ftp(1): tls_close(3) handle TLS_WANT_POLLIN, TLS_WANT_PLLOUT

[Sunil Nimmagadda]

Hi,

tls_close() could return TLS_WANT_POLLIN, TLS_WANT_POLLOUT as well.
This diff repeats the call immediately. Ok?

cvs server: Diffing .
Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.161
diff -u -p -r1.161 fetch.c
--- fetch.c 28 Feb 2017 06:31:12 -  1.161
+++ fetch.c 2 Mar 2017 07:20:29 -
@@ -1031,7 +1031,9 @@ improper:
 cleanup_url_get:
 #ifndef NOSSL
if (tls != NULL) {
-   tls_close(tls);
+   do {
+   i = tls_close(tls);
+   } while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
tls_free(tls);
}
free(full_host);

Re: ftp doesn't close(2) the output file

[Sunil Nimmagadda]

Theo de Raadt  writes:

>> > Index: fetch.c
>> > ===
>> > RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
>> > retrieving revision 1.161
>> > diff -u -p -r1.161 fetch.c
>> > --- fetch.c28 Feb 2017 06:31:12 -  1.161
>> > +++ fetch.c1 Mar 2017 23:21:46 -
>> > @@ -1041,6 +1041,8 @@ cleanup_url_get:
>> >fclose(fin);
>> >else if (s != -1)
>> >close(s);
>> > +  if (out >= 0 && out != fileno(stdout))
>> > +  close(out);
>> >free(buf);
>> >free(proxyhost);
>> >free(proxyurl);
>> 
>> I was wondering if the "out >= 0" condition is necessary as open(2)
>> errors are handled anyway.
>
> Sure, but it is cleaner to not call close(-1).

oh right, the cleanup_url_get ends up here as well, and this condition is
required. Sorry for the noise.

Re: ftp doesn't close(2) the output file

[Theo de Raadt]

> > Index: fetch.c
> > ===
> > RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
> > retrieving revision 1.161
> > diff -u -p -r1.161 fetch.c
> > --- fetch.c 28 Feb 2017 06:31:12 -  1.161
> > +++ fetch.c 1 Mar 2017 23:21:46 -
> > @@ -1041,6 +1041,8 @@ cleanup_url_get:
> > fclose(fin);
> > else if (s != -1)
> > close(s);
> > +   if (out >= 0 && out != fileno(stdout))
> > +   close(out);
> > free(buf);
> > free(proxyhost);
> > free(proxyurl);
> 
> I was wondering if the "out >= 0" condition is necessary as open(2)
> errors are handled anyway.

Sure, but it is cleaner to not call close(-1).

Re: ftp doesn't close(2) the output file

[Sunil Nimmagadda]

Stuart Henderson  writes:

> ftp doesn't close the output file after writing it. Normally you're
> exiting anyway at that point so it doesn't really matter, but if you've
> specified multiple URLs on the command line this leaks 1 FD per
> requested file. Most noticable if you do some lazy benchark like
> "ftp -o/dev/null `yes $SOMEURL | head -1000`" and run yourself out
> of FDs.
>
> Possible fix?
>
> Index: fetch.c
> ===
> RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
> retrieving revision 1.161
> diff -u -p -r1.161 fetch.c
> --- fetch.c   28 Feb 2017 06:31:12 -  1.161
> +++ fetch.c   1 Mar 2017 23:21:46 -
> @@ -1041,6 +1041,8 @@ cleanup_url_get:
>   fclose(fin);
>   else if (s != -1)
>   close(s);
> + if (out >= 0 && out != fileno(stdout))
> + close(out);
>   free(buf);
>   free(proxyhost);
>   free(proxyurl);

I was wondering if the "out >= 0" condition is necessary as open(2)
errors are handled anyway.

Re: vmd: fixed lladdr for VM guests to prevent MAC spoofing

[Mike Larkin]

On Wed, Mar 01, 2017 at 07:17:10PM +0100, Reyk Floeter wrote:
> On Wed, Mar 01, 2017 at 01:04:57PM +0100, Reyk Floeter wrote:
> > Hi,
> > 
> > add the new "fixed lladdr" option: when multiple VMs are connected to
> > a switch, it is desirable that an individual VM cannot spoof another
> > MAC address, especially when using meta-data*.  vmd(8) can enforce
> > this by comparing the address in the Ethernet header with the
> > configured/generated address of the VM interface.
> > 
> > This somewhat resembles the following features from VMware:
> > ethernet0.noforgedsrcaddr = "TRUE"
> > ethernet0.nopromisc = "TRUE"
> > 
> > The important parts of the diff** are in the two if statements including
> > "dev->fixedmac" below, the rest is infrastructure, config, and
> > documentation.
> > 
> > I could have used bridge(4) rules or switch(4) OpenFlow actions, but I
> > decided to implement it in vmd(8) directly to make it easier and to
> > work in all cases independent from the switch type.
> > 
> > *) https://github.com/reyk/meta-data
> > **) this diff conflicts with the previous vmm.c split.  Whatever goes
> > in first, I can update and resend it accordingly.
> > 
> > OK?
> > 
> > Reyk
> > 
> > Add "fixed lladdr" option to prevent VMs from spoofing MAC addresses.
> > 
> > This is especially useful when multiple VMs share a switch, the
> > implementation is independent from the underlying switch or bridge.
> > 
> 
> After some discussions, this is the updated diff:
> 
> - change "fixed" to "locked", adjust manpage
> - sync with latest vmm.c split
> 
> Reyk
>

no objections
 
> Index: usr.sbin/vmd/config.c
> ===
> RCS file: /cvs/src/usr.sbin/vmd/config.c,v
> retrieving revision 1.25
> diff -u -p -u -p -r1.25 config.c
> --- usr.sbin/vmd/config.c 1 Mar 2017 07:43:33 -   1.25
> +++ usr.sbin/vmd/config.c 1 Mar 2017 18:16:20 -
> @@ -236,7 +236,8 @@ config_setvm(struct privsep *ps, struct 
>   }
>  
>   /* Set the interface status */
> - vif->vif_flags = vmc->vmc_ifflags[i] & IFF_UP;
> + vif->vif_flags =
> + vmc->vmc_ifflags[i] & (VMIFF_UP|VMIFF_OPTMASK);
>   }
>  
>   /* Open TTY */
> Index: usr.sbin/vmd/parse.y
> ===
> RCS file: /cvs/src/usr.sbin/vmd/parse.y,v
> retrieving revision 1.21
> diff -u -p -u -p -r1.21 parse.y
> --- usr.sbin/vmd/parse.y  1 Mar 2017 07:43:33 -   1.21
> +++ usr.sbin/vmd/parse.y  1 Mar 2017 18:16:20 -
> @@ -116,10 +116,11 @@ typedef struct {
>  
>  %token   INCLUDE ERROR
>  %token   ADD DISK DOWN GROUP INTERFACE NIFS PATH SIZE SWITCH UP VMID
> -%token   ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER
> +%token   ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER LOCKED
>  %token STRING
>  %token NUMBER
>  %type  disable
> +%type  locked
>  %type  updown
>  %type  lladdr
>  %type  string
> @@ -174,7 +175,7 @@ switch: SWITCH string {
>  
>   vsw->sw_id = env->vmd_nswitches + 1;
>   vsw->sw_name = $2;
> - vsw->sw_flags = IFF_UP;
> + vsw->sw_flags = VMIFF_UP;
>   snprintf(vsw->sw_ifname, sizeof(vsw->sw_ifname),
>   "%s%u", vsw_type, vsw_unit++);
>   TAILQ_INIT(>sw_ifs);
> @@ -241,11 +242,14 @@ switch_opts : disable   {
>   }
>   free($2);
>   }
> + | LOCKED LLADDR {
> + vsw->sw_flags |= VMIFF_LOCKED;
> + }
>   | updown{
>   if ($1)
> - vsw->sw_flags |= IFF_UP;
> + vsw->sw_flags |= VMIFF_UP;
>   else
> - vsw->sw_flags &= ~IFF_UP;
> + vsw->sw_flags &= ~VMIFF_UP;
>   }
>   ;
>  
> @@ -503,14 +507,16 @@ iface_opts  : SWITCH string {
>   sizeof(vmc.vmc_ifgroup[i]));
>   free($2);
>   }
> - | LLADDR lladdr {
> - memcpy(vcp->vcp_macs[vcp_nnics], $2, ETHER_ADDR_LEN);
> + | locked LLADDR lladdr  {
> + if ($1)
> + vmc.vmc_ifflags[vcp_nnics] |= VMIFF_LOCKED;
> + memcpy(vcp->vcp_macs[vcp_nnics], $3, ETHER_ADDR_LEN);
>   }
>   | updown{
>   if ($1)
> - vmc.vmc_ifflags[vcp_nnics] |= IFF_UP;
> + vmc.vmc_ifflags[vcp_nnics] |= VMIFF_UP;
> 

Re: efiboot: disallow com(4) speed changes

[sven falempin]

On Wed, Mar 1, 2017 at 5:41 PM, sven falempin 
wrote:

>
>
> On Wed, Mar 1, 2017 at 4:31 AM, Patrick Wildt  wrote:
>
>> Hi,
>>
>> there is no com(4) direct access support in EFI, so setting the speed
>> will fail and crash the EFI Application.  Happens when you run stty
>> com0 115200.
>>
>> ok?
>>
>> Patrick
>>
>>
>> diff --git a/sys/arch/amd64/stand/libsa/dev_i386.c
>> b/sys/arch/amd64/stand/libsa/dev_i386.c
>> index e40856cbf05..245ced84a8e 100644
>> --- a/sys/arch/amd64/stand/libsa/dev_i386.c
>> +++ b/sys/arch/amd64/stand/libsa/dev_i386.c
>> @@ -182,8 +182,10 @@ ttydev(char *name)
>>  int
>>  cnspeed(dev_t dev, int sp)
>>  {
>> +#ifndef EFIBOOT
>> if (major(dev) == 8)/* comN */
>> return comspeed(dev, sp);
>> +#endif
>>
>> /* pc0 and anything else */
>> return 9600;
>>
>>
>
> in stand boot
> stty could be disable
>
> ( diff probably got space instead of tabs , please use -b )
> Index: ./stand/boot/cmd.c
> ===
> RCS file: /cvs/src/sys/stand/boot/cmd.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 cmd.c
> --- ./stand/boot/cmd.c  20 Jul 2014 19:33:54 -  1.63
> +++ ./stand/boot/cmd.c  1 Mar 2017 22:36:11 -
> @@ -68,7 +68,9 @@ const struct cmd_table cmd_table[] = {
>  #endif
> {"reboot", CMDT_CMD, Xreboot},
> {"set",CMDT_SET, Xset},
> +#ifndef EFIBOOT
> {"stty",   CMDT_CMD, Xstty},
> +#endif
> {"time",   CMDT_CMD, Xtime},
> {NULL, 0},
>  };
>
>
> Alternatively the function could document the problem ( but it make the
> boot loader bigger
>
>
> Index: ./stand/boot/cmd.c
> ===
> RCS file: /cvs/src/sys/stand/boot/cmd.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 cmd.c
> --- ./stand/boot/cmd.c  20 Jul 2014 19:33:54 -  1.63
> +++ ./stand/boot/cmd.c  1 Mar 2017 22:39:23 -
> @@ -375,6 +375,11 @@ Xstty(void)
> char *cp;
> dev_t dev;
>
> +#ifndef EFIBOOT
> +   printf("no com(4) direct access support in EFI");
> +   return 0;
> +#endif
> +
> if (cmd.argc == 1) {
> printf("%s speed is %d\n", ttyname(0), cnspeed(0, -1));
> return 0;
>
> Maybe a better way ?
>
>
return 0 in the function if we are in EFI mode, of course

Index: ./stand/boot/cmd.c
===
RCS file: /cvs/src/sys/stand/boot/cmd.c,v
retrieving revision 1.63
diff -u -p -r1.63 cmd.c
--- ./stand/boot/cmd.c  20 Jul 2014 19:33:54 -  1.63
+++ ./stand/boot/cmd.c  1 Mar 2017 22:39:23 -
@@ -375,6 +375,11 @@ Xstty(void)
char *cp;
dev_t dev;

+#ifdef EFIBOOT
+   printf("no com(4) direct access support in EFI");
+   return 0;
+#endif
+
if (cmd.argc == 1) {
printf("%s speed is %d\n", ttyname(0), cnspeed(0, -1));
return 0;

-- 

-
() ascii ribbon campaign - against html e-mail
/\

Re: priq: proposed change in the behavior

[Mike Belopuhov]

On 2 March 2017 at 02:43, Mike Belopuhov  wrote:
> On 2 March 2017 at 01:35, David Gwynne  wrote:
>> On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
>>> Priority queueing is the default policy in OpenBSD and it
>>> distributes outgoing packets in 8 lists by priority (0-7) with
>>> an aggregate queue depth set by the interface: pseudo interfaces
>>> use IFQ_MAXLEN defined equal to 256, hardware device drivers
>>> normally size it by their TX ring minus 1 (therefore 127, 255,
>>> 511 are common values).
>>>
>>> Unless a producer generating packets with altered priority is
>>> used (such as "set prio" pf directive, PPPoE management frames,
>>> ping -T lowdelay, VLAN priority, and so on) all outgoing traffic
>>> is sent with a priority of 3 hitting the same list.
>>>
>>> The drop policy used here is called tail drop because it drops
>>> the packet that we're trying to enqueue when there's no more
>>> space left on the queue.  The obvious downside is that if our
>>> queue is full of packets representing low priority traffic,
>>> trying to enqueue a packet with a higher priority will still
>>> result in a drop.  In my opinion, this defeats the purpose of
>>> priority queueing.
>>>
>>> The diff below changes the policy to a head drop from the queue
>>> with the lowest priority than the packet we're trying to
>>> enqueue.  If there's no such queue (e.g. the default case where
>>> all traffic has priority of 3) only then the packet is dropped.
>>> This ensures that high priority traffic will almost always find
>>> the place on the queue and low priority bulk traffic gets a
>>> better chance at regulating its throughput.  By performing a
>>> head drop instead a tail drop we also drop the oldest packet on
>>> the queue.  This technique is akin to Active Queue Management
>>> algorithms.
>>
>> i agree we should do this.
>>
>
> good!
>
>>
>> the current code has been very careful not to free an mbuf while
>> holding the ifq mutex. i would prefer to keep it that way.
>>
>
> i agree.
>
>> the least worst way to do that would be to return the mbuf to be
>> dropped for ifq_enqueue to free. this is complicated because of the
>> semantics that ifq_enqueue_try provides, but nothing uses that so
>> we can get rid of it to support this.
>>
>> the diff below makes the ifq enq op return an mbuf to be freed, and
>> gets rid of ifq_enqueue_try. that in turn should let you return
>> this mbuf here rather than free it directly.
>>
>
> makes sense, but could you please adjust this so that we can return
> an mbuf list of rejects.  i'm working on a diff that must be able to do
> multiple drops at a time.

no, actually dropping one mbuf on enqueue still holds, but i'll need
to drop several on dequeue.  not sure yet how to properly do that
outside of an ifq lock though.

Re: priq: proposed change in the behavior

[Mike Belopuhov]

On 2 March 2017 at 01:35, David Gwynne  wrote:
> On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
>> Priority queueing is the default policy in OpenBSD and it
>> distributes outgoing packets in 8 lists by priority (0-7) with
>> an aggregate queue depth set by the interface: pseudo interfaces
>> use IFQ_MAXLEN defined equal to 256, hardware device drivers
>> normally size it by their TX ring minus 1 (therefore 127, 255,
>> 511 are common values).
>>
>> Unless a producer generating packets with altered priority is
>> used (such as "set prio" pf directive, PPPoE management frames,
>> ping -T lowdelay, VLAN priority, and so on) all outgoing traffic
>> is sent with a priority of 3 hitting the same list.
>>
>> The drop policy used here is called tail drop because it drops
>> the packet that we're trying to enqueue when there's no more
>> space left on the queue.  The obvious downside is that if our
>> queue is full of packets representing low priority traffic,
>> trying to enqueue a packet with a higher priority will still
>> result in a drop.  In my opinion, this defeats the purpose of
>> priority queueing.
>>
>> The diff below changes the policy to a head drop from the queue
>> with the lowest priority than the packet we're trying to
>> enqueue.  If there's no such queue (e.g. the default case where
>> all traffic has priority of 3) only then the packet is dropped.
>> This ensures that high priority traffic will almost always find
>> the place on the queue and low priority bulk traffic gets a
>> better chance at regulating its throughput.  By performing a
>> head drop instead a tail drop we also drop the oldest packet on
>> the queue.  This technique is akin to Active Queue Management
>> algorithms.
>
> i agree we should do this.
>

good!

>
> the current code has been very careful not to free an mbuf while
> holding the ifq mutex. i would prefer to keep it that way.
>

i agree.

> the least worst way to do that would be to return the mbuf to be
> dropped for ifq_enqueue to free. this is complicated because of the
> semantics that ifq_enqueue_try provides, but nothing uses that so
> we can get rid of it to support this.
>
> the diff below makes the ifq enq op return an mbuf to be freed, and
> gets rid of ifq_enqueue_try. that in turn should let you return
> this mbuf here rather than free it directly.
>

makes sense, but could you please adjust this so that we can return
an mbuf list of rejects.  i'm working on a diff that must be able to do
multiple drops at a time.

Re: priq: introduce ifq_drop

[David Gwynne]

On Wed, Mar 01, 2017 at 10:06:30PM +0100, Mike Belopuhov wrote:
> I've realised that something like this would be nice for convenience,
> but not crucial.  I'd prefer not to pass the mbuf pointer, but there's
> no decent way around it.

the api published in ifq.h should list what can safely be called
from outside ifq.c. i dont think ifq_drop qualifies for this.

it is unsafe because updates to ifq_len and ifq_drops are supposed
to done while holding the ifq mutex, and as i said previously, id
prefer not to hold that while calling m_freem.

i cant think of anything outside ifq.c that would need to call this
either.

> 
> ---
>  sys/net/ifq.c | 12 +---
>  sys/net/ifq.h |  1 +
>  2 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git sys/net/ifq.c sys/net/ifq.c
> index f678c2b01fd..ee302e99c3b 100644
> --- sys/net/ifq.c
> +++ sys/net/ifq.c
> @@ -330,10 +330,18 @@ ifq_dequeue(struct ifqueue *ifq)
>   ifq_deq_commit(ifq, m);
>  
>   return (m);
>  }
>  
> +void
> +ifq_drop(struct ifqueue *ifq, struct mbuf *m)
> +{
> + m_freem(m);
> + ifq->ifq_len--;
> + ifq->ifq_qdrops++;
> +}
> +
>  unsigned int
>  ifq_purge(struct ifqueue *ifq)
>  {
>   struct mbuf_list ml = MBUF_LIST_INITIALIZER();
>   unsigned int rv;
> @@ -418,13 +426,11 @@ priq_enq(struct ifqueue *ifq, struct mbuf *m)
>   /* Find a lower priority queue to drop from */
>   if (ifq_len(ifq) >= ifq->ifq_maxlen) {
>   for (prio = 0; prio < m->m_pkthdr.pf.prio; prio++) {
>   pl = >pq_lists[prio];
>   if (ml_len(pl) > 0) {
> - m_freem(ml_dequeue(pl));
> - ifq->ifq_len--;
> - ifq->ifq_qdrops++;
> + ifq_drop(ifq, ml_dequeue(pl));
>   break;
>   }
>   }
>   /*
>* There's no lower priority queue that we can
> diff --git sys/net/ifq.h sys/net/ifq.h
> index 3a6891da6f6..df0193214c5 100644
> --- sys/net/ifq.h
> +++ sys/net/ifq.h
> @@ -345,10 +345,11 @@ int  ifq_enqueue_try(struct ifqueue *, 
> struct mbuf *);
>  int   ifq_enqueue(struct ifqueue *, struct mbuf *);
>  struct mbuf  *ifq_deq_begin(struct ifqueue *);
>  void  ifq_deq_commit(struct ifqueue *, struct mbuf *);
>  void  ifq_deq_rollback(struct ifqueue *, struct mbuf *);
>  struct mbuf  *ifq_dequeue(struct ifqueue *);
> +void  ifq_drop(struct ifqueue *, struct mbuf *);
>  unsigned int  ifq_purge(struct ifqueue *);
>  void *ifq_q_enter(struct ifqueue *, const struct ifq_ops *);
>  void  ifq_q_leave(struct ifqueue *, void *);
>  void  ifq_serialize(struct ifqueue *, struct task *);
>  int   ifq_is_serialized(struct ifqueue *);
> -- 
> 2.12.0
> 

Re: priq: proposed change in the behavior

[David Gwynne]

On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
> Priority queueing is the default policy in OpenBSD and it
> distributes outgoing packets in 8 lists by priority (0-7) with
> an aggregate queue depth set by the interface: pseudo interfaces
> use IFQ_MAXLEN defined equal to 256, hardware device drivers
> normally size it by their TX ring minus 1 (therefore 127, 255,
> 511 are common values).
> 
> Unless a producer generating packets with altered priority is
> used (such as "set prio" pf directive, PPPoE management frames,
> ping -T lowdelay, VLAN priority, and so on) all outgoing traffic
> is sent with a priority of 3 hitting the same list.
> 
> The drop policy used here is called tail drop because it drops
> the packet that we're trying to enqueue when there's no more
> space left on the queue.  The obvious downside is that if our
> queue is full of packets representing low priority traffic,
> trying to enqueue a packet with a higher priority will still
> result in a drop.  In my opinion, this defeats the purpose of
> priority queueing.
> 
> The diff below changes the policy to a head drop from the queue
> with the lowest priority than the packet we're trying to
> enqueue.  If there's no such queue (e.g. the default case where
> all traffic has priority of 3) only then the packet is dropped.
> This ensures that high priority traffic will almost always find
> the place on the queue and low priority bulk traffic gets a
> better chance at regulating its throughput.  By performing a
> head drop instead a tail drop we also drop the oldest packet on
> the queue.  This technique is akin to Active Queue Management
> algorithms.

i agree we should do this.

> 
> I'd like to stress again, that this doesn't change much for the
> default Ethernet-to-Ethernet case, but provides noticeable
> difference if different priorities are actually used, e.g. via
> pf.
> 
> More tests are always welcome.  This should go on top of the priq
> mbuf list diff, but here's a combined diff for convenience:
> http://gir.theapt.org/~mike/priq.diff
> 
> ---
>  sys/net/ifq.c | 23 ---
>  1 file changed, 20 insertions(+), 3 deletions(-)
> 
> diff --git sys/net/ifq.c sys/net/ifq.c
> index 896b373c454..f678c2b01fd 100644
> --- sys/net/ifq.c
> +++ sys/net/ifq.c
> @@ -407,18 +407,35 @@ priq_free(unsigned int idx, void *pq)
>  int
>  priq_enq(struct ifqueue *ifq, struct mbuf *m)
>  {
>   struct priq *pq;
>   struct mbuf_list *pl;
> -
> - if (ifq_len(ifq) >= ifq->ifq_maxlen)
> - return (ENOBUFS);
> + unsigned int prio;
>  
>   pq = ifq->ifq_q;
>   KASSERT(m->m_pkthdr.pf.prio <= IFQ_MAXPRIO);
>   pl = >pq_lists[m->m_pkthdr.pf.prio];
>  
> + /* Find a lower priority queue to drop from */
> + if (ifq_len(ifq) >= ifq->ifq_maxlen) {
> + for (prio = 0; prio < m->m_pkthdr.pf.prio; prio++) {
> + pl = >pq_lists[prio];
> + if (ml_len(pl) > 0) {
> + m_freem(ml_dequeue(pl));

the current code has been very careful not to free an mbuf while
holding the ifq mutex. i would prefer to keep it that way.

the least worst way to do that would be to return the mbuf to be
dropped for ifq_enqueue to free. this is complicated because of the
semantics that ifq_enqueue_try provides, but nothing uses that so
we can get rid of it to support this.

the diff below makes the ifq enq op return an mbuf to be freed, and
gets rid of ifq_enqueue_try. that in turn should let you return
this mbuf here rather than free it directly.

> + ifq->ifq_len--;
> + ifq->ifq_qdrops++;
> + break;
> + }
> + }
> + /*
> +  * There's no lower priority queue that we can
> +  * drop from so don't enqueue this one.
> +  */
> + if (prio == m->m_pkthdr.pf.prio)
> + return (ENOBUFS);
> + }
> +
>   ml_enqueue(pl, m);
>  
>   return (0);
>  }

Index: ifq.c
===
RCS file: /cvs/src/sys/net/ifq.c,v
retrieving revision 1.6
diff -u -p -r1.6 ifq.c
--- ifq.c   24 Jan 2017 03:57:35 -  1.6
+++ ifq.c   2 Mar 2017 00:31:53 -
@@ -29,7 +29,7 @@
  * priq glue
  */
 unsigned intpriq_idx(unsigned int, const struct mbuf *);
-int priq_enq(struct ifqueue *, struct mbuf *);
+struct mbuf*priq_enq(struct ifqueue *, struct mbuf *);
 struct mbuf*priq_deq_begin(struct ifqueue *, void **);
 voidpriq_deq_commit(struct ifqueue *, struct mbuf *, void *);
 voidpriq_purge(struct ifqueue *, struct mbuf_list *);
@@ -225,7 +225,8 @@ ifq_attach(struct ifqueue *ifq, const st
ifq->ifq_q = newq;
 
while ((m = ml_dequeue()) != NULL) {
-   if (ifq->ifq_ops->ifqop_enq(ifq, m) != 0) {
+   m = 

Re: priq: convert to mbuf lists

[Mike Belopuhov]

On 2 March 2017 at 00:56, David Gwynne  wrote:
>
>> On 2 Mar 2017, at 06:43, Mike Belopuhov  wrote:
>>
>> This convers hand rolled lists into exactly the same mbuf_lists.
>> I need this because of the next diff that uses the ml_len packet
>> counter that mbuf_lists have.  Otherwise there's no functional
>> change.
>
> i didnt use mbuf lists here because they have an extra counter that isnt, or 
> wasnt, needed.
>
> im not sure you need to know how long a list is in your later diff, you just 
> need to know if it is not empty. you can do that by checking if the head is 
> NULL.
>

true, i was thinking about clarifying this, but i like the "declarativeness"
of the length check.  i don't think that an extra counter is a big deal.
also mbuf lists make this code look simpler which is a good thing, imo.

Re: [PATCH] Minor spelling fixes throughout gcc md files

[Jonathan Gray]

On Wed, Mar 01, 2017 at 04:45:33PM -0500, Carlos E. Garcia wrote:
> Greetings,
> 
> Here follows some minor spelling fixes found in markdown files inside
> the gcc folder. Wanted something simple for my first patch.
> 
> Any insight or comments?

We generally aren't interested in changes like this for code from
external projects as it just increases the local diff.

> 
> Cheers,
> Carlos
> 
> Index: gcc/config/alpha/alpha.md
> ===
> RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/alpha/alpha.md,v
> retrieving revision 1.3
> diff -u -p -u -r1.3 alpha.md
> --- gcc/config/alpha/alpha.md 28 Nov 2012 20:46:15 -  1.3
> +++ gcc/config/alpha/alpha.md 1 Mar 2017 16:25:50 -
> @@ -124,7 +124,7 @@ fadd,fmul,fcpys,fdiv,fsqrt,misc,mvi,ftoi
>  
>  ;; The ROUND_SUFFIX attribute marks which instructions require a
>  ;; rounding-mode suffix.  The value NONE indicates no suffix,
> -;; the value NORMAL indicates a suffix controled by alpha_fprm.
> +;; the value NORMAL indicates a suffix controlled by alpha_fprm.
>  
>  (define_attr "round_suffix" "none,normal,c"
>(const_string "none"))
> @@ -137,7 +137,7 @@ fadd,fmul,fcpys,fdiv,fsqrt,misc,mvi,ftoi
>  ;;   V_SV_SVIaccepts /v, /sv and /svi (cvttq only)
>  ;;   U_SU_SUIaccepts /u, /su and /sui (most fp instructions)
>  ;;
> -;; The actual suffix emitted is controled by alpha_fptm.
> +;; The actual suffix emitted is controlled by alpha_fptm.
>  
>  (define_attr "trap_suffix" "none,su,sui,v_sv,v_sv_svi,u_su_sui"
>(const_string "none"))
> Index: gcc/config/c4x/c4x.md
> ===
> RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/c4x/c4x.md,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 c4x.md
> --- gcc/config/c4x/c4x.md 29 Nov 2003 12:31:55 -  1.1.1.1
> +++ gcc/config/c4x/c4x.md 1 Mar 2017 16:25:50 -
> @@ -190,7 +190,7 @@
>  ;  didn't allow it to move the CC around.
>  
>  ;  Note that fundamental operations, such as moves, must not clobber the
> -;  CC.  Thus movqi choses a move instruction that doesn't clobber the CC.
> +;  CC.  Thus movqi chooses a move instruction that doesn't clobber the CC.
>  ;  If GCC wants to combine a move with a compare, it is smart enough to
>  ;  chose the move instruction that sets the CC.
>  
> @@ -7313,7 +7313,7 @@
>   "stf\\t%1,*%0++\\n\\tstf\\t%2,*%0++")
>  
>  
> -; The following two peepholes remove an unecessary load
> +; The following two peepholes remove an unnecessary load
>  ; often found at the end of a function.  These peepholes
>  ; could be generalized to other binary operators.  They shouldn't
>  ; be required if we run a post reload mop-up pass.
> Index: gcc/config/fr30/fr30.md
> ===
> RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/fr30/fr30.md,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 fr30.md
> --- gcc/config/fr30/fr30.md   29 Nov 2003 12:32:16 -  1.1.1.1
> +++ gcc/config/fr30/fr30.md   1 Mar 2017 16:25:50 -
> @@ -639,7 +639,7 @@
>  ;; We need some trickery to be able to handle the addition of
>  ;; large (ie outside +/- 16) constants.  We need to be able to
>  ;; handle this because reload assumes that it can generate add
> -;; instructions with arbitary sized constants.
> +;; instructions with arbitrary sized constants.
>  (define_expand "addsi3"
>[(set (match_operand:SI 0 "register_operand"   "")
>   (plus:SI (match_operand:SI 1 "register_operand"  "")
> Index: gcc/config/frv/frv.md
> ===
> RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/frv/frv.md,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 frv.md
> --- gcc/config/frv/frv.md 29 Nov 2003 12:32:27 -  1.1.1.1
> +++ gcc/config/frv/frv.md 1 Mar 2017 16:25:51 -
> @@ -463,7 +463,7 @@
>first regular expression *and* the reservation described by
>the second regular expression *and* etc.
>  
> -   4. "*" is used for convinience and simply means sequence in
> +   4. "*" is used for convenience and simply means sequence in
>which the regular expression are repeated NUMBER times with
>cycle advancing (see ",").
>  
> Index: gcc/config/i386/i386.md
> ===
> RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/i386/i386.md,v
> retrieving revision 1.1.1.3
> diff -u -p -u -r1.1.1.3 i386.md
> --- gcc/config/i386/i386.md   28 Nov 2012 20:41:38 -  1.1.1.3
> +++ gcc/config/i386/i386.md   1 Mar 2017 16:25:52 -
> @@ -1149,7 +1149,7 @@
>  (const_string "imov")))
> (set_attr "mode" "SI,SI,SI,SI,DI,TI,SI,SI")])
>  
> -;; Stores and loads of ax to arbitary constant address.
> +;; Stores and loads of ax to arbitrary constant address.
>  ;; We fake an second form of instruction to force reload 

ftp doesn't close(2) the output file

[Stuart Henderson]

ftp doesn't close the output file after writing it. Normally you're
exiting anyway at that point so it doesn't really matter, but if you've
specified multiple URLs on the command line this leaks 1 FD per
requested file. Most noticable if you do some lazy benchark like
"ftp -o/dev/null `yes $SOMEURL | head -1000`" and run yourself out
of FDs.

Possible fix?

Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.161
diff -u -p -r1.161 fetch.c
--- fetch.c 28 Feb 2017 06:31:12 -  1.161
+++ fetch.c 1 Mar 2017 23:21:46 -
@@ -1041,6 +1041,8 @@ cleanup_url_get:
fclose(fin);
else if (s != -1)
close(s);
+   if (out >= 0 && out != fileno(stdout))
+   close(out);
free(buf);
free(proxyhost);
free(proxyurl);

Re: Fix broken example link in packages.7

[Stuart Henderson]

On 2017/03/01 23:39, Frederic Cambus wrote:
> Following tj@ and sthen@ suggestions, use %c and %a instead of
> hardcoding strings, and switch to http instead of https.
> 
> Index: share/man/man7/packages.7
> ===
> RCS file: /cvs/src/share/man/man7/packages.7,v
> retrieving revision 1.40
> diff -u -p -r1.40 packages.7
> --- share/man/man7/packages.7 24 Oct 2015 08:44:49 -  1.40
> +++ share/man/man7/packages.7 1 Mar 2017 14:28:07 -
> @@ -240,7 +240,7 @@ are supported: pointing
>  .Ev PKG_PATH
>  to a distant package repository, e.g.,
>  .Bd -literal -offset 1n
> -# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/i386/
> +# export PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/%c/packages/%a/
>  .Ed
>  .Pp
>  will let

Hmm - if you're going to trust autodetection of snapshots vs release
anyway (as you do with %c), you could simply "export PKG_PATH=ftp.openbsd.org" 
...

Not sure which is better though.

Re: priq: introduce ifq_drop

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 10:06:30PM +0100, Mike Belopuhov wrote:
> I've realised that something like this would be nice for convenience,
> but not crucial.  I'd prefer not to pass the mbuf pointer, but there's
> no decent way around it.

A new function that combines only three commands and that is only
used once?  That looks like too much abstraction.  Wait until you
have more uses cases.

bluhm

> 
> ---
>  sys/net/ifq.c | 12 +---
>  sys/net/ifq.h |  1 +
>  2 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git sys/net/ifq.c sys/net/ifq.c
> index f678c2b01fd..ee302e99c3b 100644
> --- sys/net/ifq.c
> +++ sys/net/ifq.c
> @@ -330,10 +330,18 @@ ifq_dequeue(struct ifqueue *ifq)
>   ifq_deq_commit(ifq, m);
>  
>   return (m);
>  }
>  
> +void
> +ifq_drop(struct ifqueue *ifq, struct mbuf *m)
> +{
> + m_freem(m);
> + ifq->ifq_len--;
> + ifq->ifq_qdrops++;
> +}
> +
>  unsigned int
>  ifq_purge(struct ifqueue *ifq)
>  {
>   struct mbuf_list ml = MBUF_LIST_INITIALIZER();
>   unsigned int rv;
> @@ -418,13 +426,11 @@ priq_enq(struct ifqueue *ifq, struct mbuf *m)
>   /* Find a lower priority queue to drop from */
>   if (ifq_len(ifq) >= ifq->ifq_maxlen) {
>   for (prio = 0; prio < m->m_pkthdr.pf.prio; prio++) {
>   pl = >pq_lists[prio];
>   if (ml_len(pl) > 0) {
> - m_freem(ml_dequeue(pl));
> - ifq->ifq_len--;
> - ifq->ifq_qdrops++;
> + ifq_drop(ifq, ml_dequeue(pl));
>   break;
>   }
>   }
>   /*
>* There's no lower priority queue that we can
> diff --git sys/net/ifq.h sys/net/ifq.h
> index 3a6891da6f6..df0193214c5 100644
> --- sys/net/ifq.h
> +++ sys/net/ifq.h
> @@ -345,10 +345,11 @@ int  ifq_enqueue_try(struct ifqueue *, 
> struct mbuf *);
>  int   ifq_enqueue(struct ifqueue *, struct mbuf *);
>  struct mbuf  *ifq_deq_begin(struct ifqueue *);
>  void  ifq_deq_commit(struct ifqueue *, struct mbuf *);
>  void  ifq_deq_rollback(struct ifqueue *, struct mbuf *);
>  struct mbuf  *ifq_dequeue(struct ifqueue *);
> +void  ifq_drop(struct ifqueue *, struct mbuf *);
>  unsigned int  ifq_purge(struct ifqueue *);
>  void *ifq_q_enter(struct ifqueue *, const struct ifq_ops *);
>  void  ifq_q_leave(struct ifqueue *, void *);
>  void  ifq_serialize(struct ifqueue *, struct task *);
>  int   ifq_is_serialized(struct ifqueue *);
> -- 
> 2.12.0

Re: priq: proposed change in the behavior

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
> The diff below changes the policy to a head drop from the queue
> with the lowest priority than the packet we're trying to
> enqueue.

What you explain makes sense.  OK bluhm@

> diff --git sys/net/ifq.c sys/net/ifq.c
> index 896b373c454..f678c2b01fd 100644
> --- sys/net/ifq.c
> +++ sys/net/ifq.c
> @@ -407,18 +407,35 @@ priq_free(unsigned int idx, void *pq)
>  int
>  priq_enq(struct ifqueue *ifq, struct mbuf *m)
>  {
>   struct priq *pq;
>   struct mbuf_list *pl;
> -
> - if (ifq_len(ifq) >= ifq->ifq_maxlen)
> - return (ENOBUFS);
> + unsigned int prio;
>  
>   pq = ifq->ifq_q;
>   KASSERT(m->m_pkthdr.pf.prio <= IFQ_MAXPRIO);
>   pl = >pq_lists[m->m_pkthdr.pf.prio];
>  
> + /* Find a lower priority queue to drop from */
> + if (ifq_len(ifq) >= ifq->ifq_maxlen) {
> + for (prio = 0; prio < m->m_pkthdr.pf.prio; prio++) {
> + pl = >pq_lists[prio];
> + if (ml_len(pl) > 0) {
> + m_freem(ml_dequeue(pl));
> + ifq->ifq_len--;
> + ifq->ifq_qdrops++;
> + break;
> + }
> + }
> + /*
> +  * There's no lower priority queue that we can
> +  * drop from so don't enqueue this one.
> +  */
> + if (prio == m->m_pkthdr.pf.prio)
> + return (ENOBUFS);
> + }
> +
>   ml_enqueue(pl, m);
>  
>   return (0);
>  }
>  
> -- 
> 2.12.0

Re: efiboot: disallow com(4) speed changes

[sven falempin]

On Wed, Mar 1, 2017 at 4:31 AM, Patrick Wildt  wrote:

> Hi,
>
> there is no com(4) direct access support in EFI, so setting the speed
> will fail and crash the EFI Application.  Happens when you run stty
> com0 115200.
>
> ok?
>
> Patrick
>
>
> diff --git a/sys/arch/amd64/stand/libsa/dev_i386.c
> b/sys/arch/amd64/stand/libsa/dev_i386.c
> index e40856cbf05..245ced84a8e 100644
> --- a/sys/arch/amd64/stand/libsa/dev_i386.c
> +++ b/sys/arch/amd64/stand/libsa/dev_i386.c
> @@ -182,8 +182,10 @@ ttydev(char *name)
>  int
>  cnspeed(dev_t dev, int sp)
>  {
> +#ifndef EFIBOOT
> if (major(dev) == 8)/* comN */
> return comspeed(dev, sp);
> +#endif
>
> /* pc0 and anything else */
> return 9600;
>
>

in stand boot
stty could be disable

( diff probably got space instead of tabs , please use -b )
Index: ./stand/boot/cmd.c
===
RCS file: /cvs/src/sys/stand/boot/cmd.c,v
retrieving revision 1.63
diff -u -p -r1.63 cmd.c
--- ./stand/boot/cmd.c  20 Jul 2014 19:33:54 -  1.63
+++ ./stand/boot/cmd.c  1 Mar 2017 22:36:11 -
@@ -68,7 +68,9 @@ const struct cmd_table cmd_table[] = {
 #endif
{"reboot", CMDT_CMD, Xreboot},
{"set",CMDT_SET, Xset},
+#ifndef EFIBOOT
{"stty",   CMDT_CMD, Xstty},
+#endif
{"time",   CMDT_CMD, Xtime},
{NULL, 0},
 };


Alternatively the function could document the problem ( but it make the
boot loader bigger


Index: ./stand/boot/cmd.c
===
RCS file: /cvs/src/sys/stand/boot/cmd.c,v
retrieving revision 1.63
diff -u -p -r1.63 cmd.c
--- ./stand/boot/cmd.c  20 Jul 2014 19:33:54 -  1.63
+++ ./stand/boot/cmd.c  1 Mar 2017 22:39:23 -
@@ -375,6 +375,11 @@ Xstty(void)
char *cp;
dev_t dev;

+#ifndef EFIBOOT
+   printf("no com(4) direct access support in EFI");
+   return 0;
+#endif
+
if (cmd.argc == 1) {
printf("%s speed is %d\n", ttyname(0), cnspeed(0, -1));
return 0;

Maybe a better way ?

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Fix broken example link in packages.7

[Frederic Cambus]

On Tue, Feb 28, 2017 at 09:14:49PM +, Stuart Henderson wrote:
> On 2017/02/28 20:28, Frederic Cambus wrote:
> > Hi tech@,
> > 
> > In packages.7, PKG_PATH points to a broken link. This diff fixes it.
> 
> https is going to be horrible for pkg_add -u...

Following tj@ and sthen@ suggestions, use %c and %a instead of
hardcoding strings, and switch to http instead of https.

Index: share/man/man7/packages.7
===
RCS file: /cvs/src/share/man/man7/packages.7,v
retrieving revision 1.40
diff -u -p -r1.40 packages.7
--- share/man/man7/packages.7   24 Oct 2015 08:44:49 -  1.40
+++ share/man/man7/packages.7   1 Mar 2017 14:28:07 -
@@ -240,7 +240,7 @@ are supported: pointing
 .Ev PKG_PATH
 to a distant package repository, e.g.,
 .Bd -literal -offset 1n
-# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/i386/
+# export PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/%c/packages/%a/
 .Ed
 .Pp
 will let

Re: priq: convert to mbuf lists

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 09:43:16PM +0100, Mike Belopuhov wrote:
> This convers hand rolled lists into exactly the same mbuf_lists.
> I need this because of the next diff that uses the ml_len packet
> counter that mbuf_lists have.  Otherwise there's no functional
> change.

>  void *
>  priq_alloc(unsigned int idx, void *null)
>  {
> - return (malloc(sizeof(struct priq), M_DEVBUF, M_WAITOK | M_ZERO));
> + struct priq *pq;
> + int i;
> +
> + pq = malloc(sizeof(struct priq), M_DEVBUF, M_WAITOK | M_ZERO);

You don't need M_ZERO as you call ml_init() afterwards.

> + for (i = 0; i < IFQ_NQUEUES; i++)
> + ml_init(>pq_lists[i]);
> + return (pq);
>  }

>  void
>  priq_purge(struct ifqueue *ifq, struct mbuf_list *ml)
>  {
>   struct priq *pq = ifq->ifq_q;
> - struct priq_list *pl;
> + struct mbuf_list *pl;
>   unsigned int prio = nitems(pq->pq_lists);
> - struct mbuf *m, *n;
> + struct mbuf *m;
>  
>   do {
>   pl = >pq_lists[--prio];
>  
> - for (m = pl->head; m != NULL; m = n) {
> - n = m->m_nextpkt;
> + while ((m = ml_dequeue(pl)) != NULL)
>   ml_enqueue(ml, m);

This is equivalent to ml_enlist(ml, pl) which avoids the loop.

> - }
> -
> - pl->head = pl->tail = NULL;
>   } while (prio > 0);
>  }

with that OK bluhm@

Re: C99 initializers for domains

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 01:40:58PM +0100, Martin Pieuchot wrote:
> I converted the declarations when I audited the existing 'dom_init'
> functions.

> +struct domain inet6domain = {
> +  .dom_family = AF_INET6,
> +  .dom_name = "internet6",
> +  .dom_protosw = (struct protosw *)inet6sw,
> +  .dom_protoswNPROTOSW = (struct protosw *)[nitems(inet6sw)],

We don't need the (struct protosw *) casts anymore since I have
merged struct ip6protosw into protosw.

OK bluhm@

Re: nd6_timer & global list of IPv6 addresses

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 12:46:08PM +0100, Martin Pieuchot wrote:
> The work done in this timer should be considerably reduced when we'll
> move autoconf out of the kernel.  However we'll always need to check
> for IPv6 address life time expiration.   This use case doesn't justify
> a specific global data structure. 
> 
> So let's iterate over the global list of interfaces instead.  This also
> prepare the work to split the NET_LOCK().  Since the ioctl(2) are
> per-ifp it makes sense to serialize write operations on a per interface
> basis.
> 
> ok?

OK bluhm@

> 
> Index: netinet6/nd6.c
> ===
> RCS file: /cvs/src/sys/netinet6/nd6.c,v
> retrieving revision 1.203
> diff -u -p -r1.203 nd6.c
> --- netinet6/nd6.c9 Feb 2017 15:23:35 -   1.203
> +++ netinet6/nd6.c1 Mar 2017 11:30:52 -
> @@ -435,7 +435,7 @@ nd6_timer_work(void *null)
>  {
>   struct nd_defrouter *dr, *ndr;
>   struct nd_prefix *pr, *npr;
> - struct in6_ifaddr *ia6, *nia6;
> + struct ifnet *ifp;
>   int s;
>  
>   NET_LOCK(s);
> @@ -453,18 +453,26 @@ nd6_timer_work(void *null)
>* However, from a stricter spec-conformance standpoint, we should
>* rather separate address lifetimes and prefix lifetimes.
>*/
> - TAILQ_FOREACH_SAFE(ia6, _ifaddr, ia_list, nia6) {
> - /* check address lifetime */
> - if (IFA6_IS_INVALID(ia6)) {
> - in6_purgeaddr(>ia_ifa);
> - } else if (IFA6_IS_DEPRECATED(ia6)) {
> - ia6->ia6_flags |= IN6_IFF_DEPRECATED;
> - } else {
> - /*
> -  * A new RA might have made a deprecated address
> -  * preferred.
> -  */
> - ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
> + TAILQ_FOREACH(ifp, , if_list) {
> + struct ifaddr *ifa, *nifa;
> + struct in6_ifaddr *ia6;
> +
> + TAILQ_FOREACH_SAFE(ifa, >if_addrlist, ifa_list, nifa) {
> + if (ifa->ifa_addr->sa_family != AF_INET6)
> + continue;
> + ia6 = ifatoia6(ifa);
> + /* check address lifetime */
> + if (IFA6_IS_INVALID(ia6)) {
> + in6_purgeaddr(>ia_ifa);
> + } else if (IFA6_IS_DEPRECATED(ia6)) {
> + ia6->ia6_flags |= IN6_IFF_DEPRECATED;
> + } else {
> + /*
> +  * A new RA might have made a deprecated address
> +  * preferred.
> +  */
> + ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
> + }
>   }
>   }
>  

Re: Global list of IPv6 addresses & icmp6

[Alexander Bluhm]

On Wed, Mar 01, 2017 at 12:39:56PM +0100, Martin Pieuchot wrote:
> Like for IPv4, I'd like to get rid of this global list.  The reason is
> that having fewer global data structures means fewer locking.
> 
> Here's a trivial conversion to use the routing table in ICMPv6 echo
> reply code.  Note that it is safe to dereference ``rt->rt_ifa'' before
> calling rtfree(9).

> @@ -1231,26 +1230,30 @@ icmp6_reflect(struct mbuf *m, size_t off
>   in6_embedscope(, _dst, NULL);
>  
>   /*
> +  * This is the case if the dst is our link-local address
> +  * and the sender is also ourselves.
> +  */
> + if (IN6_IS_ADDR_LINKLOCAL() && (m->m_flags & M_LOOP))
> + src = 
> +

I don't see why you move the link-local check before the route
lookup.  But it should do not harm.

> - if (ia6 == NULL && IN6_IS_ADDR_LINKLOCAL() && (m->m_flags & M_LOOP)) {
> - /*
> -  * This is the case if the dst is our link-local address
> -  * and the sender is also ourselves.
> -  */
> - src = 
> + rtfree(rt);
> + rt = NULL;
>   }
> +

This new line is too much.

OK bluhm@

[PATCH] Minor spelling fixes throughout gcc md files

[Carlos E. Garcia]

Greetings,

Here follows some minor spelling fixes found in markdown files inside
the gcc folder. Wanted something simple for my first patch.

Any insight or comments?

Cheers,
Carlos

Index: gcc/config/alpha/alpha.md
===
RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/alpha/alpha.md,v
retrieving revision 1.3
diff -u -p -u -r1.3 alpha.md
--- gcc/config/alpha/alpha.md   28 Nov 2012 20:46:15 -  1.3
+++ gcc/config/alpha/alpha.md   1 Mar 2017 16:25:50 -
@@ -124,7 +124,7 @@ fadd,fmul,fcpys,fdiv,fsqrt,misc,mvi,ftoi
 
 ;; The ROUND_SUFFIX attribute marks which instructions require a
 ;; rounding-mode suffix.  The value NONE indicates no suffix,
-;; the value NORMAL indicates a suffix controled by alpha_fprm.
+;; the value NORMAL indicates a suffix controlled by alpha_fprm.
 
 (define_attr "round_suffix" "none,normal,c"
   (const_string "none"))
@@ -137,7 +137,7 @@ fadd,fmul,fcpys,fdiv,fsqrt,misc,mvi,ftoi
 ;;   V_SV_SVI  accepts /v, /sv and /svi (cvttq only)
 ;;   U_SU_SUI  accepts /u, /su and /sui (most fp instructions)
 ;;
-;; The actual suffix emitted is controled by alpha_fptm.
+;; The actual suffix emitted is controlled by alpha_fptm.
 
 (define_attr "trap_suffix" "none,su,sui,v_sv,v_sv_svi,u_su_sui"
   (const_string "none"))
Index: gcc/config/c4x/c4x.md
===
RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/c4x/c4x.md,v
retrieving revision 1.1.1.1
diff -u -p -u -r1.1.1.1 c4x.md
--- gcc/config/c4x/c4x.md   29 Nov 2003 12:31:55 -  1.1.1.1
+++ gcc/config/c4x/c4x.md   1 Mar 2017 16:25:50 -
@@ -190,7 +190,7 @@
 ;  didn't allow it to move the CC around.
 
 ;  Note that fundamental operations, such as moves, must not clobber the
-;  CC.  Thus movqi choses a move instruction that doesn't clobber the CC.
+;  CC.  Thus movqi chooses a move instruction that doesn't clobber the CC.
 ;  If GCC wants to combine a move with a compare, it is smart enough to
 ;  chose the move instruction that sets the CC.
 
@@ -7313,7 +7313,7 @@
  "stf\\t%1,*%0++\\n\\tstf\\t%2,*%0++")
 
 
-; The following two peepholes remove an unecessary load
+; The following two peepholes remove an unnecessary load
 ; often found at the end of a function.  These peepholes
 ; could be generalized to other binary operators.  They shouldn't
 ; be required if we run a post reload mop-up pass.
Index: gcc/config/fr30/fr30.md
===
RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/fr30/fr30.md,v
retrieving revision 1.1.1.1
diff -u -p -u -r1.1.1.1 fr30.md
--- gcc/config/fr30/fr30.md 29 Nov 2003 12:32:16 -  1.1.1.1
+++ gcc/config/fr30/fr30.md 1 Mar 2017 16:25:50 -
@@ -639,7 +639,7 @@
 ;; We need some trickery to be able to handle the addition of
 ;; large (ie outside +/- 16) constants.  We need to be able to
 ;; handle this because reload assumes that it can generate add
-;; instructions with arbitary sized constants.
+;; instructions with arbitrary sized constants.
 (define_expand "addsi3"
   [(set (match_operand:SI 0 "register_operand"   "")
(plus:SI (match_operand:SI 1 "register_operand"  "")
Index: gcc/config/frv/frv.md
===
RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/frv/frv.md,v
retrieving revision 1.1.1.1
diff -u -p -u -r1.1.1.1 frv.md
--- gcc/config/frv/frv.md   29 Nov 2003 12:32:27 -  1.1.1.1
+++ gcc/config/frv/frv.md   1 Mar 2017 16:25:51 -
@@ -463,7 +463,7 @@
   first regular expression *and* the reservation described by
   the second regular expression *and* etc.
 
-   4. "*" is used for convinience and simply means sequence in
+   4. "*" is used for convenience and simply means sequence in
   which the regular expression are repeated NUMBER times with
   cycle advancing (see ",").
 
Index: gcc/config/i386/i386.md
===
RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config/i386/i386.md,v
retrieving revision 1.1.1.3
diff -u -p -u -r1.1.1.3 i386.md
--- gcc/config/i386/i386.md 28 Nov 2012 20:41:38 -  1.1.1.3
+++ gcc/config/i386/i386.md 1 Mar 2017 16:25:52 -
@@ -1149,7 +1149,7 @@
   (const_string "imov")))
(set_attr "mode" "SI,SI,SI,SI,DI,TI,SI,SI")])
 
-;; Stores and loads of ax to arbitary constant address.
+;; Stores and loads of ax to arbitrary constant address.
 ;; We fake an second form of instruction to force reload to load address
 ;; into register when rax is not available
 (define_insn "*movabssi_1_rex64"
@@ -1267,7 +1267,7 @@
]
(const_string "HI")))])
 
-;; Stores and loads of ax to arbitary constant address.
+;; Stores and loads of ax to arbitrary constant address.
 ;; We fake an second form of instruction to force reload to load address
 ;; into register when rax is 

Re: vmd + httpd + meta-data

[Reyk Floeter]

On Wed, Mar 01, 2017 at 09:29:30AM +0100, Reyk Floeter wrote:
> On Mon, Feb 27, 2017 at 10:37:04PM +0100, Kristaps Dzonsons wrote:
> > > I wrote this little tool for vmd that is not intended for the tree,
> > > but will eventually go into ports (it uses kcgi which is not in base).
> > 
> > Have you thought of writing this in a secure language like Rust or
> > Swift?  Writing cgi stuff in C seems just asking for trouble.
> > 
> 
> OK, I was trying all day yesterday to find a good answer - maybe
> another joke - but I couldn't make one up.  Kudos, Kristaps.
> 

But I forgot to mention:

I got the all of it from https://learnbchs.org/

"BCHS (pronounced beaches) is for real development. It's a
hipster-free, open source software stack for web applications. To
prepare a BCHS environment, install OpenBSD. Then get started."

...

"Is BCHS a joke? No. PHP is a joke. node.js is a joke. Software
development is full of jokes. This is not one of them."

I fully agree with this except of the "hipster-free" part: writing web
apps in C is cool and totally "retro".

Reyk

priq: proposed change in the behavior

[Mike Belopuhov]

Priority queueing is the default policy in OpenBSD and it
distributes outgoing packets in 8 lists by priority (0-7) with
an aggregate queue depth set by the interface: pseudo interfaces
use IFQ_MAXLEN defined equal to 256, hardware device drivers
normally size it by their TX ring minus 1 (therefore 127, 255,
511 are common values).

Unless a producer generating packets with altered priority is
used (such as "set prio" pf directive, PPPoE management frames,
ping -T lowdelay, VLAN priority, and so on) all outgoing traffic
is sent with a priority of 3 hitting the same list.

The drop policy used here is called tail drop because it drops
the packet that we're trying to enqueue when there's no more
space left on the queue.  The obvious downside is that if our
queue is full of packets representing low priority traffic,
trying to enqueue a packet with a higher priority will still
result in a drop.  In my opinion, this defeats the purpose of
priority queueing.

The diff below changes the policy to a head drop from the queue
with the lowest priority than the packet we're trying to
enqueue.  If there's no such queue (e.g. the default case where
all traffic has priority of 3) only then the packet is dropped.
This ensures that high priority traffic will almost always find
the place on the queue and low priority bulk traffic gets a
better chance at regulating its throughput.  By performing a
head drop instead a tail drop we also drop the oldest packet on
the queue.  This technique is akin to Active Queue Management
algorithms.

I'd like to stress again, that this doesn't change much for the
default Ethernet-to-Ethernet case, but provides noticeable
difference if different priorities are actually used, e.g. via
pf.

More tests are always welcome.  This should go on top of the priq
mbuf list diff, but here's a combined diff for convenience:
http://gir.theapt.org/~mike/priq.diff

---
 sys/net/ifq.c | 23 ---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git sys/net/ifq.c sys/net/ifq.c
index 896b373c454..f678c2b01fd 100644
--- sys/net/ifq.c
+++ sys/net/ifq.c
@@ -407,18 +407,35 @@ priq_free(unsigned int idx, void *pq)
 int
 priq_enq(struct ifqueue *ifq, struct mbuf *m)
 {
struct priq *pq;
struct mbuf_list *pl;
-
-   if (ifq_len(ifq) >= ifq->ifq_maxlen)
-   return (ENOBUFS);
+   unsigned int prio;
 
pq = ifq->ifq_q;
KASSERT(m->m_pkthdr.pf.prio <= IFQ_MAXPRIO);
pl = >pq_lists[m->m_pkthdr.pf.prio];
 
+   /* Find a lower priority queue to drop from */
+   if (ifq_len(ifq) >= ifq->ifq_maxlen) {
+   for (prio = 0; prio < m->m_pkthdr.pf.prio; prio++) {
+   pl = >pq_lists[prio];
+   if (ml_len(pl) > 0) {
+   m_freem(ml_dequeue(pl));
+   ifq->ifq_len--;
+   ifq->ifq_qdrops++;
+   break;
+   }
+   }
+   /*
+* There's no lower priority queue that we can
+* drop from so don't enqueue this one.
+*/
+   if (prio == m->m_pkthdr.pf.prio)
+   return (ENOBUFS);
+   }
+
ml_enqueue(pl, m);
 
return (0);
 }
 
-- 
2.12.0

Re: relayd(8): more rdomain integration diff

[Reyk Floeter]

Hi double-p!

On Wed, Mar 01, 2017 at 08:00:30PM +0100, Philipp Buehler wrote:
> Hi folks,
> 
> after trying forth and back to overcome some limitations in relayd along
> multiple
> "instances" and rdomain/rtable I decided to scrub some rust of my C/yacc and
> produced the following diffs against -current to relayd and relayctl.
> 

Nice.

> Feats:
> - relayd/relayctl: -s sockname; obviously and blatantly taken from
> ospfd/ospfctl

Regarding the -s:
There is inconsistency across our daemons.

I think it all started with bgpd, where we once had -s and -r options
in the daemon, but replaced them with a config option "socket path
NAME".  This was supposed to be the model for other daemons as well,
but they either didn't adopt it or implemented the "old" -s option (it
remains in the *ctl, of course).  AFAIK, I only have it in snmpd and
this would be a reference for relayd (except the agentx part in it).
Recently I saw somebody adding a -s to a newer daemon (I forgot which
one), but I forgot to cry out.

---snip---
Author: claudio 
Date:   Sun Jun 27 19:53:34 2010 +

Instead of specifying the control sockets on the command line have them
in bgpd.conf. This allows to add/modify restricted control sockets on 
runtime.
Feature request by a few people how often forgot to add -r path when 
restarting
bgpd (including myself).
NOTE: this removes the -s and -r arguments from bgpd so pay attention when
updateing.
jajaja sthen@, OK henning@
---snap---

> - relayd: -a anchorname; overcome the problem that one stopping relayd
> cleans
>  out everything below 'relayd/*'  or not having any seperation (includes) in
> first
>  place

OK, setting the anchorname is fine. I have to look at the "cleaning" part.

> - relayd.conf: add 'rtable' as a tableopt; reasoning for "only" there:
>  - route -T N exec will already put one into 'on rdomain N'
>  - 'listen' already has an 'interface' option to bound to a specific rdomain
> (unless
>  I am mistaken here on the kernel/addressing side
>  - generally unsure if this has a real use case anyway
> 

I do think that this has a use case and inter-rdomain is a feature
that was requested before (some people run it in bigger rdomain
setups).

Make sure that the rtable table option doesn't only alter the rules'
rtable, it should also be used for the health checks (check_*.c)
accordingly or you end up testing hosts in the wrong rdomain.

> Tests done:
> - running two relayd on different anchors, rdomains (via route exec) and so
> on,
>  notable to me was the point of purging the main/final anchor in
> flush_rulesets.
> 
> Caveats:
> - didnt write C/yacc in some years, so esp. string-handling could need some
> eyeballs
> 

The parse.y part is small and looks fine.

But you should brush up your style(9) / KNF (at least in the anchor
part below) ;)

> Patch-white-space-drama; if the patches have mangled WS, there are also
> here:
> https://github.com/double-p/smtf/tree/master/patches
> 
> Everybody coming, see you in Tokyo!
> 

Bummer, I'm not there, it would be nice to meet you again.

Everyone: double-p was the first person who invited me into OpenBSD! \o/

> PS: iked lacks -s, ikectl doesnt... :)

Yes, I probably intended to put it in iked.conf as well ...

Reyk

> -- 
> pb

> Index: relayctl.8
> ===
> RCS file: /cvs/src/usr.sbin/relayctl/relayctl.8,v
> retrieving revision 1.32
> diff -u -p -r1.32 relayctl.8
> --- relayctl.828 Nov 2015 01:22:44 -  1.32
> +++ relayctl.828 Feb 2017 20:09:34 -
> @@ -23,6 +23,7 @@
>  .Nd control the relay daemon
>  .Sh SYNOPSIS
>  .Nm
> +.Op Fl s Ar socket
>  .Ar command
>  .Op Ar argument ...
>  .Sh DESCRIPTION
> @@ -32,6 +33,17 @@ program controls the
>  .Xr relayd 8
>  daemon.
>  .Pp
> +The following options are available:
> +.Bl -tag -width Ds
> +.It Fl s Ar socket
> +Use
> +.Ar socket
> +instead of the default
> +.Pa /var/run/relayd.sock
> +to communicate with
> +.Xr relayd 8 .
> +.El
> +.Pp
>  The following commands are available:
>  .Bl -tag -width Ds
>  .It Cm host disable Op Ar name | id
> @@ -105,6 +117,7 @@ again.
>  .Sh FILES
>  .Bl -tag -width "/var/run/relayd.sockXX" -compact
>  .It Pa /var/run/relayd.sock
> +Default
>  .Ux Ns -domain
>  socket used for communication with
>  .Xr relayd 8 .
> Index: relayctl.c
> ===
> RCS file: /cvs/src/usr.sbin/relayctl/relayctl.c,v
> retrieving revision 1.57
> diff -u -p -r1.57 relayctl.c
> --- relayctl.c3 Sep 2016 14:44:21 -   1.57
> +++ relayctl.c28 Feb 2017 20:09:34 -
> @@ -88,7 +88,8 @@ usage(void)
>  {
>   extern char *__progname;
>  
> - fprintf(stderr, "usage: %s command [argument ...]\n", __progname);
> + fprintf(stderr, "usage: %s [-s socket] command [argument ...]\n",
> + __progname);
>   exit(1);
>  }
>  
> @@ -101,9 +102,25 @@ main(int argc, char 

priq: convert to mbuf lists

[Mike Belopuhov]

This convers hand rolled lists into exactly the same mbuf_lists.
I need this because of the next diff that uses the ml_len packet
counter that mbuf_lists have.  Otherwise there's no functional
change.

---
 sys/net/ifq.c | 48 ++--
 1 file changed, 18 insertions(+), 30 deletions(-)

diff --git sys/net/ifq.c sys/net/ifq.c
index 40731637a2c..896b373c454 100644
--- sys/net/ifq.c
+++ sys/net/ifq.c
@@ -51,17 +51,12 @@ const struct ifq_ops * const ifq_priq_ops = _ops;
 
 /*
  * priq internal structures
  */
 
-struct priq_list {
-   struct mbuf *head;
-   struct mbuf *tail;
-};
-
 struct priq {
-   struct priq_list pq_lists[IFQ_NQUEUES];
+   struct mbuf_list pq_lists[IFQ_NQUEUES];
 };
 
 /*
  * ifqueue serialiser
  */
@@ -392,11 +387,17 @@ priq_idx(unsigned int nqueues, const struct mbuf *m)
 }
 
 void *
 priq_alloc(unsigned int idx, void *null)
 {
-   return (malloc(sizeof(struct priq), M_DEVBUF, M_WAITOK | M_ZERO));
+   struct priq *pq;
+   int i;
+
+   pq = malloc(sizeof(struct priq), M_DEVBUF, M_WAITOK | M_ZERO);
+   for (i = 0; i < IFQ_NQUEUES; i++)
+   ml_init(>pq_lists[i]);
+   return (pq);
 }
 
 void
 priq_free(unsigned int idx, void *pq)
 {
@@ -405,40 +406,35 @@ priq_free(unsigned int idx, void *pq)
 
 int
 priq_enq(struct ifqueue *ifq, struct mbuf *m)
 {
struct priq *pq;
-   struct priq_list *pl;
+   struct mbuf_list *pl;
 
if (ifq_len(ifq) >= ifq->ifq_maxlen)
return (ENOBUFS);
 
pq = ifq->ifq_q;
KASSERT(m->m_pkthdr.pf.prio <= IFQ_MAXPRIO);
pl = >pq_lists[m->m_pkthdr.pf.prio];
 
-   m->m_nextpkt = NULL;
-   if (pl->tail == NULL)
-   pl->head = m;
-   else
-   pl->tail->m_nextpkt = m;
-   pl->tail = m;
+   ml_enqueue(pl, m);
 
return (0);
 }
 
 struct mbuf *
 priq_deq_begin(struct ifqueue *ifq, void **cookiep)
 {
struct priq *pq = ifq->ifq_q;
-   struct priq_list *pl;
+   struct mbuf_list *pl;
unsigned int prio = nitems(pq->pq_lists);
struct mbuf *m;
 
do {
pl = >pq_lists[--prio];
-   m = pl->head;
+   m = MBUF_LIST_FIRST(pl);
if (m != NULL) {
*cookiep = pl;
return (m);
}
} while (prio > 0);
@@ -447,35 +443,27 @@ priq_deq_begin(struct ifqueue *ifq, void **cookiep)
 }
 
 void
 priq_deq_commit(struct ifqueue *ifq, struct mbuf *m, void *cookie)
 {
-   struct priq_list *pl = cookie;
+   struct mbuf_list *pl = cookie;
 
-   KASSERT(pl->head == m);
+   KASSERT(MBUF_LIST_FIRST(pl) == m);
 
-   pl->head = m->m_nextpkt;
-   m->m_nextpkt = NULL;
-
-   if (pl->head == NULL)
-   pl->tail = NULL;
+   ml_dequeue(pl);
 }
 
 void
 priq_purge(struct ifqueue *ifq, struct mbuf_list *ml)
 {
struct priq *pq = ifq->ifq_q;
-   struct priq_list *pl;
+   struct mbuf_list *pl;
unsigned int prio = nitems(pq->pq_lists);
-   struct mbuf *m, *n;
+   struct mbuf *m;
 
do {
pl = >pq_lists[--prio];
 
-   for (m = pl->head; m != NULL; m = n) {
-   n = m->m_nextpkt;
+   while ((m = ml_dequeue(pl)) != NULL)
ml_enqueue(ml, m);
-   }
-
-   pl->head = pl->tail = NULL;
} while (prio > 0);
 }
-- 
2.12.0

OpenBSD errata, Mar 1, 2017

[Stefan Sperling]

A man-in-the-middle vulnerability has been found in OpenBSD's wireless stack.
A malicious access point can trick an OpenBSD client using WPA1 or WPA2 into
connecting to this malicious AP instead of the desired AP. When this attack is
used successfully the OpenBSD client will send and accept unencrypted frames.

This problem only affects OpenBSD clients. OpenBSD access points are unaffected.

Thanks to Mathy Vanhoef  for finding and
reporting the issue, providing a demo exploit and an initial patch, and
working through several iterations of the patch together with me.

The problem has been fixed in -current. For 5.9 and 6.0 the following errata
patches are available.

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/018_net80211.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/035_net80211.patch.sig

Re: /bsd: file: table is full

[Ted Unangst]

Peter Haag wrote:
> Hi list,
> I'm running a moderate busy OpenBSD 6.0 server for mail ( postfix, cyrus ) as 
> well as
> web server ( nginx,  php ) and experiance the following kernel messages:
> 
> /bsd: file: table is full
> 
> /bsd: process: table is full
> 
> Is there an advice or rule on how the values kern.maxfiles, kern.maxproc 
> should be set/increased
> in order to avoid hitting these limits, or is it simply an increase to what 
> every value is appropriate?

increase as necessary, but investigate better process limits. the system
limits are a last resort check against runaway processes, but it's better to
hit per process/user limits first.

relayd(8): more rdomain integration diff

[Philipp Buehler]

Hi folks,

after trying forth and back to overcome some limitations in relayd along 
multiple
"instances" and rdomain/rtable I decided to scrub some rust of my C/yacc 
and

produced the following diffs against -current to relayd and relayctl.

Feats:
- relayd/relayctl: -s sockname; obviously and blatantly taken from 
ospfd/ospfctl
- relayd: -a anchorname; overcome the problem that one stopping relayd 
cleans
 out everything below 'relayd/*'  or not having any seperation 
(includes) in first

 place
- relayd.conf: add 'rtable' as a tableopt; reasoning for "only" there:
 - route -T N exec will already put one into 'on rdomain N'
 - 'listen' already has an 'interface' option to bound to a specific 
rdomain (unless

 I am mistaken here on the kernel/addressing side
 - generally unsure if this has a real use case anyway

Tests done:
- running two relayd on different anchors, rdomains (via route exec) and 
so on,
 notable to me was the point of purging the main/final anchor in 
flush_rulesets.


Caveats:
- didnt write C/yacc in some years, so esp. string-handling could need 
some eyeballs


Patch-white-space-drama; if the patches have mangled WS, there are also 
here:

https://github.com/double-p/smtf/tree/master/patches

Everybody coming, see you in Tokyo!

PS: iked lacks -s, ikectl doesnt... :)
--
pbIndex: relayctl.8
===
RCS file: /cvs/src/usr.sbin/relayctl/relayctl.8,v
retrieving revision 1.32
diff -u -p -r1.32 relayctl.8
--- relayctl.8	28 Nov 2015 01:22:44 -	1.32
+++ relayctl.8	28 Feb 2017 20:09:34 -
@@ -23,6 +23,7 @@
 .Nd control the relay daemon
 .Sh SYNOPSIS
 .Nm
+.Op Fl s Ar socket
 .Ar command
 .Op Ar argument ...
 .Sh DESCRIPTION
@@ -32,6 +33,17 @@ program controls the
 .Xr relayd 8
 daemon.
 .Pp
+The following options are available:
+.Bl -tag -width Ds
+.It Fl s Ar socket
+Use
+.Ar socket
+instead of the default
+.Pa /var/run/relayd.sock
+to communicate with
+.Xr relayd 8 .
+.El
+.Pp
 The following commands are available:
 .Bl -tag -width Ds
 .It Cm host disable Op Ar name | id
@@ -105,6 +117,7 @@ again.
 .Sh FILES
 .Bl -tag -width "/var/run/relayd.sockXX" -compact
 .It Pa /var/run/relayd.sock
+Default
 .Ux Ns -domain
 socket used for communication with
 .Xr relayd 8 .
Index: relayctl.c
===
RCS file: /cvs/src/usr.sbin/relayctl/relayctl.c,v
retrieving revision 1.57
diff -u -p -r1.57 relayctl.c
--- relayctl.c	3 Sep 2016 14:44:21 -	1.57
+++ relayctl.c	28 Feb 2017 20:09:34 -
@@ -88,7 +88,8 @@ usage(void)
 {
 	extern char *__progname;
 
-	fprintf(stderr, "usage: %s command [argument ...]\n", __progname);
+	fprintf(stderr, "usage: %s [-s socket] command [argument ...]\n",
+ 	__progname);
 	exit(1);
 }
 
@@ -101,9 +102,25 @@ main(int argc, char *argv[])
 	int			 ctl_sock;
 	int			 done = 0;
 	int			 n, verbose = 0;
+	int			 ch;
+	char			*sockname;
+
+	sockname = RELAYD_SOCKET;
+	while ((ch = getopt(argc, argv, "s:")) != -1) {
+		switch (ch) {
+		case 's':
+			sockname = optarg;
+			break;
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+	argc -= optind;
+	argv += optind;
 
 	/* parse options */
-	if ((res = parse(argc - 1, argv + 1)) == NULL)
+	if ((res = parse(argc, argv)) == NULL)
 		exit(1);
 
 	/* connect to relayd control socket */
@@ -112,7 +129,7 @@ main(int argc, char *argv[])
 
 	bzero(, sizeof(sun));
 	sun.sun_family = AF_UNIX;
-	(void)strlcpy(sun.sun_path, RELAYD_SOCKET, sizeof(sun.sun_path));
+	(void)strlcpy(sun.sun_path, sockname, sizeof(sun.sun_path));
  reconnect:
 	if (connect(ctl_sock, (struct sockaddr *), sizeof(sun)) == -1) {
 		/* Keep retrying if running in monitor mode */
@@ -121,7 +138,7 @@ main(int argc, char *argv[])
 			usleep(100);
 			goto reconnect;
 		}
-		err(1, "connect: %s", RELAYD_SOCKET);
+		err(1, "connect: %s", sockname);
 	}
 
 	if (pledge("stdio", NULL) == -1)
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.214
diff -u -p -r1.214 parse.y
--- parse.y	5 Jan 2017 13:53:09 -	1.214
+++ parse.y	1 Mar 2017 15:50:24 -
@@ -805,6 +805,13 @@ tableopts	: CHECK tablecheck
 break;
 			}
 		}
+		| RTABLE NUMBER {
+			if ($2 < 0 || $2 > RT_TABLEID_MAX) {
+yyerror("invalid rtable id %d", $2);
+YYERROR;
+			}
+			table->conf.rtable = $2;
+		}
 		;
 
 /* should be in sync with sbin/pfctl/parse.y's hashkey */
Index: pfe_filter.c
===
RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v
retrieving revision 1.61
diff -u -p -r1.61 pfe_filter.c
--- pfe_filter.c	24 Jan 2017 10:49:14 -	1.61
+++ pfe_filter.c	1 Mar 2017 15:50:24 -
@@ -60,7 +60,7 @@ init_tables(struct relayd *env)
 	i = 0;
 
 	TAILQ_FOREACH(rdr, env->sc_rdrs, entry) {
-		if (strlcpy(tables[i].pfrt_anchor, RELAYD_ANCHOR "/",
+		if (strlcpy(tables[i].pfrt_anchor, env->sc_baseanchor,
 		

Re: vmd: fixed lladdr for VM guests to prevent MAC spoofing

[Reyk Floeter]

On Wed, Mar 01, 2017 at 01:04:57PM +0100, Reyk Floeter wrote:
> Hi,
> 
> add the new "fixed lladdr" option: when multiple VMs are connected to
> a switch, it is desirable that an individual VM cannot spoof another
> MAC address, especially when using meta-data*.  vmd(8) can enforce
> this by comparing the address in the Ethernet header with the
> configured/generated address of the VM interface.
> 
> This somewhat resembles the following features from VMware:
>   ethernet0.noforgedsrcaddr = "TRUE"
>   ethernet0.nopromisc = "TRUE"
> 
> The important parts of the diff** are in the two if statements including
> "dev->fixedmac" below, the rest is infrastructure, config, and
> documentation.
> 
> I could have used bridge(4) rules or switch(4) OpenFlow actions, but I
> decided to implement it in vmd(8) directly to make it easier and to
> work in all cases independent from the switch type.
> 
> *) https://github.com/reyk/meta-data
> **) this diff conflicts with the previous vmm.c split.  Whatever goes
> in first, I can update and resend it accordingly.
> 
> OK?
> 
> Reyk
> 
> Add "fixed lladdr" option to prevent VMs from spoofing MAC addresses.
> 
> This is especially useful when multiple VMs share a switch, the
> implementation is independent from the underlying switch or bridge.
> 

After some discussions, this is the updated diff:

- change "fixed" to "locked", adjust manpage
- sync with latest vmm.c split

Reyk

Index: usr.sbin/vmd/config.c
===
RCS file: /cvs/src/usr.sbin/vmd/config.c,v
retrieving revision 1.25
diff -u -p -u -p -r1.25 config.c
--- usr.sbin/vmd/config.c   1 Mar 2017 07:43:33 -   1.25
+++ usr.sbin/vmd/config.c   1 Mar 2017 18:16:20 -
@@ -236,7 +236,8 @@ config_setvm(struct privsep *ps, struct 
}
 
/* Set the interface status */
-   vif->vif_flags = vmc->vmc_ifflags[i] & IFF_UP;
+   vif->vif_flags =
+   vmc->vmc_ifflags[i] & (VMIFF_UP|VMIFF_OPTMASK);
}
 
/* Open TTY */
Index: usr.sbin/vmd/parse.y
===
RCS file: /cvs/src/usr.sbin/vmd/parse.y,v
retrieving revision 1.21
diff -u -p -u -p -r1.21 parse.y
--- usr.sbin/vmd/parse.y1 Mar 2017 07:43:33 -   1.21
+++ usr.sbin/vmd/parse.y1 Mar 2017 18:16:20 -
@@ -116,10 +116,11 @@ typedef struct {
 
 %token INCLUDE ERROR
 %token ADD DISK DOWN GROUP INTERFACE NIFS PATH SIZE SWITCH UP VMID
-%token ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER
+%token ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER LOCKED
 %token   STRING
 %token   NUMBER
 %typedisable
+%typelocked
 %typeupdown
 %typelladdr
 %typestring
@@ -174,7 +175,7 @@ switch  : SWITCH string {
 
vsw->sw_id = env->vmd_nswitches + 1;
vsw->sw_name = $2;
-   vsw->sw_flags = IFF_UP;
+   vsw->sw_flags = VMIFF_UP;
snprintf(vsw->sw_ifname, sizeof(vsw->sw_ifname),
"%s%u", vsw_type, vsw_unit++);
TAILQ_INIT(>sw_ifs);
@@ -241,11 +242,14 @@ switch_opts   : disable   {
}
free($2);
}
+   | LOCKED LLADDR {
+   vsw->sw_flags |= VMIFF_LOCKED;
+   }
| updown{
if ($1)
-   vsw->sw_flags |= IFF_UP;
+   vsw->sw_flags |= VMIFF_UP;
else
-   vsw->sw_flags &= ~IFF_UP;
+   vsw->sw_flags &= ~VMIFF_UP;
}
;
 
@@ -503,14 +507,16 @@ iface_opts: SWITCH string {
sizeof(vmc.vmc_ifgroup[i]));
free($2);
}
-   | LLADDR lladdr {
-   memcpy(vcp->vcp_macs[vcp_nnics], $2, ETHER_ADDR_LEN);
+   | locked LLADDR lladdr  {
+   if ($1)
+   vmc.vmc_ifflags[vcp_nnics] |= VMIFF_LOCKED;
+   memcpy(vcp->vcp_macs[vcp_nnics], $3, ETHER_ADDR_LEN);
}
| updown{
if ($1)
-   vmc.vmc_ifflags[vcp_nnics] |= IFF_UP;
+   vmc.vmc_ifflags[vcp_nnics] |= VMIFF_UP;
else
-   vmc.vmc_ifflags[vcp_nnics] &= ~IFF_UP;
+   vmc.vmc_ifflags[vcp_nnics] &= ~VMIFF_UP;
}
;
 
@@ -541,6 +547,10 @@ lladdr : STRING   

[PATCH] Update link to the VMware backdoor docs

[Seth Jackson]

The link to the VMware backdoor docs in the vmt(4) driver is dead.

Update it to a working one.


Index: src/sys/dev/pv/vmt.c
===
RCS file: /cvs/src/sys/dev/pv/vmt.c,v
retrieving revision 1.12
diff -u -p -r1.12 vmt.c
--- src/sys/dev/pv/vmt.c3 Feb 2017 08:23:01 - 1.12
+++ src/sys/dev/pv/vmt.c1 Mar 2017 17:56:51 -
@@ -23,7 +23,7 @@

 /*
  * Protocol reverse engineered by Ken Kato:
- * http://chitchat.at.infoseek.co.jp/vmware/backdoor.html
+ * https://sites.google.com/site/chitchatvmback/backdoor
  */

 #include 

/bsd: file: table is full

[Peter Haag]

Hi list,
I'm running a moderate busy OpenBSD 6.0 server for mail ( postfix, cyrus ) as 
well as
web server ( nginx,  php ) and experiance the following kernel messages:

/bsd: file: table is full

/bsd: process: table is full

Is there an advice or rule on how the values kern.maxfiles, kern.maxproc should 
be set/increased
in order to avoid hitting these limits, or is it simply an increase to what 
every value is appropriate?

On the application side, I already tried to optimize some values for IMAP etc. 
- fstat is the tool
of choice, but all tweeking seems not to fit into the default values of the 
kernel.


Many thanks

- Peter



signature.asc
Description: OpenPGP digital signature

Re: PF_ROUTE vs NET_LOCK()

[Alexander Bluhm]

On Tue, Feb 28, 2017 at 01:28:45PM +0100, Martin Pieuchot wrote:
> Routing sockets do not really need the NET_LOCK(), only route_output()
> needs it.

That depends what the future use of the netlock will be.  route_input()
is called from tcp, icmp, arp timers.  Currently they have kernel
lock, but maybe we want to switch them to netlock only.

Do you see any problems when running this routing code with netlock?

> @@ -675,6 +678,7 @@ route_output(struct mbuf *m, ...)
>* may be not consistent and could cause unexpected behaviour in other
>* userland clients. Use goto fail instead.
>*/
> + NET_LOCK(s);
>   switch (rtm->rtm_type) {
>   case RTM_ADD:
>   if (info.rti_info[RTAX_GATEWAY] == NULL) {

We may not sleep here.  The malloc(9) in route_output() uses M_NOWAIT,
so I guess the upper layer assumes that this code does not get
rescheduled.  One idea of netlock is to do the sleeps before the
atomic sections of the network code.

> @@ -943,20 +947,16 @@ change:
>   seq = rtm->rtm_seq;
>   free(rtm, M_RTABLE, 0);
>   rtm = rt_report(rt, type, seq, tableid);
> +flush:
> + NET_UNLOCK(s);
> + rtfree(rt);
>   if (rtm == NULL) {
>   error = ENOBUFS;
>   goto fail;
> - }
> -
> -flush:
> - if (rt)
> - rtfree(rt);
> - if (rtm) {
> - if (error)
> - rtm->rtm_errno = error;
> - else {
> - rtm->rtm_flags |= RTF_DONE;
> - }
> + } else if (error) {
> + rtm->rtm_errno = error;
> + } else {
> + rtm->rtm_flags |= RTF_DONE;
>   }
>  
>   /*

Fixing the rt leak is OK bluhm@.  This should go in independently
so we can merge krw@'s RTM_PROPOSAL diff.

bluhm

Re: xdm in afterboot

[Stuart Henderson]

On 2017/03/01 15:08, Jan Stary wrote:
> The transition from xdm to xenodm is not reflected in afterboot(8).

*ponders* does it actually need to change name?  In terms of
configuration etc it's all the same as xdm, minus the parts that
have been removed... This might be easier than diagnosing people
having problems a couple of releases down the line because they
haven't switched and are running old binaries.

Re: xdm in afterboot

[Jason McIntyre]

On Wed, Mar 01, 2017 at 03:08:41PM +0100, Jan Stary wrote:
> The transition from xdm to xenodm is not reflected in afterboot(8).
> 
>   Jan
> 

fixed, thanks.
jmc

> Index: share/man/man8/afterboot.8
> ===
> RCS file: /cvs/src/share/man/man8/afterboot.8,v
> retrieving revision 1.157
> diff -u -p -u -p -r1.157 afterboot.8
> --- share/man/man8/afterboot.85 Sep 2016 12:58:17 -   1.157
> +++ share/man/man8/afterboot.81 Mar 2017 14:04:38 -
> @@ -420,10 +420,10 @@ and
>  .Xr rc.shutdown 8 .
>  .Pp
>  If you've installed X, you may want to turn on
> -.Xr xdm 1 ,
> +.Xr xenodm 1 ,
>  the X Display Manager.
>  To do this, change the value of
> -.Va xdm_flags
> +.Va xenodm_flags
>  in
>  .Pa /etc/rc.conf.local .
>  .Ss Set keyboard type
> 

Re: C99 initializers for domains

[David Hill]

OK

On Wed, Mar 01, 2017 at 01:40:58PM +0100, Martin Pieuchot wrote:
> I converted the declarations when I audited the existing 'dom_init'
> functions.
> 
> ok?
> 
> Index: kern/uipc_proto.c
> ===
> RCS file: /cvs/src/sys/kern/uipc_proto.c,v
> retrieving revision 1.12
> diff -u -p -r1.12 uipc_proto.c
> --- kern/uipc_proto.c 22 Feb 2017 19:34:42 -  1.12
> +++ kern/uipc_proto.c 1 Mar 2017 12:05:35 -
> @@ -37,9 +37,9 @@
>  #include 
>  #include 
>  #include 
> -#include  
> +#include 
>  #include 
> -
> +
>  #include 
>  
>  /*
> @@ -72,6 +72,11 @@ struct protosw unixsw[] = {
>  }
>  };
>  
> -struct domain unixdomain =
> -{ AF_LOCAL, "unix", 0, unp_externalize, unp_dispose,
> -  unixsw, [nitems(unixsw)] };
> +struct domain unixdomain = {
> +  .dom_family = AF_LOCAL,
> +  .dom_name = "unix",
> +  .dom_externalize = unp_externalize,
> +  .dom_dispose = unp_dispose,
> +  .dom_protosw = unixsw,
> +  .dom_protoswNPROTOSW = [nitems(unixsw)]
> +};
> Index: net/pfkey.c
> ===
> RCS file: /cvs/src/sys/net/pfkey.c,v
> retrieving revision 1.37
> diff -u -p -r1.37 pfkey.c
> --- net/pfkey.c   22 Feb 2017 19:34:42 -  1.37
> +++ net/pfkey.c   1 Mar 2017 12:11:31 -
> @@ -256,13 +256,9 @@ pfkey_usrreq(struct socket *socket, int 
>  }
>  
>  struct domain pfkeydomain = {
> - PF_KEY,
> - "PF_KEY",
> - pfkey_init, /* init */
> - NULL, /* externalize */
> - NULL, /* dispose */
> - NULL, /* protosw */
> - NULL, /* protoswNPROTOSW */
> +  .dom_family = PF_KEY,
> +  .dom_name = "PF_KEY",
> +  .dom_init = pfkey_init,
>  };
>  
>  static struct protosw pfkey_protosw_template = {
> Index: net/rtsock.c
> ===
> RCS file: /cvs/src/sys/net/rtsock.c,v
> retrieving revision 1.223
> diff -u -p -r1.223 rtsock.c
> --- net/rtsock.c  22 Feb 2017 19:34:42 -  1.223
> +++ net/rtsock.c  1 Mar 2017 12:33:46 -
> @@ -1666,6 +1666,10 @@ struct protosw routesw[] = {
>  }
>  };
>  
> -struct domain routedomain =
> -{ PF_ROUTE, "route", route_init, 0, 0,
> -  routesw, [nitems(routesw)] };
> +struct domain routedomain = {
> +  .dom_family = PF_ROUTE,
> +  .dom_name = "route",
> +  .dom_init = route_init,
> +  .dom_protosw = routesw,
> +  .dom_protoswNPROTOSW = [nitems(routesw)]
> +};
> Index: netinet/in_proto.c
> ===
> RCS file: /cvs/src/sys/netinet/in_proto.c,v
> retrieving revision 1.73
> diff -u -p -r1.73 in_proto.c
> --- netinet/in_proto.c22 Feb 2017 19:34:42 -  1.73
> +++ netinet/in_proto.c1 Mar 2017 12:07:53 -
> @@ -438,8 +438,12 @@ struct protosw inetsw[] = {
>  }
>  };
>  
> -struct domain inetdomain =
> -{ AF_INET, "internet", 0, 0, 0,
> -  inetsw, [nitems(inetsw)],
> -  sizeof(struct sockaddr_in),
> -  offsetof(struct sockaddr_in, sin_addr), 32 };
> +struct domain inetdomain = {
> +  .dom_family = AF_INET,
> +  .dom_name = "internet",
> +  .dom_protosw = inetsw,
> +  .dom_protoswNPROTOSW = [nitems(inetsw)],
> +  .dom_rtkeylen = sizeof(struct sockaddr_in),
> +  .dom_rtoffset = offsetof(struct sockaddr_in, sin_addr),
> +  .dom_maxplen = 32
> +};
> Index: netinet6/in6_proto.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6_proto.c,v
> retrieving revision 1.89
> diff -u -p -r1.89 in6_proto.c
> --- netinet6/in6_proto.c  22 Feb 2017 19:34:42 -  1.89
> +++ netinet6/in6_proto.c  1 Mar 2017 12:10:23 -
> @@ -340,13 +340,17 @@ struct protosw inet6sw[] = {
>  }
>  };
>  
> -struct domain inet6domain =
> -{ AF_INET6, "internet6", 0, 0, 0,
> -  (struct protosw *)inet6sw,
> -  (struct protosw *)[nitems(inet6sw)],
> -  sizeof(struct sockaddr_in6),
> -  offsetof(struct sockaddr_in6, sin6_addr), 128,
> -  in6_domifattach, in6_domifdetach, };
> +struct domain inet6domain = {
> +  .dom_family = AF_INET6,
> +  .dom_name = "internet6",
> +  .dom_protosw = (struct protosw *)inet6sw,
> +  .dom_protoswNPROTOSW = (struct protosw *)[nitems(inet6sw)],
> +  .dom_rtkeylen = sizeof(struct sockaddr_in6),
> +  .dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr),
> +  .dom_maxplen = 128,
> +  .dom_ifattach = in6_domifattach,
> +  .dom_ifdetach = in6_domifdetach
> +};
>  
>  /*
>   * Internet configuration info
> Index: netmpls/mpls_proto.c
> ===
> RCS file: /cvs/src/sys/netmpls/mpls_proto.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 mpls_proto.c
> --- netmpls/mpls_proto.c  27 Feb 2017 19:16:56 -  1.15
> +++ netmpls/mpls_proto.c  1 Mar 2017 12:14:17 -
> @@ -46,9 +46,9 @@
>   * MPLS address family: needed for the routing table
>   */
>  struct domain mplsdomain = {
> - 

xdm in afterboot

[Jan Stary]

The transition from xdm to xenodm is not reflected in afterboot(8).

Jan

Index: share/man/man8/afterboot.8
===
RCS file: /cvs/src/share/man/man8/afterboot.8,v
retrieving revision 1.157
diff -u -p -u -p -r1.157 afterboot.8
--- share/man/man8/afterboot.8  5 Sep 2016 12:58:17 -   1.157
+++ share/man/man8/afterboot.8  1 Mar 2017 14:04:38 -
@@ -420,10 +420,10 @@ and
 .Xr rc.shutdown 8 .
 .Pp
 If you've installed X, you may want to turn on
-.Xr xdm 1 ,
+.Xr xenodm 1 ,
 the X Display Manager.
 To do this, change the value of
-.Va xdm_flags
+.Va xenodm_flags
 in
 .Pa /etc/rc.conf.local .
 .Ss Set keyboard type

C99 initializers for domains

[Martin Pieuchot]

I converted the declarations when I audited the existing 'dom_init'
functions.

ok?

Index: kern/uipc_proto.c
===
RCS file: /cvs/src/sys/kern/uipc_proto.c,v
retrieving revision 1.12
diff -u -p -r1.12 uipc_proto.c
--- kern/uipc_proto.c   22 Feb 2017 19:34:42 -  1.12
+++ kern/uipc_proto.c   1 Mar 2017 12:05:35 -
@@ -37,9 +37,9 @@
 #include 
 #include 
 #include 
-#include  
+#include 
 #include 
-
+
 #include 
 
 /*
@@ -72,6 +72,11 @@ struct protosw unixsw[] = {
 }
 };
 
-struct domain unixdomain =
-{ AF_LOCAL, "unix", 0, unp_externalize, unp_dispose,
-  unixsw, [nitems(unixsw)] };
+struct domain unixdomain = {
+  .dom_family = AF_LOCAL,
+  .dom_name = "unix",
+  .dom_externalize = unp_externalize,
+  .dom_dispose = unp_dispose,
+  .dom_protosw = unixsw,
+  .dom_protoswNPROTOSW = [nitems(unixsw)]
+};
Index: net/pfkey.c
===
RCS file: /cvs/src/sys/net/pfkey.c,v
retrieving revision 1.37
diff -u -p -r1.37 pfkey.c
--- net/pfkey.c 22 Feb 2017 19:34:42 -  1.37
+++ net/pfkey.c 1 Mar 2017 12:11:31 -
@@ -256,13 +256,9 @@ pfkey_usrreq(struct socket *socket, int 
 }
 
 struct domain pfkeydomain = {
-   PF_KEY,
-   "PF_KEY",
-   pfkey_init, /* init */
-   NULL, /* externalize */
-   NULL, /* dispose */
-   NULL, /* protosw */
-   NULL, /* protoswNPROTOSW */
+  .dom_family = PF_KEY,
+  .dom_name = "PF_KEY",
+  .dom_init = pfkey_init,
 };
 
 static struct protosw pfkey_protosw_template = {
Index: net/rtsock.c
===
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.223
diff -u -p -r1.223 rtsock.c
--- net/rtsock.c22 Feb 2017 19:34:42 -  1.223
+++ net/rtsock.c1 Mar 2017 12:33:46 -
@@ -1666,6 +1666,10 @@ struct protosw routesw[] = {
 }
 };
 
-struct domain routedomain =
-{ PF_ROUTE, "route", route_init, 0, 0,
-  routesw, [nitems(routesw)] };
+struct domain routedomain = {
+  .dom_family = PF_ROUTE,
+  .dom_name = "route",
+  .dom_init = route_init,
+  .dom_protosw = routesw,
+  .dom_protoswNPROTOSW = [nitems(routesw)]
+};
Index: netinet/in_proto.c
===
RCS file: /cvs/src/sys/netinet/in_proto.c,v
retrieving revision 1.73
diff -u -p -r1.73 in_proto.c
--- netinet/in_proto.c  22 Feb 2017 19:34:42 -  1.73
+++ netinet/in_proto.c  1 Mar 2017 12:07:53 -
@@ -438,8 +438,12 @@ struct protosw inetsw[] = {
 }
 };
 
-struct domain inetdomain =
-{ AF_INET, "internet", 0, 0, 0,
-  inetsw, [nitems(inetsw)],
-  sizeof(struct sockaddr_in),
-  offsetof(struct sockaddr_in, sin_addr), 32 };
+struct domain inetdomain = {
+  .dom_family = AF_INET,
+  .dom_name = "internet",
+  .dom_protosw = inetsw,
+  .dom_protoswNPROTOSW = [nitems(inetsw)],
+  .dom_rtkeylen = sizeof(struct sockaddr_in),
+  .dom_rtoffset = offsetof(struct sockaddr_in, sin_addr),
+  .dom_maxplen = 32
+};
Index: netinet6/in6_proto.c
===
RCS file: /cvs/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.89
diff -u -p -r1.89 in6_proto.c
--- netinet6/in6_proto.c22 Feb 2017 19:34:42 -  1.89
+++ netinet6/in6_proto.c1 Mar 2017 12:10:23 -
@@ -340,13 +340,17 @@ struct protosw inet6sw[] = {
 }
 };
 
-struct domain inet6domain =
-{ AF_INET6, "internet6", 0, 0, 0,
-  (struct protosw *)inet6sw,
-  (struct protosw *)[nitems(inet6sw)],
-  sizeof(struct sockaddr_in6),
-  offsetof(struct sockaddr_in6, sin6_addr), 128,
-  in6_domifattach, in6_domifdetach, };
+struct domain inet6domain = {
+  .dom_family = AF_INET6,
+  .dom_name = "internet6",
+  .dom_protosw = (struct protosw *)inet6sw,
+  .dom_protoswNPROTOSW = (struct protosw *)[nitems(inet6sw)],
+  .dom_rtkeylen = sizeof(struct sockaddr_in6),
+  .dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr),
+  .dom_maxplen = 128,
+  .dom_ifattach = in6_domifattach,
+  .dom_ifdetach = in6_domifdetach
+};
 
 /*
  * Internet configuration info
Index: netmpls/mpls_proto.c
===
RCS file: /cvs/src/sys/netmpls/mpls_proto.c,v
retrieving revision 1.15
diff -u -p -r1.15 mpls_proto.c
--- netmpls/mpls_proto.c27 Feb 2017 19:16:56 -  1.15
+++ netmpls/mpls_proto.c1 Mar 2017 12:14:17 -
@@ -46,9 +46,9 @@
  * MPLS address family: needed for the routing table
  */
 struct domain mplsdomain = {
-   AF_MPLS, "mpls", NULL, 0, 0,
-   NULL,
-   0,
-   sizeof(struct sockaddr_mpls),
-   offsetof(struct sockaddr_mpls, smpls_label), 32
+  .dom_family = AF_MPLS,
+  .dom_name = "mpls",
+  .dom_rtkeylen = sizeof(struct sockaddr_mpls),
+  .dom_rtoffset = offsetof(struct sockaddr_mpls, smpls_label),
+  .dom_maxplen = 32
 };

vmd: fixed lladdr for VM guests to prevent MAC spoofing

[Reyk Floeter]

Hi,

add the new "fixed lladdr" option: when multiple VMs are connected to
a switch, it is desirable that an individual VM cannot spoof another
MAC address, especially when using meta-data*.  vmd(8) can enforce
this by comparing the address in the Ethernet header with the
configured/generated address of the VM interface.

This somewhat resembles the following features from VMware:
ethernet0.noforgedsrcaddr = "TRUE"
ethernet0.nopromisc = "TRUE"

The important parts of the diff** are in the two if statements including
"dev->fixedmac" below, the rest is infrastructure, config, and
documentation.

I could have used bridge(4) rules or switch(4) OpenFlow actions, but I
decided to implement it in vmd(8) directly to make it easier and to
work in all cases independent from the switch type.

*) https://github.com/reyk/meta-data
**) this diff conflicts with the previous vmm.c split.  Whatever goes
in first, I can update and resend it accordingly.

OK?

Reyk

Add "fixed lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

diff --git usr.sbin/vmd/config.c usr.sbin/vmd/config.c
index fa5dda1..7863ce1 100644
--- usr.sbin/vmd/config.c
+++ usr.sbin/vmd/config.c
@@ -236,7 +236,8 @@ config_setvm(struct privsep *ps, struct vmd_vm *vm, 
uint32_t peerid, uid_t uid)
}
 
/* Set the interface status */
-   vif->vif_flags = vmc->vmc_ifflags[i] & IFF_UP;
+   vif->vif_flags =
+   vmc->vmc_ifflags[i] & (VMIFF_UP|VMIFF_OPTMASK);
}
 
/* Open TTY */
diff --git usr.sbin/vmd/parse.y usr.sbin/vmd/parse.y
index 52ea73e..6f35368 100644
--- usr.sbin/vmd/parse.y
+++ usr.sbin/vmd/parse.y
@@ -116,10 +116,11 @@ typedef struct {
 
 %token INCLUDE ERROR
 %token ADD DISK DOWN GROUP INTERFACE NIFS PATH SIZE SWITCH UP VMID
-%token ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER
+%token ENABLE DISABLE VM KERNEL LLADDR MEMORY OWNER FIXED
 %token   STRING
 %token   NUMBER
 %typedisable
+%typefixed
 %typeupdown
 %typelladdr
 %typestring
@@ -174,7 +175,7 @@ switch  : SWITCH string {
 
vsw->sw_id = env->vmd_nswitches + 1;
vsw->sw_name = $2;
-   vsw->sw_flags = IFF_UP;
+   vsw->sw_flags = VMIFF_UP;
snprintf(vsw->sw_ifname, sizeof(vsw->sw_ifname),
"%s%u", vsw_type, vsw_unit++);
TAILQ_INIT(>sw_ifs);
@@ -241,11 +242,14 @@ switch_opts   : disable   {
}
free($2);
}
+   | FIXED LLADDR  {
+   vsw->sw_flags |= VMIFF_FIXED;
+   }
| updown{
if ($1)
-   vsw->sw_flags |= IFF_UP;
+   vsw->sw_flags |= VMIFF_UP;
else
-   vsw->sw_flags &= ~IFF_UP;
+   vsw->sw_flags &= ~VMIFF_UP;
}
;
 
@@ -503,14 +507,16 @@ iface_opts: SWITCH string {
sizeof(vmc.vmc_ifgroup[i]));
free($2);
}
-   | LLADDR lladdr {
-   memcpy(vcp->vcp_macs[vcp_nnics], $2, ETHER_ADDR_LEN);
+   | fixed LLADDR lladdr   {
+   if ($1)
+   vmc.vmc_ifflags[vcp_nnics] |= VMIFF_FIXED;
+   memcpy(vcp->vcp_macs[vcp_nnics], $3, ETHER_ADDR_LEN);
}
| updown{
if ($1)
-   vmc.vmc_ifflags[vcp_nnics] |= IFF_UP;
+   vmc.vmc_ifflags[vcp_nnics] |= VMIFF_UP;
else
-   vmc.vmc_ifflags[vcp_nnics] &= ~IFF_UP;
+   vmc.vmc_ifflags[vcp_nnics] &= ~VMIFF_UP;
}
;
 
@@ -541,6 +547,10 @@ lladdr : STRING{
}
;
 
+fixed  : /* empty */   { $$ = 0; }
+   | FIXED { $$ = 1; }
+   ;
+
 updown : UP{ $$ = 1; }
| DOWN  { $$ = 0; }
;
@@ -599,6 +609,7 @@ lookup(char *s)
{ "disk",   DISK },
{ "down",   DOWN },
{ "enable", ENABLE },
+   { "fixed",  FIXED },
{ "group",  

nd6_timer & global list of IPv6 addresses

[Martin Pieuchot]

The work done in this timer should be considerably reduced when we'll
move autoconf out of the kernel.  However we'll always need to check
for IPv6 address life time expiration.   This use case doesn't justify
a specific global data structure. 

So let's iterate over the global list of interfaces instead.  This also
prepare the work to split the NET_LOCK().  Since the ioctl(2) are
per-ifp it makes sense to serialize write operations on a per interface
basis.

ok?

Index: netinet6/nd6.c
===
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.203
diff -u -p -r1.203 nd6.c
--- netinet6/nd6.c  9 Feb 2017 15:23:35 -   1.203
+++ netinet6/nd6.c  1 Mar 2017 11:30:52 -
@@ -435,7 +435,7 @@ nd6_timer_work(void *null)
 {
struct nd_defrouter *dr, *ndr;
struct nd_prefix *pr, *npr;
-   struct in6_ifaddr *ia6, *nia6;
+   struct ifnet *ifp;
int s;
 
NET_LOCK(s);
@@ -453,18 +453,26 @@ nd6_timer_work(void *null)
 * However, from a stricter spec-conformance standpoint, we should
 * rather separate address lifetimes and prefix lifetimes.
 */
-   TAILQ_FOREACH_SAFE(ia6, _ifaddr, ia_list, nia6) {
-   /* check address lifetime */
-   if (IFA6_IS_INVALID(ia6)) {
-   in6_purgeaddr(>ia_ifa);
-   } else if (IFA6_IS_DEPRECATED(ia6)) {
-   ia6->ia6_flags |= IN6_IFF_DEPRECATED;
-   } else {
-   /*
-* A new RA might have made a deprecated address
-* preferred.
-*/
-   ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
+   TAILQ_FOREACH(ifp, , if_list) {
+   struct ifaddr *ifa, *nifa;
+   struct in6_ifaddr *ia6;
+
+   TAILQ_FOREACH_SAFE(ifa, >if_addrlist, ifa_list, nifa) {
+   if (ifa->ifa_addr->sa_family != AF_INET6)
+   continue;
+   ia6 = ifatoia6(ifa);
+   /* check address lifetime */
+   if (IFA6_IS_INVALID(ia6)) {
+   in6_purgeaddr(>ia_ifa);
+   } else if (IFA6_IS_DEPRECATED(ia6)) {
+   ia6->ia6_flags |= IN6_IFF_DEPRECATED;
+   } else {
+   /*
+* A new RA might have made a deprecated address
+* preferred.
+*/
+   ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
+   }
}
}
 

vmd: split vmm.c into vm.c and vmm.c

[Reyk Floeter]

Hi,

the attached diff is somewhat but big without a functional change, it
splits vmm.c into two files:

- vmm.c: the vmm parent process that forks and maintains all the VMs
- vm.c: each individual VM process and most of the real vmm(4) "magic"

As discussed with mlarkin@ over beer.

OK?

Reyk

diff --git usr.sbin/vmd/Makefile usr.sbin/vmd/Makefile
index 39fd337..f80d041 100644
--- usr.sbin/vmd/Makefile
+++ usr.sbin/vmd/Makefile
@@ -3,9 +3,9 @@
 .if ${MACHINE} == "amd64" || ${MACHINE} == "i386"
 
 PROG=  vmd
-SRCS=  vmm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
-SRCS+= vmd.c control.c log.c priv.c proc.c config.c ns8250.c i8253.c
-SRCS+= vmboot.c ufs.c disklabel.c
+SRCS=  vmd.c control.c log.c priv.c proc.c config.c vmm.c
+SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
+SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c
 SRCS+= parse.y
 
 CFLAGS+=   -Wall -I${.CURDIR}
diff --git usr.sbin/vmd/vm.c usr.sbin/vmd/vm.c
new file mode 100644
index 000..91e32cd
--- /dev/null
+++ usr.sbin/vmd/vm.c
@@ -0,0 +1,1262 @@
+/* $OpenBSD: vmm.c,v 1.65 2017/01/24 09:58:00 mlarkin Exp $*/
+
+/*
+ * Copyright (c) 2015 Mike Larkin 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "vmd.h"
+#include "vmm.h"
+#include "loadfile.h"
+#include "pci.h"
+#include "virtio.h"
+#include "proc.h"
+#include "i8253.h"
+#include "i8259.h"
+#include "ns8250.h"
+#include "mc146818.h"
+
+io_fn_t ioports_map[MAX_PORTS];
+
+int run_vm(int *, int *, struct vm_create_params *, struct vcpu_reg_state *);
+void vm_dispatch_vmm(int, short, void *);
+void *event_thread(void *);
+void *vcpu_run_loop(void *);
+int vcpu_exit(struct vm_run_params *);
+int vcpu_reset(uint32_t, uint32_t, struct vcpu_reg_state *);
+void create_memory_map(struct vm_create_params *);
+int alloc_guest_mem(struct vm_create_params *);
+int vmm_create_vm(struct vm_create_params *);
+void init_emulated_hw(struct vm_create_params *, int *, int *);
+void vcpu_exit_inout(struct vm_run_params *);
+uint8_t vcpu_exit_pci(struct vm_run_params *);
+int vcpu_pic_intr(uint32_t, uint32_t, uint8_t);
+
+static struct vm_mem_range *find_gpa_range(struct vm_create_params *, paddr_t,
+size_t);
+
+int con_fd;
+struct vmd_vm *current_vm;
+
+extern struct vmd *env;
+
+extern char *__progname;
+
+pthread_mutex_t threadmutex;
+pthread_cond_t threadcond;
+
+pthread_cond_t vcpu_run_cond[VMM_MAX_VCPUS_PER_VM];
+pthread_mutex_t vcpu_run_mtx[VMM_MAX_VCPUS_PER_VM];
+uint8_t vcpu_hlt[VMM_MAX_VCPUS_PER_VM];
+uint8_t vcpu_done[VMM_MAX_VCPUS_PER_VM];
+
+/*
+ * Represents a standard register set for an OS to be booted
+ * as a flat 32 bit address space, before paging is enabled.
+ *
+ * NOT set here are:
+ *  RIP
+ *  RSP
+ *  GDTR BASE
+ *
+ * Specific bootloaders should clone this structure and override
+ * those fields as needed.
+ *
+ * Note - CR3 and various bits in CR0 may be overridden by vmm(4) based on
+ *features of the CPU in use.
+ */
+static const struct vcpu_reg_state vcpu_init_flat32 = {
+#ifdef __i386__
+   .vrs_gprs[VCPU_REGS_EFLAGS] = 0x2,
+   .vrs_gprs[VCPU_REGS_EIP] = 0x0,
+   .vrs_gprs[VCPU_REGS_ESP] = 0x0,
+#else
+   .vrs_gprs[VCPU_REGS_RFLAGS] = 0x2,
+   .vrs_gprs[VCPU_REGS_RIP] = 0x0,
+   .vrs_gprs[VCPU_REGS_RSP] = 0x0,
+#endif
+   .vrs_crs[VCPU_REGS_CR0] = CR0_CD | CR0_NW | CR0_ET | CR0_PE | CR0_PG,
+   .vrs_crs[VCPU_REGS_CR3] = PML4_PAGE,
+   .vrs_sregs[VCPU_REGS_CS] = { 0x8, 0x, 0xC09F, 0x0},
+   .vrs_sregs[VCPU_REGS_DS] = { 0x10, 0x, 0xC093, 0x0},
+   .vrs_sregs[VCPU_REGS_ES] = { 0x10, 0x, 0xC093, 0x0},
+   .vrs_sregs[VCPU_REGS_FS] = { 0x10, 0x, 0xC093, 0x0},
+   .vrs_sregs[VCPU_REGS_GS] = { 0x10, 0x, 0xC093, 0x0},
+   .vrs_sregs[VCPU_REGS_SS] = { 0x10, 0x, 0xC093, 0x0},
+   .vrs_gdtr = { 0x0, 0x, 0x0, 0x0},
+   

efiboot: disallow com(4) speed changes

[Patrick Wildt]

Hi,

there is no com(4) direct access support in EFI, so setting the speed
will fail and crash the EFI Application.  Happens when you run stty
com0 115200.

ok?

Patrick


diff --git a/sys/arch/amd64/stand/libsa/dev_i386.c 
b/sys/arch/amd64/stand/libsa/dev_i386.c
index e40856cbf05..245ced84a8e 100644
--- a/sys/arch/amd64/stand/libsa/dev_i386.c
+++ b/sys/arch/amd64/stand/libsa/dev_i386.c
@@ -182,8 +182,10 @@ ttydev(char *name)
 int
 cnspeed(dev_t dev, int sp)
 {
+#ifndef EFIBOOT
if (major(dev) == 8)/* comN */
return comspeed(dev, sp);
+#endif
 
/* pc0 and anything else */
return 9600;

Re: vmd + httpd + meta-data

[Reyk Floeter]

On Mon, Feb 27, 2017 at 10:37:04PM +0100, Kristaps Dzonsons wrote:
> > I wrote this little tool for vmd that is not intended for the tree,
> > but will eventually go into ports (it uses kcgi which is not in base).
> 
> Have you thought of writing this in a secure language like Rust or
> Swift?  Writing cgi stuff in C seems just asking for trouble.
> 

OK, I was trying all day yesterday to find a good answer - maybe
another joke - but I couldn't make one up.  Kudos, Kristaps.

Reyk