unwind(8); "happy eyeballs"
In case you are wondering why happy eyballs: It's a variation on this:
https://en.wikipedia.org/wiki/Happy_Eyeballs
unwind has a concept of a best nameserver type. It considers a
configured DoT nameserver to be better than doing it's own recursive
resolving. Recursive resolving is considered to be better than asking
the dhcp provided nameservers.
It also actively checks the quality of a nameserver. Does it actually
work? Than it's better than an unreachable one. Does it support DNSSEC
validation by passing through the required records, than it's better
than a non-validating one. (The crypto is always done by unwind
itself.)
Now, this is all static. Once it figured out that DoT works and can do
validation, DoT it is. Always. No matter how far away it is.
Or you don't have DoT configured but you can talk unfiltered DNS to
the internet. The recursor will be picked. No matter if you can only
see parts of the internet. Maybe all .org nameservers are unreachable
from your location.
unwind knows about this. It tracks how long it takes to get an answer.
It knows when it can't talk to the .org nameservers. Either the
queries time out or we get a icmp error back. But it doesn't do
anything about it. Because unwind determind (statically) that you are
already using the best nameserver type, why try something else? Well,
because that particular query might be better answerd by a different
nameserver type. Or maybe you are sitting behind a sat link and
everything is terribly slow.
This diff sorts the nameserver types by quality, as above (validation,
resolving, dead...), and as a tie breaker it adds the median of the
round trip time of previous queries into the mix.
Then it considers the whole list, not just the best one. It picks the
top one from the list, sends a query and waits "median" time for an
answer. If none comes in it picks the next one and so on. Eventually
an answer is found (maybe the first one came back, or the 2nd one was
faster) and the answer is send back to the client.
To keep the configured (or default) preference the first resolver type
gets a head start of 200ms.
One other interesting thing about this is that it gets us past captive
portals without a check URL, that's why this diff is so huge, it rips
out all the captive portal stuff (please apply with patch -E):
17 files changed, 385 insertions(+), 1683 deletions(-)
Please test this. I'm particularly interested in reports from people
who move between networks and need to get past captive portals.
diff --git etc/examples/unwind.conf etc/examples/unwind.conf
deleted file mode 100644
index ea60cf9b6ff..000
--- etc/examples/unwind.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# $OpenBSD: unwind.conf,v 1.1 2019/02/05 16:23:58 florian Exp $
-#
-# unwind(8) works without a configuration file in most cases.
-# See unwind.conf(5) for configuration options.
-
-# Non-exhaustive list of connectivity test providers.
-# To only occasionally run a captive portal check manually from unwindctl(8)
-# add "auto no" to the block.
-#captive portal {
-# url "http://captive.apple.com/;
-# expected response
"SuccessSuccess\n"
-# # auto no # uncomment to run manually from unwindctl(8)
-#}
-#captive portal {
-# url "http://clients3.google.com/generate_204;
-# expected status 204
-# # auto no # uncomment to run manually from unwindctl(8)
-#}
-#captive portal {
-# url "http://detectportal.firefox.com/;
-# expected response "success\n"
-# # auto no # uncomment to run manually from unwindctl(8)
-#}
-
-# Running a connectivity test provider with httpd(8).
-# httpd.conf
-#server "c.YOUR-DOMAIN.com" {
-# listen on * port 80
-# location "*" { block return 204 }
-#}
-# unwind.conf
-#captive portal {
-# url "http://c.YOUR-DOMAIN.com/;
-# expected status 204
-#}
diff --git sbin/unwind/Makefile sbin/unwind/Makefile
index b48a14ce4b1..cdc8af97170 100644
--- sbin/unwind/Makefile
+++ sbin/unwind/Makefile
@@ -2,7 +2,6 @@
PROG= unwind
SRCS= control.c resolver.c frontend.c log.c unwind.c parse.y printconf.c
-SRCS+= captiveportal.c
MAN= unwind.8 unwind.conf.5
.include "${.CURDIR}/libunbound/Makefile.inc"
@@ -15,7 +14,7 @@ CFLAGS+= -Wmissing-declarations
CFLAGS+= -Wshadow -Wpointer-arith
CFLAGS+= -Wsign-compare
YFLAGS=
-LDADD+=-levent -lutil -ltls -lssl -lcrypto
-DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
+LDADD+=-levent -lutil -lssl -lcrypto
+DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBSSL} ${LIBCRYPTO}
.include
diff --git sbin/unwind/captiveportal.c sbin/unwind/captiveportal.c
deleted file mode 100644
index 0c7b0c1f207..000
--- sbin/unwind/captiveportal.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/* $OpenBSD: captiveportal.c,v 1.12 2019/05/14 14:51:31 florian Exp $
*/
-
-/*
- * Copyright (c) 2018 Florian Obser
- * Copyright (c) 2005 Claudio Jeker
- * Copyright (c) 2004 Esben Norby
- * Copyright (c) 2003, 2004 Henning Brauer
- *
- * Permission to use,
smtpd: remove implicit listen on socket
hello, smtpd has an implicit listener which is "listen on socket". I propose that we write it explicitely in the default config and give up with this last bit of implicit configuration. The goal behind that is to stop having implicit behaviors but it is also to improve security in the daemon: OpenSMTPD uses /var/run/smtpd.sock both as a control socket AND enqueuer socket, which means that socket is rw-rw-rw- and the control process has the charge of checking uid of caller and if permission is allowed to run a specific command. I think we should really have a control socket and one/many SMTP sockets so the control socket could be given tigher filesystem permissions while we could also allow multiple enqueue sockets with different permissions, and control them through the smtpd.conf ruleset like we do for any other connection. The first step towards that is this diff. ok ? Index: smtpd.conf === RCS file: /cvs/src/etc/mail/smtpd.conf,v retrieving revision 1.13 diff -u -p -r1.13 smtpd.conf --- smtpd.conf 25 Nov 2019 13:30:04 - 1.13 +++ smtpd.conf 26 Nov 2019 06:27:11 - @@ -5,6 +5,8 @@ table aliases file:/etc/mail/aliases +listen on socket + # To accept external mail, replace with: listen on all # listen on lo0 -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
iwm: reduce code duplication
This diff creates a shared function from code which was duplicated
when 9k device support was added.
Tested by mlarkin on 9560 and by myself on 8265.
ok?
diff feebccacec1ad3769dffeb0460ee0327ebb7478a
3465a69074230e50d890fe14737583f8e2814227
blob - 3284d345cb04ee93dd991637876ce805331f33b9 (mode 644)
blob + 157b754a37a70e6f15490c7f9dc46bf313b04b70 (mode 600)
--- sys/dev/pci/if_iwm.c
+++ sys/dev/pci/if_iwm.c
@@ -3736,62 +3736,16 @@ iwm_get_noise(const struct iwm_statistics_rx_non_phy *
}
void
-iwm_rx_rx_mpdu(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
-struct iwm_rx_data *data, struct mbuf_list *ml)
+iwm_rx_frame(struct iwm_softc *sc, struct mbuf *m, int chanidx,
+ int is_shortpre, int rate_n_flags, uint32_t device_timestamp,
+ struct ieee80211_rxinfo *rxi, struct mbuf_list *ml)
{
struct ieee80211com *ic = >sc_ic;
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
- struct ieee80211_rxinfo rxi;
struct ieee80211_channel *bss_chan;
- struct mbuf *m;
- struct iwm_rx_phy_info *phy_info;
- struct iwm_rx_mpdu_res_start *rx_res;
- int device_timestamp;
- uint32_t len;
- uint32_t rx_pkt_status;
- int rssi, chanidx;
uint8_t saved_bssid[IEEE80211_ADDR_LEN] = { 0 };
- bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE,
- BUS_DMASYNC_POSTREAD);
-
- phy_info = >sc_last_phy_info;
- rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
- wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
- len = le16toh(rx_res->byte_count);
- if (len < IEEE80211_MIN_LEN) {
- ic->ic_stats.is_rx_tooshort++;
- IC2IFP(ic)->if_ierrors++;
- return;
- }
- if (len > IWM_RBUF_SIZE - sizeof(*rx_res)) {
- IC2IFP(ic)->if_ierrors++;
- return;
- }
- rx_pkt_status = le32toh(*(uint32_t *)(pkt->data +
- sizeof(*rx_res) + len));
-
- if (__predict_false(phy_info->cfg_phy_cnt > 20))
- return;
-
- if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
- !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK))
- return; /* drop */
-
- m = data->m;
- if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0)
- return;
- m->m_data = pkt->data + sizeof(*rx_res);
- m->m_pkthdr.len = m->m_len = len;
-
- device_timestamp = le32toh(phy_info->system_timestamp);
-
- rssi = iwm_get_signal_strength(sc, phy_info);
- rssi = (0 - IWM_MIN_DBM) + rssi;/* normalize */
- rssi = MIN(rssi, ic->ic_max_rssi); /* clip to max. 100% */
-
- chanidx = letoh32(phy_info->channel);
if (chanidx < 0 || chanidx >= nitems(ic->ic_channels))
chanidx = ieee80211_chan2ieee(ic, ic->ic_ibss_chan);
@@ -3806,17 +3760,13 @@ iwm_rx_rx_mpdu(struct iwm_softc *sc, struct iwm_rx_pac
}
ni->ni_chan = >ic_channels[chanidx];
- memset(, 0, sizeof(rxi));
- rxi.rxi_rssi = rssi;
- rxi.rxi_tstamp = device_timestamp;
-
#if NBPFILTER > 0
if (sc->sc_drvbpf != NULL) {
struct iwm_rx_radiotap_header *tap = >sc_rxtap;
uint16_t chan_flags;
tap->wr_flags = 0;
- if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
+ if (is_shortpre)
tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
tap->wr_chan_freq =
htole16(ic->ic_channels[chanidx].ic_freq);
@@ -3824,18 +3774,17 @@ iwm_rx_rx_mpdu(struct iwm_softc *sc, struct iwm_rx_pac
if (ic->ic_curmode != IEEE80211_MODE_11N)
chan_flags &= ~IEEE80211_CHAN_HT;
tap->wr_chan_flags = htole16(chan_flags);
- tap->wr_dbm_antsignal = (int8_t)rssi;
+ tap->wr_dbm_antsignal = (int8_t)rxi->rxi_rssi;
tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
- tap->wr_tsft = phy_info->system_timestamp;
- if (phy_info->phy_flags &
- htole16(IWM_RX_RES_PHY_FLAGS_OFDM_HT)) {
- uint8_t mcs = (phy_info->rate_n_flags &
- htole32(IWM_RATE_HT_MCS_RATE_CODE_MSK |
- IWM_RATE_HT_MCS_NSS_MSK));
+ tap->wr_tsft = device_timestamp;
+ if (rate_n_flags & IWM_RATE_HT_MCS_RATE_CODE_MSK) {
+ uint8_t mcs = (rate_n_flags &
+ (IWM_RATE_HT_MCS_RATE_CODE_MSK |
+ IWM_RATE_HT_MCS_NSS_MSK));
tap->wr_rate = (0x80 | mcs);
} else {
- uint8_t rate = (phy_info->rate_n_flags &
- htole32(IWM_RATE_LEGACY_RATE_MSK));
+ uint8_t rate = (rate_n_flags &
+ IWM_RATE_LEGACY_RATE_MSK);
Re: [PATCH] fix vmm pvclock accuracy
On Mon, Nov 25, 2019 at 07:06:19PM -0800, Pratik Vyas wrote:
> Hi tech@,
>
> This patch fixes vmm pvclock accuracy issues. Shift math error
> discovered by George Koehler. This diff also fixes the error in tsc
> multiplier which was correct only if the host timecounter is tsc.
>
> --
> Pratik
>
Provided there is no reported fallout for just this piece, ok mlarkin@.
-ml
>
> Index: sys/arch/amd64/amd64/vmm.c
> ===
> RCS file: /home/cvs/src/sys/arch/amd64/amd64/vmm.c,v
> retrieving revision 1.254
> diff -u -p -a -u -r1.254 vmm.c
> --- sys/arch/amd64/amd64/vmm.c22 Sep 2019 08:47:54 - 1.254
> +++ sys/arch/amd64/amd64/vmm.c26 Nov 2019 00:08:10 -
> @@ -28,7 +28,6 @@
> #include
> #include
> #include
> -#include
>
> #include
>
> @@ -6879,8 +6878,11 @@ void
> vmm_init_pvclock(struct vcpu *vcpu, paddr_t gpa)
> {
> vcpu->vc_pvclock_system_gpa = gpa;
> - vcpu->vc_pvclock_system_tsc_mul =
> - (int) ((10L << 20) / tc_getfrequency());
> + if (tsc_frequency > 0)
> + vcpu->vc_pvclock_system_tsc_mul =
> + (int) ((10L << 20) / tsc_frequency);
> + else
> + vcpu->vc_pvclock_system_tsc_mul = 0;
> vmm_update_pvclock(vcpu);
> }
>
> @@ -6906,7 +6908,7 @@ vmm_update_pvclock(struct vcpu *vcpu)
> nanotime();
> pvclock_ti->ti_system_time =
> tv.tv_sec * 10L + tv.tv_nsec;
> - pvclock_ti->ti_tsc_shift = -20;
> + pvclock_ti->ti_tsc_shift = 12;
> pvclock_ti->ti_tsc_to_system_mul =
> vcpu->vc_pvclock_system_tsc_mul;
> pvclock_ti->ti_flags = PVCLOCK_FLAG_TSC_STABLE;
>
[PATCH] fix vmm pvclock accuracy
Hi tech@,
This patch fixes vmm pvclock accuracy issues. Shift math error
discovered by George Koehler. This diff also fixes the error in tsc
multiplier which was correct only if the host timecounter is tsc.
--
Pratik
Index: sys/arch/amd64/amd64/vmm.c
===
RCS file: /home/cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.254
diff -u -p -a -u -r1.254 vmm.c
--- sys/arch/amd64/amd64/vmm.c 22 Sep 2019 08:47:54 - 1.254
+++ sys/arch/amd64/amd64/vmm.c 26 Nov 2019 00:08:10 -
@@ -28,7 +28,6 @@
#include
#include
#include
-#include
#include
@@ -6879,8 +6878,11 @@ void
vmm_init_pvclock(struct vcpu *vcpu, paddr_t gpa)
{
vcpu->vc_pvclock_system_gpa = gpa;
- vcpu->vc_pvclock_system_tsc_mul =
- (int) ((10L << 20) / tc_getfrequency());
+ if (tsc_frequency > 0)
+ vcpu->vc_pvclock_system_tsc_mul =
+ (int) ((10L << 20) / tsc_frequency);
+ else
+ vcpu->vc_pvclock_system_tsc_mul = 0;
vmm_update_pvclock(vcpu);
}
@@ -6906,7 +6908,7 @@ vmm_update_pvclock(struct vcpu *vcpu)
nanotime();
pvclock_ti->ti_system_time =
tv.tv_sec * 10L + tv.tv_nsec;
- pvclock_ti->ti_tsc_shift = -20;
+ pvclock_ti->ti_tsc_shift = 12;
pvclock_ti->ti_tsc_to_system_mul =
vcpu->vc_pvclock_system_tsc_mul;
pvclock_ti->ti_flags = PVCLOCK_FLAG_TSC_STABLE;
dhclient: Fail on nonexistent -c file
Same story as with unwind(8); dhclient(8) reads the default config
/etc/dhclient.conf if present and must run fine if it does not exist,
but if `-c' is used, nonexistent files should fail.
$ doas dhclient -c /nonexistent trunk0
trunk0: 192.168.11.51 lease accepted from 192.168.11.1
(00:0d:b9:4c:ee:bd)
$ doas ./obj/dhclient -c /nonexistent trunk0
dhclient: /nonexistent: No such file or directory
Parsing code is different but I applied the same logic of telling the
parser function when to bail out.
Feedback? OK?
Index: clparse.c
===
RCS file: /cvs/src/sbin/dhclient/clparse.c,v
retrieving revision 1.193
diff -u -p -r1.193 clparse.c
--- clparse.c 23 Jul 2019 14:09:47 - 1.193
+++ clparse.c 26 Nov 2019 00:02:58 -
@@ -152,7 +152,8 @@ init_config(void)
* | conf-decls conf-decl
*/
void
-read_conf(char *name, char *ignore_list, struct ether_addr *hwaddr)
+read_conf(char *name, char *ignore_list, struct ether_addr *hwaddr,
+int require_file)
{
FILE*cfile;
int token;
@@ -161,7 +162,13 @@ read_conf(char *name, char *ignore_list,
new_parse(path_dhclient_conf);
- if ((cfile = fopen(path_dhclient_conf, "r")) != NULL) {
+ cfile = fopen(path_dhclient_conf, "r");
+ if (cfile == NULL) {
+ /* no config file is fine */
+ if (errno == ENOENT && require_file) {
+ err(1, "%s", path_dhclient_conf);
+ }
+ } else {
for (;;) {
token = peek_token(NULL, cfile);
if (token == EOF)
Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.654
diff -u -p -r1.654 dhclient.c
--- dhclient.c 22 Nov 2019 22:45:52 - 1.654
+++ dhclient.c 26 Nov 2019 00:08:36 -
@@ -463,6 +463,7 @@ main(int argc, char *argv[])
int fd, socket_fd[2];
int rtfilter, ioctlfd, routefd;
int ch;
+ int require_file = 0;
if (isatty(STDERR_FILENO) != 0)
log_init(1, LOG_DEBUG); /* log to stderr until daemonized */
@@ -475,6 +476,7 @@ main(int argc, char *argv[])
switch (ch) {
case 'c':
path_dhclient_conf = optarg;
+ require_file = 1;
break;
case 'd':
cmd_opts |= OPT_FOREGROUND;
@@ -579,7 +581,7 @@ main(int argc, char *argv[])
fatal("unpriv_ibuf");
imsg_init(unpriv_ibuf, socket_fd[1]);
- read_conf(ifi->name, ignore_list, >hw_address);
+ read_conf(ifi->name, ignore_list, >hw_address, require_file);
free(ignore_list);
if ((cmd_opts & OPT_NOACTION) != 0)
return 0;
Index: dhcpd.h
===
RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
retrieving revision 1.284
diff -u -p -r1.284 dhcpd.h
--- dhcpd.h 22 Nov 2019 22:45:52 - 1.284
+++ dhcpd.h 25 Nov 2019 23:28:39 -
@@ -239,7 +239,7 @@ uint32_t wrapsum(uint32_t);
/* clparse.c */
voidinit_config(void);
-voidread_conf(char *, char *, struct ether_addr *);
+voidread_conf(char *, char *, struct ether_addr *, int);
voidread_lease_db(struct client_lease_tq *);
/* kroute.c */
Re: smtpd remove implicit ruleset behavior
Gilles Chehade (2019-11-25 08:43 +0100): > and this diff makes smtpd warn at startup that implicit rules were used: > > laptop$ doas smtpd > smtpd: ruleset relies on implicit 'from' at line 10 > smtpd: ruleset relies on implicit 'for' at line 11 > laptop$ Without context it may not be obvious what the problem is. Perhaps something like this instead? smtpd: line 10: use of implicit 'from' is deprecated
Re: debug packages: let strip do the stripping
On Mon, Nov 25, 2019 at 04:11:53PM +0200, Paul Irofti wrote:
> Hi,
>
> Few people complained (hi landry@!) that stripped binaries are slightly
> larger now than they used to be when debug packages are enabled.
>
> My investigations show that this is because objcopy --strip-debug is
> less efficient than plain strip(1) which is what we use for non-debug
> packages.
>
> Reintroducing strip(1) does not affect current debug packages behaviour
> in my experience. The link to the debug symbols is still there and
> egdb(1) still loads it automatically and displays all the debug info.
>
> OK?
>
> Paul
>
> Index: bin/build-debug-info
> ===
> RCS file: /cvs/ports/infrastructure/bin/build-debug-info,v
> retrieving revision 1.22
> diff -u -p -u -p -r1.22 build-debug-info
> --- bin/build-debug-info 19 Nov 2019 15:49:30 - 1.22
> +++ bin/build-debug-info 25 Nov 2019 14:06:34 -
> @@ -263,7 +263,7 @@ print {$self->{mk}} << 'EOPREAMBLE';
> OBJCOPY_RULE = ${INSTALL_DATA_DIR} ${@D} && \
> echo "> Copy debug info from $? to $@" && \
> objcopy --only-keep-debug $? $@ && \
> -objcopy --strip-debug $? && \
> +strip $? && \
> objcopy --add-gnu-debuglink=$@ $? && \
> touch $@
>
>
Okay
debug packages: let strip do the stripping
Hi,
Few people complained (hi landry@!) that stripped binaries are slightly
larger now than they used to be when debug packages are enabled.
My investigations show that this is because objcopy --strip-debug is
less efficient than plain strip(1) which is what we use for non-debug
packages.
Reintroducing strip(1) does not affect current debug packages behaviour
in my experience. The link to the debug symbols is still there and
egdb(1) still loads it automatically and displays all the debug info.
OK?
Paul
Index: bin/build-debug-info
===
RCS file: /cvs/ports/infrastructure/bin/build-debug-info,v
retrieving revision 1.22
diff -u -p -u -p -r1.22 build-debug-info
--- bin/build-debug-info19 Nov 2019 15:49:30 - 1.22
+++ bin/build-debug-info25 Nov 2019 14:06:34 -
@@ -263,7 +263,7 @@ print {$self->{mk}} << 'EOPREAMBLE';
OBJCOPY_RULE = ${INSTALL_DATA_DIR} ${@D} && \
echo "> Copy debug info from $? to $@" && \
objcopy --only-keep-debug $? $@ && \
-objcopy --strip-debug $? && \
+strip $? && \
objcopy --add-gnu-debuglink=$@ $? && \
touch $@
Re: unwind: log missing config file
On Tue, Nov 19, 2019 at 03:53:16AM +0100, Florian Obser wrote:
> I think the file doesn't exist but it's fine check is in the wrong
> place. It's also stupid that it doesn't fatal(!) for unwind -f
> nonexistent. I think this needs to be handled further up in main.
> Maybe. I'll have a look if I don't forget.
The errno check in parse_config() does indeed look misplaced and other
parsers log fopen(3) failure directly in pushfile(), but it's not really
bad either.
Here's a simple diff for failing on missing failes iff `-f' is given.
$ ./obj/unwind -f/nonexistent
/nonexistent: No such file or directory
$ ls /etc/unwind.conf
ls: /etc/unwind.conf: No such file or directory
$ doas ./obj/unwind -d
startup
Feedback? OK?
Index: parse.y
===
RCS file: /cvs/src/sbin/unwind/parse.y,v
retrieving revision 1.15
diff -u -p -r1.15 parse.y
--- parse.y 9 Nov 2019 16:28:10 - 1.15
+++ parse.y 24 Nov 2019 20:55:06 -
@@ -776,7 +776,7 @@ popfile(void)
}
struct uw_conf *
-parse_config(char *filename)
+parse_config(char *filename, int require_file)
{
struct sym *sym, *next;
@@ -784,7 +784,8 @@ parse_config(char *filename)
file = pushfile(filename, 0);
if (file == NULL) {
- if (errno == ENOENT)/* no config file is fine */
+ /* no config file is fine */
+ if (errno == ENOENT && !require_file)
return (conf);
log_warn("%s", filename);
free(conf);
Index: unwind.c
===
RCS file: /cvs/src/sbin/unwind/unwind.c,v
retrieving revision 1.37
diff -u -p -r1.37 unwind.c
--- unwind.c19 Nov 2019 14:46:33 - 1.37
+++ unwind.c24 Nov 2019 20:51:09 -
@@ -77,7 +77,8 @@ struct uw_conf*main_conf;
struct imsgev *iev_frontend;
struct imsgev *iev_resolver;
struct imsgev *iev_captiveportal;
-char *conffile;
+char *conffile = CONF_FILE;
+int require_file;
pid_t frontend_pid;
pid_t resolver_pid;
@@ -132,7 +133,6 @@ main(int argc, char *argv[])
int control_fd, ta_fd;
char*csock, *saved_argv0;
- conffile = CONF_FILE;
csock = UNWIND_SOCKET;
log_init(1, LOG_DAEMON);/* Log to stderr until daemonized. */
@@ -158,6 +158,7 @@ main(int argc, char *argv[])
break;
case 'f':
conffile = optarg;
+ require_file = 1;
break;
case 'n':
cmd_opts |= OPT_NOACTION;
@@ -187,7 +188,7 @@ main(int argc, char *argv[])
else if (captiveportal_flag)
captiveportal(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2));
- if ((main_conf = parse_config(conffile)) == NULL)
+ if ((main_conf = parse_config(conffile, require_file)) == NULL)
exit(1);
if (cmd_opts & OPT_NOACTION) {
@@ -691,7 +692,7 @@ main_reload(void)
{
struct uw_conf *xconf;
- if ((xconf = parse_config(conffile)) == NULL)
+ if ((xconf = parse_config(conffile, require_file)) == NULL)
return (-1);
if (main_imsg_send_config(xconf) == -1)
Index: unwind.h
===
RCS file: /cvs/src/sbin/unwind/unwind.h,v
retrieving revision 1.33
diff -u -p -r1.33 unwind.h
--- unwind.h22 Nov 2019 15:31:25 - 1.33
+++ unwind.h24 Nov 2019 20:45:51 -
@@ -176,5 +176,5 @@ void config_clear(struct uw_conf *);
void print_config(struct uw_conf *);
/* parse.y */
-struct uw_conf *parse_config(char *);
+struct uw_conf *parse_config(char *, int);
int cmdline_symset(char *);
[PATCH] [www] books.html - remove superfluous angle bracket
Regards, Raf Index: books.html === RCS file: /cvs/www/books.html,v retrieving revision 1.117 diff -u -p -r1.117 books.html --- books.html 1 Jun 2019 23:12:47 - 1.117 +++ books.html 25 Nov 2019 11:15:11 - @@ -355,7 +355,7 @@ Lots of examples and real world code sni Network administration ->Das SSH-Buch +Das SSH-Buch (German) by Timo Dotzauer and Tobias Ltticke ISBN 3-938626-03-8
[Patch 1 of 2] Update list of ssh key files checked in Xsession
Noticed when testing a U2F key... SSH1 is no longer supported, so checking for an "identity" private key file is unhelpful. [Has this been overlooked, or is there some reason it has been preserved?] Ross Index: Xsession.in === RCS file: /cvs/xenocara/app/xenodm/config/Xsession.in,v retrieving revision 1.1 diff -u -p -r1.1 Xsession.in --- Xsession.in 26 Jul 2017 21:14:54 - 1.1 +++ Xsession.in 25 Nov 2019 10:30:45 - @@ -23,14 +23,13 @@ else fi # if we have private ssh key(s), start ssh-agent and add the key(s) -id1=$HOME/.ssh/identity -id2=$HOME/.ssh/id_dsa -id3=$HOME/.ssh/id_rsa -id4=$HOME/.ssh/id_ecdsa -id5=$HOME/.ssh/id_ed25519 +id1=$HOME/.ssh/id_dsa +id2=$HOME/.ssh/id_rsa +id3=$HOME/.ssh/id_ecdsa +id4=$HOME/.ssh/id_ed25519 if [ -z "$SSH_AGENT_PID" ]; then - if [ -x /usr/bin/ssh-agent ] && [ -f $id1 -o -f $id2 -o -f $id3 -o -f $id4 -o -f $id5 ]; + if [ -x /usr/bin/ssh-agent ] && [ -f $id1 -o -f $id2 -o -f $id3 -o -f $id4 ]; then eval `ssh-agent -s` ssh-add < /dev/null
[Patch 2 of 2] Update list of ssh key files checked in Xsession
Add checks for the (new) security key files... Patch assumes previous patch has been applied. Ross --- Xsession.in.prevMon Nov 25 21:29:42 2019 +++ Xsession.in Mon Nov 25 21:35:11 2019 @@ -26,10 +26,12 @@ fi id1=$HOME/.ssh/id_dsa id2=$HOME/.ssh/id_rsa id3=$HOME/.ssh/id_ecdsa -id4=$HOME/.ssh/id_ed25519 +id4=$HOME/.ssh/id_ecdsa_sk +id5=$HOME/.ssh/id_ed25519 +id6=$HOME/.ssh/id_ed25519_sk if [ -z "$SSH_AGENT_PID" ]; then - if [ -x /usr/bin/ssh-agent ] && [ -f $id1 -o -f $id2 -o -f $id3 -o -f $id4 ]; + if [ -x /usr/bin/ssh-agent ] && [ -f $id1 -o -f $id2 -o -f $id3 -o -f $id4 -o -f $id5 -o -f $id6 ]; then eval `ssh-agent -s` ssh-add < /dev/null
Re: acpivout(4): fix brightness not going up
On Wed, Nov 20, 2019 at 05:44:35PM +0100, Patrick Wildt wrote:
> On Sat, Nov 02, 2019 at 10:09:43PM -0400, James Hastings wrote:
> > Hi,
> >
> > Backlight on multiple laptops will go down but not up when using brightness
> > keys.
> > Compare new brightness level to min/max values in sc_bcl[] instead.
> > Diff below restores backlight up function.
>
> Since (n)level is based on the values in sc->sc_bcl, comparing the
> minimum and maximum against the sorted list in sc->sc_bcl makes a
> lot of sense. Though maybe it should be
>
> if (dir == 1 && (nlevel + 1 <= sc->sc_bcl[sc->sc_bcl_len - 1]))
>
> (note: < changed to <=)
>
> since sc->sc_bcl[sc->sc_bcl_len - 1] should be the maximum that
> we can set, and nlevel++ is allowed to be the maximum? The check
> for the minimum is similar.
>
> Anyone else wants to chime in?
What you are suggesting seems correct to me. It should be less than
or equal to.
But I have to say that, as the original author of this driver, things in
acpivout(4) have become unreadable to me. It is partially my fault that
I did not step in when the changes were proposed as I was too busy with
life.
All the +1, -1 dances around bcl_len and now nlevel if not riddled with
bugs, are prone to errors and throughly undocumented when used.
Anyway, I'll shut up now until I will come-up with a proper diff.
Paul
>
> Patrick
>
> > Index: dev/acpi/acpivout.c
> > ===
> > RCS file: /cvs/src/sys/dev/acpi/acpivout.c,v
> > retrieving revision 1.14
> > diff -u -p -u -r1.14 acpivout.c
> > --- dev/acpi/acpivout.c 21 Oct 2019 16:32:51 - 1.14
> > +++ dev/acpi/acpivout.c 3 Nov 2019 01:04:27 -
> > @@ -175,9 +175,9 @@ acpivout_brightness_step(struct acpivout
> >
> > nlevel = acpivout_find_brightness(sc, level + (dir * BRIGHTNESS_STEP));
> > if (nlevel == level) {
> > - if (dir == 1 && (nlevel + 1 < sc->sc_bcl_len))
> > + if (dir == 1 && (nlevel + 1 < sc->sc_bcl[sc->sc_bcl_len - 1]))
> > nlevel++;
> > - else if (dir == -1 && (nlevel - 1 >= 0))
> > + else if (dir == -1 && (nlevel - 1 >= sc->sc_bcl[0]))
> > nlevel--;
> > }
> > if (nlevel == level)
> >
Re: misc. acpi(4): *sleep -> *sleep_nsec(9)
On Fri, Nov 22, 2019 at 06:08:34PM -0600, Scott Cheloha wrote:
> The acpi_event_wait() loop is tricky. I'm leaving it alone for now.
>
> Everything else here is straightforward, though. The acpiec(4) sleep
> is adjacent to a delay of 1 microsecond so I've chosen that to replace
> the current duration of 1 tick.
>
> ok?
I am very uneasy when I see this sort of diffs in acpi(4). We fought
sleeping bugs and lost a lot of hair about these sort of primitives when
we did suspend/resume.
I really appreciate the work you are doing towards removing hz, but
for our comfort at least, could you provide us with a bit more
explanations and ask for thorough testing before switching?
Thanks,
Paul
>
> Index: acpi.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/acpi.c,v
> retrieving revision 1.374
> diff -u -p -r1.374 acpi.c
> --- acpi.c7 Sep 2019 13:46:20 - 1.374
> +++ acpi.c23 Nov 2019 00:02:15 -
> @@ -2866,9 +2866,7 @@ acpi_thread(void *arg)
> s = spltty();
> while (sc->sc_threadwaiting) {
> dnprintf(10, "acpi thread going to sleep...\n");
> - rw_exit_write(>sc_lck);
> - tsleep(sc, PWAIT, "acpi0", 0);
> - rw_enter_write(>sc_lck);
> + rwsleep_nsec(sc, >sc_lck, PWAIT, "acpi0", INFSLP);
> }
> sc->sc_threadwaiting = 1;
> splx(s);
> Index: acpiec.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/acpiec.c,v
> retrieving revision 1.60
> diff -u -p -r1.60 acpiec.c
> --- acpiec.c 2 Jul 2019 21:17:24 - 1.60
> +++ acpiec.c 23 Nov 2019 00:02:16 -
> @@ -107,8 +107,10 @@ acpiec_wait(struct acpiec_softc *sc, uin
> sc->sc_gotsci = 1;
> if (cold || (stat & EC_STAT_BURST))
> delay(1);
> - else
> - tsleep(, PWAIT, "acpiec", 1);
> + else {
> + tsleep_nsec(, PWAIT, "acpiec",
> + USEC_TO_NSEC(1));
> + }
> }
>
> dnprintf(40, "%s: EC wait_ns, stat: %b\n", DEVNAME(sc), (int)stat,
> Index: dsdt.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v
> retrieving revision 1.249
> diff -u -p -r1.249 dsdt.c
> --- dsdt.c16 Oct 2019 01:43:50 - 1.249
> +++ dsdt.c23 Nov 2019 00:02:16 -
> @@ -465,15 +465,11 @@ void
> acpi_sleep(int ms, char *reason)
> {
> static int acpinowait;
> - int to = ms * hz / 1000;
>
> if (cold)
> delay(ms * 1000);
> - else {
> - if (to <= 0)
> - to = 1;
> - tsleep(, PWAIT, reason, to);
> - }
> + else
> + tsleep_nsec(, PWAIT, reason, MSEC_TO_NSEC(ms));
> }
>
> void
> Index: tipmic.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/tipmic.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 tipmic.c
> --- tipmic.c 4 Apr 2019 06:33:10 - 1.4
> +++ tipmic.c 23 Nov 2019 00:02:16 -
> @@ -333,7 +333,8 @@ tipmic_thermal_opreg_handler(void *cooki
> splx(s);
>
> while (sc->sc_stat_adc == 0) {
> - if (tsleep(>sc_stat_adc, PRIBIO, "tipmic", hz)) {
> + if (tsleep_nsec(>sc_stat_adc, PRIBIO, "tipmic",
> + SEC_TO_NSEC(1))) {
> printf("%s: ADC timeout\n", sc->sc_dev.dv_xname);
> break;
> }
