remove vlan(4) specific ifconfig output

[David Gwynne]

the vlan specific output is redundant because vlan supports the
generic vnetid and parent ioctls now.

this leaves the code for setting vlan specific stuff because there's
a slight semantic change i want to discuss separately.

ifconfig output on a vlan interface changes a little like this:

 vlan8: flags=8843 mtu 1500
lladdr 00:1b:21:bc:25:e7
index 6 priority 0 llprio 3
-   vlan: 8 parent interface: ix1
encap: vnetid 8 parent ix1
groups: vlan
status: active
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
 vlan77: flags=8002 mtu 1500
lladdr 00:1b:21:bc:25:e6
index 8 priority 0 llprio 3
-   vlan: 0 parent interface: ix0
encap: vnetid none parent ix0
groups: vlan
status: no carrier

ok?

Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.341
diff -u -p -r1.341 ifconfig.c
--- ifconfig.c  31 May 2017 05:25:12 -  1.341
+++ ifconfig.c  31 May 2017 05:26:37 -
@@ -221,7 +221,6 @@ voidsetvlandev(const char *, int);
 void   unsetvlandev(const char *, int);
 void   mpe_status(void);
 void   mpw_status(void);
-void   vlan_status(void);
 void   setrdomain(const char *, int);
 intprefix(void *val, int);
 void   getifgroups(void);
@@ -3001,7 +3000,6 @@ status(int link, struct sockaddr_dl *sdl
if_indextoname(ifrdesc.ifr_index, ifname) != NULL)
printf("\tpatch: %s\n", ifname);
 #endif
-   vlan_status();
getencap();
 #ifndef SMALL
carp_status();
@@ -3774,23 +3772,6 @@ getencap(void)
 
 static int __tag = 0;
 static int __have_tag = 0;
-
-void
-vlan_status(void)
-{
-   struct vlanreq vreq;
-
-   bzero((char *), sizeof(struct vlanreq));
-   ifr.ifr_data = (caddr_t)
-
-   if (ioctl(s, SIOCGETVLAN, (caddr_t)) == -1)
-   return;
-
-   if (vreq.vlr_tag || (vreq.vlr_parent[0] != '\0'))
-   printf("\tvlan: %d parent interface: %s\n",
-   vreq.vlr_tag, vreq.vlr_parent[0] == '\0' ?
-   "" : vreq.vlr_parent);
-}
 
 /* ARGSUSED */
 void

Re: tweak msk to avoid ifq_deq_begin/commit/rollback

[David Gwynne]

> On 31 May 2017, at 10:58, Stuart Henderson  wrote:
> 
> I'll try it tomorrow.. 9 times out of 10 I hit the vp problem and have to 
> reboot though, so it'll be tricky to say whether it fixes what I sometimes 
> see with msk.
> 
> IIRC installing on the overdrive 1000 was just "dd miniroot to a USB stick 
> and boot from it".

it's on jmatthew@s desk. i feel funny about touching it while he's not here.

he did give me access to it though. msk still seems to work. it's surviving cvs 
operations, find / over ssh, and tcpbench, all running concurrently. that's 
usually enough to tickle hairy drivers in my experience.

do you want me to wait for you? or make it easier for you by putting it in now?

dlg


> 
> 
> 
> On 31 May 2017 01:29:06 David Gwynne  wrote:
> 
>> ie, do the space check before trying to dequeue and mbuf.
>> 
>> this also moves it to using m_defrag.
>> 
>> i dont have an msk plugged in and i dont know how to use the overdrive
>> 1000 i have here. if someone could test and ok this, it would be
>> great.
>> 
>> Index: if_msk.c
>> ===
>> RCS file: /cvs/src/sys/dev/pci/if_msk.c,v
>> retrieving revision 1.127
>> diff -u -p -r1.127 if_msk.c
>> --- if_msk.c 10 Apr 2017 02:15:54 -  1.127
>> +++ if_msk.c 31 May 2017 00:27:04 -
>> @@ -1489,31 +1489,20 @@ msk_encap(struct sk_if_softc *sc_if, str
>> 
>>  cur = frag = *txidx;
>> 
>> -#ifdef MSK_DEBUG
>> -if (mskdebug >= 2)
>> -msk_dump_mbuf(m_head);
>> -#endif
>> -
>> -/*
>> - * Start packing the mbufs in this chain into
>> - * the fragment pointers. Stop when we run out
>> - * of fragments or hit the end of the mbuf chain.
>> - */
>> -if (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
>> -BUS_DMA_NOWAIT)) {
>> -DPRINTFN(2, ("msk_encap: dmamap failed\n"));
>> -return (ENOBUFS);
>> -}
>> -
>> -entries = txmap->dm_nsegs * 2;
>> -if (entries > (MSK_TX_RING_CNT - sc_if->sk_cdata.sk_tx_cnt - 2)) {
>> -DPRINTFN(2, ("msk_encap: too few descriptors free\n"));
>> -bus_dmamap_unload(sc->sc_dmatag, txmap);
>> -return (ENOBUFS);
>> +switch (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
>> +BUS_DMA_STREAMING | BUS_DMA_NOWAIT)) {
>> +case 0:
>> +break;
>> +case EFBIG: /* mbuf chain is too fragmented */
>> +if (m_defrag(m_head, M_DONTWAIT) == 0 &&
>> +bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
>> +BUS_DMA_STREAMING | BUS_DMA_NOWAIT) == 0)
>> +break;
>> +/* FALLTHROUGH */
>> +default:
>> +return (1);
>>  }
>> 
>> -DPRINTFN(2, ("msk_encap: dm_nsegs=%d\n", txmap->dm_nsegs));
>> -
>>  /* Sync the DMA map. */
>>  bus_dmamap_sync(sc->sc_dmatag, txmap, 0, txmap->dm_mapsize,
>>  BUS_DMASYNC_PREWRITE);
>> @@ -1585,12 +1574,16 @@ msk_start(struct ifnet *ifp)
>>  struct sk_if_softc  *sc_if = ifp->if_softc;
>>  struct mbuf *m_head = NULL;
>>  u_int32_t   idx = sc_if->sk_cdata.sk_tx_prod;
>> -int pkts = 0;
>> +int post = 0;
>> 
>> -DPRINTFN(2, ("msk_start\n"));
>> +for (;;) {
>> +if (sc_if->sk_cdata.sk_tx_cnt + (SK_NTXSEG * 2) + 1 >
>> +MSK_TX_RING_CNT) {
>> +ifq_set_oactive(>if_snd);
>> +break;
>> +}
>> 
>> -while (sc_if->sk_cdata.sk_tx_chain[idx].sk_mbuf == NULL) {
>> -m_head = ifq_deq_begin(>if_snd);
>> +m_head = ifq_dequeue(>if_snd);
>>  if (m_head == NULL)
>>  break;
>> 
>> @@ -1600,14 +1593,11 @@ msk_start(struct ifnet *ifp)
>>   * for the NIC to drain the ring.
>>   */
>>  if (msk_encap(sc_if, m_head, )) {
>> -ifq_deq_rollback(>if_snd, m_head);
>> -ifq_set_oactive(>if_snd);
>> -break;
>> +m_freem(m_head);
>> +continue;
>>  }
>> 
>>  /* now we are committed to transmit the packet */
>> -ifq_deq_commit(>if_snd, m_head);
>> -pkts++;
>> 
>>  /*
>>   * If there's a BPF listener, bounce a copy of this frame
>> @@ -1617,18 +1607,17 @@ msk_start(struct ifnet *ifp)
>>  if (ifp->if_bpf)
>>  bpf_mtap(ifp->if_bpf, m_head, BPF_DIRECTION_OUT);
>> #endif
>> +post = 1;
>>  }
>> -if (pkts == 0)
>> +if (post == 0)
>>  return;
>> 
>>  /* Transmit */
>> -if (idx != sc_if->sk_cdata.sk_tx_prod) {
>> -sc_if->sk_cdata.sk_tx_prod = idx;
>> -SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
>> +sc_if->sk_cdata.sk_tx_prod = idx;
>> +SK_IF_WRITE_2(sc_if, 

Re: shorten ifconfig output for vnetids and parent interfaces

[David Gwynne]

On Mon, May 29, 2017 at 03:34:51PM +1000, David Gwynne wrote:
> this rolls vnetid and parent into a single encap line in ifconfig.
> 
> eg:
> 
> -   vnetid: 7
> -   parent: ix1
> +   encap: vnetid: 7 parent: ix1
> 
> after this i would like to get rid of the vlan compat goo.

how about this one?

it fixes some whitespace issues and avoids extra colons. the above now looks 
like:

encap: vnetid 7 parent ix1

ok?

Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.340
diff -u -p -r1.340 ifconfig.c
--- ifconfig.c  21 Mar 2017 07:24:36 -  1.340
+++ ifconfig.c  31 May 2017 04:05:40 -
@@ -153,6 +153,8 @@ int shownet80211chans;
 intshownet80211nodes;
 intshowclasses;
 
+struct ifencap;
+
 void   notealias(const char *, int);
 void   setifaddr(const char *, int);
 void   setifrtlabel(const char *, int);
@@ -186,10 +188,11 @@ void  settunnelinst(const char *, int);
 void   settunnelttl(const char *, int);
 void   setvnetid(const char *, int);
 void   delvnetid(const char *, int);
-void   getvnetid(void);
+void   getvnetid(struct ifencap *);
 void   setifparent(const char *, int);
 void   delifparent(const char *, int);
-void   getifparent(void);
+void   getifparent(struct ifencap *);
+void   getencap(void);
 void   setia6flags(const char *, int);
 void   setia6pltime(const char *, int);
 void   setia6vltime(const char *, int);
@@ -2999,8 +3002,7 @@ status(int link, struct sockaddr_dl *sdl
printf("\tpatch: %s\n", ifname);
 #endif
vlan_status();
-   getvnetid();
-   getifparent();
+   getencap();
 #ifndef SMALL
carp_status();
pfsync_status();
@@ -3617,6 +3619,22 @@ setmpwcontrolword(const char *value, int
 }
 #endif /* SMALL */
 
+struct ifencap {
+   unsigned int ife_flags;
+#define IFE_VNETID_MASK0xf
+#define IFE_VNETID_NOPE0x0
+#define IFE_VNETID_NONE0x1
+#define IFE_VNETID_ANY 0x2
+#define IFE_VNETID_SET 0x3
+   int64_t  ife_vnetid;
+
+#define IFE_PARENT_MASK0xf0
+#define IFE_PARENT_NOPE0x00
+#define IFE_PARENT_NONE0x10
+#define IFE_PARENT_SET 0x20
+   charife_parent[IFNAMSIZ];
+};
+
 void
 setvnetid(const char *id, int param)
 {
@@ -3647,7 +3665,7 @@ delvnetid(const char *ignored, int alsoi
 }
 
 void
-getvnetid(void)
+getvnetid(struct ifencap *ife)
 {
if (strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)) >=
sizeof(ifr.ifr_name))
@@ -3657,17 +3675,17 @@ getvnetid(void)
if (errno != EADDRNOTAVAIL)
return;
 
-   printf("\tvnetid: none\n");
-
+   ife->ife_flags |= IFE_VNETID_NONE;
return;
}
 
if (ifr.ifr_vnetid < 0) {
-   printf("\tvnetid: any\n");
+   ife->ife_flags |= IFE_VNETID_ANY;
return;
}
 
-   printf("\tvnetid: %lld\n", ifr.ifr_vnetid);
+   ife->ife_flags |= IFE_VNETID_SET;
+   ife->ife_vnetid = ifr.ifr_vnetid;
 }
 
 void
@@ -3696,10 +3714,9 @@ delifparent(const char *ignored, int als
 }
 
 void
-getifparent(void)
+getifparent(struct ifencap *ife)
 {
struct if_parent ifp;
-   const char *parent = "none";
 
memset(, 0, sizeof(ifp));
if (strlcpy(ifp.ifp_name, name, sizeof(ifp.ifp_name)) >=
@@ -3709,10 +3726,50 @@ getifparent(void)
if (ioctl(s, SIOCGIFPARENT, (caddr_t)) == -1) {
if (errno != EADDRNOTAVAIL)
return;
-   } else
-   parent = ifp.ifp_parent;
 
-   printf("\tparent: %s\n", parent);
+   ife->ife_flags |= IFE_PARENT_NONE;
+   } else {
+   memcpy(ife->ife_parent, ifp.ifp_parent,
+   sizeof(ife->ife_parent));
+   ife->ife_flags |= IFE_PARENT_SET;
+   }
+}
+
+void
+getencap(void)
+{
+   struct ifencap ife = { .ife_flags = 0 };
+
+   getvnetid();
+   getifparent();
+
+   if (ife.ife_flags == 0)
+   return;
+
+   printf("\tencap:");
+
+   switch (ife.ife_flags & IFE_VNETID_MASK) {
+   case IFE_VNETID_NONE:
+   printf(" vnetid none");
+   break;
+   case IFE_VNETID_ANY:
+   printf(" vnetid any");
+   break;
+   case IFE_VNETID_SET:
+   printf(" vnetid %lld", ife.ife_vnetid);
+   break;
+   }
+
+   switch (ife.ife_flags & IFE_PARENT_MASK) {
+   case IFE_PARENT_NONE:
+   printf(" parent none");
+   break;
+   case IFE_PARENT_SET:
+   printf(" parent %s", ife.ife_parent);
+   break;
+   }
+
+   printf("\n");
 }
 
 static int __tag = 0;

Re: tcpdump: drop atalk support

[Ian McWilliam]

EtherTalk (Appletalk over Ethernet) was removed in Mac OS X v10.6 in 2009.
You never know what might be flying across your network

Ian McWilliam

From: owner-t...@openbsd.org  on behalf of Henning 
Brauer 
Sent: Tuesday, 30 May 2017 7:59:40 PM
To: tech@openbsd.org
Subject: Re: tcpdump: drop atalk support

* Theo de Raadt  [2017-05-30 10:56]:
> > How about just dropping support for /etc/appletalk.names, which as far
> > as I can tell was never used, and drop the manpage bit, reducing it by
> > 10%. Most of the text in the manpage is outdated anyway, talking about
> > /etc/atalk.names - support for which was removed in 2004 with the
> > privsep work. Something like this:
>
> Sure sure.
>
> My main objection to full removal was that you see a numbered packet
> flying over your network and don't know what catagory it is in.
> Suddenly google search is neccessary because tcpdump is going out
> of the way to not help.  So it should help, answering the minimum
> question of "what type is that packet, should I worry".

agreed.
can we limit this to just being able to identify appletalk?

note that this is ethertype appletalk, not appletalk over ip. afaik
that means pre-macosx.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

lex scanopt_destroy()

[Michael W. Bombardieri]

Hi,

In lex the return value of scanopt_destroy() is never used. 
This function is a wrapper for free(), and free() has no value to return.

- Michael


Index: scanopt.c
===
RCS file: /cvs/src/usr.bin/lex/scanopt.c,v
retrieving revision 1.5
diff -u -p -u -r1.5 scanopt.c
--- scanopt.c   11 Dec 2015 00:08:43 -  1.5
+++ scanopt.c   31 May 2017 02:23:18 -
@@ -857,7 +857,7 @@ int scanopt (svoid, arg, optindex)
 }
 
 
-int scanopt_destroy (svoid)
+void scanopt_destroy (svoid)
  scanopt_t *svoid;
 {
struct _scanopt_t *s;
@@ -867,5 +867,4 @@ int scanopt_destroy (svoid)
free(s->aux);
free (s);
}
-   return 0;
 }
Index: scanopt.h
===
RCS file: /cvs/src/usr.bin/lex/scanopt.h,v
retrieving revision 1.2
diff -u -p -u -r1.2 scanopt.h
--- scanopt.h   19 Nov 2015 22:16:43 -  1.2
+++ scanopt.h   31 May 2017 02:23:18 -
@@ -90,9 +90,8 @@ extern  "C" {
scanopt_t *scanopt_init PROTO ((const optspec_t * options,
int argc, char **argv, int flags));
 
-/* Frees memory used by scanner.
- * Always returns 0. */
-   int scanopt_destroy PROTO ((scanopt_t * scanner));
+/* Frees memory used by scanner. */
+   void scanopt_destroy PROTO ((scanopt_t * scanner));
 
 #ifndef NO_SCANOPT_USAGE
 /* Prints a usage message based on contents of optlist.

[patch] rebound.c

[Edgar Pettijohn]

Be more consistent with logerr usage.

Index: rebound.c
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
retrieving revision 1.83
diff -u -p -u -r1.83 rebound.c
--- rebound.c	27 Apr 2017 16:09:32 -	1.83
+++ rebound.c	31 May 2017 02:05:11 -
@@ -591,9 +591,9 @@ workerinit(void)
 		logerr("getpwnam failed");
 
 	if (chroot(pwd->pw_dir) == -1)
-		logerr("chroot failed (%d)", errno);
+		logerr("chroot: %s", strerror(errno));
 	if (chdir("/") == -1)
-		logerr("chdir failed (%d)", errno);
+		logerr("chdir: %s", strerror(errno));
 
 	setproctitle("worker");
 	if (setgroups(1, >pw_gid) ||

Re: tweak msk to avoid ifq_deq_begin/commit/rollback

[Stuart Henderson]

I'll try it tomorrow.. 9 times out of 10 I hit the vp problem and have to 
reboot though, so it'll be tricky to say whether it fixes what I sometimes 
see with msk.


IIRC installing on the overdrive 1000 was just "dd miniroot to a USB stick 
and boot from it".




On 31 May 2017 01:29:06 David Gwynne  wrote:


ie, do the space check before trying to dequeue and mbuf.

this also moves it to using m_defrag.

i dont have an msk plugged in and i dont know how to use the overdrive
1000 i have here. if someone could test and ok this, it would be
great.

Index: if_msk.c
===
RCS file: /cvs/src/sys/dev/pci/if_msk.c,v
retrieving revision 1.127
diff -u -p -r1.127 if_msk.c
--- if_msk.c10 Apr 2017 02:15:54 -  1.127
+++ if_msk.c31 May 2017 00:27:04 -
@@ -1489,31 +1489,20 @@ msk_encap(struct sk_if_softc *sc_if, str

cur = frag = *txidx;

-#ifdef MSK_DEBUG
-   if (mskdebug >= 2)
-   msk_dump_mbuf(m_head);
-#endif
-
-   /*
-* Start packing the mbufs in this chain into
-* the fragment pointers. Stop when we run out
-* of fragments or hit the end of the mbuf chain.
-*/
-   if (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
-   BUS_DMA_NOWAIT)) {
-   DPRINTFN(2, ("msk_encap: dmamap failed\n"));
-   return (ENOBUFS);
-   }
-
-   entries = txmap->dm_nsegs * 2;
-   if (entries > (MSK_TX_RING_CNT - sc_if->sk_cdata.sk_tx_cnt - 2)) {
-   DPRINTFN(2, ("msk_encap: too few descriptors free\n"));
-   bus_dmamap_unload(sc->sc_dmatag, txmap);
-   return (ENOBUFS);
+   switch (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
+   BUS_DMA_STREAMING | BUS_DMA_NOWAIT)) {
+   case 0:
+   break;
+   case EFBIG: /* mbuf chain is too fragmented */
+   if (m_defrag(m_head, M_DONTWAIT) == 0 &&
+   bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
+   BUS_DMA_STREAMING | BUS_DMA_NOWAIT) == 0)
+   break;
+   /* FALLTHROUGH */
+   default:
+   return (1);
}

-   DPRINTFN(2, ("msk_encap: dm_nsegs=%d\n", txmap->dm_nsegs));
-
/* Sync the DMA map. */
bus_dmamap_sync(sc->sc_dmatag, txmap, 0, txmap->dm_mapsize,
BUS_DMASYNC_PREWRITE);
@@ -1585,12 +1574,16 @@ msk_start(struct ifnet *ifp)
struct sk_if_softc  *sc_if = ifp->if_softc;
struct mbuf *m_head = NULL;
u_int32_t   idx = sc_if->sk_cdata.sk_tx_prod;
-   int pkts = 0;
+   int post = 0;

-   DPRINTFN(2, ("msk_start\n"));
+   for (;;) {
+   if (sc_if->sk_cdata.sk_tx_cnt + (SK_NTXSEG * 2) + 1 >
+   MSK_TX_RING_CNT) {
+   ifq_set_oactive(>if_snd);
+   break;
+   }

-   while (sc_if->sk_cdata.sk_tx_chain[idx].sk_mbuf == NULL) {
-   m_head = ifq_deq_begin(>if_snd);
+   m_head = ifq_dequeue(>if_snd);
if (m_head == NULL)
break;

@@ -1600,14 +1593,11 @@ msk_start(struct ifnet *ifp)
 * for the NIC to drain the ring.
 */
if (msk_encap(sc_if, m_head, )) {
-   ifq_deq_rollback(>if_snd, m_head);
-   ifq_set_oactive(>if_snd);
-   break;
+   m_freem(m_head);
+   continue;
}

/* now we are committed to transmit the packet */
-   ifq_deq_commit(>if_snd, m_head);
-   pkts++;

/*
 * If there's a BPF listener, bounce a copy of this frame
@@ -1617,18 +1607,17 @@ msk_start(struct ifnet *ifp)
if (ifp->if_bpf)
bpf_mtap(ifp->if_bpf, m_head, BPF_DIRECTION_OUT);
 #endif
+   post = 1;
}
-   if (pkts == 0)
+   if (post == 0)
return;

/* Transmit */
-   if (idx != sc_if->sk_cdata.sk_tx_prod) {
-   sc_if->sk_cdata.sk_tx_prod = idx;
-   SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
+   sc_if->sk_cdata.sk_tx_prod = idx;
+   SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);

-   /* Set a timeout in case the chip goes out to lunch. */
-   ifp->if_timer = MSK_TX_TIMEOUT;
-   }
+   /* Set a timeout in case the chip goes out to lunch. */
+   ifp->if_timer = MSK_TX_TIMEOUT;
 }

 void

tweak msk to avoid ifq_deq_begin/commit/rollback

[David Gwynne]

ie, do the space check before trying to dequeue and mbuf.

this also moves it to using m_defrag.

i dont have an msk plugged in and i dont know how to use the overdrive
1000 i have here. if someone could test and ok this, it would be
great.

Index: if_msk.c
===
RCS file: /cvs/src/sys/dev/pci/if_msk.c,v
retrieving revision 1.127
diff -u -p -r1.127 if_msk.c
--- if_msk.c10 Apr 2017 02:15:54 -  1.127
+++ if_msk.c31 May 2017 00:27:04 -
@@ -1489,31 +1489,20 @@ msk_encap(struct sk_if_softc *sc_if, str
 
cur = frag = *txidx;
 
-#ifdef MSK_DEBUG
-   if (mskdebug >= 2)
-   msk_dump_mbuf(m_head);
-#endif
-
-   /*
-* Start packing the mbufs in this chain into
-* the fragment pointers. Stop when we run out
-* of fragments or hit the end of the mbuf chain.
-*/
-   if (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
-   BUS_DMA_NOWAIT)) {
-   DPRINTFN(2, ("msk_encap: dmamap failed\n"));
-   return (ENOBUFS);
-   }
-
-   entries = txmap->dm_nsegs * 2;
-   if (entries > (MSK_TX_RING_CNT - sc_if->sk_cdata.sk_tx_cnt - 2)) {
-   DPRINTFN(2, ("msk_encap: too few descriptors free\n"));
-   bus_dmamap_unload(sc->sc_dmatag, txmap);
-   return (ENOBUFS);
+   switch (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
+   BUS_DMA_STREAMING | BUS_DMA_NOWAIT)) {
+   case 0:
+   break;
+   case EFBIG: /* mbuf chain is too fragmented */
+   if (m_defrag(m_head, M_DONTWAIT) == 0 &&
+   bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
+   BUS_DMA_STREAMING | BUS_DMA_NOWAIT) == 0)
+   break;
+   /* FALLTHROUGH */
+   default:
+   return (1);
}
 
-   DPRINTFN(2, ("msk_encap: dm_nsegs=%d\n", txmap->dm_nsegs));
-
/* Sync the DMA map. */
bus_dmamap_sync(sc->sc_dmatag, txmap, 0, txmap->dm_mapsize,
BUS_DMASYNC_PREWRITE);
@@ -1585,12 +1574,16 @@ msk_start(struct ifnet *ifp)
struct sk_if_softc  *sc_if = ifp->if_softc;
struct mbuf *m_head = NULL;
u_int32_t   idx = sc_if->sk_cdata.sk_tx_prod;
-   int pkts = 0;
+   int post = 0;
 
-   DPRINTFN(2, ("msk_start\n"));
+   for (;;) {
+   if (sc_if->sk_cdata.sk_tx_cnt + (SK_NTXSEG * 2) + 1 >
+   MSK_TX_RING_CNT) {
+   ifq_set_oactive(>if_snd);
+   break;
+   }
 
-   while (sc_if->sk_cdata.sk_tx_chain[idx].sk_mbuf == NULL) {
-   m_head = ifq_deq_begin(>if_snd);
+   m_head = ifq_dequeue(>if_snd);
if (m_head == NULL)
break;
 
@@ -1600,14 +1593,11 @@ msk_start(struct ifnet *ifp)
 * for the NIC to drain the ring.
 */
if (msk_encap(sc_if, m_head, )) {
-   ifq_deq_rollback(>if_snd, m_head);
-   ifq_set_oactive(>if_snd);
-   break;
+   m_freem(m_head);
+   continue;
}
 
/* now we are committed to transmit the packet */
-   ifq_deq_commit(>if_snd, m_head);
-   pkts++;
 
/*
 * If there's a BPF listener, bounce a copy of this frame
@@ -1617,18 +1607,17 @@ msk_start(struct ifnet *ifp)
if (ifp->if_bpf)
bpf_mtap(ifp->if_bpf, m_head, BPF_DIRECTION_OUT);
 #endif
+   post = 1;
}
-   if (pkts == 0)
+   if (post == 0)
return;
 
/* Transmit */
-   if (idx != sc_if->sk_cdata.sk_tx_prod) {
-   sc_if->sk_cdata.sk_tx_prod = idx;
-   SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
+   sc_if->sk_cdata.sk_tx_prod = idx;
+   SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
 
-   /* Set a timeout in case the chip goes out to lunch. */
-   ifp->if_timer = MSK_TX_TIMEOUT;
-   }
+   /* Set a timeout in case the chip goes out to lunch. */
+   ifp->if_timer = MSK_TX_TIMEOUT;
 }
 
 void

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

[Job Snijders]

Dear team,

Henning Brauer (off-list) made a few suggestions, which I summerized in
the following four points:

1) poor initialization style, instead of:
struct xxx yyy = {
.property = zzz
};

use:
struct xxx yyy;
yyy.property = zzz;

2) avoid creation of a dubiously named newly defined 'struct dual_addr'
filled with sockaddr_storage strucs: we already know what needs to
be shipped around: sockaddr_in & sockaddr_in6.

3) the bzero() wasn't needed. conf is passed in (as xconf) is lconf in
main() which is zero'd there, which isn't even necessary.

4) memset/memcpy/memmove are nowadays prefered over bzero/bcopy for
performance reasons.

Below is a new version of the patch.

Kind regards,

Job

---
 usr.sbin/ntpd/client.c| 12 
 usr.sbin/ntpd/ntp.c   |  2 ++
 usr.sbin/ntpd/ntpd.conf.5 |  8 
 usr.sbin/ntpd/ntpd.h  |  4 
 usr.sbin/ntpd/parse.y | 31 ++-
 5 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/ntpd/client.c b/usr.sbin/ntpd/client.c
index ad53f6098c1..f7379946fd4 100644
--- a/usr.sbin/ntpd/client.c
+++ b/usr.sbin/ntpd/client.c
@@ -137,11 +137,23 @@ client_query(struct ntp_peer *p)
 
if (p->query->fd == -1) {
struct sockaddr *sa = (struct sockaddr *)>addr->ss;
+   struct sockaddr *qa4 = (struct sockaddr *)>query_addr4;
+   struct sockaddr *qa6 = (struct sockaddr *)>query_addr6;
 
if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM,
0)) == -1)
fatal("client_query socket");
 
+   if (p->addr->ss.ss_family == qa4->sa_family) {
+   if (bind(p->query->fd, qa4, SA_LEN(qa4)) == -1)
+   fatal("couldn't bind to IPv4 query address: %s",
+   log_sockaddr(qa4));
+   } else if (p->addr->ss.ss_family == qa6->sa_family) {
+   if (bind(p->query->fd, qa6, SA_LEN(qa6)) == -1)
+   fatal("couldn't bind to IPv6 query address: %s",
+   log_sockaddr(qa6));
+   }
+
if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
if (errno == ECONNREFUSED || errno == ENETUNREACH ||
errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
diff --git a/usr.sbin/ntpd/ntp.c b/usr.sbin/ntpd/ntp.c
index 2fbaaf7149f..2184028cbc4 100644
--- a/usr.sbin/ntpd/ntp.c
+++ b/usr.sbin/ntpd/ntp.c
@@ -521,6 +521,8 @@ ntp_dispatch_imsg_dns(void)
if (peer->addr_head.pool) {
npeer = new_peer();
npeer->weight = peer->weight;
+   npeer->query_addr4 = peer->query_addr4;
+   npeer->query_addr6 = peer->query_addr6;
h->next = NULL;
npeer->addr = h;
npeer->addr_head.a = h;
diff --git a/usr.sbin/ntpd/ntpd.conf.5 b/usr.sbin/ntpd/ntpd.conf.5
index 4d2d15c66d7..d2ebd67edb5 100644
--- a/usr.sbin/ntpd/ntpd.conf.5
+++ b/usr.sbin/ntpd/ntpd.conf.5
@@ -67,6 +67,14 @@ or
 listen on 127.0.0.1
 listen on ::1
 listen on 127.0.0.1 rtable 4
+.It Xo Ic query from Ar address
+.Xc
+Specify a Local IP address the
+.Xr ntpd 8
+daemon should use for outgoing queries.
+.Bd -literal -offset indent
+query from 192.0.2.1
+query from 2001:db8::1
 .Ed
 .It Xo Ic sensor Ar device
 .Op Ic correction Ar microseconds
diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h
index fb9cd87118a..c1e8ce469fc 100644
--- a/usr.sbin/ntpd/ntpd.h
+++ b/usr.sbin/ntpd/ntpd.h
@@ -153,6 +153,8 @@ struct ntp_peer {
struct ntp_query*query;
struct ntp_offsetreply[OFFSET_ARRAY_SIZE];
struct ntp_offsetupdate;
+   struct sockaddr_in   query_addr4;
+   struct sockaddr_in6  query_addr6;
enum client_statestate;
time_t   next;
time_t   deadline;
@@ -219,6 +221,8 @@ struct ntpd_conf {
TAILQ_HEAD(constraints, constraint) constraints;
struct ntp_status   status;
struct ntp_freq freq;
+   struct sockaddr_in  query_addr4;
+   struct sockaddr_in6 query_addr6;
u_int32_t   scale;
int debug;
int verbose;
diff --git a/usr.sbin/ntpd/parse.y b/usr.sbin/ntpd/parse.y
index 8da19a218e0..c39ccf57ef7 100644
--- a/usr.sbin/ntpd/parse.y

rework bgpd ext community and support origin validation state

[Claudio Jeker]

After looking at what IETF and IANA did to extended communities I decided
to refactor the code a major bit and hopefully that will work a bit better
than what we had before. When I implemented it first I foolishliy assumed
that the transitive flag is a flag but it seems that people decided
differently later on.

This also implements a few more ext-communities mainly origin validation
state.

It also fixes a bug if found while testing that is already there :)
-- 
:wq Claudio

Index: bgpctl/bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving revision 1.194
diff -u -p -r1.194 bgpctl.c
--- bgpctl/bgpctl.c 29 May 2017 09:56:33 -  1.194
+++ bgpctl/bgpctl.c 30 May 2017 21:00:08 -
@@ -1598,29 +1598,47 @@ show_ext_community(u_char *data, u_int16
type = data[i];
subtype = data[i + 1];
 
-   switch (type & EXT_COMMUNITY_VALUE) {
-   case EXT_COMMUNITY_TWO_AS:
+   printf("%s ", log_ext_subtype(type, subtype));
+
+   switch (type) {
+   case EXT_COMMUNITY_TRANS_TWO_AS:
memcpy(, data + i + 2, sizeof(as2));
memcpy(, data + i + 4, sizeof(u32));
-   printf("%s %s:%u", log_ext_subtype(subtype),
-   log_as(ntohs(as2)), ntohl(u32));
+   printf("%s:%u", log_as(ntohs(as2)), ntohl(u32));
break;
-   case EXT_COMMUNITY_IPV4:
+   case EXT_COMMUNITY_TRANS_IPV4:
memcpy(, data + i + 2, sizeof(ip));
memcpy(, data + i + 6, sizeof(u16));
-   printf("%s %s:%hu", log_ext_subtype(subtype),
-   inet_ntoa(ip), ntohs(u16));
+   printf("%s:%hu", inet_ntoa(ip), ntohs(u16));
break;
-   case EXT_COMMUNITY_FOUR_AS:
+   case EXT_COMMUNITY_TRANS_FOUR_AS:
memcpy(, data + i + 2, sizeof(as4));
memcpy(, data + i + 6, sizeof(u16));
-   printf("%s %s:%hu", log_ext_subtype(subtype),
-   log_as(ntohl(as4)), ntohs(u16));
+   printf("%s:%hu", log_as(ntohl(as4)), ntohs(u16));
break;
-   case EXT_COMMUNITY_OPAQUE:
+   case EXT_COMMUNITY_TRANS_OPAQUE:
+   case EXT_COMMUNITY_TRANS_EVPN:
memcpy(, data + i, sizeof(ext));
ext = betoh64(ext) & 0xLL;
-   printf("%s 0x%llx", log_ext_subtype(subtype), ext);
+   printf("0x%llx", ext);
+   break;
+   case EXT_COMMUNITY_NON_TRANS_OPAQUE:
+   memcpy(, data + i, sizeof(ext));
+   ext = betoh64(ext) & 0xLL;
+   switch (ext) {
+   case EXT_COMMUNITY_OVS_VALID:
+   printf("valid ");
+   break;
+   case EXT_COMMUNITY_OVS_NOTFOUND:
+   printf("not-found ");
+   break;
+   case EXT_COMMUNITY_OVS_INVALID:
+   printf("invalid ");
+   break;
+   default:
+   printf("0x%llx ", ext);
+   break;
+   }
break;
default:
memcpy(, data + i, sizeof(ext));
Index: bgpd/bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.307
diff -u -p -r1.307 bgpd.h
--- bgpd/bgpd.h 28 May 2017 20:14:15 -  1.307
+++ bgpd/bgpd.h 30 May 2017 22:23:03 -
@@ -760,18 +760,23 @@ struct filter_peers {
 #define EXT_COMMUNITY_IANA 0x80
 #define EXT_COMMUNITY_TRANSITIVE   0x40
 #define EXT_COMMUNITY_VALUE0x3f
-/* extended types */
-#define EXT_COMMUNITY_TWO_AS   0   /* 2 octet AS specific */
-#define EXT_COMMUNITY_IPV4 1   /* IPv4 specific */
-#define EXT_COMMUNITY_FOUR_AS  2   /* 4 octet AS specific */
-#define EXT_COMMUNITY_OPAQUE   3   /* opaque ext community */
-/* sub types */
-#define EXT_COMMUNITY_ROUTE_TGT2   /* RFC 4360 & RFC4364 */
-#define EXT_COMMUNITY_ROUTE_ORIG   3   /* RFC 4360 & RFC4364 */
-#define EXT_COMMUNITY_OSPF_DOM_ID  5   /* RFC 4577 */
-#define EXT_COMMUNITY_OSPF_RTR_TYPE6   /* RFC 4577 */
-#define EXT_COMMUNITY_OSPF_RTR_ID  7   /* RFC 4577 */
-#define EXT_COMMUNITY_BGP_COLLECT  8   /* RFC 4384 */
+/* extended types transitive */
+#define 

[patch] typo smtpd/dns.c

[Edgar Pettijohn]

fix typo
Index: dns.c
===
RCS file: /cvs/src/usr.sbin/smtpd/dns.c,v
retrieving revision 1.83
diff -u -p -u -r1.83 dns.c
--- dns.c	28 Oct 2015 07:28:13 -	1.83
+++ dns.c	30 May 2017 22:09:15 -
@@ -246,7 +246,7 @@ dns_imsg(struct mproc *p, struct imsg *i
 
 		as = res_query_async(s->name, C_IN, T_MX, NULL);
 		if (as == NULL) {
-			log_warn("warn: req_query_async: %s", s->name);
+			log_warn("warn: res_query_async: %s", s->name);
 			m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1);
 			m_add_id(s->p, s->reqid);
 			m_add_int(s->p, DNS_EINVAL);

Re: Unlock IP forwarding paths

[Alexander Bluhm]

On Tue, May 30, 2017 at 10:12:39PM +0200, Alexander Bluhm wrote:
> On Tue, May 30, 2017 at 10:04:14PM +0200, Alexander Bluhm wrote:
> > On Tue, May 30, 2017 at 11:48:50AM +0200, Martin Pieuchot wrote:
> > > Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
> > > dance.
> > > 
> > > Updated diff below.
> > 
> > I have tests this diff with my ipsec regress and a non-MP kernel.
> > It crashed.
> 
> Same crash on i386 with GENERIC.MP.

Found it, you forgot to remove one if_put().  This fixes both crashes.

bluhm

--- netinet6/ip6_input.c
+++ netinet6/ip6_input.c
@@ -500,7 +500,6 @@ ipv6_input(struct ifnet *ifp, struct mbuf *m)
 #endif /* IPSEC */
 
ip6_forward(m, rt, srcrt);
-   if_put(ifp);
return;
  bad:
m_freem(m);

Re: Properly serialize pflow's sc_outputqueue

[Sebastian Benoit]

this is basically the code i had before mpi told me that mq_ was not needed.

*sigh*

ok.

Visa Hankala(v...@openbsd.org) on 2017.05.30 16:19:46 +:
> On Wed, May 31, 2017 at 01:52:31AM +1000, Jonathan Matthew wrote:
> > On Tue, May 30, 2017 at 01:04:07PM +, Visa Hankala wrote:
> > > Index: net/if_pflow.c
> > > ===
> > > RCS file: src/sys/net/if_pflow.c,v
> > > retrieving revision 1.78
> > > diff -u -p -r1.78 if_pflow.c
> > > --- net/if_pflow.c27 May 2017 21:44:22 -  1.78
> > > +++ net/if_pflow.c30 May 2017 12:40:26 -
> > > @@ -132,7 +132,7 @@ pflow_output_process(void *arg)
> > >   struct mbuf *m;
> > >  
> > >   KERNEL_LOCK();
> > > - while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
> > > + while ((m = mq_dequeue(>sc_outputqueue)) != NULL) {
> > >   pflow_sendout_mbuf(sc, m);
> > >   }
> > >   KERNEL_UNLOCK();
> > 
> > I'd suggest using mq_delist here rather than dequeueing each mbuf
> > individually, so you only take the mbuf_queue mutex once per call.
> 
> Right. Updated patch below.
> 
> Index: net/if_pflow.c
> ===
> RCS file: src/sys/net/if_pflow.c,v
> retrieving revision 1.78
> diff -u -p -r1.78 if_pflow.c
> --- net/if_pflow.c27 May 2017 21:44:22 -  1.78
> +++ net/if_pflow.c30 May 2017 15:57:44 -
> @@ -128,11 +128,13 @@ pflow_output(struct ifnet *ifp, struct m
>  void
>  pflow_output_process(void *arg)
>  {
> + struct mbuf_list ml;
>   struct pflow_softc *sc = arg;
>   struct mbuf *m;
>  
> + mq_delist(>sc_outputqueue, );
>   KERNEL_LOCK();
> - while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
> + while ((m = ml_dequeue()) != NULL) {
>   pflow_sendout_mbuf(sc, m);
>   }
>   KERNEL_UNLOCK();
> @@ -256,7 +258,7 @@ pflow_clone_create(struct if_clone *ifc,
>   ifp->if_hdrlen = PFLOW_HDRLEN;
>   ifp->if_flags = IFF_UP;
>   ifp->if_flags &= ~IFF_RUNNING;  /* not running, need receiver */
> - ml_init(>sc_outputqueue);
> + mq_init(>sc_outputqueue, 8192, IPL_SOFTNET);
>   pflow_setmtu(pflowif, ETHERMTU);
>   pflow_init_timeouts(pflowif);
>   if_attach(ifp);
> @@ -288,7 +290,7 @@ pflow_clone_destroy(struct ifnet *ifp)
>   timeout_del(>sc_tmo_tmpl);
>   pflow_flush(sc);
>   task_del(softnettq, >sc_outputtask);
> - ml_purge(>sc_outputqueue);
> + mq_purge(>sc_outputqueue);
>   m_freem(sc->send_nam);
>   if (sc->so != NULL) {
>   error = soclose(sc->so);
> @@ -1089,8 +1091,8 @@ pflow_sendout_v5(struct pflow_softc *sc)
>   getnanotime();
>   h->time_sec = htonl(tv.tv_sec); /* XXX 2038 */
>   h->time_nanosec = htonl(tv.tv_nsec);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> @@ -1151,8 +1153,8 @@ pflow_sendout_ipfix(struct pflow_softc *
>   h10->flow_sequence = htonl(sc->sc_sequence);
>   sc->sc_sequence += count;
>   h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> @@ -1193,8 +1195,8 @@ pflow_sendout_ipfix_tmpl(struct pflow_so
>   h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
>  
>   timeout_add_sec(>sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> Index: net/if_pflow.h
> ===
> RCS file: src/sys/net/if_pflow.h,v
> retrieving revision 1.16
> diff -u -p -r1.16 if_pflow.h
> --- net/if_pflow.h27 May 2017 21:06:06 -  1.16
> +++ net/if_pflow.h30 May 2017 15:57:44 -
> @@ -184,7 +184,7 @@ struct pflow_softc {
>   struct timeout   sc_tmo;
>   struct timeout   sc_tmo6;
>   struct timeout   sc_tmo_tmpl;
> - struct mbuf_list sc_outputqueue;
> + struct mbuf_queuesc_outputqueue;
>   struct task  sc_outputtask;
>   struct socket   *so;
>   struct mbuf *send_nam;
> 

Re: Unlock IP forwarding paths

[Alexander Bluhm]

On Tue, May 30, 2017 at 10:04:14PM +0200, Alexander Bluhm wrote:
> On Tue, May 30, 2017 at 11:48:50AM +0200, Martin Pieuchot wrote:
> > Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
> > dance.
> > 
> > Updated diff below.
> 
> I have tests this diff with my ipsec regress and a non-MP kernel.
> It crashed.

Same crash on i386 with GENERIC.MP.

bluhm

panic: kernel diagnostic assertion "refcnt != ~0" failed: file 
"/usr/src/sys/kern/kern_synch.c", line 682
Stopped at  db_enter+0x7:   leave
TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
* 67643  67379  0 0x14000  0x2001  softnet
db_enter(d0a11c89,f5474e68,d09ec200,f5474e68,0) at db_enter+0x7
panic(d09ec200,d0968a27,d09e9c62,d09e9d1c,2aa) at panic+0x71
__assert(d0968a27,d09e9d1c,2aa,d09e9c62,86dd) at __assert+0x2e
refcnt_rele(d7721034,d76f2780,f5474eec,d03a9f52,d0bd2dc0) at refcnt_rele+0x48
refcnt_rele_wake(d7721034,d78aae00,0,f5474f0c,d0203039) at refcnt_rele_wake+0x1
2
if_input_process(1,f5474f68,d03bc3b0,f5474f90,d03a7a08) at if_input_process+0x1
3d
taskq_thread(d76f3080) at taskq_thread+0x60

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

[Paul de Weerd]

Works for me, verified both v4 and v6 selection actually uses that
address.  Suggested a small improvement for ntpd.conf(5) to Job
privately.

Would love to see this feature get imported :)

Thanks Job!

Paul

On Tue, May 30, 2017 at 06:10:03PM +0200, Job Snijders wrote:
| On Sun, May 28, 2017 at 10:52:24PM +0200, Sebastian Benoit wrote:
| > which makes me think:
| > would a global local-address be good enough?
| 
| Attached is a patch that allows you to specify the source for outgoing
| queries, as a global option. Example ntpd.conf:
| 
| query from 165.254.255.33
| query from 2001:728:1808::26
| servers ntp.ring.nlnog.net
| 
| I have a number of remarks myself:
| 
| - unsure about the bzero() in parse_config()
| 
| - should we check 2+ declarations of 'query from', or just use the
|   last one like this patch does now, (we don't check for duplicate
|   'weight' etc either)
| 
| - the ipv4 / ipv6 approach with 'struct dual_addr' seems clumsy, is
|   this what life is like in an ipv4 + ipv6 world? Any suggestions
|   how to improve?
| 
| Kind regards,
| 
| Job
| 
| ---
|  src/usr.sbin/ntpd/client.c| 13 +
|  src/usr.sbin/ntpd/ntp.c   |  1 +
|  src/usr.sbin/ntpd/ntpd.conf.5 |  8 
|  src/usr.sbin/ntpd/ntpd.h  |  7 +++
|  src/usr.sbin/ntpd/parse.y | 31 ++-
|  5 files changed, 59 insertions(+), 1 deletion(-)
| 
| diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c
| index ddbb1281..7d921dcf 100644
| --- a/src/usr.sbin/ntpd/client.c
| +++ b/src/usr.sbin/ntpd/client.c
| @@ -137,11 +137,24 @@ client_query(struct ntp_peer *p)
|  
|   if (p->query->fd == -1) {
|   struct sockaddr *sa = (struct sockaddr *)>addr->ss;
| + struct sockaddr *qa4 = (struct sockaddr *)>query_addr.v4;
| + struct sockaddr *qa6 = (struct sockaddr *)>query_addr.v6;
|  
|   if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM,
|   0)) == -1)
|   fatal("client_query socket");
|  
| + if (p->addr->ss.ss_family == qa4->sa_family) {
| + if (bind(p->query->fd, qa4, SA_LEN(qa4)) == -1)
| + fatal("couldn't bind to IPv4 query address: %s",
| + log_sockaddr(qa4));
| + }
| + else if (p->addr->ss.ss_family == qa6->sa_family) {
| + if (bind(p->query->fd, qa6, SA_LEN(qa6)) == -1)
| + fatal("couldn't bind to IPv6 query address: %s",
| + log_sockaddr(qa6));
| + }
| +
|   if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
|   if (errno == ECONNREFUSED || errno == ENETUNREACH ||
|   errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
| diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
| index f3366640..b0f80294 100644
| --- a/src/usr.sbin/ntpd/ntp.c
| +++ b/src/usr.sbin/ntpd/ntp.c
| @@ -521,6 +521,7 @@ ntp_dispatch_imsg_dns(void)
|   if (peer->addr_head.pool) {
|   npeer = new_peer();
|   npeer->weight = peer->weight;
| + npeer->query_addr = peer->query_addr;
|   h->next = NULL;
|   npeer->addr = h;
|   npeer->addr_head.a = h;
| diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
| index 6e4e0012..b8f03b22 100644
| --- a/src/usr.sbin/ntpd/ntpd.conf.5
| +++ b/src/usr.sbin/ntpd/ntpd.conf.5
| @@ -67,6 +67,14 @@ or
|  listen on 127.0.0.1
|  listen on ::1
|  listen on 127.0.0.1 rtable 4
| +.It Xo Ic source from Ar address
| +.Xc
| +Specify a Local IP address the
| +.Xr ntpd 8
| +daemon should use for outgoing queries.
| +.Bd -literal -offset indent
| +query from 10.0.0.1
| +query from 2001:db8::1
|  .Ed
|  .It Xo Ic sensor Ar device
|  .Op Ic correction Ar microseconds
| diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
| index 613b29b2..ded2948a 100644
| --- a/src/usr.sbin/ntpd/ntpd.h
| +++ b/src/usr.sbin/ntpd/ntpd.h
| @@ -106,6 +106,11 @@ struct listen_addr {
|   int  rtable;
|  };
|  
| +struct dual_addr {
| + struct sockaddr_storage v4;
| + struct sockaddr_storage v6;
| +};
| +
|  struct ntp_addr {
|   struct ntp_addr *next;
|   struct sockaddr_storage  ss;
| @@ -153,6 +158,7 @@ struct ntp_peer {
|   struct ntp_query*query;
|   struct ntp_offsetreply[OFFSET_ARRAY_SIZE];
|   struct ntp_offsetupdate;
| + struct dual_addr query_addr;
|   enum client_statestate;
|   time_t   next;
|   time_t   

Re: Unlock IP forwarding paths

[Alexander Bluhm]

On Tue, May 30, 2017 at 11:48:50AM +0200, Martin Pieuchot wrote:
> Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
> dance.
> 
> Updated diff below.

I have tests this diff with my ipsec regress and a non-MP kernel.
It crashed.

bluhm

panic: kernel diagnostic assertion "refcnt != ~0" failed: file 
"/crypt/home/bluhm/openbsd/cvs/src/sys/kern/kern_synch.c", line 682
Stopped at  db_enter+0x9:   leave
TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
*127376  98546  0 0x14000  0x2000  softnet
db_enter(817cd5ee,83999c70,10,83999c50,286,8) at db_ent
er+0x9
panic(817a2400,83999dc0,800d8290,0,800d8298,fff
f83999d80) at panic+0x102
__assert(81703909,8179fc28,2aa,8179fb6a,ff000622980
c,800d8290) at __assert+0x35
refcnt_rele(800d8298,8135b754,83999e20,fe7a
,811ac575,83999de0) at refcnt_rele+0x45
refcnt_rele_wake(800d8298,ff0006ba4e00,8005f2a0,800
5f2a0,5,83999e40) at refcnt_rele_wake+0x18
if_input_process(2,83999eb0,0,0,83999eb0,80019040) at i
f_input_process+0xfa
taskq_thread(80019040,811b0fc0,80019040,811b0fc
0,0,0) at taskq_thread+0x69
end trace frame: 0x0, count: 8

vmm: exception injection plumbing

[Mike Larkin]

This diff adds the ability to inject exceptions into the guest. It is needed
for a variety of things coming soon (XO kernel .text, #UD on unsupported
instructions, routing RDRAND/RDSEED to arc4random, etc).

ok?

Index: amd64/vmm.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.151
diff -u -p -a -u -r1.151 vmm.c
--- amd64/vmm.c 30 May 2017 19:31:28 -  1.151
+++ amd64/vmm.c 30 May 2017 19:57:16 -
@@ -3681,6 +3681,29 @@ vcpu_run_vmx(struct vcpu *vcpu, struct v
}
}
 
+   /* Inject event if present */
+   if (vcpu->vc_event != 0) {
+   eii = (vcpu->vc_event & 0xFF);
+   eii |= (1ULL << 31);/* Valid */
+   eii |= (1ULL << 11);/* Send error code */
+   eii |= (3ULL << 8); /* Hardware Exception */
+   if (vmwrite(VMCS_ENTRY_INTERRUPTION_INFO, eii)) {
+   printf("%s: can't vector event to guest\n",
+   __func__);
+   ret = EINVAL;
+   break;
+   }
+
+   if (vmwrite(VMCS_ENTRY_EXCEPTION_ERROR_CODE, 0)) {
+   printf("%s: can't write error code to guest\n",
+   __func__);
+   ret = EINVAL;
+   break;
+   }
+
+   vcpu->vc_event = 0;
+   }
+
if (vcpu->vc_vmx_vpid_enabled) {
/* Invalidate old TLB mappings */
vid.vid_vpid = vcpu->vc_parent->vm_id;
@@ -5490,6 +5513,14 @@ vcpu_run_svm(struct vcpu *vcpu, struct v
vmcb->v_vmcb_clean_bits &= ~(1 << 3);
vmcb->v_irq = 0;
vmcb->v_intr_vector = 0;
+   }
+
+   /* Inject event if present */
+   if (vcpu->vc_event != 0) {
+   vmcb->v_eventinj = (vcpu->vc_event) | (1 << 31);
+   vmcb->v_eventinj |= (1ULL << 1); /* Send error code */
+   vmcb->v_eventinj |= (3ULL << 8); /* Hardware Exception 
*/
+   vcpu->vc_event = 0;
}
 
/* Start / resume the VCPU */
Index: include/vmmvar.h
===
RCS file: /cvs/src/sys/arch/amd64/include/vmmvar.h,v
retrieving revision 1.40
diff -u -p -a -u -r1.40 vmmvar.h
--- include/vmmvar.h30 May 2017 17:49:47 -  1.40
+++ include/vmmvar.h30 May 2017 19:57:16 -
@@ -721,6 +721,8 @@ struct vcpu {
 
struct vcpu_gueststate vc_gueststate;
 
+   uint8_t vc_event;
+
/* VMX only */
uint64_t vc_vmx_basic;
uint64_t vc_vmx_entry_ctls;

Re: sys/socket.h: make sstosa() available to everyone

[Job Snijders]

On Tue, May 30, 2017 at 01:29:07PM -0600, Theo de Raadt wrote:
> I don't think this trivial thing should be pushed into the public
> namespace.
> 
> Personally I think this construct is really contrived.

ok. Another downside might be that it can negatively impact portability.

Thanks,

Job

Re: sys/socket.h: make sstosa() available to everyone

[Theo de Raadt]

I don't think this trivial thing should be pushed into the public namespace.

Personally I think this construct is really contrived.

> Might be out of my depth here, but would be nice if the sstosa() is
> available to everyone, not just _KERNEL
> 
> If accepted, 'define sstosa' can to be removed from
> usr.sbin/ftp-proxy/ftp-proxy.c.
> 
> Kind regards,
> 
> Job
> 
> ---
>  sys/sys/socket.h | 16 ++--
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/sys/sys/socket.h b/sys/sys/socket.h
> index 27cd9b5962e..48cd94e072a 100644
> --- a/sys/sys/socket.h
> +++ b/sys/sys/socket.h
> @@ -229,6 +229,16 @@ struct sockaddr_storage {
>   unsigned char   __ss_pad3[240]; /* pad to a total of 256 bytes */
>  };
>  
> +/*
> + * inline function to convert struct sockaddr_storage to struct sockaddr
> + * in a typesafe manner instead of sprinkling casts everywhere.
> + */
> +static inline struct sockaddr *
> +sstosa(struct sockaddr_storage *ss)
> +{
> +return ((struct sockaddr *)(ss));
> +}
> +
>  #ifdef _KERNEL
>  /*
>   * Structure used by kernel to pass protocol
> @@ -535,12 +545,6 @@ __END_DECLS
>  
>  void pfctlinput(int, struct sockaddr *);
>  
> -static inline struct sockaddr *
> -sstosa(struct sockaddr_storage *ss)
> -{
> - return ((struct sockaddr *)(ss));
> -}
> -
>  #endif /* !_KERNEL */
>  
>  #endif /* !_SYS_SOCKET_H_ */
> 

sys/socket.h: make sstosa() available to everyone

[Job Snijders]

Hi,

Might be out of my depth here, but would be nice if the sstosa() is
available to everyone, not just _KERNEL

If accepted, 'define sstosa' can to be removed from
usr.sbin/ftp-proxy/ftp-proxy.c.

Kind regards,

Job

---
 sys/sys/socket.h | 16 ++--
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/sys/sys/socket.h b/sys/sys/socket.h
index 27cd9b5962e..48cd94e072a 100644
--- a/sys/sys/socket.h
+++ b/sys/sys/socket.h
@@ -229,6 +229,16 @@ struct sockaddr_storage {
unsigned char   __ss_pad3[240]; /* pad to a total of 256 bytes */
 };
 
+/*
+ * inline function to convert struct sockaddr_storage to struct sockaddr
+ * in a typesafe manner instead of sprinkling casts everywhere.
+ */
+static inline struct sockaddr *
+sstosa(struct sockaddr_storage *ss)
+{
+return ((struct sockaddr *)(ss));
+}
+
 #ifdef _KERNEL
 /*
  * Structure used by kernel to pass protocol
@@ -535,12 +545,6 @@ __END_DECLS
 
 void   pfctlinput(int, struct sockaddr *);
 
-static inline struct sockaddr *
-sstosa(struct sockaddr_storage *ss)
-{
-   return ((struct sockaddr *)(ss));
-}
-
 #endif /* !_KERNEL */
 
 #endif /* !_SYS_SOCKET_H_ */

Re: Remove extra brackets from MINIMUM definition ber.c

[Fred]

On 05/30/17 20:15, Ted Unangst wrote:

Fred wrote:

I was greping the tree for MINIMUM and this one stood out as it was
(((a) rather than ((a).


not sure why this one stood out. the 16 definitions of MAXIMUM in bin and sbin
are all the same. i don't think we really need churn changing either way.



Okay

Cheers

Fred

Re: Remove extra brackets from MINIMUM definition ber.c

[Ted Unangst]

Fred wrote:
> I was greping the tree for MINIMUM and this one stood out as it was 
> (((a) rather than ((a).

not sure why this one stood out. the 16 definitions of MAXIMUM in bin and sbin
are all the same. i don't think we really need churn changing either way.

Re: Remove extra brackets from MINIMUM definition ber.c

[Fred]

On 05/30/17 19:57, Theo de Raadt wrote:

No.  This is consistant with a couple hundred others in the tree, which
were originally copied from sys/param.h before we cleaned userland from
using the file.  The brackets were good enough for CSRG, and they are good
enough for me...


This patch removes the redundant brackets form the MINIMUM macro in ber.c

Cheers

Fred

Index: ber.c
===
RCS file: /cvs/src/usr.sbin/ldapd/ber.c,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 ber.c
--- ber.c   11 Feb 2017 20:40:03 -  1.12
+++ ber.c   30 May 2017 17:34:14 -
@@ -31,7 +31,7 @@

   #include "ber.h"

-#define MINIMUM(a, b)  (((a) < (b)) ? (a) : (b))
+#define MINIMUM(a, b)  ((a) < (b) ? (a) : (b))

   #define BER_TYPE_CONSTRUCTED 0x20/* otherwise primitive */
   #define BER_TYPE_SINGLE_MAX  30



I was greping the tree for MINIMUM and this one stood out as it was 
(((a) rather than ((a).


I have also noticed that their are two minimum definitions in the 
tcpdump code one is MIN(a, b) the other is min(a, b) would you be 
interested in a diffs that converted them both to MINIMUM?


Cheers

Fred

Re: Remove extra brackets from MINIMUM definition ber.c

[Theo de Raadt]

No.  This is consistant with a couple hundred others in the tree, which
were originally copied from sys/param.h before we cleaned userland from
using the file.  The brackets were good enough for CSRG, and they are good
enough for me...

> This patch removes the redundant brackets form the MINIMUM macro in ber.c
> 
> Cheers
> 
> Fred
> 
> Index: ber.c
> ===
> RCS file: /cvs/src/usr.sbin/ldapd/ber.c,v
> retrieving revision 1.12
> diff -u -p -u -p -r1.12 ber.c
> --- ber.c 11 Feb 2017 20:40:03 -  1.12
> +++ ber.c 30 May 2017 17:34:14 -
> @@ -31,7 +31,7 @@
> 
>   #include "ber.h"
> 
> -#define MINIMUM(a, b)(((a) < (b)) ? (a) : (b))
> +#define MINIMUM(a, b)((a) < (b) ? (a) : (b))
> 
>   #define BER_TYPE_CONSTRUCTED0x20/* otherwise primitive */
>   #define BER_TYPE_SINGLE_MAX 30
> 

Remove extra brackets from MINIMUM definition ber.c

[Fred]

This patch removes the redundant brackets form the MINIMUM macro in ber.c

Cheers

Fred

Index: ber.c
===
RCS file: /cvs/src/usr.sbin/ldapd/ber.c,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 ber.c
--- ber.c   11 Feb 2017 20:40:03 -  1.12
+++ ber.c   30 May 2017 17:34:14 -
@@ -31,7 +31,7 @@

 #include "ber.h"

-#define MINIMUM(a, b)  (((a) < (b)) ? (a) : (b))
+#define MINIMUM(a, b)  ((a) < (b) ? (a) : (b))

 #define BER_TYPE_CONSTRUCTED   0x20/* otherwise primitive */
 #define BER_TYPE_SINGLE_MAX30

Re: let's add PF_LOCK()

[Alexandr Nedvedicky]

Hello Martin,


> > rw_exit_write();
> > export_pflow(cur);
> > rw_enter_write();
> > +   rw_enter_write(_lock);
> > }
> 
> This is not needed, you're not diffing against the latest version of
> net/pf.c.

indeed my tree is old by couple hours.

> 
> > +extern struct rwlock   pf_lock;
> > +
> > +#define PF_LOCK(s) do {\
> > +   NET_ASSERT_LOCKED();\
> > +   rw_enter_write(_lock);   \
> > +   s = splsoftnet();   \
> > +   } while (0)
> 
> There's no need for splsoftnet()/splx() nor splsoftassert(). 

O.K. removed, the 'int  spl;' at pf.c is also gone now.

thank you for looking at my changes. updated diff is further below

regards
sasha
8<---8<---8<--8<
diff -r 85b6b6ce74cd .hgtags
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/.hgtags   Tue May 30 20:27:43 2017 +0200
@@ -0,0 +1,1 @@
+d545881e2652dbc0c057691a39a095bce92f441f pf-lock.baseline
diff -r 85b6b6ce74cd src/sys/net/pf.c
--- a/src/sys/net/pf.c  Tue May 30 20:11:44 2017 +0200
+++ b/src/sys/net/pf.c  Tue May 30 20:27:43 2017 +0200
@@ -923,7 +923,7 @@ int
 pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skw,
 struct pf_state_key **sks, struct pf_state *s)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
s->kif = kif;
if (*skw == *sks) {
@@ -1186,7 +1186,7 @@ pf_purge_expired_rules(void)
 {
struct pf_rule  *r;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
if (SLIST_EMPTY(_rule_gcl))
return;
@@ -1207,6 +1207,7 @@ pf_purge_thread(void *v)
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
 
NET_LOCK(s);
+   PF_LOCK();
 
/* process a fraction of the state table every second */
pf_purge_expired_states(1 + (pf_status.states
@@ -1214,13 +1215,20 @@ pf_purge_thread(void *v)
 
/* purge other expired types every PFTM_INTERVAL seconds */
if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
-   pf_purge_expired_fragments();
pf_purge_expired_src_nodes(0);
pf_purge_expired_rules();
+   }
+
+   PF_UNLOCK();
+   NET_UNLOCK(s);
+
+   /*
+* Fragments don't require PF_LOCK(), they use their own mutex.
+*/
+   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
+   pf_purge_expired_fragments();
nloops = 0;
}
-
-   NET_UNLOCK(s);
}
 }
 
@@ -1267,7 +1275,7 @@ pf_purge_expired_src_nodes(void)
 {
struct pf_src_node  *cur, *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
for (cur = RB_MIN(pf_src_tree, _src_tracking); cur; cur = next) {
next = RB_NEXT(pf_src_tree, _src_tracking, cur);
@@ -1303,7 +1311,7 @@ pf_src_tree_remove_state(struct pf_state
 void
 pf_remove_state(struct pf_state *cur)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
/* handle load balancing related tasks */
pf_postprocess_addr(cur);
@@ -1320,7 +1328,6 @@ pf_remove_state(struct pf_state *cur)
}
RB_REMOVE(pf_state_tree_id, _id, cur);
 #if NPFLOW > 0
-   if (cur->state_flags & PFSTATE_PFLOW)
export_pflow(cur);
 #endif /* NPFLOW > 0 */
 #if NPFSYNC > 0
@@ -1350,7 +1357,7 @@ pf_free_state(struct pf_state *cur)
 {
struct pf_rule_item *ri;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
 #if NPFSYNC > 0
if (pfsync_state_in_use(cur))
@@ -1386,7 +1393,7 @@ pf_purge_expired_states(u_int32_t maxche
static struct pf_state  *cur = NULL;
struct pf_state *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
while (maxcheck--) {
/* wrap to start of list when we hit the end */
@@ -3146,13 +3153,13 @@ pf_socket_lookup(struct pf_pdesc *pd)
case IPPROTO_TCP:
sport = pd->hdr.tcp.th_sport;
dport = pd->hdr.tcp.th_dport;
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
tb = 
break;
case IPPROTO_UDP:
sport = pd->hdr.udp.uh_sport;
dport = pd->hdr.udp.uh_dport;
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
tb = 
break;
default:
@@ -6673,6 +6680,7 @@ pf_test(sa_family_t af, int fwdir, struc
/* if packet sits in reassembly queue, return without error */
if (pd.m == NULL)
return PF_PASS;
+
if (action != PF_PASS) {
 #if NPFLOG > 0
pd.pflog |= PF_LOG_FORCE;
@@ -6692,6 +6700,9 @@ pf_test(sa_family_t af, int fwdir, struc
}

iwm: add support for missed beacons notification

[Stefan Sperling]

This adds support for iwm firmware's missed beacon notification.

With this, the driver will notice "dead air" when a laptop moves too far
away from the AP. It will automatically try to connect to another AP that
is closer, or again to the same AP when it moves back in range.

ok?

Index: if_iwm.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.184
diff -u -p -r1.184 if_iwm.c
--- if_iwm.c28 May 2017 11:03:48 -  1.184
+++ if_iwm.c30 May 2017 18:16:53 -
@@ -3535,6 +3535,34 @@ iwm_rx_tx_cmd(struct iwm_softc *sc, stru
}
 }
 
+void
+iwm_rx_bmiss(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
+struct iwm_rx_data *data)
+{
+   struct ieee80211com *ic = >sc_ic;
+   int bmiss_threshold = ic->ic_bmisstimeout / ic->ic_lintval;
+   struct iwm_missed_beacons_notif *mbn = (void *)pkt->data;
+
+   if ((ic->ic_opmode != IEEE80211_M_STA) ||
+   (ic->ic_state != IEEE80211_S_RUN))
+   return;
+
+   bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt),
+   sizeof(*mbn), BUS_DMASYNC_POSTREAD);
+
+   if (mbn->consec_missed_beacons_since_last_rx > bmiss_threshold) {
+   /*
+* Rather than go directly to scan state, try to send a
+* directed probe request first. If that fails then the
+* state machine will drop us into scanning after timing
+* out waiting for a probe response.
+*/
+   IEEE80211_SEND_MGMT(ic, ic->ic_bss,
+   IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
+   }
+
+}
+
 int
 iwm_binding_cmd(struct iwm_softc *sc, struct iwm_node *in, uint32_t action)
 {
@@ -6566,7 +6594,7 @@ iwm_notif_intr(struct iwm_softc *sc)
break;
 
case IWM_MISSED_BEACONS_NOTIFICATION:
-   /* OpenBSD does not provide ieee80211_beacon_miss() */
+   iwm_rx_bmiss(sc, pkt, data);
break;
 
case IWM_MFUART_LOAD_NOTIFICATION:

Re: airport.7: mandoc -Tlint fixes

[Ingo Schwarze]

Hi Michael,

Michael Reed wrote on Tue, May 30, 2017 at 01:20:08PM -0400:

> The new airport.7 has a few small formatting issues as determined
> by `mandoc -Tlint`. This diff fixes them.

Done, thanks.  I also fixed .Nd and .Lk usage while there.

Yours,
  Ingo


> Index: airport.7
> ===
> RCS file: /cvs/src/share/man/man7/airport.7,v
> retrieving revision 1.1
> diff -u -p -r1.1 airport.7
> --- airport.7   28 May 2017 19:26:33 -  1.1
> +++ airport.7   30 May 2017 17:19:02 -
> @@ -1,6 +1,5 @@
>  .\"$OpenBSD: airport.7,v 1.1 2017/05/28 19:26:33 benno Exp $
>  .\"
> -
>  .\" Copyright (c) 2017 Sebastian Benoit.
>  .\" All rights reserved.
>  .\"
> @@ -40,14 +39,14 @@ The list is not a complete list of all I
>  New airports can only be added by
>  .Ox
>  developers who have visited an airport and thereby have verified its
> existence.
> -.Sh CAVEATS
> -There are also railway stations with IATA codes.
> -These may not be listed, except if someone landed there by plane and
> -survived to update the file.
> -.Sh STANDARDS
> -.Lk http://www.iata.org/codes
> -.%T Airline and Airport Code Search
>  .Sh FILES
>  .Bl -tag -width /usr/share/misc/airport -compact
>  .It Pa /usr/share/misc/airport
>  .El
> +.Sh STANDARDS
> +.Lk http://www.iata.org/codes
> +.%T Airline and Airport Code Search
> +.Sh CAVEATS
> +There are also railway stations with IATA codes.
> +These may not be listed, except if someone landed there by plane and
> +survived to update the file.
> 

Re: operator.7: Remove ref to nonexistant FILES

[Theo Buehler]

On Tue, May 30, 2017 at 01:18:15PM -0400, Michael Reed wrote:
> Hi,
> 
> Per [1], /usr/share/misc/operator no longer exists, so
> there's no need to reference it.

Fixed, thanks

Re: let's add PF_LOCK()

[Martin Pieuchot]

On 30/05/17(Tue) 19:11, Alexandr Nedvedicky wrote:
> @@ -1322,9 +1330,18 @@
>  #if NPFLOW > 0
>   if (cur->state_flags & PFSTATE_PFLOW) {
>   /* XXXSMP breaks atomicity */
> + /*
> +  * The only way how state gets freed from memory is when it
> +  * gets garbage collected by pf_purge_thread().  The
> +  * pf_purge_thread() removes only states, which are marked as
> +  * PFTM_UNLINKED -> state will stay around, once we re-acquire
> +  * netlock.
> +  */
> + rw_exit_write(_lock);
>   rw_exit_write();
>   export_pflow(cur);
>   rw_enter_write();
> + rw_enter_write(_lock);
>   }

This is not needed, you're not diffing against the latest version of
net/pf.c.

> +extern struct rwlock pf_lock;
> +
> +#define PF_LOCK(s)   do {\
> + NET_ASSERT_LOCKED();\
> + rw_enter_write(_lock);   \
> + s = splsoftnet();   \
> + } while (0)

There's no need for splsoftnet()/splx() nor splsoftassert(). 

> +#define PF_UNLOCK(s) do {\
> + PF_ASSERT_LOCKED(); \
> + splx(s);\
> + rw_exit_write(_lock);\
> + } while (0)
> +
> +#define PF_ASSERT_LOCKED()   do {\
> + if (rw_status(_lock) != RW_WRITE)\
> + splassert_fail(RW_WRITE,\
> + rw_status(_lock),__func__);\
> + splsoftassert(IPL_SOFTNET); \
> + } while (0)
> +
> +#define PF_ASSERT_UNLOCKED() do {\
> + if (rw_status(_lock) == RW_WRITE)\
> + splassert_fail(0, rw_status(_lock), __func__);\
> + } while (0)
> +
>  #endif /* _KERNEL */
>  
>  #endif /* _NET_PFVAR_PRIV_H_ */
> 8<---8<---8<--8<
> 

Re: detect post threaded condition

[Ted Unangst]

patrick keshishian wrote:
> On Tue, May 30, 2017 at 03:48:06AM -0400, Ted Unangst wrote:
> > +   write(2, GREATSCOTT, sizeof(GREATSCOTT));
>^^
> maybe sizeof(GREATSCOTT)-1

indeed. (and typo fixed, thanks all)

Re: let's add PF_LOCK()

[Alexandr Nedvedicky]

Hello Mike,

thanks for looking at my stuff.

> 
> It's great stuff, I think you should move forward with this.
> A couple of nits:
> 
>  - pfvar*.h doesn't have tabs after #define, just one space

fixed
> 
>  - do you really want to put MTX in PF_FRAG_MTX_* defines?
>why not PF_FRAG_LOCK?  it would be aligned to PF_LOCK
>and then we can change the nature of the lock w/o changing
>defines.

you are right the lock name should not refer to type of the lock in this
case.

> 
> Some additional comments inline (especially the nloops).

indeed, this is very good catch, thanks a lot.
> 
> It would be really nice if you'd generate diffs with -p so

I'm sorry, I've forgot to add a '-p' switch. I'll make '-p'
persistent in my .hgrc



> 
> The way nloops gets set to 0 in the previous "if" statement
> makes this looks suspicious. Perhaps setting nloops to zero
> has to be happen in the last part?

this is the fix I have in updated patch:

diff -r 36784633f1f3 src/sys/net/pf.c 
--- a/src/sys/net/pf.c  Tue May 30 10:59:16 2017 +0200  

+++ b/src/sys/net/pf.c  Tue May 30 18:57:21 2017 +0200  

@@ -1217,7 +1217,6 @@ pf_purge_thread(void *v)
if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {   

pf_purge_expired_src_nodes(0);  

pf_purge_expired_rules(); 
-   nloops = 0;   
} 
  
PF_UNLOCK(s); 
@@ -1226,9 +1225,10 @@ pf_purge_thread(void *v)   
/*
 * Fragments don't require PF_LOCK(), they use their own mutex. 

 */   
-   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL])   

+   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) { 

pf_purge_expired_fragments(); 
- 
+   nloops = 0;   
+   } 
} 
 }
  

> 
> "The only guy, who kills states (frees from memory) is"
> I think commets have to have a bit better style.  There are
> no guys who kill states :)

does this improved comment sound good to you?:

@ -1331,10 +1331,11 @@ pf_remove_state(struct pf_state *cur)
   
if (cur->state_flags & PFSTATE_PFLOW) {   
/* XXXSMP breaks atomicity */ 
/*
-* The only guy, who kills states (frees from memory) is

-* pf_purge_thread(). The pf_purge_thread() kills only states,  

-* which are marked as PFTM_UNLINKED -> state will stay around, 

-* once we re-acquire netlock.
+* The only way how state gets freed from memory is when it 
   
+* gets garbage collected by pf_purge_thread().  The

+* pf_purge_thread() removes only states, which are marked as   

+* PFTM_UNLINKED -> state will stay around, once we re-acquire  

+* netlock.   
 */   


> Perhaps rephrase the whole thing like this to stress that we rely
> on NET_LOCK right now and something will have to replace it when
> it'll be gone?
> 
> "At the moment, we rely on NET_LOCK() to prevent removal of
> items we've collected above.  They'll have to be refcounted
> when NET_LOCK() is gone."

I like your comment. It's brief and clear

@@ -6808,12 +6809,11 @@ pf_test(sa_family_t af, int fwdir, struc
 
 unlock:
PF_UNLOCK(spl);
+
/*
-* We've just left the look-up section of pf_test(). Code further down
-* assumes, all objects (state, rule, anchor,...) are going to stay
-* around. It's fair assumption, NET_LOCK() prevents the items
-* we've collected above from removing. Once NET_LOCK() will be gone,
-* we must have reference counting ready.
+* At the moment, we rely on NET_LOCK() to prevent removal of 

airport.7: mandoc -Tlint fixes

[Michael Reed]

Hi,

The new airport.7 has a few small formatting issues as determined
by `mandoc -Tlint`. This diff fixes them.




Index: airport.7
===
RCS file: /cvs/src/share/man/man7/airport.7,v
retrieving revision 1.1
diff -u -p -r1.1 airport.7
--- airport.7   28 May 2017 19:26:33 -  1.1
+++ airport.7   30 May 2017 17:19:02 -
@@ -1,6 +1,5 @@
 .\"$OpenBSD: airport.7,v 1.1 2017/05/28 19:26:33 benno Exp $
 .\"
-
 .\" Copyright (c) 2017 Sebastian Benoit.
 .\" All rights reserved.
 .\"
@@ -40,14 +39,14 @@ The list is not a complete list of all I
 New airports can only be added by
 .Ox
 developers who have visited an airport and thereby have verified its 
existence.

-.Sh CAVEATS
-There are also railway stations with IATA codes.
-These may not be listed, except if someone landed there by plane and
-survived to update the file.
-.Sh STANDARDS
-.Lk http://www.iata.org/codes
-.%T Airline and Airport Code Search
 .Sh FILES
 .Bl -tag -width /usr/share/misc/airport -compact
 .It Pa /usr/share/misc/airport
 .El
+.Sh STANDARDS
+.Lk http://www.iata.org/codes
+.%T Airline and Airport Code Search
+.Sh CAVEATS
+There are also railway stations with IATA codes.
+These may not be listed, except if someone landed there by plane and
+survived to update the file.

operator.7: Remove ref to nonexistant FILES

[Michael Reed]

Hi,

Per [1], /usr/share/misc/operator no longer exists, so
there's no need to reference it.

[1]: 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/Attic/operator




Index: operator.7
===
RCS file: /cvs/src/share/man/man7/operator.7,v
retrieving revision 1.9
diff -u -p -r1.9 operator.7
--- operator.7  3 Sep 2011 22:59:07 -   1.9
+++ operator.7  30 May 2017 17:17:46 -
@@ -58,7 +58,3 @@
 .It "\&," Ta "left to right"
 .El
 .Ed
-.Sh FILES
-.Bl -tag -width /usr/share/misc/operator -compact
-.It Pa /usr/share/misc/operator
-.El

Re: detect post threaded condition

[patrick keshishian]

On Tue, May 30, 2017 at 03:48:06AM -0400, Ted Unangst wrote:
> talking to stsp, he reminded me of a problematic bug that took some time to
> track down in some desktop software that shall not be named. after a program
> calls fork(), the child has only a single thread. per the standard, it needs
> to get to exec() as quickly as possible. per the quality standards of modern
> software, this doesn't always happen, and then strangeness happens.
> 
> this adds a quick check for this error condition. after a fork, we set a new
> variable in the child that we are post threaded. this can be checked elsewhere
> in the library. i added a check to pthread_join because that's a notable
> problem function.
> 
> 
> Index: rthread.c
> ===
> RCS file: /cvs/src/lib/librthread/rthread.c,v
> retrieving revision 1.94
> diff -u -p -r1.94 rthread.c
> --- rthread.c 4 Sep 2016 10:13:35 -   1.94
> +++ rthread.c 30 May 2017 07:43:12 -
> @@ -64,6 +64,7 @@ REDIRECT_SYSCALL(thrkill);
>  static int concurrency_level;/* not used */
>  
>  int _threads_ready;
> +int _post_threaded;
>  size_t _thread_pagesize;
>  struct listhead _thread_list = LIST_HEAD_INITIALIZER(_thread_list);
>  _atomic_lock_t _thread_lock = _SPINLOCK_UNLOCKED;
> @@ -358,6 +359,11 @@ pthread_join(pthread_t thread, void **re
>   pthread_t self;
>   PREP_CANCEL_POINT(tib);
>  
> + if (_post_threaded) {
> +#define GREATSCOTT "great scott! serious repurcussions on future events!\n"
> + write(2, GREATSCOTT, sizeof(GREATSCOTT));
 ^^
maybe sizeof(GREATSCOTT)-1

-pk

> + abort();
> + }
>   if (!_threads_ready)
>   _rthread_init();
>   self = tib->tib_thread;
> Index: rthread_fork.c
> ===
> RCS file: /cvs/src/lib/librthread/rthread_fork.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 rthread_fork.c
> --- rthread_fork.c4 Sep 2016 10:13:35 -   1.19
> +++ rthread_fork.c30 May 2017 07:41:29 -
> @@ -58,6 +58,7 @@ _dofork(pid_t (*sys_fork)(void))
>   pthread_t me;
>   pid_t newid;
>   int i;
> + extern int _post_threaded;
>  
>   if (!_threads_ready)
>   return sys_fork();
> @@ -110,6 +111,7 @@ _dofork(pid_t (*sys_fork)(void))
>  
>   /* single threaded now */
>   __isthreaded = 0;
> + _post_threaded = 1;
>   }
>  #ifndef NO_PIC
>   else if (_DYNAMIC)
> 

amd64 clang: fix bootstrap build

[Christian Weisgerber]

On amd64 we can now build the bootstrap with clang if we
* skip the integrated assembler for assym.h;
* use as(1) to build biosboot.S and the various versions of srt0.S.

I successfully tested a clang-built pxeboot(8) and boot(8).

Index: Makefile.inc
===
RCS file: /cvs/src/sys/arch/amd64/stand/Makefile.inc,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile.inc
--- Makefile.inc30 May 2017 15:02:22 -  1.16
+++ Makefile.inc30 May 2017 15:28:46 -
@@ -23,13 +23,18 @@ CLEANFILES+=assym.h machine
 
 SACFLAGS+=-nostdinc -fno-builtin -fpack-struct
 
+.include 
+.if ${COMPILER_VERSION:Mclang}
+NO_INTEGR_AS=  -no-integrated-as
+.endif
+
 .if !make(clean) && !make(cleandir) && !make(includes) && !make(libdep) && \
 !make(sadep) && !make(salibdir) && !make(obj)
 .BEGIN:
@([ X$(S) = X -o -h machine ] || ln -s $(S)/arch/amd64/include machine)
 
 assym.h: ${S}/kern/genassym.sh ${SADIR}/etc/genassym.cf
-   sh ${S}/kern/genassym.sh ${CC} ${CFLAGS} ${CPPFLAGS} \
+   sh ${S}/kern/genassym.sh ${CC} ${NO_INTEGR_AS} ${CFLAGS} ${CPPFLAGS} \
${PARAM} < ${SADIR}/etc/genassym.cf > assym.h.tmp && \
mv -f assym.h.tmp assym.h
 .endif
Index: biosboot/Makefile
===
RCS file: /cvs/src/sys/arch/amd64/stand/biosboot/Makefile,v
retrieving revision 1.11
diff -u -p -r1.11 Makefile
--- biosboot/Makefile   30 Jul 2016 03:25:48 -  1.11
+++ biosboot/Makefile   30 May 2017 15:12:20 -
@@ -23,6 +23,7 @@ ${PROG}: $(OBJS)
 CPPFLAGS+=-DLOADADDR=$(LOADADDR) -DLINKADDR=$(LINKADDR) 
-DBOOTMAGIC=$(BOOTMAGIC)
 CPPFLAGS+=${DEBUGFLAGS}
 CFLAGS+=-fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 AFLAGS+=-m32 # -Wa,-a
 AFLAGS+=-fno-pie
 .else
Index: boot/Makefile
===
RCS file: /cvs/src/sys/arch/amd64/stand/boot/Makefile,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile
--- boot/Makefile   18 Sep 2016 16:34:59 -  1.36
+++ boot/Makefile   30 May 2017 15:12:44 -
@@ -77,6 +77,7 @@ CPPFLAGS+=-DBOOTMAGIC=$(BOOTMAGIC) ${DEB
 CPPFLAGS+=-DSLOW -DSMALL -DNOBYFOUR -DNO_GZIP -DDYNAMIC_CRC_TABLE
 CPPFLAGS+=-DHEAP_LIMIT=${HEAP_LIMIT} -I${S}/stand/boot #-DCOMPAT_UFS
 CFLAGS+=-m32 $(SACFLAGS) -D__INTERNAL_LIBSA_CREAD -fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 AFLAGS+=-m32 # -Wa,-R
 # AFLAGS+=-Wa,-a
 AFLAGS+=-fno-pie
Index: cdboot/Makefile
===
RCS file: /cvs/src/sys/arch/amd64/stand/cdboot/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- cdboot/Makefile 18 Sep 2016 16:34:59 -  1.32
+++ cdboot/Makefile 30 May 2017 15:12:55 -
@@ -68,5 +68,6 @@ CFLAGS+=${SACFLAGS} -D__INTERNAL_LIBSA_C
 CFLAGS+=-DOSREV=\"${OSREV}\" -DMACHINE=\"${MACHINE}\"
 CFLAGS+=-DKERNEL=\"/${OSREV}/${MACHINE}/bsd.rd\"
 CFLAGS+=-fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 AFLAGS+=-m32
 AFLAGS+=-fno-pie
Index: pxeboot/Makefile
===
RCS file: /cvs/src/sys/arch/amd64/stand/pxeboot/Makefile,v
retrieving revision 1.30
diff -u -p -r1.30 Makefile
--- pxeboot/Makefile18 Sep 2016 16:34:59 -  1.30
+++ pxeboot/Makefile30 May 2017 15:13:00 -
@@ -70,6 +70,7 @@ CPPFLAGS+=-DSLOW -DSMALL -DNOBYFOUR -DNO
 CPPFLAGS+=-DHEAP_LIMIT=${HEAP_LIMIT} -I${S}/stand/boot #-DCOMPAT_UFS
 CFLAGS+=-m32
 CFLAGS+=$(SACFLAGS) -D__INTERNAL_LIBSA_CREAD -fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 # AFLAGS+=-Wa,-a
 AFLAGS+=-m32 # -Wa,-R
 AFLAGS+=-fno-pie
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: Randomize link of kernel, and unmap startup code

[Theo de Raadt]

> This change relinks kernel objects randomly, and unmaps the bootcode
> component of locore during boot.  This makes gadgets harder to find.
> 
> The current linker layout is:
> 
>   locore.o [bring-up code + asm runtime]
>   rest of kernel .o, in order supplied by config(8)
> 
> The new linker layout is:
> 
>   locore.o [just the bring-up code]
>   gap.o
>   rest of kernel .o + new locore2.S [asm runtime], via sort -R
> 
> The gap.o being use some discussion.  This creates 5 random sized
> gaps:
>   Few pages after locore.o .text
> 
> resulting in the following layout:
> 
>   boot code
>   [few pages of gap]
> endboot:
>   [partial page gap]
>   rest of .text - randomized order
>   [page-alignment]
>   [partial page gap]
>   .rodata
>   [page-alignment]
>   [partial page gap]
>   .data
>   [partial page gap]
>   .data
> 
> When we supply the .o files to the linker in random order, their text
> segments are placed in that random order.  The .rodata/.data/.bss for
> each of those is also placed in the same order into their respective
> sections.
> 
> Once the system is booted, we unmap the locore.o bring-up code and the
> first few pages of gap.  (Cannot be too early, must be after "codepatch")
> 
> This bootcode is at a known location in KVA space.  At known offsets
> within this .o text object, there are pointers to other .o in
> particular to main().  By unmapping this bootcode, the addresses of
> gadgets in the remaining objects become unknown.  Due to randomization
> are not known.  There is no text-segment knowledge anymore about where
> these objects are.  Obviously some leakage of KVA addresses occurs,
> and cleanup will need to continue to ASLR more of those objects.
> 
> There are a few mitigation strategies against BROP attack methodology.
> One can be summarized as "never reuse an address space".  If a freshly
> linked kernel of this type was booted each time, we would be well on
> the way to satisfying that.  Then other migitations efforts come into
> play.
> 
> I've booted around 100 amd64 kernels, that is fairly well tested.  i386
> hasn't been tested as well yet.

Here is an updated version of the diff.

Index: sys/conf/makegap.sh
===
RCS file: sys/conf/makegap.sh
diff -N sys/conf/makegap.sh
--- /dev/null   1 Jan 1970 00:00:00 -
+++ sys/conf/makegap.sh 30 May 2017 12:46:19 -
@@ -0,0 +1,32 @@
+#!/bin/sh -
+
+PADBYTE=$1
+
+cat << __EOF__
+#include 
+#include 
+
+   .text
+   .align  PAGE_SIZE, $PADBYTE
+   .space  $RANDOM, $PADBYTE
+   .align  PAGE_SIZE, $PADBYTE
+
+   .globl  endboot
+_C_LABEL(endboot):
+   .space  PAGE_SIZE, $PADBYTE
+   .space  $RANDOM % PAGE_SIZE,  $PADBYTE
+   .align  16, $PADBYTE
+
+   /*
+* Randomly bias future data, bss, and rodata objects,
+* does not help for objects in locore.S though
+ */
+   .data
+   .space  $RANDOM % PAGE_SIZE, $PADBYTE
+
+   .bss
+   .space  $RANDOM % PAGE_SIZE, $PADBYTE
+
+   .section .rodata
+   .space  $RANDOM % PAGE_SIZE, $PADBYTE
+__EOF__
Index: sys/arch/amd64/amd64/autoconf.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/autoconf.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 autoconf.c
--- sys/arch/amd64/amd64/autoconf.c 8 Jun 2016 17:24:44 -   1.47
+++ sys/arch/amd64/amd64/autoconf.c 30 May 2017 12:48:46 -
@@ -59,6 +59,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -105,6 +106,18 @@ void   aesni_setup(void);
 extern int amd64_has_aesni;
 #endif
 
+void
+unmap_startup(void)
+{
+   extern void *kernel_text, *endboot;
+   vaddr_t p = (vaddr_t)_text;
+
+   do {
+   pmap_kremove(p, PAGE_SIZE);
+   p += PAGE_SIZE;
+   } while (p < (vaddr_t));
+}
+
 /*
  * Determine i/o configuration for a machine.
  */
@@ -122,6 +135,8 @@ cpu_configure(void)
lapic_set_lvt();
ioapic_enable();
 #endif
+
+   unmap_startup();
 
 #ifdef MULTIPROCESSOR
cpu_init_idle_pcbs();
Index: sys/arch/amd64/amd64/locore.S
===
RCS file: /cvs/src/sys/arch/amd64/amd64/locore.S,v
retrieving revision 1.84
diff -u -p -u -r1.84 locore.S
--- sys/arch/amd64/amd64/locore.S   6 Feb 2017 09:15:51 -   1.84
+++ sys/arch/amd64/amd64/locore.S   30 May 2017 12:51:20 -
@@ -140,11 +140,6 @@
 #define SET_CURPCB(reg)movqreg,CPUVAR(CURPCB)
 
 
-/* XXX temporary kluge; these should not be here */
-/* Get definitions for IOM_BEGIN, IOM_END, and IOM_SIZE */
-#include 
-
-
 /*
  * Initialization
  */
@@ -230,524 +225,11 @@ gdt64_start:
.quad 0x00cf9200/* kernel DS */
 gdt64_end:
 
-farjmp64:
-   .long   

Re: Unlock IP forwarding paths

[Alexander Bluhm]

On Tue, May 30, 2017 at 11:48:50AM +0200, Martin Pieuchot wrote:
> Updated diff below.

OK bluhm@

> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.502
> diff -u -p -r1.502 if.c
> --- net/if.c  30 May 2017 07:50:37 -  1.502
> +++ net/if.c  30 May 2017 08:24:30 -
> @@ -874,7 +874,10 @@ if_input_process(void *xifidx)
>   struct ifnet *ifp;
>   struct ifih *ifih;
>   struct srp_ref sr;
> - int s;
> + int s, s2;
> +#ifdef IPSEC
> + int locked = 0;
> +#endif /* IPSEC */
>  
>   ifp = if_get(ifidx);
>   if (ifp == NULL)
> @@ -887,6 +890,32 @@ if_input_process(void *xifidx)
>   if (!ISSET(ifp->if_xflags, IFXF_CLONED))
>   add_net_randomness(ml_len());
>  
> +#ifdef IPSEC
> + /*
> +  * IPsec is not ready to run without KERNEL_LOCK().  So all
> +  * the traffic on your machine is punished if you have IPsec
> +  * enabled.
> +  */
> + extern int ipsec_in_use;
> + if (ipsec_in_use) {
> + KERNEL_LOCK();
> + locked = 1;
> + }
> +#endif /* IPSEC */
> +
> + /*
> +  * We grab the NET_LOCK() before processing any packet to
> +  * ensure there's no contention on the routing table lock.
> +  *
> +  * Without it we could race with a userland thread to insert
> +  * a L2 entry in ip{6,}_output().  Such race would result in
> +  * one of the threads sleeping *inside* the IP output path.
> +  *
> +  * Since we have a NET_LOCK() we also use it to serialize access
> +  * to PF globals, pipex globals, unicast and multicast addresses
> +  * lists.
> +  */
> + NET_LOCK(s2);
>   s = splnet();
>   while ((m = ml_dequeue()) != NULL) {
>   /*
> @@ -903,7 +932,12 @@ if_input_process(void *xifidx)
>   m_freem(m);
>   }
>   splx(s);
> + NET_UNLOCK(s2);
>  
> +#ifdef IPSEC
> + if (locked)
> + KERNEL_UNLOCK();
> +#endif /* IPSEC */
>  out:
>   if_put(ifp);
>  }
> Index: net/if_ethersubr.c
> ===
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.245
> diff -u -p -r1.245 if_ethersubr.c
> --- net/if_ethersubr.c30 May 2017 07:50:37 -  1.245
> +++ net/if_ethersubr.c30 May 2017 08:02:13 -
> @@ -416,15 +416,11 @@ decapsulate:
>  #ifdef PIPEX
>   if (pipex_enable) {
>   struct pipex_session *session;
> - int s;
>  
> - NET_LOCK(s);
>   if ((session = pipex_pppoe_lookup_session(m)) != NULL) {
>   pipex_pppoe_input(m, session);
> - NET_UNLOCK(s);
>   return (1);
>   }
> - NET_UNLOCK(s);
>   }
>  #endif
>   if (etype == ETHERTYPE_PPPOEDISC)
> Index: netinet/ip_input.c
> ===
> RCS file: /cvs/src/sys/netinet/ip_input.c,v
> retrieving revision 1.308
> diff -u -p -r1.308 ip_input.c
> --- netinet/ip_input.c30 May 2017 07:50:37 -  1.308
> +++ netinet/ip_input.c30 May 2017 09:44:53 -
> @@ -127,6 +127,7 @@ int ip_sysctl_ipstat(void *, size_t *, v
>  static struct mbuf_queue ipsend_mq;
>  
>  void ip_ours(struct mbuf *);
> +void ip_local(struct mbuf *);
>  int  ip_dooptions(struct mbuf *, struct ifnet *);
>  int  in_ouraddr(struct mbuf *, struct ifnet *, struct rtentry **);
>  
> @@ -207,27 +208,31 @@ ip_init(void)
>   mq_init(_mq, 64, IPL_SOFTNET);
>  }
>  
> +/*
> + * Enqueue packet for local delivery.  Queuing is used as a boundary
> + * between the network layer (input/forward path) running without
> + * KERNEL_LOCK() and the transport layer still needing it.
> + */
>  void
> -ipv4_input(struct ifnet *ifp, struct mbuf *m)
> +ip_ours(struct mbuf *m)
>  {
>   niq_enqueue(, m);
>  }
>  
> +/*
> + * Dequeue and process locally delivered packets.
> + */
>  void
>  ipintr(void)
>  {
>   struct mbuf *m;
>  
> - /*
> -  * Get next datagram off input queue and get IP header
> -  * in first mbuf.
> -  */
>   while ((m = niq_dequeue()) != NULL) {
> -#ifdef   DIAGNOSTIC
> +#ifdef DIAGNOSTIC
>   if ((m->m_flags & M_PKTHDR) == 0)
>   panic("ipintr no HDR");
>  #endif
> - ip_input(m);
> + ip_local(m);
>   }
>  }
>  
> @@ -237,18 +242,13 @@ ipintr(void)
>   * Checksum and byte swap header.  Process options. Forward or deliver.
>   */
>  void
> -ip_input(struct mbuf *m)
> +ipv4_input(struct ifnet *ifp, struct mbuf *m)
>  {
> - struct ifnet*ifp;
>   struct rtentry  *rt = NULL;
>   struct ip   *ip;
>   int hlen, len;
>   in_addr_t pfrdr = 0;
>  
> - ifp = 

Re: Properly serialize pflow's sc_outputqueue

[Visa Hankala]

On Wed, May 31, 2017 at 01:52:31AM +1000, Jonathan Matthew wrote:
> On Tue, May 30, 2017 at 01:04:07PM +, Visa Hankala wrote:
> > Index: net/if_pflow.c
> > ===
> > RCS file: src/sys/net/if_pflow.c,v
> > retrieving revision 1.78
> > diff -u -p -r1.78 if_pflow.c
> > --- net/if_pflow.c  27 May 2017 21:44:22 -  1.78
> > +++ net/if_pflow.c  30 May 2017 12:40:26 -
> > @@ -132,7 +132,7 @@ pflow_output_process(void *arg)
> > struct mbuf *m;
> >  
> > KERNEL_LOCK();
> > -   while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
> > +   while ((m = mq_dequeue(>sc_outputqueue)) != NULL) {
> > pflow_sendout_mbuf(sc, m);
> > }
> > KERNEL_UNLOCK();
> 
> I'd suggest using mq_delist here rather than dequeueing each mbuf
> individually, so you only take the mbuf_queue mutex once per call.

Right. Updated patch below.

Index: net/if_pflow.c
===
RCS file: src/sys/net/if_pflow.c,v
retrieving revision 1.78
diff -u -p -r1.78 if_pflow.c
--- net/if_pflow.c  27 May 2017 21:44:22 -  1.78
+++ net/if_pflow.c  30 May 2017 15:57:44 -
@@ -128,11 +128,13 @@ pflow_output(struct ifnet *ifp, struct m
 void
 pflow_output_process(void *arg)
 {
+   struct mbuf_list ml;
struct pflow_softc *sc = arg;
struct mbuf *m;
 
+   mq_delist(>sc_outputqueue, );
KERNEL_LOCK();
-   while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
+   while ((m = ml_dequeue()) != NULL) {
pflow_sendout_mbuf(sc, m);
}
KERNEL_UNLOCK();
@@ -256,7 +258,7 @@ pflow_clone_create(struct if_clone *ifc,
ifp->if_hdrlen = PFLOW_HDRLEN;
ifp->if_flags = IFF_UP;
ifp->if_flags &= ~IFF_RUNNING;  /* not running, need receiver */
-   ml_init(>sc_outputqueue);
+   mq_init(>sc_outputqueue, 8192, IPL_SOFTNET);
pflow_setmtu(pflowif, ETHERMTU);
pflow_init_timeouts(pflowif);
if_attach(ifp);
@@ -288,7 +290,7 @@ pflow_clone_destroy(struct ifnet *ifp)
timeout_del(>sc_tmo_tmpl);
pflow_flush(sc);
task_del(softnettq, >sc_outputtask);
-   ml_purge(>sc_outputqueue);
+   mq_purge(>sc_outputqueue);
m_freem(sc->send_nam);
if (sc->so != NULL) {
error = soclose(sc->so);
@@ -1089,8 +1091,8 @@ pflow_sendout_v5(struct pflow_softc *sc)
getnanotime();
h->time_sec = htonl(tv.tv_sec); /* XXX 2038 */
h->time_nanosec = htonl(tv.tv_nsec);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
@@ -1151,8 +1153,8 @@ pflow_sendout_ipfix(struct pflow_softc *
h10->flow_sequence = htonl(sc->sc_sequence);
sc->sc_sequence += count;
h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
@@ -1193,8 +1195,8 @@ pflow_sendout_ipfix_tmpl(struct pflow_so
h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
 
timeout_add_sec(>sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
Index: net/if_pflow.h
===
RCS file: src/sys/net/if_pflow.h,v
retrieving revision 1.16
diff -u -p -r1.16 if_pflow.h
--- net/if_pflow.h  27 May 2017 21:06:06 -  1.16
+++ net/if_pflow.h  30 May 2017 15:57:44 -
@@ -184,7 +184,7 @@ struct pflow_softc {
struct timeout   sc_tmo;
struct timeout   sc_tmo6;
struct timeout   sc_tmo_tmpl;
-   struct mbuf_list sc_outputqueue;
+   struct mbuf_queuesc_outputqueue;
struct task  sc_outputtask;
struct socket   *so;
struct mbuf *send_nam;

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

[Job Snijders]

On Sun, May 28, 2017 at 10:52:24PM +0200, Sebastian Benoit wrote:
> which makes me think:
> would a global local-address be good enough?

Attached is a patch that allows you to specify the source for outgoing
queries, as a global option. Example ntpd.conf:

query from 165.254.255.33
query from 2001:728:1808::26
servers ntp.ring.nlnog.net

I have a number of remarks myself:

- unsure about the bzero() in parse_config()

- should we check 2+ declarations of 'query from', or just use the
  last one like this patch does now, (we don't check for duplicate
  'weight' etc either)

- the ipv4 / ipv6 approach with 'struct dual_addr' seems clumsy, is
  this what life is like in an ipv4 + ipv6 world? Any suggestions
  how to improve?

Kind regards,

Job

---
 src/usr.sbin/ntpd/client.c| 13 +
 src/usr.sbin/ntpd/ntp.c   |  1 +
 src/usr.sbin/ntpd/ntpd.conf.5 |  8 
 src/usr.sbin/ntpd/ntpd.h  |  7 +++
 src/usr.sbin/ntpd/parse.y | 31 ++-
 5 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c
index ddbb1281..7d921dcf 100644
--- a/src/usr.sbin/ntpd/client.c
+++ b/src/usr.sbin/ntpd/client.c
@@ -137,11 +137,24 @@ client_query(struct ntp_peer *p)
 
if (p->query->fd == -1) {
struct sockaddr *sa = (struct sockaddr *)>addr->ss;
+   struct sockaddr *qa4 = (struct sockaddr *)>query_addr.v4;
+   struct sockaddr *qa6 = (struct sockaddr *)>query_addr.v6;
 
if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM,
0)) == -1)
fatal("client_query socket");
 
+   if (p->addr->ss.ss_family == qa4->sa_family) {
+   if (bind(p->query->fd, qa4, SA_LEN(qa4)) == -1)
+   fatal("couldn't bind to IPv4 query address: %s",
+   log_sockaddr(qa4));
+   }
+   else if (p->addr->ss.ss_family == qa6->sa_family) {
+   if (bind(p->query->fd, qa6, SA_LEN(qa6)) == -1)
+   fatal("couldn't bind to IPv6 query address: %s",
+   log_sockaddr(qa6));
+   }
+
if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
if (errno == ECONNREFUSED || errno == ENETUNREACH ||
errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
index f3366640..b0f80294 100644
--- a/src/usr.sbin/ntpd/ntp.c
+++ b/src/usr.sbin/ntpd/ntp.c
@@ -521,6 +521,7 @@ ntp_dispatch_imsg_dns(void)
if (peer->addr_head.pool) {
npeer = new_peer();
npeer->weight = peer->weight;
+   npeer->query_addr = peer->query_addr;
h->next = NULL;
npeer->addr = h;
npeer->addr_head.a = h;
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index 6e4e0012..b8f03b22 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -67,6 +67,14 @@ or
 listen on 127.0.0.1
 listen on ::1
 listen on 127.0.0.1 rtable 4
+.It Xo Ic source from Ar address
+.Xc
+Specify a Local IP address the
+.Xr ntpd 8
+daemon should use for outgoing queries.
+.Bd -literal -offset indent
+query from 10.0.0.1
+query from 2001:db8::1
 .Ed
 .It Xo Ic sensor Ar device
 .Op Ic correction Ar microseconds
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index 613b29b2..ded2948a 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -106,6 +106,11 @@ struct listen_addr {
int  rtable;
 };
 
+struct dual_addr {
+   struct sockaddr_storage v4;
+   struct sockaddr_storage v6;
+};
+
 struct ntp_addr {
struct ntp_addr *next;
struct sockaddr_storage  ss;
@@ -153,6 +158,7 @@ struct ntp_peer {
struct ntp_query*query;
struct ntp_offsetreply[OFFSET_ARRAY_SIZE];
struct ntp_offsetupdate;
+   struct dual_addr query_addr;
enum client_statestate;
time_t   next;
time_t   deadline;
@@ -219,6 +225,7 @@ struct ntpd_conf {
TAILQ_HEAD(constraints, constraint) constraints;
struct ntp_status   status;
struct ntp_freq freq;
+   struct dual_addrquery_addr;
u_int32_t   scale;
int 

Re: Properly serialize pflow's sc_outputqueue

[Jonathan Matthew]

On Tue, May 30, 2017 at 01:04:07PM +, Visa Hankala wrote:
> On Mon, May 29, 2017 at 03:33:35PM +, Visa Hankala wrote:
> > Currently, access to pflow's sc_outputqueue is not serialized properly.
> > The producer has the NET_LOCK(), while the consumer does not.
> > mpi@ suggested using mbuf_queue to solve the issue.
> 
> mpi@ commented that the pflow output task should be scheduled only
> if mq_enqueue succeeds.
> 
> Another issue is that mbuf_queue has a size limit. If a lot of flows
> get exported at once, the queue might become full, dropping pflow data.
> To make this less likely, I tweaked the limit from 256 (IFQ_MAXLEN) to
> 8192. Of course, packet loss can happen in many other places as well.
> 
> Updated patch below. OK?
> 
> Index: net/if_pflow.c
> ===
> RCS file: src/sys/net/if_pflow.c,v
> retrieving revision 1.78
> diff -u -p -r1.78 if_pflow.c
> --- net/if_pflow.c27 May 2017 21:44:22 -  1.78
> +++ net/if_pflow.c30 May 2017 12:40:26 -
> @@ -132,7 +132,7 @@ pflow_output_process(void *arg)
>   struct mbuf *m;
>  
>   KERNEL_LOCK();
> - while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
> + while ((m = mq_dequeue(>sc_outputqueue)) != NULL) {
>   pflow_sendout_mbuf(sc, m);
>   }
>   KERNEL_UNLOCK();

I'd suggest using mq_delist here rather than dequeueing each mbuf individually,
so you only take the mbuf_queue mutex once per call.

Re: Properly serialize pflow's sc_outputqueue

[Martin Pieuchot]

On 30/05/17(Tue) 13:04, Visa Hankala wrote:
> On Mon, May 29, 2017 at 03:33:35PM +, Visa Hankala wrote:
> > Currently, access to pflow's sc_outputqueue is not serialized properly.
> > The producer has the NET_LOCK(), while the consumer does not.
> > mpi@ suggested using mbuf_queue to solve the issue.
> 
> mpi@ commented that the pflow output task should be scheduled only
> if mq_enqueue succeeds.
> 
> Another issue is that mbuf_queue has a size limit. If a lot of flows
> get exported at once, the queue might become full, dropping pflow data.
> To make this less likely, I tweaked the limit from 256 (IFQ_MAXLEN) to
> 8192. Of course, packet loss can happen in many other places as well.

Maybe a smaller number with a counter would be better?  Anyway this can
be done in a second step.  ok mpi@

> Index: net/if_pflow.c
> ===
> RCS file: src/sys/net/if_pflow.c,v
> retrieving revision 1.78
> diff -u -p -r1.78 if_pflow.c
> --- net/if_pflow.c27 May 2017 21:44:22 -  1.78
> +++ net/if_pflow.c30 May 2017 12:40:26 -
> @@ -132,7 +132,7 @@ pflow_output_process(void *arg)
>   struct mbuf *m;
>  
>   KERNEL_LOCK();
> - while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
> + while ((m = mq_dequeue(>sc_outputqueue)) != NULL) {
>   pflow_sendout_mbuf(sc, m);
>   }
>   KERNEL_UNLOCK();
> @@ -256,7 +256,7 @@ pflow_clone_create(struct if_clone *ifc,
>   ifp->if_hdrlen = PFLOW_HDRLEN;
>   ifp->if_flags = IFF_UP;
>   ifp->if_flags &= ~IFF_RUNNING;  /* not running, need receiver */
> - ml_init(>sc_outputqueue);
> + mq_init(>sc_outputqueue, 8192, IPL_SOFTNET);
>   pflow_setmtu(pflowif, ETHERMTU);
>   pflow_init_timeouts(pflowif);
>   if_attach(ifp);
> @@ -288,7 +288,7 @@ pflow_clone_destroy(struct ifnet *ifp)
>   timeout_del(>sc_tmo_tmpl);
>   pflow_flush(sc);
>   task_del(softnettq, >sc_outputtask);
> - ml_purge(>sc_outputqueue);
> + mq_purge(>sc_outputqueue);
>   m_freem(sc->send_nam);
>   if (sc->so != NULL) {
>   error = soclose(sc->so);
> @@ -1089,8 +1089,8 @@ pflow_sendout_v5(struct pflow_softc *sc)
>   getnanotime();
>   h->time_sec = htonl(tv.tv_sec); /* XXX 2038 */
>   h->time_nanosec = htonl(tv.tv_nsec);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> @@ -1151,8 +1151,8 @@ pflow_sendout_ipfix(struct pflow_softc *
>   h10->flow_sequence = htonl(sc->sc_sequence);
>   sc->sc_sequence += count;
>   h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> @@ -1193,8 +1193,8 @@ pflow_sendout_ipfix_tmpl(struct pflow_so
>   h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
>  
>   timeout_add_sec(>sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT);
> - ml_enqueue(>sc_outputqueue, m);
> - task_add(softnettq, >sc_outputtask);
> + if (mq_enqueue(>sc_outputqueue, m) == 0)
> + task_add(softnettq, >sc_outputtask);
>   return (0);
>  }
>  
> Index: net/if_pflow.h
> ===
> RCS file: src/sys/net/if_pflow.h,v
> retrieving revision 1.16
> diff -u -p -r1.16 if_pflow.h
> --- net/if_pflow.h27 May 2017 21:06:06 -  1.16
> +++ net/if_pflow.h30 May 2017 12:40:26 -
> @@ -184,7 +184,7 @@ struct pflow_softc {
>   struct timeout   sc_tmo;
>   struct timeout   sc_tmo6;
>   struct timeout   sc_tmo_tmpl;
> - struct mbuf_list sc_outputqueue;
> + struct mbuf_queuesc_outputqueue;
>   struct task  sc_outputtask;
>   struct socket   *so;
>   struct mbuf *send_nam;
> 

id -R: getrtable

[Sebastian Benoit]

add option -R for printing the routing table id is running under

ok?

diff --git usr.bin/id/id.1 usr.bin/id/id.1
index 35728ee53ee..c5727927bc6 100644
--- usr.bin/id/id.1
+++ usr.bin/id/id.1
@@ -55,6 +55,8 @@
 .Fl p
 .Op Ar user
 .Nm id
+.Fl R
+.Nm id
 .Fl u Op Fl nr
 .Op Ar user
 .Sh DESCRIPTION
@@ -115,6 +117,10 @@ If there is a login class specified for the user in the
 database, it is displayed, preceded by the keyword
 .Dq class .
 Each display is on a separate line.
+.It Fl R
+Display the default routing table of the
+.Nm
+process.
 .It Fl r
 Display the real ID for the
 .Fl g
diff --git usr.bin/id/id.c usr.bin/id/id.c
index ba107339794..139be7a7522 100644
--- usr.bin/id/id.c
+++ usr.bin/id/id.c
@@ -29,6 +29,9 @@
  * SUCH DAMAGE.
  */
 
+#include 
+#include 
+
 #include 
 #include 
 #include 
@@ -47,13 +50,14 @@ voidusage(void);
 void   user(struct passwd *);
 struct passwd *
who(char *);
+void   rdomain(void);
 
 int
 main(int argc, char *argv[])
 {
struct group *gr;
struct passwd *pw;
-   int ch, cflag, Gflag, gflag, nflag, pflag, rflag, uflag;
+   int ch, cflag, Gflag, gflag, nflag, pflag, Rflag, rflag, uflag;
uid_t uid;
gid_t gid;
const char *opts;
@@ -61,7 +65,7 @@ main(int argc, char *argv[])
if (pledge("stdio getpw", NULL) == -1)
err(1, "pledge");
 
-   cflag = Gflag = gflag = nflag = pflag = rflag = uflag = 0;
+   cflag = Gflag = gflag = nflag = pflag = Rflag = rflag = uflag = 0;
 
if (strcmp(getprogname(), "groups") == 0) {
Gflag = 1;
@@ -76,7 +80,7 @@ main(int argc, char *argv[])
if (argc > 1)
usage();
} else
-   opts = "cGgnpru";
+   opts = "cGgnpRru";
 
while ((ch = getopt(argc, argv, opts)) != -1)
switch(ch) {
@@ -95,6 +99,9 @@ main(int argc, char *argv[])
case 'p':
pflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -157,6 +164,11 @@ main(int argc, char *argv[])
exit(0);
}
 
+   if (Rflag) {
+   rdomain();
+   exit(0);
+   }
+
if (pflag) {
pretty(pw);
exit(0);
@@ -338,6 +350,12 @@ who(char *u)
 }
 
 void
+rdomain(void)
+{
+   (void)printf("%d\n", getrtable());
+}
+
+void
 usage(void)
 {
if (strcmp(getprogname(), "groups") == 0) {
@@ -350,6 +368,7 @@ usage(void)
(void)fprintf(stderr, "   id -G [-n] [user]\n");
(void)fprintf(stderr, "   id -g [-nr] [user]\n");
(void)fprintf(stderr, "   id -p [user]\n");
+   (void)fprintf(stderr, "   id -R\n");
(void)fprintf(stderr, "   id -u [-nr] [user]\n");
}
exit(1);

Re: id -R routing domain

[Theo de Raadt]

Looks good to me, after kern_pledge.c allows getrtable for "stdio"

Then the sneaky 0 can go away.

Index: kern_pledge.c
===
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.209
diff -u -p -u -r1.209 kern_pledge.c
--- kern_pledge.c   21 May 2017 13:00:53 -  1.209
+++ kern_pledge.c   30 May 2017 14:57:45 -
@@ -129,6 +129,7 @@ const uint64_t pledge_syscalls[SYS_MAXSY
[SYS_getsid] = PLEDGE_STDIO,
[SYS_getthrid] = PLEDGE_STDIO,
[SYS_getrlimit] = PLEDGE_STDIO,
+   [SYS_getrtable] = PLEDGE_STDIO,
[SYS_gettimeofday] = PLEDGE_STDIO,
[SYS_getdtablecount] = PLEDGE_STDIO,
[SYS_getrusage] = PLEDGE_STDIO,

id -R routing domain

[Ted Unangst]

make it easy to find out which rdomain a shell is in. id -R.

one small problem is that pledge doesn't permit getrtable().

Index: id.1
===
RCS file: /cvs/src/usr.bin/id/id.1,v
retrieving revision 1.18
diff -u -p -r1.18 id.1
--- id.119 May 2015 16:03:19 -  1.18
+++ id.130 May 2017 14:54:27 -
@@ -57,6 +57,8 @@
 .Nm id
 .Fl u Op Fl nr
 .Op Ar user
+.Nm id
+.Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -115,6 +117,8 @@ If there is a login class specified for 
 database, it is displayed, preceded by the keyword
 .Dq class .
 Each display is on a separate line.
+.It Fl R
+Display the routing table of the current process.
 .It Fl r
 Display the real ID for the
 .Fl g
@@ -137,7 +141,7 @@ utility is compliant with the
 specification.
 .Pp
 The flags
-.Op Fl cp
+.Op Fl cpR
 are extensions to that specification.
 .Sh HISTORY
 The
Index: id.c
===
RCS file: /cvs/src/usr.bin/id/id.c,v
retrieving revision 1.26
diff -u -p -r1.26 id.c
--- id.c9 Oct 2015 01:37:07 -   1.26
+++ id.c30 May 2017 14:52:52 -
@@ -29,6 +29,9 @@
  * SUCH DAMAGE.
  */
 
+#include 
+#include  /* because getrtable() lives here */
+
 #include 
 #include 
 #include 
@@ -53,15 +56,15 @@ main(int argc, char *argv[])
 {
struct group *gr;
struct passwd *pw;
-   int ch, cflag, Gflag, gflag, nflag, pflag, rflag, uflag;
+   int ch, cflag, Gflag, gflag, nflag, pflag, Rflag, rflag, uflag;
uid_t uid;
gid_t gid;
const char *opts;
 
-   if (pledge("stdio getpw", NULL) == -1)
+   if (0 && pledge("stdio getpw", NULL) == -1)
err(1, "pledge");
 
-   cflag = Gflag = gflag = nflag = pflag = rflag = uflag = 0;
+   cflag = Gflag = gflag = nflag = pflag = Rflag = rflag = uflag = 0;
 
if (strcmp(getprogname(), "groups") == 0) {
Gflag = 1;
@@ -76,7 +79,7 @@ main(int argc, char *argv[])
if (argc > 1)
usage();
} else
-   opts = "cGgnpru";
+   opts = "cGgnpRru";
 
while ((ch = getopt(argc, argv, opts)) != -1)
switch(ch) {
@@ -95,6 +98,9 @@ main(int argc, char *argv[])
case 'p':
pflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -108,7 +114,7 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
 
-   switch (cflag + Gflag + gflag + pflag + uflag) {
+   switch (cflag + Gflag + gflag + pflag + Rflag + uflag) {
case 1:
break;
case 0:
@@ -121,6 +127,11 @@ main(int argc, char *argv[])
 
if (strcmp(opts, "") != 0 && argc > 1)
usage();
+
+   if (Rflag) {
+   printf("%d\n", getrtable());
+   exit(0);
+   }
 
pw = *argv ? who(*argv) : NULL;
 

Re: Fix some w(1) warnings, remove bin/ps/fmt.c

[Ted Unangst]

Ingo Schwarze wrote:
> Hi,
> 
> Brian Callahan wrote on Mon, May 29, 2017 at 04:47:42PM -0400:
> 
> > [...] functions fmt_putc and fmt_puts.
> > w(1) is doing a reacharound to ps(1) for these functions.
> > [...]
> > A grep of the tree shows that the only place these two functions
> > are used is in usr.bin/w/w.c so I put them in there and made them
> > static. This lets us finally remove bin/ps/fmt.c since ps(1) was
> > upgraded by Ingo to be utf8.
> 
> I like that.  Less reacharound is good.
> 
> Any OK?

yes ok

Re: Fix some w(1) warnings, remove bin/ps/fmt.c

[Ingo Schwarze]

Hi,

Brian Callahan wrote on Mon, May 29, 2017 at 04:47:42PM -0400:

> [...] functions fmt_putc and fmt_puts.
> w(1) is doing a reacharound to ps(1) for these functions.
> [...]
> A grep of the tree shows that the only place these two functions
> are used is in usr.bin/w/w.c so I put them in there and made them
> static. This lets us finally remove bin/ps/fmt.c since ps(1) was
> upgraded by Ingo to be utf8.

I like that.  Less reacharound is good.

Any OK?

It survived "make build" and "make release".

Yours,
  Ingo


((Boy, clang does suffer a bit from vanity, judging from the time
it spends in front of the mirror watching itself build, now doesn't
it?))


> Index: bin/ps/fmt.c
> ===
> RCS file: bin/ps/fmt.c
> diff -N bin/ps/fmt.c
> --- bin/ps/fmt.c  10 Jan 2016 21:08:01 -  1.15
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,82 +0,0 @@
> -/*   $OpenBSD: fmt.c,v 1.15 2016/01/10 21:08:01 schwarze Exp $   */
> -
> -/*-
> - * Copyright (c) 1990, 1993, 1994
> - *   The Regents of the University of California.  All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - * 1. Redistributions of source code must retain the above copyright
> - *notice, this list of conditions and the following disclaimer.
> - * 2. Redistributions in binary form must reproduce the above copyright
> - *notice, this list of conditions and the following disclaimer in the
> - *documentation and/or other materials provided with the distribution.
> - * 3. Neither the name of the University nor the names of its contributors
> - *may be used to endorse or promote products derived from this software
> - *without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
> - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> - * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
> - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> - * SUCH DAMAGE.
> - */
> -
> -#include 
> -#include 
> -#include 
> -#include 
> -#include 
> -#include 
> -#include 
> -#include "ps.h"
> -
> -void
> -fmt_puts(const char *s, int *leftp)
> -{
> - static char *v = NULL;
> - static size_t maxlen = 0;
> - size_t len;
> -
> - if (*leftp == 0)
> - return;
> - len = strlen(s) * 4 + 1;
> - if (len > maxlen) {
> - free(v);
> - maxlen = 0;
> - if (len < getpagesize())
> - len = getpagesize();
> - v = malloc(len);
> - if (v == NULL)
> - return;
> - maxlen = len;
> - }
> - strvis(v, s, VIS_TAB | VIS_NL | VIS_CSTYLE);
> - if (*leftp != -1) {
> - len = strlen(v);
> - if (len > *leftp) {
> - v[*leftp] = '\0';
> - *leftp = 0;
> - } else
> - *leftp -= len;
> - }
> - printf("%s", v);
> -}
> -
> -void
> -fmt_putc(int c, int *leftp)
> -{
> -
> - if (*leftp == 0)
> - return;
> - if (*leftp != -1)
> - *leftp -= 1;
> - putchar(c);
> -}
> Index: usr.bin/w/Makefile
> ===
> RCS file: /cvs/src/usr.bin/w/Makefile,v
> retrieving revision 1.7
> diff -u -p -u -p -r1.7 Makefile
> --- usr.bin/w/Makefile16 Jul 2014 20:06:27 -  1.7
> +++ usr.bin/w/Makefile29 May 2017 20:33:35 -
> @@ -1,12 +1,10 @@
>  #$OpenBSD: Makefile,v 1.7 2014/07/16 20:06:27 okan Exp $
>  
>  PROG=w
> -SRCS=fmt.c pr_time.c proc_compare.c w.c
> +SRCS=pr_time.c proc_compare.c w.c
>  MAN= w.1 uptime.1
>  DPADD=   ${LIBKVM}
>  LDADD=   -lkvm
>  LINKS=   ${BINDIR}/w ${BINDIR}/uptime
> -
> -.PATH: ${.CURDIR}/../../bin/ps
>  
>  .include 
> Index: usr.bin/w/extern.h
> ===
> RCS file: /cvs/src/usr.bin/w/extern.h,v
> retrieving revision 1.9
> diff -u -p -u -p -r1.9 extern.h
> --- usr.bin/w/extern.h15 Mar 2015 00:41:28 -  1.9
> +++ usr.bin/w/extern.h29 May 2017 20:33:35 -
> @@ -32,8 +32,6 @@
>   */
>  
>  struct kinfo_proc;
> -void fmt_puts(const char *, int *);
> -void fmt_putc(int, int *);
>  

Re: Properly serialize pflow's sc_outputqueue

[Visa Hankala]

On Mon, May 29, 2017 at 03:33:35PM +, Visa Hankala wrote:
> Currently, access to pflow's sc_outputqueue is not serialized properly.
> The producer has the NET_LOCK(), while the consumer does not.
> mpi@ suggested using mbuf_queue to solve the issue.

mpi@ commented that the pflow output task should be scheduled only
if mq_enqueue succeeds.

Another issue is that mbuf_queue has a size limit. If a lot of flows
get exported at once, the queue might become full, dropping pflow data.
To make this less likely, I tweaked the limit from 256 (IFQ_MAXLEN) to
8192. Of course, packet loss can happen in many other places as well.

Updated patch below. OK?

Index: net/if_pflow.c
===
RCS file: src/sys/net/if_pflow.c,v
retrieving revision 1.78
diff -u -p -r1.78 if_pflow.c
--- net/if_pflow.c  27 May 2017 21:44:22 -  1.78
+++ net/if_pflow.c  30 May 2017 12:40:26 -
@@ -132,7 +132,7 @@ pflow_output_process(void *arg)
struct mbuf *m;
 
KERNEL_LOCK();
-   while ((m = ml_dequeue(>sc_outputqueue)) != NULL) {
+   while ((m = mq_dequeue(>sc_outputqueue)) != NULL) {
pflow_sendout_mbuf(sc, m);
}
KERNEL_UNLOCK();
@@ -256,7 +256,7 @@ pflow_clone_create(struct if_clone *ifc,
ifp->if_hdrlen = PFLOW_HDRLEN;
ifp->if_flags = IFF_UP;
ifp->if_flags &= ~IFF_RUNNING;  /* not running, need receiver */
-   ml_init(>sc_outputqueue);
+   mq_init(>sc_outputqueue, 8192, IPL_SOFTNET);
pflow_setmtu(pflowif, ETHERMTU);
pflow_init_timeouts(pflowif);
if_attach(ifp);
@@ -288,7 +288,7 @@ pflow_clone_destroy(struct ifnet *ifp)
timeout_del(>sc_tmo_tmpl);
pflow_flush(sc);
task_del(softnettq, >sc_outputtask);
-   ml_purge(>sc_outputqueue);
+   mq_purge(>sc_outputqueue);
m_freem(sc->send_nam);
if (sc->so != NULL) {
error = soclose(sc->so);
@@ -1089,8 +1089,8 @@ pflow_sendout_v5(struct pflow_softc *sc)
getnanotime();
h->time_sec = htonl(tv.tv_sec); /* XXX 2038 */
h->time_nanosec = htonl(tv.tv_nsec);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
@@ -1151,8 +1151,8 @@ pflow_sendout_ipfix(struct pflow_softc *
h10->flow_sequence = htonl(sc->sc_sequence);
sc->sc_sequence += count;
h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
@@ -1193,8 +1193,8 @@ pflow_sendout_ipfix_tmpl(struct pflow_so
h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
 
timeout_add_sec(>sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT);
-   ml_enqueue(>sc_outputqueue, m);
-   task_add(softnettq, >sc_outputtask);
+   if (mq_enqueue(>sc_outputqueue, m) == 0)
+   task_add(softnettq, >sc_outputtask);
return (0);
 }
 
Index: net/if_pflow.h
===
RCS file: src/sys/net/if_pflow.h,v
retrieving revision 1.16
diff -u -p -r1.16 if_pflow.h
--- net/if_pflow.h  27 May 2017 21:06:06 -  1.16
+++ net/if_pflow.h  30 May 2017 12:40:26 -
@@ -184,7 +184,7 @@ struct pflow_softc {
struct timeout   sc_tmo;
struct timeout   sc_tmo6;
struct timeout   sc_tmo_tmpl;
-   struct mbuf_list sc_outputqueue;
+   struct mbuf_queuesc_outputqueue;
struct task  sc_outputtask;
struct socket   *so;
struct mbuf *send_nam;

Re: let's add PF_LOCK()

[Alexandr Nedvedicky]

oh, not again...

I'm sorry for not attaching patch to the first email

On Tue, May 30, 2017 at 02:34:32PM +0200, Alexandr Nedvedicky wrote:
> Hello,
> 
> patch delivers two changes to PF:
> 
> it adds PF_LOCK() et. al. At the moment the PF_LOCK() sort of
> duplicates the current NET_LOCK(). It essentially synchronizes
> packets with ioctl(2) and timer thread, which purges states.
> The future work is going to break PF_LOCK into smaller locks,
> which each will protect relevant parts of PF. Think of pf_state_lock,
> pf_rule_lock, ...
> 
> The other change, which gets introduced is mutex for IP reassembly
> done by PF. The mutex synchronizes fragmented packets with timer
> thread, which expires incomplete packets from fragment cache.
> 
> O.K.?
> 
> thanks and
> regards
> sasha
> 

8<---8<---8<--8<
diff -r 21414694ee7a .hgtags
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/.hgtags   Tue May 30 14:25:01 2017 +0200
@@ -0,0 +1,1 @@
+d545881e2652dbc0c057691a39a095bce92f441f pf-lock.baseline
diff -r 21414694ee7a src/sys/net/pf.c
--- a/src/sys/net/pf.c  Tue May 30 10:55:41 2017 +0200
+++ b/src/sys/net/pf.c  Tue May 30 14:25:01 2017 +0200
@@ -923,7 +923,7 @@
 pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skw,
 struct pf_state_key **sks, struct pf_state *s)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
s->kif = kif;
if (*skw == *sks) {
@@ -1186,7 +1186,7 @@
 {
struct pf_rule  *r;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
if (SLIST_EMPTY(_rule_gcl))
return;
@@ -1207,6 +1207,7 @@
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
 
NET_LOCK(s);
+   PF_LOCK(s);
 
/* process a fraction of the state table every second */
pf_purge_expired_states(1 + (pf_status.states
@@ -1214,13 +1215,20 @@
 
/* purge other expired types every PFTM_INTERVAL seconds */
if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
-   pf_purge_expired_fragments();
pf_purge_expired_src_nodes(0);
pf_purge_expired_rules();
nloops = 0;
}
 
+   PF_UNLOCK(s);
NET_UNLOCK(s);
+
+   /*
+* Fragments don't require PF_LOCK(), they use their own mutex.
+*/
+   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL])
+   pf_purge_expired_fragments();
+
}
 }
 
@@ -1267,7 +1275,7 @@
 {
struct pf_src_node  *cur, *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
for (cur = RB_MIN(pf_src_tree, _src_tracking); cur; cur = next) {
next = RB_NEXT(pf_src_tree, _src_tracking, cur);
@@ -1303,7 +1311,7 @@
 void
 pf_remove_state(struct pf_state *cur)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
/* handle load balancing related tasks */
pf_postprocess_addr(cur);
@@ -1322,9 +1330,17 @@
 #if NPFLOW > 0
if (cur->state_flags & PFSTATE_PFLOW) {
/* XXXSMP breaks atomicity */
+   /*
+* The only guy, who kills states (frees from memory) is
+* pf_purge_thread(). The pf_purge_thread() kills only states,
+* which are marked as PFTM_UNLINKED -> state will stay around,
+* once we re-acquire netlock.
+*/
+   rw_exit_write(_lock);
rw_exit_write();
export_pflow(cur);
rw_enter_write();
+   rw_enter_write(_lock);
}
 #endif /* NPFLOW > 0 */
 #if NPFSYNC > 0
@@ -1354,7 +1370,7 @@
 {
struct pf_rule_item *ri;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
 #if NPFSYNC > 0
if (pfsync_state_in_use(cur))
@@ -1390,7 +1406,7 @@
static struct pf_state  *cur = NULL;
struct pf_state *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
while (maxcheck--) {
/* wrap to start of list when we hit the end */
@@ -3142,13 +3158,13 @@
case IPPROTO_TCP:
sport = pd->hdr.tcp.th_sport;
dport = pd->hdr.tcp.th_dport;
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
tb = 
break;
case IPPROTO_UDP:
sport = pd->hdr.udp.uh_sport;
dport = pd->hdr.udp.uh_dport;
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
tb = 
break;
default:
@@ -6611,6 +6627,7 @@
struct pf_pdesc  pd;
int  dir = (fwdir == PF_FWD) ? PF_OUT : fwdir;
u_int32_tqid, pqid = 0;
+   int  spl;
 

let's add PF_LOCK()

[Alexandr Nedvedicky]

Hello,

patch delivers two changes to PF:

it adds PF_LOCK() et. al. At the moment the PF_LOCK() sort of
duplicates the current NET_LOCK(). It essentially synchronizes
packets with ioctl(2) and timer thread, which purges states.
The future work is going to break PF_LOCK into smaller locks,
which each will protect relevant parts of PF. Think of pf_state_lock,
pf_rule_lock, ...

The other change, which gets introduced is mutex for IP reassembly
done by PF. The mutex synchronizes fragmented packets with timer
thread, which expires incomplete packets from fragment cache.

O.K.?

thanks and
regards
sasha

Re: efiboot serial console support

[YASUOKA Masahiko]

Thanks,

Let me update the diff.

On Tue, 30 May 2017 13:58:29 +0200
Patrick Wildt  wrote:
> On Tue, May 30, 2017 at 12:58:48PM +0200, YASUOKA Masahiko wrote:
>> The following diff is to support serial console on efiboot.
> 
> Nice.
>> 
>> It uses ACPI UID to identify the port number (com0, com1 and so on) of
>> probed serial interface.  But I'm not sure wether com0-com3 are always
>> mapped UID 0-3 as expected.  Though I think this is good enough.
>> 
>> Comment?

diff --git a/sys/arch/amd64/stand/efiboot/conf.c 
b/sys/arch/amd64/stand/efiboot/conf.c
index 0b2933d4cff..913a33e77a6 100644
--- a/sys/arch/amd64/stand/efiboot/conf.c
+++ b/sys/arch/amd64/stand/efiboot/conf.c
@@ -85,6 +85,7 @@ int ndevs = nitems(devsw);
 
 struct consdev constab[] = {
{ efi_cons_probe, efi_cons_init, efi_cons_getc, efi_cons_putc },
+   { efi_com_probe, efi_com_init, efi_com_getc, efi_com_putc },
{ NULL }
 };
 struct consdev *cn_tab = constab;
diff --git a/sys/arch/amd64/stand/efiboot/efiboot.c 
b/sys/arch/amd64/stand/efiboot/efiboot.c
index d668258989f..fb7587fd50e 100644
--- a/sys/arch/amd64/stand/efiboot/efiboot.c
+++ b/sys/arch/amd64/stand/efiboot/efiboot.c
@@ -501,10 +501,177 @@ efi_cons_getshifts(dev_t dev)
return (0);
 }
 
-/* XXX: serial console is not supported yet */
 int com_addr = -1;
 int com_speed = -1;
 
+static SERIAL_IO_INTERFACE *serios[4];
+
+void
+efi_com_probe(struct consdev *cn)
+{
+   EFI_GUID serio_guid = SERIAL_IO_PROTOCOL;
+   EFI_HANDLE  *handles = NULL;
+   SERIAL_IO_INTERFACE *serio;
+   EFI_STATUS   status;
+   EFI_DEVICE_PATH *dp, *dp0;
+   EFI_DEV_PATH_PTR dpp;
+   UINTNsz;
+   int  i, uid = -1;
+
+   sz = 0;
+   status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid, 0, , 0);
+   if (status == EFI_BUFFER_TOO_SMALL) {
+   handles = alloc(sz);
+   status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid,
+   0, , handles);
+   }
+   if (handles == NULL || EFI_ERROR(status))
+   panic("could not get handles of serial i/o");
+
+   for (i = 0; i < sz / sizeof(EFI_HANDLE); i++) {
+   /*
+* Identify port number of the handle.  This assumes ACPI
+* UID 0-3 map to legacy COM[1-4] and they use the legacy
+* port address.
+*/
+   status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
+   (void **));
+   if (EFI_ERROR(status))
+   continue;
+   uid = -1;
+   for (dp = dp0; !IsDevicePathEnd(dp);
+   dp = NextDevicePathNode(dp)) {
+   dpp = (EFI_DEV_PATH_PTR)dp;
+   if (DevicePathType(dp) == ACPI_DEVICE_PATH &&
+   DevicePathSubType(dp) == ACPI_DP)
+   if (dpp.Acpi->HID == EFI_PNP_ID(0x0501)) {
+   uid = dpp.Acpi->UID;
+   break;
+   }
+   }
+   if (uid < 0)
+   continue;
+
+   /* Prepare SERIAL_IO_INTERFACE */
+   status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
+   (void **));
+   if (EFI_ERROR(status))
+   continue;
+   if (uid < nitems(serios))
+   serios[uid] = serio;
+   }
+   free(handles, sz);
+
+   for (i = 0; i < nitems(serios); i++) {
+   if (serios[i] != NULL)
+   printf(" com%d", i);
+   }
+   cn->cn_pri = CN_LOWPRI;
+   cn->cn_dev = makedev(8, 0);
+}
+
+int
+efi_valid_com(dev_t dev)
+{
+   return (0 <= minor(dev) && minor(dev) < nitems(serios) &&
+   serios[minor(dev)] != NULL);
+}
+
+int
+comspeed(dev_t dev, int sp)
+{
+   EFI_STATUS   status;
+   SERIAL_IO_INTERFACE *serio = serios[minor(dev)];
+   int  newsp;
+
+   if (sp <= 0)
+   return com_speed;
+
+   if (!efi_valid_com(dev))
+   return (-1);
+
+   if (serio->Mode->BaudRate != sp) {
+   status = EFI_CALL(serio->SetAttributes, serio,
+   sp, serio->Mode->ReceiveFifoDepth,
+   serio->Mode->Timeout, serio->Mode->Parity,
+   serio->Mode->DataBits, serio->Mode->StopBits);
+   if (EFI_ERROR(status)) {
+   printf("com%d: SetAttribute() failed with status=%d\n",
+   minor(dev), status);
+   return (-1);
+   }
+   if (com_speed != -1)
+   printf("\ncom%d: %d baud\n", minor(dev), sp);
+   }
+
+   /* same as comspeed() in libsa/bioscons.c */
+   

Re: Kill db_sym_t

[Mark Kettenis]

> X-Virus-Scanned: by XS4ALL Virus Scanner
> X-Originating-IP: 87.142.3.46
> Date: Tue, 30 May 2017 12:58:21 +0200
> From: Martin Pieuchot 
> 
> We are only supporting ELF so this abstraction type is no longer needed.
> 
> I'll make my life easier with CTF if I don't have to cast types when
> looking for type information.
> 
> Ok to kill this abstraction?

ok kettenis@

> Index: arch/amd64/amd64/db_trace.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/db_trace.c,v
> retrieving revision 1.30
> diff -u -p -r1.30 db_trace.c
> --- arch/amd64/amd64/db_trace.c   29 May 2017 06:14:10 -  1.30
> +++ arch/amd64/amd64/db_trace.c   30 May 2017 10:26:12 -
> @@ -79,7 +79,7 @@ struct db_variable * db_eregs = db_regs 
>  #define  INTERRUPT   3
>  #define  AST 4
>  
> -int db_numargs(struct callframe *, db_sym_t);
> +int db_numargs(struct callframe *, Elf_Sym *);
>  void db_nextframe(struct callframe **, db_addr_t *, long *, int,
>  int (*) (const char *, ...));
>  
> @@ -92,7 +92,7 @@ void db_nextframe(struct callframe **, d
>   * reliably determine the values currently, just return 0.
>   */
>  int
> -db_numargs(struct callframe *fp, db_sym_t sym)
> +db_numargs(struct callframe *fp, Elf_Sym *sym)
>  {
>  #ifdef DDBCTF
>   int args;
> @@ -231,7 +231,7 @@ db_stack_trace_print(db_expr_t addr, boo
>   unsigned inti;
>   char *  name;
>   db_expr_t   offset;
> - db_sym_tsym;
> + Elf_Sym *   sym;
>  
>   sym = db_search_symbol(callpc, DB_STGY_ANY, );
>   db_symbol_values(sym, , NULL);
> @@ -366,7 +366,7 @@ db_save_stack_trace(struct db_stack_trac
>   struct trapframe *tf;
>   char*name;
>   db_expr_t   offset;
> - db_sym_tsym;
> + Elf_Sym *   sym;
>   int is_trap;
>  
>   st->st_pc[st->st_count++] = callpc;
> Index: arch/arm64/arm64/db_trace.c
> ===
> RCS file: /cvs/src/sys/arch/arm64/arm64/db_trace.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 db_trace.c
> --- arch/arm64/arm64/db_trace.c   17 Feb 2017 17:16:04 -  1.4
> +++ arch/arm64/arm64/db_trace.c   30 May 2017 10:26:17 -
> @@ -66,7 +66,7 @@ db_stack_trace_print(db_expr_t addr, int
>   u_int64_t   frame, lastframe, lr, lastlr, sp;
>   charc, *cp = modif;
>   db_expr_t   offset;
> - db_sym_tsym;
> + Elf_Sym *   sym;
>   char*name;
>   boolean_t   kernel_only = TRUE;
>   boolean_t   trace_thread = FALSE;
> Index: arch/hppa/hppa/db_interface.c
> ===
> RCS file: /cvs/src/sys/arch/hppa/hppa/db_interface.c,v
> retrieving revision 1.39
> diff -u -p -r1.39 db_interface.c
> --- arch/hppa/hppa/db_interface.c 30 Apr 2017 16:45:45 -  1.39
> +++ arch/hppa/hppa/db_interface.c 30 May 2017 10:26:24 -
> @@ -227,7 +227,7 @@ db_stack_trace_print(db_expr_t addr, int
>  char *modif, int (*pr)(const char *, ...))
>  {
>   register_t *fp, pc, rp, *argp;
> - db_sym_t sym;
> + Elf_Sym *sym;
>   db_expr_t off;
>   char *name;
>   int nargs;
> Index: arch/i386/i386/db_trace.c
> ===
> RCS file: /cvs/src/sys/arch/i386/i386/db_trace.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 db_trace.c
> --- arch/i386/i386/db_trace.c 29 May 2017 06:14:10 -  1.27
> +++ arch/i386/i386/db_trace.c 30 May 2017 10:26:49 -
> @@ -74,7 +74,7 @@ struct db_variable *db_eregs = db_regs +
>  #define  INTERRUPT   3
>  #define  AST 4
>  
> -int db_numargs(struct callframe *, db_sym_t);
> +int db_numargs(struct callframe *, Elf_Sym *);
>  void db_nextframe(struct callframe **, db_addr_t *, int *, int,
>  int (*pr)(const char *, ...));
>  
> @@ -82,7 +82,7 @@ void db_nextframe(struct callframe **, d
>   * Figure out how many arguments were passed into the frame at "fp".
>   */
>  int
> -db_numargs(struct callframe *fp, db_sym_t sym)
> +db_numargs(struct callframe *fp, Elf_Sym *sym)
>  {
>   int *argp;
>   int inst;
> @@ -236,7 +236,7 @@ db_stack_trace_print(db_expr_t addr, boo
>   int narg;
>   char *  name;
>   db_expr_t   offset;
> - db_sym_tsym;
> + Elf_Sym *sym;
>  
>   sym = db_search_symbol(callpc, DB_STGY_ANY, );
>   db_symbol_values(sym, , NULL);
> @@ -339,7 +339,7 @@ db_save_stack_trace(struct db_stack_trac
>   for (i = 0; i < DB_STACK_TRACE_MAX && frame != NULL; i++) {
>   char*name;
>   db_expr_t   

Re: ksh(1): vi mode UTF-8 bug

[TAKAHASHI Tamotsu]

Hi Ingo,

On Tue, May 30, 2017 at 2:28 AM, Ingo Schwarze  wrote:

> Walter Alejandro Iglesias wrote on Mon, May 29, 2017 at 06:44:40PM +0200:
>
>> Are those wide char versions of C functions consistent enough to write
>> a separate implementation to be loaded when LC_TYPE is set to utf-8?
>
> Sure, you can rewrite the complete shell to use wchar_t * rather
> than char *, and if you do that, you can use the new code to handle
> ASCII as well, no need to have two copies.  But that would be a
> huge effort, even more error-prone than the small, careful adjustments
> we are doing now, and would have a number of additional downsides;
> among others, losing the ability to handle arbitrary bytes, while
> in UTF-8 mode.

You are right.

With wchar_t, you could avoid isu8cont() and other dirty hacks,
but you might face much more troubles.
I have a joke diff for ksh: https://pastebin.com/HC48zS1q
In fact, I didn't figure out why my diff didn't show what I typed,
while Ctrl-L worked. ;)

Multibyte is simply crazy if you have to calculate the width.
I don't want /bin/sh to be a complete multibyte shell.
When I need a multilingual shell, I use other shells like zsh.
The current implementation of ksh has a perfect balance
between complexity and usefulness.

Thanks,
tamo

Merge pfkeyv2_socket and rawcb into one struct

[Claudio Jeker]

This is more or less the same thing for PF_KEY that we now do in PF_ROUTE.
Use one PCB LIST on the keycb and embedd the rawcb in that PF_KEY cb.
Diff also has a few variable renames in it to make this code less alien
regarding the rest of our kernel. Mainly use so instead of socket and
pfkeyv2_socket is also replaced with better variable names.

This needs the previous diff I just sent out for PF_ROUTE.
After that I can make pfkey use the same SRPL_LIST as PF_ROUTE (from an
other diff) to unlock them more.
-- 
:wq Claudio

Index: net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.160
diff -u -p -r1.160 pfkeyv2.c
--- net/pfkeyv2.c   29 May 2017 20:31:12 -  1.160
+++ net/pfkeyv2.c   30 May 2017 08:44:05 -
@@ -131,14 +131,16 @@ extern struct radix_node_head **spd_tabl
 struct sockaddr pfkey_addr = { 2, PF_KEY, };
 struct domain pfkeydomain;
 
-struct pfkeyv2_socket {
-   LIST_ENTRY(pfkeyv2_socket)  kcb_list;
-   struct socket *socket;
+struct keycb {
+   struct rawcbrcb;
+   LIST_ENTRY(keycb)   kcb_list;
int flags;
uint32_t pid;
uint32_t registration;/* Increase size if SATYPE_MAX > 31 */
uint rdomain;
 };
+#define sotokeycb(so) ((struct keycb *)(so)->so_pcb)
+
 
 struct dump_state {
struct sadb_msg *sadb_msg;
@@ -146,8 +148,7 @@ struct dump_state {
 };
 
 /* Static globals */
-static LIST_HEAD(, pfkeyv2_socket) pfkeyv2_sockets =
-LIST_HEAD_INITIALIZER(pfkeyv2_sockets);
+static LIST_HEAD(, keycb) pfkeyv2_sockets = LIST_HEAD_INITIALIZER(keycb);
 static uint32_t pfkeyv2_seq = 1;
 static int nregistered = 0;
 static int npromisc = 0;
@@ -160,7 +161,7 @@ int pfkeyv2_usrreq(struct socket *, int,
 struct mbuf *, struct proc *);
 int pfkeyv2_output(struct mbuf *, struct socket *, struct sockaddr *,
 struct mbuf *);
-int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
+int pfkey_sendup(struct keycb *, struct mbuf *, int);
 
 /*
  * Wrapper around m_devget(); copy data from contiguous buffer to mbuf
@@ -212,71 +213,62 @@ pfkey_init(void)
 int
 pfkeyv2_attach(struct socket *so, int proto)
 {
-   struct pfkeyv2_socket *pfkeyv2_socket;
+   struct rawcb *rp;
+   struct keycb *pk;
int error;
 
if ((so->so_state & SS_PRIV) == 0)
return EACCES;
 
-   if (!(so->so_pcb = malloc(sizeof(struct rawcb),
-   M_PCB, M_DONTWAIT | M_ZERO)))
-   return (ENOMEM);
-
-   error = raw_attach(so, so->so_proto->pr_protocol);
-   if (error)
-   goto ret;
-
-   ((struct rawcb *)so->so_pcb)->rcb_faddr = _addr;
-
-   if (!(pfkeyv2_socket = malloc(sizeof(struct pfkeyv2_socket),
-   M_PFKEY, M_NOWAIT | M_ZERO)))
-   return (ENOMEM);
+   pk = malloc(sizeof(struct keycb), M_PCB, M_WAITOK | M_ZERO);
+   rp = >rcb;
+   so->so_pcb = rp;
+
+   error = raw_attach(so, proto);
+   if (error) {
+   free(pk, M_PCB, sizeof(struct keycb));
+   return (error);
+   }
 
-   LIST_INSERT_HEAD(_sockets, pfkeyv2_socket, kcb_list);
-   pfkeyv2_socket->socket = so;
-   pfkeyv2_socket->pid = curproc->p_p->ps_pid;
+   rp->rcb_faddr = _addr;
+   pk->pid = curproc->p_p->ps_pid;
 
/*
 * XXX we should get this from the socket instead but
 * XXX rawcb doesn't store the rdomain like inpcb does.
 */
-   pfkeyv2_socket->rdomain = rtable_l2(curproc->p_p->ps_rtableid);
+   pk->rdomain = rtable_l2(curproc->p_p->ps_rtableid);
+
+   LIST_INSERT_HEAD(_sockets, pk, kcb_list);
 
so->so_options |= SO_USELOOPBACK;
soisconnected(so);
 
return (0);
-ret:
-   free(so->so_pcb, M_PCB, sizeof(struct rawcb));
-   return (error);
 }
 
 /*
  * Close a PF_KEYv2 socket.
  */
 int
-pfkeyv2_detach(struct socket *socket, struct proc *p)
+pfkeyv2_detach(struct socket *so, struct proc *p)
 {
-   struct pfkeyv2_socket *pp;
+   struct keycb *pp;
int error;
 
-   LIST_FOREACH(pp, _sockets, kcb_list)
-   if (pp->socket == socket)
-   break;
-
-   if (pp) {
-   LIST_REMOVE(pp, kcb_list);
+   pp = sotokeycb(so);
+   if (pp == NULL)
+   return ENOTCONN;
 
-   if (pp->flags & PFKEYV2_SOCKETFLAGS_REGISTERED)
-   nregistered--;
+   LIST_REMOVE(pp, kcb_list);
 
-   if (pp->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
-   npromisc--;
+   if (pp->flags & PFKEYV2_SOCKETFLAGS_REGISTERED)
+   nregistered--;
 
-   free(pp, M_PFKEY, 0);
-   }
+   if (pp->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
+   npromisc--;
 
-   error = raw_usrreq(socket, PRU_DETACH, NULL, NULL, NULL, p);
+   error = raw_usrreq(so, PRU_DETACH, NULL, NULL, NULL, p);

Re: vmd vioblk start/finish

[Mike Larkin]

On Tue, May 30, 2017 at 07:00:08AM -0400, Ted Unangst wrote:
> This splits the read/write functions into top and bottom halves. It doesn't
> change much yet, but this is a requirement for async IO. The start funtion
> turns the request into an ioinfo (to be completed eventually by a thread) and
> the finish function retrives the result. (for now, we just do the work in
> finish.)
> 
> seems to work, but could probably use a little more load testing.

reads ok to me, go for it (and thanks)

> 
> Index: virtio.c
> ===
> RCS file: /cvs/src/usr.sbin/vmd/virtio.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 virtio.c
> --- virtio.c  27 May 2017 23:58:16 -  1.47
> +++ virtio.c  30 May 2017 10:56:47 -
> @@ -62,6 +62,14 @@ int nr_vioblk;
>  #define VMMCI_F_ACK  (1<<1)
>  #define VMMCI_F_SYNCRTC  (1<<2)
>  
> +struct ioinfo {
> + uint8_t *buf;
> + ssize_t len;
> + off_t offset;
> + int fd;
> + int error;
> +};
> +
>  const char *
>  vioblk_cmd_name(uint32_t type)
>  {
> @@ -324,35 +332,87 @@ vioblk_update_qs(struct vioblk_dev *dev)
>   dev->cfg.queue_size = dev->vq[dev->cfg.queue_select].qs;
>  }
>  
> -static char *
> -vioblk_do_read(struct vioblk_dev *dev, off_t sector, ssize_t sz)
> +static void
> +vioblk_free_info(struct ioinfo *info)
>  {
> - char *buf;
> + if (!info)
> + return;
> + free(info->buf);
> + free(info);
> +}
>  
> - buf = malloc(sz);
> - if (buf == NULL) {
> - log_warn("malloc errror vioblk read");
> - return (NULL);
> - }
> +static struct ioinfo *
> +vioblk_start_read(struct vioblk_dev *dev, off_t sector, ssize_t sz)
> +{
> + struct ioinfo *info;
> +
> + info = calloc(1, sizeof(*info));
> + if (!info)
> + goto nomem;
> + info->buf = malloc(sz);
> + if (info->buf == NULL)
> + goto nomem;
> + info->len = sz;
> + info->offset = sector * VIRTIO_BLK_SECTOR_SIZE;
> + info->fd = dev->fd;
> +
> + return info;
>  
> - if (pread(dev->fd, buf, sz, sector * VIRTIO_BLK_SECTOR_SIZE) != sz) {
> +nomem:
> + free(info);
> + log_warn("malloc errror vioblk read");
> + return (NULL);
> +}
> +
> +
> +static const uint8_t *
> +vioblk_finish_read(struct ioinfo *info)
> +{
> + if (pread(info->fd, info->buf, info->len, info->offset) != info->len) {
> + info->error = errno;
>   log_warn("vioblk read error");
> - free(buf);
> - return (NULL);
> + return NULL;
>   }
>  
> - return buf;
> + return info->buf;
> +}
> +
> +static struct ioinfo *
> +vioblk_start_write(struct vioblk_dev *dev, off_t sector, paddr_t addr, 
> size_t len)
> +{
> + struct ioinfo *info;
> +
> + info = calloc(1, sizeof(*info));
> + if (!info)
> + goto nomem;
> + info->buf = malloc(len);
> + if (info->buf == NULL)
> + goto nomem;
> + info->len = len;
> + info->offset = sector * VIRTIO_BLK_SECTOR_SIZE;
> + info->fd = dev->fd;
> +
> + if (read_mem(addr, info->buf, len)) {
> + vioblk_free_info(info);
> + return NULL;
> + }
> +
> + return info;
> +
> +nomem:
> + free(info);
> + log_warn("malloc errror vioblk write");
> + return (NULL);
>  }
>  
>  static int
> -vioblk_do_write(struct vioblk_dev *dev, off_t sector, char *buf, ssize_t sz)
> +vioblk_finish_write(struct ioinfo *info)
>  {
> - if (pwrite(dev->fd, buf, sz, sector * VIRTIO_BLK_SECTOR_SIZE) != sz) {
> + if (pwrite(info->fd, info->buf, info->len, info->offset) != info->len) {
>   log_warn("vioblk write error");
> - return (1);
> + return EIO;
>   }
> -
> - return (0);
> + return 0;
>  }
>  
>  /*
> @@ -368,7 +428,7 @@ vioblk_notifyq(struct vioblk_dev *dev)
>   uint8_t ds;
>   int ret;
>   off_t secbias;
> - char *vr, *secdata;
> + char *vr;
>   struct vring_desc *desc, *cmd_desc, *secdata_desc, *ds_desc;
>   struct vring_avail *avail;
>   struct vring_used *used;
> @@ -441,14 +501,16 @@ vioblk_notifyq(struct vioblk_dev *dev)
>  
>   secbias = 0;
>   do {
> - /* read the data (use current data descriptor) 
> */
> - /*
> -  * XXX waste to malloc secdata in vioblk_do_read
> -  * and free it here over and over
> -  */
> - secdata = vioblk_do_read(dev, cmd.sector + 
> secbias,
> + struct ioinfo *info;
> + const uint8_t *secdata;
> +
> + info = vioblk_start_read(dev, cmd.sector + 
> secbias,
>   (ssize_t)secdata_desc->len);
> +
> + /* read 

move pbc list from rawcb to routecb (and later pfkey cb)

[Claudio Jeker]

This is a step I need to do to make progress on the PF_KEY cleanup I'm
doing. Both PF_ROUTE and PF_KEY need to start to take care of their own
PCB list and so move the LIST_ENTRY out of rawcb into routecb.
This allows me to do the same in PF_KEY which will be sent as the next
diff.

-- 
:wq Claudio

Index: net/raw_cb.c
===
RCS file: /cvs/src/sys/net/raw_cb.c,v
retrieving revision 1.11
diff -u -p -r1.11 raw_cb.c
--- net/raw_cb.c24 Jan 2017 10:08:30 -  1.11
+++ net/raw_cb.c30 May 2017 08:44:05 -
@@ -46,16 +46,10 @@
 
 /*
  * Routines to manage the raw protocol control blocks.
- *
- * TODO:
- * hash lookups by protocol family/protocol + address family
- * take care of unique address problems per AF?
- * redo address binding to allow wildcards
  */
 
 u_long raw_sendspace = RAWSNDQ;
 u_long raw_recvspace = RAWRCVQ;
-struct rawcbhead rawcb;
 
 /*
  * Allocate a control block and a nominal amount
@@ -72,14 +66,13 @@ raw_attach(struct socket *so, int proto)
 * after space has been allocated for the
 * rawcb.
 */
-   if (rp == 0)
+   if (rp == NULL)
return (ENOBUFS);
if ((error = soreserve(so, raw_sendspace, raw_recvspace)) != 0)
return (error);
rp->rcb_socket = so;
rp->rcb_proto.sp_family = so->so_proto->pr_domain->dom_family;
rp->rcb_proto.sp_protocol = proto;
-   LIST_INSERT_HEAD(, rp, rcb_list);
return (0);
 }
 
@@ -94,7 +87,6 @@ raw_detach(struct rawcb *rp)
 
so->so_pcb = 0;
sofree(so);
-   LIST_REMOVE(rp, rcb_list);
free((caddr_t)(rp), M_PCB, 0);
 }
 
@@ -104,7 +96,6 @@ raw_detach(struct rawcb *rp)
 void
 raw_disconnect(struct rawcb *rp)
 {
-
if (rp->rcb_socket->so_state & SS_NOFDREF)
raw_detach(rp);
 }
Index: net/raw_cb.h
===
RCS file: /cvs/src/sys/net/raw_cb.h,v
retrieving revision 1.11
diff -u -p -r1.11 raw_cb.h
--- net/raw_cb.h23 Jan 2017 16:31:24 -  1.11
+++ net/raw_cb.h30 May 2017 08:44:05 -
@@ -40,7 +40,6 @@
  * to tie a socket to the generic raw interface.
  */
 struct rawcb {
-   LIST_ENTRY(rawcb) rcb_list; /* doubly linked list */
struct  socket *rcb_socket; /* back pointer to socket */
struct  sockaddr *rcb_faddr;/* destination address */
struct  sockaddr *rcb_laddr;/* socket's address */
@@ -54,8 +53,6 @@ struct rawcb {
 #defineRAWRCVQ 8192
 
 #ifdef _KERNEL
-
-extern LIST_HEAD(rawcbhead, rawcb) rawcb;  /* head of list */
 
 #definesotorawcb(so)   ((struct rawcb *)(so)->so_pcb)
 int raw_attach(struct socket *, int);
Index: net/raw_usrreq.c
===
RCS file: /cvs/src/sys/net/raw_usrreq.c,v
retrieving revision 1.31
diff -u -p -r1.31 raw_usrreq.c
--- net/raw_usrreq.c13 Mar 2017 20:18:21 -  1.31
+++ net/raw_usrreq.c30 May 2017 08:44:05 -
@@ -45,15 +45,6 @@
 #include 
 
 #include 
-/*
- * Initialize raw connection block q.
- */
-void
-raw_init(void)
-{
-
-   LIST_INIT();
-}
 
 int
 raw_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
@@ -71,7 +62,7 @@ raw_usrreq(struct socket *so, int req, s
m_freem(m);
return (EOPNOTSUPP);
}
-   if (rp == 0) {
+   if (rp == NULL) {
m_freem(m);
return (EINVAL);
}
@@ -81,10 +72,6 @@ raw_usrreq(struct socket *so, int req, s
 * Flush data or not depending on the options.
 */
case PRU_DETACH:
-   if (rp == 0) {
-   error = ENOTCONN;
-   break;
-   }
raw_detach(rp);
break;
 
Index: net/rtsock.c
===
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.237
diff -u -p -r1.237 rtsock.c
--- net/rtsock.c19 Apr 2017 15:21:54 -  1.237
+++ net/rtsock.c30 May 2017 10:29:25 -
@@ -98,6 +98,7 @@ struct walkarg {
caddr_t w_where, w_tmem;
 };
 
+void   route_prinit(void);
 introute_output(struct mbuf *, struct socket *, struct sockaddr *,
struct mbuf *);
 introute_ctloutput(int, struct socket *, int, int, struct mbuf *);
@@ -126,19 +127,21 @@ intsysctl_ifnames(struct walkarg *);
 int sysctl_rtable_rtstat(void *, size_t *, void *);
 
 struct routecb {
-   struct rawcbrcb;
-   struct timeout  timeout;
-   unsigned intmsgfilter;
-   unsigned intflags;
-   u_int   rtableid;
+   struct rawcbrcb;
+   LIST_ENTRY(routecb) rcb_list;
+   struct timeout  timeout;
+   unsigned intmsgfilter;
+   unsigned int 

Re: efiboot serial console support

[Patrick Wildt]

On Tue, May 30, 2017 at 12:58:48PM +0200, YASUOKA Masahiko wrote:
> Hi,
> 
> The following diff is to support serial console on efiboot.

Nice.

> 
> It uses ACPI UID to identify the port number (com0, com1 and so on) of
> probed serial interface.  But I'm not sure wether com0-com3 are always
> mapped UID 0-3 as expected.  Though I think this is good enough.
> 
> Comment?
> 
> diff --git a/sys/arch/amd64/stand/efiboot/conf.c 
> b/sys/arch/amd64/stand/efiboot/conf.c
> index 0b2933d4cff..913a33e77a6 100644
> --- a/sys/arch/amd64/stand/efiboot/conf.c
> +++ b/sys/arch/amd64/stand/efiboot/conf.c
> @@ -85,6 +85,7 @@ int ndevs = nitems(devsw);
>  
>  struct consdev constab[] = {
>   { efi_cons_probe, efi_cons_init, efi_cons_getc, efi_cons_putc },
> + { efi_com_probe, efi_com_init, efi_com_getc, efi_com_putc },
>   { NULL }
>  };
>  struct consdev *cn_tab = constab;
> diff --git a/sys/arch/amd64/stand/efiboot/efiboot.c 
> b/sys/arch/amd64/stand/efiboot/efiboot.c
> index d668258989f..613ede425b6 100644
> --- a/sys/arch/amd64/stand/efiboot/efiboot.c
> +++ b/sys/arch/amd64/stand/efiboot/efiboot.c
> @@ -501,10 +501,171 @@ efi_cons_getshifts(dev_t dev)
>   return (0);
>  }
>  
> -/* XXX: serial console is not supported yet */
>  int com_addr = -1;
>  int com_speed = -1;
>  
> +static SERIAL_IO_INTERFACE   *serios[4];
> +const int comports[4] = { 0x3f8, 0x2f8, 0x3e8, 0x2e8 };
> +
> +void
> +efi_com_probe(struct consdev *cn)
> +{
> + EFI_GUID serio_guid = SERIAL_IO_PROTOCOL;
> + EFI_HANDLE  *handles = NULL;
> + SERIAL_IO_INTERFACE *serio;
> + EFI_STATUS   status;
> + EFI_DEVICE_PATH *dp, *dp0;
> + EFI_DEV_PATH_PTR dpp;
> + UINTNsz;
> + int  i, uid = -1;
> +
> + sz = 0;
> + status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid, 0, , 0);
> + if (status == EFI_BUFFER_TOO_SMALL) {
> + handles = alloc(sz);
> + status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid,
> + 0, , handles);
> + }
> + if (handles == NULL || EFI_ERROR(status))
> + panic("could not get handles of serial i/o");
> +
> + for (i = 0; i < sz / sizeof(EFI_HANDLE); i++) {
> + /*
> +  * Identify port number of the handle.  This assumes ACPI
> +  * UID 0-4 map to legacy COM[1-4] and they use the legacy

I think youy meant UID 0-3.

> +  * port address.
> +  */
> + status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
> + (void **));
> + if (EFI_ERROR(status))
> + continue;
> + uid = -1;
> + for (dp = dp0; !IsDevicePathEnd(dp);
> + dp = NextDevicePathNode(dp)) {
> + dpp = (EFI_DEV_PATH_PTR)dp;
> + if (DevicePathType(dp) == ACPI_DEVICE_PATH &&
> + DevicePathSubType(dp) == ACPI_DP)
> + if (dpp.Acpi->HID == 0x50141d0 /* PNP0501 */) {

There is a macro for that.  EFI_PNP_ID(0x0501) should do.

> + uid = dpp.Acpi->UID;
> + break;
> + }
> + }
> + if (uid < 0)
> + continue;
> +
> + /* Prepare SERIAL_IO_INTERFACE */
> + status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
> + (void **));
> + if (EFI_ERROR(status))
> + continue;
> + if (uid < nitems(serios))
> + serios[uid] = serio;
> + }
> + free(handles, sz);
> +
> + for (i = 0; i < nitems(serios); i++) {
> + if (serios[i] != NULL)
> + printf(" com%d", i);

Before the printf are 4 spaces instead of a tab.

> + }
> + cn->cn_pri = CN_LOWPRI;
> + cn->cn_dev = makedev(8, 0);
> +}
> +
> +int
> +efi_valid_com(dev_t dev)
> +{
> + return (0 <= minor(dev) && minor(dev) < nitems(serios) &&
> + serios[minor(dev)] != NULL);
> +}
> +
> +int
> +comspeed(dev_t dev, int sp)
> +{
> + EFI_STATUS   status;
> + SERIAL_IO_INTERFACE *serio = serios[minor(dev)];
> +
> + if (!efi_valid_com(dev))
> + return (-1);
> +
> + if (sp > 0 && serio->Mode->BaudRate != sp) {
> + status = EFI_CALL(serio->SetAttributes, serio,
> + sp, serio->Mode->ReceiveFifoDepth,
> + serio->Mode->Timeout, serio->Mode->Parity,
> + serio->Mode->DataBits, serio->Mode->StopBits);
> + if (EFI_ERROR(status)) {
> + painc("com%d: SetAttribute() failed with status=%d\n",
> + minor(dev), status);
> + }
> + com_speed = serio->Mode->BaudRate;
> + }
> + com_speed = sp;
> +
> + return 

Re: Makefile.cross tweaks

[Patrick Wildt]

On Mon, May 29, 2017 at 08:18:08PM +, Miod Vallat wrote:
> The following diff attempts to cross-build more things, in particular
> gnu/lib (except for libiberty). It also passes the proper optimization
> flags so that libstdc++-v3 gets built with optimization.

Doesn't build for arm64, probably because BUILD_GCC4 is transparently
set by the host and not reset to NO.

===> ../usr.bin/cc/libobjc
`/usr/cross/arm64/usr/aarch64-unknown-openbsd6.1/bin/cc 
--print-prog-name=cc1obj` -print-objc-runtime-info  < /dev/null > runtime-info.h
make -f /usr/src/gnu/usr.bin/cc/libobjc/../cc_tools/Makefile 
MFILE=/usr/src/gnu/usr.bin/cc/libobjc/../cc_tools/Makefile 
GCCDIR=/usr/src/gnu/usr.bin/cc/libobjc/../../../gcc/gcc unwind.h
ln -sf /usr/src/gnu/usr.bin/cc/libobjc/../../../gcc/gcc/unwind-generic.h 
unwind.h
/bin/sh: cc1obj: not found
*** Error 127 in target 'runtime-info.h'
*** Error 127 in /usr/src/gnu/usr.bin/cc/libobjc (Makefile:34 'runtime-info.h')

> 
> Index: Makefile.cross
> ===
> RCS file: /OpenBSD/src/Makefile.cross,v
> retrieving revision 1.94
> diff -u -p -r1.94 Makefile.cross
> --- Makefile.cross23 May 2017 14:57:30 -  1.94
> +++ Makefile.cross29 May 2017 20:15:01 -
> @@ -43,8 +43,9 @@ MACHINE_IS_LP64 =
>  
>  #CROSSCPPFLAGS?= -nostdinc -I${CROSSDIR}/usr/include
>  #CROSSLDFLAGS?=  -nostdlib -L${CROSSDIR}/usr/lib -static
> +DEBUG?=  -g
>  CROSSCFLAGS?=${CROSSCPPFLAGS} -O2 ${PIPE} ${DEBUG}
> -CROSSCXXFLAGS?=  ${CROSSCPPFLAGS}
> +CROSSCXXFLAGS?=  ${CROSSCPPFLAGS} -O2 ${PIPE} ${DEBUG}
>  #LDSTATIC?=  -static
>  
>  CROSSDIR=${DESTDIR}/usr/cross/${TARGET}
> @@ -75,7 +76,7 @@ CROSSOBJ=   ${CROSSDIR}/.obj_done
>  CROSSINCLUDES=   ${CROSSDIR}/.includes_done
>  CROSSBINUTILS=   ${CROSSDIR}/.binutils_done
>  CROSSGCC=${CROSSDIR}/.gcc_done
> -#NO_CROSS=   isakmpd keynote ssh
> +NO_CROSS=libiberty
>  
>  .include 
>  
> @@ -307,6 +308,7 @@ ${CROSSGCC}:  ${CROSSBINUTILS}
>   cp -f ${CROSSDIR}/usr/libexec/cpp 
> ${CROSSDIR}/usr/${TARGET_CANON}/bin/${TARGET_CANON}-libexeccpp
>   cp -f ${CROSSDIR}/usr/bin/gcc 
> ${CROSSDIR}/usr/${TARGET_CANON}/bin/${TARGET_CANON}-cc
>   ln -sf ${TARGET_CANON}-cc ${CROSSDIR}/usr/${TARGET_CANON}/bin/cc
> + ln -sf ${TARGET_CANON}-c++ ${CROSSDIR}/usr/${TARGET_CANON}/bin/c++
>  
>   cp -f ${CROSSDIR}/usr/bin/gcc 
> ${CROSSDIR}/usr/${TARGET_CANON}/bin/${TARGET_CANON}-cc
>   rm -f ${CROSSDIR}/usr/bin/gcc  ${CROSSDIR}/usr/bin/g++  
> ${CROSSDIR}/usr/bin/cc ${CROSSDIR}/usr/libexec/cpp 
> @@ -343,6 +345,13 @@ cross-lib:   ${CROSSGCC}
>   eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} 
> DESTDIR=${CROSSDIR} \
>   SKIPDIR=\"${NO_CROSS}\" \
>   ${MAKE} install)
> + (cd ${.CURDIR}/gnu/lib; \
> + eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} \
> + SKIPDIR=\"${NO_CROSS}\" \
> + ${MAKE} depend all ; \
> + eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} 
> DESTDIR=${CROSSDIR} \
> + SKIPDIR=\"${NO_CROSS}\" \
> + ${MAKE} install)
>  
>  cross-bin:   ${CROSSOBJ}
>   MACHINE=${TARGET} \
> @@ -351,10 +360,10 @@ cross-bin:  ${CROSSOBJ}
>   for i in libexec bin sbin usr.bin usr.sbin; do \
>   (cd ${.CURDIR}/$$i; \
>   eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} \
> - SKIPDIR=\"${BINUTILS} ${NO_CROSS}\" \
> + SKIPDIR=\"${NO_CROSS}\" \
>   ${MAKE} depend all ; \
>   eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} 
> DESTDIR=${CROSSDIR} \
> - SKIPDIR=\"${BINUTILS} ${NO_CROSS}\" \
> + SKIPDIR=\"${NO_CROSS}\" \
>   ${MAKE} install); \
>   done
>  
> @@ -362,7 +371,7 @@ cross-gnu:${CROSSOBJ}
>   MACHINE=${TARGET} \
>   MACHINE_ARCH=${TARGET_ARCH} MACHINE_CPU=${TARGET_CPU}; \
>   export MACHINE MACHINE_ARCH MACHINE_CPU; \
> - for i in gnu/lib gnu/usr.sbin gnu/usr.bin ; do \
> + for i in gnu/usr.sbin gnu/usr.bin ; do \
>   (cd ${.CURDIR}/$$i; \
>   eval ${CROSSENV} MAKEOBJDIR=obj.${MACHINE}.${TARGET} \
>   SKIPDIR=\"${NO_CROSS}\" \
> 

Re: KSH bug: case inside command substitution

[Anton Lindqvist]

Hi Vadim,

On Mon, May 29, 2017 at 05:09:11AM +0300, Vadim Zhukov wrote:
> It looks like I've just found a bug in (our) ksh. Not to be brave
> enough to fix it right now, but I think it's still worths adding
> regression test.
> 
> Bash and zsh pass this test without problem.
> 
> The idea is using the case...in...esac inside $(...) or `...`.
> It starts failing when you add a single case match, i.e.:
> 
>   a=foo
>   data=$(
>   case $a in
>   esac
>   )
>   echo $data
> 
> doesn't fail, while 
> 
>   a=foo
>   data=$(
>   case $a in
>   *) echo OK;;
>   esac
>   )
>   echo $data
> 
> fails with error:
> 
>   $ ksh tt.sh
>   ./tt.sh[4]: syntax error: `;;' unexpected
> 
> What's worse, it fails even if I comment the line it's whining after.
> So... okay to add a regression test?

Just for reference, looks like this is caused by a bug mentioned in the
ksh(1) manual[1]:

> $(command) expressions are currently parsed by finding the closest
> matching (unquoted) parenthesis. Thus constructs inside $(command) may
> produce an error. For example, the parenthesis in ‘x);;’ is interpreted
> as the closing parenthesis in ‘$(case x in x);; *);; esac)’.

[1] http://man.openbsd.org/ksh#BUGS

vmd vioblk start/finish

[Ted Unangst]

This splits the read/write functions into top and bottom halves. It doesn't
change much yet, but this is a requirement for async IO. The start funtion
turns the request into an ioinfo (to be completed eventually by a thread) and
the finish function retrives the result. (for now, we just do the work in
finish.)

seems to work, but could probably use a little more load testing.

Index: virtio.c
===
RCS file: /cvs/src/usr.sbin/vmd/virtio.c,v
retrieving revision 1.47
diff -u -p -r1.47 virtio.c
--- virtio.c27 May 2017 23:58:16 -  1.47
+++ virtio.c30 May 2017 10:56:47 -
@@ -62,6 +62,14 @@ int nr_vioblk;
 #define VMMCI_F_ACK(1<<1)
 #define VMMCI_F_SYNCRTC(1<<2)
 
+struct ioinfo {
+   uint8_t *buf;
+   ssize_t len;
+   off_t offset;
+   int fd;
+   int error;
+};
+
 const char *
 vioblk_cmd_name(uint32_t type)
 {
@@ -324,35 +332,87 @@ vioblk_update_qs(struct vioblk_dev *dev)
dev->cfg.queue_size = dev->vq[dev->cfg.queue_select].qs;
 }
 
-static char *
-vioblk_do_read(struct vioblk_dev *dev, off_t sector, ssize_t sz)
+static void
+vioblk_free_info(struct ioinfo *info)
 {
-   char *buf;
+   if (!info)
+   return;
+   free(info->buf);
+   free(info);
+}
 
-   buf = malloc(sz);
-   if (buf == NULL) {
-   log_warn("malloc errror vioblk read");
-   return (NULL);
-   }
+static struct ioinfo *
+vioblk_start_read(struct vioblk_dev *dev, off_t sector, ssize_t sz)
+{
+   struct ioinfo *info;
+
+   info = calloc(1, sizeof(*info));
+   if (!info)
+   goto nomem;
+   info->buf = malloc(sz);
+   if (info->buf == NULL)
+   goto nomem;
+   info->len = sz;
+   info->offset = sector * VIRTIO_BLK_SECTOR_SIZE;
+   info->fd = dev->fd;
+
+   return info;
 
-   if (pread(dev->fd, buf, sz, sector * VIRTIO_BLK_SECTOR_SIZE) != sz) {
+nomem:
+   free(info);
+   log_warn("malloc errror vioblk read");
+   return (NULL);
+}
+
+
+static const uint8_t *
+vioblk_finish_read(struct ioinfo *info)
+{
+   if (pread(info->fd, info->buf, info->len, info->offset) != info->len) {
+   info->error = errno;
log_warn("vioblk read error");
-   free(buf);
-   return (NULL);
+   return NULL;
}
 
-   return buf;
+   return info->buf;
+}
+
+static struct ioinfo *
+vioblk_start_write(struct vioblk_dev *dev, off_t sector, paddr_t addr, size_t 
len)
+{
+   struct ioinfo *info;
+
+   info = calloc(1, sizeof(*info));
+   if (!info)
+   goto nomem;
+   info->buf = malloc(len);
+   if (info->buf == NULL)
+   goto nomem;
+   info->len = len;
+   info->offset = sector * VIRTIO_BLK_SECTOR_SIZE;
+   info->fd = dev->fd;
+
+   if (read_mem(addr, info->buf, len)) {
+   vioblk_free_info(info);
+   return NULL;
+   }
+
+   return info;
+
+nomem:
+   free(info);
+   log_warn("malloc errror vioblk write");
+   return (NULL);
 }
 
 static int
-vioblk_do_write(struct vioblk_dev *dev, off_t sector, char *buf, ssize_t sz)
+vioblk_finish_write(struct ioinfo *info)
 {
-   if (pwrite(dev->fd, buf, sz, sector * VIRTIO_BLK_SECTOR_SIZE) != sz) {
+   if (pwrite(info->fd, info->buf, info->len, info->offset) != info->len) {
log_warn("vioblk write error");
-   return (1);
+   return EIO;
}
-
-   return (0);
+   return 0;
 }
 
 /*
@@ -368,7 +428,7 @@ vioblk_notifyq(struct vioblk_dev *dev)
uint8_t ds;
int ret;
off_t secbias;
-   char *vr, *secdata;
+   char *vr;
struct vring_desc *desc, *cmd_desc, *secdata_desc, *ds_desc;
struct vring_avail *avail;
struct vring_used *used;
@@ -441,14 +501,16 @@ vioblk_notifyq(struct vioblk_dev *dev)
 
secbias = 0;
do {
-   /* read the data (use current data descriptor) 
*/
-   /*
-* XXX waste to malloc secdata in vioblk_do_read
-* and free it here over and over
-*/
-   secdata = vioblk_do_read(dev, cmd.sector + 
secbias,
+   struct ioinfo *info;
+   const uint8_t *secdata;
+
+   info = vioblk_start_read(dev, cmd.sector + 
secbias,
(ssize_t)secdata_desc->len);
+
+   /* read the data (use current data descriptor) 
*/
+   secdata = vioblk_finish_read(info);
if (secdata == NULL) {
+   vioblk_free_info(info);

efiboot serial console support

[YASUOKA Masahiko]

Hi,

The following diff is to support serial console on efiboot.

It uses ACPI UID to identify the port number (com0, com1 and so on) of
probed serial interface.  But I'm not sure wether com0-com3 are always
mapped UID 0-3 as expected.  Though I think this is good enough.

Comment?

diff --git a/sys/arch/amd64/stand/efiboot/conf.c 
b/sys/arch/amd64/stand/efiboot/conf.c
index 0b2933d4cff..913a33e77a6 100644
--- a/sys/arch/amd64/stand/efiboot/conf.c
+++ b/sys/arch/amd64/stand/efiboot/conf.c
@@ -85,6 +85,7 @@ int ndevs = nitems(devsw);
 
 struct consdev constab[] = {
{ efi_cons_probe, efi_cons_init, efi_cons_getc, efi_cons_putc },
+   { efi_com_probe, efi_com_init, efi_com_getc, efi_com_putc },
{ NULL }
 };
 struct consdev *cn_tab = constab;
diff --git a/sys/arch/amd64/stand/efiboot/efiboot.c 
b/sys/arch/amd64/stand/efiboot/efiboot.c
index d668258989f..613ede425b6 100644
--- a/sys/arch/amd64/stand/efiboot/efiboot.c
+++ b/sys/arch/amd64/stand/efiboot/efiboot.c
@@ -501,10 +501,171 @@ efi_cons_getshifts(dev_t dev)
return (0);
 }
 
-/* XXX: serial console is not supported yet */
 int com_addr = -1;
 int com_speed = -1;
 
+static SERIAL_IO_INTERFACE *serios[4];
+const int   comports[4] = { 0x3f8, 0x2f8, 0x3e8, 0x2e8 };
+
+void
+efi_com_probe(struct consdev *cn)
+{
+   EFI_GUID serio_guid = SERIAL_IO_PROTOCOL;
+   EFI_HANDLE  *handles = NULL;
+   SERIAL_IO_INTERFACE *serio;
+   EFI_STATUS   status;
+   EFI_DEVICE_PATH *dp, *dp0;
+   EFI_DEV_PATH_PTR dpp;
+   UINTNsz;
+   int  i, uid = -1;
+
+   sz = 0;
+   status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid, 0, , 0);
+   if (status == EFI_BUFFER_TOO_SMALL) {
+   handles = alloc(sz);
+   status = EFI_CALL(BS->LocateHandle, ByProtocol, _guid,
+   0, , handles);
+   }
+   if (handles == NULL || EFI_ERROR(status))
+   panic("could not get handles of serial i/o");
+
+   for (i = 0; i < sz / sizeof(EFI_HANDLE); i++) {
+   /*
+* Identify port number of the handle.  This assumes ACPI
+* UID 0-4 map to legacy COM[1-4] and they use the legacy
+* port address.
+*/
+   status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
+   (void **));
+   if (EFI_ERROR(status))
+   continue;
+   uid = -1;
+   for (dp = dp0; !IsDevicePathEnd(dp);
+   dp = NextDevicePathNode(dp)) {
+   dpp = (EFI_DEV_PATH_PTR)dp;
+   if (DevicePathType(dp) == ACPI_DEVICE_PATH &&
+   DevicePathSubType(dp) == ACPI_DP)
+   if (dpp.Acpi->HID == 0x50141d0 /* PNP0501 */) {
+   uid = dpp.Acpi->UID;
+   break;
+   }
+   }
+   if (uid < 0)
+   continue;
+
+   /* Prepare SERIAL_IO_INTERFACE */
+   status = EFI_CALL(BS->HandleProtocol, handles[i], _guid,
+   (void **));
+   if (EFI_ERROR(status))
+   continue;
+   if (uid < nitems(serios))
+   serios[uid] = serio;
+   }
+   free(handles, sz);
+
+   for (i = 0; i < nitems(serios); i++) {
+   if (serios[i] != NULL)
+   printf(" com%d", i);
+   }
+   cn->cn_pri = CN_LOWPRI;
+   cn->cn_dev = makedev(8, 0);
+}
+
+int
+efi_valid_com(dev_t dev)
+{
+   return (0 <= minor(dev) && minor(dev) < nitems(serios) &&
+   serios[minor(dev)] != NULL);
+}
+
+int
+comspeed(dev_t dev, int sp)
+{
+   EFI_STATUS   status;
+   SERIAL_IO_INTERFACE *serio = serios[minor(dev)];
+
+   if (!efi_valid_com(dev))
+   return (-1);
+
+   if (sp > 0 && serio->Mode->BaudRate != sp) {
+   status = EFI_CALL(serio->SetAttributes, serio,
+   sp, serio->Mode->ReceiveFifoDepth,
+   serio->Mode->Timeout, serio->Mode->Parity,
+   serio->Mode->DataBits, serio->Mode->StopBits);
+   if (EFI_ERROR(status)) {
+   painc("com%d: SetAttribute() failed with status=%d\n",
+   minor(dev), status);
+   }
+   com_speed = serio->Mode->BaudRate;
+   }
+   com_speed = sp;
+
+   return (serio->Mode->BaudRate);
+}
+
+void
+efi_com_init(struct consdev *cn)
+{
+   if (!efi_valid_com(cn->cn_dev))
+   panic("com%d is not probed", minor(cn->cn_dev));
+
+   if (com_speed == -1)
+   comspeed(cn->cn_dev, 9600); /* default speed is 9600 baud */
+
+   com_addr = 

Kill db_sym_t

[Martin Pieuchot]

We are only supporting ELF so this abstraction type is no longer needed.

I'll make my life easier with CTF if I don't have to cast types when
looking for type information.

Ok to kill this abstraction?


Index: arch/amd64/amd64/db_trace.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/db_trace.c,v
retrieving revision 1.30
diff -u -p -r1.30 db_trace.c
--- arch/amd64/amd64/db_trace.c 29 May 2017 06:14:10 -  1.30
+++ arch/amd64/amd64/db_trace.c 30 May 2017 10:26:12 -
@@ -79,7 +79,7 @@ struct db_variable * db_eregs = db_regs 
 #defineINTERRUPT   3
 #defineAST 4
 
-int db_numargs(struct callframe *, db_sym_t);
+int db_numargs(struct callframe *, Elf_Sym *);
 void db_nextframe(struct callframe **, db_addr_t *, long *, int,
 int (*) (const char *, ...));
 
@@ -92,7 +92,7 @@ void db_nextframe(struct callframe **, d
  * reliably determine the values currently, just return 0.
  */
 int
-db_numargs(struct callframe *fp, db_sym_t sym)
+db_numargs(struct callframe *fp, Elf_Sym *sym)
 {
 #ifdef DDBCTF
int args;
@@ -231,7 +231,7 @@ db_stack_trace_print(db_expr_t addr, boo
unsigned inti;
char *  name;
db_expr_t   offset;
-   db_sym_tsym;
+   Elf_Sym *   sym;
 
sym = db_search_symbol(callpc, DB_STGY_ANY, );
db_symbol_values(sym, , NULL);
@@ -366,7 +366,7 @@ db_save_stack_trace(struct db_stack_trac
struct trapframe *tf;
char*name;
db_expr_t   offset;
-   db_sym_tsym;
+   Elf_Sym *   sym;
int is_trap;
 
st->st_pc[st->st_count++] = callpc;
Index: arch/arm64/arm64/db_trace.c
===
RCS file: /cvs/src/sys/arch/arm64/arm64/db_trace.c,v
retrieving revision 1.4
diff -u -p -r1.4 db_trace.c
--- arch/arm64/arm64/db_trace.c 17 Feb 2017 17:16:04 -  1.4
+++ arch/arm64/arm64/db_trace.c 30 May 2017 10:26:17 -
@@ -66,7 +66,7 @@ db_stack_trace_print(db_expr_t addr, int
u_int64_t   frame, lastframe, lr, lastlr, sp;
charc, *cp = modif;
db_expr_t   offset;
-   db_sym_tsym;
+   Elf_Sym *   sym;
char*name;
boolean_t   kernel_only = TRUE;
boolean_t   trace_thread = FALSE;
Index: arch/hppa/hppa/db_interface.c
===
RCS file: /cvs/src/sys/arch/hppa/hppa/db_interface.c,v
retrieving revision 1.39
diff -u -p -r1.39 db_interface.c
--- arch/hppa/hppa/db_interface.c   30 Apr 2017 16:45:45 -  1.39
+++ arch/hppa/hppa/db_interface.c   30 May 2017 10:26:24 -
@@ -227,7 +227,7 @@ db_stack_trace_print(db_expr_t addr, int
 char *modif, int (*pr)(const char *, ...))
 {
register_t *fp, pc, rp, *argp;
-   db_sym_t sym;
+   Elf_Sym *sym;
db_expr_t off;
char *name;
int nargs;
Index: arch/i386/i386/db_trace.c
===
RCS file: /cvs/src/sys/arch/i386/i386/db_trace.c,v
retrieving revision 1.27
diff -u -p -r1.27 db_trace.c
--- arch/i386/i386/db_trace.c   29 May 2017 06:14:10 -  1.27
+++ arch/i386/i386/db_trace.c   30 May 2017 10:26:49 -
@@ -74,7 +74,7 @@ struct db_variable *db_eregs = db_regs +
 #defineINTERRUPT   3
 #defineAST 4
 
-int db_numargs(struct callframe *, db_sym_t);
+int db_numargs(struct callframe *, Elf_Sym *);
 void db_nextframe(struct callframe **, db_addr_t *, int *, int,
 int (*pr)(const char *, ...));
 
@@ -82,7 +82,7 @@ void db_nextframe(struct callframe **, d
  * Figure out how many arguments were passed into the frame at "fp".
  */
 int
-db_numargs(struct callframe *fp, db_sym_t sym)
+db_numargs(struct callframe *fp, Elf_Sym *sym)
 {
int *argp;
int inst;
@@ -236,7 +236,7 @@ db_stack_trace_print(db_expr_t addr, boo
int narg;
char *  name;
db_expr_t   offset;
-   db_sym_tsym;
+   Elf_Sym *sym;
 
sym = db_search_symbol(callpc, DB_STGY_ANY, );
db_symbol_values(sym, , NULL);
@@ -339,7 +339,7 @@ db_save_stack_trace(struct db_stack_trac
for (i = 0; i < DB_STACK_TRACE_MAX && frame != NULL; i++) {
char*name;
db_expr_t   offset;
-   db_sym_tsym;
+   Elf_Sym *sym;
int is_trap = 0;
 
st->st_pc[st->st_count++] = callpc;
Index: arch/m88k/m88k/db_trace.c
===
RCS file: /cvs/src/sys/arch/m88k/m88k/db_trace.c,v

wsfont: remove qvss8x15, vt220l8x8, and vt220l8x10?

[Frederic Cambus]

Hi,

This would be the last round of console fonts removal.

Those fonts are not compiled in by default, and are smaller than the
smallest font (bold8x16_iso1) we currently include.

Comments? OK to remove them?

Re: Unlock IP forwarding paths

[Hrvoje Popovski]

On 30.5.2017. 11:48, Martin Pieuchot wrote:
> On 30/05/17(Tue) 10:45, Martin Pieuchot wrote:
>> Diff below moves IPv4 & IPv6 incoming/forwarding path, PIPEX ppp
>> processing and IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
>>
>> We currently rely on the NET_LOCK() serializing access to most global
>> data structures for that.  IP input queues are no longer used in the
>> forwarding case.  They still exist as boundary between the network and
>> transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
>>
>> Since we do not want to grab the NET_LOCK() for every packet, the
>> softnet thread will do it once before processing a batch.  That means
>> the L2 processing path, which is currently running without lock, will
>> now run with the NET_LOCK().
>>
>> IPsec is the bridge of this layer.  A bad player.  Since IPsec isn't
>> ready to run without KERNEL_LOCK(), the softnet thread will grab the
>> KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
>>
>> I tried to document as much as possible the current design in my
>> commit messages and in the comment below.  Please ask if something
>> isn't clear.
> Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
> dance.
> 
> Updated diff below.


i'm confirming that i can't reproduce panic with this diff ...

Re: tcpdump: print-bgp.c: update error code 7

[Claudio Jeker]

On Tue, May 30, 2017 at 11:50:57AM +0200, Michal Mazurek wrote:
> On 11:27:28, 30.05.17, Claudio Jeker wrote:
> > On a side note. The notification error code 7 seems to be wrong.
> > The capability error codes made it never into a standard and now 
> > error code 7 if for enhanced route refresh.
> > 
> > So I would replace bgpnotify_minor_cap with
> > static const char *bgpnotify_minor_err[] = {
> > NULL, "Invalid Message Length",
> > };
> > 
> > See also
> > https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#route-refresh-error-subcodes
> 
> In that case let's correct it.

OK claudio@
 
> Index: usr.sbin/tcpdump/print-bgp.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 print-bgp.c
> --- usr.sbin/tcpdump/print-bgp.c  30 May 2017 09:40:08 -  1.22
> +++ usr.sbin/tcpdump/print-bgp.c  30 May 2017 09:45:44 -
> @@ -249,15 +249,15 @@ static const char *bgpnotify_minor_cease
>   "Out of Resources",
>  };
>  
> -static const char *bgpnotify_minor_cap[] = {
> - NULL, "Invalid Action Value", "Invalid Capability Length",
> - "Malformed Capability Value", "Unsupported Capability Code",
> +/* RFC 7313 */
> +static const char *bgpnotify_minor_err[] = {
> + NULL, "Invalid Message Length",
>  };
>  
>  static const char **bgpnotify_minor[] = {
>   NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
>   bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
> - bgpnotify_minor_cap,
> + bgpnotify_minor_err,
>  };
>  static const int bgpnotify_minor_siz[] = {
>   0,
> @@ -267,7 +267,7 @@ static const int bgpnotify_minor_siz[] =
>   sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
>   sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
>   sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
> - sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
> + sizeof(bgpnotify_minor_err)/sizeof(bgpnotify_minor_err[0]),
>  };
>  
>  static const char *bgpattr_origin[] = {
> 
> -- 
> Michal Mazurek
> 

-- 
:wq Claudio

ext2: flush cache on mount -ur

[Stefan Fritsch]

The same as is already implemented for ffs & msdosfs.

ok?

Cheers,
Stefan


diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c
index 53eaa05a32a..98d5536418c 100644
--- a/sys/ufs/ext2fs/ext2fs_vfsops.c
+++ b/sys/ufs/ext2fs/ext2fs_vfsops.c
@@ -181,6 +181,7 @@ ext2fs_mount(struct mount *mp, const char *path, void *data,
ump = VFSTOUFS(mp);
fs = ump->um_e2fs;
if (fs->e2fs_ronly == 0 && (mp->mnt_flag & MNT_RDONLY)) {
+   int force = 0;
flags = WRITECLOSE;
if (mp->mnt_flag & MNT_FORCE)
flags |= FORCECLOSE;
@@ -193,6 +194,12 @@ ext2fs_mount(struct mount *mp, const char *path, void 
*data,
}
if (error)
return (error);
+   /*
+* Updating mount to readonly. Try a cache flush.
+* Ignore error because the ioctl may not be supported.
+*/
+   VOP_IOCTL(ump->um_devvp, DIOCCACHESYNC, ,
+   FWRITE, FSCRED, p);
fs->e2fs_ronly = 1;
}
if (mp->mnt_flag & MNT_RELOAD) {

ext2fs: Mark superblock as not modified when written

[Stefan Fritsch]

I have seen spurious "file system not clean; please fsck(8)" warnings
during "mount -ur". Set e2fs_fmod = 0 when writing the superblock (as
ffs does).

ok?

Cheers,
Stefan


diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c
index 98d5536418c..372c4d6f1fc 100644
--- a/sys/ufs/ext2fs/ext2fs_vfsops.c
+++ b/sys/ufs/ext2fs/ext2fs_vfsops.c
@@ -1007,6 +1007,7 @@ ext2fs_sbupdate(struct ufsmount *mp, int waitfor)
error = bwrite(bp);
else
bawrite(bp);
+   fs->e2fs_fmod = 0;
return (error);
 }
 

Re: tcpdump: drop atalk support

[Theo de Raadt]

> * Theo de Raadt  [2017-05-30 10:56]:
> > > How about just dropping support for /etc/appletalk.names, which as far
> > > as I can tell was never used, and drop the manpage bit, reducing it by
> > > 10%. Most of the text in the manpage is outdated anyway, talking about
> > > /etc/atalk.names - support for which was removed in 2004 with the
> > > privsep work. Something like this:
> > 
> > Sure sure.
> > 
> > My main objection to full removal was that you see a numbered packet
> > flying over your network and don't know what catagory it is in.
> > Suddenly google search is neccessary because tcpdump is going out
> > of the way to not help.  So it should help, answering the minimum
> > question of "what type is that packet, should I worry".
> 
> agreed.
> can we limit this to just being able to identify appletalk?

that's precisely the minimum i think tcpdump should do.

if it never prints hex, i'd be happy.

Re: tcpdump: drop atalk support

[Henning Brauer]

* Theo de Raadt  [2017-05-30 10:56]:
> > How about just dropping support for /etc/appletalk.names, which as far
> > as I can tell was never used, and drop the manpage bit, reducing it by
> > 10%. Most of the text in the manpage is outdated anyway, talking about
> > /etc/atalk.names - support for which was removed in 2004 with the
> > privsep work. Something like this:
> 
> Sure sure.
> 
> My main objection to full removal was that you see a numbered packet
> flying over your network and don't know what catagory it is in.
> Suddenly google search is neccessary because tcpdump is going out
> of the way to not help.  So it should help, answering the minimum
> question of "what type is that packet, should I worry".

agreed.
can we limit this to just being able to identify appletalk?

note that this is ethertype appletalk, not appletalk over ip. afaik
that means pre-macosx.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: ip_input() in pr_input style

[Martin Pieuchot]

On 30/05/17(Tue) 11:40, Alexander Bluhm wrote:
> On Tue, May 30, 2017 at 08:45:53AM +0200, Martin Pieuchot wrote:
> > On 29/05/17(Mon) 23:45, Alexander Bluhm wrote:
> > > Hi,
> > > 
> > > Convert ip_input(), ip_our(), ip_deliver() functions to pr_input
> > > parameter passing and protocol return style.  Reset mp to NULL in
> > > a few places to fail at mbuf use after free.  Rename ipv4_input()
> > > to ip_input().
> > > 
> > > Goal is to prepare the code that both mpi@'s and bluhm@'s diff
> > > apply.
> > > 
> > > ok?
> > 
> > I don't understand how I'm suppose to rebase my diff on top of this
> > one.  ip_ours() is now taking multiple arguments.
> 
> My diff has to pass down the mp from ip_input() to ip_deliver().
> Your diff places a queue into that path.  The queue is temporary
> and can go away when we unlock the protocol input path.

In the meantime we cannot make in_ours() return anything.  So I still
don't understand how our diffs are compatible.

tcpdump: print-bgp.c: update error code 7

[Michal Mazurek]

On 11:27:28, 30.05.17, Claudio Jeker wrote:
> On a side note. The notification error code 7 seems to be wrong.
> The capability error codes made it never into a standard and now 
> error code 7 if for enhanced route refresh.
> 
> So I would replace bgpnotify_minor_cap with
> static const char *bgpnotify_minor_err[] = {
>   NULL, "Invalid Message Length",
> };
> 
> See also
> https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#route-refresh-error-subcodes

In that case let's correct it.

Index: usr.sbin/tcpdump/print-bgp.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
retrieving revision 1.22
diff -u -p -r1.22 print-bgp.c
--- usr.sbin/tcpdump/print-bgp.c30 May 2017 09:40:08 -  1.22
+++ usr.sbin/tcpdump/print-bgp.c30 May 2017 09:45:44 -
@@ -249,15 +249,15 @@ static const char *bgpnotify_minor_cease
"Out of Resources",
 };
 
-static const char *bgpnotify_minor_cap[] = {
-   NULL, "Invalid Action Value", "Invalid Capability Length",
-   "Malformed Capability Value", "Unsupported Capability Code",
+/* RFC 7313 */
+static const char *bgpnotify_minor_err[] = {
+   NULL, "Invalid Message Length",
 };
 
 static const char **bgpnotify_minor[] = {
NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
-   bgpnotify_minor_cap,
+   bgpnotify_minor_err,
 };
 static const int bgpnotify_minor_siz[] = {
0,
@@ -267,7 +267,7 @@ static const int bgpnotify_minor_siz[] =
sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
-   sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
+   sizeof(bgpnotify_minor_err)/sizeof(bgpnotify_minor_err[0]),
 };
 
 static const char *bgpattr_origin[] = {

-- 
Michal Mazurek

Re: detect post threaded condition

[David Coppa]

Il 30 mag 2017 09:48, "Ted Unangst"  ha scritto:

talking to stsp, he reminded me of a problematic bug that took some time to
track down in some desktop software that shall not be named. after a program
calls fork(), the child has only a single thread. per the standard, it needs
to get to exec() as quickly as possible. per the quality standards of modern
software, this doesn't always happen, and then strangeness happens.

this adds a quick check for this error condition. after a fork, we set a new
variable in the child that we are post threaded. this can be checked
elsewhere
in the library. i added a check to pthread_join because that's a notable
problem function.


Index: rthread.c
===
RCS file: /cvs/src/lib/librthread/rthread.c,v
retrieving revision 1.94
diff -u -p -r1.94 rthread.c
--- rthread.c   4 Sep 2016 10:13:35 -   1.94
+++ rthread.c   30 May 2017 07:43:12 -
@@ -64,6 +64,7 @@ REDIRECT_SYSCALL(thrkill);
 static int concurrency_level;  /* not used */

 int _threads_ready;
+int _post_threaded;
 size_t _thread_pagesize;
 struct listhead _thread_list = LIST_HEAD_INITIALIZER(_thread_list);
 _atomic_lock_t _thread_lock = _SPINLOCK_UNLOCKED;
@@ -358,6 +359,11 @@ pthread_join(pthread_t thread, void **re
pthread_t self;
PREP_CANCEL_POINT(tib);

+   if (_post_threaded) {
+#define GREATSCOTT "great scott! serious repurcussions on future events!\n"


As a BTTF fan I laughed loudly, but please fix the typo ;)

Ciao!
David


+   write(2, GREATSCOTT, sizeof(GREATSCOTT));
+   abort();
+   }
if (!_threads_ready)
_rthread_init();
self = tib->tib_thread;
Index: rthread_fork.c
===
RCS file: /cvs/src/lib/librthread/rthread_fork.c,v
retrieving revision 1.19
diff -u -p -r1.19 rthread_fork.c
--- rthread_fork.c  4 Sep 2016 10:13:35 -   1.19
+++ rthread_fork.c  30 May 2017 07:41:29 -
@@ -58,6 +58,7 @@ _dofork(pid_t (*sys_fork)(void))
pthread_t me;
pid_t newid;
int i;
+   extern int _post_threaded;

if (!_threads_ready)
return sys_fork();
@@ -110,6 +111,7 @@ _dofork(pid_t (*sys_fork)(void))

/* single threaded now */
__isthreaded = 0;
+   _post_threaded = 1;
}
 #ifndef NO_PIC
else if (_DYNAMIC)

Re: Unlock IP forwarding paths

[Martin Pieuchot]

On 30/05/17(Tue) 10:45, Martin Pieuchot wrote:
> Diff below moves IPv4 & IPv6 incoming/forwarding path, PIPEX ppp
> processing and IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
> 
> We currently rely on the NET_LOCK() serializing access to most global
> data structures for that.  IP input queues are no longer used in the
> forwarding case.  They still exist as boundary between the network and
> transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
> 
> Since we do not want to grab the NET_LOCK() for every packet, the
> softnet thread will do it once before processing a batch.  That means
> the L2 processing path, which is currently running without lock, will
> now run with the NET_LOCK().
> 
> IPsec is the bridge of this layer.  A bad player.  Since IPsec isn't
> ready to run without KERNEL_LOCK(), the softnet thread will grab the
> KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
> 
> I tried to document as much as possible the current design in my
> commit messages and in the comment below.  Please ask if something
> isn't clear.

Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
dance.

Updated diff below.

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.502
diff -u -p -r1.502 if.c
--- net/if.c30 May 2017 07:50:37 -  1.502
+++ net/if.c30 May 2017 08:24:30 -
@@ -874,7 +874,10 @@ if_input_process(void *xifidx)
struct ifnet *ifp;
struct ifih *ifih;
struct srp_ref sr;
-   int s;
+   int s, s2;
+#ifdef IPSEC
+   int locked = 0;
+#endif /* IPSEC */
 
ifp = if_get(ifidx);
if (ifp == NULL)
@@ -887,6 +890,32 @@ if_input_process(void *xifidx)
if (!ISSET(ifp->if_xflags, IFXF_CLONED))
add_net_randomness(ml_len());
 
+#ifdef IPSEC
+   /*
+* IPsec is not ready to run without KERNEL_LOCK().  So all
+* the traffic on your machine is punished if you have IPsec
+* enabled.
+*/
+   extern int ipsec_in_use;
+   if (ipsec_in_use) {
+   KERNEL_LOCK();
+   locked = 1;
+   }
+#endif /* IPSEC */
+
+   /*
+* We grab the NET_LOCK() before processing any packet to
+* ensure there's no contention on the routing table lock.
+*
+* Without it we could race with a userland thread to insert
+* a L2 entry in ip{6,}_output().  Such race would result in
+* one of the threads sleeping *inside* the IP output path.
+*
+* Since we have a NET_LOCK() we also use it to serialize access
+* to PF globals, pipex globals, unicast and multicast addresses
+* lists.
+*/
+   NET_LOCK(s2);
s = splnet();
while ((m = ml_dequeue()) != NULL) {
/*
@@ -903,7 +932,12 @@ if_input_process(void *xifidx)
m_freem(m);
}
splx(s);
+   NET_UNLOCK(s2);
 
+#ifdef IPSEC
+   if (locked)
+   KERNEL_UNLOCK();
+#endif /* IPSEC */
 out:
if_put(ifp);
 }
Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.245
diff -u -p -r1.245 if_ethersubr.c
--- net/if_ethersubr.c  30 May 2017 07:50:37 -  1.245
+++ net/if_ethersubr.c  30 May 2017 08:02:13 -
@@ -416,15 +416,11 @@ decapsulate:
 #ifdef PIPEX
if (pipex_enable) {
struct pipex_session *session;
-   int s;
 
-   NET_LOCK(s);
if ((session = pipex_pppoe_lookup_session(m)) != NULL) {
pipex_pppoe_input(m, session);
-   NET_UNLOCK(s);
return (1);
}
-   NET_UNLOCK(s);
}
 #endif
if (etype == ETHERTYPE_PPPOEDISC)
Index: netinet/ip_input.c
===
RCS file: /cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.308
diff -u -p -r1.308 ip_input.c
--- netinet/ip_input.c  30 May 2017 07:50:37 -  1.308
+++ netinet/ip_input.c  30 May 2017 09:44:53 -
@@ -127,6 +127,7 @@ int ip_sysctl_ipstat(void *, size_t *, v
 static struct mbuf_queue   ipsend_mq;
 
 void   ip_ours(struct mbuf *);
+void   ip_local(struct mbuf *);
 intip_dooptions(struct mbuf *, struct ifnet *);
 intin_ouraddr(struct mbuf *, struct ifnet *, struct rtentry **);
 
@@ -207,27 +208,31 @@ ip_init(void)
mq_init(_mq, 64, IPL_SOFTNET);
 }
 
+/*
+ * Enqueue packet for local delivery.  Queuing is used as a boundary
+ * between the network layer (input/forward path) running without
+ * KERNEL_LOCK() and the transport layer still needing it.
+ */
 void
-ipv4_input(struct ifnet *ifp, struct mbuf *m)
+ip_ours(struct mbuf *m)

Re: ip_input() in pr_input style

[Alexander Bluhm]

On Tue, May 30, 2017 at 08:45:53AM +0200, Martin Pieuchot wrote:
> On 29/05/17(Mon) 23:45, Alexander Bluhm wrote:
> > Hi,
> > 
> > Convert ip_input(), ip_our(), ip_deliver() functions to pr_input
> > parameter passing and protocol return style.  Reset mp to NULL in
> > a few places to fail at mbuf use after free.  Rename ipv4_input()
> > to ip_input().
> > 
> > Goal is to prepare the code that both mpi@'s and bluhm@'s diff
> > apply.
> > 
> > ok?
> 
> I don't understand how I'm suppose to rebase my diff on top of this
> one.  ip_ours() is now taking multiple arguments.

My diff has to pass down the mp from ip_input() to ip_deliver().
Your diff places a queue into that path.  The queue is temporary
and can go away when we unlock the protocol input path.

I am trying to create incremental diffs that cover both cases.  The
alternative is, that we commit my diff or your diff now and merge
the other one.

I can also convert my diff that all functions take the minimum
number of arguments.  Currently my goal is that all IPv4 and IPv6
input functions behave like pr_input for consistency.  That is
ip_input
ip_ours
ip_deliver
ip6_input
ip6_ours
ip6_deliver
ip6_hbhchcheck

bluhm

Re: 802.11 multicast frames and the basic rate set

[Stefan Sperling]

On Tue, May 30, 2017 at 11:03:09AM +0200, Stefan Sperling wrote:
> ok?

Always wait for the second diff!

In the previous version I missed an indirection via wn->ridx[].
wrong: rinfo = _rates[ieee80211_min_basic_rate(ic)]
correct: rinfo = _rates[wn->ridx[ieee80211_min_basic_rate(ic)]];

Because of this I found that we have to hardcode the rate of the
broadcast node added to firmware, because wn->ridx is not set up
until we associate. Still works, anyway. Seems the basic rate
specified in the Tx command is all that matters.

Index: dev/pci/if_iwn.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwn.c,v
retrieving revision 1.186
diff -u -p -r1.186 if_iwn.c
--- dev/pci/if_iwn.c26 Apr 2017 07:53:17 -  1.186
+++ dev/pci/if_iwn.c30 May 2017 09:19:06 -
@@ -2896,8 +2896,7 @@ iwn_tx(struct iwn_softc *sc, struct mbuf
/* Choose a TX rate index. */
if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
type != IEEE80211_FC0_TYPE_DATA)
-   ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ?
-   IWN_RIDX_OFDM6 : IWN_RIDX_CCK1;
+   ridx = wn->ridx[ieee80211_max_basic_rate(ic)];
else if (ic->ic_fixed_mcs != -1)
ridx = sc->fixed_ridx;
else if (ic->ic_fixed_rate != -1)
@@ -3430,6 +3429,7 @@ iwn5000_add_node(struct iwn_softc *sc, s
 int
 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni)
 {
+   struct ieee80211com *ic = >sc_ic;
struct iwn_node *wn = (void *)ni;
struct ieee80211_rateset *rs = >ni_rates;
struct iwn_cmd_link_quality linkq;
@@ -3466,11 +3466,8 @@ iwn_set_link_quality(struct iwn_softc *s
break;
}
 
-   /* Fill the rest with the lowest legacy rate. */
-   if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
-   rinfo = _rates[IWN_RIDX_OFDM6];
-   else
-   rinfo = _rates[IWN_RIDX_CCK1];
+   /* Fill the rest with the lowest basic rate. */
+   rinfo = _rates[wn->ridx[ieee80211_min_basic_rate(ic)]];
while (i < IWN_MAX_TX_RETRIES) {
linkq.retry[i].plcp = rinfo->plcp;
linkq.retry[i].rflags = rinfo->flags;
Index: net80211/ieee80211.c
===
RCS file: /cvs/src/sys/net80211/ieee80211.c,v
retrieving revision 1.58
diff -u -p -r1.58 ieee80211.c
--- net80211/ieee80211.c13 Jan 2016 14:33:07 -  1.58
+++ net80211/ieee80211.c30 May 2017 08:38:14 -
@@ -712,6 +712,43 @@ ieee80211_setbasicrates(struct ieee80211
}
 }
 
+int
+ieee80211_min_basic_rate(struct ieee80211com *ic)
+{
+   struct ieee80211_rateset *rs = >ic_bss->ni_rates;
+   int i;
+
+   for (i = 0; i < rs->rs_nrates; i++) {
+   if (rs->rs_rates[i] & IEEE80211_RATE_BASIC)
+   return i;
+   }
+
+   return 0;
+}
+
+int
+ieee80211_max_basic_rate(struct ieee80211com *ic)
+{
+   struct ieee80211_rateset *rs = >ic_bss->ni_rates;
+   int i, best, rval, best_rval;
+
+   /* Defaults to 1 Mbit/s on 2GHz and 6 Mbit/s on 5GHz. */
+   best = 0;
+   best_rval = (rs->rs_rates[best] & IEEE80211_RATE_VAL);
+
+   for (i = 0; i < rs->rs_nrates; i++) {
+   if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0)
+   continue;
+   rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
+   if (rval > best_rval) {
+   best_rval = rval;
+   best = i;
+   }
+   }
+
+   return best;
+}
+
 /*
  * Set the current phy mode and recalculate the active channel
  * set based on the available channels for this mode.  Also
Index: net80211/ieee80211_var.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
retrieving revision 1.77
diff -u -p -r1.77 ieee80211_var.h
--- net80211/ieee80211_var.h2 Feb 2017 16:47:53 -   1.77
+++ net80211/ieee80211_var.h30 May 2017 08:28:46 -
@@ -402,6 +402,8 @@ u_int   ieee80211_mhz2ieee(u_int, u_int);
 u_int  ieee80211_chan2ieee(struct ieee80211com *,
const struct ieee80211_channel *);
 u_int  ieee80211_ieee2mhz(u_int, u_int);
+intieee80211_min_basic_rate(struct ieee80211com *);
+intieee80211_max_basic_rate(struct ieee80211com *);
 intieee80211_setmode(struct ieee80211com *, enum ieee80211_phymode);
 enum ieee80211_phymode ieee80211_next_mode(struct ifnet *);
 enum ieee80211_phymode ieee80211_chan2mode(struct ieee80211com *,

Re: tcpdump: enable some more bgp info

[Claudio Jeker]

On Tue, May 30, 2017 at 11:06:10AM +0200, Michal Mazurek wrote:
> On 10:43:30, 30.05.17, Job Snijders wrote:
> > In the registry created by RFC 6608, the value "0" is the BGP Finite
> > State Machine Error subcode meaning "Unspecified Error". I think that
> > when a name is assigned to a value, the name should be printed (like
> > your patch does for subcode values 1, 2, and 3).
> > 
> > If no name is known for the error subcode, just printing the number is
> > useful indeed.
> 
> You are right.

OK claudio@

On a side note. The notification error code 7 seems to be wrong.
The capability error codes made it never into a standard and now 
error code 7 if for enhanced route refresh.

So I would replace bgpnotify_minor_cap with
static const char *bgpnotify_minor_err[] = {
NULL, "Invalid Message Length",
};

See also
https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#route-refresh-error-subcodes
 
> Index: usr.sbin/tcpdump/print-bgp.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 print-bgp.c
> --- usr.sbin/tcpdump/print-bgp.c  24 Apr 2017 20:35:35 -  1.21
> +++ usr.sbin/tcpdump/print-bgp.c  30 May 2017 09:00:49 -
> @@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
>   "Invalid Network Field", "Malformed AS_PATH",
>  };
>  
> +static const char *bgpnotify_minor_holdtime[] = {
> + NULL,
> +};
> +
> +/* RFC 6608 */
> +static const char *bgpnotify_minor_fsm[] = {
> + "Unspecified Error", "In OpenSent State", "In OpenConfirm State",
> + "In Established State",
> +};
> +
>  /* RFC 4486 */
>  #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
>  /* draft-ietf-idr-shutdown-07 */
> @@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
>  
>  static const char **bgpnotify_minor[] = {
>   NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
> + bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
> + bgpnotify_minor_cap,
>  };
>  static const int bgpnotify_minor_siz[] = {
>   0,
>   sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
>   sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
>   sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
> - 0,
> - 0,
> + sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
> + sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
>   sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
>   sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
>  };
> 
> -- 
> Michal Mazurek
> 

-- 
:wq Claudio

pcdisplay(4): properly disable hardware cursor

[Frederic Cambus]

Hi tech@,

Use the CD bit (Cursor Disable) in the cursor start register to properly
disable hardware cursor.

>From NetBSD. See commit message [1] and diff [2] for more information.

Comments? OK?

[1] 
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ic/pcdisplay_subr.c?rev=1.35=text/x-cvsweb-markup
[2] 
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ic/pcdisplay_subr.c.diff?r1=1.34=1.35_with_tag=MAIN

Index: pcdisplay_subr.c
===
RCS file: /cvs/src/sys/dev/ic/pcdisplay_subr.c,v
retrieving revision 1.12
diff -u -p -r1.12 pcdisplay_subr.c
--- pcdisplay_subr.c30 May 2017 08:24:56 -  1.12
+++ pcdisplay_subr.c30 May 2017 09:03:18 -
@@ -44,8 +44,8 @@ void
 pcdisplay_cursor_reset(struct pcdisplayscreen *scr)
 {
 #ifdef PCDISPLAY_SOFTCURSOR
-   pcdisplay_6845_write(scr->hdl, curstart, 0x10);
-   pcdisplay_6845_write(scr->hdl, curend, 0x10);
+   pcdisplay_6845_write(scr->hdl, curstart, 0x20);
+   pcdisplay_6845_write(scr->hdl, curend, 0x00);
 #endif
 }
 

Re: tcpdump: enable some more bgp info

[Michal Mazurek]

On 10:43:30, 30.05.17, Job Snijders wrote:
> In the registry created by RFC 6608, the value "0" is the BGP Finite
> State Machine Error subcode meaning "Unspecified Error". I think that
> when a name is assigned to a value, the name should be printed (like
> your patch does for subcode values 1, 2, and 3).
> 
> If no name is known for the error subcode, just printing the number is
> useful indeed.

You are right.

Index: usr.sbin/tcpdump/print-bgp.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
retrieving revision 1.21
diff -u -p -r1.21 print-bgp.c
--- usr.sbin/tcpdump/print-bgp.c24 Apr 2017 20:35:35 -  1.21
+++ usr.sbin/tcpdump/print-bgp.c30 May 2017 09:00:49 -
@@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
"Invalid Network Field", "Malformed AS_PATH",
 };
 
+static const char *bgpnotify_minor_holdtime[] = {
+   NULL,
+};
+
+/* RFC 6608 */
+static const char *bgpnotify_minor_fsm[] = {
+   "Unspecified Error", "In OpenSent State", "In OpenConfirm State",
+   "In Established State",
+};
+
 /* RFC 4486 */
 #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
 /* draft-ietf-idr-shutdown-07 */
@@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
 
 static const char **bgpnotify_minor[] = {
NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
+   bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
+   bgpnotify_minor_cap,
 };
 static const int bgpnotify_minor_siz[] = {
0,
sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
-   0,
-   0,
+   sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
+   sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
 };

-- 
Michal Mazurek

802.11 multicast frames and the basic rate set

[Stefan Sperling]

Many of our drivers hardcode multicast frames to 1 Mbit/s on 2 GHz.
This assumes 11b interop, which is mandatory for all 2GHz PHYs and
thus generally works.

However, access points may modify the networks' basic rate set such
that it differs from the mandatory PHY rate set. (Standard laywers may
wish to consult sections such as "9.7.5.3 Rate selection for other group
addressed data and management frames" in 802.11-2012.)

This can be used to exclude 11b clients from a network, such that
the network appears as a "pure 11g" network (no 11b frames allowed).

It seems nowadays this has become the default for some vendor APs,
who then ship with an 11b compat mode labeled "legacy" for standard
compliance.

We should be more diligent in following the APs basic rate set.
The following diff introduces net80211 helpers for this and makes use
of them in iwn(4). Other drivers will need to be fixed over time.

ok?

Index: dev/pci/if_iwn.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwn.c,v
retrieving revision 1.186
diff -u -p -r1.186 if_iwn.c
--- dev/pci/if_iwn.c26 Apr 2017 07:53:17 -  1.186
+++ dev/pci/if_iwn.c30 May 2017 08:29:24 -
@@ -2896,8 +2896,7 @@ iwn_tx(struct iwn_softc *sc, struct mbuf
/* Choose a TX rate index. */
if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
type != IEEE80211_FC0_TYPE_DATA)
-   ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ?
-   IWN_RIDX_OFDM6 : IWN_RIDX_CCK1;
+   ridx = wn->ridx[ieee80211_max_basic_rate(ic)];
else if (ic->ic_fixed_mcs != -1)
ridx = sc->fixed_ridx;
else if (ic->ic_fixed_rate != -1)
@@ -3430,6 +3429,7 @@ iwn5000_add_node(struct iwn_softc *sc, s
 int
 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni)
 {
+   struct ieee80211com *ic = >sc_ic;
struct iwn_node *wn = (void *)ni;
struct ieee80211_rateset *rs = >ni_rates;
struct iwn_cmd_link_quality linkq;
@@ -3466,11 +3466,8 @@ iwn_set_link_quality(struct iwn_softc *s
break;
}
 
-   /* Fill the rest with the lowest legacy rate. */
-   if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
-   rinfo = _rates[IWN_RIDX_OFDM6];
-   else
-   rinfo = _rates[IWN_RIDX_CCK1];
+   /* Fill the rest with the lowest basic rate. */
+   rinfo = _rates[ieee80211_min_basic_rate(ic)];
while (i < IWN_MAX_TX_RETRIES) {
linkq.retry[i].plcp = rinfo->plcp;
linkq.retry[i].rflags = rinfo->flags;
@@ -4562,8 +4559,7 @@ iwn_config(struct iwn_softc *sc)
return error;
}
 
-   ridx = (sc->sc_ic.ic_curmode == IEEE80211_MODE_11A) ?
-   IWN_RIDX_OFDM6 : IWN_RIDX_CCK1;
+   ridx = ieee80211_max_basic_rate(ic);
if ((error = iwn_add_broadcast_node(sc, 0, ridx)) != 0) {
printf("%s: could not add broadcast node\n",
sc->sc_dev.dv_xname);
@@ -4898,8 +4894,7 @@ iwn_auth(struct iwn_softc *sc)
 * Reconfiguring RXON clears the firmware nodes table so we must
 * add the broadcast node again.
 */
-   ridx = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ?
-   IWN_RIDX_OFDM6 : IWN_RIDX_CCK1;
+   ridx = ieee80211_max_basic_rate(ic);
if ((error = iwn_add_broadcast_node(sc, 1, ridx)) != 0) {
printf("%s: could not add broadcast node\n",
sc->sc_dev.dv_xname);
Index: net80211/ieee80211.c
===
RCS file: /cvs/src/sys/net80211/ieee80211.c,v
retrieving revision 1.58
diff -u -p -r1.58 ieee80211.c
--- net80211/ieee80211.c13 Jan 2016 14:33:07 -  1.58
+++ net80211/ieee80211.c30 May 2017 08:38:14 -
@@ -712,6 +712,43 @@ ieee80211_setbasicrates(struct ieee80211
}
 }
 
+int
+ieee80211_min_basic_rate(struct ieee80211com *ic)
+{
+   struct ieee80211_rateset *rs = >ic_bss->ni_rates;
+   int i;
+
+   for (i = 0; i < rs->rs_nrates; i++) {
+   if (rs->rs_rates[i] & IEEE80211_RATE_BASIC)
+   return i;
+   }
+
+   return 0;
+}
+
+int
+ieee80211_max_basic_rate(struct ieee80211com *ic)
+{
+   struct ieee80211_rateset *rs = >ic_bss->ni_rates;
+   int i, best, rval, best_rval;
+
+   /* Defaults to 1 Mbit/s on 2GHz and 6 Mbit/s on 5GHz. */
+   best = 0;
+   best_rval = (rs->rs_rates[best] & IEEE80211_RATE_VAL);
+
+   for (i = 0; i < rs->rs_nrates; i++) {
+   if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0)
+   continue;
+   rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
+   if (rval > best_rval) {
+   best_rval = rval;
+   best = i;
+   }
+   }
+
+   

Re: tcpdump: drop atalk support

[Theo de Raadt]

> How about just dropping support for /etc/appletalk.names, which as far
> as I can tell was never used, and drop the manpage bit, reducing it by
> 10%. Most of the text in the manpage is outdated anyway, talking about
> /etc/atalk.names - support for which was removed in 2004 with the
> privsep work. Something like this:

Sure sure.

My main objection to full removal was that you see a numbered packet
flying over your network and don't know what catagory it is in.
Suddenly google search is neccessary because tcpdump is going out
of the way to not help.  So it should help, answering the minimum
question of "what type is that packet, should I worry".

Re: tcpdump: drop atalk support

[Michal Mazurek]

How about just dropping support for /etc/appletalk.names, which as far
as I can tell was never used, and drop the manpage bit, reducing it by
10%. Most of the text in the manpage is outdated anyway, talking about
/etc/atalk.names - support for which was removed in 2004 with the
privsep work. Something like this:

Index: usr.sbin/tcpdump/privsep.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.44
diff -u -p -r1.44 privsep.c
--- usr.sbin/tcpdump/privsep.c  23 Jan 2017 04:25:05 -  1.44
+++ usr.sbin/tcpdump/privsep.c  28 May 2017 13:46:59 -
@@ -101,8 +101,7 @@ struct ftab {
int count;
 };
 
-static struct ftab file_table[] = {{"/etc/appletalk.names", 1, 0},
-  {PF_OSFP_FILE, 1, 0}};
+static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}};
 
 #define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab))
 
Index: usr.sbin/tcpdump/privsep.h
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.h,v
retrieving revision 1.8
diff -u -p -r1.8 privsep.h
--- usr.sbin/tcpdump/privsep.h  14 Jul 2015 20:23:40 -  1.8
+++ usr.sbin/tcpdump/privsep.h  28 May 2017 13:46:59 -
@@ -22,8 +22,7 @@
 #define TCPDUMP_MAGIC 0xa1b2c3d4
 
 /* file ids used by priv_getlines */
-#define FTAB_APPLETALK 0
-#define FTAB_PFOSFP1
+#define FTAB_PFOSFP0
 
 enum cmd_types {
PRIV_OPEN_BPF,  /* open a bpf descriptor */
Index: usr.sbin/tcpdump/tcpdump.8
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v
retrieving revision 1.92
diff -u -p -r1.92 tcpdump.8
--- usr.sbin/tcpdump/tcpdump.8  19 Apr 2017 05:36:13 -  1.92
+++ usr.sbin/tcpdump/tcpdump.8  28 May 2017 13:47:00 -
@@ -1604,142 +1604,6 @@ requests, and matches them to the replie
 .Pq transaction ID .
 If a reply does not closely follow the corresponding request,
 it might not be parsable.
-.Ss KIP AppleTalk (DDP in UDP)
-AppleTalk DDP packets encapsulated in UDP datagrams
-are de-encapsulated and dumped as DDP packets
-.Pq i.e., all the UDP header information is discarded .
-The file
-.Pa /etc/atalk.names
-is used to translate AppleTalk net and node numbers to names.
-Lines in this file have the form
-.Bl -column "number" "name" -offset indent
-.It Sy "number" Ta Ta Sy "name"
-.It "1.254" Ta Ta "ether"
-.It "16.1" Ta Ta "icsd-net"
-.It "1.254.110" Ta Ta "ace"
-.El
-.Pp
-The first two lines give the names of AppleTalk networks.
-The third line gives the name of a particular host
-(a host is distinguished from a net by the 3rd octet in the number;
-a net number
-.Em must
-have two octets and a host number
-.Em must
-have three octets).
-The number and name should be separated by whitespace (blanks or tabs).
-The
-.Pa /etc/atalk.names
-file may contain blank lines or comment lines
-(lines starting with a
-.Ql # ) .
-.Pp
-AppleTalk addresses are printed in the form
-.Pp
-.D1 Ar net . Ns Ar host . Ns Ar port
-.Pp
-For example:
-.Bd -unfilled -offset indent
-144.1.209.2 > icsd-net.112.220
-office.2 > icsd-net.112.220
-jssmag.149.235 > icsd-net.2
-.Ed
-.Pp
-If
-.Pa /etc/atalk.names
-doesn't exist or doesn't contain an entry for some AppleTalk
-host/net number, addresses are printed in numeric form.
-In the first example, NBP
-.Pq DDP port 2
-on net 144.1 node 209
-is sending to whatever is listening on port 220 of net icsd-net node 112.
-The second line is the same except the full name of the source node is known
-.Pq Dq office .
-The third line is a send from port 235 on
-net jssmag node 149 to broadcast on the icsd-net NBP port.
-The broadcast address
-.Pq 255
-is indicated by a net name with no host number;
-for this reason it is a good idea to keep node names and net names distinct in
-.Pa /etc/atalk.names .
-.Pp
-NBP
-.Pq name binding protocol
-and ATP
-.Pq AppleTalk transaction protocol
-packets have their contents interpreted.
-Other protocols just dump the protocol name
-.Po
-or number if no name is registered for the protocol
-.Pc
-and packet size.
-.Pp
-NBP packets are formatted like the following examples:
-.Bd -unfilled
-icsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*"
-jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250
-techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186
-.Ed
-.Pp
-The first line is a name lookup request for laserwriters sent by
-net icsdi-net host
-112 and broadcast on net jssmag.
-The nbp ID for the lookup is 190.
-The second line shows a reply for this request
-.Pq note that it has the same ID
-from host jssmag.209 saying that it has a laserwriter
-resource named RM1140 registered on port 250.
-The third line is another reply to the same request
-saying host techpit has laserwriter techpit registered on port 186.
-.Pp
-ATP packet formatting is demonstrated by the following example:
-.Bd -unfilled -offset 

Unlock IP forwarding paths

[Martin Pieuchot]

Diff below moves IPv4 & IPv6 incoming/forwarding path, PIPEX ppp
processing and IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().

We currently rely on the NET_LOCK() serializing access to most global
data structures for that.  IP input queues are no longer used in the
forwarding case.  They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().

Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch.  That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().

IPsec is the bridge of this layer.  A bad player.  Since IPsec isn't
ready to run without KERNEL_LOCK(), the softnet thread will grab the
KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.

I tried to document as much as possible the current design in my
commit messages and in the comment below.  Please ask if something
isn't clear.

Tests and ok welcome.

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.502
diff -u -p -r1.502 if.c
--- net/if.c30 May 2017 07:50:37 -  1.502
+++ net/if.c30 May 2017 08:34:49 -
@@ -874,7 +874,10 @@ if_input_process(void *xifidx)
struct ifnet *ifp;
struct ifih *ifih;
struct srp_ref sr;
-   int s;
+   int s, s2;
+#ifdef IPSEC
+   int locked = 0;
+#endif /* IPSEC */
 
ifp = if_get(ifidx);
if (ifp == NULL)
@@ -887,6 +890,32 @@ if_input_process(void *xifidx)
if (!ISSET(ifp->if_xflags, IFXF_CLONED))
add_net_randomness(ml_len());
 
+#ifdef IPSEC
+   /*
+* IPsec is not ready to run without KERNEL_LOCK().  So all
+* the traffic on your machine is punished if you have IPsec
+* enabled.
+*/
+   extern int ipsec_in_use;
+   if (ipsec_in_use) {
+   KERNEL_LOCK();
+   locked = 1;
+   }
+#endif /* IPSEC */
+
+   /*
+* We grab the NET_LOCK() before processing any packet to
+* ensure there's no contention on the routing table lock.
+*
+* Without it we could race with a userland thread to insert
+* a L2 entry in ip{6,}_output().  Such race would result in
+* one of the threads sleeping *inside* the IP output path.
+*
+* Since we have a NET_LOCK() we also use it to serialize access
+* to PF globals, pipex globals, unicast and multicast addresses
+* lists.
+*/
+   NET_LOCK(s2);
s = splnet();
while ((m = ml_dequeue()) != NULL) {
/*
@@ -903,7 +932,12 @@ if_input_process(void *xifidx)
m_freem(m);
}
splx(s);
+   NET_UNLOCK(s2);
 
+#ifdef IPSEC
+   if (locked)
+   KERNEL_UNLOCK();
+#endif /* IPSEC */
 out:
if_put(ifp);
 }
Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.245
diff -u -p -r1.245 if_ethersubr.c
--- net/if_ethersubr.c  30 May 2017 07:50:37 -  1.245
+++ net/if_ethersubr.c  30 May 2017 08:34:49 -
@@ -416,15 +416,11 @@ decapsulate:
 #ifdef PIPEX
if (pipex_enable) {
struct pipex_session *session;
-   int s;
 
-   NET_LOCK(s);
if ((session = pipex_pppoe_lookup_session(m)) != NULL) {
pipex_pppoe_input(m, session);
-   NET_UNLOCK(s);
return (1);
}
-   NET_UNLOCK(s);
}
 #endif
if (etype == ETHERTYPE_PPPOEDISC)
Index: net/if_switch.c
===
RCS file: /cvs/src/sys/net/if_switch.c,v
retrieving revision 1.19
diff -u -p -r1.19 if_switch.c
--- net/if_switch.c 12 May 2017 13:40:29 -  1.19
+++ net/if_switch.c 30 May 2017 08:34:49 -
@@ -388,9 +388,8 @@ switch_ioctl(struct ifnet *ifp, unsigned
struct bstp_port*bp;
struct ifnet*ifs;
struct switch_port  *swpo;
-   int  s, error = 0;
+   int  error = 0;
 
-   s = splnet();
switch (cmd) {
case SIOCBRDGADD:
if ((error = suser(curproc, 0)) != 0)
@@ -481,7 +480,6 @@ switch_ioctl(struct ifnet *ifp, unsigned
break;
}
 
-   splx(s);
return (error);
 }
 
Index: netinet/ip_input.c
===
RCS file: /cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.308
diff -u -p -r1.308 ip_input.c
--- netinet/ip_input.c  30 May 2017 07:50:37 -  1.308
+++ netinet/ip_input.c  30 May 2017 

Re: tcpdump: enable some more bgp info

[Job Snijders]

On Tue, May 30, 2017 at 10:21:17AM +0200, Michal Mazurek wrote:
> On 12:15:06, 29.05.17, Job Snijders wrote:
> > perhaps add a comment like /* RFC 6608 */ above the below:
> 
> Right, it will make it more consistent.
> 
> > > +static const char *bgpnotify_minor_fsm[] = {
> > > + NULL, "In OpenSent State", "In OpenConfirm State",
> > > + "In Established State",
> > > +};
> > 
> > and maybe s/NULL/"Unspecified Error"/
> 
> If it's NULL, then tcpdump will print out the number:
>
>   if (p == NULL) {
>   snprintf(buf, sizeof(buf), "#%d", minor);

Perhaps there is a misunderstanding on your part or on my part.

In the registry created by RFC 6608, the value "0" is the BGP Finite
State Machine Error subcode meaning "Unspecified Error". I think that
when a name is assigned to a value, the name should be printed (like
your patch does for subcode values 1, 2, and 3).

If no name is known for the error subcode, just printing the number is
useful indeed.

Kind regards,

Job

Re: tcpdump: enable some more bgp info

[Claudio Jeker]

On Tue, May 30, 2017 at 10:21:17AM +0200, Michal Mazurek wrote:
> On 12:15:06, 29.05.17, Job Snijders wrote:
> > perhaps add a comment like /* RFC 6608 */ above the below:
> 
> Right, it will make it more consistent.
> 
> > > +static const char *bgpnotify_minor_fsm[] = {
> > > + NULL, "In OpenSent State", "In OpenConfirm State",
> > > + "In Established State",
> > > +};
> > 
> > and maybe s/NULL/"Unspecified Error"/
> 
> If it's NULL, then tcpdump will print out the number:
> 
>   if (p == NULL) {
>   snprintf(buf, sizeof(buf), "#%d", minor);
> 

OK claudio@

> 
> Index: usr.sbin/tcpdump/print-bgp.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 print-bgp.c
> --- usr.sbin/tcpdump/print-bgp.c  24 Apr 2017 20:35:35 -  1.21
> +++ usr.sbin/tcpdump/print-bgp.c  30 May 2017 08:12:17 -
> @@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
>   "Invalid Network Field", "Malformed AS_PATH",
>  };
>  
> +static const char *bgpnotify_minor_holdtime[] = {
> + NULL,
> +};
> +
> +/* RFC 6608 */
> +static const char *bgpnotify_minor_fsm[] = {
> + NULL, "In OpenSent State", "In OpenConfirm State",
> + "In Established State",
> +};
> +
>  /* RFC 4486 */
>  #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
>  /* draft-ietf-idr-shutdown-07 */
> @@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
>  
>  static const char **bgpnotify_minor[] = {
>   NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
> + bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
> + bgpnotify_minor_cap,
>  };
>  static const int bgpnotify_minor_siz[] = {
>   0,
>   sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
>   sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
>   sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
> - 0,
> - 0,
> + sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
> + sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
>   sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
>   sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
>  };
> 
> -- 
> Michal Mazurek
> 

-- 
:wq Claudio

Re: tcpdump: enable some more bgp info

[Peter Hessler]

On 2017 May 30 (Tue) at 10:21:17 +0200 (+0200), Michal Mazurek wrote:
:On 12:15:06, 29.05.17, Job Snijders wrote:
:> perhaps add a comment like /* RFC 6608 */ above the below:
:
:Right, it will make it more consistent.
:
:> > +static const char *bgpnotify_minor_fsm[] = {
:> > +  NULL, "In OpenSent State", "In OpenConfirm State",
:> > +  "In Established State",
:> > +};
:> 
:> and maybe s/NULL/"Unspecified Error"/
:
:If it's NULL, then tcpdump will print out the number:
:
:   if (p == NULL) {
:   snprintf(buf, sizeof(buf), "#%d", minor);
:
:

OK


:Index: usr.sbin/tcpdump/print-bgp.c
:===
:RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
:retrieving revision 1.21
:diff -u -p -r1.21 print-bgp.c
:--- usr.sbin/tcpdump/print-bgp.c   24 Apr 2017 20:35:35 -  1.21
:+++ usr.sbin/tcpdump/print-bgp.c   30 May 2017 08:12:17 -
:@@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
:   "Invalid Network Field", "Malformed AS_PATH",
: };
: 
:+static const char *bgpnotify_minor_holdtime[] = {
:+  NULL,
:+};
:+
:+/* RFC 6608 */
:+static const char *bgpnotify_minor_fsm[] = {
:+  NULL, "In OpenSent State", "In OpenConfirm State",
:+  "In Established State",
:+};
:+
: /* RFC 4486 */
: #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
: /* draft-ietf-idr-shutdown-07 */
:@@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
: 
: static const char **bgpnotify_minor[] = {
:   NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
:+  bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
:+  bgpnotify_minor_cap,
: };
: static const int bgpnotify_minor_siz[] = {
:   0,
:   sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
:   sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
:   sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
:-  0,
:-  0,
:+  sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
:+  sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
:   sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
:   sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
: };
:
:-- 
:Michal Mazurek
:

-- 
There once was a man named Eugene
Who invented a screwing machine
Concave and convex
It served either sex
And it played with itself in between.

Re: Randomize link of kernel, and unmap startup code

[Mike Larkin]

On Tue, May 30, 2017 at 02:16:45AM -0600, Theo de Raadt wrote:
> This change relinks kernel objects randomly, and unmaps the bootcode
> component of locore during boot.  This makes gadgets harder to find.
> 
> The current linker layout is:
> 
>   locore.o [bring-up code + asm runtime]
>   rest of kernel .o, in order supplied by config(8)
> 
> The new linker layout is:
> 
>   locore.o [just the bring-up code]
>   gap.o
>   rest of kernel .o + new locore2.S [asm runtime], via sort -R
> 
> The gap.o being use some discussion.  This creates 5 random sized
> gaps:
>   Few pages after locore.o .text
> 
> resulting in the following layout:
> 
>   boot code
>   [few pages of gap]
> endboot:
>   [partial page gap]
>   rest of .text - randomized order
>   [page-alignment]
>   [partial page gap]
>   .rodata
>   [page-alignment]
>   [partial page gap]
>   .data
>   [partial page gap]
>   .data
> 
> When we supply the .o files to the linker in random order, their text
> segments are placed in that random order.  The .rodata/.data/.bss for
> each of those is also placed in the same order into their respective
> sections.
> 
> Once the system is booted, we unmap the locore.o bring-up code and the
> first few pages of gap.  (Cannot be too early, must be after "codepatch")
> 
> This bootcode is at a known location in KVA space.  At known offsets
> within this .o text object, there are pointers to other .o in
> particular to main().  By unmapping this bootcode, the addresses of
> gadgets in the remaining objects become unknown.  Due to randomization
> are not known.  There is no text-segment knowledge anymore about where
> these objects are.  Obviously some leakage of KVA addresses occurs,
> and cleanup will need to continue to ASLR more of those objects.
> 
> There are a few mitigation strategies against BROP attack methodology.
> One can be summarized as "never reuse an address space".  If a freshly
> linked kernel of this type was booted each time, we would be well on
> the way to satisfying that.  Then other migitations efforts come into
> play.
> 
> I've booted around 100 amd64 kernels, that is fairly well tested.  i386
> hasn't been tested as well yet.
> 

Not sure if you're looking for oks, but the diff reads ok to me.

-ml

> Index: arch/amd64/amd64/autoconf.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/autoconf.c,v
> retrieving revision 1.47
> diff -u -p -u -r1.47 autoconf.c
> --- arch/amd64/amd64/autoconf.c   8 Jun 2016 17:24:44 -   1.47
> +++ arch/amd64/amd64/autoconf.c   29 May 2017 13:04:34 -
> @@ -59,6 +59,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -105,6 +106,21 @@ void aesni_setup(void);
>  extern int   amd64_has_aesni;
>  #endif
>  
> +void
> +unmap_startup(void)
> +{
> + extern void *kernel_text, *endboot;
> + vaddr_t p;
> +
> + printf("unmap kernel init code %lx-%lx\n",
> + (vaddr_t)_text, (vaddr_t));
> + p = (vaddr_t)_text;
> + do {
> + pmap_kremove(p, PAGE_SIZE);
> + p += NBPG;
> + } while (p < (vaddr_t));
> +}
> +
>  /*
>   * Determine i/o configuration for a machine.
>   */
> @@ -122,6 +138,8 @@ cpu_configure(void)
>   lapic_set_lvt();
>   ioapic_enable();
>  #endif
> +
> + unmap_startup();
>  
>  #ifdef MULTIPROCESSOR
>   cpu_init_idle_pcbs();
> Index: arch/amd64/amd64/locore.S
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/locore.S,v
> retrieving revision 1.84
> diff -u -p -u -r1.84 locore.S
> --- arch/amd64/amd64/locore.S 6 Feb 2017 09:15:51 -   1.84
> +++ arch/amd64/amd64/locore.S 29 May 2017 20:52:28 -
> @@ -131,115 +131,13 @@
>  
>  #include 
>  
> -#define SET_CURPROC(proc,cpu)\
> - movqCPUVAR(SELF),cpu;   \
> - movqproc,CPUVAR(CURPROC)  ; \
> - movqcpu,P_CPU(proc)
> -
> -#define GET_CURPCB(reg)  movqCPUVAR(CURPCB),reg  
> -#define SET_CURPCB(reg)  movqreg,CPUVAR(CURPCB)
> -
> -
>  /* XXX temporary kluge; these should not be here */
>  /* Get definitions for IOM_BEGIN, IOM_END, and IOM_SIZE */
>  #include 
>  
> -
> -/*
> - * Initialization
> - */
> - .data
> -
> -#if NLAPIC > 0 
> - .align  NBPG, 0xcc
> - .globl _C_LABEL(local_apic), _C_LABEL(lapic_id), _C_LABEL(lapic_tpr)
> -_C_LABEL(local_apic):
> - .space  LAPIC_ID
> -_C_LABEL(lapic_id):
> - .long   0x
> - .space  LAPIC_TPRI-(LAPIC_ID+4)
> -_C_LABEL(lapic_tpr):
> - .space  LAPIC_PPRI-LAPIC_TPRI
> -_C_LABEL(lapic_ppr):
> - .space  LAPIC_ISR-LAPIC_PPRI 
> -_C_LABEL(lapic_isr):
> - .space  NBPG-LAPIC_ISR
> -#endif
> -
> - .globl  _C_LABEL(cpu_id),_C_LABEL(cpu_vendor)
> - .globl  

Re: tcpdump: enable some more bgp info

[Theo de Raadt]

> > > +static const char *bgpnotify_minor_fsm[] = {
> > > + NULL, "In OpenSent State", "In OpenConfirm State",
> > > + "In Established State",
> > > +};
> > 
> > and maybe s/NULL/"Unspecified Error"/
> 
> If it's NULL, then tcpdump will print out the number:
> 
>   if (p == NULL) {
>   snprintf(buf, sizeof(buf), "#%d", minor);

Yes, that is better because it provides more detail.

Re: tcpdump: enable some more bgp info

[Michal Mazurek]

On 12:15:06, 29.05.17, Job Snijders wrote:
> perhaps add a comment like /* RFC 6608 */ above the below:

Right, it will make it more consistent.

> > +static const char *bgpnotify_minor_fsm[] = {
> > +   NULL, "In OpenSent State", "In OpenConfirm State",
> > +   "In Established State",
> > +};
> 
> and maybe s/NULL/"Unspecified Error"/

If it's NULL, then tcpdump will print out the number:

if (p == NULL) {
snprintf(buf, sizeof(buf), "#%d", minor);


Index: usr.sbin/tcpdump/print-bgp.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
retrieving revision 1.21
diff -u -p -r1.21 print-bgp.c
--- usr.sbin/tcpdump/print-bgp.c24 Apr 2017 20:35:35 -  1.21
+++ usr.sbin/tcpdump/print-bgp.c30 May 2017 08:12:17 -
@@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
"Invalid Network Field", "Malformed AS_PATH",
 };
 
+static const char *bgpnotify_minor_holdtime[] = {
+   NULL,
+};
+
+/* RFC 6608 */
+static const char *bgpnotify_minor_fsm[] = {
+   NULL, "In OpenSent State", "In OpenConfirm State",
+   "In Established State",
+};
+
 /* RFC 4486 */
 #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
 /* draft-ietf-idr-shutdown-07 */
@@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
 
 static const char **bgpnotify_minor[] = {
NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
+   bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
+   bgpnotify_minor_cap,
 };
 static const int bgpnotify_minor_siz[] = {
0,
sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
-   0,
-   0,
+   sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
+   sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
 };

-- 
Michal Mazurek

Randomize link of kernel, and unmap startup code

[Theo de Raadt]

This change relinks kernel objects randomly, and unmaps the bootcode
component of locore during boot.  This makes gadgets harder to find.

The current linker layout is:

locore.o [bring-up code + asm runtime]
rest of kernel .o, in order supplied by config(8)

The new linker layout is:

locore.o [just the bring-up code]
gap.o
rest of kernel .o + new locore2.S [asm runtime], via sort -R

The gap.o being use some discussion.  This creates 5 random sized
gaps:
Few pages after locore.o .text

 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -105,6 +106,21 @@ void   aesni_setup(void);
 extern int amd64_has_aesni;
 #endif
 
+void
+unmap_startup(void)
+{
+   extern void *kernel_text, *endboot;
+   vaddr_t p;
+
+   printf("unmap kernel init code %lx-%lx\n",
+   (vaddr_t)_text, (vaddr_t));
+   p = (vaddr_t)_text;
+   do {
+   pmap_kremove(p, PAGE_SIZE);
+   p += NBPG;
+   } while (p < (vaddr_t));
+}
+
 /*
  * Determine i/o configuration for a machine.
  */
@@ -122,6 +138,8 @@ cpu_configure(void)
lapic_set_lvt();
ioapic_enable();
 #endif
+
+   unmap_startup();
 
 #ifdef MULTIPROCESSOR
cpu_init_idle_pcbs();
Index: arch/amd64/amd64/locore.S
===
RCS file: /cvs/src/sys/arch/amd64/amd64/locore.S,v
retrieving revision 1.84
diff -u -p -u -r1.84 locore.S
--- arch/amd64/amd64/locore.S   6 Feb 2017 09:15:51 -   1.84
+++ arch/amd64/amd64/locore.S   29 May 2017 20:52:28 -
@@ -131,115 +131,13 @@
 
 #include 
 
-#define SET_CURPROC(proc,cpu)  \
-   movqCPUVAR(SELF),cpu;   \
-   movqproc,CPUVAR(CURPROC)  ; \
-   movqcpu,P_CPU(proc)
-
-#define GET_CURPCB(reg)movqCPUVAR(CURPCB),reg  
-#define SET_CURPCB(reg)movqreg,CPUVAR(CURPCB)
-
-
 /* XXX temporary kluge; these should not be here */
 /* Get definitions for IOM_BEGIN, IOM_END, and IOM_SIZE */
 #include 
 
-
-/*
- * Initialization
- */
-   .data
-
-#if NLAPIC > 0 
-   .align  NBPG, 0xcc
-   .globl _C_LABEL(local_apic), _C_LABEL(lapic_id), _C_LABEL(lapic_tpr)
-_C_LABEL(local_apic):
-   .space  LAPIC_ID
-_C_LABEL(lapic_id):
-   .long   0x
-   .space  LAPIC_TPRI-(LAPIC_ID+4)
-_C_LABEL(lapic_tpr):
-   .space  LAPIC_PPRI-LAPIC_TPRI
-_C_LABEL(lapic_ppr):
-   .space  LAPIC_ISR-LAPIC_PPRI 
-_C_LABEL(lapic_isr):
-   .space  NBPG-LAPIC_ISR
-#endif
-
-   .globl  _C_LABEL(cpu_id),_C_LABEL(cpu_vendor)
-   .globl  _C_LABEL(cpuid_level),_C_LABEL(cpu_feature)
-   .globl  _C_LABEL(cpu_ebxfeature)
-   .globl  _C_LABEL(cpu_ecxfeature),_C_LABEL(ecpu_ecxfeature)
-   .globl  _C_LABEL(cpu_perf_eax)
-   .globl  _C_LABEL(cpu_perf_ebx)
-   .globl  _C_LABEL(cpu_perf_edx)
-   .globl  _C_LABEL(cpu_apmi_edx)
-   .globl  _C_LABEL(ssym),_C_LABEL(esym),_C_LABEL(boothowto)
-   .globl  _C_LABEL(bootdev)
-   .globl  _C_LABEL(bootinfo), _C_LABEL(bootinfo_size), _C_LABEL(atdevbase)
-   .globl  _C_LABEL(proc0paddr),_C_LABEL(PTDpaddr)
-   .globl  _C_LABEL(biosbasemem),_C_LABEL(biosextmem)
-   .globl  _C_LABEL(bootapiver)
-   .globl  _C_LABEL(pg_nx)
-_C_LABEL(cpu_id):  .long   0   # saved from `cpuid' instruction
-_C_LABEL(cpu_feature): .long   0   # feature flags from 'cpuid'
-   #   instruction
-_C_LABEL(cpu_ebxfeature):.long 0   # ext. ebx feature flags from 'cpuid'
-_C_LABEL(cpu_ecxfeature):.long 0   # ext. ecx feature flags from 'cpuid'
-_C_LABEL(ecpu_ecxfeature):.long0   # extended ecx feature flags
-_C_LABEL(cpu_perf_eax):.long   0   # arch. perf. mon. flags from 
'cpuid'
-_C_LABEL(cpu_perf_ebx):.long   0   # arch. perf. mon. flags from 
'cpuid'
-_C_LABEL(cpu_perf_edx):.long   0   # arch. perf. mon. flags from 
'cpuid'
-_C_LABEL(cpu_apmi_edx):.long   0   # adv. power mgmt. info. from 
'cpuid'
-_C_LABEL(cpuid_level): .long   -1  # max. level accepted by 'cpuid'
-   #   instruction
-_C_LABEL(cpu_vendor):  .space  16  # vendor string returned by `cpuid'
-   #   instruction
-_C_LABEL(ssym):.quad   0   # ptr to start of syms
-_C_LABEL(esym):.quad   0   # ptr to end of syms
-_C_LABEL(atdevbase):   .quad   0   # location of start of iomem in virtual
-_C_LABEL(bootapiver):  .long   0   # /boot API version
-_C_LABEL(bootdev): .long   0   # device we booted from
-_C_LABEL(proc0paddr):  .quad   0
-_C_LABEL(PTDpaddr):.quad   0   # paddr of PTD, for libkvm
-#ifndef REALBASEMEM
-_C_LABEL(biosbasemem): .long   0   # base memory reported by BIOS
-#else
-_C_LABEL(biosbasemem): .long   REALBASEMEM
-#endif
-#ifndef 

Re: ksh(1): vi mode UTF-8 bug

[Anton Lindqvist]

Hi,

On Mon, May 29, 2017 at 04:16:06PM +0200, Ingo Schwarze wrote:
> Hi,
> 
> Anton Lindqvist wrote on Sun, May 28, 2017 at 06:07:00PM +0200:
> > On Sun, May 28, 2017 at 10:56:19AM +0200, Walter Alejandro Iglesias wrote:
> 
> >> There is still a similar issue when you try to "replace" a utf-8
> >> character (in command mode press 'r' to replace a single character or
> >> 'R' to replace a string).
> 
> > Thanks for the report, please try out the diff below.
> > As I understand the problem: the current code assumes that the character
> > to replace consists of a single byte, which is not true for Unicode
> > characters.
> 
> Correct.  That needs to be improved.
> 
> > When replacing such a character, delete the continuation
> > bytes and then replace the start byte with the replacement.
> > This ensures no continuation bytes are left behind.
> > I made use of putbuf() since it has the side-effect of advancing the
> > cursor.
> > Lastly, adjust the cursor to be positioned on the last replaced
> > character.
> > 
> > NUL-terminating the line buffer is necessary in order for the following
> > to work:
> > 
> > 1. Insert ö
> > 
> > 2. Press esc, h (back one char), ro (replace with o), ax (append x)
> > 
> > Note that replacing a character with a Unicode character does not work
> > either.
> > 
> > Comments? OK?
> > 
> > Index: bin/ksh/vi.c
> > ===
> > RCS file: /cvs/src/bin/ksh/vi.c,v
> > retrieving revision 1.45
> > diff -u -p -r1.45 vi.c
> > --- bin/ksh/vi.c28 May 2017 07:27:01 -  1.45
> > +++ bin/ksh/vi.c28 May 2017 15:59:59 -
> > @@ -926,13 +926,22 @@ vi_cmd(int argcnt, const char *cmd)
> > if (cmd[1] == 0)
> > vi_error();
> > else {
> > -   int n;
> > -
> > if (es->cursor + argcnt > es->linelen)
> > return -1;
> 
> These two lines are no longer accurate.  They try to make sure there
> are enough characters under and to the right of the cursor to match
> the number you want to replace (for example, with "2r"), and beep
> otherwise - but they count bytes, which is wrong.

Correct, replacing 'ö' with 2ro is currently valid which is wrong. This
is fixed in the diff below and I added a test capturing this behavior.

> 
> To catch the error condition of an excessive argument, i think you
> first need to iterate to the right, using the c1 variable and isu8cont(),
> and return -1 if you hit the end prematurely.  Do not change anything
> in that case.
> 
> If so far, you succeed, you know you have to replace the range
> [es->cursor, c1].

Thanks for the pointers. I made use of c1 to count the number of
characters and cur denotes the upper limit for the range to replace
expressed in bytes. I've also added another test replacing the Euro sign
which consists of 3 bytes.

> > -   for (n = 0; n < argcnt; ++n)
> > -   es->cbuf[es->cursor + n] = cmd[1];
> > -   es->cursor += n - 1;
> > +
> > +   while (argcnt-- > 0) {
> > +   for (cur = es->cursor + 1;
> > +   cur < es->linelen; cur++)
> > +   if (!isu8cont(es->cbuf[cur]))
> > +   break;
> > +   if (cur > 1)
> > +   del_range(es->cursor, cur - 1);
> 
> Given that you don't know the length (in bytes) of the character
> to insert yet, i think it may be simpler to delete the byte under the
> cursor as well, even though that is slightly inefficient for the ASCII
> case.
> 
> > +   putbuf([1], 1, 1);
> 
> It seems that here, you may need to measure the length of the character
> to insert in bytes and then call something like
> 
>   putbuf(cmd + 1, #bytes, 0);
> 
> 
> My impression is that the 's' command is likely also affected, but that
> can be fixed in a separate patch.

As for replacement using a UTF-8 character, I made the same conclusion
as stated in your follow-up email. Since we don't know the length of the
character, we can't do the right thing right now.

Index: bin/ksh/vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.45
diff -u -p -r1.45 vi.c
--- bin/ksh/vi.c28 May 2017 07:27:01 -  1.45
+++ bin/ksh/vi.c30 May 2017 07:54:04 -
@@ -926,13 +926,24 @@ vi_cmd(int argcnt, const char *cmd)
if (cmd[1] == 0)
vi_error();
else {
-   int n;
-
-   if (es->cursor + argcnt > es->linelen)
+   c1 = 0;
+  

detect post threaded condition

[Ted Unangst]

talking to stsp, he reminded me of a problematic bug that took some time to
track down in some desktop software that shall not be named. after a program
calls fork(), the child has only a single thread. per the standard, it needs
to get to exec() as quickly as possible. per the quality standards of modern
software, this doesn't always happen, and then strangeness happens.

this adds a quick check for this error condition. after a fork, we set a new
variable in the child that we are post threaded. this can be checked elsewhere
in the library. i added a check to pthread_join because that's a notable
problem function.


Index: rthread.c
===
RCS file: /cvs/src/lib/librthread/rthread.c,v
retrieving revision 1.94
diff -u -p -r1.94 rthread.c
--- rthread.c   4 Sep 2016 10:13:35 -   1.94
+++ rthread.c   30 May 2017 07:43:12 -
@@ -64,6 +64,7 @@ REDIRECT_SYSCALL(thrkill);
 static int concurrency_level;  /* not used */
 
 int _threads_ready;
+int _post_threaded;
 size_t _thread_pagesize;
 struct listhead _thread_list = LIST_HEAD_INITIALIZER(_thread_list);
 _atomic_lock_t _thread_lock = _SPINLOCK_UNLOCKED;
@@ -358,6 +359,11 @@ pthread_join(pthread_t thread, void **re
pthread_t self;
PREP_CANCEL_POINT(tib);
 
+   if (_post_threaded) {
+#define GREATSCOTT "great scott! serious repurcussions on future events!\n"
+   write(2, GREATSCOTT, sizeof(GREATSCOTT));
+   abort();
+   }
if (!_threads_ready)
_rthread_init();
self = tib->tib_thread;
Index: rthread_fork.c
===
RCS file: /cvs/src/lib/librthread/rthread_fork.c,v
retrieving revision 1.19
diff -u -p -r1.19 rthread_fork.c
--- rthread_fork.c  4 Sep 2016 10:13:35 -   1.19
+++ rthread_fork.c  30 May 2017 07:41:29 -
@@ -58,6 +58,7 @@ _dofork(pid_t (*sys_fork)(void))
pthread_t me;
pid_t newid;
int i;
+   extern int _post_threaded;
 
if (!_threads_ready)
return sys_fork();
@@ -110,6 +111,7 @@ _dofork(pid_t (*sys_fork)(void))
 
/* single threaded now */
__isthreaded = 0;
+   _post_threaded = 1;
}
 #ifndef NO_PIC
else if (_DYNAMIC)

Re: Introduce ipv{4,6}_input()

[Claudio Jeker]

On Tue, May 30, 2017 at 09:27:28AM +0200, Martin Pieuchot wrote:
> Here's a simple refactoring diff to simplify the next one.  The upcoming
> diff will be unlocking IP forwarding paths, so I want to keep it as
> small as possible.
> 
> The idea of the refactoring below is to introduce two wrappers functions
> around IP queues.  In the next iteration they will call the protocol
> function directly.
> 
> ok?

Totally, makes switching a lot easier. Go  for it.

 
> Index: dev/usb/if_umb.c
> ===
> RCS file: /cvs/src/sys/dev/usb/if_umb.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 if_umb.c
> --- dev/usb/if_umb.c  18 May 2017 14:48:27 -  1.13
> +++ dev/usb/if_umb.c  30 May 2017 07:23:02 -
> @@ -768,7 +768,6 @@ umb_output(struct ifnet *ifp, struct mbu
>  int
>  umb_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
>  {
> - struct niqueue *inq;
>   uint8_t ipv;
>  
>   if ((ifp->if_flags & IFF_UP) == 0) {
> @@ -789,12 +788,12 @@ umb_input(struct ifnet *ifp, struct mbuf
>   ifp->if_ibytes += m->m_pkthdr.len;
>   switch (ipv) {
>   case 4:
> - inq = 
> - break;
> + ipv4_input(ifp, m);
> + return 1;
>  #ifdef INET6
>   case 6:
> - inq = 
> - break;
> + ipv6_input(ifp, m);
> + return 1;
>  #endif /* INET6 */
>   default:
>   ifp->if_ierrors++;
> @@ -803,7 +802,6 @@ umb_input(struct ifnet *ifp, struct mbuf
>   m_freem(m);
>   return 1;
>   }
> - niq_enqueue(inq, m);
>   return 1;
>  }
>  
> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.501
> diff -u -p -r1.501 if.c
> --- net/if.c  30 May 2017 06:42:13 -  1.501
> +++ net/if.c  30 May 2017 07:23:02 -
> @@ -734,8 +734,6 @@ if_input(struct ifnet *ifp, struct mbuf_
>  int
>  if_input_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
>  {
> - struct niqueue *ifq = NULL;
> -
>  #if NBPFILTER > 0
>   /*
>* Only send packets to bpf if they are destinated to local
> @@ -758,33 +756,28 @@ if_input_local(struct ifnet *ifp, struct
>   ifp->if_opackets++;
>   ifp->if_obytes += m->m_pkthdr.len;
>  
> + ifp->if_ipackets++;
> + ifp->if_ibytes += m->m_pkthdr.len;
> +
>   switch (af) {
>   case AF_INET:
> - ifq = 
> + ipv4_input(ifp, m);
>   break;
>  #ifdef INET6
>   case AF_INET6:
> - ifq = 
> + ipv6_input(ifp, m);
>   break;
>  #endif /* INET6 */
>  #ifdef MPLS
>   case AF_MPLS:
> - ifp->if_ipackets++;
> - ifp->if_ibytes += m->m_pkthdr.len;
>   mpls_input(m);
> - return (0);
> + break;
>  #endif /* MPLS */
>   default:
>   printf("%s: can't handle af%d\n", ifp->if_xname, af);
>   m_freem(m);
>   return (EAFNOSUPPORT);
>   }
> -
> - if (niq_enqueue(ifq, m) != 0)
> - return (ENOBUFS);
> -
> - ifp->if_ipackets++;
> - ifp->if_ibytes += m->m_pkthdr.len;
>  
>   return (0);
>  }
> Index: net/if_ethersubr.c
> ===
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.244
> diff -u -p -r1.244 if_ethersubr.c
> --- net/if_ethersubr.c28 May 2017 12:51:34 -  1.244
> +++ net/if_ethersubr.c30 May 2017 07:23:02 -
> @@ -374,8 +374,8 @@ ether_input(struct ifnet *ifp, struct mb
>  decapsulate:
>   switch (etype) {
>   case ETHERTYPE_IP:
> - inq = 
> - break;
> + ipv4_input(ifp, m);
> + return (1);
>  
>   case ETHERTYPE_ARP:
>   if (ifp->if_flags & IFF_NOARP)
> @@ -394,8 +394,8 @@ decapsulate:
>* Schedule IPv6 software interrupt for incoming IPv6 packet.
>*/
>   case ETHERTYPE_IPV6:
> - inq = 
> - break;
> + ipv6_input(ifp, m);
> + return (1);
>  #endif /* INET6 */
>  #if NPPPOE > 0 || defined(PIPEX)
>   case ETHERTYPE_PPPOEDISC:
> Index: net/if_mpe.c
> ===
> RCS file: /cvs/src/sys/net/if_mpe.c,v
> retrieving revision 1.59
> diff -u -p -r1.59 if_mpe.c
> --- net/if_mpe.c  4 May 2017 15:00:24 -   1.59
> +++ net/if_mpe.c  30 May 2017 07:23:02 -
> @@ -396,7 +396,7 @@ mpe_input(struct mbuf *m, struct ifnet *
>   bpf_mtap_af(ifp->if_bpf, AF_INET, m, BPF_DIRECTION_IN);
>  #endif
>  
> - niq_enqueue(, m);
> + ipv4_input(ifp, m);
>  }
>  
>  #ifdef INET6
> @@ -428,6 +428,6 @@ mpe_input6(struct mbuf *m, struct ifnet 
>   bpf_mtap_af(ifp->if_bpf, AF_INET6, m, BPF_DIRECTION_IN);
>  #endif
>  
> - niq_enqueue(, m);
> + 

Introduce ipv{4,6}_input()

[Martin Pieuchot]

Here's a simple refactoring diff to simplify the next one.  The upcoming
diff will be unlocking IP forwarding paths, so I want to keep it as
small as possible.

The idea of the refactoring below is to introduce two wrappers functions
around IP queues.  In the next iteration they will call the protocol
function directly.

ok?

Index: dev/usb/if_umb.c
===
RCS file: /cvs/src/sys/dev/usb/if_umb.c,v
retrieving revision 1.13
diff -u -p -r1.13 if_umb.c
--- dev/usb/if_umb.c18 May 2017 14:48:27 -  1.13
+++ dev/usb/if_umb.c30 May 2017 07:23:02 -
@@ -768,7 +768,6 @@ umb_output(struct ifnet *ifp, struct mbu
 int
 umb_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
 {
-   struct niqueue *inq;
uint8_t ipv;
 
if ((ifp->if_flags & IFF_UP) == 0) {
@@ -789,12 +788,12 @@ umb_input(struct ifnet *ifp, struct mbuf
ifp->if_ibytes += m->m_pkthdr.len;
switch (ipv) {
case 4:
-   inq = 
-   break;
+   ipv4_input(ifp, m);
+   return 1;
 #ifdef INET6
case 6:
-   inq = 
-   break;
+   ipv6_input(ifp, m);
+   return 1;
 #endif /* INET6 */
default:
ifp->if_ierrors++;
@@ -803,7 +802,6 @@ umb_input(struct ifnet *ifp, struct mbuf
m_freem(m);
return 1;
}
-   niq_enqueue(inq, m);
return 1;
 }
 
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.501
diff -u -p -r1.501 if.c
--- net/if.c30 May 2017 06:42:13 -  1.501
+++ net/if.c30 May 2017 07:23:02 -
@@ -734,8 +734,6 @@ if_input(struct ifnet *ifp, struct mbuf_
 int
 if_input_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
 {
-   struct niqueue *ifq = NULL;
-
 #if NBPFILTER > 0
/*
 * Only send packets to bpf if they are destinated to local
@@ -758,33 +756,28 @@ if_input_local(struct ifnet *ifp, struct
ifp->if_opackets++;
ifp->if_obytes += m->m_pkthdr.len;
 
+   ifp->if_ipackets++;
+   ifp->if_ibytes += m->m_pkthdr.len;
+
switch (af) {
case AF_INET:
-   ifq = 
+   ipv4_input(ifp, m);
break;
 #ifdef INET6
case AF_INET6:
-   ifq = 
+   ipv6_input(ifp, m);
break;
 #endif /* INET6 */
 #ifdef MPLS
case AF_MPLS:
-   ifp->if_ipackets++;
-   ifp->if_ibytes += m->m_pkthdr.len;
mpls_input(m);
-   return (0);
+   break;
 #endif /* MPLS */
default:
printf("%s: can't handle af%d\n", ifp->if_xname, af);
m_freem(m);
return (EAFNOSUPPORT);
}
-
-   if (niq_enqueue(ifq, m) != 0)
-   return (ENOBUFS);
-
-   ifp->if_ipackets++;
-   ifp->if_ibytes += m->m_pkthdr.len;
 
return (0);
 }
Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.244
diff -u -p -r1.244 if_ethersubr.c
--- net/if_ethersubr.c  28 May 2017 12:51:34 -  1.244
+++ net/if_ethersubr.c  30 May 2017 07:23:02 -
@@ -374,8 +374,8 @@ ether_input(struct ifnet *ifp, struct mb
 decapsulate:
switch (etype) {
case ETHERTYPE_IP:
-   inq = 
-   break;
+   ipv4_input(ifp, m);
+   return (1);
 
case ETHERTYPE_ARP:
if (ifp->if_flags & IFF_NOARP)
@@ -394,8 +394,8 @@ decapsulate:
 * Schedule IPv6 software interrupt for incoming IPv6 packet.
 */
case ETHERTYPE_IPV6:
-   inq = 
-   break;
+   ipv6_input(ifp, m);
+   return (1);
 #endif /* INET6 */
 #if NPPPOE > 0 || defined(PIPEX)
case ETHERTYPE_PPPOEDISC:
Index: net/if_mpe.c
===
RCS file: /cvs/src/sys/net/if_mpe.c,v
retrieving revision 1.59
diff -u -p -r1.59 if_mpe.c
--- net/if_mpe.c4 May 2017 15:00:24 -   1.59
+++ net/if_mpe.c30 May 2017 07:23:02 -
@@ -396,7 +396,7 @@ mpe_input(struct mbuf *m, struct ifnet *
bpf_mtap_af(ifp->if_bpf, AF_INET, m, BPF_DIRECTION_IN);
 #endif
 
-   niq_enqueue(, m);
+   ipv4_input(ifp, m);
 }
 
 #ifdef INET6
@@ -428,6 +428,6 @@ mpe_input6(struct mbuf *m, struct ifnet 
bpf_mtap_af(ifp->if_bpf, AF_INET6, m, BPF_DIRECTION_IN);
 #endif
 
-   niq_enqueue(, m);
+   ipv6_input(ifp, m);
 }
 #endif /* INET6 */
Index: net/if_ppp.c
===
RCS file: /cvs/src/sys/net/if_ppp.c,v
retrieving revision 1.107
diff -u -p -r1.107 if_ppp.c
--- net/if_ppp.c27 May 2017 18:39:17 -  1.107

Re: Fix some mg(1) warnings

[Florian Obser]

commited, thanks!

On Mon, May 29, 2017 at 03:15:21PM -0400, Brian Callahan wrote:
> Hi tech --
> 
> This diff cleans up some warnings found with WARNINGS=yes and
> compiling with both cc and clang. I ignored the -Wsign-compare
> and -Wmissing-prototypes warnings.
> 
> ~Brian
> 
> Index: dir.c
> ===
> RCS file: /cvs/src/usr.bin/mg/dir.c,v
> retrieving revision 1.29
> diff -u -p -u -p -r1.29 dir.c
> --- dir.c 12 Sep 2016 18:32:54 -  1.29
> +++ dir.c 29 May 2017 19:08:39 -
> @@ -117,7 +117,7 @@ do_makedir(char *path)
>  {
>   struct stat  sb;
>   int  finished, ishere;
> - mode_t   dir_mode, mode, oumask;
> + mode_t   dir_mode, f_mode, oumask;
>   char*slash;
>  
>   if ((path = adjustname(path, TRUE)) == NULL)
> @@ -131,8 +131,8 @@ do_makedir(char *path)
>   slash = path;
>  
>   oumask = umask(0);
> - mode = 0777 & ~oumask;
> - dir_mode = mode | S_IWUSR | S_IXUSR;
> + f_mode = 0777 & ~oumask;
> + dir_mode = f_mode | S_IWUSR | S_IXUSR;
>  
>   for (;;) {
>   slash += strspn(slash, "/");
> @@ -152,8 +152,8 @@ do_makedir(char *path)
>   continue;
>   }
>  
> - if (mkdir(path, finished ? mode : dir_mode) == 0) {
> - if (mode > 0777 && chmod(path, mode) < 0) {
> + if (mkdir(path, finished ? f_mode : dir_mode) == 0) {
> + if (f_mode > 0777 && chmod(path, f_mode) < 0) {
>   umask(oumask);
>   return (ABORT);
>   }
> Index: fileio.c
> ===
> RCS file: /cvs/src/usr.bin/mg/fileio.c,v
> retrieving revision 1.103
> diff -u -p -u -p -r1.103 fileio.c
> --- fileio.c  28 Jul 2016 21:40:25 -  1.103
> +++ fileio.c  29 May 2017 19:08:39 -
> @@ -215,6 +215,7 @@ int
>  fbackupfile(const char *fn)
>  {
>   struct stat  sb;
> + struct timespec  new_times[2];
>   int  from, to, serrno;
>   ssize_t  nread;
>   char buf[BUFSIZ];
> @@ -268,7 +269,6 @@ fbackupfile(const char *fn)
>   (void) fchmod(to, (sb.st_mode & 0777));
>  
>   /* copy the mtime to the backupfile */
> - struct timespec new_times[2];
>   new_times[0] = sb.st_atim;
>   new_times[1] = sb.st_mtim;
>   futimens(to, new_times);
> Index: modes.c
> ===
> RCS file: /cvs/src/usr.bin/mg/modes.c,v
> retrieving revision 1.20
> diff -u -p -u -p -r1.20 modes.c
> --- modes.c   19 Mar 2015 21:22:15 -  1.20
> +++ modes.c   29 May 2017 19:08:39 -
> @@ -23,14 +23,14 @@ struct maps_s *defb_modes[PBMODES] = { &
>  int   defb_flag = 0;
>  
>  int
> -changemode(int f, int n, char *mode)
> +changemode(int f, int n, char *newmode)
>  {
>   int  i;
>   struct maps_s   *m;
>  
> - if ((m = name_mode(mode)) == NULL) {
> + if ((m = name_mode(newmode)) == NULL) {
>   dobeep();
> - ewprintf("Can't find mode %s", mode);
> + ewprintf("Can't find mode %s", newmode);
>   return (FALSE);
>   }
>   if (!(f & FFARG)) {
> Index: re_search.c
> ===
> RCS file: /cvs/src/usr.bin/mg/re_search.c,v
> retrieving revision 1.31
> diff -u -p -u -p -r1.31 re_search.c
> --- re_search.c   19 Mar 2015 21:22:15 -  1.31
> +++ re_search.c   29 May 2017 19:08:40 -
> @@ -420,17 +420,17 @@ re_backsrch(void)
>   * some do-it-yourself control expansion.
>   */
>  static int
> -re_readpattern(char *prompt)
> +re_readpattern(char *re_prompt)
>  {
>   static int  dofree = 0;
>   int flags, error, s;
>   chartpat[NPAT], *rep;
>  
>   if (re_pat[0] == '\0')
> - rep = eread("%s: ", tpat, NPAT, EFNEW | EFCR, prompt);
> + rep = eread("%s: ", tpat, NPAT, EFNEW | EFCR, re_prompt);
>   else
>   rep = eread("%s: (default %s) ", tpat, NPAT,
> - EFNUL | EFNEW | EFCR, prompt, re_pat);
> + EFNUL | EFNEW | EFCR, re_prompt, re_pat);
>   if (rep == NULL)
>   return (ABORT);
>   if (rep[0] != '\0') {
> Index: search.c
> ===
> RCS file: /cvs/src/usr.bin/mg/search.c,v
> retrieving revision 1.44
> diff -u -p -u -p -r1.44 search.c
> --- search.c  19 Mar 2015 21:22:15 -  1.44
> +++ search.c  29 May 2017 19:08:40 -
> @@ -542,16 +542,16 @@ is_prompt(int dir, int flag, int success
>  }
>  
>  /*
> - * Prompt writing routine for the incremental search.  The "prompt" is just
> + * Prompt writing routine for the incremental search.  The "i_prompt" is just
>   * a string. The "flag" determines whether 

Re: ip_input() in pr_input style

[Martin Pieuchot]

On 29/05/17(Mon) 23:45, Alexander Bluhm wrote:
> Hi,
> 
> Convert ip_input(), ip_our(), ip_deliver() functions to pr_input
> parameter passing and protocol return style.  Reset mp to NULL in
> a few places to fail at mbuf use after free.  Rename ipv4_input()
> to ip_input().
> 
> Goal is to prepare the code that both mpi@'s and bluhm@'s diff
> apply.
> 
> ok?

I don't understand how I'm suppose to rebase my diff on top of this
one.  ip_ours() is now taking multiple arguments.

> Index: netinet/ip_input.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_input.c,v
> retrieving revision 1.306
> diff -u -p -r1.306 ip_input.c
> --- netinet/ip_input.c28 May 2017 12:22:54 -  1.306
> +++ netinet/ip_input.c29 May 2017 21:38:51 -
> @@ -126,7 +126,7 @@ int ip_sysctl_ipstat(void *, size_t *, v
>  
>  static struct mbuf_queue ipsend_mq;
>  
> -void ip_ours(struct mbuf *);
> +int  ip_ours(struct mbuf **, int *, int, int);
>  int  ip_dooptions(struct mbuf *, struct ifnet *);
>  int  in_ouraddr(struct mbuf *, struct ifnet *, struct rtentry **);
>  
> @@ -211,6 +211,7 @@ void
>  ipintr(void)
>  {
>   struct mbuf *m;
> + int off;
>  
>   /*
>* Get next datagram off input queue and get IP header
> @@ -221,7 +222,8 @@ ipintr(void)
>   if ((m->m_flags & M_PKTHDR) == 0)
>   panic("ipintr no HDR");
>  #endif
> - ipv4_input(m);
> + off = 0;
> + ip_input(, , IPPROTO_IPV4, AF_UNSPEC);
>   }
>  }
>  
> @@ -230,39 +232,42 @@ ipintr(void)
>   *
>   * Checksum and byte swap header.  Process options. Forward or deliver.
>   */
> -void
> -ipv4_input(struct mbuf *m)
> +int
> +ip_input(struct mbuf **mp, int *offp, int nxt, int af)
>  {
> + struct mbuf *m = *mp;
>   struct ifnet*ifp;
>   struct rtentry  *rt = NULL;
>   struct ip   *ip;
>   int hlen, len;
>   in_addr_t pfrdr = 0;
>  
> + KASSERT(*offp == 0);
> +
>   ifp = if_get(m->m_pkthdr.ph_ifidx);
>   if (ifp == NULL)
> - goto bad;
> + goto done;
>  
>   ipstat_inc(ips_total);
>   if (m->m_len < sizeof (struct ip) &&
> - (m = m_pullup(m, sizeof (struct ip))) == NULL) {
> + (m = *mp = m_pullup(m, sizeof (struct ip))) == NULL) {
>   ipstat_inc(ips_toosmall);
> - goto out;
> + goto done;
>   }
>   ip = mtod(m, struct ip *);
>   if (ip->ip_v != IPVERSION) {
>   ipstat_inc(ips_badvers);
> - goto bad;
> + goto done;
>   }
>   hlen = ip->ip_hl << 2;
>   if (hlen < sizeof(struct ip)) { /* minimum header length */
>   ipstat_inc(ips_badhlen);
> - goto bad;
> + goto done;
>   }
>   if (hlen > m->m_len) {
> - if ((m = m_pullup(m, hlen)) == NULL) {
> + if ((m = *mp = m_pullup(m, hlen)) == NULL) {
>   ipstat_inc(ips_badhlen);
> - goto out;
> + goto done;
>   }
>   ip = mtod(m, struct ip *);
>   }
> @@ -272,20 +277,20 @@ ipv4_input(struct mbuf *m)
>   (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
>   if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
>   ipstat_inc(ips_badaddr);
> - goto bad;
> + goto done;
>   }
>   }
>  
>   if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) {
>   if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) {
>   ipstat_inc(ips_badsum);
> - goto bad;
> + goto done;
>   }
>  
>   ipstat_inc(ips_inswcsum);
>   if (in_cksum(m, hlen) != 0) {
>   ipstat_inc(ips_badsum);
> - goto bad;
> + goto done;
>   }
>   }
>  
> @@ -297,7 +302,7 @@ ipv4_input(struct mbuf *m)
>*/
>   if (len < hlen) {
>   ipstat_inc(ips_badlen);
> - goto bad;
> + goto done;
>   }
>  
>   /*
> @@ -308,7 +313,7 @@ ipv4_input(struct mbuf *m)
>*/
>   if (m->m_pkthdr.len < len) {
>   ipstat_inc(ips_tooshort);
> - goto bad;
> + goto done;
>   }
>   if (m->m_pkthdr.len > len) {
>   if (m->m_len == m->m_pkthdr.len) {
> @@ -321,7 +326,7 @@ ipv4_input(struct mbuf *m)
>  #if NCARP > 0
>   if (ifp->if_type == IFT_CARP && ip->ip_p != IPPROTO_ICMP &&
>   carp_lsdrop(m, AF_INET, >ip_src.s_addr, >ip_dst.s_addr))
> - goto bad;
> + goto done;
>  #endif
>  
>  #if NPF > 0
> @@ -329,10 +334,11 @@ ipv4_input(struct mbuf *m)
>* Packet filter
>*/
>   pfrdr = ip->ip_dst.s_addr;
> - if (pf_test(AF_INET, PF_IN, ifp, ) != 

Re: Silence some warnings in tftp(1)

[Theo de Raadt]

> Silence some warnings in tftp(1) found by WARNINGS=yes.

I'm getting tired of these emails which say there are warnings, then
FAILS TO SHOW THEM, and proceeds to do huge variable renaming
refactorings of the source files.  Thereby requiring whoever gets this
in to redo it all the way from the top.  Please change your process.

Re: Silence some warnings in calendar(1)

[Ted Unangst]

Brian Callahan wrote:
> Hi tech --
> 
> Fix some warnings found with WARNINGS=yes. I believe setting
> ev1 = NULL in io.c is a false positive by cc but I fixed it anyway.
> 
> ~Brian
> 
> Index: day.c
> ===
> RCS file: /cvs/src/usr.bin/calendar/day.c,v
> retrieving revision 1.34
> diff -u -p -u -p -r1.34 day.c
> --- day.c 14 Sep 2016 15:09:46 -  1.34
> +++ day.c 30 May 2017 01:11:39 -
> @@ -77,7 +77,9 @@ static struct fixs ndays[8];  /*
>  static struct fixs fnmonths[13];  /* full national months names */
>  static struct fixs nmonths[13];   /* short national month names */
>  
> -void
> +static void fill_print_date(struct match *, struct tm *);
> +
> +static void
>  fill_print_date(struct match *m, struct tm *tm)

whatever warning does this is stupid. there's no bug that can be prevented by
copying the declaration one line up, and it just makes more work to change it.