Re: [patch] rebound.c

2017-05-31 Thread Alexander Hall 
Yeah, I use the nowrap or so plugin. When enabled, however, you will need to 
manually line break your textual lines. 

/Alexander 

On May 31, 2017 11:20:52 PM GMT+02:00, Edgar Pettijohn 
 wrote:
>Will do. Seems like Thunderbird messes then up sometimes.
>
>⁣Sent from BlueMail ​
>
>On May 31, 2017, 2:14 AM, at 2:14 AM, Ted Unangst 
>wrote:
>>Edgar Pettijohn wrote:
>>> Be more consistent with logerr usage.
>>>
>>
>>sure, thanks. can you send future diffs inline please? easier than
>>attachments.

Re: [patch] typo smtpd/dns.c

2017-05-31 Thread Edgar Pettijohn 
Will do. I just don't trust Thunderbird not to mess them up.

⁣Sent from BlueMail ​

On May 31, 2017, 3:01 AM, at 3:01 AM, Gilles Chehade  wrote:
>On Tue, May 30, 2017 at 05:26:08PM -0500, Edgar Pettijohn wrote:
>> fix typo
>
>thanks, will commit
>
>when sending diffs, please inline them instead of attaching as it is
>easier for us to work with them that way
>
>Gilles
>
>
>> Index: dns.c
>> ===
>> RCS file: /cvs/src/usr.sbin/smtpd/dns.c,v
>> retrieving revision 1.83
>> diff -u -p -u -r1.83 dns.c
>> --- dns.c28 Oct 2015 07:28:13 -  1.83
>> +++ dns.c30 May 2017 22:09:15 -
>> @@ -246,7 +246,7 @@ dns_imsg(struct mproc *p, struct imsg *i
>>
>>  as = res_query_async(s->name, C_IN, T_MX, NULL);
>>  if (as == NULL) {
>> -log_warn("warn: req_query_async: %s", s->name);
>> +log_warn("warn: res_query_async: %s", s->name);
>>  m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1);
>>  m_add_id(s->p, s->reqid);
>>  m_add_int(s->p, DNS_EINVAL);
>
>
>--
>Gilles Chehade
>
>https://www.poolp.org
>@poolpOrg

Re: [patch] rebound.c

2017-05-31 Thread Edgar Pettijohn 
Will do. Seems like Thunderbird messes then up sometimes.

⁣Sent from BlueMail ​

On May 31, 2017, 2:14 AM, at 2:14 AM, Ted Unangst  wrote:
>Edgar Pettijohn wrote:
>> Be more consistent with logerr usage.
>>
>
>sure, thanks. can you send future diffs inline please? easier than
>attachments.

i386 clang: fix bootstrap build (sync with amd64)

2017-05-31 Thread Christian Weisgerber 
The same changes as committed yesterday for amd64.

This allows building the i386 bootstrap with clang:
* build with -ffreestanding
* skip the integrated assembler for assym.h
* use as(1) to build biosboot.S and the various versions of srt0.S

Successfully tested for { pxeboot, disk boot } x { gcc, clang }.

ok?

Index: Makefile.inc
===
RCS file: /cvs/src/sys/arch/i386/stand/Makefile.inc,v
retrieving revision 1.49
diff -u -p -r1.49 Makefile.inc
--- Makefile.inc6 Nov 2016 16:04:20 -   1.49
+++ Makefile.inc31 May 2017 19:50:35 -
@@ -1,7 +1,7 @@
 #  $OpenBSD: Makefile.inc,v 1.49 2016/11/06 16:04:20 tb Exp $
 
 CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror
-CFLAGS+=   -fno-stack-protector -DMDRANDOM
+CFLAGS+=   -ffreestanding -fno-stack-protector -DMDRANDOM
 CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
 SACFLAGS=-D_STANDALONE
 DEBUGFLAGS=
@@ -23,13 +23,18 @@ CLEANFILES+=assym.h machine
 
 SACFLAGS+=-nostdinc -fno-builtin -fpack-struct
 
+.include 
+.if ${COMPILER_VERSION:Mclang}
+NO_INTEGR_AS=   -no-integrated-as
+.endif
+
 .if !make(clean) && !make(cleandir) && !make(includes) && !make(libdep) && \
 !make(sadep) && !make(salibdir) && !make(obj)
 .BEGIN:
@([ X$(S) = X -o -h machine ] || ln -s $(S)/arch/i386/include machine)
 
 assym.h: ${S}/kern/genassym.sh ${SADIR}/etc/genassym.cf
-   sh ${S}/kern/genassym.sh ${CC} ${CFLAGS} ${CPPFLAGS} \
+   sh ${S}/kern/genassym.sh ${CC} ${NO_INTEGR_AS} ${CFLAGS} ${CPPFLAGS} \
${PARAM} < ${SADIR}/etc/genassym.cf > assym.h.tmp && \
mv -f assym.h.tmp assym.h
 .endif
Index: biosboot/Makefile
===
RCS file: /cvs/src/sys/arch/i386/stand/biosboot/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- biosboot/Makefile   30 Jul 2016 03:25:48 -  1.27
+++ biosboot/Makefile   31 May 2017 19:52:09 -
@@ -22,6 +22,7 @@ ${PROG}: $(OBJS)
 CPPFLAGS+=-DLOADADDR=$(LOADADDR) -DLINKADDR=$(LINKADDR) 
-DBOOTMAGIC=$(BOOTMAGIC)
 CPPFLAGS+=${DEBUGFLAGS}
 CFLAGS+=-fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 #AFLAGS+=-Wa,-a
 AFLAGS+=-fno-pie
 .else
Index: boot/Makefile
===
RCS file: /cvs/src/sys/arch/i386/stand/boot/Makefile,v
retrieving revision 1.64
diff -u -p -r1.64 Makefile
--- boot/Makefile   18 Sep 2016 16:34:59 -  1.64
+++ boot/Makefile   31 May 2017 19:52:47 -
@@ -81,6 +81,7 @@ CPPFLAGS+=-DBOOTMAGIC=$(BOOTMAGIC) ${DEB
 CPPFLAGS+=-DSLOW -DSMALL -DNOBYFOUR -DNO_GZIP -DDYNAMIC_CRC_TABLE
 CPPFLAGS+=-DHEAP_LIMIT=${HEAP_LIMIT} -I${S}/stand/boot #-DCOMPAT_UFS
 CFLAGS+=-m32 $(SACFLAGS) -D__INTERNAL_LIBSA_CREAD -fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 AFLAGS+=-m32 # -Wa,-R
 # AFLAGS+=-Wa,-a
 AFLAGS+=-fno-pie
Index: cdboot/Makefile
===
RCS file: /cvs/src/sys/arch/i386/stand/cdboot/Makefile,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile
--- cdboot/Makefile 18 Sep 2016 16:34:59 -  1.29
+++ cdboot/Makefile 31 May 2017 19:54:15 -
@@ -73,6 +73,7 @@ CFLAGS+=${SACFLAGS} -D__INTERNAL_LIBSA_C
 CFLAGS+=-DOSREV=\"${OSREV}\" -DMACHINE=\"${MACHINE}\"
 CFLAGS+=-DKERNEL=\"/${OSREV}/${MACHINE}/bsd.rd\"
 CFLAGS+=-fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 #AFLAGS+=-Wa,-R
 # AFLAGS+=-Wa,-a
 AFLAGS+=-fno-pie
Index: pxeboot/Makefile
===
RCS file: /cvs/src/sys/arch/i386/stand/pxeboot/Makefile,v
retrieving revision 1.26
diff -u -p -r1.26 Makefile
--- pxeboot/Makefile18 Sep 2016 16:34:59 -  1.26
+++ pxeboot/Makefile31 May 2017 19:55:58 -
@@ -72,6 +72,7 @@ CPPFLAGS+=-DSLOW -DSMALL -DNOBYFOUR -DNO
 CPPFLAGS+=-DHEAP_LIMIT=${HEAP_LIMIT}
 CPPFLAGS+=-I${S}/stand/boot
 CFLAGS+=$(SACFLAGS) -D__INTERNAL_LIBSA_CREAD -fno-pie
+AFLAGS+=${NO_INTEGR_AS}
 #AFLAGS+=-Wa,-R
 # AFLAGS+=-Wa,-a
 AFLAGS+=-fno-pie
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: beacon miss threshold

2017-05-31 Thread Stefan Sperling 
On Wed, May 31, 2017 at 01:25:36PM +0200, Mark Kettenis wrote:
> > Date: Wed, 31 May 2017 11:53:19 +0200
> > From: Stefan Sperling 
> > 
> > On Wed, May 31, 2017 at 11:23:07AM +0200, Mark Kettenis wrote:
> > > Is the beacon interval always the same for all modes/hardware?
> > 
> > It is defined by the AP. The value (in TU) is sent to clients in beacons:
> > 
> > # tcpdump -n -i iwn0 -y IEEE802_11_RADIO -vv
> > 11:50:23.170309 802.11 flags=0<>: beacon, timestamp 59648614784, interval 
> > 100,
> 
> Then your change doesn't really make sense to me.  Naively I'd say
> that you would want to scale the missed beacon threshold based on the
> interval.  The current code may not do that properly, but your change
> seems to move further away from that.

Sure, we can scale the value. Currently it is fixed but it need not be.

I think the question of whether ieee80211com stores a beacon counter value
or a time period is irrelevant to scaling. We can provide consistent
behaviour across different wifi networks with either approach.

Storing a counter seems easier to me because that's what the hardware
reports when it sends a missed beacon event. The hardware does not report
how much time has elapsed since the last beacon was seen.

I'll try to come up with a diff to scale ic_bmissthres once an AP has
been selected and the beacon interval is known.

Re: rework bgpd ext community and support origin validation state

2017-05-31 Thread Denis Fondras 
Hi,

A typo slipped into Claudio's patch. While at it, fix the same typo elsewhere.

Denis


Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.308
diff -u -p -r1.308 parse.y
--- parse.y 31 May 2017 10:44:00 -  1.308
+++ parse.y 31 May 2017 19:07:05 -
@@ -3218,7 +3218,7 @@ parseextcommunity(struct filter_extcommu
return (-1);
}
if (errno == ERANGE && ullval > EXT_COMMUNITY_OPAQUE_MAX) {
-   yyerror("Bad ext-community value to big");
+   yyerror("Bad ext-community value too big");
return (-1);
}
c->data.ext_opaq = ullval;
@@ -3504,7 +3504,7 @@ merge_prefixspec(struct filter_prefix_l 
case OP_LE:
case OP_GT:
if (pl->len_min > max_len) {
-   yyerror("prefixlen %d to big for AF, limit %d",
+   yyerror("prefixlen %d too big for AF, limit %d",
pl->len_min, max_len);
return (-1);
}
@@ -3516,7 +3516,7 @@ merge_prefixspec(struct filter_prefix_l 
break;
case OP_LT:
if (pl->len_min > max_len - 1) {
-   yyerror("prefixlen %d to big for AF, limit %d",
+   yyerror("prefixlen %d too big for AF, limit %d",
pl->len_min, max_len - 1);
return (-1);
}

Re: Question on getcwd(3) behavior on OpenBSD

2017-05-31 Thread Ted Unangst 
Kurt Mosiejczuk wrote:
> Just recently converted the main user machines students and faculty use
> to OpenBSD 6.1.  I've found out that git will abort in one scenario
> where there is a directory in the tree where the user has execute
> permissions but not read permissions.
> 
> I traced down this abort to a getcwd(3) call where git gets EACCES, and
> decides the world is ending.  On the Linux server that was retired, the
> getcwd(3) call just works.
> 
> Some folks suggested to me that getcwd(3) should work just fine in this
> scenario, so I installed a FreeBSD VM to see what happens there.
> 
> git is perfectly happy there.  That getcwd(3) works just fine.  Ok,
> since it's not just Linux behaving this way, I'm now wondering if this
> is a bug in OpenBSD's getcwd(3).  I realize this may also be a POSIX
> corner case.

Not so much a corner case as explicitly documented as a possible error.

http://pubs.opengroup.org/onlinepubs/9699919799/functions/getcwd.html

[EACCES]
Search permission was denied for the current directory, or read or
search permission was denied for a directory above the current
directory in the file hierarchy.

Question on getcwd(3) behavior on OpenBSD

2017-05-31 Thread Kurt Mosiejczuk 
Just recently converted the main user machines students and faculty use
to OpenBSD 6.1.  I've found out that git will abort in one scenario
where there is a directory in the tree where the user has execute
permissions but not read permissions.

I traced down this abort to a getcwd(3) call where git gets EACCES, and
decides the world is ending.  On the Linux server that was retired, the
getcwd(3) call just works.

Some folks suggested to me that getcwd(3) should work just fine in this
scenario, so I installed a FreeBSD VM to see what happens there.

git is perfectly happy there.  That getcwd(3) works just fine.  Ok,
since it's not just Linux behaving this way, I'm now wondering if this
is a bug in OpenBSD's getcwd(3).  I realize this may also be a POSIX
corner case.

You can duplicate this scenario like this:

$ mkdir -p test/foo
$ chmod 111 test
$ git init --bare test/foo
fatal: unable to get current working directory: Permission denied
$

So, is this a case where OpenBSD interprets POSIX differently?  Is it a
bug?  Is git being stupid here? (This last one is probably yes).

Thanks,
  --Kurt

Re: tweak txp to avoid ifq_deq_begin/commit/rollback

2017-05-31 Thread Mike Belopuhov 
On Wed, May 31, 2017 at 20:40 +0200, Mike Belopuhov wrote:
> According to the FreeBSD driver, txp(4) is not setting up its TX
> ring correctly.  FreeBSD driver uses up to 16 fragments, while we
> use up to 252 which is suspicious.
> 
> This gets us in line with FreeBSD, introduces goodness of m_defrag
> and removes pesky if_deq_* thingies.
> 
> Does anyone still have the hardware (3com 3CR900 Typhoon) to test?
> OK's are welcome.
>

Forgot to mention, this "goto oactive" should never happen
because of the check at the start of the loop, but I'm not
too brave to just ditch it right now.

> @@ -1351,10 +1339,12 @@ txp_start(struct ifnet *ifp)
>   for (i = 0; i < sd->sd_map->dm_nsegs; i++) {
>   if (++cnt >= (TX_ENTRIES - 4)) {
>   bus_dmamap_sync(sc->sc_dmat, sd->sd_map,
>   0, sd->sd_map->dm_mapsize,
>   BUS_DMASYNC_POSTWRITE);
> + bus_dmamap_unload(sc->sc_dmat, sd->sd_map);
> + m_freem(m);
>   goto oactive;
>   }
>  
>   fxd->frag_flags = FRAG_FLAGS_TYPE_FRAG |
>   FRAG_FLAGS_VALID;
[...]
> @@ -1424,13 +1407,10 @@ txp_start(struct ifnet *ifp)
>   r->r_prod = prod;
>   r->r_cnt = cnt;
>   return;
>  
>  oactive:
> - bus_dmamap_unload(sc->sc_dmat, sd->sd_map);
> -oactive1:
> - ifq_deq_rollback(>if_snd, m);
>   ifq_set_oactive(>if_snd);
>   r->r_prod = firstprod;
>   r->r_cnt = firstcnt;
>  }
>

tweak txp to avoid ifq_deq_begin/commit/rollback

2017-05-31 Thread Mike Belopuhov 
According to the FreeBSD driver, txp(4) is not setting up its TX
ring correctly.  FreeBSD driver uses up to 16 fragments, while we
use up to 252 which is suspicious.

This gets us in line with FreeBSD, introduces goodness of m_defrag
and removes pesky if_deq_* thingies.

Does anyone still have the hardware (3com 3CR900 Typhoon) to test?
OK's are welcome.

diff --git sys/dev/pci/if_txp.c sys/dev/pci/if_txp.c
index deede70e9de..1aed06765c0 100644
--- sys/dev/pci/if_txp.c
+++ sys/dev/pci/if_txp.c
@@ -883,12 +883,12 @@ txp_alloc_rings(struct txp_softc *sc)
sc->sc_txhir.r_desc = (struct txp_tx_desc 
*)sc->sc_txhiring_dma.dma_vaddr;
sc->sc_txhir.r_cons = sc->sc_txhir.r_prod = sc->sc_txhir.r_cnt = 0;
sc->sc_txhir.r_off = >sc_hostvar->hv_tx_hi_desc_read_idx;
for (i = 0; i < TX_ENTRIES; i++) {
if (bus_dmamap_create(sc->sc_dmat, TXP_MAX_PKTLEN,
-   TX_ENTRIES - 4, TXP_MAX_SEGLEN, 0,
-   BUS_DMA_NOWAIT, >sc_txd[i].sd_map) != 0) {
+   TXP_MAXTXSEGS, MCLBYTES, 0, BUS_DMA_NOWAIT,
+   >sc_txd[i].sd_map) != 0) {
for (j = 0; j < i; j++) {
bus_dmamap_destroy(sc->sc_dmat,
sc->sc_txd[j].sd_map);
sc->sc_txd[j].sd_map = NULL;
}
@@ -1261,57 +1261,48 @@ txp_start(struct ifnet *ifp)
struct txp_softc *sc = ifp->if_softc;
struct txp_tx_ring *r = >sc_txhir;
struct txp_tx_desc *txd;
int txdidx;
struct txp_frag_desc *fxd;
-   struct mbuf *m, *mnew;
+   struct mbuf *m;
struct txp_swdesc *sd;
u_int32_t firstprod, firstcnt, prod, cnt, i;
 
if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(>if_snd))
return;
 
prod = r->r_prod;
cnt = r->r_cnt;
 
while (1) {
-   m = ifq_deq_begin(>if_snd);
+   if (cnt >= TX_ENTRIES - TXP_MAXTXSEGS - 4)
+   goto oactive;
+
+   m = ifq_dequeue(>if_snd);
if (m == NULL)
break;
-   mnew = NULL;
 
firstprod = prod;
firstcnt = cnt;
 
sd = sc->sc_txd + prod;
sd->sd_mbuf = m;
 
-   if (bus_dmamap_load_mbuf(sc->sc_dmat, sd->sd_map, m,
+   switch (bus_dmamap_load_mbuf(sc->sc_dmat, sd->sd_map, m,
BUS_DMA_NOWAIT)) {
-   MGETHDR(mnew, M_DONTWAIT, MT_DATA);
-   if (mnew == NULL)
-   goto oactive1;
-   if (m->m_pkthdr.len > MHLEN) {
-   MCLGET(mnew, M_DONTWAIT);
-   if ((mnew->m_flags & M_EXT) == 0) {
-   m_freem(mnew);
-   goto oactive1;
-   }
-   }
-   m_copydata(m, 0, m->m_pkthdr.len, mtod(mnew, caddr_t));
-   mnew->m_pkthdr.len = mnew->m_len = m->m_pkthdr.len;
-   ifq_deq_commit(>if_snd, m);
+   case 0:
+   break;
+   case EFBIG:
+   if (m_defrag(m, M_DONTWAIT) == 0 &&
+   bus_dmamap_load_mbuf(sc->sc_dmat, sd->sd_map, m,
+   BUS_DMA_NOWAIT) == 0)
+   break;
+   default:
m_freem(m);
-   m = mnew;
-   if (bus_dmamap_load_mbuf(sc->sc_dmat, sd->sd_map, m,
-   BUS_DMA_NOWAIT))
-   goto oactive1;
+   continue;
}
 
-   if ((TX_ENTRIES - cnt) < 4)
-   goto oactive;
-
txd = r->r_desc + prod;
txdidx = prod;
txd->tx_flags = TX_FLAGS_TYPE_DATA;
txd->tx_numdesc = 0;
txd->tx_addrlo = 0;
@@ -1321,13 +1312,10 @@ txp_start(struct ifnet *ifp)
txd->tx_numdesc = sd->sd_map->dm_nsegs;
 
if (++prod == TX_ENTRIES)
prod = 0;
 
-   if (++cnt >= (TX_ENTRIES - 4))
-   goto oactive;
-
 #if NVLAN > 0
if (m->m_flags & M_VLANTAG) {
txd->tx_pflags = TX_PFLAGS_VLAN |
(htons(m->m_pkthdr.ether_vtag) << 
TX_PFLAGS_VLANTAG_S);
}
@@ -1351,10 +1339,12 @@ txp_start(struct ifnet *ifp)
for (i = 0; i < sd->sd_map->dm_nsegs; i++) {
if (++cnt >= (TX_ENTRIES - 4)) {
bus_dmamap_sync(sc->sc_dmat, sd->sd_map,
0, sd->sd_map->dm_mapsize,

snmpd: remove unused variables

2017-05-31 Thread Jan Klemkow 
Hi,

This diff removes two local variables which are never used.

bye,
Jan

Index: trap.c
===
RCS file: /cvs/src/usr.sbin/snmpd/trap.c,v
retrieving revision 1.29
diff -u -p -r1.29 trap.c
--- trap.c  21 Apr 2017 13:46:15 -  1.29
+++ trap.c  31 May 2017 16:12:43 -
@@ -63,7 +63,6 @@ trap_agentx(struct agentx_handle *h, str
struct ber_element  *varbind, *iter;
int  x = 0, state = 0;
int  ret = AGENTX_ERR_NONE;
-   int  seensysuptime, seentrapoid;
size_t   len = 0;
pid_tpid = -1;
char*v = NULL;
@@ -71,7 +70,6 @@ trap_agentx(struct agentx_handle *h, str
*varcpy = NULL;
varbind = NULL;
iter = NULL;
-   seensysuptime = seentrapoid = 0;
 
if (pdu->hdr->flags & AGENTX_NON_DEFAULT_CONTEXT) {
ret = AGENTX_ERR_UNSUPPORTED_CONTEXT;

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Gilles Chehade 
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote:
> On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade  wrote:
> 
> > It is not that simple because newaliases works when you have one aliases
> > database (e.g. /etc/mail/aliases). This is the case on the default setup
> > but smtpd supports per-rule aliases mappings and for example the MX that
> > I run for poolp.org
> 
> Sounds like  newaliases   should check the config for the existence of
> multiple aliases
> mappings,   And either  enumerate and make sure all of them get refreshed,  Or
> return an error listing out  possible alias mappings to refresh and
> ask you to pick
> 
> newaliases (-a | )
> 

I'm not opposed to adding parameter to newaliases
I'm very opposed to implicitely refreshing everything automatically.


> Either way,  requiring some wordy incantation such as"smtpctl
> update table aliases"
> to get what newaliases did for standard configurations is not very cool.
>

technically, this can be fixed with mailwrapper(8) which is why we did
not bother with a shortcut directly in the code, we should probably do
a mailwrapper shortcut out of the box even if it doesn't work on other
setups.


> Or for non-standard  configurations  that break newaliases  list as a
> documented caveat
> of using the options for custom tables.
> 
> --
> -JH

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Jimmy Hess 
On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade  wrote:

> It is not that simple because newaliases works when you have one aliases
> database (e.g. /etc/mail/aliases). This is the case on the default setup
> but smtpd supports per-rule aliases mappings and for example the MX that
> I run for poolp.org

Sounds like  newaliases   should check the config for the existence of
multiple aliases
mappings,   And either  enumerate and make sure all of them get refreshed,  Or
return an error listing out  possible alias mappings to refresh and
ask you to pick

newaliases (-a | )

Either way,  requiring some wordy incantation such as"smtpctl
update table aliases"
to get what newaliases did for standard configurations is not very cool.

Or for non-standard  configurations  that break newaliases  list as a
documented caveat
of using the options for custom tables.

--
-JH

Re: tweak msk to avoid ifq_deq_begin/commit/rollback

2017-05-31 Thread Mike Belopuhov 
On Wed, May 31, 2017 at 10:28 +1000, David Gwynne wrote:
> ie, do the space check before trying to dequeue and mbuf.
> 
> this also moves it to using m_defrag.
>

Thanks, this looks good.

Forgot to mention that you can remove the
/* now we are committed to transmit the packet */
comment from both sk and msk as it doesn't reveal any sacred
truths anymore.

Same as with sk, I've got no real opinion regarding adding
BUS_DMA_STREAMING, but otherwise I'm OK.

> i dont have an msk plugged in and i dont know how to use the overdrive
> 1000 i have here. if someone could test and ok this, it would be
> great.
>
> Index: if_msk.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_msk.c,v
> retrieving revision 1.127
> diff -u -p -r1.127 if_msk.c
> --- if_msk.c  10 Apr 2017 02:15:54 -  1.127
> +++ if_msk.c  31 May 2017 00:27:04 -
> @@ -1489,31 +1489,20 @@ msk_encap(struct sk_if_softc *sc_if, str
>  
>   cur = frag = *txidx;
>  
> -#ifdef MSK_DEBUG
> - if (mskdebug >= 2)
> - msk_dump_mbuf(m_head);
> -#endif
> -
> - /*
> -  * Start packing the mbufs in this chain into
> -  * the fragment pointers. Stop when we run out
> -  * of fragments or hit the end of the mbuf chain.
> -  */
> - if (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
> - BUS_DMA_NOWAIT)) {
> - DPRINTFN(2, ("msk_encap: dmamap failed\n"));
> - return (ENOBUFS);
> - }
> -
> - entries = txmap->dm_nsegs * 2;
> - if (entries > (MSK_TX_RING_CNT - sc_if->sk_cdata.sk_tx_cnt - 2)) {
> - DPRINTFN(2, ("msk_encap: too few descriptors free\n"));
> - bus_dmamap_unload(sc->sc_dmatag, txmap);
> - return (ENOBUFS);
> + switch (bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
> + BUS_DMA_STREAMING | BUS_DMA_NOWAIT)) {
> + case 0:
> + break;
> + case EFBIG: /* mbuf chain is too fragmented */
> + if (m_defrag(m_head, M_DONTWAIT) == 0 &&
> + bus_dmamap_load_mbuf(sc->sc_dmatag, txmap, m_head,
> + BUS_DMA_STREAMING | BUS_DMA_NOWAIT) == 0)
> + break;
> + /* FALLTHROUGH */
> + default:
> + return (1);
>   }
>  
> - DPRINTFN(2, ("msk_encap: dm_nsegs=%d\n", txmap->dm_nsegs));
> -
>   /* Sync the DMA map. */
>   bus_dmamap_sync(sc->sc_dmatag, txmap, 0, txmap->dm_mapsize,
>   BUS_DMASYNC_PREWRITE);
> @@ -1585,12 +1574,16 @@ msk_start(struct ifnet *ifp)
>   struct sk_if_softc  *sc_if = ifp->if_softc;
>   struct mbuf *m_head = NULL;
>   u_int32_t   idx = sc_if->sk_cdata.sk_tx_prod;
> - int pkts = 0;
> + int post = 0;
>  
> - DPRINTFN(2, ("msk_start\n"));
> + for (;;) {
> + if (sc_if->sk_cdata.sk_tx_cnt + (SK_NTXSEG * 2) + 1 >
> + MSK_TX_RING_CNT) {
> + ifq_set_oactive(>if_snd);
> + break;
> + }
>  
> - while (sc_if->sk_cdata.sk_tx_chain[idx].sk_mbuf == NULL) {
> - m_head = ifq_deq_begin(>if_snd);
> + m_head = ifq_dequeue(>if_snd);
>   if (m_head == NULL)
>   break;
>  
> @@ -1600,14 +1593,11 @@ msk_start(struct ifnet *ifp)
>* for the NIC to drain the ring.
>*/
>   if (msk_encap(sc_if, m_head, )) {
> - ifq_deq_rollback(>if_snd, m_head);
> - ifq_set_oactive(>if_snd);
> - break;
> + m_freem(m_head);
> + continue;
>   }
>  
>   /* now we are committed to transmit the packet */
> - ifq_deq_commit(>if_snd, m_head);
> - pkts++;
>  
>   /*
>* If there's a BPF listener, bounce a copy of this frame
> @@ -1617,18 +1607,17 @@ msk_start(struct ifnet *ifp)
>   if (ifp->if_bpf)
>   bpf_mtap(ifp->if_bpf, m_head, BPF_DIRECTION_OUT);
>  #endif
> + post = 1;
>   }
> - if (pkts == 0)
> + if (post == 0)
>   return;
>  
>   /* Transmit */
> - if (idx != sc_if->sk_cdata.sk_tx_prod) {
> - sc_if->sk_cdata.sk_tx_prod = idx;
> - SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
> + sc_if->sk_cdata.sk_tx_prod = idx;
> + SK_IF_WRITE_2(sc_if, 1, SK_TXQA1_Y2_PREF_PUTIDX, idx);
>  
> - /* Set a timeout in case the chip goes out to lunch. */
> - ifp->if_timer = MSK_TX_TIMEOUT;
> - }
> + /* Set a timeout in case the chip goes out to lunch. */
> + ifp->if_timer = MSK_TX_TIMEOUT;
>  }
>  
>  void
>

Re: kqueue EV_RECEIPT and EV_DISPATCH

2017-05-31 Thread Alexander Bluhm 
On Wed, May 31, 2017 at 02:07:19PM +0200, Mike Belopuhov wrote:
> On Wed, May 31, 2017 at 08:37 +0200, Jan Schreiber wrote:
> > Hi,
> > 
> > I recently stumbled upon software that relies on EV_RECEIPT and
> > EV_DISPATCH to be available as flags. It also showed up as dependency
> > for a Rust crate.
> > FreeBSD has it since 8.1 and OSX since 10.5.
> > Patch is below.
> > 
> > mike@ looked throug, thanks a lot!
> >
> 
> That was me (mikeb@).

Then you should commit it.  OK bluhm@

> 
> > Jan
> > 
> > Index: sys/kern/kern_event.c
> > ===
> > RCS file: /cvs/src/sys/kern/kern_event.c,v
> > retrieving revision 1.78
> > diff -u -p -u -r1.78 kern_event.c
> > --- sys/kern/kern_event.c   11 Feb 2017 19:51:06 -  1.78
> > +++ sys/kern/kern_event.c   30 May 2017 22:38:49 -
> > @@ -512,7 +512,7 @@ sys_kevent(struct proc *p, void *v, regi
> > kevp = >kq_kev[i];
> > kevp->flags &= ~EV_SYSFLAGS;
> > error = kqueue_register(kq, kevp, p);
> > -   if (error) {
> > +   if (error || (kevp->flags & EV_RECEIPT)) {
> > if (SCARG(uap, nevents) != 0) {
> > kevp->flags = EV_ERROR;
> > kevp->data = error;
> > @@ -788,9 +788,13 @@ start:
> > kn->kn_fop->f_detach(kn);
> > knote_drop(kn, p, p->p_fd);
> > s = splhigh();
> > -   } else if (kn->kn_flags & EV_CLEAR) {
> > -   kn->kn_data = 0;
> > -   kn->kn_fflags = 0;
> > +   } else if (kn->kn_flags & (EV_CLEAR | EV_DISPATCH)) {
> > +   if (kn->kn_flags & EV_CLEAR) {
> > +   kn->kn_data = 0;
> > +   kn->kn_fflags = 0;
> > +   }
> > +   if (kn->kn_flags & EV_DISPATCH)
> > +   kn->kn_status |= KN_DISABLED;
> > kn->kn_status &= ~(KN_QUEUED | KN_ACTIVE);
> > kq->kq_count--;
> > } else {
> > Index: sys/sys/event.h
> > ===
> > RCS file: /cvs/src/sys/sys/event.h,v
> > retrieving revision 1.23
> > diff -u -p -u -r1.23 event.h
> > --- sys/sys/event.h 24 Sep 2016 18:39:17 -  1.23
> > +++ sys/sys/event.h 30 May 2017 22:31:04 -
> > @@ -68,6 +68,8 @@ struct kevent {
> >  /* flags */
> >  #define EV_ONESHOT 0x0010  /* only report one occurrence */
> >  #define EV_CLEAR   0x0020  /* clear event state after reporting */
> > +#define EV_RECEIPT 0x0040  /* force EV_ERROR on success, data=0 */
> > +#define EV_DISPATCH0x0080  /* disable event after 
> > reporting */
> >  
> >  #define EV_SYSFLAGS0xF000  /* reserved by system */
> >  #define EV_FLAG1   0x2000  /* filter-specific flag */
> > Index: lib/libc/sys/kqueue.2
> > ===
> > RCS file: /cvs/src/lib/libc/sys/kqueue.2,v
> > retrieving revision 1.33
> > diff -u -p -u -r1.33 kqueue.2
> > --- lib/libc/sys/kqueue.2   13 Aug 2016 17:05:02 -  1.33
> > +++ lib/libc/sys/kqueue.2   30 May 2017 22:30:29 -
> > @@ -184,10 +184,25 @@ Disable the event so
> >  .Fn kevent
> >  will not return it.
> >  The filter itself is not disabled.
> > +.It Dv EV_DISPATCH
> > +Disable the event source immediately after delivery of an event.
> > +See
> > +.Dv EV_DISABLE
> > +above.
> >  .It Dv EV_DELETE
> >  Removes the event from the kqueue.
> >  Events which are attached to file descriptors are automatically deleted
> >  on the last close of the descriptor.
> > +.It Dv EV_RECEIPT
> > +Causes
> > +.Fn kevent
> > +to return with
> > +.Dv EV_ERROR
> > +set without draining any pending events after updating events in the 
> > kqueue.
> > +When a filter is successfully added the
> > +.Va data
> > +field will be zero.
> > +This flag is useful for making bulk changes to a kqueue.
> >  .It Dv EV_ONESHOT
> >  Causes the event to return only the first occurrence of the filter
> >  being triggered.
> > 
> 
> We've tweaked the description for EV_RECEIPT a bit because FreeBSD
> version didn't make a whole lot sense.

Route priority support for ospf6d

2017-05-31 Thread Florian Riehm 
Hi,

this diff adds priority support to ospf6d.
Mostly based on the following ospfd commit:
cvs diff -D "2008-12-11" -D "2008-12-13"

Additionally I removed the RTF_UP from hdr.rtm_flags in send_rtmsg().
Ospfd and bgpd also don't set the flag.

The next steps will be to add support for ospf6ctl fib reload and
to invent rtmsg_process() to reduce duplicate code in fetchtable() 
and dispatch_rtmsg().

OK ?

friehm

Index: usr.sbin/ospf6ctl/ospf6ctl.c
===
RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
retrieving revision 1.44
diff -u -p -r1.44 ospf6ctl.c
--- usr.sbin/ospf6ctl/ospf6ctl.c22 Dec 2016 23:03:55 -  1.44
+++ usr.sbin/ospf6ctl/ospf6ctl.c31 May 2017 12:22:20 -
@@ -1256,7 +1256,8 @@ void
 show_fib_head(void)
 {
printf("flags: * = valid, O = OSPF, C = Connected, S = Static\n");
-   printf("%-6s %-20s %-17s\n", "Flags", "Destination", "Nexthop");
+   printf("%-6s %-4s %-20s %-17s\n",
+   "Flags", "Prio", "Destination", "Nexthop");
 }
 
 int
@@ -1286,6 +1287,7 @@ show_fib_msg(struct imsg *imsg)
printf(" ");
 
printf(" ");
+   printf("%4d ", k->priority);
if (asprintf(, "%s/%u", log_in6addr(>prefix),
k->prefixlen) == -1)
err(1, NULL);
Index: usr.sbin/ospf6d/kroute.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
retrieving revision 1.51
diff -u -p -r1.51 kroute.c
--- usr.sbin/ospf6d/kroute.c30 May 2017 12:42:31 -  1.51
+++ usr.sbin/ospf6d/kroute.c31 May 2017 12:22:20 -
@@ -62,7 +62,8 @@ int   kroute_compare(struct kroute_node *,
 intkr_change_fib(struct kroute_node *, struct kroute *, int, int);
 intkr_delete_fib(struct kroute_node *);
 
-struct kroute_node *kroute_find(const struct in6_addr *, u_int8_t);
+struct kroute_node *kroute_find(const struct in6_addr *, u_int8_t,
+   u_int8_t);
 struct kroute_node *kroute_matchgw(struct kroute_node *,
struct in6_addr *, unsigned int);
 int kroute_insert(struct kroute_node *);
@@ -215,6 +216,7 @@ kr_change_fib(struct kroute_node *kr, st
kn->r.nexthop = kroute[i].nexthop;
kn->r.scope = kroute[i].scope;
kn->r.flags = kroute[i].flags | F_OSPFD_INSERTED;
+   kn->r.priority = RTP_OSPF;
kn->r.ext_tag = kroute[i].ext_tag;
rtlabel_unref(kn->r.rtlabel);   /* for RTM_CHANGE */
kn->r.rtlabel = kroute[i].rtlabel;
@@ -238,31 +240,10 @@ kr_change(struct kroute *kroute, int krc
 
kroute->rtlabel = rtlabel_tag2id(kroute->ext_tag);
 
-   kr = kroute_find(>prefix, kroute->prefixlen);
-   if (kr != NULL) {
-   if (kr->r.flags & F_KERNEL) {
-   /* a non-ospf route already exists. not a problem */
-   if (!(kr->r.flags & F_BGPD_INSERTED)) {
-   do {
-   kr->r.flags |= F_OSPFD_INSERTED;
-   kr = kr->next;
-   } while (kr);
-   return (0);
-   }
-   /*
-* XXX as long as there is no multipath support in
-* bgpd this is safe else we end up in a bad situation.
-*/
-   /*
-* ospf route has higher pref
-* - reset flags to the ospf ones
-* - use RTM_CHANGE
-* - zero out ifindex (this is no longer relevant)
-*/
-   action = RTM_CHANGE;
-   } else if (kr->next == NULL)/* single path OSPF route */
-   action = RTM_CHANGE;
-   }
+   kr = kroute_find(>prefix, kroute->prefixlen, RTP_OSPF);
+   if (kr != NULL && kr->next == NULL && krcount == 1)
+   /* single path OSPF route */
+   action = RTM_CHANGE;
 
return (kr_change_fib(kr, kroute, krcount, action));
 }
@@ -270,14 +251,10 @@ kr_change(struct kroute *kroute, int krc
 int
 kr_delete_fib(struct kroute_node *kr)
 {
-   if (!(kr->r.flags & F_OSPFD_INSERTED))
-   return 0;
-
-   if (kr->r.flags & F_KERNEL) {
-   /* remove F_OSPFD_INSERTED flag, route still exists in kernel */
-   kr->r.flags &= ~F_OSPFD_INSERTED;
-   return (0);
-   }
+   if (kr->r.priority != RTP_OSPF)
+   log_warn("kr_delete_fib: %s/%d has wrong priority %d",
+   log_in6addr(>r.prefix), kr->r.prefixlen,
+   kr->r.priority);
 
if (send_rtmsg(kr_state.fd, RTM_DELETE, >r) == -1)

ipsec: tdb_unlink() and dst addr update for MOBIKE

2017-05-31 Thread Patrick Wildt 
Hi,

I'd like to add MOBIKE support to iked, specifically first of all making
iked as server react to mobile clients changing their IP addresses. One
thing for that is the kernel part.

Having MOBIKE means that we need to be able to change the destination
address in an existing SA so that the already established SA points to
the correct client's IP address.  Now we cannot call SADB_UPDATE with
the new DST address in SADB_EXT_ADDRESS_DST since that attribute is
used to find and retrieve the SA.  For this we need a different attr.
Since PROXY is unused we can make re-use it.  Maybe it might make sense
to rename it to something else, but I won't propose it as part of this
diff.  In the case of our server changing the IP, we would be able to
use the SADB_EXT_ADDRESS_SRC attribute for that.

Since we are changing a valid SA, we need to remove it from the tree,
modify it, and then put it back in.  We do not yet have that functio-
nality, we can only free them.  For this, split a part of tdb_delete()
into a new function tdb_unlink() which is the equivalent of puttdb(),
but the other way around.

Opinions?

Patrick

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 5acb747f9f3..a50adba7431 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1214,6 +1214,15 @@ pfkeyv2_send(struct socket *socket, void *message, int 
len)
import_tag(sa2, headers[SADB_X_EXT_TAG]);
import_tap(sa2, headers[SADB_X_EXT_TAP]);
 #endif
+   if (headers[SADB_EXT_ADDRESS_SRC] ||
+   headers[SADB_EXT_ADDRESS_PROXY]) {
+   tdb_unlink(sa2);
+   import_address((struct sockaddr *)>tdb_src,
+   headers[SADB_EXT_ADDRESS_SRC]);
+   import_address((struct sockaddr *)>tdb_dst,
+   headers[SADB_EXT_ADDRESS_PROXY]);
+   puttdb(sa2);
+   }
}
 
break;
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 547532fa7b4..3a8b48441da 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -96,6 +96,7 @@
 #define BITMAP_LIFETIME_SOFT   (1LL << SADB_EXT_LIFETIME_SOFT)
 #define BITMAP_ADDRESS_SRC (1LL << SADB_EXT_ADDRESS_SRC)
 #define BITMAP_ADDRESS_DST (1LL << SADB_EXT_ADDRESS_DST)
+#define BITMAP_ADDRESS_PROXY   (1LL << SADB_EXT_ADDRESS_PROXY)
 #define BITMAP_KEY_AUTH(1LL << SADB_EXT_KEY_AUTH)
 #define BITMAP_KEY_ENCRYPT (1LL << SADB_EXT_KEY_ENCRYPT)
 #define BITMAP_IDENTITY_SRC(1LL << SADB_EXT_IDENTITY_SRC)
@@ -134,7 +135,7 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
/* GETSPI */
BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
/* UPDATE */
-   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | 
BITMAP_X_TAP,
+   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | 
BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG 
| BITMAP_X_TAP,
/* ADD */
BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE 
| BITMAP_X_TAG | BITMAP_X_TAP,
/* DELETE */
@@ -206,7 +207,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
/* GETSPI */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* UPDATE */
-   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | 
BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | 
BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | 
BITMAP_X_TAP,
/* ADD */
BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | 
BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
/* DELETE */
@@ -463,6 +464,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
break;
case SADB_EXT_ADDRESS_SRC:
case SADB_EXT_ADDRESS_DST:
+   case SADB_EXT_ADDRESS_PROXY:
case SADB_X_EXT_SRC_MASK:
case SADB_X_EXT_DST_MASK:
case SADB_X_EXT_SRC_FLOW:
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 39daa184c51..89f9fb89164 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -714,7 +714,7 @@ puttdb(struct tdb *tdbp)
 }
 
 void
-tdb_delete(struct tdb *tdbp)
+tdb_unlink(struct tdb *tdbp)
 {
struct tdb *tdbpp;
u_int32_t hashval;
@@ -775,10 +775,18 @@ tdb_delete(struct tdb *tdbp)
}
 
tdbp->tdb_snext = NULL;
-   tdb_free(tdbp);
tdb_count--;
 }
 
+void
+tdb_delete(struct tdb

Re: kqueue EV_RECEIPT and EV_DISPATCH

2017-05-31 Thread Mike Belopuhov 
On Wed, May 31, 2017 at 08:37 +0200, Jan Schreiber wrote:
> Hi,
> 
> I recently stumbled upon software that relies on EV_RECEIPT and
> EV_DISPATCH to be available as flags. It also showed up as dependency
> for a Rust crate.
> FreeBSD has it since 8.1 and OSX since 10.5.
> Patch is below.
> 
> mike@ looked throug, thanks a lot!
>

That was me (mikeb@).

> Jan
> 
> Index: sys/kern/kern_event.c
> ===
> RCS file: /cvs/src/sys/kern/kern_event.c,v
> retrieving revision 1.78
> diff -u -p -u -r1.78 kern_event.c
> --- sys/kern/kern_event.c 11 Feb 2017 19:51:06 -  1.78
> +++ sys/kern/kern_event.c 30 May 2017 22:38:49 -
> @@ -512,7 +512,7 @@ sys_kevent(struct proc *p, void *v, regi
>   kevp = >kq_kev[i];
>   kevp->flags &= ~EV_SYSFLAGS;
>   error = kqueue_register(kq, kevp, p);
> - if (error) {
> + if (error || (kevp->flags & EV_RECEIPT)) {
>   if (SCARG(uap, nevents) != 0) {
>   kevp->flags = EV_ERROR;
>   kevp->data = error;
> @@ -788,9 +788,13 @@ start:
>   kn->kn_fop->f_detach(kn);
>   knote_drop(kn, p, p->p_fd);
>   s = splhigh();
> - } else if (kn->kn_flags & EV_CLEAR) {
> - kn->kn_data = 0;
> - kn->kn_fflags = 0;
> + } else if (kn->kn_flags & (EV_CLEAR | EV_DISPATCH)) {
> + if (kn->kn_flags & EV_CLEAR) {
> + kn->kn_data = 0;
> + kn->kn_fflags = 0;
> + }
> + if (kn->kn_flags & EV_DISPATCH)
> + kn->kn_status |= KN_DISABLED;
>   kn->kn_status &= ~(KN_QUEUED | KN_ACTIVE);
>   kq->kq_count--;
>   } else {
> Index: sys/sys/event.h
> ===
> RCS file: /cvs/src/sys/sys/event.h,v
> retrieving revision 1.23
> diff -u -p -u -r1.23 event.h
> --- sys/sys/event.h   24 Sep 2016 18:39:17 -  1.23
> +++ sys/sys/event.h   30 May 2017 22:31:04 -
> @@ -68,6 +68,8 @@ struct kevent {
>  /* flags */
>  #define EV_ONESHOT   0x0010  /* only report one occurrence */
>  #define EV_CLEAR 0x0020  /* clear event state after reporting */
> +#define EV_RECEIPT   0x0040  /* force EV_ERROR on success, data=0 */
> +#define EV_DISPATCH  0x0080  /* disable event after reporting */
>  
>  #define EV_SYSFLAGS  0xF000  /* reserved by system */
>  #define EV_FLAG1 0x2000  /* filter-specific flag */
> Index: lib/libc/sys/kqueue.2
> ===
> RCS file: /cvs/src/lib/libc/sys/kqueue.2,v
> retrieving revision 1.33
> diff -u -p -u -r1.33 kqueue.2
> --- lib/libc/sys/kqueue.2 13 Aug 2016 17:05:02 -  1.33
> +++ lib/libc/sys/kqueue.2 30 May 2017 22:30:29 -
> @@ -184,10 +184,25 @@ Disable the event so
>  .Fn kevent
>  will not return it.
>  The filter itself is not disabled.
> +.It Dv EV_DISPATCH
> +Disable the event source immediately after delivery of an event.
> +See
> +.Dv EV_DISABLE
> +above.
>  .It Dv EV_DELETE
>  Removes the event from the kqueue.
>  Events which are attached to file descriptors are automatically deleted
>  on the last close of the descriptor.
> +.It Dv EV_RECEIPT
> +Causes
> +.Fn kevent
> +to return with
> +.Dv EV_ERROR
> +set without draining any pending events after updating events in the kqueue.
> +When a filter is successfully added the
> +.Va data
> +field will be zero.
> +This flag is useful for making bulk changes to a kqueue.
>  .It Dv EV_ONESHOT
>  Causes the event to return only the first occurrence of the filter
>  being triggered.
> 

We've tweaked the description for EV_RECEIPT a bit because FreeBSD
version didn't make a whole lot sense.

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Gilles Chehade 
On Wed, May 31, 2017 at 11:59:08AM +0100, Stuart Henderson wrote:
> On 2017/05/31 11:10, Jason McIntyre wrote:
> > On Wed, May 31, 2017 at 11:49:18AM +0200, Antoine Jacoutot wrote:
> > > On May 31, 2017 11:35:28 AM GMT+02:00, Consus  wrote:
> > > >OpenBSD defaults to file table now so there is no need in running
> > > >newaliases(8).
> > > >---
> > > > etc/mail/aliases | 8 ++--
> > > > 1 file changed, 2 insertions(+), 6 deletions(-)
> > > >
> > > >diff --git a/etc/mail/aliases b/etc/mail/aliases
> > > >index c1ac04b5a81..045b2b2a456 100644
> > > >--- a/etc/mail/aliases
> > > >+++ b/etc/mail/aliases
> > > >@@ -1,12 +1,8 @@
> > > > #
> > > > #   $OpenBSD: aliases,v 1.64 2017/03/18 21:18:01 florian Exp $
> > > > #
> > > >-#  Aliases in this file will NOT be expanded in the header from
> > > >-#  Mail, but WILL be visible over networks or from
> > > >/usr/libexec/mail.local.
> > > >-#
> > > >-#   >>  The program "newaliases" must be run after
> > > >-#   >> NOTE >>  this file is updated for any changes to
> > > >-#   >>  show through to smtpd.
> > > >+#  Aliases in this file will NOT be expanded in the header from Mail,
> > > >but WILL
> > > >+#  be visible over networks or from /usr/libexec/mail.local.
> > > > #
> > > > 
> > > > # Basic system aliases -- these MUST be present
> > > >-- 
> > > >2.13.0
> > > 
> > > I proposed the same a while ago but people preferred to keep it in regard 
> > > to other MTA. Maybe it's time to revisit ?
> > > 
> > > 
> > 
> > well what's there now is incorrect, so i think something needs to
> > happen. even if we just prefix the text with "For databases" or
> > something.
> 
> But you need "smtpctl update table aliases" instead don't you? (At least
> that is how I read the manual).
> 
> (It would seem useful if "newaliases" did whatever is necessary for the
> table type you have in use so you don't need to think about it and the
> documentation can be simple..)
> 

It is not that simple because newaliases works when you have one aliases
database (e.g. /etc/mail/aliases). This is the case on the default setup
but smtpd supports per-rule aliases mappings and for example the MX that
I run for poolp.org and opensmtpd.org has two different sets of aliases,
one for each domain, and now newaliases can't work anymore.

We can hack it so it works in some cases but it will never be able to do
the work correctly for non-default configurations and we will still have
to provide and document the smtpctl command.

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: beacon miss threshold

2017-05-31 Thread Mark Kettenis 
> Date: Wed, 31 May 2017 11:53:19 +0200
> From: Stefan Sperling 
> 
> On Wed, May 31, 2017 at 11:23:07AM +0200, Mark Kettenis wrote:
> > Is the beacon interval always the same for all modes/hardware?
> 
> It is defined by the AP. The value (in TU) is sent to clients in beacons:
> 
> # tcpdump -n -i iwn0 -y IEEE802_11_RADIO -vv
> 11:50:23.170309 802.11 flags=0<>: beacon, timestamp 59648614784, interval 100,

Then your change doesn't really make sense to me.  Naively I'd say
that you would want to scale the missed beacon threshold based on the
interval.  The current code may not do that properly, but your change
seems to move further away from that.

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Stuart Henderson 
On 2017/05/31 11:10, Jason McIntyre wrote:
> On Wed, May 31, 2017 at 11:49:18AM +0200, Antoine Jacoutot wrote:
> > On May 31, 2017 11:35:28 AM GMT+02:00, Consus  wrote:
> > >OpenBSD defaults to file table now so there is no need in running
> > >newaliases(8).
> > >---
> > > etc/mail/aliases | 8 ++--
> > > 1 file changed, 2 insertions(+), 6 deletions(-)
> > >
> > >diff --git a/etc/mail/aliases b/etc/mail/aliases
> > >index c1ac04b5a81..045b2b2a456 100644
> > >--- a/etc/mail/aliases
> > >+++ b/etc/mail/aliases
> > >@@ -1,12 +1,8 @@
> > > #
> > > # $OpenBSD: aliases,v 1.64 2017/03/18 21:18:01 florian Exp $
> > > #
> > >-#  Aliases in this file will NOT be expanded in the header from
> > >-#  Mail, but WILL be visible over networks or from
> > >/usr/libexec/mail.local.
> > >-#
> > >-# >>  The program "newaliases" must be run after
> > >-# >> NOTE >>  this file is updated for any changes to
> > >-# >>  show through to smtpd.
> > >+#  Aliases in this file will NOT be expanded in the header from Mail,
> > >but WILL
> > >+#  be visible over networks or from /usr/libexec/mail.local.
> > > #
> > > 
> > > # Basic system aliases -- these MUST be present
> > >-- 
> > >2.13.0
> > 
> > I proposed the same a while ago but people preferred to keep it in regard 
> > to other MTA. Maybe it's time to revisit ?
> > 
> > 
> 
> well what's there now is incorrect, so i think something needs to
> happen. even if we just prefix the text with "For databases" or
> something.

But you need "smtpctl update table aliases" instead don't you? (At least
that is how I read the manual).

(It would seem useful if "newaliases" did whatever is necessary for the
table type you have in use so you don't need to think about it and the
documentation can be simple..)

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Consus 
On 11:49 Wed 31 May, Antoine Jacoutot wrote:
> I proposed the same a while ago but people preferred to keep it in
> regard to other MTA. Maybe it's time to revisit ?

Looks like I already have proposed it last September. Totally forgot =/

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Jason McIntyre 
On Wed, May 31, 2017 at 11:49:18AM +0200, Antoine Jacoutot wrote:
> On May 31, 2017 11:35:28 AM GMT+02:00, Consus  wrote:
> >OpenBSD defaults to file table now so there is no need in running
> >newaliases(8).
> >---
> > etc/mail/aliases | 8 ++--
> > 1 file changed, 2 insertions(+), 6 deletions(-)
> >
> >diff --git a/etc/mail/aliases b/etc/mail/aliases
> >index c1ac04b5a81..045b2b2a456 100644
> >--- a/etc/mail/aliases
> >+++ b/etc/mail/aliases
> >@@ -1,12 +1,8 @@
> > #
> > #   $OpenBSD: aliases,v 1.64 2017/03/18 21:18:01 florian Exp $
> > #
> >-#  Aliases in this file will NOT be expanded in the header from
> >-#  Mail, but WILL be visible over networks or from
> >/usr/libexec/mail.local.
> >-#
> >-#   >>  The program "newaliases" must be run after
> >-#   >> NOTE >>  this file is updated for any changes to
> >-#   >>  show through to smtpd.
> >+#  Aliases in this file will NOT be expanded in the header from Mail,
> >but WILL
> >+#  be visible over networks or from /usr/libexec/mail.local.
> > #
> > 
> > # Basic system aliases -- these MUST be present
> >-- 
> >2.13.0
> 
> I proposed the same a while ago but people preferred to keep it in regard to 
> other MTA. Maybe it's time to revisit ?
> 
> 

well what's there now is incorrect, so i think something needs to
happen. even if we just prefix the text with "For databases" or
something.

jmc

Re: beacon miss threshold

2017-05-31 Thread Stefan Sperling 
On Wed, May 31, 2017 at 11:23:07AM +0200, Mark Kettenis wrote:
> Is the beacon interval always the same for all modes/hardware?

It is defined by the AP. The value (in TU) is sent to clients in beacons:

# tcpdump -n -i iwn0 -y IEEE802_11_RADIO -vv
11:50:23.170309 802.11 flags=0<>: beacon, timestamp 59648614784, interval 100,

[PATCH] sdiff: fix comparision between signed and unsiged warning

2017-05-31 Thread Alexander Kuleshov 
This diff fixes

edit.c: In function 'eparse':
edit.c:149: warning: comparision between signed and unsigned

warning during compilation.

Index: usr.bin/sdiff/edit.c
===
RCS file: /cvs/src/usr.bin/sdiff/edit.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 edit.c
--- usr.bin/sdiff/edit.c26 Nov 2013 21:08:12 -  1.20
+++ usr.bin/sdiff/edit.c31 May 2017 09:48:47 -
@@ -146,7 +146,7 @@ RIGHT:
 
len = strlen(text);
if ((nwritten = write(fd, text, len)) == -1 ||
-   nwritten != len) {
+   nwritten != (ssize_t)len) {
warn("error writing to temp file");
cleanup(filename);
}

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Antoine Jacoutot 
On May 31, 2017 11:35:28 AM GMT+02:00, Consus  wrote:
>OpenBSD defaults to file table now so there is no need in running
>newaliases(8).
>---
> etc/mail/aliases | 8 ++--
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
>diff --git a/etc/mail/aliases b/etc/mail/aliases
>index c1ac04b5a81..045b2b2a456 100644
>--- a/etc/mail/aliases
>+++ b/etc/mail/aliases
>@@ -1,12 +1,8 @@
> #
> # $OpenBSD: aliases,v 1.64 2017/03/18 21:18:01 florian Exp $
> #
>-#  Aliases in this file will NOT be expanded in the header from
>-#  Mail, but WILL be visible over networks or from
>/usr/libexec/mail.local.
>-#
>-# >>  The program "newaliases" must be run after
>-# >> NOTE >>  this file is updated for any changes to
>-# >>  show through to smtpd.
>+#  Aliases in this file will NOT be expanded in the header from Mail,
>but WILL
>+#  be visible over networks or from /usr/libexec/mail.local.
> #
> 
> # Basic system aliases -- these MUST be present
>-- 
>2.13.0

I proposed the same a while ago but people preferred to keep it in regard to 
other MTA. Maybe it's time to revisit ?


-- 
Antoine

[PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Consus 
OpenBSD defaults to file table now so there is no need in running
newaliases(8).
---
 etc/mail/aliases | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/etc/mail/aliases b/etc/mail/aliases
index c1ac04b5a81..045b2b2a456 100644
--- a/etc/mail/aliases
+++ b/etc/mail/aliases
@@ -1,12 +1,8 @@
 #
 #  $OpenBSD: aliases,v 1.64 2017/03/18 21:18:01 florian Exp $
 #
-#  Aliases in this file will NOT be expanded in the header from
-#  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
-#
-#  >>  The program "newaliases" must be run after
-#  >> NOTE >>  this file is updated for any changes to
-#  >>  show through to smtpd.
+#  Aliases in this file will NOT be expanded in the header from Mail, but WILL
+#  be visible over networks or from /usr/libexec/mail.local.
 #
 
 # Basic system aliases -- these MUST be present
-- 
2.13.0

Re: pf.conf.5 translation option happens immediately only on match rules

2017-05-31 Thread Henning Brauer 
* Tony Gong  [2017-05-31 10:28]:
> Pretty sure pf applies translations immediately only if the rule is a
> match rule.
> Diff makes this clear in the man page.

yup, in, thx

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: beacon miss threshold

2017-05-31 Thread Mark Kettenis 
> Date: Wed, 31 May 2017 10:51:43 +0200
> From: Stefan Sperling 
> 
> The net80211 stack currently provides a 'beacon miss timeout' value (in ms)
> which specifies how much time may elapse without beacons before drivers
> begin searching for a new AP.
> 
> Drivers convert this timeout value into the amount of beacons they're allowed
> to miss. Having the stack provide this number upfront simplifies things.
> 
> ok?

Is the beacon interval always the same for all modes/hardware?

> Index: dev/ic/ath.c
> ===
> RCS file: /cvs/src/sys/dev/ic/ath.c,v
> retrieving revision 1.114
> diff -u -p -r1.114 ath.c
> --- dev/ic/ath.c  11 Apr 2017 14:43:49 -  1.114
> +++ dev/ic/ath.c  31 May 2017 08:35:14 -
> @@ -1417,7 +1417,6 @@ ath_beacon_config(struct ath_softc *sc)
>   __func__, ni->ni_intval, nexttbtt));
>   if (ic->ic_opmode == IEEE80211_M_STA) {
>   HAL_BEACON_STATE bs;
> - u_int32_t bmisstime;
>  
>   /* NB: no PCF support right now */
>   bzero(, sizeof(bs));
> @@ -1427,13 +1426,10 @@ ath_beacon_config(struct ath_softc *sc)
>   bs.bs_nextdtim = nexttbtt;
>   /*
>* Calculate the number of consecutive beacons to miss
> -  * before taking a BMISS interrupt.  The configuration
> -  * is specified in ms, so we need to convert that to
> -  * TU's and then calculate based on the beacon interval.
> -  * Note that we clamp the result to at most 10 beacons.
> +  * before taking a BMISS interrupt. 
> +  * Note that we clamp the result to at most 7 beacons.
>*/
> - bmisstime = MAX(7, ic->ic_bmisstimeout);
> - bs.bs_bmissthreshold = howmany(bmisstime, intval);
> + bs.bs_bmissthreshold = ic->ic_bmissthres;
>   if (bs.bs_bmissthreshold > 7) {
>   bs.bs_bmissthreshold = 7;
>   } else if (bs.bs_bmissthreshold <= 0) {
> Index: dev/pci/if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving revision 1.186
> diff -u -p -r1.186 if_iwm.c
> --- dev/pci/if_iwm.c  31 May 2017 08:33:11 -  1.186
> +++ dev/pci/if_iwm.c  31 May 2017 08:50:13 -
> @@ -3542,7 +3542,6 @@ iwm_rx_bmiss(struct iwm_softc *sc, struc
>  struct iwm_rx_data *data)
>  {
>   struct ieee80211com *ic = >sc_ic;
> - int bmiss_threshold = ic->ic_bmisstimeout / ic->ic_lintval;
>   struct iwm_missed_beacons_notif *mbn = (void *)pkt->data;
>  
>   if ((ic->ic_opmode != IEEE80211_M_STA) ||
> @@ -3552,7 +3551,7 @@ iwm_rx_bmiss(struct iwm_softc *sc, struc
>   bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt),
>   sizeof(*mbn), BUS_DMASYNC_POSTREAD);
>  
> - if (mbn->consec_missed_beacons_since_last_rx > bmiss_threshold) {
> + if (mbn->consec_missed_beacons_since_last_rx > ic->ic_bmissthres) {
>   /*
>* Rather than go directly to scan state, try to send a
>* directed probe request first. If that fails then the
> Index: net80211/ieee80211.c
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211.c,v
> retrieving revision 1.60
> diff -u -p -r1.60 ieee80211.c
> --- net80211/ieee80211.c  30 May 2017 16:21:55 -  1.60
> +++ net80211/ieee80211.c  31 May 2017 08:35:05 -
> @@ -147,7 +147,7 @@ ieee80211_ifattach(struct ifnet *ifp)
>  
>   if (ic->ic_lintval == 0)
>   ic->ic_lintval = 100;   /* default sleep */
> - ic->ic_bmisstimeout = 7*ic->ic_lintval; /* default 7 beacons */
> + ic->ic_bmissthres = 7;  /* default 7 beacons */
>   ic->ic_dtim_period = 1; /* all TIMs are DTIMs */
>  
>   LIST_INSERT_HEAD(_head, ic, ic_list);
> Index: net80211/ieee80211_var.h
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
> retrieving revision 1.78
> diff -u -p -r1.78 ieee80211_var.h
> --- net80211/ieee80211_var.h  30 May 2017 11:00:38 -  1.78
> +++ net80211/ieee80211_var.h  31 May 2017 08:34:47 -
> @@ -262,7 +262,7 @@ struct ieee80211com {
>   int ic_max_nnodes;  /* max length of ic_nnodes */
>   u_int16_t   ic_lintval; /* listen interval */
>   int16_t ic_txpower; /* tx power setting (dBm) */
> - u_int16_t   ic_bmisstimeout;/* beacon miss threshold (ms) */
> + int ic_bmissthres;  /* beacon miss threshold */
>   int ic_mgt_timer;   /* mgmt timeout */
>  #ifndef IEEE80211_STA_ONLY
>   struct timeout  ic_inact_timeout; /* node inactivity timeout */
> 
>

Re: let's add PF_LOCK()

2017-05-31 Thread Alexandr Nedvedicky 
Hello Mike,

I'd like to ask you to take a one more look to change I'm going
to commit. I did one more check of changes with respect
to WITH_PF_LOCK and found one more bit to fix. We need to keep
pf_purge_expired_fragments() under protection of NET_LOCK()

8<---8<---8<--8<
diff -r 3f9d12f8bc14 src/sys/net/pf.c
--- a/src/sys/net/pf.c  Wed May 31 10:26:43 2017 +0200
+++ b/src/sys/net/pf.c  Wed May 31 10:42:22 2017 +0200
@@ -1207,8 +1207,8 @@ pf_purge_thread(void *v)
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
 
NET_LOCK(s);
+
PF_LOCK();
-
/* process a fraction of the state table every second */
pf_purge_expired_states(1 + (pf_status.states
/ pf_default_rule.timeout[PFTM_INTERVAL]));
@@ -1218,10 +1218,7 @@ pf_purge_thread(void *v)
pf_purge_expired_src_nodes(0);
pf_purge_expired_rules();
}
-
PF_UNLOCK();
-   NET_UNLOCK(s);
-
/*
 * Fragments don't require PF_LOCK(), they use their own mutex.
 */
@@ -1229,6 +1226,8 @@ pf_purge_thread(void *v)
pf_purge_expired_fragments();
nloops = 0;
}
+
+   NET_UNLOCK(s);
}
 }
8<---8<---8<--8<

complete patch is attached.

thanks a lot
regards
sasha

diff -r 6abbb123112a .hgtags
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/.hgtags   Wed May 31 10:42:50 2017 +0200
@@ -0,0 +1,1 @@
+d545881e2652dbc0c057691a39a095bce92f441f pf-lock.baseline
diff -r 6abbb123112a src/sys/net/pf.c
--- a/src/sys/net/pf.c  Wed May 31 10:21:18 2017 +0200
+++ b/src/sys/net/pf.c  Wed May 31 10:42:50 2017 +0200
@@ -923,7 +923,7 @@ int
 pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skw,
 struct pf_state_key **sks, struct pf_state *s)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
s->kif = kif;
if (*skw == *sks) {
@@ -1186,7 +1186,7 @@ pf_purge_expired_rules(void)
 {
struct pf_rule  *r;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
if (SLIST_EMPTY(_rule_gcl))
return;
@@ -1208,15 +1208,22 @@ pf_purge_thread(void *v)
 
NET_LOCK(s);
 
+   PF_LOCK();
/* process a fraction of the state table every second */
pf_purge_expired_states(1 + (pf_status.states
/ pf_default_rule.timeout[PFTM_INTERVAL]));
 
/* purge other expired types every PFTM_INTERVAL seconds */
if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
-   pf_purge_expired_fragments();
pf_purge_expired_src_nodes(0);
pf_purge_expired_rules();
+   }
+   PF_UNLOCK();
+   /*
+* Fragments don't require PF_LOCK(), they use their own mutex.
+*/
+   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
+   pf_purge_expired_fragments();
nloops = 0;
}
 
@@ -1267,7 +1274,7 @@ pf_purge_expired_src_nodes(void)
 {
struct pf_src_node  *cur, *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
for (cur = RB_MIN(pf_src_tree, _src_tracking); cur; cur = next) {
next = RB_NEXT(pf_src_tree, _src_tracking, cur);
@@ -1303,7 +1310,7 @@ pf_src_tree_remove_state(struct pf_state
 void
 pf_remove_state(struct pf_state *cur)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
/* handle load balancing related tasks */
pf_postprocess_addr(cur);
@@ -1320,7 +1327,6 @@ pf_remove_state(struct pf_state *cur)
}
RB_REMOVE(pf_state_tree_id, _id, cur);
 #if NPFLOW > 0
-   if (cur->state_flags & PFSTATE_PFLOW)
export_pflow(cur);
 #endif /* NPFLOW > 0 */
 #if NPFSYNC > 0
@@ -1350,7 +1356,7 @@ pf_free_state(struct pf_state *cur)
 {
struct pf_rule_item *ri;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
 #if NPFSYNC > 0
if (pfsync_state_in_use(cur))
@@ -1386,7 +1392,7 @@ pf_purge_expired_states(u_int32_t maxche
static struct pf_state  *cur = NULL;
struct pf_state *next;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
while (maxcheck--) {
/* wrap to start of list when we hit the end */
@@ -3146,13 +3152,13 @@ pf_socket_lookup(struct pf_pdesc *pd)
case IPPROTO_TCP:
sport = pd->hdr.tcp.th_sport;
dport = pd->hdr.tcp.th_dport;
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
tb = 
break;
case IPPROTO_UDP:
sport = pd->hdr.udp.uh_sport;

beacon miss threshold

2017-05-31 Thread Stefan Sperling 
The net80211 stack currently provides a 'beacon miss timeout' value (in ms)
which specifies how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok?

Index: dev/ic/ath.c
===
RCS file: /cvs/src/sys/dev/ic/ath.c,v
retrieving revision 1.114
diff -u -p -r1.114 ath.c
--- dev/ic/ath.c11 Apr 2017 14:43:49 -  1.114
+++ dev/ic/ath.c31 May 2017 08:35:14 -
@@ -1417,7 +1417,6 @@ ath_beacon_config(struct ath_softc *sc)
__func__, ni->ni_intval, nexttbtt));
if (ic->ic_opmode == IEEE80211_M_STA) {
HAL_BEACON_STATE bs;
-   u_int32_t bmisstime;
 
/* NB: no PCF support right now */
bzero(, sizeof(bs));
@@ -1427,13 +1426,10 @@ ath_beacon_config(struct ath_softc *sc)
bs.bs_nextdtim = nexttbtt;
/*
 * Calculate the number of consecutive beacons to miss
-* before taking a BMISS interrupt.  The configuration
-* is specified in ms, so we need to convert that to
-* TU's and then calculate based on the beacon interval.
-* Note that we clamp the result to at most 10 beacons.
+* before taking a BMISS interrupt. 
+* Note that we clamp the result to at most 7 beacons.
 */
-   bmisstime = MAX(7, ic->ic_bmisstimeout);
-   bs.bs_bmissthreshold = howmany(bmisstime, intval);
+   bs.bs_bmissthreshold = ic->ic_bmissthres;
if (bs.bs_bmissthreshold > 7) {
bs.bs_bmissthreshold = 7;
} else if (bs.bs_bmissthreshold <= 0) {
Index: dev/pci/if_iwm.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.186
diff -u -p -r1.186 if_iwm.c
--- dev/pci/if_iwm.c31 May 2017 08:33:11 -  1.186
+++ dev/pci/if_iwm.c31 May 2017 08:50:13 -
@@ -3542,7 +3542,6 @@ iwm_rx_bmiss(struct iwm_softc *sc, struc
 struct iwm_rx_data *data)
 {
struct ieee80211com *ic = >sc_ic;
-   int bmiss_threshold = ic->ic_bmisstimeout / ic->ic_lintval;
struct iwm_missed_beacons_notif *mbn = (void *)pkt->data;
 
if ((ic->ic_opmode != IEEE80211_M_STA) ||
@@ -3552,7 +3551,7 @@ iwm_rx_bmiss(struct iwm_softc *sc, struc
bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt),
sizeof(*mbn), BUS_DMASYNC_POSTREAD);
 
-   if (mbn->consec_missed_beacons_since_last_rx > bmiss_threshold) {
+   if (mbn->consec_missed_beacons_since_last_rx > ic->ic_bmissthres) {
/*
 * Rather than go directly to scan state, try to send a
 * directed probe request first. If that fails then the
Index: net80211/ieee80211.c
===
RCS file: /cvs/src/sys/net80211/ieee80211.c,v
retrieving revision 1.60
diff -u -p -r1.60 ieee80211.c
--- net80211/ieee80211.c30 May 2017 16:21:55 -  1.60
+++ net80211/ieee80211.c31 May 2017 08:35:05 -
@@ -147,7 +147,7 @@ ieee80211_ifattach(struct ifnet *ifp)
 
if (ic->ic_lintval == 0)
ic->ic_lintval = 100;   /* default sleep */
-   ic->ic_bmisstimeout = 7*ic->ic_lintval; /* default 7 beacons */
+   ic->ic_bmissthres = 7;  /* default 7 beacons */
ic->ic_dtim_period = 1; /* all TIMs are DTIMs */
 
LIST_INSERT_HEAD(_head, ic, ic_list);
Index: net80211/ieee80211_var.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
retrieving revision 1.78
diff -u -p -r1.78 ieee80211_var.h
--- net80211/ieee80211_var.h30 May 2017 11:00:38 -  1.78
+++ net80211/ieee80211_var.h31 May 2017 08:34:47 -
@@ -262,7 +262,7 @@ struct ieee80211com {
int ic_max_nnodes;  /* max length of ic_nnodes */
u_int16_t   ic_lintval; /* listen interval */
int16_t ic_txpower; /* tx power setting (dBm) */
-   u_int16_t   ic_bmisstimeout;/* beacon miss threshold (ms) */
+   int ic_bmissthres;  /* beacon miss threshold */
int ic_mgt_timer;   /* mgmt timeout */
 #ifndef IEEE80211_STA_ONLY
struct timeout  ic_inact_timeout; /* node inactivity timeout */

Re: rework bgpd ext community and support origin validation state

2017-05-31 Thread Sebastian Benoit 
Claudio Jeker(cje...@diehard.n-r-g.com) on 2017.05.31 00:27:21 +0200:
> After looking at what IETF and IANA did to extended communities I decided
> to refactor the code a major bit and hopefully that will work a bit better
> than what we had before. When I implemented it first I foolishliy assumed
> that the transitive flag is a flag but it seems that people decided
> differently later on.
> 
> This also implements a few more ext-communities mainly origin validation
> state.
> 
> It also fixes a bug if found while testing that is already there :)


much more readable than what we have.

ok


> -- 
> :wq Claudio
> 
> Index: bgpctl/bgpctl.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
> retrieving revision 1.194
> diff -u -p -r1.194 bgpctl.c
> --- bgpctl/bgpctl.c   29 May 2017 09:56:33 -  1.194
> +++ bgpctl/bgpctl.c   30 May 2017 21:00:08 -
> @@ -1598,29 +1598,47 @@ show_ext_community(u_char *data, u_int16
>   type = data[i];
>   subtype = data[i + 1];
>  
> - switch (type & EXT_COMMUNITY_VALUE) {
> - case EXT_COMMUNITY_TWO_AS:
> + printf("%s ", log_ext_subtype(type, subtype));
> +
> + switch (type) {
> + case EXT_COMMUNITY_TRANS_TWO_AS:
>   memcpy(, data + i + 2, sizeof(as2));
>   memcpy(, data + i + 4, sizeof(u32));
> - printf("%s %s:%u", log_ext_subtype(subtype),
> - log_as(ntohs(as2)), ntohl(u32));
> + printf("%s:%u", log_as(ntohs(as2)), ntohl(u32));
>   break;
> - case EXT_COMMUNITY_IPV4:
> + case EXT_COMMUNITY_TRANS_IPV4:
>   memcpy(, data + i + 2, sizeof(ip));
>   memcpy(, data + i + 6, sizeof(u16));
> - printf("%s %s:%hu", log_ext_subtype(subtype),
> - inet_ntoa(ip), ntohs(u16));
> + printf("%s:%hu", inet_ntoa(ip), ntohs(u16));
>   break;
> - case EXT_COMMUNITY_FOUR_AS:
> + case EXT_COMMUNITY_TRANS_FOUR_AS:
>   memcpy(, data + i + 2, sizeof(as4));
>   memcpy(, data + i + 6, sizeof(u16));
> - printf("%s %s:%hu", log_ext_subtype(subtype),
> - log_as(ntohl(as4)), ntohs(u16));
> + printf("%s:%hu", log_as(ntohl(as4)), ntohs(u16));
>   break;
> - case EXT_COMMUNITY_OPAQUE:
> + case EXT_COMMUNITY_TRANS_OPAQUE:
> + case EXT_COMMUNITY_TRANS_EVPN:
>   memcpy(, data + i, sizeof(ext));
>   ext = betoh64(ext) & 0xLL;
> - printf("%s 0x%llx", log_ext_subtype(subtype), ext);
> + printf("0x%llx", ext);
> + break;
> + case EXT_COMMUNITY_NON_TRANS_OPAQUE:
> + memcpy(, data + i, sizeof(ext));
> + ext = betoh64(ext) & 0xLL;
> + switch (ext) {
> + case EXT_COMMUNITY_OVS_VALID:
> + printf("valid ");
> + break;
> + case EXT_COMMUNITY_OVS_NOTFOUND:
> + printf("not-found ");
> + break;
> + case EXT_COMMUNITY_OVS_INVALID:
> + printf("invalid ");
> + break;
> + default:
> + printf("0x%llx ", ext);
> + break;
> + }
>   break;
>   default:
>   memcpy(, data + i, sizeof(ext));
> Index: bgpd/bgpd.h
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
> retrieving revision 1.307
> diff -u -p -r1.307 bgpd.h
> --- bgpd/bgpd.h   28 May 2017 20:14:15 -  1.307
> +++ bgpd/bgpd.h   30 May 2017 22:23:03 -
> @@ -760,18 +760,23 @@ struct filter_peers {
>  #define EXT_COMMUNITY_IANA   0x80
>  #define EXT_COMMUNITY_TRANSITIVE 0x40
>  #define EXT_COMMUNITY_VALUE  0x3f
> -/* extended types */
> -#define EXT_COMMUNITY_TWO_AS 0   /* 2 octet AS specific */
> -#define EXT_COMMUNITY_IPV4   1   /* IPv4 specific */
> -#define EXT_COMMUNITY_FOUR_AS2   /* 4 octet AS specific 
> */
> -#define EXT_COMMUNITY_OPAQUE 3   /* opaque ext community */
> -/* sub types */
> -#define EXT_COMMUNITY_ROUTE_TGT  2   /* RFC 4360 & RFC4364 */
> -#define EXT_COMMUNITY_ROUTE_ORIG 3   /* RFC 4360 & RFC4364 */
> -#define EXT_COMMUNITY_OSPF_DOM_ID5   /* RFC 4577 */
> -#define EXT_COMMUNITY_OSPF_RTR_TYPE  6   /*

pf.conf.5 translation option happens immediately only on match rules

2017-05-31 Thread Tony Gong 
Pretty sure pf applies translations immediately only if the rule is a
match rule.
Diff makes this clear in the man page.


diff --git share/man/man5/pf.conf.5 share/man/man5/pf.conf.5
index d76129deb47..7fa4bde1495 100644
--- share/man/man5/pf.conf.5
+++ share/man/man5/pf.conf.5
@@ -808,7 +808,9 @@ port of the packets associated with a stateful connection.
 modifies the specified address and/or port in the packet and recalculates
 IP, TCP, and UDP checksums as necessary.
 .Pp
-Subsequent rules will see packets as they look
+If specified on a
+.Ic match
+rule, subsequent rules will see packets as they look
 after any addresses and ports have been translated.
 These rules will therefore have to filter based on the translated
 address and port number.

Re: let's add PF_LOCK()

2017-05-31 Thread Alexandr Nedvedicky 
Hello,


> 
> Could you you make 2 definitions for the lock?  It doesn't make sense
> to enable them by default for now.  I'd like to see you diff committed
> now with empty defines and an easy way to enable it.
> 
> That means ok mpi@ if the defines to not take/release locks by default.
> 

I introduce WITH_PF_LOCK compile time option. To enable PF_LOCK one has
to add 'option WITH_PF_LOCK' to kernel build configuration (see config(8)
for details). The PF_LOCK is disabled by default. Same goes to mutex,
which protects the fragments. If WITH_PF_LOCK is not found the code
builds without pf_frag_mtx.

This is the diff to pf-lock.diff I've sent earlier [1], the updated diff
I'm going to commit is attached to email.

8<---8<---8<--8<
diff -r cf7bdb0a6054 src/sys/net/pf_ioctl.c
--- a/src/sys/net/pf_ioctl.cTue May 30 20:27:39 2017 +0200
+++ b/src/sys/net/pf_ioctl.cWed May 31 09:40:33 2017 +0200
@@ -129,7 +129,9 @@ struct {
 TAILQ_HEAD(pf_tags, pf_tagname)pf_tags = 
TAILQ_HEAD_INITIALIZER(pf_tags),
pf_qids = TAILQ_HEAD_INITIALIZER(pf_qids);
 
+#ifdef WITH_PF_LOCK
 struct rwlock   pf_lock = RWLOCK_INITIALIZER("pf_lock");
+#endif /* WITH_PF_LOCK */
 
 #if (PF_QNAME_SIZE != PF_TAG_NAME_SIZE)
 #error PF_QNAME_SIZE must be equal to PF_TAG_NAME_SIZE
diff -r cf7bdb0a6054 src/sys/net/pf_norm.c
--- a/src/sys/net/pf_norm.c Tue May 30 20:27:39 2017 +0200
+++ b/src/sys/net/pf_norm.c Wed May 31 09:40:33 2017 +0200
@@ -136,11 +136,17 @@ struct poolpf_frent_pl, pf_frag_pl;
 struct pool pf_state_scrub_pl;
 int pf_nfrents;
 
+#ifdef WITH_PF_LOCK
 struct mutexpf_frag_mtx;
 
 #define PF_FRAG_LOCK_INIT()mtx_init(_frag_mtx, IPL_SOFTNET)
 #define PF_FRAG_LOCK() mtx_enter(_frag_mtx)
 #define PF_FRAG_UNLOCK()   mtx_leave(_frag_mtx)
+#else /* !WITH_PF_LOCK */
+#define PF_FRAG_LOCK_INIT()(void)(0)
+#define PF_FRAG_LOCK() (void)(0)
+#define PF_FRAG_UNLOCK()   (void)(0)
+#endif /* WITH_PF_LOCK */
 
 void
 pf_normalize_init(void)
diff -r cf7bdb0a6054 src/sys/net/pfvar_priv.h
--- a/src/sys/net/pfvar_priv.h  Tue May 30 20:27:39 2017 +0200
+++ b/src/sys/net/pfvar_priv.h  Wed May 31 09:40:33 2017 +0200
@@ -98,6 +98,7 @@ struct pf_pdesc {
} hdr;
 };
 
+#ifdef WITH_PF_LOCK
 extern struct rwlock   pf_lock;
 
 #define PF_LOCK()  do {\
@@ -120,6 +121,12 @@ extern struct rwlock   pf_lock;
if (rw_status(_lock) == RW_WRITE)\
splassert_fail(0, rw_status(_lock), __func__);\
} while (0)
+#else /* !WITH_PF_LOCK */
+#define PF_LOCK()  (void)(0)
+#define PF_UNLOCK()(void)(0)
+#define PF_ASSERT_LOCKED() (void)(0)
+#define PF_ASSERT_UNLOCKED()   (void)(0)
+#endif /* WITH_PF_LOCK */
 
 #endif /* _KERNEL */
 
8<---8<---8<--8<

thanks and
regards
sasha

[1] 
http://openbsd-archive.7691.n7.nabble.com/let-s-add-PF-LOCK-td319624.html#a319661
diff -r 85b6b6ce74cd .hgtags
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/.hgtags   Wed May 31 09:42:36 2017 +0200
@@ -0,0 +1,1 @@
+d545881e2652dbc0c057691a39a095bce92f441f pf-lock.baseline
diff -r 85b6b6ce74cd src/sys/net/pf.c
--- a/src/sys/net/pf.c  Tue May 30 20:11:44 2017 +0200
+++ b/src/sys/net/pf.c  Wed May 31 09:42:36 2017 +0200
@@ -923,7 +923,7 @@ int
 pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skw,
 struct pf_state_key **sks, struct pf_state *s)
 {
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
s->kif = kif;
if (*skw == *sks) {
@@ -1186,7 +1186,7 @@ pf_purge_expired_rules(void)
 {
struct pf_rule  *r;
 
-   NET_ASSERT_LOCKED();
+   PF_ASSERT_LOCKED();
 
if (SLIST_EMPTY(_rule_gcl))
return;
@@ -1207,6 +1207,7 @@ pf_purge_thread(void *v)
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
 
NET_LOCK(s);
+   PF_LOCK();
 
/* process a fraction of the state table every second */
pf_purge_expired_states(1 + (pf_status.states
@@ -1214,13 +1215,20 @@ pf_purge_thread(void *v)
 
/* purge other expired types every PFTM_INTERVAL seconds */
if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
-   pf_purge_expired_fragments();
pf_purge_expired_src_nodes(0);
pf_purge_expired_rules();
+   }
+
+   PF_UNLOCK();
+   NET_UNLOCK(s);
+
+   /*
+* Fragments don't require PF_LOCK(), they use their own mutex.
+*/
+   if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
+   pf_purge_expired_fragments();
nloops = 0;
}
-
-

Re: [patch] typo smtpd/dns.c

2017-05-31 Thread Gilles Chehade 
On Tue, May 30, 2017 at 05:26:08PM -0500, Edgar Pettijohn wrote:
> fix typo

thanks, will commit

when sending diffs, please inline them instead of attaching as it is
easier for us to work with them that way

Gilles


> Index: dns.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/dns.c,v
> retrieving revision 1.83
> diff -u -p -u -r1.83 dns.c
> --- dns.c 28 Oct 2015 07:28:13 -  1.83
> +++ dns.c 30 May 2017 22:09:15 -
> @@ -246,7 +246,7 @@ dns_imsg(struct mproc *p, struct imsg *i
>  
>   as = res_query_async(s->name, C_IN, T_MX, NULL);
>   if (as == NULL) {
> - log_warn("warn: req_query_async: %s", s->name);
> + log_warn("warn: res_query_async: %s", s->name);
>   m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1);
>   m_add_id(s->p, s->reqid);
>   m_add_int(s->p, DNS_EINVAL);


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: remove vlan(4) specific ifconfig output

2017-05-31 Thread Sebastian Benoit 
ok

David Gwynne(da...@gwynne.id.au) on 2017.05.31 15:34:53 +1000:
> the vlan specific output is redundant because vlan supports the
> generic vnetid and parent ioctls now.
> 
> this leaves the code for setting vlan specific stuff because there's
> a slight semantic change i want to discuss separately.
> 
> ifconfig output on a vlan interface changes a little like this:
> 
>  vlan8: flags=8843 mtu 1500
>   lladdr 00:1b:21:bc:25:e7
>   index 6 priority 0 llprio 3
> - vlan: 8 parent interface: ix1
>   encap: vnetid 8 parent ix1
>   groups: vlan
>   status: active
>   inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
>  vlan77: flags=8002 mtu 1500
>   lladdr 00:1b:21:bc:25:e6
>   index 8 priority 0 llprio 3
> - vlan: 0 parent interface: ix0
>   encap: vnetid none parent ix0
>   groups: vlan
>   status: no carrier
> 
> ok?
> 
> Index: ifconfig.c
> ===
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.341
> diff -u -p -r1.341 ifconfig.c
> --- ifconfig.c31 May 2017 05:25:12 -  1.341
> +++ ifconfig.c31 May 2017 05:26:37 -
> @@ -221,7 +221,6 @@ void  setvlandev(const char *, int);
>  void unsetvlandev(const char *, int);
>  void mpe_status(void);
>  void mpw_status(void);
> -void vlan_status(void);
>  void setrdomain(const char *, int);
>  int  prefix(void *val, int);
>  void getifgroups(void);
> @@ -3001,7 +3000,6 @@ status(int link, struct sockaddr_dl *sdl
>   if_indextoname(ifrdesc.ifr_index, ifname) != NULL)
>   printf("\tpatch: %s\n", ifname);
>  #endif
> - vlan_status();
>   getencap();
>  #ifndef SMALL
>   carp_status();
> @@ -3774,23 +3772,6 @@ getencap(void)
>  
>  static int __tag = 0;
>  static int __have_tag = 0;
> -
> -void
> -vlan_status(void)
> -{
> - struct vlanreq vreq;
> -
> - bzero((char *), sizeof(struct vlanreq));
> - ifr.ifr_data = (caddr_t)
> -
> - if (ioctl(s, SIOCGETVLAN, (caddr_t)) == -1)
> - return;
> -
> - if (vreq.vlr_tag || (vreq.vlr_parent[0] != '\0'))
> - printf("\tvlan: %d parent interface: %s\n",
> - vreq.vlr_tag, vreq.vlr_parent[0] == '\0' ?
> - "" : vreq.vlr_parent);
> -}
>  
>  /* ARGSUSED */
>  void
>

Re: make tags

2017-05-31 Thread Theo Buehler 
On Wed, May 31, 2017 at 09:19:35AM +0200, Anton Lindqvist wrote:
> Hi,
> The `-t` option was passed to ctags(1) in bsd.dep.mk revision 1.9
> 2010/03/27. However, the same option was later turned into a no-op but
> kept around for backwards compatibility (usr.bin/ctags/ctags.c revision
> 1.23 2010/11/03).
> 
> OK to drop the option from bsd.dep.mk?

ok

make tags

2017-05-31 Thread Anton Lindqvist 
Hi,
The `-t` option was passed to ctags(1) in bsd.dep.mk revision 1.9
2010/03/27. However, the same option was later turned into a no-op but
kept around for backwards compatibility (usr.bin/ctags/ctags.c revision
1.23 2010/11/03).

OK to drop the option from bsd.dep.mk?

Index: bsd.dep.mk
===
RCS file: /cvs/src/share/mk/bsd.dep.mk,v
retrieving revision 1.12
diff -u -p -r1.12 bsd.dep.mk
--- bsd.dep.mk  4 Sep 2016 00:34:29 -   1.12
+++ bsd.dep.mk  31 May 2017 07:16:31 -
@@ -40,7 +40,7 @@ afterdepend:
 .if !target(tags)
 .  if defined(SRCS)
 tags: ${SRCS} _SUBDIRUSE
-   -cd ${.CURDIR}; ${CTAGS} -f /dev/stdout -d -t ${.ALLSRC:N*.h} | \
+   -cd ${.CURDIR}; ${CTAGS} -f /dev/stdout -d ${.ALLSRC:N*.h} | \
sed "s;\${.CURDIR}/;;" > tags
 .  else
 tags:

avoid ifq_deq_begin,commit,rollback in sxie(4/armv7)

2017-05-31 Thread David Gwynne 
i wrote this diff blind, so it may not compile or work.

the intention is to check for space before attempting to dequeue a
packet. the rest is largely cosmetic and makes it look more like
a decent driver.

could someone test please?

Index: sxie.c
===
RCS file: /cvs/src/sys/arch/armv7/sunxi/sxie.c,v
retrieving revision 1.25
diff -u -p -r1.25 sxie.c
--- sxie.c  22 Jan 2017 10:17:37 -  1.25
+++ sxie.c  31 May 2017 07:08:55 -
@@ -439,16 +439,15 @@ sxie_intr(void *arg)
}
 
if (pending & (SXIE_TX_FIFO0 | SXIE_TX_FIFO1)) {
-   ifq_clr_oactive(>if_snd);
sc->txf_inuse &= ~pending;
if (sc->txf_inuse == 0)
ifp->if_timer = 0;
else
ifp->if_timer = 5;
-   }
 
-   if (ifp->if_flags & IFF_RUNNING && !IFQ_IS_EMPTY(>if_snd))
-   sxie_start(ifp);
+   if (ifq_is_oactive(>if_snd))
+   ifq_restart(>if_snd);
+   }
 
SXISET4(sc, SXIE_INTCR, SXIE_INTR_ENABLE);
 
@@ -468,65 +467,59 @@ sxie_start(struct ifnet *ifp)
uint32_t fifo;
uint32_t txbuf[SXIE_MAX_PKT_SIZE / sizeof(uint32_t)]; /* XXX !!! */
 
-   if (sc->txf_inuse == (SXIE_TX_FIFO0 | SXIE_TX_FIFO1))
-   ifq_set_oactive(>if_snd);
-
if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(>if_snd))
return;
 
+
td = (uint8_t *)[0];
m = NULL;
head = NULL;
-trynext:
-   m = ifq_deq_begin(>if_snd);
-   if (m == NULL)
-   return;
-
-   if (m->m_pkthdr.len > SXIE_MAX_PKT_SIZE) {
-   ifq_deq_commit(>if_snd, m);
-   printf("sxie_start: packet too big\n");
-   m_freem(m);
-   return;
-   }
 
-   if (sc->txf_inuse == (SXIE_TX_FIFO0 | SXIE_TX_FIFO1)) {
-   ifq_deq_rollback(>if_snd, m);
-   printf("sxie_start: tx fifos in use.\n");
-   ifq_set_oactive(>if_snd);
-   return;
-   }
-
-   /* select fifo */
-   if (sc->txf_inuse & SXIE_TX_FIFO0) {
-   sc->txf_inuse |= SXIE_TX_FIFO1;
-   fifo = 1;
-   } else {
-   sc->txf_inuse |= SXIE_TX_FIFO0;
-   fifo = 0;
-   }
-   SXIWRITE4(sc, SXIE_TXINS, fifo);
-
-   /* set packet length */
-   SXIWRITE4(sc, SXIE_TXPKTLEN0 + (fifo * 4), m->m_pkthdr.len);
-
-   /* copy the actual packet to fifo XXX through 'align buffer'.. */
-   m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)td);
-   bus_space_write_multi_4(sc->sc_iot, sc->sc_ioh,
-   SXIE_TXIO0 + (fifo * 4),
-   (uint32_t *)td, SXIE_ROUNDUP(m->m_pkthdr.len, 4) >> 2);
-
-   /* transmit to PHY from fifo */
-   SXISET4(sc, SXIE_TXCR0 + (fifo * 4), 1);
-   ifp->if_timer = 5;
-   ifq_deq_commit(>if_snd, m);
+   for (;;) {
+   if (sc->txf_inuse == (SXIE_TX_FIFO0 | SXIE_TX_FIFO1)) {
+   ifq_set_oactive(>if_snd);
+   break;
+   }
+
+   m = ifq_dequeue(>if_snd);
+   if (m == NULL)
+   break;
+
+   if (m->m_pkthdr.len > SXIE_MAX_PKT_SIZE) {
+   m_freem(m);
+   continue;
+   }
 
 #if NBPFILTER > 0
-   if (ifp->if_bpf)
-   bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
+   if (ifp->if_bpf)
+   bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
 #endif
-   m_freem(m);
 
-   goto trynext;
+   /* select fifo */
+   if (sc->txf_inuse & SXIE_TX_FIFO0) {
+   sc->txf_inuse |= SXIE_TX_FIFO1;
+   fifo = 1;
+   } else {
+   sc->txf_inuse |= SXIE_TX_FIFO0;
+   fifo = 0;
+   }
+   SXIWRITE4(sc, SXIE_TXINS, fifo);
+
+   /* set packet length */
+   SXIWRITE4(sc, SXIE_TXPKTLEN0 + (fifo * 4), m->m_pkthdr.len);
+
+   /* copy the actual packet to fifo XXX through 'align buffer' */
+   m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)td);
+   bus_space_write_multi_4(sc->sc_iot, sc->sc_ioh,
+   SXIE_TXIO0 + (fifo * 4),
+   (uint32_t *)td, SXIE_ROUNDUP(m->m_pkthdr.len, 4) >> 2);
+
+   /* transmit to PHY from fifo */
+   SXISET4(sc, SXIE_TXCR0 + (fifo * 4), 1);
+   ifp->if_timer = 5;
+
+   m_freem(m);
+   }
 }
 
 void

Re: [patch] rebound.c

2017-05-31 Thread Ted Unangst 
Edgar Pettijohn wrote:
> Be more consistent with logerr usage.
> 

sure, thanks. can you send future diffs inline please? easier than
attachments.

Re: kqueue EV_RECEIPT and EV_DISPATCH

2017-05-31 Thread Ted Unangst 
Jan Schreiber wrote:
> Hi,
> 
> I recently stumbled upon software that relies on EV_RECEIPT and
> EV_DISPATCH to be available as flags. It also showed up as dependency
> for a Rust crate.
> FreeBSD has it since 8.1 and OSX since 10.5.
> Patch is below.

not sure I see the point, but gotta keep up with the joneses.

patch does look simple. ok with me.

kqueue EV_RECEIPT and EV_DISPATCH

2017-05-31 Thread Jan Schreiber 
Hi,

I recently stumbled upon software that relies on EV_RECEIPT and
EV_DISPATCH to be available as flags. It also showed up as dependency
for a Rust crate.
FreeBSD has it since 8.1 and OSX since 10.5.
Patch is below.

mike@ looked throug, thanks a lot!

Jan

Index: sys/kern/kern_event.c
===
RCS file: /cvs/src/sys/kern/kern_event.c,v
retrieving revision 1.78
diff -u -p -u -r1.78 kern_event.c
--- sys/kern/kern_event.c   11 Feb 2017 19:51:06 -  1.78
+++ sys/kern/kern_event.c   30 May 2017 22:38:49 -
@@ -512,7 +512,7 @@ sys_kevent(struct proc *p, void *v, regi
kevp = >kq_kev[i];
kevp->flags &= ~EV_SYSFLAGS;
error = kqueue_register(kq, kevp, p);
-   if (error) {
+   if (error || (kevp->flags & EV_RECEIPT)) {
if (SCARG(uap, nevents) != 0) {
kevp->flags = EV_ERROR;
kevp->data = error;
@@ -788,9 +788,13 @@ start:
kn->kn_fop->f_detach(kn);
knote_drop(kn, p, p->p_fd);
s = splhigh();
-   } else if (kn->kn_flags & EV_CLEAR) {
-   kn->kn_data = 0;
-   kn->kn_fflags = 0;
+   } else if (kn->kn_flags & (EV_CLEAR | EV_DISPATCH)) {
+   if (kn->kn_flags & EV_CLEAR) {
+   kn->kn_data = 0;
+   kn->kn_fflags = 0;
+   }
+   if (kn->kn_flags & EV_DISPATCH)
+   kn->kn_status |= KN_DISABLED;
kn->kn_status &= ~(KN_QUEUED | KN_ACTIVE);
kq->kq_count--;
} else {
Index: sys/sys/event.h
===
RCS file: /cvs/src/sys/sys/event.h,v
retrieving revision 1.23
diff -u -p -u -r1.23 event.h
--- sys/sys/event.h 24 Sep 2016 18:39:17 -  1.23
+++ sys/sys/event.h 30 May 2017 22:31:04 -
@@ -68,6 +68,8 @@ struct kevent {
 /* flags */
 #define EV_ONESHOT 0x0010  /* only report one occurrence */
 #define EV_CLEAR   0x0020  /* clear event state after reporting */
+#define EV_RECEIPT 0x0040  /* force EV_ERROR on success, data=0 */
+#define EV_DISPATCH0x0080  /* disable event after reporting */
 
 #define EV_SYSFLAGS0xF000  /* reserved by system */
 #define EV_FLAG1   0x2000  /* filter-specific flag */
Index: lib/libc/sys/kqueue.2
===
RCS file: /cvs/src/lib/libc/sys/kqueue.2,v
retrieving revision 1.33
diff -u -p -u -r1.33 kqueue.2
--- lib/libc/sys/kqueue.2   13 Aug 2016 17:05:02 -  1.33
+++ lib/libc/sys/kqueue.2   30 May 2017 22:30:29 -
@@ -184,10 +184,25 @@ Disable the event so
 .Fn kevent
 will not return it.
 The filter itself is not disabled.
+.It Dv EV_DISPATCH
+Disable the event source immediately after delivery of an event.
+See
+.Dv EV_DISABLE
+above.
 .It Dv EV_DELETE
 Removes the event from the kqueue.
 Events which are attached to file descriptors are automatically deleted
 on the last close of the descriptor.
+.It Dv EV_RECEIPT
+Causes
+.Fn kevent
+to return with
+.Dv EV_ERROR
+set without draining any pending events after updating events in the kqueue.
+When a filter is successfully added the
+.Va data
+field will be zero.
+This flag is useful for making bulk changes to a kqueue.
 .It Dv EV_ONESHOT
 Causes the event to return only the first occurrence of the filter
 being triggered.

Re: EV_SET() trouble

2017-05-31 Thread Ted Unangst 
Kamil Rytarowski wrote:
> I committed the following patch [1] to NetBSD, it's a valid issue for
> OpenBSD as well [2]:
> 
> It works on FreeBSD and MacOSX, however it broke on NetBSD.
> 
> Culrpit line:
>EV_SET(_events[i++], fd.first, EVFILT_READ, EV_ADD, 0, 0, 0);

thanks for pointing this out. will fix.

Re: ksh(1): vi mode UTF-8 bug

2017-05-31 Thread Anton Lindqvist 
On Tue, May 30, 2017 at 04:16:15PM +0200, Theo Buehler wrote:
> On Tue, May 30, 2017 at 03:39:50PM +0200, Ingo Schwarze wrote:
> > Hi Anton,
> > 
> > OK schwarze@ for the diff below (which, i think, is sufficient for
> > commit in this case).
> 
> I agree. This is good for commit. ok tb

Thanks, committed.

EV_SET() trouble

2017-05-31 Thread Kamil Rytarowski 
I committed the following patch [1] to NetBSD, it's a valid issue for
OpenBSD as well [2]:


Convert EV_SET from macro to static __inline function

LLDB introduced support for kevent(2) and it contains the following
function:

Status MainLoop::RunImpl::Poll() {
  in_events.resize(loop.m_read_fds.size());
  unsigned i = 0;
  for (auto  : loop.m_read_fds)
EV_SET(_events[i++], fd.first, EVFILT_READ, EV_ADD, 0, 0, 0);
  num_events = kevent(loop.m_kqueue, in_events.data(), in_events.size(),
  out_events, llvm::array_lengthof(out_events),
nullptr);
  if (num_events < 0)
return Status("kevent() failed with error %d\n", num_events);
  return Status();
}

It works on FreeBSD and MacOSX, however it broke on NetBSD.

Culrpit line:
   EV_SET(_events[i++], fd.first, EVFILT_READ, EV_ADD, 0, 0, 0);

FreeBSD defined EV_SET() as a macro this way:
#define EV_SET(kevp_, a, b, c, d, e, f) do {\
struct kevent *kevp = (kevp_);  \
(kevp)->ident = (a);\
(kevp)->filter = (b);   \
(kevp)->flags = (c);\
(kevp)->fflags = (d);   \
(kevp)->data = (e); \
(kevp)->udata = (f);\
} while(0)

NetBSD version was different:
#define EV_SET(kevp, a, b, c, d, e, f)  \
do {\
(kevp)->ident = (a);\
(kevp)->filter = (b);   \
(kevp)->flags = (c);\
(kevp)->fflags = (d);   \
(kevp)->data = (e); \
(kevp)->udata = (f);\
} while (/* CONSTCOND */ 0)

This resulted in heap damage, as keyp was incremented every time value was
assigned to (keyp)->.

[...]

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/sys/event.h.diff?r1=1.26=1.27_with_tag=MAIN=h

[2]
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/sys/event.h?annotate=1.23



signature.asc
Description: OpenPGP digital signature

Re: let's add PF_LOCK()

2017-05-31 Thread Martin Pieuchot 
On 30/05/17(Tue) 20:31, Alexandr Nedvedicky wrote:
> Hello Martin,
> 
> 
> > >   rw_exit_write();
> > >   export_pflow(cur);
> > >   rw_enter_write();
> > > + rw_enter_write(_lock);
> > >   }
> > 
> > This is not needed, you're not diffing against the latest version of
> > net/pf.c.
> 
> indeed my tree is old by couple hours.
> 
> > 
> > > +extern struct rwlock pf_lock;
> > > +
> > > +#define PF_LOCK(s)   do {\
> > > + NET_ASSERT_LOCKED();\
> > > + rw_enter_write(_lock);   \
> > > + s = splsoftnet();   \
> > > + } while (0)
> > 
> > There's no need for splsoftnet()/splx() nor splsoftassert(). 
> 
> O.K. removed, the 'intspl;' at pf.c is also gone now.
> 
> thank you for looking at my changes. updated diff is further below

Could you you make 2 definitions for the lock?  It doesn't make sense
to enable them by default for now.  I'd like to see you diff committed
now with empty defines and an easy way to enable it.

That means ok mpi@ if the defines to not take/release locks by default.

> 
> regards
> sasha
> 8<---8<---8<--8<
> diff -r 85b6b6ce74cd .hgtags
> --- /dev/null Thu Jan 01 00:00:00 1970 +
> +++ b/.hgtags Tue May 30 20:27:43 2017 +0200
> @@ -0,0 +1,1 @@
> +d545881e2652dbc0c057691a39a095bce92f441f pf-lock.baseline
> diff -r 85b6b6ce74cd src/sys/net/pf.c
> --- a/src/sys/net/pf.cTue May 30 20:11:44 2017 +0200
> +++ b/src/sys/net/pf.cTue May 30 20:27:43 2017 +0200
> @@ -923,7 +923,7 @@ int
>  pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skw,
>  struct pf_state_key **sks, struct pf_state *s)
>  {
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>   s->kif = kif;
>   if (*skw == *sks) {
> @@ -1186,7 +1186,7 @@ pf_purge_expired_rules(void)
>  {
>   struct pf_rule  *r;
>  
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>   if (SLIST_EMPTY(_rule_gcl))
>   return;
> @@ -1207,6 +1207,7 @@ pf_purge_thread(void *v)
>   tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
>  
>   NET_LOCK(s);
> + PF_LOCK();
>  
>   /* process a fraction of the state table every second */
>   pf_purge_expired_states(1 + (pf_status.states
> @@ -1214,13 +1215,20 @@ pf_purge_thread(void *v)
>  
>   /* purge other expired types every PFTM_INTERVAL seconds */
>   if (++nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
> - pf_purge_expired_fragments();
>   pf_purge_expired_src_nodes(0);
>   pf_purge_expired_rules();
> + }
> +
> + PF_UNLOCK();
> + NET_UNLOCK(s);
> +
> + /*
> +  * Fragments don't require PF_LOCK(), they use their own mutex.
> +  */
> + if (nloops >= pf_default_rule.timeout[PFTM_INTERVAL]) {
> + pf_purge_expired_fragments();
>   nloops = 0;
>   }
> -
> - NET_UNLOCK(s);
>   }
>  }
>  
> @@ -1267,7 +1275,7 @@ pf_purge_expired_src_nodes(void)
>  {
>   struct pf_src_node  *cur, *next;
>  
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>   for (cur = RB_MIN(pf_src_tree, _src_tracking); cur; cur = next) {
>   next = RB_NEXT(pf_src_tree, _src_tracking, cur);
> @@ -1303,7 +1311,7 @@ pf_src_tree_remove_state(struct pf_state
>  void
>  pf_remove_state(struct pf_state *cur)
>  {
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>   /* handle load balancing related tasks */
>   pf_postprocess_addr(cur);
> @@ -1320,7 +1328,6 @@ pf_remove_state(struct pf_state *cur)
>   }
>   RB_REMOVE(pf_state_tree_id, _id, cur);
>  #if NPFLOW > 0
> - if (cur->state_flags & PFSTATE_PFLOW)
>   export_pflow(cur);
>  #endif   /* NPFLOW > 0 */
>  #if NPFSYNC > 0
> @@ -1350,7 +1357,7 @@ pf_free_state(struct pf_state *cur)
>  {
>   struct pf_rule_item *ri;
>  
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>  #if NPFSYNC > 0
>   if (pfsync_state_in_use(cur))
> @@ -1386,7 +1393,7 @@ pf_purge_expired_states(u_int32_t maxche
>   static struct pf_state  *cur = NULL;
>   struct pf_state *next;
>  
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>  
>   while (maxcheck--) {
>   /* wrap to start of list when we hit the end */
> @@ -3146,13 +3153,13 @@ pf_socket_lookup(struct pf_pdesc *pd)
>   case IPPROTO_TCP:
>   sport = pd->hdr.tcp.th_sport;
>   dport = pd->hdr.tcp.th_dport;
> - NET_ASSERT_LOCKED();
> + PF_ASSERT_LOCKED();
>   tb = 
>   break;
>   case IPPROTO_UDP:
>   sport = pd->hdr.udp.uh_sport;
>   dport = pd->hdr.udp.uh_dport;
> -

Re: Unlock IP forwarding paths

2017-05-31 Thread Martin Pieuchot 
On 31/05/17(Wed) 00:20, Alexander Bluhm wrote:
> On Tue, May 30, 2017 at 10:12:39PM +0200, Alexander Bluhm wrote:
> > On Tue, May 30, 2017 at 10:04:14PM +0200, Alexander Bluhm wrote:
> > > On Tue, May 30, 2017 at 11:48:50AM +0200, Martin Pieuchot wrote:
> > > > Hrvoje Popovski found that ip{,6}_send_dispatch() also need the IPsec
> > > > dance.
> > > > 
> > > > Updated diff below.
> > > 
> > > I have tests this diff with my ipsec regress and a non-MP kernel.
> > > It crashed.
> > 
> > Same crash on i386 with GENERIC.MP.
> 
> Found it, you forgot to remove one if_put().  This fixes both crashes.

Thanks, I just committed it with this tweak.

> 
> bluhm
> 
> --- netinet6/ip6_input.c
> +++ netinet6/ip6_input.c
> @@ -500,7 +500,6 @@ ipv6_input(struct ifnet *ifp, struct mbuf *m)
>  #endif /* IPSEC */
>  
>   ip6_forward(m, rt, srcrt);
> - if_put(ifp);
>   return;
>   bad:
>   m_freem(m);
>