[PATCH] www/books.html - SSH Mastery, 2nd Edition has now been released

[Raf Czlonka]

Hi all,

An update of the "SSH Mastery" book entry to its 2nd edition.

While there, I moved its subtitle up, where it belongs, and swapped
ISBN 10 and 13 to keep it consistent with other books.

I had also taken the liberty to update:

- release date of Peter N. M. Hansteen's Book of PF
- included ISBN-10 for Michael W. Lucas's Absolute OpenBSD
- updated links to both of these books - saves a redirect

I could send the diff for these separately if need be.

Cheers,

Raf

Index: books.html
===
RCS file: /cvs/www/books.html,v
retrieving revision 1.114
diff -u -p -r1.114 books.html
--- books.html  13 Nov 2017 06:42:06 -  1.114
+++ books.html  15 Feb 2018 05:12:48 -
@@ -56,7 +56,7 @@ A No-Nonsense Guide to the OpenBSD Firew
 by Peter N. M. Hansteen
 ISBN-10: 1-59327-589-7
 ISBN-13: 978-1-59327-589-1
-Copyright 2015.
+October 2014, 248 pp.
 
 The first sentence of this book is "This is a book about building the 
 network you need." Taking it from there, Peter walks you through the whys 
@@ -68,27 +68,28 @@ load balancing with "self-healing" netwo
 problems such as DoS attempts and spamming.  A basic understanding of TCP/IP 
 and some Unix knowledge is assumed.
 The official book website for a sample chapter, table of contents and errata 
-can be found http://www.nostarch.com/pf3;>here.
+can be found https://nostarch.com/pf3;>here.
 
 
-SSH Mastery
+SSH Mastery, 2nd Edition
+OpenSSH, PuTTY, Tunnels and Keys
 by Michael W. Lucas
-ISBN-13: 978-1470069711
-ISBN-10: 1470069717 
-February 2012, 145 pp.
-OpenSSH, PuTTY, Tunnels, and Keys 
+ISBN-10: 1642350028
+ISBN-13: 978-1642350029
+February 2018, 242 pp.
 
 A guide to what you need to know about SSH. This book will help you
 eliminate passwords on your network, tunnel unencrypted protocols
 through secure channels, build VPNs with OpenSSH, and more. Focuses on
 the OpenSSH server, the OpenSSH client, and the PuTTY client.
 Michael W. Lucas is the author of Absolute OpenBSD and other BSD books.
-The official SSH Mastery website is
-https://www.michaelwlucas.com/nonfiction/ssh-mastery;>here.
+The official SSH Mastery 2nd edition website is
+https://www.michaelwlucas.com/tools/ssh;>here.
 
 
 Absolute OpenBSD. 2nd Edition!
 by Michael W. Lucas
+ISBN-10: 1593274769
 ISBN-13: 978-1-59327-476-4
 April 2013, 536 pp.
 
@@ -96,8 +97,7 @@ Michael W. Lucas brings us the long anti
 wildly successful book about using OpenBSD.  This book covers all aspects of 
 the OpenBSD system for new UNIX and BSD users alike.
 The official Absolute OpenBSD 2nd edition website is
-https://www.michaelwlucas.com/nonfiction/absolute-openbsd-2nd-edition;>
-here.
+https://www.michaelwlucas.com/os/ao2e;>here.
 
 
 

add [-]tunneldf to allow/disallow fragmentation in tunnel protocols

[David Gwynne]

sometimes you want to avoid fragmentation of the encapsulated traffic, and this 
gives up the option to prevent fragmentation.

the diff includes updating etherip to show how it is used, but if
this goes through i'll update gre/egre, gif, and maybe vxlan.

# ifconfig etherip0
etherip0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:d4:dd
index 8 priority 0 llprio 3
groups: etherip
media: Ethernet autoselect
status: active
tunnel: inet 192.168.0.1 -> 192.168.1.1 nodf

if you tcpdump that traffic:

12:22:07.929427 etherip 192.168.0.1 > 192.168.1.1 ver 3 len 44: arp who-has 
100.64.9.3 tell 100.64.9.1 (fe:e1:ba:d1:56:5d) [tos 0x10] [ttl 0]

# ifconfig etherip0 tunneldf
# ifconfig etherip0
etherip0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:d4:dd
index 8 priority 0 llprio 3
groups: etherip
media: Ethernet autoselect
status: active
tunnel: inet 192.168.0.1 -> 192.168.1.1 df

note the DF flag in tcpdump now:

12:21:11.924485 etherip 192.168.0.1 > 192.168.1.1 ver 3 len 44: arp who-has 
100.64.9.2 tell 100.64.9.1 (fe:e1:ba:d1:56:5d) (DF) [tos 0x10] [ttl 0]

ok?

Index: sbin/ifconfig/ifconfig.8
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.299
diff -u -p -r1.299 ifconfig.8
--- sbin/ifconfig/ifconfig.815 Feb 2018 04:21:46 -  1.299
+++ sbin/ifconfig/ifconfig.815 Feb 2018 04:22:52 -
@@ -1603,6 +1603,7 @@ for a complete list of the available pro
 .Op Oo Fl Oc Ns Cm keepalive Ar period count
 .Op Oo Fl Oc Ns Cm tunnel Ar src_address dest_address
 .Op Cm tunneldomain Ar tableid
+.Op Oo Fl Oc Ns Cm tunneldf
 .Op Cm tunnelttl Ar ttl
 .Op Oo Fl Oc Ns Cm vnetid Ar network-id
 .Ek
@@ -1654,6 +1655,10 @@ interface itself.
 .Ar tableid
 can be set to any valid routing table ID;
 the corresponding routing domain is derived from this table.
+.It Cm tunneldf
+Do not allow fragmentation of encapsulated packets.
+.It Cm -tunneldf
+Allow fragmentation of the encapsulated packets. 
 .It Cm tunnelttl Ar ttl
 Set the IP or multicast TTL of the tunnel packets.
 If supported by the tunnel protocol,
Index: sbin/ifconfig/ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.357
diff -u -p -r1.357 ifconfig.c
--- sbin/ifconfig/ifconfig.c10 Feb 2018 05:55:26 -  1.357
+++ sbin/ifconfig/ifconfig.c15 Feb 2018 04:22:52 -
@@ -252,6 +252,8 @@ voidsetpfsync_syncpeer(const char *, in
 void   unsetpfsync_syncpeer(const char *, int);
 void   setpfsync_defer(const char *, int);
 void   pfsync_status(void);
+void   settunneldf(const char *, int);
+void   settunnelnodf(const char *, int);
 void   setpppoe_dev(const char *,int);
 void   setpppoe_svc(const char *,int);
 void   setpppoe_ac(const char *,int);
@@ -434,6 +436,8 @@ const structcmd {
{ "deletetunnel",  0,   0,  deletetunnel },
{ "tunneldomain", NEXTARG,  0,  settunnelinst },
{ "tunnelttl",  NEXTARG,0,  settunnelttl },
+   { "tunneldf",   0,  0,  settunneldf },
+   { "-tunneldf",  0,  0,  settunnelnodf },
{ "pppoedev",   NEXTARG,0,  setpppoe_dev },
{ "pppoesvc",   NEXTARG,0,  setpppoe_svc },
{ "-pppoesvc",  1,  0,  setpppoe_svc },
@@ -2750,6 +2754,10 @@ phys_status(int force)
else if (ifr.ifr_ttl > 0)
printf(" ttl %d", ifr.ifr_ttl);
}
+
+   if (ioctl(s, SIOCGLIFPHYDF, (caddr_t)) == 0)
+   printf(" %s", ifr.ifr_df ? "df" : "nodf");
+
 #ifndef SMALL
if (ioctl(s, SIOCGLIFPHYRTABLE, (caddr_t)) == 0 &&
(rdomainid != 0 || ifr.ifr_rdomainid != 0))
@@ -3283,6 +3291,24 @@ settunnelttl(const char *id, int param)
ifr.ifr_ttl = ttl;
if (ioctl(s, SIOCSLIFPHYTTL, (caddr_t)) < 0)
warn("SIOCSLIFPHYTTL");
+}
+
+void
+settunneldf(const char *ignored, int alsoignored)
+{
+   strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+   ifr.ifr_df = 1;
+   if (ioctl(s, SIOCSLIFPHYDF, (caddr_t)) < 0)
+   warn("SIOCSLIFPHYDF");
+}
+
+void
+settunnelnodf(const char *ignored, int alsoignored)
+{
+   strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+   ifr.ifr_df = 0;
+   if (ioctl(s, SIOCSLIFPHYDF, (caddr_t)) < 0)
+   warn("SIOCSLIFPHYDF");
 }
 
 void
Index: sys/net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.544
diff -u -p -r1.544 if.c
--- sys/net/if.c10 Feb 2018 09:32:54 -  1.544
+++ sys/net/if.c15 Feb 2018 04:22:52 -
@@ 

Re: use the link0 flag on gre(4) interfaces to allow WCCP

[Jonathan Gray]

On Thu, Feb 15, 2018 at 01:00:53PM +1000, David Gwynne wrote:
> the subject says it all. this also tweaks the wccp code to sneak a
> look inside the payload to see if it is ipv4 or not. the wccp
> protocol specifies values for the bits that overlap the ipv4 version
> nibble that cannot be set to 4, so if it isn't 4 we can assume it is
> the wccp header.
> 
> in the future i would like to deprecate the sysctl.
> 
> ok?

Aren't LINK* flags something to be replaced not added?

ie, gre used to use LINK0 to pick between gre/mobileip until:

revision 1.80
date: 2016/08/31 15:00:02;  author: reyk;  state: Exp;  lines: +15 -7;  
commitid: 7HICEJ2aTYkrMgNF;
Split gre(4) into two interfaces: gre(4) and mobileip(4).

Like vlan/svlan and tun/tap, it remains a single driver that decides
on the mode based on the interface name.  This removes the need for
removing the default link0 flag to turn gre into Mobile IP mode.
Using linkX / IFF_LINK{0,1,2} for interface modes is a deprecated style.

OK millert@ dlg@ many

Not much consensus on the name but mobileip is also used for the sysctls, so
OK henning@

> 
> Index: sys/net/if_gre.c
> ===
> RCS file: /cvs/src/sys/net/if_gre.c,v
> retrieving revision 1.101
> diff -u -p -r1.101 if_gre.c
> --- sys/net/if_gre.c  15 Feb 2018 01:03:17 -  1.101
> +++ sys/net/if_gre.c  15 Feb 2018 02:55:33 -
> @@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *off
>   if (sc == NULL)
>   goto decline;
>  
> + ifp = >sc_if;
> +
>   switch (gh->gre_proto) {
> - case htons(GRE_WCCP):
> + case htons(GRE_WCCP): {
> + struct mbuf *n;
> + int off;
> +
>   /* WCCP/GRE:
>*   So far as I can see (and test) it seems that Cisco's WCCP
>*   GRE tunnel is precisely a IP-in-GRE tunnel that differs
> @@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *off
>*   the following:
>* draft-forster-wrec-wccp-v1-00.txt
>* draft-wilson-wrec-wccp-v2-01.txt
> -  *
> -  *   So yes, we're doing a fall-through (unless, of course,
> -  *   net.inet.gre.wccp is 0).
>*/
> - switch (gre_wccp) {
> - case 1:
> - break;
> - case 2:
> - hlen += sizeof(gre_wccp);
> - break;
> - case 0:
> - default:
> +
> + if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0))
>   goto decline;
> - }
> +
> + /*
> +  * If the first nibble of the payload does not look like
> +  * IPv4, assume it is WCCP v2.
> +  */
> + n = m_getptr(m, hlen, );
> + if (n == NULL)
> + goto decline;
> + if (n->m_data[off] >> 4 != IPVERSION)
> + hlen += sizeof(gre_wccp);
>  
>   /* FALLTHROUGH */
> + }
>   case htons(ETHERTYPE_IP):
>  #if NBPFILTER > 0
>   bpf_af = AF_INET;
> @@ -628,8 +634,6 @@ gre_input_key(struct mbuf **mp, int *off
>   default:
>   goto decline;
>   }
> -
> - ifp = >sc_if;
>  
>   m_adj(m, hlen);
>  
> Index: share/man/man4/gre.4
> ===
> RCS file: /cvs/src/share/man/man4/gre.4,v
> retrieving revision 1.54
> diff -u -p -r1.54 gre.4
> --- share/man/man4/gre.4  15 Feb 2018 02:09:21 -  1.54
> +++ share/man/man4/gre.4  15 Feb 2018 02:55:33 -
> @@ -112,6 +112,10 @@ virtual network idenfitier.
>  .Nm gre
>  optionally supports sending keepalive packets to the remote endpoint,
>  which allows tunnel failure to be detected.
> +.Nm gre
> +interfaces can be individually configured to receive WCCP packets by
> +setting the link-level flag
> +.Cm link0 .
>  .Sh EXAMPLES
>  .Nm gre
>  Configuration example:
> 

use the link0 flag on gre(4) interfaces to allow WCCP

[David Gwynne]

the subject says it all. this also tweaks the wccp code to sneak a
look inside the payload to see if it is ipv4 or not. the wccp
protocol specifies values for the bits that overlap the ipv4 version
nibble that cannot be set to 4, so if it isn't 4 we can assume it is
the wccp header.

in the future i would like to deprecate the sysctl.

ok?

Index: sys/net/if_gre.c
===
RCS file: /cvs/src/sys/net/if_gre.c,v
retrieving revision 1.101
diff -u -p -r1.101 if_gre.c
--- sys/net/if_gre.c15 Feb 2018 01:03:17 -  1.101
+++ sys/net/if_gre.c15 Feb 2018 02:55:33 -
@@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *off
if (sc == NULL)
goto decline;
 
+   ifp = >sc_if;
+
switch (gh->gre_proto) {
-   case htons(GRE_WCCP):
+   case htons(GRE_WCCP): {
+   struct mbuf *n;
+   int off;
+
/* WCCP/GRE:
 *   So far as I can see (and test) it seems that Cisco's WCCP
 *   GRE tunnel is precisely a IP-in-GRE tunnel that differs
@@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *off
 *   the following:
 * draft-forster-wrec-wccp-v1-00.txt
 * draft-wilson-wrec-wccp-v2-01.txt
-*
-*   So yes, we're doing a fall-through (unless, of course,
-*   net.inet.gre.wccp is 0).
 */
-   switch (gre_wccp) {
-   case 1:
-   break;
-   case 2:
-   hlen += sizeof(gre_wccp);
-   break;
-   case 0:
-   default:
+
+   if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0))
goto decline;
-   }
+
+   /*
+* If the first nibble of the payload does not look like
+* IPv4, assume it is WCCP v2.
+*/
+   n = m_getptr(m, hlen, );
+   if (n == NULL)
+   goto decline;
+   if (n->m_data[off] >> 4 != IPVERSION)
+   hlen += sizeof(gre_wccp);
 
/* FALLTHROUGH */
+   }
case htons(ETHERTYPE_IP):
 #if NBPFILTER > 0
bpf_af = AF_INET;
@@ -628,8 +634,6 @@ gre_input_key(struct mbuf **mp, int *off
default:
goto decline;
}
-
-   ifp = >sc_if;
 
m_adj(m, hlen);
 
Index: share/man/man4/gre.4
===
RCS file: /cvs/src/share/man/man4/gre.4,v
retrieving revision 1.54
diff -u -p -r1.54 gre.4
--- share/man/man4/gre.415 Feb 2018 02:09:21 -  1.54
+++ share/man/man4/gre.415 Feb 2018 02:55:33 -
@@ -112,6 +112,10 @@ virtual network idenfitier.
 .Nm gre
 optionally supports sending keepalive packets to the remote endpoint,
 which allows tunnel failure to be detected.
+.Nm gre
+interfaces can be individually configured to receive WCCP packets by
+setting the link-level flag
+.Cm link0 .
 .Sh EXAMPLES
 .Nm gre
 Configuration example:

Re: deprecate sysctl net.inet.{etherip,gre,mobileip}.allow

[David Gwynne]

> On 14 Feb 2018, at 20:03, Stuart Henderson  wrote:
> 
> On 2018/02/14 18:05, David Gwynne wrote:
>> i dont understand the usefulness of the sysctls to turn etherip,
>> gre, and mobileip handling on. if you arent going to handle etherip,
>> gre, or mobileip, just dont create interfaces to handle them.
>> 
>> for now, this dummies up handling of the sysctls by letting userland
>> read that theyre allowed, but allow is readonly.
> 
> The etherip one is really "allow unprotected etherip" to give a foolproof
> way of ensuring it only works over ipsec by default. (otherwise you need
> to know about if-bound states in pf).

grumble grumble. id argue there are similar concerns for traffic over vxlan, 
tun, and tap, but they lack a magic sysctl.

ipsec.conf includes a "PACKET FILTERING" section that discusses this for 
ipencap, we could point etherip.4 at that or move this kind of into the pf.conf 
manpage.

another interesting idea would be to have tunnel interfaces take a "tagged" 
configuration option that would allow them to check that their encapsulated 
traffic has been tagged by some other subsystem, like ipsec or pf.

dlg

mpath cloning routes and cloned routes

[Florian Riehm]

Hi,

If we delete cloning routes, we also delete their cloned routes.
This doesn't make sense if we delete a multipath cloning route and may result in
broken gateway routes:

# netstat -rn | grep 192.168.178
default192.168.178.1  UGS5 4939 -12 iwn0 
192.168.178/24 192.168.178.52 UCPn   1   51 - 8 iwn0 
192.168.178/24 192.168.178.53 UCPn   00 - 8 iwn0 
192.168.178.1  34:31:c4:24:83:d4  UHLch  1  118 - 7 iwn0 
192.168.178.52 a4:4e:31:38:70:7c  UHLl   0 3749 - 1 iwn0 
192.168.178.53 a4:4e:31:38:70:7c  UHLl   00 - 1 iwn0 
192.168.178.255192.168.178.52 UHPb   00 - 1 iwn0 
192.168.178.255192.168.178.53 UHPb   00 - 1 iwn0 
As you can see above, iwn0 has 192.168.178.52/24 and 192.168.178.53/24 assigned
and therefore we have 2 mpath cloning routes (P). Their is a cloned route to
192.168.178.1 with RTF_CACHED (h) to reach the default gateway.

# ifconfig iwn0 inet 192.168.178.53 delete
# netstat -rn | grep 192.168.178
default192.168.178.1  UGS5 4955 -12 iwn0 
192.168.178/24 192.168.178.52 UCn0   51 - 8 iwn0 
192.168.178.52 a4:4e:31:38:70:7c  UHLl   0 3754 - 1 iwn0 
192.168.178.255192.168.178.52 UHb00 - 1 iwn0 
Now 192.168.178.53/24 was deleted, therefore the cloned route to the gateway
(192.168.178.1) is also gone and the default route is 'broken':

# ping 8.8.8.8
# dmesg | tail
arpresolve: 192.168.178.1: route contains no arp information
arpresolve: 192.168.178.1: route contains no arp information
arpresolve: 192.168.178.1: route contains no arp information
arpresolve: 192.168.178.1: route contains no arp information

I think there is no need to delete cloned routes as long as we don't delete
the last cloning route to a network.

ok?

friehm

Index: sys/net/route.c
===
RCS file: /home/friehm/repos/openbsd-cvs/cvs/src/sys/net/route.c,v
retrieving revision 1.371
diff -u -p -r1.371 route.c
--- sys/net/route.c 10 Feb 2018 09:17:56 -  1.371
+++ sys/net/route.c 14 Feb 2018 09:37:29 -
@@ -781,7 +781,7 @@ rtrequest_delete(struct rt_addrinfo *inf
rt_putgwroute(rt);
 
/* Clean up any cloned children. */
-   if (ISSET(rt->rt_flags, RTF_CLONING))
+   if (ISSET(rt->rt_flags, RTF_CLONING) && !ISSET(rt->rt_flags, RTF_MPATH))
rtflushclone(tableid, rt);
 
rtfree(rt->rt_parent);

hostapd: account for subseconds when checking rule rates

[Scott Cheloha]

Hi,

You need to account for subsecond differences when evaluating
a rule rate, otherwise you'll reset f_rate_cnt prematurely in
some cases.

e.g.:

t_now = { .tv_sec = 100, .tv_usec = 25 };
frame->f_last = { .tv_sec = 99, .tv_usec = 75 };
frame->f_rate_intval = 1;

/* true */
t_now.tv_sec - frame->f_last.tv_sec >= frame->f_rate_intval

/* and yet ... */
struct timeval t_diff;
timersub(_now, >f_last, _diff);

/* also true */
t_diff.tv_sec < frame->f_rate_intval

ok?

--
Scott Cheloha

Index: usr.sbin/hostapd/handle.c
===
RCS file: /cvs/src/usr.sbin/hostapd/handle.c,v
retrieving revision 1.12
diff -u -p -r1.12 handle.c
--- usr.sbin/hostapd/handle.c   16 Jan 2015 06:40:17 -  1.12
+++ usr.sbin/hostapd/handle.c   14 Feb 2018 19:34:49 -
@@ -114,7 +114,7 @@ hostapd_handle_frame(struct hostapd_apme
struct hostapd_ieee80211_frame *mh;
struct hostapd_radiotap rtap;
u_int8_t *wfrom, *wto, *wbssid;
-   struct timeval t_now;
+   struct timeval t_diff, t_now;
u_int32_t flags;
int offset, min_rate = 0, val;
 
@@ -247,7 +247,8 @@ hostapd_handle_frame(struct hostapd_apme
 
/* Handle optional minimal rate */
if (frame->f_rate && frame->f_rate_intval) {
-   frame->f_rate_delay = t_now.tv_sec - frame->f_last.tv_sec;
+   timersub(_now, >f_last, _diff);
+   frame->f_rate_delay = t_diff.tv_sec;
if (frame->f_rate_delay < frame->f_rate_intval) {
frame->f_rate_cnt++;
if (frame->f_rate_cnt < frame->f_rate)

sleep(1): cleanup and style(9)

[Scott Cheloha]

Roughly top to bottom:

  - Sort includes alphabetically
  - Ditch __progname for getprogname(3)
  - Sort prototypes alphabetically
  - usage() is __dead
  - Sort stack variables by size (?), then alphabetically (?)
 * I have no idea if I did this right, but it looks
   cleaner than before.
 * Don't sizes vary by architecture?  At least for pointers?
 * Alphabetically by type name and then by variable name?
   Some other scheme?  style(9) seems to contradict itself
   here in the example.
  - rqtp -> timeout, to match nanosleep(2) manpage
  - t -> tsecs, more obvious
  - Don't initialize variables in the declaration block
  - Brace the getopt switch statement
  - Use for loops in lieu of while loops to initialize
and iterate cp
 * I don't think it clarifies things in the first
   nanosecond loop, so that's unchanged
  - Check explicitly for -1 on nanosleep's return
  - No need to (void) the fprintf in usage()
  - POSIX.2 was consolidated into POSIX.1 after 1997
  - sleep(1) *may* exit 0 when it gets a SIGALRM: it's allowed
to do other things, too
  - No more lint: drop ARGSUSED
  - _exit(2)ing from a signal handler is (now) a well-known
practice, no need to explain

ok?

--
Scott Cheloha

Index: bin/sleep/sleep.c
===
RCS file: /cvs/src/bin/sleep/sleep.c,v
retrieving revision 1.26
diff -u -p -r1.26 sleep.c
--- bin/sleep/sleep.c   4 Feb 2018 02:18:15 -   1.26
+++ bin/sleep/sleep.c   14 Feb 2018 17:12:52 -
@@ -31,52 +31,51 @@
  */
 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
-#include 
 
-extern char *__progname;
-
-void usage(void);
 void alarmh(int);
+void __dead usage(void);
 
 int
 main(int argc, char *argv[])
 {
-   int ch;
-   time_t secs = 0, t;
+   struct timespec timeout;
+   time_t secs, tsecs;
+   long nsecs;
char *cp;
-   long nsecs = 0;
-   struct timespec rqtp;
-   int i;
+   int ch, i;
+
+   secs = nsecs = 0;
 
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
 
signal(SIGALRM, alarmh);
 
-   while ((ch = getopt(argc, argv, "")) != -1)
+   while ((ch = getopt(argc, argv, "")) != -1) {
switch(ch) {
default:
usage();
}
+   }
argc -= optind;
argv += optind;
 
if (argc != 1)
usage();
 
-   cp = *argv;
-   while ((*cp != '\0') && (*cp != '.')) {
+   for (cp = *argv; *cp != '\0' && *cp != '.'; cp++) {
if (!isdigit((unsigned char)*cp))
errx(1, "seconds is invalid: %s", *argv);
-   t = (secs * 10) + (*cp++ - '0');
-   if (t / 10 != secs) /* oflow */
+   tsecs = (secs * 10) + (*cp - '0');
+   if (tsecs / 10 != secs) /* overflow */
errx(1, "seconds is too large: %s", *argv);
-   secs = t;
+   secs = tsecs;
}
 
/* Handle fractions of a second */
@@ -95,8 +94,8 @@ main(int argc, char *argv[])
 * in the above for loop. Be pedantic about
 * checking the rest of the argument.
 */
-   while (*cp != '\0') {
-   if (!isdigit((unsigned char)*cp++))
+   for (; *cp != '\0'; cp++) {
+   if (!isdigit((unsigned char)*cp))
errx(1, "seconds is invalid: %s", *argv);
}
}
@@ -108,38 +107,32 @@ main(int argc, char *argv[])
 * calls if we have more than that.
 */
if (secs > 1) {
-   rqtp.tv_sec = 1;
-   rqtp.tv_nsec = 0;
+   timeout.tv_sec = 1;
+   timeout.tv_nsec = 0;
} else {
-   rqtp.tv_sec = secs;
-   rqtp.tv_nsec = nsecs;
+   timeout.tv_sec = secs;
+   timeout.tv_nsec = nsecs;
}
-   if (nanosleep(, NULL))
-   err(1, NULL);
-   secs -= rqtp.tv_sec;
-   nsecs -= rqtp.tv_nsec;
+   if (nanosleep(, NULL) == -1)
+   err(1, "nanosleep");
+   secs -= timeout.tv_sec;
+   nsecs -= timeout.tv_nsec;
}
return (0);
 }
 
-void
+void __dead
 usage(void)
 {
-   (void)fprintf(stderr, "usage: %s seconds\n", __progname);
+   fprintf(stderr, "usage: %s seconds\n", getprogname());
exit(1);
 }
 
 /*
- * POSIX 1003.2 says sleep should exit with 0 return code on reception
- * of SIGALRM.
+ * POSIX.1 says sleep may exit with status 0 upon receipt of SIGALRM.
  */
-/* ARGSUSED */
 void
 alarmh(int signo)
 {
-   /*
-* exit() flushes stdio buffers, which 

left shift of negative (-1 << ...)

[coypu]

Hi,

Please apply the following or a variation, thanks.

diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c
index 046fde685..6f4feff84 100644
--- a/sys/arch/amd64/amd64/identcpu.c
+++ b/sys/arch/amd64/amd64/identcpu.c
@@ -804,7 +804,7 @@ cpu_topology(struct cpu_info *ci)
core_mask ^= smt_mask;
/* Pkg */
pkg_bits = core_bits + smt_bits;
-   pkg_mask = -1 << core_bits;
+   pkg_mask = ~0U << core_bits;
 
ci->ci_smt_id = apicid & smt_mask;
ci->ci_core_id = (apicid & core_mask) >> smt_bits;
diff --git a/sys/arch/hppa/hppa/db_disasm.c b/sys/arch/hppa/hppa/db_disasm.c
index 071f91235..51c4d641d 100644
--- a/sys/arch/hppa/hppa/db_disasm.c
+++ b/sys/arch/hppa/hppa/db_disasm.c
@@ -867,11 +867,11 @@ struct majoropcode {
 #defineIm11(i) (Im11S(i) ?   Im11M(i) | (-1<<10) : Im11M(i))
 
 #defineBdisp(i)((OffS(i) ? (Off5(i)<<11 | 
Off11L(i)<<10|Off11H(i)) \
-/* branch displacement (bytes) */  | (-1 << 16)\
+/* branch displacement (bytes) */  | (~0U << 16)   \
  : (Off5(i)<<11|Off11L(i)<<10|Off11H(i))) << 2)
 
 #defineCbdisp(i)   ((OffS(i) ?   (Off11L(i) << 10 | Off11H(i)) \
- /* compare/branch disp (bytes) */ | (-1 << 11)\
+ /* compare/branch disp (bytes) */ | (~0U << 11)   \
  :Off11L(i) << 10 | Off11H(i)) << 2)
 
 #defineSr(i)   (SrH(i)<<2 | SrL(i))
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index bc93e8709..440759ee9 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c
@@ -1028,7 +1028,7 @@ pfr_prepare_network(union sockaddr_union *sa, int af, int 
net)
case AF_INET:
sa->sin.sin_len = sizeof(sa->sin);
sa->sin.sin_family = AF_INET;
-   sa->sin.sin_addr.s_addr = net ? htonl(-1 << (32-net)) : 0;
+   sa->sin.sin_addr.s_addr = net ? htonl(~0U << (32-net)) : 0;
break;
 #ifdef INET6
case AF_INET6:
@@ -1037,7 +1037,7 @@ pfr_prepare_network(union sockaddr_union *sa, int af, int 
net)
for (i = 0; i < 4; i++) {
if (net <= 32) {
sa->sin6.sin6_addr.s6_addr32[i] =
-   net ? htonl(-1 << (32-net)) : 0;
+   net ? htonl(~0U << (32-net)) : 0;
break;
}
sa->sin6.sin6_addr.s6_addr32[i] = 0x;

patch: file(1) imsg_compose receives -1 cast to uint32_t

[Abel Abraham Camarillo Ojeda]

as shown in patch imsg_compose receives -1 as type and peerid
argument to imsg_compose, according to imsg_compose definition:

 int
 imsg_compose(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid,
 pid_t pid, int fd, const void *data, uint16_t datalen);


So 4294967295 is used as special value when maybe 0 should be used?

regress ok on amd64, patch inline and attached in case of mangling

Index: file.c
===
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.66
diff -u -p -r1.66 file.c
--- file.c  15 Jan 2018 19:45:51 -  1.66
+++ file.c  14 Feb 2018 16:02:46 -
@@ -280,7 +280,7 @@ prepare_message(struct input_msg *msg, i
 static void
 send_message(struct imsgbuf *ibuf, void *msg, size_t msglen, int fd)
 {
-   if (imsg_compose(ibuf, -1, -1, 0, fd, msg, msglen) != 1)
+   if (imsg_compose(ibuf, 0, 0, 0, fd, msg, msglen) != 1)
err(1, "imsg_compose");
if (imsg_flush(ibuf) != 0)
err(1, "imsg_flush");
Index: file.c
===
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.66
diff -u -p -r1.66 file.c
--- file.c	15 Jan 2018 19:45:51 -	1.66
+++ file.c	14 Feb 2018 16:02:46 -
@@ -280,7 +280,7 @@ prepare_message(struct input_msg *msg, i
 static void
 send_message(struct imsgbuf *ibuf, void *msg, size_t msglen, int fd)
 {
-	if (imsg_compose(ibuf, -1, -1, 0, fd, msg, msglen) != 1)
+	if (imsg_compose(ibuf, 0, 0, 0, fd, msg, msglen) != 1)
 		err(1, "imsg_compose");
 	if (imsg_flush(ibuf) != 0)
 		err(1, "imsg_flush");

patch: imsg_init.3 fixes

[Abel Abraham Camarillo Ojeda]

Match description arguments with synopsis arguments, and
fix style of one function argument description typesetted as .Fn instead of .Fa

Also, .Sh DESCRIPTION differes form .Sh BUFFERS in that
description functions refer (.Fa) argument types but in BUFFERS
function refer (.Fa) to argument names, and confuses me
now that I'm trying to learn about imsg, a patch for that would
be ok?

patch inline and attached in case of mangling.

thanks

Index: imsg_init.3
===
RCS file: /cvs/src/lib/libutil/imsg_init.3,v
retrieving revision 1.20
diff -u -p -r1.20 imsg_init.3
--- imsg_init.3 6 Dec 2017 12:07:08 - 1.20
+++ imsg_init.3 14 Feb 2018 14:42:26 -
@@ -181,17 +181,17 @@ returns a pointer to a new message if it
 .Pp
 .Fn imsg_add
 appends to
-.Fa imsg
-.Fa len
+.Fa ibuf
+.Fa datalen
 bytes of ancillary data pointed to by
-.Fa buf .
+.Fa data .
 It returns
 .Fa len
 if it succeeds, \-1 otherwise.
 .Pp
 .Fn imsg_close
 completes creation of
-.Fa imsg
+.Fa ibuf
 by adding it to
 .Fa imsgbuf
 output buffer.
@@ -391,7 +391,7 @@ ready to be sent.
 The
 .Fn ibuf_write
 routine transmits as many pending buffers as possible from
-.Fn msgbuf
+.Fa msgbuf
 using
 .Xr writev 2 .
 It returns 1 if it succeeds, \-1 on error and 0 when no buffers were
Index: imsg_init.3
===
RCS file: /cvs/src/lib/libutil/imsg_init.3,v
retrieving revision 1.20
diff -u -p -r1.20 imsg_init.3
--- imsg_init.3	6 Dec 2017 12:07:08 -	1.20
+++ imsg_init.3	14 Feb 2018 14:42:26 -
@@ -181,17 +181,17 @@ returns a pointer to a new message if it
 .Pp
 .Fn imsg_add
 appends to
-.Fa imsg
-.Fa len
+.Fa ibuf
+.Fa datalen
 bytes of ancillary data pointed to by
-.Fa buf .
+.Fa data .
 It returns
 .Fa len
 if it succeeds, \-1 otherwise.
 .Pp
 .Fn imsg_close
 completes creation of
-.Fa imsg
+.Fa ibuf
 by adding it to
 .Fa imsgbuf
 output buffer.
@@ -391,7 +391,7 @@ ready to be sent.
 The
 .Fn ibuf_write
 routine transmits as many pending buffers as possible from
-.Fn msgbuf
+.Fa msgbuf
 using
 .Xr writev 2 .
 It returns 1 if it succeeds, \-1 on error and 0 when no buffers were

Re: deprecate sysctl net.inet.{etherip,gre,mobileip}.allow

[Stuart Henderson]

On 2018/02/14 18:05, David Gwynne wrote:
> i dont understand the usefulness of the sysctls to turn etherip,
> gre, and mobileip handling on. if you arent going to handle etherip,
> gre, or mobileip, just dont create interfaces to handle them.
> 
> for now, this dummies up handling of the sysctls by letting userland
> read that theyre allowed, but allow is readonly.

The etherip one is really "allow unprotected etherip" to give a foolproof
way of ensuring it only works over ipsec by default. (otherwise you need
to know about if-bound states in pf).

Re: signed overflow in atan2

[Tom Cosgrove]

>>> Eitan Adler 14-Feb-18 08:09 >>>
>
> Hi all,
>
> you may want the following patch. Previous discussion:
> https://lists.freebsd.org/pipermail/freebsd-numerics/2018-February/thread.html
>
> Original submission: https://github.com/freebsd/freebsd/pull/130
>
>
> ===
>
> As a component of atan2(y, x), the case of x == 1.0 is farmed out to
> atan(y). The current implementation of this comparison is vulnerable
> to signed integer underflow (that is, undefined behavior), and it's
> performed in a somewhat more complicated way than it need be. Change
> it to not be quite so cute, rather directly comparing the high/low
> bits of x to the specific IEEE-754 bit pattern that encodes 1.0.
>
> Note that while there are three different e_atan* files in the
> relevant directory, only this one needs fixing. e_atan2f.c already
> compares against the full bit pattern encoding 1.0f, while
> e_atan2l.cuses bitwise-ands/ors/nots and so doesn't require a change.
> ===
>
>
>
> Index: e_atan2.c
> ===
> RCS file: /cvs/src/lib/libm/src/e_atan2.c,v
> retrieving revision 1.13
> diff -u -r1.13 e_atan2.c
> --- e_atan2.c 12 Sep 2016 19:47:02 - 1.13
> +++ e_atan2.c 14 Feb 2018 08:06:05 -
> @@ -64,7 +64,7 @@
>   if(((ix|((lx|-lx)>>31))>0x7ff0)||
>  ((iy|((ly|-ly)>>31))>0x7ff0)) /* x or y is NaN */
>  return x+y;
> - if(((hx-0x3ff0)|lx)==0) return atan(y);   /* x=1.0 */
> + if(hx==0x3ff0&==0) return atan(y);   /* x=1.0 */

Wouldn't it work just as well, with fewer jumps, and match the original
intent, to replace the subtraction with xor?

 if(((hx^0x3ff0)|lx)==0) return atan(y);   /* x=1.0 */

>   m = ((hy>>31)&1)|((hx>>30)&2); /* 2*sign(x)+sign(y) */
>
>  /* when y = 0 */
>
>

Tom

signed overflow in atan2

[Eitan Adler]

Hi all,

you may want the following patch. Previous discussion:
https://lists.freebsd.org/pipermail/freebsd-numerics/2018-February/thread.html

Original submission: https://github.com/freebsd/freebsd/pull/130


===

As a component of atan2(y, x), the case of x == 1.0 is farmed out to
atan(y). The current implementation of this comparison is vulnerable
to signed integer underflow (that is, undefined behavior), and it's
performed in a somewhat more complicated way than it need be. Change
it to not be quite so cute, rather directly comparing the high/low
bits of x to the specific IEEE-754 bit pattern that encodes 1.0.

Note that while there are three different e_atan* files in the
relevant directory, only this one needs fixing. e_atan2f.c already
compares against the full bit pattern encoding 1.0f, while
e_atan2l.cuses bitwise-ands/ors/nots and so doesn't require a change.
===



Index: e_atan2.c
===
RCS file: /cvs/src/lib/libm/src/e_atan2.c,v
retrieving revision 1.13
diff -u -r1.13 e_atan2.c
--- e_atan2.c 12 Sep 2016 19:47:02 - 1.13
+++ e_atan2.c 14 Feb 2018 08:06:05 -
@@ -64,7 +64,7 @@
  if(((ix|((lx|-lx)>>31))>0x7ff0)||
 ((iy|((ly|-ly)>>31))>0x7ff0)) /* x or y is NaN */
 return x+y;
- if(((hx-0x3ff0)|lx)==0) return atan(y);   /* x=1.0 */
+ if(hx==0x3ff0&==0) return atan(y);   /* x=1.0 */
  m = ((hy>>31)&1)|((hx>>30)&2); /* 2*sign(x)+sign(y) */

 /* when y = 0 */


-- 
Eitan Adler

deprecate sysctl net.inet.{etherip,gre,mobileip}.allow

[David Gwynne]

i dont understand the usefulness of the sysctls to turn etherip,
gre, and mobileip handling on. if you arent going to handle etherip,
gre, or mobileip, just dont create interfaces to handle them.

for now, this dummies up handling of the sysctls by letting userland
read that theyre allowed, but allow is readonly.

ok?

Index: if_gre.c
===
RCS file: /cvs/src/sys/net/if_gre.c,v
retrieving revision 1.100
diff -u -p -r1.100 if_gre.c
--- if_gre.c12 Feb 2018 03:15:32 -  1.100
+++ if_gre.c14 Feb 2018 08:02:30 -
@@ -288,7 +288,6 @@ struct gre_list egre_list = TAILQ_HEAD_I
  * allowed as well.
  *
  */
-int gre_allow = 0;
 int gre_wccp = 0;
 
 void
@@ -495,9 +494,6 @@ gre_input_key(struct mbuf **mp, int *off
int mcast = 0;
int ttloff;
 
-   if (!gre_allow)
-   goto decline;
-
hlen = iphlen + sizeof(*gh);
if (m->m_pkthdr.len < hlen)
goto decline;
@@ -555,7 +551,11 @@ gre_input_key(struct mbuf **mp, int *off
key->t_rtableid = m->m_pkthdr.ph_rtableid;
 
switch (gh->gre_proto) {
-   case htons(GRE_WCCP):
+   case htons(GRE_WCCP): {
+   struct mbuf *n;
+   int off;
+   uint8_t v;
+
/* WCCP/GRE:
 *   So far as I can see (and test) it seems that Cisco's WCCP
 *   GRE tunnel is precisely a IP-in-GRE tunnel that differs
@@ -569,11 +569,19 @@ gre_input_key(struct mbuf **mp, int *off
 *   So yes, we're doing a fall-through (unless, of course,
 *   net.inet.gre.wccp is 0).
 */
+
+   n = m_getptr(m, hlen, );
+   if (n == NULL)
+   goto decline;
+
+   v = n->m_data[off];
+   if (v >> 4 != IPVERSION)
+   hlen += sizeof(gre_wccp);
+
switch (gre_wccp) {
case 1:
break;
case 2:
-   hlen += sizeof(gre_wccp);
break;
case 0:
default:
@@ -811,11 +819,6 @@ gre_output(struct ifnet *ifp, struct mbu
struct m_tag *mtag;
int error = 0;
 
-   if (!gre_allow) {
-   error = EACCES;
-   goto drop;
-   }
-
if (!ISSET(ifp->if_flags, IFF_RUNNING)) {
error = ENETDOWN;
goto drop;
@@ -964,9 +967,6 @@ egre_start(struct ifnet *ifp)
caddr_t if_bpf;
 #endif
 
-   if (!gre_allow)
-   ifq_purge(>if_snd);
-
while ((m0 = ifq_dequeue(>if_snd)) != NULL) {
 #if NBPFILTER > 0
if_bpf = ifp->if_bpf;
@@ -1691,10 +1691,7 @@ gre_sysctl(int *name, u_int namelen, voi
 
switch (name[0]) {
case GRECTL_ALLOW:
-   NET_LOCK();
-   error = sysctl_int(oldp, oldlenp, newp, newlen, _allow);
-   NET_UNLOCK();
-   return (error);
+   return (sysctl_rdint(oldp, oldlenp, newp, 1));
case GRECTL_WCCP:
NET_LOCK();
error = sysctl_int(oldp, oldlenp, newp, newlen, _wccp);
Index: if_etherip.c
===
RCS file: /cvs/src/sys/net/if_etherip.c,v
retrieving revision 1.35
diff -u -p -r1.35 if_etherip.c
--- if_etherip.c12 Feb 2018 01:43:42 -  1.35
+++ if_etherip.c14 Feb 2018 08:02:30 -
@@ -88,12 +88,6 @@ struct etherip_softc {
uint8_t sc_ttl;
 };
 
-/*
- * We can control the acceptance of EtherIP packets by altering the sysctl
- * net.inet.etherip.allow value. Zero means drop them, all else is acceptance.
- */
-int etherip_allow = 0;
-
 struct cpumem *etheripcounters;
 
 void etheripattach(int);
@@ -547,11 +541,6 @@ etherip_input(struct etherip_tunnel *key
struct ifnet *ifp;
struct etherip_header *eip;
 
-   if (!etherip_allow && (m->m_flags & (M_AUTH|M_CONF)) == 0) {
-   etheripstat_inc(etherips_pdrops);
-   goto drop;
-   }
-
key->t_rtableid = m->m_pkthdr.ph_rtableid;
 
NET_ASSERT_LOCKED();
@@ -696,10 +685,7 @@ etherip_sysctl(int *name, u_int namelen,
 
switch (name[0]) {
case ETHERIPCTL_ALLOW:
-   NET_LOCK();
-   error = sysctl_int(oldp, oldlenp, newp, newlen, _allow);
-   NET_UNLOCK();
-   return (error);
+   return (sysctl_rdint(oldp, oldlenp, newp, 1);
case ETHERIPCTL_STATS:
return (etherip_sysctl_etheripstat(oldp, oldlenp, newp));
default:
Index: if_mobileip.c
===
RCS file: /cvs/src/sys/net/if_mobileip.c,v
retrieving revision 1.7
diff -u -p -r1.7 if_mobileip.c
--- if_mobileip.c   12 Feb 2018 02:55:40 -  1.7
+++ if_mobileip.c   14 Feb 2018 08:02:30 -
@@ 

Re: Remove DM* modem control commands

[Martin Pieuchot]

On 14/02/18(Wed) 00:48, Tobias Ulmer wrote:
> Remove the ancient tty.h DMSET etc. modem control commands. They're confusing
> to someone without the historical background. No documentation doesn't help
> either.
> 
> TIOCM* serve the same purpose, are documented in tty(4) and the various *ctl()
> functions use the TTYCM_ register definitions, making this mix particularly 
> odd
> looking.
> 
> I've modified the *ctl() functions to use the same type and name as ioctl for
> clarity and correctness. Not strictly necessary, but makes me sleep better :)
> 
> Tested lightly on sparc64. sab still works. No luna88k, sorry.
> 
> 
> ## Background blah blah, skip if you just don't care :)
> 
> I've noticed these odd DM{SET,GET,BIC,BIS} constants in serial drivers all
> over the place and got curious. What do they mean?
> 
> Turns out, "DM" is a bolt-in add-on modem by DEC you would connect to
> your DH-11, apparently a 16 port serial port multiplexer for your VAX or
> PDP-11. As far as I can tell, the drivers were last included in 4.3BSD.
> You grey beards correct me on this.
> 
> The DM constants and the dmctl() function to manipulate the modem
> control register were added to dh in 1980 in order to support this fancy
> new modem.
> 
> Since then, just about every BSD serial driver has copied the basic structure,
> spreading DM* absolutely everywhere.
> 
> In 1982, Bill Shannon wanted to play with this control register in userspace
> (tip) and the ioctl interface was expanded by TIOCM{SET,GET,BIS,BIC}, hard
> coding the interface and register layout of that modem family for decades to 
> come.
> 
> dh gains dm support:
> https://github.com/weiss/original-bsd/commit/b47c3865305da4a404343aeedf0e3561071aae10
> 
> TIOCM modem control register bits show up:
> https://github.com/weiss/original-bsd/commit/d9d9928137170ec2f49e62509b12d012cac154de
> https://github.com/weiss/original-bsd/commit/c849aa74bd3aaa1d644d74d9628ba0e1be028e1a
> 
> http://gunkies.org/wiki/DH11_asynchronous_serial_line_interface
> http://bitsavers.trailing-edge.com/pdf/dec/unibus/ datasheets..
> 
> Who needs TV when you can dig up amusing trivia about early BSD development!

Your diff contains a duplicated chunk: the one in sys/tty.h.

No software on codesearch.debian.net rely on the defines you're removing,
so ok with me :)

> Index: sys/tty.h
> ===
> RCS file: /home/vcs/cvs/openbsd/src/sys/sys/tty.h,v
> retrieving revision 1.37
> diff -u -p -r1.37 tty.h
> --- sys/tty.h 24 May 2016 16:09:07 -  1.37
> +++ sys/tty.h 13 Feb 2018 20:39:54 -
> @@ -215,12 +215,6 @@ struct speedtab {
>   int sp_code;/* Code. */
>  };
>  
> -/* Modem control commands (driver). */
> -#define  DMSET   0
> -#define  DMBIS   1
> -#define  DMBIC   2
> -#define  DMGET   3
> -
>  /* Flags on a character passed to ttyinput. */
>  #define  TTY_CHARMASK0x00ff  /* Character mask */
>  #define  TTY_QUOTE   0x0100  /* Character quoted */
>  
> Index: arch/armv7/exynos/exuart.c
> ===
> RCS file: /home/vcs/cvs/openbsd/src/sys/arch/armv7/exynos/exuart.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 exuart.c
> --- arch/armv7/exynos/exuart.c27 Oct 2017 11:23:28 -  1.13
> +++ arch/armv7/exynos/exuart.c13 Feb 2018 20:38:56 -
> @@ -784,37 +784,37 @@ exuartioctl( dev_t dev, u_long cmd, cadd
>  
>   case TIOCSDTR:
>  #if 0
> - (void) clmctl(dev, TIOCM_DTR | TIOCM_RTS, DMBIS);
> + (void) clmctl(dev, TIOCM_DTR | TIOCM_RTS, TIOCMBIS);
>  #endif
>   break;
>  
>   case TIOCCDTR:
>  #if 0
> - (void) clmctl(dev, TIOCM_DTR | TIOCM_RTS, DMBIC);
> + (void) clmctl(dev, TIOCM_DTR | TIOCM_RTS, TIOCMBIC);
>  #endif
>   break;
>  
>   case TIOCMSET:
>  #if 0
> - (void) clmctl(dev, *(int *) data, DMSET);
> + (void) clmctl(dev, *(int *) data, TIOCMSET);
>  #endif
>   break;
>  
>   case TIOCMBIS:
>  #if 0
> - (void) clmctl(dev, *(int *) data, DMBIS);
> + (void) clmctl(dev, *(int *) data, TIOCMBIS);
>  #endif
>   break;
>  
>   case TIOCMBIC:
>  #if 0
> - (void) clmctl(dev, *(int *) data, DMBIC);
> + (void) clmctl(dev, *(int *) data, TIOCMBIC);
>  #endif
>   break;
>  
>  case TIOCMGET:
>  #if 0
> - *(int *)data = clmctl(dev, 0, DMGET);
> + *(int *)data = clmctl(dev, 0, TIOCMGET);
>  #endif
>   break;
>  
> Index: arch/armv7/imx/imxuart.c
> ===
> RCS file: /home/vcs/cvs/openbsd/src/sys/arch/armv7/imx/imxuart.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 imxuart.c
> --- arch/armv7/imx/imxuart.c  30 Dec 2017 13:34:56 -  1.17
> +++