name));
>   base->npppd = _npppd;
>  
> @@ -89,7 +87,6 @@ npppd_auth_create(int auth_type, const char *name, void 
> *_npppd)
>   if ((base = calloc(1, sizeof(npppd_auth_radius))) != NULL) {
>   npppd_auth_radius *_this = (npppd_auth_radius *)base;
>   base->type = NPPPD_AUTH_TYPE_RADIUS;
> - base->strip_nt_domain = 0;
>   strlcpy(base->name, name, sizeof(base->name));
>   base->npppd = _npppd;
>   if ((_this->rad_auth_setting =
> 
> 

I like consistency, so this is better.  While there, please adjust the
manpage, since it is wrong about strip-nt-domain's default value.

ok patrick@

diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 
b/usr.sbin/npppd/npppd/npppd.conf.5
index aef090ea45b..cdfb8331a97 100644
--- a/usr.sbin/npppd/npppd/npppd.conf.5
+++ b/usr.sbin/npppd/npppd/npppd.conf.5
@@ -569,7 +569,7 @@ removes the NT domain prefix,
 such as '\e\eNTDOMAIN\e',
 from the username before contacting the authentication server.
 The default is
-.Dq no .
+.Dq yes .
 .It Ic strip-atmark-realm Ar yes | no
 Specify whether
 .Xr npppd 8

Re: [PATCH] bc(1) should write error messages to standard error

2017-02-20 Thread Otto Moerbeek 
On Tue, Feb 21, 2017 at 07:00:34AM +0100, Otto Moerbeek wrote:

> On Tue, Feb 21, 2017 at 04:08:57AM +0100, Martijn Dekker wrote:
> 
> > Upon encountering a parsing error, bc(1) passes an error message on to
> > dc(1), which writes the error message to standard output along with the
> > normal output.
> > 
> > That is a bug. Error messages should go to standard error instead, as
> > POSIX specifies:
> > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10
> > 
> > GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages
> > to standard error.
> > 
> > Bizarrely, the exit status of bc(1) is left unspecified:
> > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18
> > And indeed, all versions of 'bc' exit with status 0 if there is an input
> > error such as a parsing error, so the exit status cannot be used to
> > catch it. That leaves examining standard error as the only method for a
> > program calling bc(1), such as a shell script, to distinguish between an
> > error state and normal operation. That is, with this bug, there is no
> > way at all.
> > 
> > The following example shell function transparently hardens bc(1) by
> > intercepting standard error and exiting the program or subshell if an
> > error was produced.
> > 
> > bc() {
> > _bc_err=$(command -p bc "$@" 1>&3 2>&1)
> > [ -z "${_bc_err}" ] && return
> > printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2
> > exit 125
> > } 3>&1
> > 
> > The patch below fixes bc(1) so error messages are written directly to
> > standard error and the above shell function works as expected. As a side
> > effect, yyerror() is simplified.
> > 
> > Another side effect is that bc(1) error messages are no longer neatly
> > included in the generated dc(1) source when debugging it using 'bc -c'.
> > But I don't think that is actually a problem; they are just printed to
> > standard error instead. In fact, the patch makes 'bc -c' act like
> > Solaris. If others find this problematic, the patch could be extended to
> > restore the old behaviour only if '-c' is given.
> > 
> > The manual page does not document error message behaviour one way or
> > another. Since the patch implements standard behaviour, no change seems
> > necessary there.
> > 
> > Thanks,
> > 
> > - M.
> > 
> 
> Thanks for the diff. I am now wondering why I wrote it this way
> Likely beacuse the original bc had a similar approach.
> Anyway, I'll try to look at this the coming days,

Indeed, 4.4BSD bc does this:

yyerror( s ) char *s; {
if(ifile > sargc)ss="teletype";
printf("c[%s on line %d, %s]pc\n", s ,ln+1,ss);
fflush(stdout);
cp = cary;
crs = rcrs;
bindx = 0;
lev = 0;
b_sp_nxt = _space[0];
}

My original goal was to make a bc that produced the same dc commands
as the reference implementation I used.

You can now see that your diff skips the 'c' commands an in that
changes behaviour. Pondering if introducing a way to write to
stderr in dc(1) would be better...

-Otto

> 
> > Index: bc.y
> > ===
> > RCS file: /cvs/src/usr.bin/bc/bc.y,v
> > retrieving revision 1.49
> > diff -u -p -r1.49 bc.y
> > --- bc.y23 Nov 2015 09:58:55 -  1.49
> > +++ bc.y21 Feb 2017 02:09:08 -
> > @@ -942,35 +942,25 @@ add_local(ssize_t n)
> >  void
> >  yyerror(char *s)
> >  {
> > -   char*str, *p;
> > int n;
> > 
> > if (yyin != NULL && feof(yyin))
> > -   n = asprintf(, "%s: %s:%d: %s: unexpected EOF",
> > +   n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n",
> > __progname, filename, lineno, s);
> > else if (yytext[0] == '\n')
> > -   n = asprintf(,
> > -   "%s: %s:%d: %s: newline unexpected",
> > +   n = fprintf(stderr,
> > +   "%s: %s:%d: %s: newline unexpected\n",
> > __progname, filename, lineno, s);
> > else if (isspace((unsigned char)yytext[0]) ||
> > !isprint((unsigned char)yytext[0]))
> > -   n = asprintf(,
> > -   "%s: %s:%d: %s: ascii char 0x%02x unexpected",
> > +   n = fprintf(stderr,
> > +   "%s: %s:%d: %s: ascii char 0x%02x unexpected\n",
> > __progname, filename, lineno, s, yytext[0] & 0xff);
> > else
> > -   n = asprintf(, "%s: %s:%d: %s: %s unexpected",
> > +   n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n",
> > __progname, filename, lineno, s, yytext);
> > if (n == -1)
> > err(1, NULL);
> > -
> > -   fputs("c[", stdout);
> > -   for (p = str; *p != '\0'; p++) {
> > -   if (*p == '[' || *p == ']' || *p =='\\')
> > -   putchar('\\');
> > -   putchar(*p);
> > -   }
> > -

set sc_vendor in bcm2835_dwctwo

2017-02-20 Thread Jonathan Gray 
Maybe one day these drivers will attach to a non-Broadcom dwc2
but for now they only match the Broadcom compat strings.

-uhub0 at usb0 configuration 1 interface 0 "vendor 0x DWC2 root hub" rev 
2.00/1.00 addr 1
+uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev 
2.00/1.00 addr 1

Index: armv7/broadcom/bcm2835_dwctwo.c
===
RCS file: /cvs/src/sys/arch/armv7/broadcom/bcm2835_dwctwo.c,v
retrieving revision 1.1
diff -u -p -r1.1 bcm2835_dwctwo.c
--- armv7/broadcom/bcm2835_dwctwo.c 7 Aug 2016 17:46:36 -   1.1
+++ armv7/broadcom/bcm2835_dwctwo.c 20 Feb 2017 11:04:28 -
@@ -135,6 +135,9 @@ bcm_dwctwo_deferred(void *self)
struct bcm_dwctwo_softc *sc = (struct bcm_dwctwo_softc *)self;
int rc;
 
+   strlcpy(sc->sc_dwc2.sc_vendor, "Broadcom",
+   sizeof(sc->sc_dwc2.sc_vendor));
+
rc = dwc2_init(>sc_dwc2);
if (rc != 0)
return;
Index: arm64/dev/bcm2835_dwctwo.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/bcm2835_dwctwo.c,v
retrieving revision 1.1
diff -u -p -r1.1 bcm2835_dwctwo.c
--- arm64/dev/bcm2835_dwctwo.c  23 Jan 2017 08:05:47 -  1.1
+++ arm64/dev/bcm2835_dwctwo.c  20 Feb 2017 11:04:33 -
@@ -124,6 +124,9 @@ bcm_dwctwo_deferred(void *self)
struct bcm_dwctwo_softc *sc = (struct bcm_dwctwo_softc *)self;
int rc;
 
+   strlcpy(sc->sc_dwc2.sc_vendor, "Broadcom",
+   sizeof(sc->sc_dwc2.sc_vendor));
+
rc = dwc2_init(>sc_dwc2);
if (rc != 0)
return;

Re: [PATCH] bc(1) should write error messages to standard error

2017-02-20 Thread Otto Moerbeek 
On Tue, Feb 21, 2017 at 04:08:57AM +0100, Martijn Dekker wrote:

> Upon encountering a parsing error, bc(1) passes an error message on to
> dc(1), which writes the error message to standard output along with the
> normal output.
> 
> That is a bug. Error messages should go to standard error instead, as
> POSIX specifies:
> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10
> 
> GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages
> to standard error.
> 
> Bizarrely, the exit status of bc(1) is left unspecified:
> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18
> And indeed, all versions of 'bc' exit with status 0 if there is an input
> error such as a parsing error, so the exit status cannot be used to
> catch it. That leaves examining standard error as the only method for a
> program calling bc(1), such as a shell script, to distinguish between an
> error state and normal operation. That is, with this bug, there is no
> way at all.
> 
> The following example shell function transparently hardens bc(1) by
> intercepting standard error and exiting the program or subshell if an
> error was produced.
> 
> bc() {
>   _bc_err=$(command -p bc "$@" 1>&3 2>&1)
>   [ -z "${_bc_err}" ] && return
>   printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2
>   exit 125
> } 3>&1
> 
> The patch below fixes bc(1) so error messages are written directly to
> standard error and the above shell function works as expected. As a side
> effect, yyerror() is simplified.
> 
> Another side effect is that bc(1) error messages are no longer neatly
> included in the generated dc(1) source when debugging it using 'bc -c'.
> But I don't think that is actually a problem; they are just printed to
> standard error instead. In fact, the patch makes 'bc -c' act like
> Solaris. If others find this problematic, the patch could be extended to
> restore the old behaviour only if '-c' is given.
> 
> The manual page does not document error message behaviour one way or
> another. Since the patch implements standard behaviour, no change seems
> necessary there.
> 
> Thanks,
> 
> - M.
> 

Thanks for the diff. I am now wondering why I wrote it this way
Likely beacuse the original bc had a similar approach.
Anyway, I'll try to look at this the coming days,

-Otto


> Index: bc.y
> ===
> RCS file: /cvs/src/usr.bin/bc/bc.y,v
> retrieving revision 1.49
> diff -u -p -r1.49 bc.y
> --- bc.y23 Nov 2015 09:58:55 -  1.49
> +++ bc.y21 Feb 2017 02:09:08 -
> @@ -942,35 +942,25 @@ add_local(ssize_t n)
>  void
>  yyerror(char *s)
>  {
> -   char*str, *p;
> int n;
> 
> if (yyin != NULL && feof(yyin))
> -   n = asprintf(, "%s: %s:%d: %s: unexpected EOF",
> +   n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n",
> __progname, filename, lineno, s);
> else if (yytext[0] == '\n')
> -   n = asprintf(,
> -   "%s: %s:%d: %s: newline unexpected",
> +   n = fprintf(stderr,
> +   "%s: %s:%d: %s: newline unexpected\n",
> __progname, filename, lineno, s);
> else if (isspace((unsigned char)yytext[0]) ||
> !isprint((unsigned char)yytext[0]))
> -   n = asprintf(,
> -   "%s: %s:%d: %s: ascii char 0x%02x unexpected",
> +   n = fprintf(stderr,
> +   "%s: %s:%d: %s: ascii char 0x%02x unexpected\n",
> __progname, filename, lineno, s, yytext[0] & 0xff);
> else
> -   n = asprintf(, "%s: %s:%d: %s: %s unexpected",
> +   n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n",
> __progname, filename, lineno, s, yytext);
> if (n == -1)
> err(1, NULL);
> -
> -   fputs("c[", stdout);
> -   for (p = str; *p != '\0'; p++) {
> -   if (*p == '[' || *p == ']' || *p =='\\')
> -   putchar('\\');
> -   putchar(*p);
> -   }
> -   fputs("]pc\n", stdout);
> -   free(str);
>  }
> 
>  void

Re: npppd: reload enables stripping NT domains on radius

2017-02-20 Thread YASUOKA Masahiko 
Hi,

On Mon, 20 Feb 2017 11:38:19 +0100
Patrick Wildt  wrote:
> when using RADIUS, the NT domains should not be stripped from the
> username.

I suppose it depends on the use-case.

npppd.conf(5) mentions "strip-nt-domain" is "yes" by default and
adding "strip-nt-domain no" in "authentication  type radius"
section of npppd.conf should be able to change that behavior.

  authentication RADIUS type radius {
  strip-nt-domain no
  authentication-server {
  :

Doesn't this help?

> When a base object is instantiated based on an auth object,
> the "strip_nt_domain" variable is always enforced to zero in case of
> using RADIUS.  The auth object itself though has it set to one by
> default.
> 
> Now on configuration reload in npppd_auth_reload(), the value is copied
> from the corresponding auth object to the base object.
> 
>   base->strip_nt_domain = auth->strip_nt_domain;
> 
> Unfortunately in the case of RADIUS, this means that the RADIUS base
> object gets overridden.  So in that case reset it to zero like it's
> done in npppd_auth_create().

Thank you for pointing this out.

Code in npppd_auth.c seems to be misleading.  I'd like to make it
clear that the default values always come from the configuration like
below.

diff --git a/usr.sbin/npppd/npppd/npppd_auth.c 
b/usr.sbin/npppd/npppd/npppd_auth.c
index 101f8cc..11943c2 100644
--- a/usr.sbin/npppd/npppd/npppd_auth.c
+++ b/usr.sbin/npppd/npppd/npppd_auth.c
@@ -75,8 +75,6 @@ npppd_auth_create(int auth_type, const char *name, void 
*_npppd)
case NPPPD_AUTH_TYPE_LOCAL:
if ((base = calloc(1, sizeof(npppd_auth_local))) != NULL) {
base->type = NPPPD_AUTH_TYPE_LOCAL;
-   base->strip_nt_domain = 1;
-   base->strip_atmark_realm = 0;
strlcpy(base->name, name, sizeof(base->name));
base->npppd = _npppd;
 
@@ -89,7 +87,6 @@ npppd_auth_create(int auth_type, const char *name, void 
*_npppd)
if ((base = calloc(1, sizeof(npppd_auth_radius))) != NULL) {
npppd_auth_radius *_this = (npppd_auth_radius *)base;
base->type = NPPPD_AUTH_TYPE_RADIUS;
-   base->strip_nt_domain = 0;
strlcpy(base->name, name, sizeof(base->name));
base->npppd = _npppd;
if ((_this->rad_auth_setting =

[PATCH] honor proxy setting in pkg.conf

2017-02-20 Thread Chad Dougherty 
I have a number of OpenBSD instances in an isolated lab environment with 
access to the internet solely through a squid proxy.  I'd like them to 
be able to install packages but I don't want to globally configure proxy 
environment variables because they also communicate with other systems 
that should not go through the proxy.  I propose the addition of the 
"proxy_url" configuration option in /etc/pkg.conf for this purpose.


The patch below works for me.

--
-Chad

Index: pkg.conf.5
===
RCS file: /cvs/src/usr.sbin/pkg_add/pkg.conf.5,v
retrieving revision 1.10
diff -u -p -r1.10 pkg.conf.5
--- pkg.conf.5  5 Feb 2017 14:07:45 -   1.10
+++ pkg.conf.5  21 Feb 2017 02:18:24 -
@@ -83,6 +83,14 @@ installpath += openbsd-mirror.example.or
 .Ed
 .Pp
 should work.
+.It Ar proxy_url
+URL to use to proxy ftp and http requests from the ftp client, e.g.
+.Bd -literal -offset indent
+proxy_url = http://proxy.example.org:3128/
+.Ed
+.Pp
+This setting does not override any existing http_proxy or ftp_proxy
+environment variables.
 .It Ar nochecksum
 Set to
 .Ar yes
cvs server: Diffing OpenBSD
Index: OpenBSD/PackageRepository.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v
retrieving revision 1.140
diff -u -p -r1.140 PackageRepository.pm
--- OpenBSD/PackageRepository.pm6 Feb 2017 16:12:16 - 
1.140

+++ OpenBSD/PackageRepository.pm21 Feb 2017 02:18:25 -
@@ -729,6 +729,10 @@ sub drop_privileges_and_setup_env
PATH => '/bin:/usr/bin'
);

+   if (my $p = $self->{state}->config->value("proxy_url")) {
+   $newenv{"http_proxy"} = $newenv{"ftp_proxy"} = $p;
+   }
+
# copy selected stuff;
for my $k (qw(
TERM

Re: [PATCH] bc(1) should write error messages to standard error

2017-02-20 Thread Martijn Dekker 
Op 21-02-17 om 04:08 schreef Martijn Dekker:
> bc() {
>   _bc_err=$(command -p bc "$@" 1>&3 2>&1)

Correction, the redirections should be the other way around:
_bc_err=$(command -p bc "$@" 2>&1 1>&3)

Sorry about that,

- M.

[PATCH] bc(1) should write error messages to standard error

2017-02-20 Thread Martijn Dekker 
Upon encountering a parsing error, bc(1) passes an error message on to
dc(1), which writes the error message to standard output along with the
normal output.

That is a bug. Error messages should go to standard error instead, as
POSIX specifies:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10

GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages
to standard error.

Bizarrely, the exit status of bc(1) is left unspecified:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18
And indeed, all versions of 'bc' exit with status 0 if there is an input
error such as a parsing error, so the exit status cannot be used to
catch it. That leaves examining standard error as the only method for a
program calling bc(1), such as a shell script, to distinguish between an
error state and normal operation. That is, with this bug, there is no
way at all.

The following example shell function transparently hardens bc(1) by
intercepting standard error and exiting the program or subshell if an
error was produced.

bc() {
_bc_err=$(command -p bc "$@" 1>&3 2>&1)
[ -z "${_bc_err}" ] && return
printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2
exit 125
} 3>&1

The patch below fixes bc(1) so error messages are written directly to
standard error and the above shell function works as expected. As a side
effect, yyerror() is simplified.

Another side effect is that bc(1) error messages are no longer neatly
included in the generated dc(1) source when debugging it using 'bc -c'.
But I don't think that is actually a problem; they are just printed to
standard error instead. In fact, the patch makes 'bc -c' act like
Solaris. If others find this problematic, the patch could be extended to
restore the old behaviour only if '-c' is given.

The manual page does not document error message behaviour one way or
another. Since the patch implements standard behaviour, no change seems
necessary there.

Thanks,

- M.

Index: bc.y
===
RCS file: /cvs/src/usr.bin/bc/bc.y,v
retrieving revision 1.49
diff -u -p -r1.49 bc.y
--- bc.y23 Nov 2015 09:58:55 -  1.49
+++ bc.y21 Feb 2017 02:09:08 -
@@ -942,35 +942,25 @@ add_local(ssize_t n)
 void
 yyerror(char *s)
 {
-   char*str, *p;
int n;

if (yyin != NULL && feof(yyin))
-   n = asprintf(, "%s: %s:%d: %s: unexpected EOF",
+   n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n",
__progname, filename, lineno, s);
else if (yytext[0] == '\n')
-   n = asprintf(,
-   "%s: %s:%d: %s: newline unexpected",
+   n = fprintf(stderr,
+   "%s: %s:%d: %s: newline unexpected\n",
__progname, filename, lineno, s);
else if (isspace((unsigned char)yytext[0]) ||
!isprint((unsigned char)yytext[0]))
-   n = asprintf(,
-   "%s: %s:%d: %s: ascii char 0x%02x unexpected",
+   n = fprintf(stderr,
+   "%s: %s:%d: %s: ascii char 0x%02x unexpected\n",
__progname, filename, lineno, s, yytext[0] & 0xff);
else
-   n = asprintf(, "%s: %s:%d: %s: %s unexpected",
+   n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n",
__progname, filename, lineno, s, yytext);
if (n == -1)
err(1, NULL);
-
-   fputs("c[", stdout);
-   for (p = str; *p != '\0'; p++) {
-   if (*p == '[' || *p == ']' || *p =='\\')
-   putchar('\\');
-   putchar(*p);
-   }
-   fputs("]pc\n", stdout);
-   free(str);
 }

 void

Re: asr: slightly better error reporting for getnameinfo()

2017-02-20 Thread Gilles Chehade 
On Mon, Feb 20, 2017 at 09:37:28PM +0100, Eric Faurot wrote:
> Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails,
> rather than a non-informative EAI_FAIL.  Compare to -1 for error detection
> while here.
> 
> Eric.

ok gilles@


> Index: asr/getaddrinfo_async.c
> ===
> RCS file: /cvs/src/lib/libc/asr/getaddrinfo_async.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 getaddrinfo_async.c
> --- asr/getaddrinfo_async.c   16 Dec 2015 16:32:30 -  1.50
> +++ asr/getaddrinfo_async.c   20 Feb 2017 20:09:25 -
> @@ -191,8 +191,9 @@ getaddrinfo_async_run(struct asr_query *
>  
>   /* Restrict result set to configured address families */
>   if (ai->ai_flags & AI_ADDRCONFIG) {
> - if (addrconfig_setup(as) != 0) {
> - ar->ar_gai_errno = EAI_FAIL;
> + if (addrconfig_setup(as) == -1) {
> + ar->ar_errno = errno;
> + ar->ar_gai_errno = EAI_SYSTEM;
>   async_set_state(as, ASR_STATE_HALT);
>   break;
>   }
> @@ -679,7 +680,7 @@ addrconfig_setup(struct asr_query *as)
>   struct sockaddr_in  *sinp;
>   struct sockaddr_in6 *sin6p;
>  
> - if (getifaddrs() != 0)
> + if (getifaddrs() == -1)
>   return (-1);
>  
>   as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6;
> 

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

ip6_ctloutput - check invalid level first

2017-02-20 Thread David Hill 
Hello -

The *ctloutput functions all check for an invalid level first, except
ip6_ctloutput.  This diff makes ip6_ctloutput do the same.   As a bonus,
we save on indentation.  No functional change.

Index: netinet6/ip6_output.c
===
RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.225
diff -u -p -r1.225 ip6_output.c
--- netinet6/ip6_output.c   9 Feb 2017 15:19:32 -   1.225
+++ netinet6/ip6_output.c   20 Feb 2017 21:02:47 -
@@ -1062,64 +1062,69 @@ ip6_ctloutput(int op, struct socket *so,
privileged = (inp->inp_socket->so_state & SS_PRIV);
uproto = (int)so->so_proto->pr_protocol;
 
-   if (level == IPPROTO_IPV6) {
-   switch (op) {
-   case PRCO_SETOPT:
+   if (level != IPPROTO_IPV6) {
+   if (op == PRCO_SETOPT)
+   m_free(m);
+   return (EINVAL);
+   }
+
+   switch (op) {
+   case PRCO_SETOPT:
+   switch (optname) {
+   /*
+* Use of some Hop-by-Hop options or some
+* Destination options, might require special
+* privilege.  That is, normal applications
+* (without special privilege) might be forbidden
+* from setting certain options in outgoing packets,
+* and might never see certain options in received
+* packets. [RFC 2292 Section 6]
+* KAME specific note:
+*  KAME prevents non-privileged users from sending or
+*  receiving ANY hbh/dst options in order to avoid
+*  overhead of parsing options in the kernel.
+*/
+   case IPV6_RECVHOPOPTS:
+   case IPV6_RECVDSTOPTS:
+   if (!privileged) {
+   error = EPERM;
+   break;
+   }
+   /* FALLTHROUGH */
+   case IPV6_UNICAST_HOPS:
+   case IPV6_MINHOPCOUNT:
+   case IPV6_HOPLIMIT:
+
+   case IPV6_RECVPKTINFO:
+   case IPV6_RECVHOPLIMIT:
+   case IPV6_RECVRTHDR:
+   case IPV6_RECVPATHMTU:
+   case IPV6_RECVTCLASS:
+   case IPV6_V6ONLY:
+   case IPV6_AUTOFLOWLABEL:
+   case IPV6_RECVDSTPORT:
+   if (m == NULL || m->m_len != sizeof(int)) {
+   error = EINVAL;
+   break;
+   }
+   optval = *mtod(m, int *);
switch (optname) {
-   /*
-* Use of some Hop-by-Hop options or some
-* Destination options, might require special
-* privilege.  That is, normal applications
-* (without special privilege) might be forbidden
-* from setting certain options in outgoing packets,
-* and might never see certain options in received
-* packets. [RFC 2292 Section 6]
-* KAME specific note:
-*  KAME prevents non-privileged users from sending or
-*  receiving ANY hbh/dst options in order to avoid
-*  overhead of parsing options in the kernel.
-*/
-   case IPV6_RECVHOPOPTS:
-   case IPV6_RECVDSTOPTS:
-   if (!privileged) {
-   error = EPERM;
-   break;
-   }
-   /* FALLTHROUGH */
-   case IPV6_UNICAST_HOPS:
-   case IPV6_MINHOPCOUNT:
-   case IPV6_HOPLIMIT:
 
-   case IPV6_RECVPKTINFO:
-   case IPV6_RECVHOPLIMIT:
-   case IPV6_RECVRTHDR:
-   case IPV6_RECVPATHMTU:
-   case IPV6_RECVTCLASS:
-   case IPV6_V6ONLY:
-   case IPV6_AUTOFLOWLABEL:
-   case IPV6_RECVDSTPORT:
-   if (m == NULL || m->m_len != sizeof(int)) {
+   case IPV6_UNICAST_HOPS:
+   if (optval < -1 || optval >= 256)
error = EINVAL;
-   break;
+   else {
+   /* -1 = kernel default */
+   inp->inp_hops = optval;
}
-   optval = *mtod(m, int *);
-   switch (optname) {
-
-

Re: don't attempt to build binutils 2.15 on arm64

2017-02-20 Thread Mark Kettenis 

Jonathan Gray schreef op 2017-02-19 03:16:

binutils 2.15 is built for gdb.  There is no support for arm64/aarch64
here and it doesn't build so don't try to.

Manual pages depend on running configure which again doesn't know about
aarch64.


ok kettenis@


Index: Makefile.bsd-wrapper
===
RCS file: /cvs/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile.bsd-wrapper
--- Makefile.bsd-wrapper18 Sep 2016 08:58:13 -  1.85
+++ Makefile.bsd-wrapper17 Feb 2017 10:30:38 -
@@ -2,6 +2,11 @@

 .include 

+.if ${MACHINE} == "arm64"
+NOPROG=yes
+NOMAN=yes
+.else
+
 CFLAGS+=   ${PIE_DEFAULT}
 # This allows moving the whole binutils installation around for
 # testing purposes
@@ -104,6 +109,9 @@ tags:
 BEFOREMAN=config.status

 .PHONY: config
+
+# end MD portion
+.endif

 .include 
 .include

Re: c99 initialize struct protosw

2017-02-20 Thread Mark Kettenis 

David Hill schreef op 2017-02-19 03:22:

Hello -

This moves the 'struct protosw' declarations to use C99 initializers.
Requested by mpi@


With C99 initializers it is no longer necessary to explicitly
initialize zero-initialized members (such as null-pointers).
That could reduce the diff considerably and perhaps make it
more swallowable for folks.



Index: kern/uipc_proto.c
===
RCS file: /cvs/src/sys/kern/uipc_proto.c,v
retrieving revision 1.11
diff -u -p -r1.11 uipc_proto.c
--- kern/uipc_proto.c   5 Feb 2017 07:57:08 -   1.11
+++ kern/uipc_proto.c   19 Feb 2017 02:15:00 -
@@ -49,20 +49,53 @@
 extern struct domain unixdomain;   /* or at least forward */

 struct protosw unixsw[] = {
-{ 
SOCK_STREAM,	,	PF_LOCAL,	PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS,

-  0,   0,  0,  0,
-  uipc_usrreq,
-  0,   0,  0,  0,
+{
+  .pr_type = SOCK_STREAM,
+  .pr_domain   = ,
+  .pr_protocol  = PF_LOCAL,
+  .pr_flags= PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS,
+  .pr_input= NULL,
+  .pr_output   = NULL,
+  .pr_ctlinput = NULL,
+  .pr_ctloutput= NULL,
+  .pr_usrreq   = uipc_usrreq,
+  .pr_init = NULL,
+  .pr_fasttimo = NULL,
+  .pr_slowtimo = NULL,
+  .pr_drain= NULL,
+  .pr_sysctl   = NULL
 },
-{
SOCK_SEQPACKET,, PF_LOCAL,   
PR_ATOMIC|PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS,
-  0,   0,  0,  0,
-  uipc_usrreq,
-  0,   0,  0,  0,
+{
+  .pr_type = SOCK_SEQPACKET,
+  .pr_domain   = ,
+  .pr_protocol = PF_LOCAL,
+  .pr_flags= PR_ATOMIC|PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS,
+  .pr_input= NULL,
+  .pr_output   = NULL,
+  .pr_ctlinput = NULL,
+  .pr_ctloutput= NULL,
+  .pr_usrreq   = uipc_usrreq,
+  .pr_init = NULL,
+  .pr_fasttimo = NULL,
+  .pr_slowtimo = NULL,
+  .pr_drain= NULL,
+  .pr_sysctl   = NULL
 },
-{ SOCK_DGRAM,  ,PF_LOCAL,   PR_ATOMIC|PR_ADDR|PR_RIGHTS,
-  0,   0,  0,  0,
-  uipc_usrreq,
-  0,   0,  0,  0,
+{
+  .pr_type = SOCK_DGRAM,
+  .pr_domain   = ,
+  .pr_protocol = PF_LOCAL,
+  .pr_flags= PR_ATOMIC|PR_ADDR|PR_RIGHTS,
+  .pr_input= NULL,
+  .pr_output   = NULL,
+  .pr_ctlinput = NULL,
+  .pr_ctloutput= NULL,
+  .pr_usrreq   = uipc_usrreq,
+  .pr_init = NULL,
+  .pr_fasttimo = NULL,
+  .pr_slowtimo = NULL,
+  .pr_drain= NULL,
+  .pr_sysctl   = NULL
 }
 };

Index: net/pfkey.c
===
RCS file: /cvs/src/sys/net/pfkey.c,v
retrieving revision 1.36
diff -u -p -r1.36 pfkey.c
--- net/pfkey.c 24 Jan 2017 10:08:30 -  1.36
+++ net/pfkey.c 19 Feb 2017 02:15:00 -
@@ -266,20 +266,20 @@ struct domain pfkeydomain = {
 };

 static struct protosw pfkey_protosw_template = {
-   SOCK_RAW,
-   ,
-   -1, /* protocol */
-   PR_ATOMIC | PR_ADDR,
-   NULL, /* input */
-   (void *) pfkey_output,
-   NULL, /* ctlinput */
-   NULL, /* ctloutput */
-   pfkey_usrreq,
-   NULL, /* init */
-   NULL, /* fasttimo */
-   NULL, /* slowtimo */
-   NULL, /* drain */
-   NULL/* sysctl */
+  .pr_type = SOCK_RAW,
+  .pr_domain   = ,
+  .pr_protocol = -1,
+  .pr_flags= PR_ATOMIC | PR_ADDR,
+  .pr_input= NULL,
+  .pr_output   = (void *) pfkey_output,
+  .pr_ctlinput = NULL,
+  .pr_ctloutput= NULL,
+  .pr_usrreq   = pfkey_usrreq,
+  .pr_init = NULL,
+  .pr_fasttimo = NULL,
+  .pr_slowtimo = NULL,
+  .pr_drain= NULL,
+  .pr_sysctl   = NULL
 };

 int
Index: net/rtsock.c
===
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.222
diff -u -p -r1.222 rtsock.c
--- net/rtsock.c1 Feb 2017 20:59:47 -   1.222
+++ net/rtsock.c19 Feb 2017 02:15:00 -
@@ -1654,13 +1654,23 @@ sysctl_rtable_rtstat(void *oldp, size_t
 extern struct domain routedomain;  /* or at least forward */

 struct protosw routesw[] = {
-{ SOCK_RAW,,   0,  
PR_ATOMIC|PR_ADDR|PR_WANTRCVD,
-  0,   route_output,   0,  route_ctloutput,
-  route_usrreq,
-  raw_init,0,  0,  0,
-  sysctl_rtable,
+{
+  .pr_type = SOCK_RAW,
+  .pr_domain   = ,
+  .pr_protocol = 0,
+  .pr_flags= PR_ATOMIC|PR_ADDR|PR_WANTRCVD,
+  .pr_input= NULL,
+  .pr_output   = route_output,
+  .pr_ctlinput = NULL,
+  .pr_ctloutput= route_ctloutput,
+  .pr_usrreq   = route_usrreq,
+  .pr_init = raw_init,
+  .pr_fasttimo = NULL,
+  .pr_slowtimo = NULL,
+  .pr_drain= NULL,
+  .pr_sysctl   = sysctl_rtable
 }
-};
+};

 struct domain routedomain =
 { PF_ROUTE, "route", route_init, 0, 0,
Index: netinet/in_proto.c
===
RCS file:

Re: asr: slightly better error reporting for getnameinfo()

2017-02-20 Thread Jeremie Courreges-Anglas 
Eric Faurot  writes:

> Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails,
> rather than a non-informative EAI_FAIL.  Compare to -1 for error detection
> while here.

ok jca@

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

asr: slightly better error reporting for getnameinfo()

2017-02-20 Thread Eric Faurot 
Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails,
rather than a non-informative EAI_FAIL.  Compare to -1 for error detection
while here.

Eric.


Index: asr/getaddrinfo_async.c
===
RCS file: /cvs/src/lib/libc/asr/getaddrinfo_async.c,v
retrieving revision 1.50
diff -u -p -r1.50 getaddrinfo_async.c
--- asr/getaddrinfo_async.c 16 Dec 2015 16:32:30 -  1.50
+++ asr/getaddrinfo_async.c 20 Feb 2017 20:09:25 -
@@ -191,8 +191,9 @@ getaddrinfo_async_run(struct asr_query *
 
/* Restrict result set to configured address families */
if (ai->ai_flags & AI_ADDRCONFIG) {
-   if (addrconfig_setup(as) != 0) {
-   ar->ar_gai_errno = EAI_FAIL;
+   if (addrconfig_setup(as) == -1) {
+   ar->ar_errno = errno;
+   ar->ar_gai_errno = EAI_SYSTEM;
async_set_state(as, ASR_STATE_HALT);
break;
}
@@ -679,7 +680,7 @@ addrconfig_setup(struct asr_query *as)
struct sockaddr_in  *sinp;
struct sockaddr_in6 *sin6p;
 
-   if (getifaddrs() != 0)
+   if (getifaddrs() == -1)
return (-1);
 
as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6;

Re: pflow(4) percpu counters

2017-02-20 Thread Florian Obser 
On Sat, Feb 18, 2017 at 06:06:01PM +0100, Jeremie Courreges-Anglas wrote:
> 
> This one is a bit weird, the driver doesn't just increment the stats but
> also uses them at runtime, hence the additional helper functions.

I'm wondering if we should just drop the reading.
We have two cases, the init case and the packet sending case.
First the sending case:
Isn't this always true?
if (pflowstats.pflow_flows == sc->sc_gcounter)
If yes we can just skip that and do the inc.

The init case tries to preserve the flow counter betwen ifdown/ifup
Maybe we should just init the global counter to 0, like on reboot.
Benno?

> 
> ok?
> 
> 
> Index: net/if_pflow.h
> ===
> RCS file: /d/cvs/src/sys/net/if_pflow.h,v
> retrieving revision 1.15
> diff -u -p -r1.15 if_pflow.h
> --- net/if_pflow.h24 Jan 2017 10:08:30 -  1.15
> +++ net/if_pflow.h18 Feb 2017 13:41:35 -
> @@ -263,6 +263,25 @@ struct pflowreq {
>  };
>  
>  #ifdef _KERNEL
> +
> +#include 
> +
> +enum pflowstat_counters {
> + pflows_flows,
> + pflows_packets,
> + pflows_onomem,
> + pflows_oerrors,
> + pflows_ncounters,
> +};
> +
> +extern struct cpumem *pflowcounters;
> +
> +static inline void
> +pflowstat_inc(enum pflowstat_counters c)
> +{
> + counters_inc(pflowcounters, c);
> +}
> +
>  int export_pflow(struct pf_state *);
>  int pflow_sysctl(int *, u_int,  void *, size_t *, void *, size_t);
>  #endif /* _KERNEL */
> Index: net/if_pflow.c
> ===
> RCS file: /d/cvs/src/sys/net/if_pflow.c,v
> retrieving revision 1.74
> diff -u -p -r1.74 if_pflow.c
> --- net/if_pflow.c16 Feb 2017 10:15:12 -  1.74
> +++ net/if_pflow.c18 Feb 2017 13:41:35 -
> @@ -62,7 +62,7 @@
>  #endif
>  
>  SLIST_HEAD(, pflow_softc) pflowif_list;
> -struct pflowstats pflowstats;
> +struct cpumem *pflowcounters;
>  
>  void pflowattach(int);
>  int  pflow_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
> @@ -73,6 +73,8 @@ int pflow_set(struct pflow_softc *, stru
>  void pflow_init_timeouts(struct pflow_softc *);
>  int  pflow_calc_mtu(struct pflow_softc *, int, int);
>  void pflow_setmtu(struct pflow_softc *, int);
> +uint64_t pflowstat_get_flows(void);
> +void pflowstat_update_flows(uint64_t);
>  int  pflowvalidsockaddr(const struct sockaddr *, int);
>  int  pflowioctl(struct ifnet *, u_long, caddr_t);
>  
> @@ -114,6 +116,7 @@ pflowattach(int npflow)
>  {
>   SLIST_INIT(_list);
>   if_clone_attach(_cloner);
> + pflowcounters = counters_alloc(pflows_ncounters);
>  }
>  
>  int
> @@ -283,6 +286,30 @@ pflow_clone_destroy(struct ifnet *ifp)
>   return (error);
>  }
>  
> +uint64_t
> +pflowstat_get_flows(void)
> +{
> + uint64_t*counters, flows;
> + struct counters_ref  ref;
> +
> + counters = counters_enter(, pflowcounters);
> + flows = counters[pflows_flows];
> + counters_leave(, pflowcounters);
> + return flows;
> +}
> +
> +void
> +pflowstat_update_flows(uint64_t gcounter)
> +{
> + uint64_t*counters;
> + struct counters_ref  ref;
> +
> + counters = counters_enter(, pflowcounters);
> + if (counters[pflows_flows] == gcounter)
> + counters[pflows_flows]++;
> + counters_leave(, pflowcounters);
> +}
> +
>  int
>  pflowvalidsockaddr(const struct sockaddr *sa, int ignore_port)
>  {
> @@ -460,7 +487,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd
>   case SIOCSIFFLAGS:
>   if ((ifp->if_flags & IFF_UP) && sc->so != NULL) {
>   ifp->if_flags |= IFF_RUNNING;
> - sc->sc_gcounter=pflowstats.pflow_flows;
> + sc->sc_gcounter = pflowstat_get_flows();
>   /* send templates on startup */
>   if (sc->sc_version == PFLOW_PROTO_10) {
>   /* XXXSMP breaks atomicity */
> @@ -518,7 +545,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd
>  
>   if ((ifp->if_flags & IFF_UP) && sc->so != NULL) {
>   ifp->if_flags |= IFF_RUNNING;
> - sc->sc_gcounter=pflowstats.pflow_flows;
> + sc->sc_gcounter = pflowstat_get_flows();
>   if (sc->sc_version == PFLOW_PROTO_10) {
>   s = splnet();
>   pflow_sendout_ipfix_tmpl(sc);
> @@ -619,14 +646,14 @@ pflow_get_mbuf(struct pflow_softc *sc, u
>  
>   MGETHDR(m, M_DONTWAIT, MT_DATA);
>   if (m == NULL) {
> - pflowstats.pflow_onomem++;
> + pflowstat_inc(pflows_onomem);
>   return (NULL);
>   }
>  
>   MCLGET(m, M_DONTWAIT);
>   if ((m->m_flags & M_EXT) == 0) {
>   m_free(m);
> - pflowstats.pflow_onomem++;
> + pflowstat_inc(pflows_onomem);
>   return (NULL);
>   }
>  
> @@ -865,8 +892,7 @@

Re: struct ipipstat: use 64 bits counters

2017-02-20 Thread Alexander Bluhm 
On Mon, Feb 20, 2017 at 04:30:31PM +0100, Jeremie Courreges-Anglas wrote:
> Jeremie Courreges-Anglas  writes:
> 
> > Using a mix of 32 and 64 bits counters leads to an ugly conversion to
> > percpu counters.  Why not move to 64 bits counters?  struct ipipstat is
> > afaik only used by netstat and ports/shells/nsh (I can cook a fix for
> > the latter).
> >
> > ok?
> 
> ping

OK bluhm@

> 
> > Index: sys/netinet/ip_ipip.h
> > ===
> > RCS file: /d/cvs/src/sys/netinet/ip_ipip.h,v
> > retrieving revision 1.6
> > diff -u -p -r1.6 ip_ipip.h
> > --- sys/netinet/ip_ipip.h   14 Dec 2007 18:33:41 -  1.6
> > +++ sys/netinet/ip_ipip.h   10 Feb 2017 15:48:13 -
> > @@ -43,18 +43,17 @@
> >   * Not quite all the functionality of RFC-1853, but the main idea is there.
> >   */
> >  
> > -struct ipipstat
> > -{
> > -u_int32_t  ipips_ipackets; /* total input packets */
> > -u_int32_t  ipips_opackets; /* total output packets */
> > -u_int32_t  ipips_hdrops;   /* packet shorter than header 
> > shows */
> > -u_int32_t  ipips_qfull;
> > -u_int64_t   ipips_ibytes;
> > -u_int64_t   ipips_obytes;
> > -u_int32_t  ipips_pdrops;   /* packet dropped due to policy 
> > */
> > -u_int32_t  ipips_spoof;/* IP spoofing attempts */
> > -u_int32_t   ipips_family;  /* Protocol family mismatch */
> > -u_int32_t   ipips_unspec;/* Missing tunnel endpoint 
> > address */
> > +struct ipipstat {
> > +u_int64_t  ipips_ipackets; /* total input packets */
> > +u_int64_t  ipips_opackets; /* total output packets */
> > +u_int64_t  ipips_hdrops;   /* packet shorter than header 
> > shows */
> > +u_int64_t  ipips_qfull;
> > +u_int64_t  ipips_ibytes;
> > +u_int64_t  ipips_obytes;
> > +u_int64_t  ipips_pdrops;   /* packet dropped due to policy 
> > */
> > +u_int64_t  ipips_spoof;/* IP spoofing attempts */
> > +u_int64_t  ipips_family;   /* Protocol family mismatch */
> > +u_int64_t  ipips_unspec;/* Missing tunnel endpoint 
> > address */
> >  };
> >  
> >  #define IP4_DEFAULT_TTL0
> > Index: usr.bin/netstat/inet.c
> > ===
> > RCS file: /d/cvs/src/usr.bin/netstat/inet.c,v
> > retrieving revision 1.154
> > diff -u -p -r1.154 inet.c
> > --- usr.bin/netstat/inet.c  7 Feb 2017 18:18:16 -   1.154
> > +++ usr.bin/netstat/inet.c  10 Feb 2017 15:39:13 -
> > @@ -1065,16 +1065,16 @@ ipip_stats(char *name)
> >  #define p(f, m) if (ipipstat.f || sflag <= 1) \
> > printf(m, ipipstat.f, plural(ipipstat.f))
> >  
> > -   p(ipips_ipackets, "\t%u total input packet%s\n");
> > -   p(ipips_opackets, "\t%u total output packet%s\n");
> > -   p(ipips_hdrops, "\t%u packet%s shorter than header shows\n");
> > -   p(ipips_pdrops, "\t%u packet%s dropped due to policy\n");
> > -   p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
> > -   p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n");
> > +   p(ipips_ipackets, "\t%llu total input packet%s\n");
> > +   p(ipips_opackets, "\t%llu total output packet%s\n");
> > +   p(ipips_hdrops, "\t%llu packet%s shorter than header shows\n");
> > +   p(ipips_pdrops, "\t%llu packet%s dropped due to policy\n");
> > +   p(ipips_spoof, "\t%llu packet%s with possibly spoofed local 
> > addresses\n");
> > +   p(ipips_qfull, "\t%llu packet%s were dropped due to full output 
> > queue\n");
> > p(ipips_ibytes, "\t%llu input byte%s\n");
> > p(ipips_obytes, "\t%llu output byte%s\n");
> > -   p(ipips_family, "\t%u protocol family mismatche%s\n");
> > -   p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified 
> > endpoint(s)\n");
> > +   p(ipips_family, "\t%llu protocol family mismatche%s\n");
> > +   p(ipips_unspec, "\t%llu attempt%s to use tunnel with unspecified 
> > endpoint(s)\n");
> >  #undef p
> >  }
> 
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: inteldrm: setup backlight pwm alternate increment on backlight enable

2017-02-20 Thread joshua stein 
On Fri, 10 Feb 2017 at 10:46:08 +0100, Peter Hessler wrote:
> On 2017 Feb 10 (Fri) at 11:52:20 +1100 (+1100), Jonathan Gray wrote:
> :On Thu, Feb 09, 2017 at 06:39:13PM -0600, joshua stein wrote:
> :> I have no idea why there are chickens involved, but this fixes the
> :> problem on at least the MacBookAir7,1 (Broadwell) where upon S3
> :> resume, the backlight value is treated as 0 or 100 despite reporting
> :> intermediate values, so if the backlight value was anything other
> :> than 100 at suspend time, the screen will stay off upon resume.
> :
> :Chicken bits are overrides for functions like clock gating, if it turns
> :out there is a hardware bug in a particular feature these bits are used
> :to disable them.
> :
> :This diff seems reasonable but it would be nice to get some tests
> :on non-apple broadwell hardware.
> :
> 
> Tested on a broadwell Thinkpad x250, seems fine.  Changed the brightness
> to 40%, then did a few suspend-resumes.

Anyone else have any reports testing this diff?

Re: umb: aggregate packets on tx

2017-02-20 Thread Gerhard Roth 
On Mon, 12 Dec 2016 14:50:50 +0100 Gerhard Roth  wrote:
> The current umb(4) implementation needs one USB transfer for every packet
> that is sent. With the following patch, we can now aggregate several
> packets from the ifq into one single USB transfer.
> 
> This may speed up the tx path. And even if it doesn't, at least it
> reduces the number of transfers required.
> 
> 
> Gerhard
> 

Ping.

Anyone willing to ok this?

(Patch below updated to match current).


Gerhard


Index: sys/dev/usb/if_umb.c
===
RCS file: /cvs/src/sys/dev/usb/if_umb.c,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 if_umb.c
--- sys/dev/usb/if_umb.c22 Jan 2017 10:17:39 -  1.9
+++ sys/dev/usb/if_umb.c20 Feb 2017 07:44:40 -
@@ -156,7 +156,7 @@ int  umb_decode_connect_info(struct umb
 int umb_decode_ip_configuration(struct umb_softc *, void *, int);
 voidumb_rx(struct umb_softc *);
 voidumb_rxeof(struct usbd_xfer *, void *, usbd_status);
-int umb_encap(struct umb_softc *, struct mbuf *);
+int umb_encap(struct umb_softc *);
 voidumb_txeof(struct usbd_xfer *, void *, usbd_status);
 voidumb_decap(struct umb_softc *, struct usbd_xfer *);
 
@@ -299,6 +299,7 @@ umb_attach(struct device *parent, struct
 
sc->sc_udev = uaa->device;
sc->sc_ctrl_ifaceno = uaa->ifaceno;
+   ml_init(>sc_tx_ml);
 
/*
 * Some MBIM hardware does not provide the mandatory CDC Union
@@ -583,8 +584,25 @@ umb_ncm_setup(struct umb_softc *sc)
UGETW(np.wLength) == sizeof (np)) {
sc->sc_rx_bufsz = UGETDW(np.dwNtbInMaxSize);
sc->sc_tx_bufsz = UGETDW(np.dwNtbOutMaxSize);
-   } else
+   sc->sc_maxdgram = UGETW(np.wNtbOutMaxDatagrams);
+   sc->sc_align = UGETW(np.wNdpOutAlignment);
+   sc->sc_ndp_div = UGETW(np.wNdpOutDivisor);
+   sc->sc_ndp_remainder = UGETW(np.wNdpOutPayloadRemainder);
+   /* Validate values */
+   if (!powerof2(sc->sc_align) || sc->sc_align == 0 ||
+   sc->sc_align >= sc->sc_tx_bufsz)
+   sc->sc_align = sizeof (uint32_t);
+   if (!powerof2(sc->sc_ndp_div) || sc->sc_ndp_div == 0 ||
+   sc->sc_ndp_div >= sc->sc_tx_bufsz)
+   sc->sc_ndp_div = sizeof (uint32_t);
+   if (sc->sc_ndp_remainder >= sc->sc_ndp_div)
+   sc->sc_ndp_remainder = 0;
+   } else {
sc->sc_rx_bufsz = sc->sc_tx_bufsz = 8 * 1024;
+   sc->sc_maxdgram = 0;
+   sc->sc_align = sc->sc_ndp_div = sizeof (uint32_t);
+   sc->sc_ndp_remainder = 0;
+   }
 }
 
 int
@@ -593,12 +611,12 @@ umb_alloc_xfers(struct umb_softc *sc)
if (!sc->sc_rx_xfer) {
if ((sc->sc_rx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL)
sc->sc_rx_buf = usbd_alloc_buffer(sc->sc_rx_xfer,
-   sc->sc_rx_bufsz + MBIM_HDR32_LEN);
+   sc->sc_rx_bufsz);
}
if (!sc->sc_tx_xfer) {
if ((sc->sc_tx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL)
sc->sc_tx_buf = usbd_alloc_buffer(sc->sc_tx_xfer,
-   sc->sc_tx_bufsz + MBIM_HDR16_LEN);
+   sc->sc_tx_bufsz);
}
return (sc->sc_rx_buf && sc->sc_tx_buf) ? 1 : 0;
 }
@@ -617,10 +635,7 @@ umb_free_xfers(struct umb_softc *sc)
sc->sc_tx_xfer = NULL;
sc->sc_tx_buf = NULL;
}
-   if (sc->sc_tx_m) {
-   m_freem(sc->sc_tx_m);
-   sc->sc_tx_m = NULL;
-   }
+   ml_purge(>sc_tx_ml);
 }
 
 int
@@ -792,35 +807,91 @@ umb_input(struct ifnet *ifp, struct mbuf
return 1;
 }
 
+static inline int
+umb_align(size_t bufsz, int offs, int alignment, int remainder)
+{
+   size_t   m = alignment - 1;
+   int  align;
+
+   align = (((size_t)offs + m) & ~m) - alignment + remainder;
+   if (align < offs)
+   align += alignment;
+   if (align > bufsz)
+   align = bufsz;
+   return align - offs;
+}
+
+static inline int
+umb_padding(void *buf, size_t bufsz, int offs, int alignment, int remainder)
+{
+   int  nb;
+
+   nb = umb_align(bufsz, offs, alignment, remainder);
+   if (nb > 0)
+   memset(buf + offs, 0, nb);
+   return nb;
+}
+
 void
 umb_start(struct ifnet *ifp)
 {
struct umb_softc *sc = ifp->if_softc;
-   struct mbuf *m_head = NULL;
+   struct mbuf *m = NULL;
+   int  ndgram = 0;
+   int  offs, plen, len, mlen;
+   int  maxalign;
 
if (usbd_is_dying(sc->sc_udev) ||
!(ifp->if_flags & IFF_RUNNING) ||
ifq_is_oactive(>if_snd))
return;
 
-

Re: struct ipipstat: use 64 bits counters

2017-02-20 Thread Jeremie Courreges-Anglas 
Jeremie Courreges-Anglas  writes:

> Using a mix of 32 and 64 bits counters leads to an ugly conversion to
> percpu counters.  Why not move to 64 bits counters?  struct ipipstat is
> afaik only used by netstat and ports/shells/nsh (I can cook a fix for
> the latter).
>
> ok?

ping

> Index: sys/netinet/ip_ipip.h
> ===
> RCS file: /d/cvs/src/sys/netinet/ip_ipip.h,v
> retrieving revision 1.6
> diff -u -p -r1.6 ip_ipip.h
> --- sys/netinet/ip_ipip.h 14 Dec 2007 18:33:41 -  1.6
> +++ sys/netinet/ip_ipip.h 10 Feb 2017 15:48:13 -
> @@ -43,18 +43,17 @@
>   * Not quite all the functionality of RFC-1853, but the main idea is there.
>   */
>  
> -struct ipipstat
> -{
> -u_int32_tipips_ipackets; /* total input packets */
> -u_int32_tipips_opackets; /* total output packets */
> -u_int32_tipips_hdrops;   /* packet shorter than header 
> shows */
> -u_int32_tipips_qfull;
> -u_int64_t   ipips_ibytes;
> -u_int64_t   ipips_obytes;
> -u_int32_tipips_pdrops;   /* packet dropped due to policy 
> */
> -u_int32_tipips_spoof;/* IP spoofing attempts */
> -u_int32_t   ipips_family;/* Protocol family mismatch */
> -u_int32_t   ipips_unspec;/* Missing tunnel endpoint address 
> */
> +struct ipipstat {
> +u_int64_tipips_ipackets; /* total input packets */
> +u_int64_tipips_opackets; /* total output packets */
> +u_int64_tipips_hdrops;   /* packet shorter than header 
> shows */
> +u_int64_tipips_qfull;
> +u_int64_tipips_ibytes;
> +u_int64_tipips_obytes;
> +u_int64_tipips_pdrops;   /* packet dropped due to policy 
> */
> +u_int64_tipips_spoof;/* IP spoofing attempts */
> +u_int64_tipips_family;   /* Protocol family mismatch */
> +u_int64_tipips_unspec;/* Missing tunnel endpoint 
> address */
>  };
>  
>  #define IP4_DEFAULT_TTL0
> Index: usr.bin/netstat/inet.c
> ===
> RCS file: /d/cvs/src/usr.bin/netstat/inet.c,v
> retrieving revision 1.154
> diff -u -p -r1.154 inet.c
> --- usr.bin/netstat/inet.c7 Feb 2017 18:18:16 -   1.154
> +++ usr.bin/netstat/inet.c10 Feb 2017 15:39:13 -
> @@ -1065,16 +1065,16 @@ ipip_stats(char *name)
>  #define p(f, m) if (ipipstat.f || sflag <= 1) \
>   printf(m, ipipstat.f, plural(ipipstat.f))
>  
> - p(ipips_ipackets, "\t%u total input packet%s\n");
> - p(ipips_opackets, "\t%u total output packet%s\n");
> - p(ipips_hdrops, "\t%u packet%s shorter than header shows\n");
> - p(ipips_pdrops, "\t%u packet%s dropped due to policy\n");
> - p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
> - p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n");
> + p(ipips_ipackets, "\t%llu total input packet%s\n");
> + p(ipips_opackets, "\t%llu total output packet%s\n");
> + p(ipips_hdrops, "\t%llu packet%s shorter than header shows\n");
> + p(ipips_pdrops, "\t%llu packet%s dropped due to policy\n");
> + p(ipips_spoof, "\t%llu packet%s with possibly spoofed local 
> addresses\n");
> + p(ipips_qfull, "\t%llu packet%s were dropped due to full output 
> queue\n");
>   p(ipips_ibytes, "\t%llu input byte%s\n");
>   p(ipips_obytes, "\t%llu output byte%s\n");
> - p(ipips_family, "\t%u protocol family mismatche%s\n");
> - p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified 
> endpoint(s)\n");
> + p(ipips_family, "\t%llu protocol family mismatche%s\n");
> + p(ipips_unspec, "\t%llu attempt%s to use tunnel with unspecified 
> endpoint(s)\n");
>  #undef p
>  }


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

[PATCH 5/7] ldpd: implement RFC 5919 (LDP End-of-LIB)

2017-02-20 Thread Renato Westphal 
---
 init.c | 67 +-
 labelmapping.c | 72 ++
 lde.c  | 40 
 lde.h  |  3 +++
 lde_lib.c  | 43 +++
 ldp.h  |  8 +++
 ldpd.8 | 10 
 ldpe.h |  2 ++
 logmsg.c   |  2 ++
 neighbor.c |  1 +
 notification.c | 40 ++--
 11 files changed, 245 insertions(+), 43 deletions(-)

diff --git a/init.c b/init.c
index 2cc89b8..b0dcc8e 100644
--- a/init.c
+++ b/init.c
@@ -27,6 +27,7 @@
 static int gen_init_prms_tlv(struct ibuf *, struct nbr *);
 static int gen_cap_dynamic_tlv(struct ibuf *);
 static int gen_cap_twcard_tlv(struct ibuf *, int);
+static int gen_cap_unotif_tlv(struct ibuf *, int);
 
 void
 send_init(struct nbr *nbr)
@@ -38,7 +39,7 @@ send_init(struct nbr *nbr)
log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
 
size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE +
-   CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE;
+   CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE + CAP_TLV_UNOTIF_SIZE;
if ((buf = ibuf_open(size)) == NULL)
fatal(__func__);
 
@@ -48,6 +49,7 @@ send_init(struct nbr *nbr)
err |= gen_init_prms_tlv(buf, nbr);
err |= gen_cap_dynamic_tlv(buf);
err |= gen_cap_twcard_tlv(buf, 1);
+   err |= gen_cap_unotif_tlv(buf, 1);
if (err) {
ibuf_free(buf);
return;
@@ -168,6 +170,26 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
log_debug("%s: lsr-id %s announced the Typed Wildcard "
"FEC capability", __func__, inet_ntoa(nbr->id));
break;
+   case TLV_TYPE_UNOTIF_CAP:
+   if (tlv_len != CAP_TLV_UNOTIF_LEN) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
+   msg.type);
+   return (-1);
+   }
+
+   if (caps_rcvd & F_CAP_TLV_RCVD_UNOTIF) {
+   session_shutdown(nbr, S_BAD_TLV_VAL, msg.id,
+   msg.type);
+   return (-1);
+   }
+   caps_rcvd |= F_CAP_TLV_RCVD_UNOTIF;
+
+   nbr->flags |= F_NBR_CAP_UNOTIF;
+
+   log_debug("%s: lsr-id %s announced the Unrecognized "
+   "Notification capability", __func__,
+   inet_ntoa(nbr->id));
+   break;
default:
if (!(ntohs(tlv.type) & UNKNOWN_FLAG))
send_notification_rtlvs(nbr, S_UNSSUPORTDCAP,
@@ -218,6 +240,9 @@ send_capability(struct nbr *nbr, uint16_t capability, int 
enable)
case TLV_TYPE_TWCARD_CAP:
err |= gen_cap_twcard_tlv(buf, enable);
break;
+   case TLV_TYPE_UNOTIF_CAP:
+   err |= gen_cap_unotif_tlv(buf, enable);
+   break;
case TLV_TYPE_DYNAMIC_CAP:
/*
 * RFC 5561 - Section 9:
@@ -300,6 +325,32 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len)
"capability", __func__, inet_ntoa(nbr->id),
(enable) ? "announced" : "withdrew");
break;
+   case TLV_TYPE_UNOTIF_CAP:
+   if (tlv_len != CAP_TLV_UNOTIF_LEN) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
+   msg.type);
+   return (-1);
+   }
+
+   if (caps_rcvd & F_CAP_TLV_RCVD_UNOTIF) {
+   session_shutdown(nbr, S_BAD_TLV_VAL, msg.id,
+   msg.type);
+   return (-1);
+   }
+   caps_rcvd |= F_CAP_TLV_RCVD_UNOTIF;
+
+   memcpy(, buf, sizeof(reserved));
+   enable = reserved & STATE_BIT;
+   if (enable)
+   nbr->flags |= F_NBR_CAP_UNOTIF;
+   else
+   nbr->flags &= ~F_NBR_CAP_UNOTIF;
+
+   log_debug("%s: lsr-id %s %s the Unrecognized "
+   "Notification capability", __func__,
+   inet_ntoa(nbr->id), (enable) ? "announced" :
+   "withdrew");
+   break;
case TLV_TYPE_DYNAMIC_CAP:
/*
 * RFC 5561 - Section 9:
@@ -372,3 +423,17 @@ gen_cap_twcard_tlv(struct ibuf *buf, int enable)
 
return

[PATCH 7/7] ldpd: send VPLS MAC withdrawals

2017-02-20 Thread Renato Westphal 
RFC 4762 says that MAC address withdrawal messages can be used to
improve convergence time in VPLS networks. This patch makes ldpd send
MAC withdrawals whenever a non-pseudowire interface pertaining to a VPLS
goes down.

The processing of received MAC withdrawals will be implemented later (need
to figure out first a few things about RFC 4762 that are a bit unclear).
---
 address.c | 77 +--
 kroute.c  |  3 +++
 l2vpn.c   | 29 +++-
 lde.h |  1 +
 ldp.h |  1 +
 ldpd.h|  6 -
 ldpe.c| 24 +++-
 ldpe.h|  1 +
 8 files changed, 127 insertions(+), 15 deletions(-)

diff --git a/address.c b/address.c
index e891173..9609876 100644
--- a/address.c
+++ b/address.c
@@ -28,12 +28,14 @@
 
 static void send_address(struct nbr *, int, struct if_addr_head *,
unsigned int, int);
-static int  gen_address_list_tlv(struct ibuf *, uint16_t, int,
-   struct if_addr_head *, unsigned int);
+static int  gen_address_list_tlv(struct ibuf *, int, struct if_addr_head *,
+   unsigned int);
+static int  gen_mac_list_tlv(struct ibuf *, uint8_t *);
 static void address_list_add(struct if_addr_head *, struct if_addr *);
 static void address_list_clr(struct if_addr_head *);
 static void log_msg_address(int, uint16_t, struct nbr *, int,
union ldpd_addr *);
+static void log_msg_mac_withdrawal(int, struct nbr *, uint8_t *);
 
 static void
 send_address(struct nbr *nbr, int af, struct if_addr_head *addr_list,
@@ -87,8 +89,7 @@ send_address(struct nbr *nbr, int af, struct if_addr_head 
*addr_list,
size -= LDP_HDR_SIZE;
err |= gen_msg_hdr(buf, msg_type, size);
size -= LDP_MSG_SIZE;
-   err |= gen_address_list_tlv(buf, size, af, addr_list,
-   tlv_addr_count);
+   err |= gen_address_list_tlv(buf, af, addr_list, tlv_addr_count);
if (err) {
address_list_clr(addr_list);
ibuf_free(buf);
@@ -139,6 +140,40 @@ send_address_all(struct nbr *nbr, int af)
send_address(nbr, af, _list, addr_count, 0);
 }
 
+void
+send_mac_withdrawal(struct nbr *nbr, struct map *fec, uint8_t *mac)
+{
+   struct ibuf *buf;
+   uint16_t size;
+   int  err;
+
+   size = LDP_HDR_SIZE + LDP_MSG_SIZE + ADDR_LIST_SIZE + len_fec_tlv(fec) +
+   TLV_HDR_SIZE;
+   if (mac)
+   size += ETHER_ADDR_LEN;
+
+   if ((buf = ibuf_open(size)) == NULL)
+   fatal(__func__);
+
+   err = gen_ldp_hdr(buf, size);
+   size -= LDP_HDR_SIZE;
+   err |= gen_msg_hdr(buf, MSG_TYPE_ADDRWITHDRAW, size);
+   size -= LDP_MSG_SIZE;
+   err |= gen_address_list_tlv(buf, AF_INET, NULL, 0);
+   err |= gen_fec_tlv(buf, fec);
+   err |= gen_mac_list_tlv(buf, mac);
+   if (err) {
+   ibuf_free(buf);
+   return;
+   }
+
+   log_msg_mac_withdrawal(1, nbr, mac);
+
+   evbuf_enqueue(>tcp->wbuf, buf);
+
+   nbr_fsm(nbr, NBR_EVT_PDU_SENT);
+}
+
 int
 recv_address(struct nbr *nbr, char *buf, uint16_t len)
 {
@@ -280,8 +315,8 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
 }
 
 static int
-gen_address_list_tlv(struct ibuf *buf, uint16_t size, int af,
-struct if_addr_head *addr_list, unsigned int tlv_addr_count)
+gen_address_list_tlv(struct ibuf *buf, int af, struct if_addr_head *addr_list,
+unsigned int tlv_addr_count)
 {
struct address_list_tlv  alt;
uint16_t addr_size;
@@ -290,7 +325,6 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int 
af,
 
memset(, 0, sizeof(alt));
alt.type = htons(TLV_TYPE_ADDRLIST);
-   alt.length = htons(size - TLV_HDR_SIZE);
 
switch (af) {
case AF_INET:
@@ -304,8 +338,12 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int 
af,
default:
fatalx("gen_address_list_tlv: unknown af");
}
+   alt.length = htons(sizeof(alt.family) + addr_size * tlv_addr_count);
 
err |= ibuf_add(buf, , sizeof(alt));
+   if (addr_list == NULL)
+   return (err);
+
LIST_FOREACH(if_addr, addr_list, entry) {
err |= ibuf_add(buf, _addr->addr, addr_size);
if (--tlv_addr_count == 0)
@@ -315,6 +353,23 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int 
af,
return (err);
 }
 
+static int
+gen_mac_list_tlv(struct ibuf *buf, uint8_t *mac)
+{
+   struct tlv   tlv;
+   int  err;
+
+   memset(, 0, sizeof(tlv));
+   tlv.type = htons(TLV_TYPE_MAC_LIST);
+   if (mac)
+   tlv.length = htons(ETHER_ADDR_LEN);
+   err = ibuf_add(buf, , sizeof(tlv));
+   if (mac)
+   err |= ibuf_add(buf, mac, ETHER_ADDR_LEN);
+
+   return (err);
+}
+

[PATCH 6/7] ldpd: fix parsing of optional tlvs in address messages

2017-02-20 Thread Renato Westphal 
We were aborting the session upon receipt of MAC Address Withdrawal
messages. Now make the parser aware that optional TLVs are possible in
address messages.
---
 address.c | 73 +++
 1 file changed, 59 insertions(+), 14 deletions(-)

diff --git a/address.c b/address.c
index 9b65511..e891173 100644
--- a/address.c
+++ b/address.c
@@ -144,11 +144,24 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
 {
struct ldp_msg  msg;
uint16_tmsg_type;
-   struct address_list_tlv alt;
enum imsg_type  type;
+   struct address_list_tlv alt;
+   uint16_talt_len;
+   uint16_talt_family;
struct lde_addr lde_addr;
 
memcpy(, buf, sizeof(msg));
+   msg_type = ntohs(msg.type);
+   switch (msg_type) {
+   case MSG_TYPE_ADDR:
+   type = IMSG_ADDRESS_ADD;
+   break;
+   case MSG_TYPE_ADDRWITHDRAW:
+   type = IMSG_ADDRESS_DEL;
+   break;
+   default:
+   fatalx("recv_address: unexpected msg type");
+   }
buf += LDP_MSG_SIZE;
len -= LDP_MSG_SIZE;
 
@@ -157,9 +170,10 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
session_shutdown(nbr, S_BAD_MSG_LEN, msg.id, msg.type);
return (-1);
}
-
memcpy(, buf, sizeof(alt));
-   if (ntohs(alt.length) != len - TLV_HDR_SIZE) {
+   alt_len = ntohs(alt.length);
+   alt_family = ntohs(alt.family);
+   if (alt_len > len - TLV_HDR_SIZE) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type);
return (-1);
}
@@ -167,7 +181,7 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
send_notification(nbr->tcp, S_MISS_MSG, msg.id, msg.type);
return (-1);
}
-   switch (ntohs(alt.family)) {
+   switch (alt_family) {
case AF_IPV4:
if (!nbr->v4_enabled)
/* just ignore the message */
@@ -182,19 +196,15 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
send_notification(nbr->tcp, S_UNSUP_ADDR, msg.id, msg.type);
return (-1);
}
+   alt_len -= sizeof(alt.family);
buf += sizeof(alt);
len -= sizeof(alt);
 
-   msg_type = ntohs(msg.type);
-   if (msg_type == MSG_TYPE_ADDR)
-   type = IMSG_ADDRESS_ADD;
-   else
-   type = IMSG_ADDRESS_DEL;
-
-   while (len > 0) {
-   switch (ntohs(alt.family)) {
+   /* Process all received addresses */
+   while (alt_len > 0) {
+   switch (alt_family) {
case AF_IPV4:
-   if (len < sizeof(struct in_addr)) {
+   if (alt_len < sizeof(struct in_addr)) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
msg.type);
return (-1);
@@ -206,9 +216,10 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
 
buf += sizeof(struct in_addr);
len -= sizeof(struct in_addr);
+   alt_len -= sizeof(struct in_addr);
break;
case AF_IPV6:
-   if (len < sizeof(struct in6_addr)) {
+   if (alt_len < sizeof(struct in6_addr)) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
msg.type);
return (-1);
@@ -220,6 +231,7 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
 
buf += sizeof(struct in6_addr);
len -= sizeof(struct in6_addr);
+   alt_len -= sizeof(struct in6_addr);
break;
default:
fatalx("recv_address: unknown af");
@@ -231,6 +243,39 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len)
sizeof(lde_addr));
}
 
+   /* Optional Parameters */
+   while (len > 0) {
+   struct tlv  tlv;
+   uint16_ttlv_type;
+   uint16_ttlv_len;
+
+   if (len < sizeof(tlv)) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type);
+   return (-1);
+   }
+
+   memcpy(, buf, TLV_HDR_SIZE);
+   tlv_type = ntohs(tlv.type);
+   tlv_len = ntohs(tlv.length);
+   if (tlv_len + TLV_HDR_SIZE > len) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type);
+   return (-1);
+   }
+   buf += TLV_HDR_SIZE;
+   len -= TLV_HDR_SIZE;
+
+   switch (tlv_type) {
+   default:
+

[PATCH 3/7] ldpd: implement RFC 5918 (Typed Wildcard FEC)

2017-02-20 Thread Renato Westphal 
---
 init.c |  68 +++-
 labelmapping.c | 120 -
 lde.c  |  14 +++
 lde.h  |   3 ++
 lde_lib.c  |  56 +++
 ldp.h  |   8 
 ldpd.8 |   9 +
 ldpd.h |   6 +++
 ldpe.h |   1 +
 logmsg.c   |  17 
 10 files changed, 299 insertions(+), 3 deletions(-)

diff --git a/init.c b/init.c
index cc45443..2cc89b8 100644
--- a/init.c
+++ b/init.c
@@ -26,6 +26,7 @@
 
 static int gen_init_prms_tlv(struct ibuf *, struct nbr *);
 static int gen_cap_dynamic_tlv(struct ibuf *);
+static int gen_cap_twcard_tlv(struct ibuf *, int);
 
 void
 send_init(struct nbr *nbr)
@@ -37,7 +38,7 @@ send_init(struct nbr *nbr)
log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
 
size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE +
-   CAP_TLV_DYNAMIC_SIZE;
+   CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE;
if ((buf = ibuf_open(size)) == NULL)
fatal(__func__);
 
@@ -46,6 +47,7 @@ send_init(struct nbr *nbr)
err |= gen_msg_hdr(buf, MSG_TYPE_INIT, size);
err |= gen_init_prms_tlv(buf, nbr);
err |= gen_cap_dynamic_tlv(buf);
+   err |= gen_cap_twcard_tlv(buf, 1);
if (err) {
ibuf_free(buf);
return;
@@ -147,6 +149,25 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
"Capability Announcement capability", __func__,
inet_ntoa(nbr->id));
break;
+   case TLV_TYPE_TWCARD_CAP:
+   if (tlv_len != CAP_TLV_TWCARD_LEN) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
+   msg.type);
+   return (-1);
+   }
+
+   if (caps_rcvd & F_CAP_TLV_RCVD_TWCARD) {
+   session_shutdown(nbr, S_BAD_TLV_VAL, msg.id,
+   msg.type);
+   return (-1);
+   }
+   caps_rcvd |= F_CAP_TLV_RCVD_TWCARD;
+
+   nbr->flags |= F_NBR_CAP_TWCARD;
+
+   log_debug("%s: lsr-id %s announced the Typed Wildcard "
+   "FEC capability", __func__, inet_ntoa(nbr->id));
+   break;
default:
if (!(ntohs(tlv.type) & UNKNOWN_FLAG))
send_notification_rtlvs(nbr, S_UNSSUPORTDCAP,
@@ -194,6 +215,9 @@ send_capability(struct nbr *nbr, uint16_t capability, int 
enable)
err |= gen_msg_hdr(buf, MSG_TYPE_CAPABILITY, size);
 
switch (capability) {
+   case TLV_TYPE_TWCARD_CAP:
+   err |= gen_cap_twcard_tlv(buf, enable);
+   break;
case TLV_TYPE_DYNAMIC_CAP:
/*
 * RFC 5561 - Section 9:
@@ -219,6 +243,8 @@ int
 recv_capability(struct nbr *nbr, char *buf, uint16_t len)
 {
struct ldp_msg   msg;
+   int  enable = 0;
+   int  caps_rcvd = 0;
 
log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
 
@@ -231,6 +257,7 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len)
struct tlv   tlv;
uint16_t tlv_type;
uint16_t tlv_len;
+   uint8_t  reserved;
 
if (len < sizeof(tlv)) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type);
@@ -248,6 +275,31 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len)
len -= TLV_HDR_SIZE;
 
switch (tlv_type) {
+   case TLV_TYPE_TWCARD_CAP:
+   if (tlv_len != CAP_TLV_TWCARD_LEN) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
+   msg.type);
+   return (-1);
+   }
+
+   if (caps_rcvd & F_CAP_TLV_RCVD_TWCARD) {
+   session_shutdown(nbr, S_BAD_TLV_VAL, msg.id,
+   msg.type);
+   return (-1);
+   }
+   caps_rcvd |= F_CAP_TLV_RCVD_TWCARD;
+
+   memcpy(, buf, sizeof(reserved));
+   enable = reserved & STATE_BIT;
+   if (enable)
+   nbr->flags |= F_NBR_CAP_TWCARD;
+   else
+   nbr->flags &= ~F_NBR_CAP_TWCARD;
+
+   log_debug("%s: lsr-id %s %s the Typed Wildcard FEC "
+   "capability", __func__, inet_ntoa(nbr->id),
+   (enable) ? "announced" : "withdrew");
+

[PATCH 4/7] ldpd: implement RFC 6667 (Typed Wildcard FEC for PWid)

2017-02-20 Thread Renato Westphal 
---
 l2vpn.c| 22 +-
 labelmapping.c | 23 +++
 lde.c  | 14 ++
 lde.h  |  2 ++
 lde_lib.c  |  7 +++
 ldp.h  |  3 +++
 ldpd.8 |  9 +
 ldpd.h |  1 +
 logmsg.c   |  8 
 9 files changed, 84 insertions(+), 5 deletions(-)

diff --git a/l2vpn.c b/l2vpn.c
index e79caa8..6da3560 100644
--- a/l2vpn.c
+++ b/l2vpn.c
@@ -347,7 +347,8 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg 
*nm)
struct fec_nh   *fnh;
struct l2vpn_pw *pw;
 
-   if (!(nm->fec.flags & F_MAP_PW_ID)) {
+   if (nm->fec.type == MAP_TYPE_TYPED_WCARD ||
+   !(nm->fec.flags & F_MAP_PW_ID)) {
l2vpn_recv_pw_status_wcard(ln, nm);
return;
}
@@ -385,19 +386,30 @@ l2vpn_recv_pw_status_wcard(struct lde_nbr *ln, struct 
notify_msg *nm)
struct fec_node *fn;
struct fec_nh   *fnh;
struct l2vpn_pw *pw;
+   struct map  *wcard = >fec;
 
RB_FOREACH(f, fec_tree, ) {
fn = (struct fec_node *)f;
if (fn->fec.type != FEC_TYPE_PWID)
continue;
-   if (fn->fec.u.pwid.type != nm->fec.fec.pwid.type)
-   continue;
 
pw = (struct l2vpn_pw *) fn->data;
if (pw == NULL)
continue;
-   if (pw->remote_group != nm->fec.fec.pwid.group_id)
-   continue;
+
+   switch (wcard->type) {
+   case MAP_TYPE_TYPED_WCARD:
+   if (wcard->fec.twcard.u.pw_type != PW_TYPE_WILDCARD &&
+   wcard->fec.twcard.u.pw_type != fn->fec.u.pwid.type)
+   continue;
+   break;
+   case MAP_TYPE_PWID:
+   if (wcard->fec.pwid.type != fn->fec.u.pwid.type)
+   continue;
+   if (wcard->fec.pwid.group_id != pw->remote_group)
+   continue;
+   break;
+   }
 
fnh = fec_nh_find(fn, AF_INET, (union ldpd_addr *)>id, 0);
if (fnh == NULL)
diff --git a/labelmapping.c b/labelmapping.c
index b0e7131..64c5a70 100644
--- a/labelmapping.c
+++ b/labelmapping.c
@@ -97,6 +97,7 @@ send_labelmessage(struct nbr *nbr, uint16_t type, struct 
mapping_head *mh)
msg_size += FEC_ELM_TWCARD_MIN_LEN;
switch (me->map.fec.twcard.type) {
case MAP_TYPE_PREFIX:
+   case MAP_TYPE_PWID:
msg_size += sizeof(uint16_t);
break;
default:
@@ -629,6 +630,7 @@ gen_fec_tlv(struct ibuf *buf, struct map *map)
len = FEC_ELM_TWCARD_MIN_LEN;
switch (map->fec.twcard.type) {
case MAP_TYPE_PREFIX:
+   case MAP_TYPE_PWID:
len += sizeof(uint16_t);
break;
default:
@@ -658,6 +660,12 @@ gen_fec_tlv(struct ibuf *buf, struct map *map)
 
err |= ibuf_add(buf, , sizeof(uint16_t));
break;
+   case MAP_TYPE_PWID:
+   twcard_len = sizeof(uint16_t);
+   err |= ibuf_add(buf, _len, sizeof(uint8_t));
+   pw_type = htons(map->fec.twcard.u.pw_type);
+   err |= ibuf_add(buf, _type, sizeof(uint16_t));
+   break;
default:
fatalx("gen_fec_tlv: unexpected fec type");
}
@@ -863,6 +871,21 @@ tlv_decode_fec_elm(struct nbr *nbr, struct ldp_msg *msg, 
char *buf,
return (-1);
}
break;
+   case MAP_TYPE_PWID:
+   if (twcard_len != sizeof(uint16_t)) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg->id,
+   msg->type);
+   return (-1);
+   }
+
+   memcpy(>fec.twcard.u.pw_type, buf + off,
+   sizeof(uint16_t));
+   map->fec.twcard.u.pw_type =
+   ntohs(map->fec.twcard.u.pw_type);
+   /* ignore the reserved bit as per RFC 6667 */
+   map->fec.twcard.u.pw_type &= ~PW_TWCARD_RESERVED_BIT;
+   off += sizeof(uint16_t);
+   break;
default:
send_notification(nbr->tcp, S_UNKNOWN_FEC, msg->id,
msg->type);
diff --git a/lde.c b/lde.c
index cc8459d..c43801e 100644
--- a/lde.c
+++ b/lde.c
@@ -909,6 +909,20 @@

[PATCH 2/7] ldpd: implement RFC 5561 (LDP Capabilities)

2017-02-20 Thread Renato Westphal 
This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make use of LDP capabilities).
---
 init.c | 152 +++--
 labelmapping.c |   8 +--
 ldp.h  |  18 +++
 ldpd.8 |  11 +
 ldpd.h |   6 +++
 ldpe.h |   5 ++
 logmsg.c   |   4 ++
 notification.c |  55 +++--
 packet.c   |  13 ++---
 9 files changed, 252 insertions(+), 20 deletions(-)

diff --git a/init.c b/init.c
index 2ba9b37..cc45443 100644
--- a/init.c
+++ b/init.c
@@ -25,6 +25,7 @@
 #include "log.h"
 
 static int gen_init_prms_tlv(struct ibuf *, struct nbr *);
+static int gen_cap_dynamic_tlv(struct ibuf *);
 
 void
 send_init(struct nbr *nbr)
@@ -35,15 +36,16 @@ send_init(struct nbr *nbr)
 
log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
 
-   size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE;
+   size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE +
+   CAP_TLV_DYNAMIC_SIZE;
if ((buf = ibuf_open(size)) == NULL)
fatal(__func__);
 
err |= gen_ldp_hdr(buf, size);
size -= LDP_HDR_SIZE;
err |= gen_msg_hdr(buf, MSG_TYPE_INIT, size);
-   size -= LDP_MSG_SIZE;
err |= gen_init_prms_tlv(buf, nbr);
+   err |= gen_cap_dynamic_tlv(buf);
if (err) {
ibuf_free(buf);
return;
@@ -58,6 +60,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
struct ldp_msg  msg;
struct sess_prms_tlvsess;
uint16_tmax_pdu_len;
+   int caps_rcvd = 0;
 
log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
 
@@ -94,6 +97,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
/* Optional Parameters */
while (len > 0) {
struct tlv  tlv;
+   uint16_ttlv_type;
uint16_ttlv_len;
 
if (len < sizeof(tlv)) {
@@ -102,6 +106,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
}
 
memcpy(, buf, TLV_HDR_SIZE);
+   tlv_type = ntohs(tlv.type);
tlv_len = ntohs(tlv.length);
if (tlv_len + TLV_HDR_SIZE > len) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type);
@@ -110,17 +115,42 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
buf += TLV_HDR_SIZE;
len -= TLV_HDR_SIZE;
 
-   switch (ntohs(tlv.type)) {
+   /*
+* RFC 5561 - Section 6:
+* "The S-bit of a Capability Parameter in an Initialization
+* message MUST be 1 and SHOULD be ignored on receipt".
+*/
+   switch (tlv_type) {
case TLV_TYPE_ATMSESSIONPAR:
session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, msg.type);
return (-1);
case TLV_TYPE_FRSESSION:
session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, msg.type);
return (-1);
+   case TLV_TYPE_DYNAMIC_CAP:
+   if (tlv_len != CAP_TLV_DYNAMIC_LEN) {
+   session_shutdown(nbr, S_BAD_TLV_LEN, msg.id,
+   msg.type);
+   return (-1);
+   }
+
+   if (caps_rcvd & F_CAP_TLV_RCVD_DYNAMIC) {
+   session_shutdown(nbr, S_BAD_TLV_VAL, msg.id,
+   msg.type);
+   return (-1);
+   }
+   caps_rcvd |= F_CAP_TLV_RCVD_DYNAMIC;
+
+   nbr->flags |= F_NBR_CAP_DYNAMIC;
+
+   log_debug("%s: lsr-id %s announced the Dynamic "
+   "Capability Announcement capability", __func__,
+   inet_ntoa(nbr->id));
+   break;
default:
if (!(ntohs(tlv.type) & UNKNOWN_FLAG))
-   send_notification(nbr->tcp, S_UNKNOWN_TLV,
-   msg.id, msg.type);
+   send_notification_rtlvs(nbr, S_UNSSUPORTDCAP,
+   msg.id, msg.type, tlv_type, tlv_len, buf);
/* ignore unknown tlv */
break;
}
@@ -146,6 +176,104 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
return (0);
 }
 
+void
+send_capability(struct nbr *nbr, uint16_t capability, int enable)
+{
+   struct ibuf *buf;
+   uint16_t size;
+   int  err = 0;
+
+   log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id));
+
+   size =

[PATCH 1/7] ldpd: implement support for PWid group wildcards

2017-02-20 Thread Renato Westphal 
This was missing from our original RFC 4447 VPLS implementation. Now
ldpd understands group wildcards as mandated by the RFC, but we still
don't send them ourselves. I can't see any case in which sending a group
wildcard would be useful, but nonetheless this patch provides a function
called lde_send_labelwithdraw_pwid_wcard() which is ready to be used in
the future anytime we feel like it might be useful.
---
 l2vpn.c   | 71 ---
 lde.c | 71 ---
 lde.h | 16 ++
 lde_lib.c | 57 +-
 logmsg.c  |  6 +++---
 5 files changed, 167 insertions(+), 54 deletions(-)

diff --git a/l2vpn.c b/l2vpn.c
index 22c9874..e79caa8 100644
--- a/l2vpn.c
+++ b/l2vpn.c
@@ -282,7 +282,7 @@ l2vpn_pw_negotiate(struct lde_nbr *ln, struct fec_node *fn, 
struct map *map)
st.status_code = S_WRONG_CBIT;
st.msg_id = map->msg_id;
st.msg_type = htons(MSG_TYPE_LABELMAPPING);
-   lde_send_labelwithdraw(ln, fn, NO_LABEL, );
+   lde_send_labelwithdraw(ln, fn, NULL, );
 
pw->flags &= ~F_PW_CWORD;
lde_send_labelmapping(ln, fn, 1);
@@ -305,7 +305,7 @@ l2vpn_pw_negotiate(struct lde_nbr *ln, struct fec_node *fn, 
struct map *map)
 }
 
 void
-l2vpn_send_pw_status(uint32_t peerid, uint32_t status, struct fec *fec)
+l2vpn_send_pw_status(struct lde_nbr *ln, uint32_t status, struct fec *fec)
 {
struct notify_msgnm;
 
@@ -316,8 +316,27 @@ l2vpn_send_pw_status(uint32_t peerid, uint32_t status, 
struct fec *fec)
lde_fec2map(fec, );
nm.flags |= F_NOTIF_FEC;
 
-   lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, peerid, 0,
-   , sizeof(nm));
+   lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, ln->peerid, 0, ,
+   sizeof(nm));
+}
+
+void
+l2vpn_send_pw_status_wcard(struct lde_nbr *ln, uint32_t status,
+uint16_t pw_type, uint32_t group_id)
+{
+   struct notify_msgnm;
+
+   memset(, 0, sizeof(nm));
+   nm.status_code = S_PW_STATUS;
+   nm.pw_status = status;
+   nm.flags |= F_NOTIF_PW_STATUS;
+   nm.fec.type = MAP_TYPE_PWID;
+   nm.fec.fec.pwid.type = pw_type;
+   nm.fec.fec.pwid.group_id = group_id;
+   nm.flags |= F_NOTIF_FEC;
+
+   lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, ln->peerid, 0, ,
+   sizeof(nm));
 }
 
 void
@@ -328,9 +347,10 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg 
*nm)
struct fec_nh   *fnh;
struct l2vpn_pw *pw;
 
-   /* TODO group wildcard */
-   if (!(nm->fec.flags & F_MAP_PW_ID))
+   if (!(nm->fec.flags & F_MAP_PW_ID)) {
+   l2vpn_recv_pw_status_wcard(ln, nm);
return;
+   }
 
lde_map2fec(>fec, ln->id, );
fn = (struct fec_node *)fec_find(, );
@@ -349,7 +369,6 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg 
*nm)
/* remote status didn't change */
if (pw->remote_status == nm->pw_status)
return;
-
pw->remote_status = nm->pw_status;
 
if (l2vpn_pw_ok(pw, fnh))
@@ -358,6 +377,44 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg 
*nm)
lde_send_delete_klabel(fn, fnh);
 }
 
+/* RFC4447 PWid group wildcard */
+void
+l2vpn_recv_pw_status_wcard(struct lde_nbr *ln, struct notify_msg *nm)
+{
+   struct fec  *f;
+   struct fec_node *fn;
+   struct fec_nh   *fnh;
+   struct l2vpn_pw *pw;
+
+   RB_FOREACH(f, fec_tree, ) {
+   fn = (struct fec_node *)f;
+   if (fn->fec.type != FEC_TYPE_PWID)
+   continue;
+   if (fn->fec.u.pwid.type != nm->fec.fec.pwid.type)
+   continue;
+
+   pw = (struct l2vpn_pw *) fn->data;
+   if (pw == NULL)
+   continue;
+   if (pw->remote_group != nm->fec.fec.pwid.group_id)
+   continue;
+
+   fnh = fec_nh_find(fn, AF_INET, (union ldpd_addr *)>id, 0);
+   if (fnh == NULL)
+   continue;
+
+   /* remote status didn't change */
+   if (pw->remote_status == nm->pw_status)
+   continue;
+   pw->remote_status = nm->pw_status;
+
+   if (l2vpn_pw_ok(pw, fnh))
+   lde_send_change_klabel(fn, fnh);
+   else
+   lde_send_delete_klabel(fn, fnh);
+   }
+}
+
 void
 l2vpn_sync_pws(int af, union ldpd_addr *addr)
 {
diff --git a/lde.c b/lde.c
index 8e82523..fe44aa6 100644
--- a/lde.c
+++ b/lde.c
@@ -253,16 +253,10 @@ lde_dispatch_imsg(int fd, short event, void *bula)
lde_check_request(, ln);

npppd: reload enables stripping NT domains on radius

2017-02-20 Thread Patrick Wildt 
Hi,

when using RADIUS, the NT domains should not be stripped from the
username.  When a base object is instantiated based on an auth object,
the "strip_nt_domain" variable is always enforced to zero in case of
using RADIUS.  The auth object itself though has it set to one by
default.

Now on configuration reload in npppd_auth_reload(), the value is copied
from the corresponding auth object to the base object.

base->strip_nt_domain = auth->strip_nt_domain;

Unfortunately in the case of RADIUS, this means that the RADIUS base
object gets overridden.  So in that case reset it to zero like it's
done in npppd_auth_create().

ok?

Patrick

diff --git a/usr.sbin/npppd/npppd/npppd_auth.c 
b/usr.sbin/npppd/npppd/npppd_auth.c
index 101f8cc9a7f..4db88f05e25 100644
--- a/usr.sbin/npppd/npppd/npppd_auth.c
+++ b/usr.sbin/npppd/npppd/npppd_auth.c
@@ -212,6 +212,7 @@ npppd_auth_reload(npppd_auth_base *base)
switch (base->type) {
 #ifdef USE_NPPPD_RADIUS
case NPPPD_AUTH_TYPE_RADIUS:
+   base->strip_nt_domain = 0;
if (npppd_auth_radius_reload(base, auth) != 0)
goto fail;
break;

Re: ksh(1): fix $RANDOM documentation

2017-02-20 Thread Anton Lindqvist 
Thanks for the feedback. The transcript of my reasoning in my previous
email was too brief, sorry about that. After reading the man-page, I was
surprised that grepping the ksh source for arc4random yielded nothing.
But after reading the rand man-page its behavior and relation to
arc4random became clear, which is also documented in the commit messages
of the revisions mentioned in my previous email. I therefore thought the
explicit reference to arc4random was redundant by now when it's used
indirectly via rand, whose man-page describes this behavior. Anyway,
thanks for applying the useful parts of the patch!

On Sun, Feb 19, 2017 at 06:33:59PM +0100, Ingo Schwarze wrote:
> Hi Anton,
> 
> Anton Lindqvist wrote on Sun, Feb 19, 2017 at 08:29:31AM +0100:
> 
> > Usage of rand was replaced with arc4random (var.c, r1.17) and later
> > documented (ksh.1, r1.70). The change was later on reverted (var.c,
> > r1.39) back to using rand and srand_deterministic. The patch below
> > removes the explicit mention of arc4random and documents the current
> > behavior.
> 
> I think both the current text and your patch are wrong.
> 
> The current text says that srand(3) is used.
> That, indeed, is not true, so thanks for the heads-up.
> 
> Your patch deletes a sentence that is actually true:
>   "By default, arc4random(3) is used to produce values."
> That is true because rand(3) uses arc4random(3) by default.
> I think we should keep that information.  It tells people that
> on OpenBSD, ksh(1) RANDOM is of decent quality by default.
> 
> So, here is my suggestion.  I don't think we need to say that ksh(1)
> calls arc4random(3) indirectly via rand(3).  From the perspective
> of ksh(1) users, that's an implementation detail.
> 
> OK?
>   Ingo
> 
> 
> Index: ksh.1
> ===
> RCS file: /cvs/src/bin/ksh/ksh.1,v
> retrieving revision 1.186
> diff -u -r1.186 ksh.1
> --- ksh.1 14 Nov 2016 06:59:42 -  1.186
> +++ ksh.1 19 Feb 2017 17:20:31 -
> @@ -1704,12 +1704,10 @@
>  If the variable
>  .Ev RANDOM
>  is assigned a value, the value is used as the seed to
> -.Xr srand 3
> +.Xr srand_deterministic 3
>  and subsequent references of
>  .Ev RANDOM
> -will use
> -.Xr rand 3
> -to produce values, resulting in a predictable sequence.
> +produce a predictable sequence.
>  .It Ev REPLY
>  Default parameter for the
>  .Ic read