Re: vmd: set dhcp hostname option during netboot
On Tue, Dec 11, 2018 at 08:08:38AM +0100, Anton Lindqvist wrote:
> On Mon, Dec 10, 2018 at 09:40:41PM -0800, Mike Larkin wrote:
> > On Mon, Dec 10, 2018 at 07:27:40PM -0800, Carlos Cardenas wrote:
> > > On Sat, Dec 08, 2018 at 10:13:47AM +0100, Anton Lindqvist wrote:
> > > > Hi,
> > > > I've been trying out the new fake netboot feature in vmd. Overall, a
> > > > great addition that removed the need for me to run dhcpd/rebound locally
> > > > to achieve auto install. It would be convenient if the DHCP lease
> > > > included a hostname inferred from the VM name in order to use dedicated
> > > > response files for different VMs. Maybe this is a behavior that
> > > > shouldn't be limited to just netboot? The res_hnok() validation is
> > > > borrowed from dhclient.
> > > >
> > > > Comments? OK?
> > >
> > > This is a cool idea.
> > >
> > > ok ccardenas@
> > >
> > > +--+
> > > Carlos
> > >
> >
> > I am not opposed to this, but doesn't this assume that the vm name is
> > the same as the desired hostname? (maybe that's ok?)
>
> Not necessarily. The DHCP hostname is used to construct one of the URLs
> used to probe for install.conf during autoinstall. The same hostname
> will also be used as the default answer to the "System hostname"
> question. Thus, the desired hostname can be overwritten in install.conf.
> Also worth noting is that the final hostname written to /etc/myname is
> joined together with the answer to the "DNS domain name" question.
>
I see. No objections here, I'll let you decide if you want to wait for
reyk to comment.
-ml
> >
> > reyk@, what do you think?
> >
> > -ml
> >
> > > >
> > > > Index: dhcp.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
> > > > retrieving revision 1.7
> > > > diff -u -p -r1.7 dhcp.c
> > > > --- dhcp.c 6 Dec 2018 09:20:06 - 1.7
> > > > +++ dhcp.c 8 Dec 2018 09:04:33 -
> > > > @@ -24,6 +24,7 @@
> > > > #include
> > > > #include
> > > >
> > > > +#include
> > > > #include
> > > > #include
> > > > #include
> > > > @@ -44,8 +45,10 @@ dhcp_request(struct vionet_dev *dev, cha
> > > > struct packet_ctxpc;
> > > > struct dhcp_packet req, resp;
> > > > struct in_addr server_addr, mask, client_addr,
> > > > requested_addr;
> > > > - size_t resplen, o;
> > > > + size_t len, resplen, o;
> > > > uint32_t ltime;
> > > > + struct vmd_vm *vm;
> > > > + const char *hostname = NULL;
> > > >
> > > > if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct
> > > > ether_header)))
> > > > return (-1);
> > > > @@ -108,8 +111,12 @@ dhcp_request(struct vionet_dev *dev, cha
> > > > resp.hlen = req.hlen;
> > > > resp.xid = req.xid;
> > > >
> > > > - if (dev->pxeboot)
> > > > + if (dev->pxeboot) {
> > > > strlcpy(resp.file, "auto_install", sizeof resp.file);
> > > > + vm = vm_getbyvmid(dev->vm_vmid);
> > > > + if (vm && res_hnok(vm->vm_params.vmc_params.vcp_name))
> > > > + hostname = vm->vm_params.vmc_params.vcp_name;
> > > > + }
> > > >
> > > > if ((client_addr.s_addr =
> > > > vm_priv_addr(>vmd_cfg,
> > > > @@ -205,6 +212,14 @@ dhcp_request(struct vionet_dev *dev, cha
> > > > resp.options[o++] = sizeof(server_addr);
> > > > memcpy([o], _addr, sizeof(server_addr));
> > > > o += sizeof(server_addr);
> > > > +
> > > > + if (hostname != NULL) {
> > > > + len = strlen(hostname);
> > > > + resp.options[o++] = DHO_HOST_NAME;
> > > > + resp.options[o++] = len;
> > > > + memcpy([o], hostname, len);
> > > > + o += len;
> > > > + }
> > > >
> > > > resp.options[o++] = DHO_END;
> > > >
> > > >
> > >
>
Re: vmd: set dhcp hostname option during netboot
On Mon, Dec 10, 2018 at 09:40:41PM -0800, Mike Larkin wrote:
> On Mon, Dec 10, 2018 at 07:27:40PM -0800, Carlos Cardenas wrote:
> > On Sat, Dec 08, 2018 at 10:13:47AM +0100, Anton Lindqvist wrote:
> > > Hi,
> > > I've been trying out the new fake netboot feature in vmd. Overall, a
> > > great addition that removed the need for me to run dhcpd/rebound locally
> > > to achieve auto install. It would be convenient if the DHCP lease
> > > included a hostname inferred from the VM name in order to use dedicated
> > > response files for different VMs. Maybe this is a behavior that
> > > shouldn't be limited to just netboot? The res_hnok() validation is
> > > borrowed from dhclient.
> > >
> > > Comments? OK?
> >
> > This is a cool idea.
> >
> > ok ccardenas@
> >
> > +--+
> > Carlos
> >
>
> I am not opposed to this, but doesn't this assume that the vm name is
> the same as the desired hostname? (maybe that's ok?)
Not necessarily. The DHCP hostname is used to construct one of the URLs
used to probe for install.conf during autoinstall. The same hostname
will also be used as the default answer to the "System hostname"
question. Thus, the desired hostname can be overwritten in install.conf.
Also worth noting is that the final hostname written to /etc/myname is
joined together with the answer to the "DNS domain name" question.
>
> reyk@, what do you think?
>
> -ml
>
> > >
> > > Index: dhcp.c
> > > ===
> > > RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
> > > retrieving revision 1.7
> > > diff -u -p -r1.7 dhcp.c
> > > --- dhcp.c6 Dec 2018 09:20:06 - 1.7
> > > +++ dhcp.c8 Dec 2018 09:04:33 -
> > > @@ -24,6 +24,7 @@
> > > #include
> > > #include
> > >
> > > +#include
> > > #include
> > > #include
> > > #include
> > > @@ -44,8 +45,10 @@ dhcp_request(struct vionet_dev *dev, cha
> > > struct packet_ctxpc;
> > > struct dhcp_packet req, resp;
> > > struct in_addr server_addr, mask, client_addr, requested_addr;
> > > - size_t resplen, o;
> > > + size_t len, resplen, o;
> > > uint32_t ltime;
> > > + struct vmd_vm *vm;
> > > + const char *hostname = NULL;
> > >
> > > if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header)))
> > > return (-1);
> > > @@ -108,8 +111,12 @@ dhcp_request(struct vionet_dev *dev, cha
> > > resp.hlen = req.hlen;
> > > resp.xid = req.xid;
> > >
> > > - if (dev->pxeboot)
> > > + if (dev->pxeboot) {
> > > strlcpy(resp.file, "auto_install", sizeof resp.file);
> > > + vm = vm_getbyvmid(dev->vm_vmid);
> > > + if (vm && res_hnok(vm->vm_params.vmc_params.vcp_name))
> > > + hostname = vm->vm_params.vmc_params.vcp_name;
> > > + }
> > >
> > > if ((client_addr.s_addr =
> > > vm_priv_addr(>vmd_cfg,
> > > @@ -205,6 +212,14 @@ dhcp_request(struct vionet_dev *dev, cha
> > > resp.options[o++] = sizeof(server_addr);
> > > memcpy([o], _addr, sizeof(server_addr));
> > > o += sizeof(server_addr);
> > > +
> > > + if (hostname != NULL) {
> > > + len = strlen(hostname);
> > > + resp.options[o++] = DHO_HOST_NAME;
> > > + resp.options[o++] = len;
> > > + memcpy([o], hostname, len);
> > > + o += len;
> > > + }
> > >
> > > resp.options[o++] = DHO_END;
> > >
> > >
> >
Re: add more bootdevices to vmctl
On Mon, Dec 10, 2018 at 10:35:23PM +0100, Claudio Jeker wrote:
> Now that fw_cfg support is in vmd it makes sense to have -B disk
> and -B cdrom. Also error out if the option is not known.
>
> This allows to use -B cdrom to force booting from the cdrom disk image
> e.g. to update the VM image.
> --
> :wq Claudio
>
I think you received sufficient oks, but ok mlarkin@ nonetheless.
-ml
> Index: main.c
> ===
> RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 main.c
> --- main.c6 Dec 2018 09:23:15 - 1.50
> +++ main.c8 Dec 2018 06:59:17 -
> @@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
> case 'B':
> if (res->bootdevice)
> errx(1, "boot device specified multiple times");
> - if (strcmp("net", optarg) == 0)
> + if (strcmp("disk", optarg) == 0)
> + res->bootdevice = VMBOOTDEV_DISK;
> + else if (strcmp("cdrom", optarg) == 0)
> + res->bootdevice = VMBOOTDEV_CDROM;
> + else if (strcmp("net", optarg) == 0)
> res->bootdevice = VMBOOTDEV_NET;
> + else
> + errx(1, "unknown boot device %s", optarg);
> break;
> case 'r':
> if (res->isopath)
>
Re: vmd: set dhcp hostname option during netboot
On Mon, Dec 10, 2018 at 07:27:40PM -0800, Carlos Cardenas wrote:
> On Sat, Dec 08, 2018 at 10:13:47AM +0100, Anton Lindqvist wrote:
> > Hi,
> > I've been trying out the new fake netboot feature in vmd. Overall, a
> > great addition that removed the need for me to run dhcpd/rebound locally
> > to achieve auto install. It would be convenient if the DHCP lease
> > included a hostname inferred from the VM name in order to use dedicated
> > response files for different VMs. Maybe this is a behavior that
> > shouldn't be limited to just netboot? The res_hnok() validation is
> > borrowed from dhclient.
> >
> > Comments? OK?
>
> This is a cool idea.
>
> ok ccardenas@
>
> +--+
> Carlos
>
I am not opposed to this, but doesn't this assume that the vm name is
the same as the desired hostname? (maybe that's ok?)
reyk@, what do you think?
-ml
> >
> > Index: dhcp.c
> > ===
> > RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
> > retrieving revision 1.7
> > diff -u -p -r1.7 dhcp.c
> > --- dhcp.c 6 Dec 2018 09:20:06 - 1.7
> > +++ dhcp.c 8 Dec 2018 09:04:33 -
> > @@ -24,6 +24,7 @@
> > #include
> > #include
> >
> > +#include
> > #include
> > #include
> > #include
> > @@ -44,8 +45,10 @@ dhcp_request(struct vionet_dev *dev, cha
> > struct packet_ctxpc;
> > struct dhcp_packet req, resp;
> > struct in_addr server_addr, mask, client_addr, requested_addr;
> > - size_t resplen, o;
> > + size_t len, resplen, o;
> > uint32_t ltime;
> > + struct vmd_vm *vm;
> > + const char *hostname = NULL;
> >
> > if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header)))
> > return (-1);
> > @@ -108,8 +111,12 @@ dhcp_request(struct vionet_dev *dev, cha
> > resp.hlen = req.hlen;
> > resp.xid = req.xid;
> >
> > - if (dev->pxeboot)
> > + if (dev->pxeboot) {
> > strlcpy(resp.file, "auto_install", sizeof resp.file);
> > + vm = vm_getbyvmid(dev->vm_vmid);
> > + if (vm && res_hnok(vm->vm_params.vmc_params.vcp_name))
> > + hostname = vm->vm_params.vmc_params.vcp_name;
> > + }
> >
> > if ((client_addr.s_addr =
> > vm_priv_addr(>vmd_cfg,
> > @@ -205,6 +212,14 @@ dhcp_request(struct vionet_dev *dev, cha
> > resp.options[o++] = sizeof(server_addr);
> > memcpy([o], _addr, sizeof(server_addr));
> > o += sizeof(server_addr);
> > +
> > + if (hostname != NULL) {
> > + len = strlen(hostname);
> > + resp.options[o++] = DHO_HOST_NAME;
> > + resp.options[o++] = len;
> > + memcpy([o], hostname, len);
> > + o += len;
> > + }
> >
> > resp.options[o++] = DHO_END;
> >
> >
>
Re: vmd: set dhcp hostname option during netboot
On Sat, Dec 08, 2018 at 10:13:47AM +0100, Anton Lindqvist wrote:
> Hi,
> I've been trying out the new fake netboot feature in vmd. Overall, a
> great addition that removed the need for me to run dhcpd/rebound locally
> to achieve auto install. It would be convenient if the DHCP lease
> included a hostname inferred from the VM name in order to use dedicated
> response files for different VMs. Maybe this is a behavior that
> shouldn't be limited to just netboot? The res_hnok() validation is
> borrowed from dhclient.
>
> Comments? OK?
This is a cool idea.
ok ccardenas@
+--+
Carlos
>
> Index: dhcp.c
> ===
> RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 dhcp.c
> --- dhcp.c6 Dec 2018 09:20:06 - 1.7
> +++ dhcp.c8 Dec 2018 09:04:33 -
> @@ -24,6 +24,7 @@
> #include
> #include
>
> +#include
> #include
> #include
> #include
> @@ -44,8 +45,10 @@ dhcp_request(struct vionet_dev *dev, cha
> struct packet_ctxpc;
> struct dhcp_packet req, resp;
> struct in_addr server_addr, mask, client_addr, requested_addr;
> - size_t resplen, o;
> + size_t len, resplen, o;
> uint32_t ltime;
> + struct vmd_vm *vm;
> + const char *hostname = NULL;
>
> if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header)))
> return (-1);
> @@ -108,8 +111,12 @@ dhcp_request(struct vionet_dev *dev, cha
> resp.hlen = req.hlen;
> resp.xid = req.xid;
>
> - if (dev->pxeboot)
> + if (dev->pxeboot) {
> strlcpy(resp.file, "auto_install", sizeof resp.file);
> + vm = vm_getbyvmid(dev->vm_vmid);
> + if (vm && res_hnok(vm->vm_params.vmc_params.vcp_name))
> + hostname = vm->vm_params.vmc_params.vcp_name;
> + }
>
> if ((client_addr.s_addr =
> vm_priv_addr(>vmd_cfg,
> @@ -205,6 +212,14 @@ dhcp_request(struct vionet_dev *dev, cha
> resp.options[o++] = sizeof(server_addr);
> memcpy([o], _addr, sizeof(server_addr));
> o += sizeof(server_addr);
> +
> + if (hostname != NULL) {
> + len = strlen(hostname);
> + resp.options[o++] = DHO_HOST_NAME;
> + resp.options[o++] = len;
> + memcpy([o], hostname, len);
> + o += len;
> + }
>
> resp.options[o++] = DHO_END;
>
>
opt-in per cpu counters for interfaces
if vlan will be allowed to bypass its ifq when outputting packets, it
will still need to count them. if this potential vlan_output exists, it
will support being called concurrently in the system, so we need some
way of counting concurrently.
this adds per cpu counters to struct ifnet. interfaces that want them
can allocate them, and then the interface get data ioctl will look at
them and add them into the numbers collected by the ifqs and the
interface itself.
ok?
Index: if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.568
diff -u -p -r1.568 if.c
--- if.c29 Nov 2018 00:11:49 - 1.568
+++ if.c11 Dec 2018 01:40:40 -
@@ -84,6 +84,7 @@
#include
#include
#include
+#include
#include
#include
@@ -1103,6 +1104,9 @@ if_detach(struct ifnet *ifp)
splx(s);
NET_UNLOCK();
+ if (ifp->if_counters != NULL)
+ if_counters_free(ifp);
+
for (i = 0; i < ifp->if_nifqs; i++)
ifq_destroy(ifp->if_ifqs[i]);
if (ifp->if_ifqs != ifp->if_snd.ifq_ifqs) {
@@ -2362,11 +2366,47 @@ ifconf(caddr_t data)
}
void
+if_counters_alloc(struct ifnet *ifp)
+{
+ KASSERT(ifp->if_counters == NULL);
+
+ ifp->if_counters = counters_alloc(ifc_ncounters);
+}
+
+void
+if_counters_free(struct ifnet *ifp)
+{
+ KASSERT(ifp->if_counters != NULL);
+
+ counters_free(ifp->if_counters, ifc_ncounters);
+ ifp->if_counters = NULL;
+}
+
+void
if_getdata(struct ifnet *ifp, struct if_data *data)
{
unsigned int i;
*data = ifp->if_data;
+
+ if (ifp->if_counters != NULL) {
+ uint64_t counters[ifc_ncounters];
+
+ counters_read(ifp->if_counters, counters, nitems(counters));
+
+ data->ifi_ipackets += counters[ifc_ipackets];
+ data->ifi_ierrors += counters[ifc_ierrors];
+ data->ifi_opackets += counters[ifc_opackets];
+ data->ifi_oerrors += counters[ifc_oerrors];
+ data->ifi_collisions += counters[ifc_collisions];
+ data->ifi_ibytes += counters[ifc_ibytes];
+ data->ifi_obytes += counters[ifc_obytes];
+ data->ifi_imcasts += counters[ifc_imcasts];
+ data->ifi_omcasts += counters[ifc_omcasts];
+ data->ifi_iqdrops += counters[ifc_iqdrops];
+ data->ifi_oqdrops += counters[ifc_oqdrops];
+ data->ifi_noproto += counters[ifc_noproto];
+ }
for (i = 0; i < ifp->if_nifqs; i++) {
struct ifqueue *ifq = ifp->if_ifqs[i];
Index: if_var.h
===
RCS file: /cvs/src/sys/net/if_var.h,v
retrieving revision 1.90
diff -u -p -r1.90 if_var.h
--- if_var.h10 Sep 2018 16:18:34 - 1.90
+++ if_var.h11 Dec 2018 01:40:40 -
@@ -76,6 +76,7 @@
struct rtentry;
struct ifnet;
struct task;
+struct cpumem;
/*
* Structure describing a `cloning' interface.
@@ -144,6 +145,7 @@ struct ifnet { /* and the
entries */
unsigned short if_flags;/* [N] up/down, broadcast, etc. */
int if_xflags; /* [N] extra softnet flags */
struct if_data if_data;/* stats and other data about if */
+ struct cpumem *if_counters;/* per cpu stats */
uint32_t if_hardmtu;/* [d] maximum MTU device supports */
charif_description[IFDESCRSIZE]; /* [c] interface description */
u_short if_rtlabelid; /* [c] next route label */
@@ -202,6 +204,23 @@ struct ifnet { /* and the
entries */
#defineif_capabilities if_data.ifi_capabilities
#defineif_rdomain if_data.ifi_rdomain
+enum if_counters {
+ ifc_ipackets, /* packets received on interface */
+ ifc_ierrors,/* input errors on interface */
+ ifc_opackets, /* packets sent on interface */
+ ifc_oerrors,/* output errors on interface */
+ ifc_collisions, /* collisions on csma interfaces */
+ ifc_ibytes, /* total number of octets received */
+ ifc_obytes, /* total number of octets sent */
+ ifc_imcasts,/* packets received via multicast */
+ ifc_omcasts,/* packets sent via multicast */
+ ifc_iqdrops,/* dropped on input, this interface */
+ ifc_oqdrops,/* dropped on output, this interface */
+ ifc_noproto,/* destined for unsupported protocol */
+
+ ifc_ncounters
+};
+
/*
* The ifaddr structure contains information about one address
* of an interface. They are maintained by the different address families,
@@ -356,6 +375,9 @@ u_int if_rxr_get(struct if_rxring *, u_i
intif_rxr_info_ioctl(struct if_rxrinfo *, u_int, struct if_rxring_info
Re: add more bootdevices to vmctl
On Mon, Dec 10, 2018 at 11:30:05PM +0100, Claudio Jeker wrote:
> On Mon, Dec 10, 2018 at 02:28:48PM -0800, Carlos Cardenas wrote:
> > On Mon, Dec 10, 2018 at 10:38:56PM +0100, Reyk Floeter wrote:
> > > OK reyk@
> > >
> > > Please think about the manpage.
> > >
> > > > Am 10.12.2018 um 22:35 schrieb Claudio Jeker :
> > > >
> > > > Now that fw_cfg support is in vmd it makes sense to have -B disk
> > > > and -B cdrom. Also error out if the option is not known.
> > > >
> > > > This allows to use -B cdrom to force booting from the cdrom disk image
> > > > e.g. to update the VM image.
> > > > --
> > > > :wq Claudio
> >
> > Same comments as reyk@ .
> >
> > ok ccardenas@ when man page has been updated.
> >
>
> Here the diff with man page update.
ok ccardenas@
+--+
Carlos
>
> --
> :wq Claudio
>
> Index: main.c
> ===
> RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 main.c
> --- main.c6 Dec 2018 09:23:15 - 1.50
> +++ main.c8 Dec 2018 06:59:17 -
> @@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
> case 'B':
> if (res->bootdevice)
> errx(1, "boot device specified multiple times");
> - if (strcmp("net", optarg) == 0)
> + if (strcmp("disk", optarg) == 0)
> + res->bootdevice = VMBOOTDEV_DISK;
> + else if (strcmp("cdrom", optarg) == 0)
> + res->bootdevice = VMBOOTDEV_CDROM;
> + else if (strcmp("net", optarg) == 0)
> res->bootdevice = VMBOOTDEV_NET;
> + else
> + errx(1, "unknown boot device %s", optarg);
> break;
> case 'r':
> if (res->isopath)
> Index: vmctl.8
> ===
> RCS file: /cvs/src/usr.sbin/vmctl/vmctl.8,v
> retrieving revision 1.56
> diff -u -p -r1.56 vmctl.8
> --- vmctl.8 6 Dec 2018 09:23:15 - 1.56
> +++ vmctl.8 10 Dec 2018 21:59:25 -
> @@ -160,14 +160,27 @@ Boot the VM with the specified kernel or
> If not specified, the default is to boot using the BIOS image in
> .Pa /etc/firmware/vmm-bios .
> .It Fl B Ar device
> -Force system to boot from the specified device for the next boot.
> +Force system to boot from the specified device.
> .Ar device
> -can be set to
> +can be set to:
> +.Pp
> +.Bl -tag -width "cdrom" -compact
> +.It Ar disk
> +boot from disk.
> +.It Ar cdrom
> +boot the CD-ROM image.
> +.It Ar net
> +perform a PXE boot using the first network interface.
> +.El
> +Currently
> .Ar net
> -to perform a PXE boot using the first network interface.
> -Currently only supported when starting the VM with
> +is only supported when booting a kernel using the
> .Fl b
> -specifying a kernel image.
> +flag while
> +.Ar disk
> +and
> +.Ar cdrom
> +only work with BIOS images.
> .It Fl c
> Automatically connect to the VM console.
> .It Fl d Ar disk
Re: allow weak passwd
> From: "Ted Unangst"
> Date: Mon, 10 Dec 2018 14:14:08 -0500
> Content-Type: text/plain; charset=utf-8
>
> So I was actually looking at the passwd check rules because I wanted
> to add a flag to disable the 3 bad passwords then ok whatever.
>
> This adds passwd -w to allow user to skip the default 3 warnings and
> just do what they want. If, by chance, you have configured warnings
> in login.conf then they can't override that.
What is the motivation for this diff?
> Index: passwd.1
> ===
> RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
> retrieving revision 1.45
> diff -u -p -r1.45 passwd.1
> --- passwd.1 19 Aug 2016 10:57:24 - 1.45
> +++ passwd.1 10 Dec 2018 19:09:55 -
> @@ -62,6 +62,9 @@ checking program via the
> .Dq passwordcheck
> variable in
> .Xr login.conf 5 .
> +The
> +.Fl w
> +option can be used to disable the default checks and permit weak passwords.
> .Pp
> The superuser is not required to provide a user's current password
> if only the local password is modified.
> Index: passwd.c
> ===
> RCS file: /cvs/src/usr.bin/passwd/passwd.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 passwd.c
> --- passwd.c 26 Nov 2015 19:01:47 - 1.27
> +++ passwd.c 10 Dec 2018 19:08:41 -
> @@ -38,6 +38,8 @@
> extern int local_passwd(char *, int);
> void usage(int retval);
>
> +int allowweak;
> +
> int
> main(int argc, char **argv)
> {
> @@ -46,8 +48,11 @@ main(int argc, char **argv)
> int ch;
>
> /* Process args and options */
> - while ((ch = getopt(argc, argv, "")) != -1)
> + while ((ch = getopt(argc, argv, "w")) != -1)
> switch (ch) {
> + case 'w':
> + allowweak = 1;
> + break;
> default:
> usage(1);
> }
> @@ -77,6 +82,6 @@ main(int argc, char **argv)
> void
> usage(int retval)
> {
> - fprintf(stderr, "usage: passwd [user]\n");
> + fprintf(stderr, "usage: passwd [-w] [user]\n");
> exit(retval);
> }
> Index: pwd_check.c
> ===
> RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 pwd_check.c
> --- pwd_check.c 21 Aug 2017 21:41:13 - 1.16
> +++ pwd_check.c 10 Dec 2018 19:07:51 -
> @@ -49,6 +49,8 @@
> int pwd_check(login_cap_t *, char *);
> int pwd_gettries(login_cap_t *);
>
> +extern int allowweak;
> +
> struct pattern {
> char *match;
> int flags;
> @@ -218,5 +220,7 @@ pwd_gettries(login_cap_t *lc)
>* password checks, it will no longer be checked and they can set
>* it to whatever they like. This is the historic BSD behavior.
>*/
> + if (allowweak)
> + return (-1);
> return (3);
> }
>
>
Re: Importing FreeBSD eMMC code
Here is my 6.4_amd64 dmesg generated from a usb thumb drive with OpenBSD installed. OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8128622592 (7752MB) avail mem = 7872995328 (7508MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe66f0 (36 entries) bios0: vendor Insyde version "F.01" date 05/03/2018 bios0: HP HP Stream Laptop 14-cb1XX acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP UEFI IHIS UEFI SSDT SSDT MSDM BDAT DBG2 DBGP HPET LPIT APIC MCFG NPKT PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT FPDT WDAT acpi0: wakeup devices PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) XHC_(S4) HDAS(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz, 1097.35 MHz, 06-7a-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 19MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.4.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz, 1096.98 MHz, 06-7a-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 1 (RP05) acpiprt6 at acpi0: bus -1 (RP06) acpiec0 at acpi0 ### AML PARSE ERROR (0x4cd5): Undefined name: SMA4 error evaluating: \\_SB_.PCI0.LPCB.EC0_._REG acpiec _REG failed, broken BIOS acpipwrres0 at acpi0: DRST acpipwrres1 at acpi0: DRST acpipwrres2 at acpi0: DRST acpipwrres3 at acpi0: DRST acpipwrres4 at acpi0: DRST acpipwrres5 at acpi0: DRST acpicpu0 at acpi0: C3(10@150 mwait.1@0x60), C2(10@50 mwait.1@0x21), C1(1000@1 mwait.1@0x1), PSS acpicpu1 at acpi0: C3(10@150 mwait.1@0x60), C2(10@50 mwait.1@0x21), C1(1000@1 mwait.1@0x1), PSS acpitz0 at acpi0: critical temperature is 210 degC acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibat0 at acpi0: BAT0 model "Primary" serial type LION oem "HP" "HPQ6001" at acpi0 not configured "HPIC0003" at acpi0 not configured "*ETD0742" at acpi0 not configured acpicmos0 at acpi0 "INT3453" at acpi0 not configured "INT0E0C" at acpi0 not configured "INT33A1" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT3400" at acpi0 not configured "INT3403" at acpi0 not configured acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F cpu0: Enhanced SpeedStep 1097 MHz: speeds: 1101, 1100, 1000, 900, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x31f0 rev 0x03 vendor "Intel", unknown product 0x318c (class DASP subclass miscellaneous, rev 0x03) at pci0 dev 0 function 1 not configured vendor "Intel", unknown product 0x3190 (class system subclass miscellaneous, rev 0x03) at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 vendor "Intel", unknown product 0x3185 rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product 0x3198 rev 0x03: msi azalia0: codecs: Realtek ALC282, Intel/0x280d, using Realtek ALC282 audio0 at azalia0 vendor "Intel", unknown product 0x319a (class communications subclass miscellaneous, rev 0x03) at pci0 dev 15 function 0 not configured ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x31da rev 0xf3: msi pci1 at ppb0 bus 1 vendor "Realtek", unknown product 0xb822 (class network subclass miscellaneous, rev 0x00) at pci1 dev 0 function 0 not configured xhci0 at pci0 dev 21 function 0 vendor "Intel",
Re: make build as root fails when SUDO=doas
On Mon, Dec 10, 2018 at 01:33:49PM +0100, Solene Rapenne wrote:
> hi
>
> I have SUDO=doas in /etc/mk.conf for ports, this is preventing a `make build`
> in /usr/src as root if /etc/doas.conf doesn't have a line "permit nopass root
> as root". This fails when using "doas" in regress/usr/bin/ssh/
>
> doas: Operation not permitted
> *** Error 1 in regress/usr.bin/ssh (Makefile:212 'clean')
> *** Error 1 in regress/usr.bin (:48 'cleandir')
> *** Error 1 in regress (:48 'cleandir')
> *** Error 1 in . (:48 'cleandir')
> *** Error 1 in . (Makefile:86 'do-build')
> *** Error 1 in /usr/src (Makefile:74 'build')
>
>
> the issue comes from the 3rd line of that extract from Makefile:212
>
> clean: ${CLEAN_SUBDIR}
> rm -f ${CLEANFILES}
> test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
> rm -rf .putty
>
> Not sure how to fix it. Maybe people shouldn't try to compile as root when
> having SUDO=doas set and then, it's not an issue anymore?
There are several possibilities:
- add a test similar to the one in src/Makefile, e.g., not run
sudo if you're root already (relatively complicated for no obvious benefit)
- try to remove the files normally first
rm -f ${SUDO_CLEAN} || test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
this should actually fix the issue.
Any other directory with that problem ?
Re: make build as root fails when SUDO=doas
On 2018/12/10 23:28, Marc Espie wrote:
> On Mon, Dec 10, 2018 at 08:17:04PM +0100, Anton Lindqvist wrote:
> > On Mon, Dec 10, 2018 at 01:33:49PM +0100, Solene Rapenne wrote:
> > > hi
> > >
> > > I have SUDO=doas in /etc/mk.conf for ports, this is preventing a `make
> > > build`
> > > in /usr/src as root if /etc/doas.conf doesn't have a line "permit nopass
> > > root
> > > as root". This fails when using "doas" in regress/usr/bin/ssh/
> > >
> > > doas: Operation not permitted
> > > *** Error 1 in regress/usr.bin/ssh (Makefile:212 'clean')
> > > *** Error 1 in regress/usr.bin (:48 'cleandir')
> > > *** Error 1 in regress (:48 'cleandir')
> > > *** Error 1 in . (:48 'cleandir')
> > > *** Error 1 in . (Makefile:86 'do-build')
> > > *** Error 1 in /usr/src (Makefile:74 'build')
> > >
> > >
> > > the issue comes from the 3rd line of that extract from Makefile:212
> > >
> > > clean: ${CLEAN_SUBDIR}
> > > rm -f ${CLEANFILES}
> > > test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
> > > rm -rf .putty
> > >
> > > Not sure how to fix it. Maybe people shouldn't try to compile as root when
> > > having SUDO=doas set and then, it's not an issue anymore?
> >
> > I have the following line in my /etc/mk.conf:
> >
> > SUDO!!=[ `id -u` -ne 0 ] && echo /usr/bin/doas; true
>
> That's not really a solution. It means you are going to run this
> each time you run any bsd makefile.
>
I might be missing something, but why not just use the "permit nopass
root as root" line? root can already do those things so it doesn't seem
to be protecting from anything ..
Re: make build as root fails when SUDO=doas
On Mon, Dec 10, 2018 at 03:37:48PM -0500, Ted Unangst wrote: > Solene Rapenne wrote: > > Not sure how to fix it. Maybe people shouldn't try to compile as root when > > having SUDO=doas set and then, it's not an issue anymore? > > yeah, i would say this is an issue of your own making. you ask to use doas, > make is going to use doas. This is not really acceptable, ports and src should play nice with each other, usually.
Re: add more bootdevices to vmctl
On Mon, Dec 10, 2018 at 02:28:48PM -0800, Carlos Cardenas wrote:
> On Mon, Dec 10, 2018 at 10:38:56PM +0100, Reyk Floeter wrote:
> > OK reyk@
> >
> > Please think about the manpage.
> >
> > > Am 10.12.2018 um 22:35 schrieb Claudio Jeker :
> > >
> > > Now that fw_cfg support is in vmd it makes sense to have -B disk
> > > and -B cdrom. Also error out if the option is not known.
> > >
> > > This allows to use -B cdrom to force booting from the cdrom disk image
> > > e.g. to update the VM image.
> > > --
> > > :wq Claudio
>
> Same comments as reyk@ .
>
> ok ccardenas@ when man page has been updated.
>
Here the diff with man page update.
--
:wq Claudio
Index: main.c
===
RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
retrieving revision 1.50
diff -u -p -r1.50 main.c
--- main.c 6 Dec 2018 09:23:15 - 1.50
+++ main.c 8 Dec 2018 06:59:17 -
@@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
case 'B':
if (res->bootdevice)
errx(1, "boot device specified multiple times");
- if (strcmp("net", optarg) == 0)
+ if (strcmp("disk", optarg) == 0)
+ res->bootdevice = VMBOOTDEV_DISK;
+ else if (strcmp("cdrom", optarg) == 0)
+ res->bootdevice = VMBOOTDEV_CDROM;
+ else if (strcmp("net", optarg) == 0)
res->bootdevice = VMBOOTDEV_NET;
+ else
+ errx(1, "unknown boot device %s", optarg);
break;
case 'r':
if (res->isopath)
Index: vmctl.8
===
RCS file: /cvs/src/usr.sbin/vmctl/vmctl.8,v
retrieving revision 1.56
diff -u -p -r1.56 vmctl.8
--- vmctl.8 6 Dec 2018 09:23:15 - 1.56
+++ vmctl.8 10 Dec 2018 21:59:25 -
@@ -160,14 +160,27 @@ Boot the VM with the specified kernel or
If not specified, the default is to boot using the BIOS image in
.Pa /etc/firmware/vmm-bios .
.It Fl B Ar device
-Force system to boot from the specified device for the next boot.
+Force system to boot from the specified device.
.Ar device
-can be set to
+can be set to:
+.Pp
+.Bl -tag -width "cdrom" -compact
+.It Ar disk
+boot from disk.
+.It Ar cdrom
+boot the CD-ROM image.
+.It Ar net
+perform a PXE boot using the first network interface.
+.El
+Currently
.Ar net
-to perform a PXE boot using the first network interface.
-Currently only supported when starting the VM with
+is only supported when booting a kernel using the
.Fl b
-specifying a kernel image.
+flag while
+.Ar disk
+and
+.Ar cdrom
+only work with BIOS images.
.It Fl c
Automatically connect to the VM console.
.It Fl d Ar disk
Re: make build as root fails when SUDO=doas
On Mon, Dec 10, 2018 at 08:17:04PM +0100, Anton Lindqvist wrote:
> On Mon, Dec 10, 2018 at 01:33:49PM +0100, Solene Rapenne wrote:
> > hi
> >
> > I have SUDO=doas in /etc/mk.conf for ports, this is preventing a `make
> > build`
> > in /usr/src as root if /etc/doas.conf doesn't have a line "permit nopass
> > root
> > as root". This fails when using "doas" in regress/usr/bin/ssh/
> >
> > doas: Operation not permitted
> > *** Error 1 in regress/usr.bin/ssh (Makefile:212 'clean')
> > *** Error 1 in regress/usr.bin (:48 'cleandir')
> > *** Error 1 in regress (:48 'cleandir')
> > *** Error 1 in . (:48 'cleandir')
> > *** Error 1 in . (Makefile:86 'do-build')
> > *** Error 1 in /usr/src (Makefile:74 'build')
> >
> >
> > the issue comes from the 3rd line of that extract from Makefile:212
> >
> > clean: ${CLEAN_SUBDIR}
> > rm -f ${CLEANFILES}
> > test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
> > rm -rf .putty
> >
> > Not sure how to fix it. Maybe people shouldn't try to compile as root when
> > having SUDO=doas set and then, it's not an issue anymore?
>
> I have the following line in my /etc/mk.conf:
>
> SUDO!!=[ `id -u` -ne 0 ] && echo /usr/bin/doas; true
That's not really a solution. It means you are going to run this
each time you run any bsd makefile.
Re: add more bootdevices to vmctl
On Mon, Dec 10, 2018 at 10:38:56PM +0100, Reyk Floeter wrote:
> OK reyk@
>
> Please think about the manpage.
>
> > Am 10.12.2018 um 22:35 schrieb Claudio Jeker :
> >
> > Now that fw_cfg support is in vmd it makes sense to have -B disk
> > and -B cdrom. Also error out if the option is not known.
> >
> > This allows to use -B cdrom to force booting from the cdrom disk image
> > e.g. to update the VM image.
> > --
> > :wq Claudio
Same comments as reyk@ .
ok ccardenas@ when man page has been updated.
+--+
Carlos
> >
> > Index: main.c
> > ===
> > RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
> > retrieving revision 1.50
> > diff -u -p -r1.50 main.c
> > --- main.c6 Dec 2018 09:23:15 -1.50
> > +++ main.c8 Dec 2018 06:59:17 -
> > @@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
> >case 'B':
> >if (res->bootdevice)
> >errx(1, "boot device specified multiple times");
> > -if (strcmp("net", optarg) == 0)
> > +if (strcmp("disk", optarg) == 0)
> > +res->bootdevice = VMBOOTDEV_DISK;
> > +else if (strcmp("cdrom", optarg) == 0)
> > +res->bootdevice = VMBOOTDEV_CDROM;
> > +else if (strcmp("net", optarg) == 0)
> >res->bootdevice = VMBOOTDEV_NET;
> > +else
> > +errx(1, "unknown boot device %s", optarg);
> >break;
> >case 'r':
> >if (res->isopath)
> >
>
Re: add more bootdevices to vmctl
OK reyk@
Please think about the manpage.
> Am 10.12.2018 um 22:35 schrieb Claudio Jeker :
>
> Now that fw_cfg support is in vmd it makes sense to have -B disk
> and -B cdrom. Also error out if the option is not known.
>
> This allows to use -B cdrom to force booting from the cdrom disk image
> e.g. to update the VM image.
> --
> :wq Claudio
>
> Index: main.c
> ===
> RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 main.c
> --- main.c6 Dec 2018 09:23:15 -1.50
> +++ main.c8 Dec 2018 06:59:17 -
> @@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
>case 'B':
>if (res->bootdevice)
>errx(1, "boot device specified multiple times");
> -if (strcmp("net", optarg) == 0)
> +if (strcmp("disk", optarg) == 0)
> +res->bootdevice = VMBOOTDEV_DISK;
> +else if (strcmp("cdrom", optarg) == 0)
> +res->bootdevice = VMBOOTDEV_CDROM;
> +else if (strcmp("net", optarg) == 0)
>res->bootdevice = VMBOOTDEV_NET;
> +else
> +errx(1, "unknown boot device %s", optarg);
>break;
>case 'r':
>if (res->isopath)
>
add more bootdevices to vmctl
Now that fw_cfg support is in vmd it makes sense to have -B disk
and -B cdrom. Also error out if the option is not known.
This allows to use -B cdrom to force booting from the cdrom disk image
e.g. to update the VM image.
--
:wq Claudio
Index: main.c
===
RCS file: /cvs/src/usr.sbin/vmctl/main.c,v
retrieving revision 1.50
diff -u -p -r1.50 main.c
--- main.c 6 Dec 2018 09:23:15 - 1.50
+++ main.c 8 Dec 2018 06:59:17 -
@@ -856,8 +856,14 @@ ctl_start(struct parse_result *res, int
case 'B':
if (res->bootdevice)
errx(1, "boot device specified multiple times");
- if (strcmp("net", optarg) == 0)
+ if (strcmp("disk", optarg) == 0)
+ res->bootdevice = VMBOOTDEV_DISK;
+ else if (strcmp("cdrom", optarg) == 0)
+ res->bootdevice = VMBOOTDEV_CDROM;
+ else if (strcmp("net", optarg) == 0)
res->bootdevice = VMBOOTDEV_NET;
+ else
+ errx(1, "unknown boot device %s", optarg);
break;
case 'r':
if (res->isopath)
Re: vmd(4) fw_cfg support
On Mon, Dec 10, 2018 at 05:52:43PM +0100, Claudio Jeker wrote: > This adds the fw_cfg interface that QEMU is using to pass data to the > BIOS. It implements both IO port access and DMA access. SeaBIOS will use > the latter if available. This should be useful for adding ACPI tables or > SMBIOS data. > > This requires the latest vmm-firmware (which I just commited) and the > vmm(4) diff I just sent out to work correctly. > > Since fw_cfg requires to zero out DMA memory I extended write_mem to do > this if a NULL pointer is used for buf. I felt this is something which may > be generally useful. > -- > :wq Claudio Very nice... ok ccardenas@ +--+ Carlos
Re: make build as root fails when SUDO=doas
Solene Rapenne wrote: > Not sure how to fix it. Maybe people shouldn't try to compile as root when > having SUDO=doas set and then, it's not an issue anymore? yeah, i would say this is an issue of your own making. you ask to use doas, make is going to use doas.
Re: bgpd refactor aspath_match a bit
On Thu, Dec 06, 2018 at 12:21:19PM +0100, Claudio Jeker wrote:
> On Wed, Nov 28, 2018 at 10:35:37AM +0100, Claudio Jeker wrote:
> > On Tue, Nov 27, 2018 at 06:55:51PM +0100, Job Snijders wrote:
> > > On Tue, Nov 27, 2018 at 06:23:53PM +0100, Claudio Jeker wrote:
> > > > On Tue, Nov 27, 2018 at 04:21:53PM +0100, Job Snijders wrote:
> > > > > On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote:
> > > > > > For origin validation I chacked the source_as in struct rde_aspath
> > > > > > this is not really the right place. It should be in struct aspath
> > > > > > since that holds all the ASPATH related stuff. Change this, move
> > > > > > aspath_match out of util.c back into rde_attr.c and adjust code to
> > > > > > use
> > > > > > the cached value also in match from any source-as XYZ rules.
> > > > > > This last bit causes a minor behavioural change since the old code
> > > > > > extracted the last non AS_SET asnumber. The new code follows the ROA
> > > > > > RFC and returns the rightmost AS for AS_SEQUENCE, the local AS for
> > > > > > empty paths and AS_NONE (which is 0) for everything else.
> > > > > > So now 'match from any source-as 0' will return all paths that do
> > > > > > not
> > > > > > have a final AS_SEQUENCE segment.
> > > > > >
> > > > > > The reason for this change is that I don't want to have two
> > > > > > different
> > > > > > behaviours for what we call source-as (the one in roa-set and the
> > > > > > one on a
> > > > > > filter).
> > > > >
> > > > > Something is off, it seems 'source-as 0' is matching anything that has
> > > > > an AS_SET attribute set:
> > > > >
> > > > > $ bgpctl show rib source-as 0 | head
> > > > > flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> > > > >S = Stale, E = Error
> > > > > origin validation state: N = not-found, V = valid, ! = invalid
> > > > > origin: i = IGP, e = EGP, ? = Incomplete
> > > > >
> > > > > flags ovs destination gateway lpref med
> > > > > aspath origin
> > > > > I*> N 5.39.176.0/21192.147.168.1 100 0 2914
> > > > > 8530 { 198753 } ?
> > > > > I*> N 5.101.110.0/24 192.147.168.1 100 0 2914
> > > > > 14061 { 46652 } i
> > > > > I*> N 5.175.0.0/19 192.147.168.1 100 0 2914
> > > > > 1299 20773 { 8972 } i
> > > > > I*> N 8.41.202.0/24192.147.168.1 100 0 2914
> > > > > 13789 30372 { 40179 } i
> > > > >
> > > > > Similarly, this should return at least 5.39.176.0/21:
> > > > >
> > > > > $ bgpctl show rib source-as 8530
> > > > > flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> > > > >S = Stale, E = Error
> > > > > origin validation state: N = not-found, V = valid, ! = invalid
> > > > > origin: i = IGP, e = EGP, ? = Incomplete
> > > > >
> > > > > flags ovs destination gateway lpref med
> > > > > aspath origin
> > > > > I*> N 80.87.16.0/20192.147.168.1 100 0 2914
> > > > > 8530 ?
> > > > > I*> N 87.236.128.0/21 192.147.168.1 100 0 2914
> > > > > 8530 ?
> > > > > I*> N 88.151.152.0/21 192.147.168.1 100 0 2914
> > > > > 8530 ?
> > > > > I*> N 89.38.120.0/21 192.147.168.1 100 0 2914
> > > > > 8530 i
> > > > > I*> N 93.115.176.0/20 192.147.168.1 100 0 2914
> > > > > 8530 i
> > > > > I*> N 185.52.144.0/22 192.147.168.1 100 0 2914
> > > > > 8530 ?
> > > > >
> > > >
> > > > I implemented source-as the way ROA is defining it. So anything which
> > > > ends
> > > > with a AS_SET will return AS_NONE (which is 0). OpenBGPD has no way to
> > > > have an AS_PATH that has a real 0 in the AS_PATH (those UPDATES are
> > > > treated as withdraw). Because of this also the 5.39.176.0/21 is no
> > > > longer
> > > > matching in 'bgpctl show rib source-as 8530'.
> > >
> > > I'm not sure it should behave that way.
> > >
> > > 'bgpctl show rib source-as 8530' really ought to return prefixes like
> > > 80.87.16.0/20 but also 5.39.176.0/21.
> >
> > But isn't this different from other implementations? At least I would
> > expect that the AS-path regex '8530$' would not match on the AS_SET path
> > either. My issue is that we have 'source-as' in roa-set, origin-set and on
> > filters in bgpd.conf plus the source-as used by bgpctl. Depending on
> > context they behave differently. So if AS 8530 is in the roa-set
> > and I do bgpctl show rib source-as 8530 the result will be different to
> > what would match in the roa-set.
> > We already had a lot of confusion about announce and that is why I decided
> > to make them behave the same.
> >
> > > > I'm a bit on the edge here about where to go and currently prefer to
> > > > follow a RFC (which in this case is RFC6811).
> > > >
> > > > o Route Origin ASN: The origin AS number derived from a Route as
> > > > follows:
> > > >
Re: vmd(4) fw_cfg support
On Mon, Dec 10, 2018 at 05:52:43PM +0100, Claudio Jeker wrote:
> This adds the fw_cfg interface that QEMU is using to pass data to the
> BIOS. It implements both IO port access and DMA access. SeaBIOS will use
> the latter if available. This should be useful for adding ACPI tables or
> SMBIOS data.
>
> This requires the latest vmm-firmware (which I just commited) and the
> vmm(4) diff I just sent out to work correctly.
>
> Since fw_cfg requires to zero out DMA memory I extended write_mem to do
> this if a NULL pointer is used for buf. I felt this is something which may
> be generally useful.
> --
> :wq Claudio
>
>
This reads ok to me. Thanks Claudio.
-ml
> Index: Makefile
> ===
> RCS file: /cvs/src/usr.sbin/vmd/Makefile,v
> retrieving revision 1.20
> diff -u -p -r1.20 Makefile
> --- Makefile 9 Sep 2018 04:09:32 - 1.20
> +++ Makefile 8 Dec 2018 06:59:17 -
> @@ -6,7 +6,7 @@ PROG= vmd
> SRCS=vmd.c control.c log.c priv.c proc.c config.c vmm.c
> SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
> SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c dhcp.c
> packet.c
> -SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c
> +SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c
> fw_cfg.c
>
> CFLAGS+= -Wall -I${.CURDIR}
> CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
> Index: fw_cfg.c
> ===
> RCS file: fw_cfg.c
> diff -N fw_cfg.c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ fw_cfg.c 10 Dec 2018 16:39:55 -
> @@ -0,0 +1,434 @@
> +/* $OpenBSD$ */
> +/*
> + * Copyright (c) 2018 Claudio Jeker
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +#include
> +#include
> +#include
> +
> +#include
> +#include
> +#include
> +
> +#include "atomicio.h"
> +#include "proc.h"
> +#include "vmd.h"
> +#include "vmm.h"
> +#include "fw_cfg.h"
> +
> +#define FW_CFG_SIGNATURE0x
> +#define FW_CFG_ID 0x0001
> +#define FW_CFG_NOGRAPHIC0x0004
> +#define FW_CFG_FILE_DIR 0x0019
> +#define FW_CFG_FILE_FIRST 0x0020
> +
> +#define FW_CFG_DMA_SIGNATURE 0x51454d5520434647ULL /* QEMU CFG */
> +
> +struct fw_cfg_dma_access {
> + uint32_tcontrol;
> +#define FW_CFG_DMA_ERROR 0x0001
> +#define FW_CFG_DMA_READ 0x0002
> +#define FW_CFG_DMA_SKIP 0x0004
> +#define FW_CFG_DMA_SELECT0x0008
> +#define FW_CFG_DMA_WRITE 0x0010 /* not implemented */
> + uint32_tlength;
> + uint64_taddress;
> +};
> +
> +struct fw_cfg_file {
> + uint32_tsize;
> + uint16_tselector;
> + uint16_treserved;
> + charname[56];
> +};
> +
> +extern char *__progname;
> +
> +static struct fw_cfg_state {
> + size_t offset;
> + size_t size;
> + uint8_t *data;
> +} fw_cfg_state;
> +
> +static uint64_t fw_cfg_dma_addr;
> +
> +static int fw_cfg_select_file(uint16_t);
> +static void fw_cfg_file_dir(void);
> +
> +void
> +fw_cfg_init(struct vmop_create_params *vmc)
> +{
> + const char *bootorder = NULL;
> + unsigned int sd = 0;
> +
> + /* do not double print chars on serial port */
> + fw_cfg_add_file("etc/screen-and-debug", , sizeof(sd));
> +
> + switch (vmc->vmc_bootdevice) {
> + case VMBOOTDEV_DISK:
> + bootorder = "/pci@i0cf8/*@2\nHALT";
> + break;
> + case VMBOOTDEV_CDROM:
> + bootorder = "/pci@i0cf8/*@4/*@0/*@0,100\nHALT";
> + break;
> + case VMBOOTDEV_NET:
> + /* XXX not yet */
> + bootorder = "HALT";
> + break;
> + }
> + if (bootorder)
> + fw_cfg_add_file("bootorder", bootorder, strlen(bootorder) + 1);
> +}
> +
> +int
> +fw_cfg_dump(int fd)
> +{
> + log_debug("%s: sending fw_cfg state", __func__);
> + if (atomicio(vwrite, fd, _cfg_dma_addr,
> + sizeof(fw_cfg_dma_addr)) != sizeof(fw_cfg_dma_addr)) {
> + log_warnx("%s: error writing fw_cfg to fd", __func__);
> + return -1;
> + }
> + if
Re: make build as root fails when SUDO=doas
On Mon, Dec 10, 2018 at 01:33:49PM +0100, Solene Rapenne wrote:
> hi
>
> I have SUDO=doas in /etc/mk.conf for ports, this is preventing a `make build`
> in /usr/src as root if /etc/doas.conf doesn't have a line "permit nopass root
> as root". This fails when using "doas" in regress/usr/bin/ssh/
>
> doas: Operation not permitted
> *** Error 1 in regress/usr.bin/ssh (Makefile:212 'clean')
> *** Error 1 in regress/usr.bin (:48 'cleandir')
> *** Error 1 in regress (:48 'cleandir')
> *** Error 1 in . (:48 'cleandir')
> *** Error 1 in . (Makefile:86 'do-build')
> *** Error 1 in /usr/src (Makefile:74 'build')
>
>
> the issue comes from the 3rd line of that extract from Makefile:212
>
> clean: ${CLEAN_SUBDIR}
> rm -f ${CLEANFILES}
> test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
> rm -rf .putty
>
> Not sure how to fix it. Maybe people shouldn't try to compile as root when
> having SUDO=doas set and then, it's not an issue anymore?
I have the following line in my /etc/mk.conf:
SUDO!!=[ `id -u` -ne 0 ] && echo /usr/bin/doas; true
allow weak passwd
So I was actually looking at the passwd check rules because I wanted to add a
flag to disable the 3 bad passwords then ok whatever.
This adds passwd -w to allow user to skip the default 3 warnings and just do
what they want. If, by chance, you have configured warnings in login.conf then
they can't override that.
Index: passwd.1
===
RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
retrieving revision 1.45
diff -u -p -r1.45 passwd.1
--- passwd.119 Aug 2016 10:57:24 - 1.45
+++ passwd.110 Dec 2018 19:09:55 -
@@ -62,6 +62,9 @@ checking program via the
.Dq passwordcheck
variable in
.Xr login.conf 5 .
+The
+.Fl w
+option can be used to disable the default checks and permit weak passwords.
.Pp
The superuser is not required to provide a user's current password
if only the local password is modified.
Index: passwd.c
===
RCS file: /cvs/src/usr.bin/passwd/passwd.c,v
retrieving revision 1.27
diff -u -p -r1.27 passwd.c
--- passwd.c26 Nov 2015 19:01:47 - 1.27
+++ passwd.c10 Dec 2018 19:08:41 -
@@ -38,6 +38,8 @@
extern int local_passwd(char *, int);
void usage(int retval);
+int allowweak;
+
int
main(int argc, char **argv)
{
@@ -46,8 +48,11 @@ main(int argc, char **argv)
int ch;
/* Process args and options */
- while ((ch = getopt(argc, argv, "")) != -1)
+ while ((ch = getopt(argc, argv, "w")) != -1)
switch (ch) {
+ case 'w':
+ allowweak = 1;
+ break;
default:
usage(1);
}
@@ -77,6 +82,6 @@ main(int argc, char **argv)
void
usage(int retval)
{
- fprintf(stderr, "usage: passwd [user]\n");
+ fprintf(stderr, "usage: passwd [-w] [user]\n");
exit(retval);
}
Index: pwd_check.c
===
RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
retrieving revision 1.16
diff -u -p -r1.16 pwd_check.c
--- pwd_check.c 21 Aug 2017 21:41:13 - 1.16
+++ pwd_check.c 10 Dec 2018 19:07:51 -
@@ -49,6 +49,8 @@
int pwd_check(login_cap_t *, char *);
int pwd_gettries(login_cap_t *);
+extern int allowweak;
+
struct pattern {
char *match;
int flags;
@@ -218,5 +220,7 @@ pwd_gettries(login_cap_t *lc)
* password checks, it will no longer be checked and they can set
* it to whatever they like. This is the historic BSD behavior.
*/
+ if (allowweak)
+ return (-1);
return (3);
}
Re: vmm(4) allow IO ports for fw_cfg interface
On Mon, Dec 10, 2018 at 05:29:39PM +0100, Claudio Jeker wrote: > qemu has the fw_cfg mechanism to pass data from the emulator to the bios. > SeaBIOS also includes fw_cfg support and so it makes sense to add this to > vmd(4) as well. To make this happen the following IO ports need to be > forwarded by vmm(4) to vmd(8). > FW_CFG_IO_SELECT0x510 > FW_CFG_IO_DATA 0x511 > FW_CFG_IO_DMA_ADDR_HIGH 0x514 > FW_CFG_IO_DMA_ADDR_LOW 0x518 > > It is possible to not use the DMA interface but I think it may be better > to have it. > -- > :wq Claudio > > Index: arch/amd64/amd64//vmm.c > === > RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v > retrieving revision 1.221 > diff -u -p -r1.221 vmm.c > --- arch/amd64/amd64//vmm.c 7 Oct 2018 22:43:06 - 1.221 > +++ arch/amd64/amd64//vmm.c 10 Dec 2018 14:46:52 - > @@ -5128,7 +5128,9 @@ svm_handle_inout(struct vcpu *vcpu) > case IO_ICU2 ... IO_ICU2 + 1: > case 0x3f8 ... 0x3ff: > case ELCR0 ... ELCR1: > - case 0x500 ... 0x50f: > + case 0x500 ... 0x511: > + case 0x514: > + case 0x518: > case 0xcf8: > case 0xcfc ... 0xcff: > case VMM_PCI_IO_BAR_BASE ... VMM_PCI_IO_BAR_END: > @@ -5221,9 +5223,11 @@ vmx_handle_inout(struct vcpu *vcpu) > case IO_ICU2 ... IO_ICU2 + 1: > case 0x3f8 ... 0x3ff: > case ELCR0 ... ELCR1: > + case 0x500 ... 0x511: > + case 0x514: > + case 0x518: > case 0xcf8: > case 0xcfc ... 0xcff: > - case 0x500 ... 0x50f: > case VMM_PCI_IO_BAR_BASE ... VMM_PCI_IO_BAR_END: > ret = EAGAIN; > break; > ok mlarkin
vmd(4) fw_cfg support
This adds the fw_cfg interface that QEMU is using to pass data to the
BIOS. It implements both IO port access and DMA access. SeaBIOS will use
the latter if available. This should be useful for adding ACPI tables or
SMBIOS data.
This requires the latest vmm-firmware (which I just commited) and the
vmm(4) diff I just sent out to work correctly.
Since fw_cfg requires to zero out DMA memory I extended write_mem to do
this if a NULL pointer is used for buf. I felt this is something which may
be generally useful.
--
:wq Claudio
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/vmd/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- Makefile9 Sep 2018 04:09:32 - 1.20
+++ Makefile8 Dec 2018 06:59:17 -
@@ -6,7 +6,7 @@ PROG= vmd
SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c
SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c dhcp.c packet.c
-SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c
+SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c fw_cfg.c
CFLAGS+= -Wall -I${.CURDIR}
CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
Index: fw_cfg.c
===
RCS file: fw_cfg.c
diff -N fw_cfg.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ fw_cfg.c10 Dec 2018 16:39:55 -
@@ -0,0 +1,434 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2018 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include "atomicio.h"
+#include "proc.h"
+#include "vmd.h"
+#include "vmm.h"
+#include "fw_cfg.h"
+
+#defineFW_CFG_SIGNATURE0x
+#defineFW_CFG_ID 0x0001
+#defineFW_CFG_NOGRAPHIC0x0004
+#defineFW_CFG_FILE_DIR 0x0019
+#defineFW_CFG_FILE_FIRST 0x0020
+
+#define FW_CFG_DMA_SIGNATURE 0x51454d5520434647ULL /* QEMU CFG */
+
+struct fw_cfg_dma_access {
+ uint32_tcontrol;
+#define FW_CFG_DMA_ERROR 0x0001
+#define FW_CFG_DMA_READ0x0002
+#define FW_CFG_DMA_SKIP0x0004
+#define FW_CFG_DMA_SELECT 0x0008
+#define FW_CFG_DMA_WRITE 0x0010 /* not implemented */
+ uint32_tlength;
+ uint64_taddress;
+};
+
+struct fw_cfg_file {
+ uint32_tsize;
+ uint16_tselector;
+ uint16_treserved;
+ charname[56];
+};
+
+extern char *__progname;
+
+static struct fw_cfg_state {
+ size_t offset;
+ size_t size;
+ uint8_t *data;
+} fw_cfg_state;
+
+static uint64_tfw_cfg_dma_addr;
+
+static int fw_cfg_select_file(uint16_t);
+static voidfw_cfg_file_dir(void);
+
+void
+fw_cfg_init(struct vmop_create_params *vmc)
+{
+ const char *bootorder = NULL;
+ unsigned int sd = 0;
+
+ /* do not double print chars on serial port */
+ fw_cfg_add_file("etc/screen-and-debug", , sizeof(sd));
+
+ switch (vmc->vmc_bootdevice) {
+ case VMBOOTDEV_DISK:
+ bootorder = "/pci@i0cf8/*@2\nHALT";
+ break;
+ case VMBOOTDEV_CDROM:
+ bootorder = "/pci@i0cf8/*@4/*@0/*@0,100\nHALT";
+ break;
+ case VMBOOTDEV_NET:
+ /* XXX not yet */
+ bootorder = "HALT";
+ break;
+ }
+ if (bootorder)
+ fw_cfg_add_file("bootorder", bootorder, strlen(bootorder) + 1);
+}
+
+int
+fw_cfg_dump(int fd)
+{
+ log_debug("%s: sending fw_cfg state", __func__);
+ if (atomicio(vwrite, fd, _cfg_dma_addr,
+ sizeof(fw_cfg_dma_addr)) != sizeof(fw_cfg_dma_addr)) {
+ log_warnx("%s: error writing fw_cfg to fd", __func__);
+ return -1;
+ }
+ if (atomicio(vwrite, fd, _cfg_state.offset,
+ sizeof(fw_cfg_state.offset)) != sizeof(fw_cfg_state.offset)) {
+ log_warnx("%s: error writing fw_cfg to fd", __func__);
+ return -1;
+ }
+ if (atomicio(vwrite, fd, _cfg_state.size,
+ sizeof(fw_cfg_state.size)) !=
vmm(4) allow IO ports for fw_cfg interface
qemu has the fw_cfg mechanism to pass data from the emulator to the bios. SeaBIOS also includes fw_cfg support and so it makes sense to add this to vmd(4) as well. To make this happen the following IO ports need to be forwarded by vmm(4) to vmd(8). FW_CFG_IO_SELECT0x510 FW_CFG_IO_DATA 0x511 FW_CFG_IO_DMA_ADDR_HIGH 0x514 FW_CFG_IO_DMA_ADDR_LOW 0x518 It is possible to not use the DMA interface but I think it may be better to have it. -- :wq Claudio Index: arch/amd64/amd64//vmm.c === RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v retrieving revision 1.221 diff -u -p -r1.221 vmm.c --- arch/amd64/amd64//vmm.c 7 Oct 2018 22:43:06 - 1.221 +++ arch/amd64/amd64//vmm.c 10 Dec 2018 14:46:52 - @@ -5128,7 +5128,9 @@ svm_handle_inout(struct vcpu *vcpu) case IO_ICU2 ... IO_ICU2 + 1: case 0x3f8 ... 0x3ff: case ELCR0 ... ELCR1: - case 0x500 ... 0x50f: + case 0x500 ... 0x511: + case 0x514: + case 0x518: case 0xcf8: case 0xcfc ... 0xcff: case VMM_PCI_IO_BAR_BASE ... VMM_PCI_IO_BAR_END: @@ -5221,9 +5223,11 @@ vmx_handle_inout(struct vcpu *vcpu) case IO_ICU2 ... IO_ICU2 + 1: case 0x3f8 ... 0x3ff: case ELCR0 ... ELCR1: + case 0x500 ... 0x511: + case 0x514: + case 0x518: case 0xcf8: case 0xcfc ... 0xcff: - case 0x500 ... 0x50f: case VMM_PCI_IO_BAR_BASE ... VMM_PCI_IO_BAR_END: ret = EAGAIN; break;
Re: carp though bridge with vmd
Hi Reyk,
If there is anything I can supply let me know, but I guess it's simple enough
to replicate.
Let me check carppeer anyway.
Mischa
> On 10 Dec 2018, at 09:55, Reyk Floeter wrote:
>
> Hi,
>
> as a general note for virtual switches and clouds that don’t support CARP due
> to restrictions on multicast and/or additional MACs: I use carppeer and
> lladdr of the parent interface in such cases.
>
> That doesn’t mean that you should need it with vmd and bridge and we have to
> look into this.
>
> Reyk
>
>> Am 09.12.2018 um 16:56 schrieb Mischa :
>>
>> Hi All,
>>
>> Is there a way to get carp working through a bridge?
>> I am currently testing to see whether I can have 2 vmd VMs on different
>> hosts use carp between them.
>> The current state that I am currently at is, both VMs are master.
>>
>> Setup on both hosts is the same, bridge1 with em0 as interface.
>>
>> # vm.conf
>> switch "uplink_bridge1" {
>> interface bridge1
>> }
>> vm "lb1" {
>> disable
>> disk "/home/mischa/vmm/lb1.img"
>> interface tap {
>> switch "uplink_bridge1"
>> }
>> }
>>
>> lb1 carp config:
>> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
>> 10 advskew 100
>>
>> lb2 carp config:
>> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
>> 10 advskew 110
>>
>> Is there anything that can be configured on the bridge side?
>>
>> Mischa
>>
>
[no subject]
Currently, pcap_setdirection() is described in pcap.3 as follows: pcap_setdirection() is used to limit the direction that packets must be flowing in order to be captured. The "direction" is not described, except in pcap.h. Should the constants be mentioned in the manpage? Also, the direction only seems to matter for live captures. Jan Index: pcap.3 === RCS file: /cvs/src/lib/libpcap/pcap.3,v retrieving revision 1.48 diff -u -p -r1.48 pcap.3 --- pcap.3 3 Jun 2018 10:45:15 - 1.48 +++ pcap.3 10 Dec 2018 07:12:53 - @@ -535,6 +535,15 @@ datalink types. .Fn pcap_setdirection is used to limit the direction that packets must be flowing in order to be captured. +The direction is either +.Dv PCAP_D_INOUT , +.Dv PCAP_D_IN +or +.Dv PCAP_D_OUT . +Direction is only relevant to live captures. +When reading from a dump file, +.Fn pcap_setdirection +has no effect . .Pp .Fn pcap_list_datalinks returns an array of the supported datalink types for an opened live capture
pcap_dump() arguments
pcap_dump() is described in pcap.3 as follows: pcap_dump() outputs a packet to the savefile opened with pcap_dump_open(). Note that its calling arguments are suitable for use with pcap_dispatch(). That formulation is imho not entirely clear, as the arguments mention no "savefile". (Looking at the source, it just treats the 'user' argument as a FILE* which is what a pcap_dumper_t* returned by pcap_dump_open() really is, and fwrite()s the header and packet data there.) It would be clearer if the manpage said that the 'user' is the savefile, and that it is to be passed as the last argument to pcap_dispatch() when using pcap_dump() as a callback function. Jan Index: pcap.3 === RCS file: /cvs/src/lib/libpcap/pcap.3,v retrieving revision 1.48 diff -u -p -r1.48 pcap.3 --- pcap.3 3 Jun 2018 10:45:15 - 1.48 +++ pcap.3 10 Dec 2018 07:01:13 - @@ -353,9 +353,17 @@ or may be used to display the error text. .Pp .Fn pcap_dump -outputs a packet to the savefile opened with -.Fn pcap_dump_open . -Note that its calling arguments are suitable for use with +outputs a packet to a previously opened savefile, +if the pointer obtained with +.Fn pcap_dump_open +is passed as the +.Fa user +argument. +This makes +.Fn pcap_dump +a suitable +.Fa callback +to use with .Fn pcap_dispatch . .Pp .Fn pcap_inject
Re: pwd_check tweak
Stuart Henderson wrote: > On 2018/12/10 06:49, Sebastien Marie wrote: > > On Sun, Dec 09, 2018 at 09:14:38PM -0500, Ted Unangst wrote: > > > These patterns try to detect a1a1a1 style passwords. By making the regex > > > a bit > > > more flexible we can just use one. Also now catches mMmMmM fwiw. > > > > it will also catches any password composed of only letters and digits > > from 2 to 8 chars (need even numbers of chars). > > > > like: aRgh675P or 78Ytgs7A > > > > but I am unsure if it is bad or not. I think any password with only 8 > > chars is bad now. > > ...so ab34cd5 is accepted straight away, but ab34cd56 trips the default > "please use a more complicated password or type it in three times" check. > > Seems like the external "passwordcheck" login.conf option might be a > better place for people who have requirements beyond the current scheme? I've never understood the principle behind such password checkers Should there not be a corresponding diff to jack the ripper to de-prioritize checking the passwords matched by this check, so that it can more quickly check the decreased space allowed to users? In other words, I'm incredibly cynical about any approach which decreases the available space. Seems to obviously stand against the principle.
Re: pwd_check tweak
On 2018/12/10 06:49, Sebastien Marie wrote: > On Sun, Dec 09, 2018 at 09:14:38PM -0500, Ted Unangst wrote: > > These patterns try to detect a1a1a1 style passwords. By making the regex a > > bit > > more flexible we can just use one. Also now catches mMmMmM fwiw. > > it will also catches any password composed of only letters and digits > from 2 to 8 chars (need even numbers of chars). > > like: aRgh675P or 78Ytgs7A > > but I am unsure if it is bad or not. I think any password with only 8 > chars is bad now. ...so ab34cd5 is accepted straight away, but ab34cd56 trips the default "please use a more complicated password or type it in three times" check. Seems like the external "passwordcheck" login.conf option might be a better place for people who have requirements beyond the current scheme?
make build as root fails when SUDO=doas
hi
I have SUDO=doas in /etc/mk.conf for ports, this is preventing a `make build`
in /usr/src as root if /etc/doas.conf doesn't have a line "permit nopass root
as root". This fails when using "doas" in regress/usr/bin/ssh/
doas: Operation not permitted
*** Error 1 in regress/usr.bin/ssh (Makefile:212 'clean')
*** Error 1 in regress/usr.bin (:48 'cleandir')
*** Error 1 in regress (:48 'cleandir')
*** Error 1 in . (:48 'cleandir')
*** Error 1 in . (Makefile:86 'do-build')
*** Error 1 in /usr/src (Makefile:74 'build')
the issue comes from the 3rd line of that extract from Makefile:212
clean: ${CLEAN_SUBDIR}
rm -f ${CLEANFILES}
test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
rm -rf .putty
Not sure how to fix it. Maybe people shouldn't try to compile as root when
having SUDO=doas set and then, it's not an issue anymore?
Re: nsd 4.1.26
On 2018/12/06 11:02, Florian Obser wrote: > tests, OKs? OK. Very little change apart from the dnstap interface that we can't use.
Re: pwd_check tweak
This seems to substantially reduce the search space, so who is it
actually helping?
> These patterns try to detect a1a1a1 style passwords. By making the regex a bit
> more flexible we can just use one. Also now catches mMmMmM fwiw.
>
>
> Index: pwd_check.c
> ===
> RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 pwd_check.c
> --- pwd_check.c 21 Aug 2017 21:41:13 - 1.16
> +++ pwd_check.c 10 Dec 2018 02:09:51 -
> @@ -72,15 +72,10 @@ struct pattern patterns[] = {
> "Please use a more complicated password."
> },
> {
> - "^([a-z][0-9]){1,4}$",
> + "^([a-z0-9][a-z0-9]){1,4}$",
> REG_EXTENDED|REG_NOSUB|REG_ICASE,
> "Please use a more complicated password."
> },
> - {
> - "^([0-9][a-z]){1,4}$",
> - REG_EXTENDED|REG_NOSUB|REG_ICASE,
> - "Please use a more complicated password."
> - }
> };
>
> int
>
Re: request for testing: patch for boot loader out of mem
On Mon, Dec 10, 2018 at 08:30:10AM +0100, Otto Moerbeek wrote:
> Hi,
>
> the bootloader uses a very simple allocator for dynamic memory. It
> maintains a list of free allocations. If it needs a block, it searches
> the freelist and returns the smallest allocation that fits.
>
> Allocation patterns like this (starting with an empty freelist)
>
> alloc(big)
> free(big)
> alloc(small)
>
> will assigned a big block for the small allocation, wasting most
> memory. The allocator does not split up this block. After this, a new
> big allocation will grow the heap with the big amount. This diff
> changes the strategy by not re-using a block from the free list if
> half the space or more would be wasted. Instead, it grows the heap by
> the requested amount.
>
> This make it possible for me to boot using a root fs with a large
> blocksize. There have been several reports of large roots not working
> (the bootloader allocates memory based om the blocksize of the file
> system, and by default larger filesystems use larger blocks).
>
> How to test
> ===
>
> Apply diff and do a full build including building release. After that,
> either upgrade using your newly built cd64.iso, bsd.rd or other
> mechanism or do a full install. Test that you can boot afterwards.
>
> This needs to be tested on various platforms, both will small and big
> (> 600G) root filesystems. Yes, this is tedious, but we want large
> coverage of different cases.
>
> -Otto
As it turns out by my own testing, on amd64 root filssytems using 32k
blocks now work fine, but 64k fs blocks still hit a ceiling. This
corresponds to > 512G disks if you use the defaults.
-Otto
>
> Index: alloc.c
> ===
> RCS file: /cvs/src/sys/lib/libsa/alloc.c,v
> retrieving revision 1.12
> diff -u -p -r1.12 alloc.c
> --- alloc.c 14 Mar 2016 23:08:06 - 1.12
> +++ alloc.c 10 Dec 2018 06:37:28 -
> @@ -169,7 +169,7 @@ alloc(unsigned int size)
> }
>
> /* no match in freelist if bestsize unchanged */
> - failed = (bestsize == 0x);
> + failed = (bestsize == 0x || bestsize >= size * 2);
> #endif
>
> if (failed) { /* nothing found */
>
>
ospfd: fib-priority
Hi,
below patch adds "fib-priority" to ospfd.conf which allows to set a
custom priority to routes. 32 is still the default if not set. Changing
the priority with a reload is also supported.
A discussion about the feature can be found here:
https://marc.info/?l=openbsd-tech=138360663119816=2
My first idea was to add an additional parameter to the functions that
need it. But that that is not practical since then need the event that calls
kr_dispatch_msg() needs to be reset. Because of that I added fib_prio to
struct kr_state.
OK?
Remi
cvs diff: Diffing .
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/ospfd/kroute.c,v
retrieving revision 1.111
diff -u -p -r1.111 kroute.c
--- kroute.c10 Jul 2018 11:49:04 - 1.111
+++ kroute.c9 Dec 2018 21:39:46 -
@@ -45,6 +45,7 @@ struct {
pid_t pid;
int fib_sync;
int fib_serial;
+ u_int8_tfib_prio;
int fd;
struct eventev;
struct eventreload;
@@ -127,14 +128,15 @@ kif_init(void)
}
int
-kr_init(int fs, u_int rdomain, int redis_label_or_prefix)
+kr_init(int fs, u_int rdomain, int redis_label_or_prefix, u_int8_t fib_prio)
{
int opt = 0, rcvbuf, default_rcvbuf;
socklen_t optlen;
- int filter_prio = RTP_OSPF;
+ int filter_prio = fib_prio;
kr_state.fib_sync = fs;
kr_state.rdomain = rdomain;
+ kr_state.fib_prio = fib_prio;
if ((kr_state.fd = socket(AF_ROUTE,
SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, AF_INET)) == -1) {
@@ -262,7 +264,7 @@ kr_change_fib(struct kroute_node *kr, st
kn->r.prefixlen = kroute[i].prefixlen;
kn->r.nexthop.s_addr = kroute[i].nexthop.s_addr;
kn->r.flags = kroute[i].flags | F_OSPFD_INSERTED;
- kn->r.priority = RTP_OSPF;
+ kn->r.priority = kr_state.fib_prio;
kn->r.ext_tag = kroute[i].ext_tag;
rtlabel_unref(kn->r.rtlabel); /* for RTM_CHANGE */
kn->r.rtlabel = kroute[i].rtlabel;
@@ -286,7 +288,8 @@ kr_change(struct kroute *kroute, int krc
kroute->rtlabel = rtlabel_tag2id(kroute->ext_tag);
- kr = kroute_find(kroute->prefix.s_addr, kroute->prefixlen, RTP_OSPF);
+ kr = kroute_find(kroute->prefix.s_addr, kroute->prefixlen,
+ kr_state.fib_prio);
if (kr != NULL && kr->next == NULL && krcount == 1)
/* single path OSPF route */
action = RTM_CHANGE;
@@ -297,7 +300,7 @@ kr_change(struct kroute *kroute, int krc
int
kr_delete_fib(struct kroute_node *kr)
{
- if (kr->r.priority != RTP_OSPF)
+ if (kr->r.priority != kr_state.fib_prio)
log_warn("kr_delete_fib: %s/%d has wrong priority %d",
inet_ntoa(kr->r.prefix), kr->r.prefixlen, kr->r.priority);
@@ -316,7 +319,7 @@ kr_delete(struct kroute *kroute)
struct kroute_node *kr, *nkr;
if ((kr = kroute_find(kroute->prefix.s_addr, kroute->prefixlen,
- RTP_OSPF)) == NULL)
+ kr_state.fib_prio)) == NULL)
return (0);
while (kr != NULL) {
@@ -348,7 +351,7 @@ kr_fib_couple(void)
kr_state.fib_sync = 1;
RB_FOREACH(kr, kroute_tree, )
- if (kr->r.priority == RTP_OSPF)
+ if (kr->r.priority == kr_state.fib_prio)
for (kn = kr; kn != NULL; kn = kn->next)
send_rtmsg(kr_state.fd, RTM_ADD, >r);
@@ -365,7 +368,7 @@ kr_fib_decouple(void)
return;
RB_FOREACH(kr, kroute_tree, )
- if (kr->r.priority == RTP_OSPF)
+ if (kr->r.priority == kr_state.fib_prio)
for (kn = kr; kn != NULL; kn = kn->next)
send_rtmsg(kr_state.fd, RTM_DELETE, >r);
@@ -418,7 +421,7 @@ kr_fib_reload()
kn = kr->next;
if (kr->serial != kr_state.fib_serial) {
- if (kr->r.priority == RTP_OSPF) {
+ if (kr->r.priority == kr_state.fib_prio) {
kr->serial = kr_state.fib_serial;
if (send_rtmsg(kr_state.fd,
RTM_ADD, >r) != 0)
@@ -431,6 +434,21 @@ kr_fib_reload()
}
}
+void
+kr_fib_update_prio(u_int8_t fib_prio)
+{
+ struct kroute_node *kr;
+
+ RB_FOREACH(kr, kroute_tree, )
+ if ((kr->r.flags & F_OSPFD_INSERTED))
+ kr->r.priority = fib_prio;
+
+ log_info("fib priority changed from %hhu to %hhu",
+ kr_state.fib_prio, fib_prio);
+
+ kr_state.fib_prio = fib_prio;
+ }
+
/* ARGSUSED */
Re: sys/net/pf*.[ch]: remove useless macros
Hello,
On Sat, Dec 08, 2018 at 09:25:04AM +0100, Klemens Nanni wrote:
> All they do is case conversion^Wconfusion, so remove them.
>
> Relevant pfvar.h diff at the top, all other hunks were done with sed(1).
>
> Feedback? Objections? OK?
your patch seems to be a follow up to mcbride's commit [1]
I have no objections. just make sure not to exceed 80 chars per line.
see below.
> Index: net/pf.c
> ===
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1078
> diff -u -p -r1.1078 pf.c
> @@ -4887,8 +4887,8 @@ pf_test_state(struct pf_pdesc *pd, struc
>
> #ifdef INET6
> if (afto) {
> - PF_ACPY(>nsaddr, >addr[sidx], nk->af);
> - PF_ACPY(>ndaddr, >addr[didx], nk->af);
> + pf_addrcpy(>nsaddr, >addr[sidx], nk->af);
> + pf_addrcpy(>ndaddr, >addr[didx], nk->af);
> pd->naf = nk->af;
> action = PF_AFRT;
> }
> @@ -5031,8 +5031,8 @@ pf_test_state_icmp(struct pf_pdesc *pd,
> iidx = afto ? !iidx : iidx;
> #ifdef INET6
> if (afto) {
> - PF_ACPY(>nsaddr, >addr[sidx], nk->af);
> - PF_ACPY(>ndaddr, >addr[didx], nk->af);
> + pf_addrcpy(>nsaddr, >addr[sidx],
> nk->af);
> + pf_addrcpy(>ndaddr, >addr[didx],
> nk->af);
> pd->naf = nk->af;
> }
> #endif /* INET6 */
chunk above seems to exceed 80 chars limit.
> Index: net/pf_ioctl.c
> ===
> RCS file: /cvs/src/sys/net/pf_ioctl.c,v
> retrieving revision 1.338
> diff -u -p -r1.338 pf_ioctl.c
> --- net/pf_ioctl.c1 Oct 2018 19:47:30 - 1.338
> +++ net/pf_ioctl.c8 Dec 2018 08:04:34 -
> @@ -1582,9 +1582,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
> sidx = 1;
> didx = 0;
> @@ -1836,9 +1836,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
> error = E2BIG; /* more than one state */
> else if (state != NULL) {
> sk = state->key[sidx];
> - PF_ACPY(>rsaddr, >addr[sidx], sk->af);
> + pf_addrcpy(>rsaddr, >addr[sidx],
> sk->af);
> pnl->rsport = sk->port[sidx];
> - PF_ACPY(>rdaddr, >addr[didx], sk->af);
> + pf_addrcpy(>rdaddr, >addr[didx],
> sk->af);
> pnl->rdport = sk->port[didx];
> pnl->rrdomain = sk->rdomain;
> } else
and also here the line seems too long.
otherwise looks good.
thanks and
regards
sashan
[1]
https://github.com/openbsd/src/commit/88a02e3254a5fc933c2d4b2d9ac064f49c6560d2#diff-4cf042ffd245af805800bc2ec46a3b6e
Re: nsd 4.1.26
*prod*
On Thu, Dec 06, 2018 at 11:02:01AM +0100, Florian Obser wrote:
> tests, OKs?
>
> diff --git Makefile.in Makefile.in
> index 16d193f766d..fbfc44be33b 100644
> --- Makefile.in
> +++ Makefile.in
> @@ -29,6 +29,8 @@ nsdconfigfile = @nsd_conf_file@
> zonesdir = @zonesdir@
> chrootdir= @chrootdir@
> user = @user@
> +DNSTAP_SRC=@DNSTAP_SRC@
> +DNSTAP_OBJ=@DNSTAP_OBJ@
>
> # override $U variable which is used by autotools for deansification (for
> # K C compilers), but causes problems if $U is defined in the env).
> @@ -47,6 +49,7 @@ INSTALL_DATA= $(INSTALL) -m 644
>
> YACC = @YACC@
> LEX = @LEX@
> +PROTOC_C = @PROTOC_C@
>
> COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS)
> LINK = $(CC) $(CFLAGS) $(LDFLAGS)
> @@ -72,7 +75,7 @@ TARGETS=nsd nsd-checkconf nsd-checkzone nsd-control
> nsd.conf.sample nsd-control-
> MANUALS=nsd.8 nsd-checkconf.8 nsd-checkzone.8 nsd-control.8 nsd.conf.5
>
> COMMON_OBJ=answer.o axfr.o buffer.o configlexer.o configparser.o dname.o
> dns.o edns.o iterated_hash.o lookup3.o namedb.o nsec3.o options.o packet.o
> query.o rbtree.o radtree.o rdata.o region-allocator.o rrl.o tsig.o
> tsig-openssl.o udb.o udbradtree.o udbzone.o util.o
> -XFRD_OBJ=xfrd-disk.o xfrd-notify.o xfrd-tcp.o xfrd.o remote.o
> +XFRD_OBJ=xfrd-disk.o xfrd-notify.o xfrd-tcp.o xfrd.o remote.o $(DNSTAP_OBJ)
> NSD_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) difffile.o ipc.o mini_event.o netio.o
> nsd.o server.o dbaccess.o dbcreate.o zlexer.o zonec.o zparser.o
> ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o
> NSD_CHECKCONF_OBJ=$(COMMON_OBJ) nsd-checkconf.o
> @@ -306,6 +309,22 @@ configlexer.c: $(srcdir)/configlexer.lex
> configparser.c configparser.h: $(srcdir)/configparser.y
> $(YACC) -d -o configparser.c $(srcdir)/configparser.y
>
> +# dnstap
> +dnstap.o:$(srcdir)/dnstap/dnstap.c config.h \
> + dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \
> + $(srcdir)/util.h $(srcdir)/options.h $(srcdir)/rbtree.h \
> + $(srcdir)/region-allocator.h
> +dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h
> +dnstap_collector.o: $(srcdir)/dnstap/dnstap_collector.c config.h \
> + $(srcdir)/dnstap/dnstap.h $(srcdir)/dnstap/dnstap_collector.h \
> + $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/region-allocator.h \
> + $(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dname.h \
> + $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
> + $(srcdir)/options.h
> +dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
> + @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi
> + $(PROTOC_C) --c_out=. --proto_path=$(srcdir)
> $(srcdir)/dnstap/dnstap.proto
> +
> # autoconf rules
> config.h.in: configure.ac
> autoheader
> diff --git config.h.in config.h.in
> index 4d47f603062..67296ca99b7 100644
> --- config.h.in
> +++ config.h.in
> @@ -22,6 +22,9 @@
> /* Pathname to the NSD database */
> #undef DBFILE
>
> +/* default dnstap socket path */
> +#undef DNSTAP_SOCKET_PATH
> +
> /* Define to the default maximum message length with EDNS. */
> #undef EDNS_MAX_MESSAGE_LEN
>
> @@ -510,6 +513,9 @@
> /* the user name to drop privileges to */
> #undef USER
>
> +/* Define to 1 to enable dnstap support */
> +#undef USE_DNSTAP
> +
> /* Define if you want to use internal select based events */
> #undef USE_MINI_EVENT
>
> diff --git configlexer.lex configlexer.lex
> index 7fd4f17363f..ead1b96fa80 100644
> --- configlexer.lex
> +++ configlexer.lex
> @@ -117,9 +117,8 @@ static void config_start_include_glob(const char*
> filename)
> #ifdef GLOB_ERR
>| GLOB_ERR
> #endif
> -#ifdef GLOB_NOSORT
> - | GLOB_NOSORT
> -#endif
> + /* do not set GLOB_NOSORT so the results are sorted
> + and in a predictable order. */
> #ifdef GLOB_BRACE
>| GLOB_BRACE
> #endif
> @@ -270,6 +269,15 @@ rrl-whitelist-ratelimit{COLON} { LEXOUT(("v(%s) ",
> yytext)); return VAR_RRL_WHIT
> rrl-whitelist{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_RRL_WHITELIST;}
> zonefiles-check{COLON} { LEXOUT(("v(%s) ", yytext)); return
> VAR_ZONEFILES_CHECK;}
> zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return
> VAR_ZONEFILES_WRITE;}
> +dnstap{COLON}{ LEXOUT(("v(%s) ", yytext)); return
> VAR_DNSTAP;}
> +dnstap-enable{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_ENABLE;}
> +dnstap-socket-path{COLON}{ LEXOUT(("v(%s) ", yytext)); return
> VAR_DNSTAP_SOCKET_PATH; }
> +dnstap-send-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return
> VAR_DNSTAP_SEND_IDENTITY; }
> +dnstap-send-version{COLON} { LEXOUT(("v(%s) ", yytext)); return
> VAR_DNSTAP_SEND_VERSION; }
> +dnstap-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return
> VAR_DNSTAP_IDENTITY; }
> +dnstap-version{COLON}{ LEXOUT(("v(%s) ", yytext)); return
>
Re: carp though bridge with vmd
Hi,
as a general note for virtual switches and clouds that don’t support CARP due
to restrictions on multicast and/or additional MACs: I use carppeer and lladdr
of the parent interface in such cases.
That doesn’t mean that you should need it with vmd and bridge and we have to
look into this.
Reyk
> Am 09.12.2018 um 16:56 schrieb Mischa :
>
> Hi All,
>
> Is there a way to get carp working through a bridge?
> I am currently testing to see whether I can have 2 vmd VMs on different hosts
> use carp between them.
> The current state that I am currently at is, both VMs are master.
>
> Setup on both hosts is the same, bridge1 with em0 as interface.
>
> # vm.conf
> switch "uplink_bridge1" {
>interface bridge1
> }
> vm "lb1" {
>disable
>disk "/home/mischa/vmm/lb1.img"
>interface tap {
>switch "uplink_bridge1"
>}
> }
>
> lb1 carp config:
> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
> 10 advskew 100
>
> lb2 carp config:
> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
> 10 advskew 110
>
> Is there anything that can be configured on the bridge side?
>
> Mischa
>
Re: carp though bridge with vmd
Hi David,
Yes there is. Currently the machine are directly connected to each other on
em0, the VMs are able to reach each other.
VM1 -> bridge1 -> em0 — em0 <- bridge1 <- VM2
Mischa
--
> On 10 Dec 2018, at 03:00, David Gwynne wrote:
>
> Is there a shared ethernet network between the bridges on each host?
>
>> On 10 Dec 2018, at 01:56, Mischa wrote:
>>
>> Hi All,
>>
>> Is there a way to get carp working through a bridge?
>> I am currently testing to see whether I can have 2 vmd VMs on different
>> hosts use carp between them.
>> The current state that I am currently at is, both VMs are master.
>>
>> Setup on both hosts is the same, bridge1 with em0 as interface.
>>
>> # vm.conf
>> switch "uplink_bridge1" {
>> interface bridge1
>> }
>> vm "lb1" {
>> disable
>> disk "/home/mischa/vmm/lb1.img"
>> interface tap {
>> switch "uplink_bridge1"
>> }
>> }
>>
>> lb1 carp config:
>> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
>> 10 advskew 100
>>
>> lb2 carp config:
>> inet 192.168.0.100 255.255.255.0 NONE vhid 1 pass carpdev vio0 advbase
>> 10 advskew 110
>>
>> Is there anything that can be configured on the bridge side?
>>
>> Mischa
>>
>
Re: malloc: simplify "not my pool" lock dance
On Thu, Dec 06, 2018 at 11:30:03AM +0100, Otto Moerbeek wrote:
> Hi,
>
> This simpifies the lock dance when a free is done for a pointer not in
> "my pool". Should reduce lock contention.
>
> Please review & test, especially with multithread heavy apps.
This is now committed. Thanks to all the testers. Running this should
give you a noticable improvement in speed for multi-threaded apps
doing lots f allocations and de-alloctions (i.e. your web browser).
-Otto
>
> -Otto
>
> Index: malloc.c
> ===
> RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
> retrieving revision 1.255
> diff -u -p -r1.255 malloc.c
> --- malloc.c 27 Nov 2018 17:29:55 - 1.255
> +++ malloc.c 6 Dec 2018 10:26:56 -
> @@ -1309,14 +1309,14 @@ findpool(void *p, struct dir_info *argpo
> }
>
> static void
> -ofree(struct dir_info *argpool, void *p, int clear, int check, size_t argsz)
> +ofree(struct dir_info **argpool, void *p, int clear, int check, size_t argsz)
> {
> struct region_info *r;
> struct dir_info *pool;
> char *saved_function;
> size_t sz;
>
> - r = findpool(p, argpool, , _function);
> + r = findpool(p, *argpool, , _function);
>
> REALSIZE(sz, r);
> if (check) {
> @@ -1405,12 +1405,9 @@ ofree(struct dir_info *argpool, void *p,
> }
> }
>
> - if (argpool != pool) {
> - pool->active--;
> + if (*argpool != pool) {
> pool->func = saved_function;
> - _MALLOC_UNLOCK(pool->mutex);
> - _MALLOC_LOCK(argpool->mutex);
> - argpool->active++;
> + *argpool = pool;
> }
> }
>
> @@ -1433,7 +1430,7 @@ free(void *ptr)
> malloc_recurse(d);
> return;
> }
> - ofree(d, ptr, 0, 0, 0);
> + ofree(, ptr, 0, 0, 0);
> d->active--;
> _MALLOC_UNLOCK(d->mutex);
> errno = saved_errno;
> @@ -1471,7 +1468,7 @@ freezero(void *ptr, size_t sz)
> malloc_recurse(d);
> return;
> }
> - ofree(d, ptr, 1, 1, sz);
> + ofree(, ptr, 1, 1, sz);
> d->active--;
> _MALLOC_UNLOCK(d->mutex);
> errno = saved_errno;
> @@ -1479,7 +1476,7 @@ freezero(void *ptr, size_t sz)
> DEF_WEAK(freezero);
>
> static void *
> -orealloc(struct dir_info *argpool, void *p, size_t newsz, void *f)
> +orealloc(struct dir_info **argpool, void *p, size_t newsz, void *f)
> {
> struct region_info *r;
> struct dir_info *pool;
> @@ -1490,14 +1487,14 @@ orealloc(struct dir_info *argpool, void
> uint32_t chunknum;
>
> if (p == NULL)
> - return omalloc(argpool, newsz, 0, f);
> + return omalloc(*argpool, newsz, 0, f);
>
> if (newsz >= SIZE_MAX - mopts.malloc_guard - MALLOC_PAGESIZE) {
> errno = ENOMEM;
> return NULL;
> }
>
> - r = findpool(p, argpool, , _function);
> + r = findpool(p, *argpool, , _function);
>
> REALSIZE(oldsz, r);
> if (mopts.chunk_canaries && oldsz <= MALLOC_MAXCHUNK) {
> @@ -1631,7 +1628,7 @@ gotit:
> }
> if (newsz != 0 && oldsz != 0)
> memcpy(q, p, oldsz < newsz ? oldsz : newsz);
> - ofree(pool, p, 0, 0, 0);
> + ofree(, p, 0, 0, 0);
> ret = q;
> } else {
> /* oldsz == newsz */
> @@ -1641,12 +1638,9 @@ gotit:
> ret = p;
> }
> done:
> - if (argpool != pool) {
> - pool->active--;
> + if (*argpool != pool) {
> pool->func = saved_function;
> - _MALLOC_UNLOCK(pool->mutex);
> - _MALLOC_LOCK(argpool->mutex);
> - argpool->active++;
> + *argpool = pool;
> }
> return ret;
> }
> @@ -1669,7 +1663,7 @@ realloc(void *ptr, size_t size)
> malloc_recurse(d);
> return NULL;
> }
> - r = orealloc(d, ptr, size, CALLER);
> + r = orealloc(, ptr, size, CALLER);
>
> d->active--;
> _MALLOC_UNLOCK(d->mutex);
> @@ -1730,7 +1724,7 @@ calloc(size_t nmemb, size_t size)
> /*DEF_STRONG(calloc);*/
>
> static void *
> -orecallocarray(struct dir_info *argpool, void *p, size_t oldsize,
> +orecallocarray(struct dir_info **argpool, void *p, size_t oldsize,
> size_t newsize, void *f)
> {
> struct region_info *r;
> @@ -1740,12 +1734,12 @@ orecallocarray(struct dir_info *argpool,
> size_t sz;
>
> if (p == NULL)
> - return omalloc(argpool, newsize, 1, f);
> + return omalloc(*argpool, newsize, 1, f);
>
> if (oldsize == newsize)
> return p;
>
> - r = findpool(p, argpool, , _function);
> + r = findpool(p, *argpool, , _function);
>
> REALSIZE(sz, r);
> if (sz <= MALLOC_MAXCHUNK) {
> @@ -1772,15 +1766,12 @@ orecallocarray(struct dir_info *argpool,
> } else
>
