Re: fw_update(8) Redownload files that fail validation
Here's an updated patch that applies after recent commits. I'll commit this sometime this weekend unless someone has other ideas. On Sat, Jan 08, 2022 at 08:30:09PM -0800, Andrew Hewus Fresh wrote: > That last patch I committed made it so that if you specify a local path > to install from with -p, while it will look in the SHA256.sig file for > the filename it didn't actually verify the checksum. > > In any case, this patch means we verify the checksum unless someone > specified a local filename on the command line. If we translate a > driver name into a filename we verify the checksum. > > This also adjusts so that if the existing file fails the checksum and > we're downloading (with -F for example) it will rm the file and > re-download it. > > It _doesn't_ try again for a file that is downloaded and fails > validation, either right after having rm'd a file that failed or if it > didn't previously exist and it does leave the successfully downloaded > (but failed validation) file on disk. I haven't decided if that's the > right choice yet. > > Comments, OK? Index: fw_update.sh === RCS file: /cvs/src/usr.sbin/fw_update/fw_update.sh,v retrieving revision 1.31 diff -u -p -r1.31 fw_update.sh --- fw_update.sh22 Jan 2022 05:03:47 - 1.31 +++ fw_update.sh22 Jan 2022 05:27:58 - @@ -433,7 +433,7 @@ kept='' for f in "${devices[@]}"; do d="$( firmware_devicename "$f" )" - verify_existing="$DOWNLOAD" + verify_existing=true if [ "$f" = "$d" ]; then f=$( firmware_filename "$d" || true ) [ "$f" ] || continue @@ -459,24 +459,27 @@ for f in "${devices[@]}"; do fi pending_status=false - if [ -e "$f" ]; then - if "$verify_existing" && ! "$DRYRUN"; then - if ((VERBOSE == 1)); then - echo -n "Verify ${f##*/} ..." - pending_status=true - fi - ((VERBOSE > 1)) && ! "$INSTALL" && - echo "Keep/Verify ${f##*/}" - verify "$f" || { - "$pending_status" && echo " failed." - continue - } - "$pending_status" && ! "$INSTALL" && echo " done." - else - ((VERBOSE > 1)) && ! "$INSTALL" && - echo "Keep ${f##*/}" + if "$verify_existing" && [ -e "$f" ]; then + if ((VERBOSE == 1)); then + echo -n "Verify ${f##*/} ..." + pending_status=true + elif ((VERBOSE > 1)) && ! "$INSTALL"; then + echo "Keep/Verify ${f##*/}" fi - "$INSTALL" || kept="$kept,$d" + + if "$DRYRUN" || verify "$f"; then + "$INSTALL" || kept="$kept,$d" + elif "$DOWNLOAD"; then + ((VERBOSE > 1)) && echo "Refetching $f" + rm -f $f + else + "$pending_status" && echo " failed." + continue + fi + fi + + if [ -e "$f" ]; then + "$pending_status" && ! "$INSTALL" && echo " done." elif "$DOWNLOAD"; then if "$DRYRUN"; then ((VERBOSE)) && echo "Get/Verify ${f##*/}"
Re: perl clang -Wcompound-token-split-by-macro
On Sat, Jan 22, 2022 at 02:24:51AM +0100, Marc Espie wrote: > Or we can automate this with something like this: I didn't try this, but it seems OK to me. I'll leave the final OK to sthen though as I would think it most likely to break things for him. (AFAIU new versions are not supposed to cause breakage though) > Index: perl.port.mk > === > RCS file: /cvs/ports/infrastructure/mk/perl.port.mk,v > retrieving revision 1.32 > diff -u -p -r1.32 perl.port.mk > --- perl.port.mk 12 Dec 2021 19:25:39 - 1.32 > +++ perl.port.mk 21 Jan 2022 17:39:18 - > @@ -56,6 +56,11 @@ MODPERL_pre-configure = for f in ${MODPE > ${MODPERL_BIN_ADJ} ${WRKSRC}/$${f}; done > .endif > > +MODPERL_gen = cd ${WRKDIST} && \ > + if test -f ppport.h; then \ > + perl -MDevel::PPPort -e'Devel::PPPort::WriteFile'; \ > + fi > + > .if ${CONFIGURE_STYLE:L:Mmodbuild} > MODPERL_configure = \ > cd ${WRKSRC}; ${SETENV} ${CONFIGURE_ENV} \
Re: perl clang -Wcompound-token-split-by-macro
Or we can automate this with something like this: Index: perl.port.mk === RCS file: /cvs/ports/infrastructure/mk/perl.port.mk,v retrieving revision 1.32 diff -u -p -r1.32 perl.port.mk --- perl.port.mk12 Dec 2021 19:25:39 - 1.32 +++ perl.port.mk21 Jan 2022 17:39:18 - @@ -56,6 +56,11 @@ MODPERL_pre-configure = for f in ${MODPE ${MODPERL_BIN_ADJ} ${WRKSRC}/$${f}; done .endif +MODPERL_gen = cd ${WRKDIST} && \ + if test -f ppport.h; then \ + perl -MDevel::PPPort -e'Devel::PPPort::WriteFile'; \ + fi + .if ${CONFIGURE_STYLE:L:Mmodbuild} MODPERL_configure = \ cd ${WRKSRC}; ${SETENV} ${CONFIGURE_ENV} \
Re: kubsan tcp timer shift
On 2022-01-21 8:40 a.m., Alexander Bluhm wrote: >>> There is no best, minimalistic and most consistent solution. >> >> I have always considered numberU as being the same type of thing as >> using 'u_int' instead of 'int' for a variable, it is idiomatic C >> to force all considerations into signed. >> >> If our system header files had 4000 lines with U, how many bugs >> would get fixed incidentaly? >> >> It is a strong idiom. A sad idiom, perhaps. It wasn't needed in >> historic C, a compiler would always generate the correct code, but >> here we are. > > Sounds like a call for the huge U change. I've been curious about this for a long time; Would using const uint16_t or uint32_t instead of proprocessor defines also make sense anyway if the purpose is to stop the compiler from being mysterious with implicit data types? I've never seen a compelling reason to use defines when const variables get a degree of type protection and misuse gets caught by the compiler much more quickly. -- Ted Bullock
Re: kubsan tcp timer shift
> Sounds like a call for the huge U change. Since none of these #define seem to be used by .S files, go for it. We don't really want to bring Mach's U() macro back.
Re: rpki-client: factor filename extension parsing into a function
I like that.. LGTM ok beck@ On Fri, Jan 21, 2022 at 08:37:27PM +0100, Theo Buehler wrote: > > Lets start with that and optimize this in tree. I think we can rename the > > function to something like rtype_from_mftfile(). In that case I would move > > the function as well... > > Like this? > > Index: extern.h > === > RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v > retrieving revision 1.111 > diff -u -p -r1.111 extern.h > --- extern.h 21 Jan 2022 18:49:44 - 1.111 > +++ extern.h 21 Jan 2022 19:36:09 - > @@ -421,6 +421,8 @@ void mft_free(struct mft *); > struct mft *mft_parse(X509 **, const char *, const unsigned char *, > size_t); > struct mft *mft_read(struct ibuf *); > +enum rtypertype_from_file_extension(const char *); > +enum rtypertype_from_mftfile(const char *); > > void roa_buffer(struct ibuf *, const struct roa *); > void roa_free(struct roa *); > @@ -447,12 +449,9 @@ int valid_ta(const char *, struct auth > int valid_cert(const char *, struct auth_tree *, > const struct cert *); > int valid_roa(const char *, struct auth_tree *, struct roa *); > -int valid_filename(const char *); > int valid_filehash(int, const char *, size_t); > int valid_uri(const char *, size_t, const char *); > int valid_origin(const char *, const char *); > - > -enum rtypertype_from_file_extension(const char *); > > /* Working with CMS. */ > unsigned char*cms_parse_validate(X509 **, const char *, > Index: mft.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v > retrieving revision 1.49 > diff -u -p -r1.49 mft.c > --- mft.c 21 Jan 2022 18:49:44 - 1.49 > +++ mft.c 21 Jan 2022 19:36:10 - > @@ -16,6 +16,7 @@ > */ > > #include > +#include > #include > #include > #include > @@ -121,6 +122,66 @@ check_validity(const ASN1_GENERALIZEDTIM > } > > /* > + * Determine rtype corresponding to file extension. Returns RTYPE_INVALID > + * on error or unkown extension. > + */ > +enum rtype > +rtype_from_file_extension(const char *fn) > +{ > + size_t sz; > + > + sz = strlen(fn); > + if (sz < 5) > + return RTYPE_INVALID; > + > + if (strcasecmp(fn + sz - 4, ".tal") == 0) > + return RTYPE_TAL; > + if (strcasecmp(fn + sz - 4, ".cer") == 0) > + return RTYPE_CER; > + if (strcasecmp(fn + sz - 4, ".crl") == 0) > + return RTYPE_CRL; > + if (strcasecmp(fn + sz - 4, ".mft") == 0) > + return RTYPE_MFT; > + if (strcasecmp(fn + sz - 4, ".roa") == 0) > + return RTYPE_ROA; > + if (strcasecmp(fn + sz - 4, ".gbr") == 0) > + return RTYPE_GBR; > + > + return RTYPE_INVALID; > +} > + > +/* > + * Validate that a filename listed on a Manifest only contains characters > + * permitted in draft-ietf-sidrops-6486bis section 4.2.2 and check that > + * it's a CER, CRL, GBR or a ROA. > + * Returns corresponding rtype or RTYPE_INVALID on error. > + */ > +enum rtype > +rtype_from_mftfile(const char *fn) > +{ > + const unsigned char *c; > + enum rtype type; > + > + for (c = fn; *c != '\0'; ++c) > + if (!isalnum(*c) && *c != '-' && *c != '_' && *c != '.') > + return RTYPE_INVALID; > + > + if (strchr(fn, '.') != strrchr(fn, '.')) > + return RTYPE_INVALID; > + > + type = rtype_from_file_extension(fn); > + switch (type) { > + case RTYPE_CER: > + case RTYPE_CRL: > + case RTYPE_GBR: > + case RTYPE_ROA: > + return type; > + default: > + return RTYPE_INVALID; > + } > +} > + > +/* > * Parse an individual "FileAndHash", RFC 6486, sec. 4.2. > * Return zero on failure, non-zero on success. > */ > @@ -161,12 +222,10 @@ mft_parse_filehash(struct parse *p, cons > if (fn == NULL) > err(1, NULL); > > - if (!valid_filename(fn)) { > + if ((type = rtype_from_mftfile(fn)) == RTYPE_INVALID) { > warnx("%s: invalid filename: %s", p->fn, fn); > goto out; > } > - > - type = rtype_from_file_extension(fn); > > /* Now hash value. */ > > Index: parser.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v > retrieving revision 1.49 > diff -u -p -r1.49 parser.c > --- parser.c 21 Jan 2022 18:49:44 - 1.49 > +++ parser.c 21 Jan 2022 19:36:10 - > @@ -307,7 +307,7 @@ proc_parser_mft_check(const char *fn, st > > for (i = 0; i < p->filesz; i++) { > const struct mftfile *m = >files[i]; > - if (!valid_filename(m->file)) { > + if (rtype_from_mftfile(m->file) == RTYPE_INVALID) { >
Re: perl clang -Wcompound-token-split-by-macro
btw, bumping the library version for libperl is a safer way of triggering those updates than revision bumps; the latter are subject to a build timing problem, you have to hope that the ports build machines are running a version of base built with the updated perl. On 2022/01/21 18:27, Alexander Bluhm wrote: > On Fri, Jan 21, 2022 at 08:39:34AM -0800, Andrew Hewus Fresh wrote: > > On Fri, Jan 21, 2022 at 04:34:13PM +0100, Marc Espie wrote: > > > So I don't really think perl requires any change. > > > > > > Possibly hacking a bit on ports that use an outdated version of ppport.h > > > > Updating ppport.h seems reasonable to me. > > I am regulary testing a bunch of Perl ports. > http://bluhm.genua.de/portstest/results/latest.html > > In the log file are 17590 -Wcompound-token-split-by-macro warnings. > http://bluhm.genua.de/portstest/results/2022-01-21T11%3A17%3A03Z/test.log > > I can update and patch ppport.h each time I touch such a port. FWIW here's the list from a grep over ports build logs. (I don't propose changing this in all of them, though, only if they're touched anyway). archivers/p5-Compress-Bzip2 audio/p5-Audio-Scan audio/rhythmbox audio/xmms2 converters/p5-Convert-Binary-C converters/p5-Cpanel-JSON-XS converters/p5-Sereal-Decoder converters/p5-Sereal-Encoder converters/p5-Unicode-LineBreak databases/p5-CDB_File databases/p5-DBD-MariaDB databases/p5-DBD-Pg databases/p5-DBD-SQLite databases/p5-DBD-SQLite2 databases/p5-DBD-Sybase databases/p5-DBD-mysql databases/p5-DBI databases/postgresql databases/postgresql-previous devel/autogen devel/libtool devel/libxsvf devel/luaposix devel/p5-Algorithm-Permute devel/p5-BSD-Resource devel/p5-Class-Load-XS devel/p5-Class-XSAccessor devel/p5-Curses devel/p5-Data-Dump-Streamer devel/p5-DateTime devel/p5-Devel-Declare devel/p5-Devel-FastProf devel/p5-Devel-Gladiator devel/p5-Devel-NYTProf devel/p5-Devel-Size devel/p5-File-FnMatch devel/p5-List-MoreUtils-XS devel/p5-Moose devel/p5-Package-Stash-XS devel/p5-Params-Validate devel/p5-Ref-Util-XS devel/p5-Set-Object devel/p5-Sort-Key devel/p5-Sub-Attribute devel/p5-Sub-Identify devel/p5-Sub-Name devel/p5-Term-ReadLine-Gnu devel/p5-Test-LeakTrace devel/p5-Tie-Hash-Indexed devel/p5-USB-LibUSB devel/p5-YAML-Syck devel/p5-YAML-XS devel/p5-autobox devel/p5-forks devel/silc-toolkit geo/p5-Geo-Coordinates-UTM-XS graphics/p5-Cairo graphics/p5-Imager graphics/p5-Imager-QRCode math/graphviz math/p5-AI-FANN math/p5-Math-Int128 math/p5-Math-Int64 math/p5-Math-Prime-Util math/p5-Statistics-CaseResampling misc/p5-File-LibMagic misc/p5-OPCUA-Open62541 multimedia/p5-Storable-AMF multimedia/synfig net/dico net/ircd-hybrid net/p5-BSD-Socket-Splice net/p5-MaxMind-DB-Reader-XS net/p5-MaxMind-DB-Writer net/p5-Net-Pcap net/p5-Net-SSH-Perl net/p5-Net-SSH2 net/silc-client net/silc-server print/texinfo security/p5-Crypt-OpenSSL-EC security/p5-Crypt-OpenSSL-ECDSA security/p5-Crypt-Rijndael security/p5-CryptX security/p5-Digest-Skein security/p5-Net-SSLeay security/p5-Unix-OpenBSD-Random sysutils/libvirt-python sysutils/p5-Unix-Statgrab telephony/siproxd textproc/p5-List-SomeUtils-XS textproc/p5-Template textproc/p5-Text-CSV_XS textproc/p5-XML-LibXML textproc/p5-XML-LibXSLT textproc/redland www/p5-HTML-Escape www/p5-HTTP-Parser-XS www/p5-WWW-Form-UrlEncoded-XS www/p5-libapreq2 x11/kde-applications/ksirk x11/p5-Tk
Re: rpki-client: factor filename extension parsing into a function
> Lets start with that and optimize this in tree. I think we can rename the > function to something like rtype_from_mftfile(). In that case I would move > the function as well... Like this? Index: extern.h === RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v retrieving revision 1.111 diff -u -p -r1.111 extern.h --- extern.h21 Jan 2022 18:49:44 - 1.111 +++ extern.h21 Jan 2022 19:36:09 - @@ -421,6 +421,8 @@ void mft_free(struct mft *); struct mft *mft_parse(X509 **, const char *, const unsigned char *, size_t); struct mft *mft_read(struct ibuf *); +enum rtype rtype_from_file_extension(const char *); +enum rtype rtype_from_mftfile(const char *); voidroa_buffer(struct ibuf *, const struct roa *); voidroa_free(struct roa *); @@ -447,12 +449,9 @@ int valid_ta(const char *, struct auth int valid_cert(const char *, struct auth_tree *, const struct cert *); int valid_roa(const char *, struct auth_tree *, struct roa *); -int valid_filename(const char *); int valid_filehash(int, const char *, size_t); int valid_uri(const char *, size_t, const char *); int valid_origin(const char *, const char *); - -enum rtype rtype_from_file_extension(const char *); /* Working with CMS. */ unsigned char *cms_parse_validate(X509 **, const char *, Index: mft.c === RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v retrieving revision 1.49 diff -u -p -r1.49 mft.c --- mft.c 21 Jan 2022 18:49:44 - 1.49 +++ mft.c 21 Jan 2022 19:36:10 - @@ -16,6 +16,7 @@ */ #include +#include #include #include #include @@ -121,6 +122,66 @@ check_validity(const ASN1_GENERALIZEDTIM } /* + * Determine rtype corresponding to file extension. Returns RTYPE_INVALID + * on error or unkown extension. + */ +enum rtype +rtype_from_file_extension(const char *fn) +{ + size_t sz; + + sz = strlen(fn); + if (sz < 5) + return RTYPE_INVALID; + + if (strcasecmp(fn + sz - 4, ".tal") == 0) + return RTYPE_TAL; + if (strcasecmp(fn + sz - 4, ".cer") == 0) + return RTYPE_CER; + if (strcasecmp(fn + sz - 4, ".crl") == 0) + return RTYPE_CRL; + if (strcasecmp(fn + sz - 4, ".mft") == 0) + return RTYPE_MFT; + if (strcasecmp(fn + sz - 4, ".roa") == 0) + return RTYPE_ROA; + if (strcasecmp(fn + sz - 4, ".gbr") == 0) + return RTYPE_GBR; + + return RTYPE_INVALID; +} + +/* + * Validate that a filename listed on a Manifest only contains characters + * permitted in draft-ietf-sidrops-6486bis section 4.2.2 and check that + * it's a CER, CRL, GBR or a ROA. + * Returns corresponding rtype or RTYPE_INVALID on error. + */ +enum rtype +rtype_from_mftfile(const char *fn) +{ + const unsigned char *c; + enum rtype type; + + for (c = fn; *c != '\0'; ++c) + if (!isalnum(*c) && *c != '-' && *c != '_' && *c != '.') + return RTYPE_INVALID; + + if (strchr(fn, '.') != strrchr(fn, '.')) + return RTYPE_INVALID; + + type = rtype_from_file_extension(fn); + switch (type) { + case RTYPE_CER: + case RTYPE_CRL: + case RTYPE_GBR: + case RTYPE_ROA: + return type; + default: + return RTYPE_INVALID; + } +} + +/* * Parse an individual "FileAndHash", RFC 6486, sec. 4.2. * Return zero on failure, non-zero on success. */ @@ -161,12 +222,10 @@ mft_parse_filehash(struct parse *p, cons if (fn == NULL) err(1, NULL); - if (!valid_filename(fn)) { + if ((type = rtype_from_mftfile(fn)) == RTYPE_INVALID) { warnx("%s: invalid filename: %s", p->fn, fn); goto out; } - - type = rtype_from_file_extension(fn); /* Now hash value. */ Index: parser.c === RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v retrieving revision 1.49 diff -u -p -r1.49 parser.c --- parser.c21 Jan 2022 18:49:44 - 1.49 +++ parser.c21 Jan 2022 19:36:10 - @@ -307,7 +307,7 @@ proc_parser_mft_check(const char *fn, st for (i = 0; i < p->filesz; i++) { const struct mftfile *m = >files[i]; - if (!valid_filename(m->file)) { + if (rtype_from_mftfile(m->file) == RTYPE_INVALID) { if (base64_encode(m->hash, sizeof(m->hash), ) == -1) errx(1, "base64_encode failed in %s", __func__); warnx("%s: unsupported filename for %s", fn, h); Index: validate.c
Re: perl clang -Wcompound-token-split-by-macro
On Fri, Jan 21, 2022 at 08:39:34AM -0800, Andrew Hewus Fresh wrote: > On Fri, Jan 21, 2022 at 04:34:13PM +0100, Marc Espie wrote: > > So I don't really think perl requires any change. > > > > Possibly hacking a bit on ports that use an outdated version of ppport.h > > Updating ppport.h seems reasonable to me. I am regulary testing a bunch of Perl ports. http://bluhm.genua.de/portstest/results/latest.html In the log file are 17590 -Wcompound-token-split-by-macro warnings. http://bluhm.genua.de/portstest/results/2022-01-21T11%3A17%3A03Z/test.log I can update and patch ppport.h each time I touch such a port. bluhm
Re: rpki-client: factor filename extension parsing into a function
On Fri, Jan 21, 2022 at 04:49:47PM +0100, Theo Buehler wrote: > On Fri, Jan 21, 2022 at 02:58:57PM +0100, Claudio Jeker wrote: > > On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote: > > > Not sure if it is that much of a win, but it saves some repetition and > > > makes sure we don't forget checking the file name to be longer than 4 > > > another time (missed on review in main() and proc_parser_file()). > > > > I like the diff. It is a good first step. > > One thing below but the diff is OK claudio@ > > Thanks. I had a stupid logic error in rtype_from_file_extension() which > is fixed below. > > [...] > > > I was a bit confused here because you did not adjust the first for loop > > that just checks for .crl. I wonder if we should pass the RTYPE value in > > struct mftfile. This would make this code a lot simpler. > > I didn't like that part of the diff either. > > Here's a diff that extends struct mftfile as you suggested and > simplifies queue_add_from_mft*() using the new type member. > > One thing I don't like is that we call rtype_from_file_extension() twice > from mft_parse_filehash(), once in valid_filename() and once directly. > > It would make more sense to change valid_filename() to return an enum > rtype directly. The only reason I didn't do it is that I couldn't come > up with a good name (type = valid_filename(fn) looks weird). Lets start with that and optimize this in tree. I think we can rename the function to something like rtype_from_mftfile(). In that case I would move the function as well... The diff is OK claudio@ > Index: extern.h > === > RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v > retrieving revision 1.110 > diff -u -p -r1.110 extern.h > --- extern.h 20 Jan 2022 09:24:08 - 1.110 > +++ extern.h 21 Jan 2022 15:00:16 - > @@ -149,10 +149,27 @@ struct tal { > }; > > /* > + * Resource types specified by the RPKI profiles. > + * There might be others we don't consider. > + */ > +enum rtype { > + RTYPE_INVALID, > + RTYPE_TAL, > + RTYPE_MFT, > + RTYPE_ROA, > + RTYPE_CER, > + RTYPE_CRL, > + RTYPE_GBR, > + RTYPE_REPO, > + RTYPE_FILE, > +}; > + > +/* > * Files specified in an MFT have their bodies hashed with SHA256. > */ > struct mftfile { > char*file; /* filename (CER/ROA/CRL, no path) */ > + enum rtype type; /* file type as determined by extension */ > unsigned charhash[SHA256_DIGEST_LENGTH]; /* sha256 of body */ > }; > > @@ -281,22 +298,6 @@ RB_PROTOTYPE(auth_tree, auth, entry, aut > struct auth *auth_find(struct auth_tree *, const char *); > void auth_insert(struct auth_tree *, struct cert *, struct auth *); > > -/* > - * Resource types specified by the RPKI profiles. > - * There might be others we don't consider. > - */ > -enum rtype { > - RTYPE_EOF = 0, > - RTYPE_TAL, > - RTYPE_MFT, > - RTYPE_ROA, > - RTYPE_CER, > - RTYPE_CRL, > - RTYPE_GBR, > - RTYPE_REPO, > - RTYPE_FILE, > -}; > - > enum http_result { > HTTP_FAILED,/* anything else */ > HTTP_OK,/* 200 OK */ > @@ -450,6 +451,8 @@ intvalid_filename(const char *); > int valid_filehash(int, const char *, size_t); > int valid_uri(const char *, size_t, const char *); > int valid_origin(const char *, const char *); > + > +enum rtypertype_from_file_extension(const char *); > > /* Working with CMS. */ > unsigned char*cms_parse_validate(X509 **, const char *, > Index: main.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v > retrieving revision 1.180 > diff -u -p -r1.180 main.c > --- main.c21 Jan 2022 14:08:33 - 1.180 > +++ main.c21 Jan 2022 15:30:03 - > @@ -331,7 +331,7 @@ rrdp_http_done(unsigned int id, enum htt > */ > static void > queue_add_from_mft(const char *path, const struct mftfile *file, > -enum rtype type, struct repo *rp) > +struct repo *rp) > { > char*nfile, *npath = NULL; > > @@ -341,7 +341,7 @@ queue_add_from_mft(const char *path, con > if ((nfile = strdup(file->file)) == NULL) > err(1, NULL); > > - entityq_add(npath, nfile, type, rp, NULL, 0, -1); > + entityq_add(npath, nfile, file->type, rp, NULL, 0, -1); > } > > /* > @@ -355,33 +355,29 @@ queue_add_from_mft(const char *path, con > static void > queue_add_from_mft_set(const struct mft *mft, const char *name, struct repo > *rp) > { > - size_t i, sz; > + size_t i; > const struct mftfile*f; > > for (i = 0; i < mft->filesz; i++) { > f = >files[i]; > - sz = strlen(f->file); > - assert(sz > 4); > - if (strcasecmp(f->file + sz - 4, ".crl") != 0) > + if (f->type !=
Re: perl clang -Wcompound-token-split-by-macro
On Fri, Jan 21, 2022 at 04:34:13PM +0100, Marc Espie wrote: > On Fri, Jan 21, 2022 at 02:12:25PM +0100, Alexander Bluhm wrote: > > Hi, > > > > Since clang 13 each Perl or Perl XS module compile spits out a lot > > of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay > > produces 3882 warnings generated. You cannot spot anything useful. > > The problem is burried deeply in the Perl macros and copied to > > everywhere. > > > > If we compile Perl with -Wno-compound-token-split-by-macro it gets > > stored in Config.pm and is used for most modules. > > > > $ perl -MConfig -e 'print $Config{ccflags},"\n"' > > -Wno-compound-token-split-by-macro -fno-strict-aliasing > > -fno-delete-null-pointer-checks -pipe -fstack-protector-strong > > -I/usr/local/include > > > > ok? > > I'm wondering whether this warning makes any sense for the ({ gnu C statement > (which isn't really a C token per se) > > As for "deep within perl", it comes from a combination of two things: > > - perl.h uses STMT_START and STMT_END (the normal ones just > creating do {} while (0) grouping. Which jsg changed recently for llvm 13 clang to get rid of warnings building perl itself. https://github.com/openbsd/src/commit/97a5f6039458a57e6c05bb910c104ac2ecee7622 > - there's a module called Devel::PPPort that generates a ppport.h (normally > the most recent). > > using > $ perl -MDevel::PPPort -e'Devel::PPPort::WriteFile' > > as documented in the manpage to regen a more recent ppport.h results in > p5-Net-SSLeay producing exactly 0 warning while building. > > So I don't really think perl requires any change. > > Possibly hacking a bit on ports that use an outdated version of ppport.h Updating ppport.h seems reasonable to me.
Re: rpki-client: factor filename extension parsing into a function
On Fri, Jan 21, 2022 at 02:58:57PM +0100, Claudio Jeker wrote: > On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote: > > Not sure if it is that much of a win, but it saves some repetition and > > makes sure we don't forget checking the file name to be longer than 4 > > another time (missed on review in main() and proc_parser_file()). > > I like the diff. It is a good first step. > One thing below but the diff is OK claudio@ Thanks. I had a stupid logic error in rtype_from_file_extension() which is fixed below. [...] > I was a bit confused here because you did not adjust the first for loop > that just checks for .crl. I wonder if we should pass the RTYPE value in > struct mftfile. This would make this code a lot simpler. I didn't like that part of the diff either. Here's a diff that extends struct mftfile as you suggested and simplifies queue_add_from_mft*() using the new type member. One thing I don't like is that we call rtype_from_file_extension() twice from mft_parse_filehash(), once in valid_filename() and once directly. It would make more sense to change valid_filename() to return an enum rtype directly. The only reason I didn't do it is that I couldn't come up with a good name (type = valid_filename(fn) looks weird). Index: extern.h === RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v retrieving revision 1.110 diff -u -p -r1.110 extern.h --- extern.h20 Jan 2022 09:24:08 - 1.110 +++ extern.h21 Jan 2022 15:00:16 - @@ -149,10 +149,27 @@ struct tal { }; /* + * Resource types specified by the RPKI profiles. + * There might be others we don't consider. + */ +enum rtype { + RTYPE_INVALID, + RTYPE_TAL, + RTYPE_MFT, + RTYPE_ROA, + RTYPE_CER, + RTYPE_CRL, + RTYPE_GBR, + RTYPE_REPO, + RTYPE_FILE, +}; + +/* * Files specified in an MFT have their bodies hashed with SHA256. */ struct mftfile { char*file; /* filename (CER/ROA/CRL, no path) */ + enum rtype type; /* file type as determined by extension */ unsigned charhash[SHA256_DIGEST_LENGTH]; /* sha256 of body */ }; @@ -281,22 +298,6 @@ RB_PROTOTYPE(auth_tree, auth, entry, aut struct auth*auth_find(struct auth_tree *, const char *); voidauth_insert(struct auth_tree *, struct cert *, struct auth *); -/* - * Resource types specified by the RPKI profiles. - * There might be others we don't consider. - */ -enum rtype { - RTYPE_EOF = 0, - RTYPE_TAL, - RTYPE_MFT, - RTYPE_ROA, - RTYPE_CER, - RTYPE_CRL, - RTYPE_GBR, - RTYPE_REPO, - RTYPE_FILE, -}; - enum http_result { HTTP_FAILED,/* anything else */ HTTP_OK,/* 200 OK */ @@ -450,6 +451,8 @@ int valid_filename(const char *); int valid_filehash(int, const char *, size_t); int valid_uri(const char *, size_t, const char *); int valid_origin(const char *, const char *); + +enum rtype rtype_from_file_extension(const char *); /* Working with CMS. */ unsigned char *cms_parse_validate(X509 **, const char *, Index: main.c === RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v retrieving revision 1.180 diff -u -p -r1.180 main.c --- main.c 21 Jan 2022 14:08:33 - 1.180 +++ main.c 21 Jan 2022 15:30:03 - @@ -331,7 +331,7 @@ rrdp_http_done(unsigned int id, enum htt */ static void queue_add_from_mft(const char *path, const struct mftfile *file, -enum rtype type, struct repo *rp) +struct repo *rp) { char*nfile, *npath = NULL; @@ -341,7 +341,7 @@ queue_add_from_mft(const char *path, con if ((nfile = strdup(file->file)) == NULL) err(1, NULL); - entityq_add(npath, nfile, type, rp, NULL, 0, -1); + entityq_add(npath, nfile, file->type, rp, NULL, 0, -1); } /* @@ -355,33 +355,29 @@ queue_add_from_mft(const char *path, con static void queue_add_from_mft_set(const struct mft *mft, const char *name, struct repo *rp) { - size_t i, sz; + size_t i; const struct mftfile*f; for (i = 0; i < mft->filesz; i++) { f = >files[i]; - sz = strlen(f->file); - assert(sz > 4); - if (strcasecmp(f->file + sz - 4, ".crl") != 0) + if (f->type != RTYPE_CRL) continue; - queue_add_from_mft(mft->path, f, RTYPE_CRL, rp); + queue_add_from_mft(mft->path, f, rp); } for (i = 0; i < mft->filesz; i++) { f = >files[i]; - sz = strlen(f->file); - assert(sz > 4); - if (strcasecmp(f->file + sz - 4, ".crl") == 0) + switch (f->type) { + case RTYPE_CER: +
Re: clang: compile static analyzer
Andre Smagin wrote in <20220120231806.0463e0c792db3e3e5fc07...@smagin.com>: |On Fri, 21 Jan 2022 00:45:56 +0100 |Steffen Nurpmeso wrote: | |> I found scan-build to generate a lot of false warnings, so much indeed |> that i stopped using it .. in summer 2017. | |You, and most others, (no sarcasm at all here) are much better |at C than I will ever be. I am not even at "amateur" level - more like |a part-time hobby. I mostly fiddle with text data compression for fun. | |For me, clang analyzer is more than helpful. It detects errors that |most of you, professional programmers, would never make. You probably |don't even realize the power of it, since you never make such |embarrassing mistakes while coding as I do. For me, every time there was |a warning from clang, it was fully warranted. Took me couple days in |some cases to figure out why, but it was always justified and I learned |a lot from it. | |I install clang from ports solely for the analyzer part. It would be |nice if it was included in base installation - some of us just want a |basic idiot-check tool available when trying to program things. But |ports installation works as well too. I nonetheless think of overlaying to get rid of it again here. This is hobby here .. they prefer that instead of cryptomining, maybe. I am pretty sure noone here uses all the utilities. I personally enable a lot of compiler warnings, 'am not there with clang's -Weverything, but lots of others. Not much remains to do if that works. I find that Coverity that you scratched from my message does a really good job out of the box, maybe scan-build is better if you instrument the code like grazy, you know, all the attributes that can be attached to lots of places to make the code like C# or Rust. Or so. 'Got the ashes to prove it. (P.S.: my try was before the FreeBSD commit series with dead assignments, 2022-01-14 22:18:04.) --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: kubsan tcp timer shift
On Thu, Jan 20, 2022 at 06:36:36PM -0700, Theo de Raadt wrote: > > Alternatives are: > > - put U to every TF_ TCP flag > > - put U to all TF_TMR_ timer flags > > - put U to TF_TMR_REXMT retransmit timer flag > > - cast TF_TIMER to unsigned (what I did) > > - cast to unsigned in the TCP_TIMER_ARM, TCP_TIMER_ARM_MSEC, > > TCP_TIMER_DISARM, TCP_TIMER_ISARMED macros where the shift happens. > > > > There is no best, minimalistic and most consistent solution. > > I have always considered numberU as being the same type of thing as > using 'u_int' instead of 'int' for a variable, it is idiomatic C > to force all considerations into signed. > > If our system header files had 4000 lines with U, how many bugs > would get fixed incidentaly? > > It is a strong idiom. A sad idiom, perhaps. It wasn't needed in > historic C, a compiler would always generate the correct code, but > here we are. Sounds like a call for the huge U change. ok? bluhm Index: netinet/tcp_var.h === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v retrieving revision 1.136 diff -u -p -r1.136 tcp_var.h --- netinet/tcp_var.h 28 Jan 2021 14:53:20 - 1.136 +++ netinet/tcp_var.h 21 Jan 2022 15:29:14 - @@ -77,33 +77,33 @@ struct tcpcb { u_short t_maxseg; /* maximum segment size */ chart_force;/* 1 if forcing out a byte */ u_int t_flags; -#defineTF_ACKNOW 0x0001 /* ack peer immediately */ -#defineTF_NODELAY 0x0004 /* don't delay packets to coalesce */ -#defineTF_NOOPT0x0008 /* don't use tcp options */ -#defineTF_SENTFIN 0x0010 /* have sent FIN */ -#defineTF_REQ_SCALE0x0020 /* have/will request window scaling */ -#defineTF_RCVD_SCALE 0x0040 /* other side has requested scaling */ -#defineTF_REQ_TSTMP0x0080 /* have/will request timestamps */ -#defineTF_RCVD_TSTMP 0x0100 /* a timestamp was received in SYN */ -#defineTF_SACK_PERMIT 0x0200 /* other side said I could SACK */ -#defineTF_SIGNATURE0x0400 /* require TCP MD5 signature */ +#defineTF_ACKNOW 0x0001U /* ack peer immediately */ +#defineTF_NODELAY 0x0004U /* don't delay packets to coalesce */ +#defineTF_NOOPT0x0008U /* don't use tcp options */ +#defineTF_SENTFIN 0x0010U /* have sent FIN */ +#defineTF_REQ_SCALE0x0020U /* have/will request window scaling */ +#defineTF_RCVD_SCALE 0x0040U /* other side has requested scaling */ +#defineTF_REQ_TSTMP0x0080U /* have/will request timestamps */ +#defineTF_RCVD_TSTMP 0x0100U /* a timestamp was received in SYN */ +#defineTF_SACK_PERMIT 0x0200U /* other side said I could SACK */ +#defineTF_SIGNATURE0x0400U /* require TCP MD5 signature */ #ifdef TCP_ECN -#define TF_ECN_PERMIT 0x8000 /* other side said I could ECN */ -#define TF_RCVD_CE 0x0001 /* send ECE in subsequent segs */ -#define TF_SEND_CWR0x0002 /* send CWR in next seg */ -#define TF_DISABLE_ECN 0x0004 /* disable ECN for this connection */ +#define TF_ECN_PERMIT 0x8000U /* other side said I could ECN */ +#define TF_RCVD_CE 0x0001U /* send ECE in subsequent segs */ +#define TF_SEND_CWR0x0002U /* send CWR in next seg */ +#define TF_DISABLE_ECN 0x0004U /* disable ECN for this connection */ #endif -#define TF_LASTIDLE0x0010 /* no outstanding ACK on last send */ -#define TF_PMTUD_PEND 0x0040 /* Path MTU Discovery pending */ -#define TF_NEEDOUTPUT 0x0080 /* call tcp_output after tcp_input */ -#define TF_BLOCKOUTPUT 0x0100 /* avert tcp_output during tcp_input */ -#define TF_NOPUSH 0x0200 /* don't push */ -#define TF_TMR_REXMT 0x0400 /* retransmit timer armed */ -#define TF_TMR_PERSIST 0x0800 /* retransmit persistence timer armed */ -#define TF_TMR_KEEP0x1000 /* keep alive timer armed */ -#define TF_TMR_2MSL0x2000 /* 2*msl quiet time timer armed */ -#define TF_TMR_REAPER 0x4000 /* delayed cleanup timer armed, dead */ -#define TF_TMR_DELACK 0x8000 /* delayed ack timer armed */ +#define TF_LASTIDLE0x0010U /* no outstanding ACK on last send */ +#define TF_PMTUD_PEND 0x0040U /* Path MTU Discovery pending */ +#define TF_NEEDOUTPUT 0x0080U /* call tcp_output after tcp_input */ +#define TF_BLOCKOUTPUT 0x0100U /* avert tcp_output during tcp_input */ +#define TF_NOPUSH 0x0200U /* don't push */ +#define TF_TMR_REXMT 0x0400U /* retransmit timer armed */ +#define TF_TMR_PERSIST
Re: perl clang -Wcompound-token-split-by-macro
On Fri, Jan 21, 2022 at 02:12:25PM +0100, Alexander Bluhm wrote: > Hi, > > Since clang 13 each Perl or Perl XS module compile spits out a lot > of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay > produces 3882 warnings generated. You cannot spot anything useful. > The problem is burried deeply in the Perl macros and copied to > everywhere. > > If we compile Perl with -Wno-compound-token-split-by-macro it gets > stored in Config.pm and is used for most modules. > > $ perl -MConfig -e 'print $Config{ccflags},"\n"' > -Wno-compound-token-split-by-macro -fno-strict-aliasing > -fno-delete-null-pointer-checks -pipe -fstack-protector-strong > -I/usr/local/include > > ok? I'm wondering whether this warning makes any sense for the ({ gnu C statement (which isn't really a C token per se) As for "deep within perl", it comes from a combination of two things: - perl.h uses STMT_START and STMT_END (the normal ones just creating do {} while (0) grouping. - there's a module called Devel::PPPort that generates a ppport.h (normally the most recent). using $ perl -MDevel::PPPort -e'Devel::PPPort::WriteFile' as documented in the manpage to regen a more recent ppport.h results in p5-Net-SSLeay producing exactly 0 warning while building. So I don't really think perl requires any change. Possibly hacking a bit on ports that use an outdated version of ppport.h
Re: fix active scan on iwm and iwx
On Thu, Jan 13 2022, Stefan Sperling wrote: > At present active scans (which send probe requests, as opposed to > just listening for beacons) are disabled on iwm 9k and iwx. This > was done because firmware misbehaved after association. > > zxystd from the OpenIntelWireless project has debugged the issue > and has sent me a patch against OpenBSD which fixes this problem. > The patch is below, with some small tweaks by me which have already > been reviewed by zxystd. > > It seems that firmware misbehaves if the driver sets the DTIM period > to zero. This value is read from TIM information elements (IE) in beacons. > Passive scans worked because we picked up the DTIM period from a beacon, > while probe responses received during active scans lack the TIM IE, which > resulted in a zero DTIM period being configured in firmware. We then never > updated TIM information when a beacon was recieved, letting firmware run > with a zero DTIM period until it eventually stopped working. > > I have tested this patch on iwm 8265 and iwx ax200. fwiw no regression on a 8265 too. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: fix active scan on iwm and iwx
> Date: Fri, 21 Jan 2022 16:05:49 +0100 > From: Stefan Sperling > > On Sun, Jan 16, 2022 at 07:38:11PM +0100, Mark Kettenis wrote: > > > Date: Sun, 16 Jan 2022 19:28:06 +0100 > > > From: Stefan Sperling > > > > > > On Sun, Jan 16, 2022 at 03:50:55PM +0100, Mark Kettenis wrote: > > > > However, running this diff I had a problem after resuming my laptop > > > > twice. After resume the interface didn't work and I found the > > > > following in dmesg: > > > > > > > > iwm0: could not initialize hardware > > > > > > > > I tried to reset the interface by bringing it down and up again, which > > > > crashed the machine. It must have been in ddb since typing "bo re" > > > > made it reset. Unfortunately I don't have further information since I > > > > was in X. > > > > > > Did you try reproducing this problem without the patch in place? > > > It would be good to know whether this problem is being introduced by > > > this patch. I don't believe this is likely, my bet would be that this > > > is an existing problem. But it would be good to know for sure. > > > > Yes. I switched back to regular snapshots. Will keep you posted. > > > > Any news? > > I have unsuccessfully tried to reproduce this problem on a laptop > with a 9560 iwm device, via both S3 suspend and hibernate. > I do not have a 9260 device in a machine which can suspend, unfortunately. > > This was not a problem that occurred for you consistently, was it? > If so, even if you have not yet seen the failure without the patch, > I would like to commit this patch to unblock further progress. If the > error happens for more people afterwards we could investigate further. > Hopefully someone will be able to provide a trace from ddb. Didn't happen again after switching back to a snapshot kernel. It did happen somewhat frequently. But what may have triggered it is that I suspended while using my phone as a hotspot. I'm ok if you want to move ahead. I can recognize the issue and get a proper backtrace the next time this happens.
Re: perl clang -Wcompound-token-split-by-macro
This change would require a revision bump for all Perl XS ports Otherwise loading the .so module fails. $ perl -MNet::SSLeay SSLeay.c: loadable library and perl binaries are mismatched (got handshake key 0xec0, needed 0xf00) On Fri, Jan 21, 2022 at 02:12:25PM +0100, Alexander Bluhm wrote: > Hi, > > Since clang 13 each Perl or Perl XS module compile spits out a lot > of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay > produces 3882 warnings generated. You cannot spot anything useful. > The problem is burried deeply in the Perl macros and copied to > everywhere. > > If we compile Perl with -Wno-compound-token-split-by-macro it gets > stored in Config.pm and is used for most modules. > > $ perl -MConfig -e 'print $Config{ccflags},"\n"' > -Wno-compound-token-split-by-macro -fno-strict-aliasing > -fno-delete-null-pointer-checks -pipe -fstack-protector-strong > -I/usr/local/include > > ok? > > bluhm > > Index: gnu/usr.bin/perl/Makefile.bsd-wrapper > === > RCS file: /data/mirror/openbsd/cvs/src/gnu/usr.bin/perl/Makefile.bsd-wrapper,v > retrieving revision 1.111 > diff -u -p -r1.111 Makefile.bsd-wrapper > --- gnu/usr.bin/perl/Makefile.bsd-wrapper 1 Jul 2020 00:08:06 - > 1.111 > +++ gnu/usr.bin/perl/Makefile.bsd-wrapper 21 Jan 2022 12:39:15 - > @@ -3,10 +3,16 @@ > # Build wrapper for Perl > # > > +.include > + > CONFIGURE_ARGS= -dse -Dopenbsd_distribution=defined > > .if !exists(${.OBJDIR}/config.over) > CONFIGURE_ARGS+= -Dmksymlinks > +.endif > + > +.if ${COMPILER_VERSION:L} == "clang" > +CONFIGURE_ARGS+= -Dccflags=-Wno-compound-token-split-by-macro > .endif > > .MAIN: all
Re: fix active scan on iwm and iwx
On Sun, Jan 16, 2022 at 07:38:11PM +0100, Mark Kettenis wrote: > > Date: Sun, 16 Jan 2022 19:28:06 +0100 > > From: Stefan Sperling > > > > On Sun, Jan 16, 2022 at 03:50:55PM +0100, Mark Kettenis wrote: > > > However, running this diff I had a problem after resuming my laptop > > > twice. After resume the interface didn't work and I found the > > > following in dmesg: > > > > > > iwm0: could not initialize hardware > > > > > > I tried to reset the interface by bringing it down and up again, which > > > crashed the machine. It must have been in ddb since typing "bo re" > > > made it reset. Unfortunately I don't have further information since I > > > was in X. > > > > Did you try reproducing this problem without the patch in place? > > It would be good to know whether this problem is being introduced by > > this patch. I don't believe this is likely, my bet would be that this > > is an existing problem. But it would be good to know for sure. > > Yes. I switched back to regular snapshots. Will keep you posted. > Any news? I have unsuccessfully tried to reproduce this problem on a laptop with a 9560 iwm device, via both S3 suspend and hibernate. I do not have a 9260 device in a machine which can suspend, unfortunately. This was not a problem that occurred for you consistently, was it? If so, even if you have not yet seen the failure without the patch, I would like to commit this patch to unblock further progress. If the error happens for more people afterwards we could investigate further. Hopefully someone will be able to provide a trace from ddb.
Re: rpki-client -f and multiple files
On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote: > I would like to change -f into a real mode and with that support to > show more then one file at a time. > > This is doing most of that. The output may need some extra fixing but the > logic itself works. > > Yay or nay? Yay. I like this. The manpage will need a little adjusting. ok > -- > :wq Claudio > > Index: main.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v > retrieving revision 1.179 > diff -u -p -r1.179 main.c > --- main.c19 Jan 2022 17:15:08 - 1.179 > +++ main.c21 Jan 2022 14:08:26 - > @@ -730,7 +730,6 @@ main(int argc, char *argv[]) > char*bind_addr = NULL; > const char *cachedir = NULL, *outputdir = NULL; > const char *errs, *name; > - const char *file = NULL; > struct vrp_tree vrps = RB_INITIALIZER(); > struct brk_tree brks = RB_INITIALIZER(); > struct rusage ru; > @@ -758,7 +757,7 @@ main(int argc, char *argv[]) > "proc exec unveil", NULL) == -1) > err(1, "pledge"); > > - while ((c = getopt(argc, argv, "b:Bcd:e:f:jnorRs:t:T:vV")) != -1) > + while ((c = getopt(argc, argv, "b:Bcd:e:fjnorRs:t:T:vV")) != -1) > switch (c) { > case 'b': > bind_addr = optarg; > @@ -776,7 +775,6 @@ main(int argc, char *argv[]) > rsync_prog = optarg; > break; > case 'f': > - file = optarg; > filemode = 1; > noop = 1; > break; > @@ -827,34 +825,29 @@ main(int argc, char *argv[]) > > argv += optind; > argc -= optind; > - if (argc == 1) > - outputdir = argv[0]; > - else if (argc > 1) > - goto usage; > > - signal(SIGPIPE, SIG_IGN); > + if (!filemode) { > + if (argc == 1) > + outputdir = argv[0]; > + else if (argc > 1) > + goto usage; > + > + if (outputdir == NULL) { > + warnx("output directory required"); > + goto usage; > + } > + } else { > + if (argc == 0) > + goto usage; > + outputdir = NULL; > + } > > if (cachedir == NULL) { > warnx("cache directory required"); > goto usage; > } > - if (file != NULL) { > - size_t sz; > > - sz = strlen(file); > - if (strcasecmp(file + sz - 4, ".tal") != 0 && > - strcasecmp(file + sz - 4, ".cer") != 0 && > - strcasecmp(file + sz - 4, ".crl") != 0 && > - strcasecmp(file + sz - 4, ".mft") != 0 && > - strcasecmp(file + sz - 4, ".roa") != 0 && > - strcasecmp(file + sz - 4, ".gbr") != 0) > - errx(1, "unsupported or invalid file: %s", file); > - > - outputdir = NULL; > - } else if (outputdir == NULL) { > - warnx("output directory required"); > - goto usage; > - } > + signal(SIGPIPE, SIG_IGN); > > if ((cachefd = open(cachedir, O_RDONLY | O_DIRECTORY)) == -1) > err(1, "cache directory %s", cachedir); > @@ -1071,8 +1064,10 @@ main(int argc, char *argv[]) > for (i = 0; i < talsz; i++) > queue_add_file(tals[i], RTYPE_TAL, i); > > - if (file != NULL) > - queue_add_file(file, RTYPE_FILE, 0); > + if (filemode) { > + while (*argv != NULL) > + queue_add_file(*argv++, RTYPE_FILE, 0); > + } > > /* change working directory to the cache directory */ > if (fchdir(cachefd) == -1) > @@ -1291,7 +1286,8 @@ usage: > fprintf(stderr, > "usage: rpki-client [-BcjnoRrVv] [-b sourceaddr] [-d cachedir]" > " [-e rsync_prog]\n" > - " [-f file] [-s timeout] [-T table] [-t tal]" > - " [outputdir]\n"); > + " [-s timeout] [-T table] [-t tal]" > + " [outputdir]\n" > + " rpki-client -f [-Vv] [-d cachedir] [-t tal] file ...\n"); > return 1; > } > Index: parser.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v > retrieving revision 1.46 > diff -u -p -r1.46 parser.c > --- parser.c 20 Jan 2022 09:24:08 - 1.46 > +++ parser.c 21 Jan 2022 14:15:45 - > @@ -952,6 +952,8 @@ proc_parser_file(char *file, unsigned ch > size_t sz; > unsigned long verify_flags = X509_V_FLAG_CRL_CHECK; > > + printf("File: %s\n", file); > + > sz = strlen(file); > if (strcasecmp(file + sz - 4, ".tal") == 0) > type = RTYPE_TAL; > @@ -966,7 +968,7 @@ proc_parser_file(char *file, unsigned
rpki-client -f and multiple files
I would like to change -f into a real mode and with that support to show more then one file at a time. This is doing most of that. The output may need some extra fixing but the logic itself works. Yay or nay? -- :wq Claudio Index: main.c === RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v retrieving revision 1.179 diff -u -p -r1.179 main.c --- main.c 19 Jan 2022 17:15:08 - 1.179 +++ main.c 21 Jan 2022 14:08:26 - @@ -730,7 +730,6 @@ main(int argc, char *argv[]) char*bind_addr = NULL; const char *cachedir = NULL, *outputdir = NULL; const char *errs, *name; - const char *file = NULL; struct vrp_tree vrps = RB_INITIALIZER(); struct brk_tree brks = RB_INITIALIZER(); struct rusage ru; @@ -758,7 +757,7 @@ main(int argc, char *argv[]) "proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "b:Bcd:e:f:jnorRs:t:T:vV")) != -1) + while ((c = getopt(argc, argv, "b:Bcd:e:fjnorRs:t:T:vV")) != -1) switch (c) { case 'b': bind_addr = optarg; @@ -776,7 +775,6 @@ main(int argc, char *argv[]) rsync_prog = optarg; break; case 'f': - file = optarg; filemode = 1; noop = 1; break; @@ -827,34 +825,29 @@ main(int argc, char *argv[]) argv += optind; argc -= optind; - if (argc == 1) - outputdir = argv[0]; - else if (argc > 1) - goto usage; - signal(SIGPIPE, SIG_IGN); + if (!filemode) { + if (argc == 1) + outputdir = argv[0]; + else if (argc > 1) + goto usage; + + if (outputdir == NULL) { + warnx("output directory required"); + goto usage; + } + } else { + if (argc == 0) + goto usage; + outputdir = NULL; + } if (cachedir == NULL) { warnx("cache directory required"); goto usage; } - if (file != NULL) { - size_t sz; - sz = strlen(file); - if (strcasecmp(file + sz - 4, ".tal") != 0 && - strcasecmp(file + sz - 4, ".cer") != 0 && - strcasecmp(file + sz - 4, ".crl") != 0 && - strcasecmp(file + sz - 4, ".mft") != 0 && - strcasecmp(file + sz - 4, ".roa") != 0 && - strcasecmp(file + sz - 4, ".gbr") != 0) - errx(1, "unsupported or invalid file: %s", file); - - outputdir = NULL; - } else if (outputdir == NULL) { - warnx("output directory required"); - goto usage; - } + signal(SIGPIPE, SIG_IGN); if ((cachefd = open(cachedir, O_RDONLY | O_DIRECTORY)) == -1) err(1, "cache directory %s", cachedir); @@ -1071,8 +1064,10 @@ main(int argc, char *argv[]) for (i = 0; i < talsz; i++) queue_add_file(tals[i], RTYPE_TAL, i); - if (file != NULL) - queue_add_file(file, RTYPE_FILE, 0); + if (filemode) { + while (*argv != NULL) + queue_add_file(*argv++, RTYPE_FILE, 0); + } /* change working directory to the cache directory */ if (fchdir(cachefd) == -1) @@ -1291,7 +1286,8 @@ usage: fprintf(stderr, "usage: rpki-client [-BcjnoRrVv] [-b sourceaddr] [-d cachedir]" " [-e rsync_prog]\n" - " [-f file] [-s timeout] [-T table] [-t tal]" - " [outputdir]\n"); + " [-s timeout] [-T table] [-t tal]" + " [outputdir]\n" + " rpki-client -f [-Vv] [-d cachedir] [-t tal] file ...\n"); return 1; } Index: parser.c === RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v retrieving revision 1.46 diff -u -p -r1.46 parser.c --- parser.c20 Jan 2022 09:24:08 - 1.46 +++ parser.c21 Jan 2022 14:15:45 - @@ -952,6 +952,8 @@ proc_parser_file(char *file, unsigned ch size_t sz; unsigned long verify_flags = X509_V_FLAG_CRL_CHECK; + printf("File: %s\n", file); + sz = strlen(file); if (strcasecmp(file + sz - 4, ".tal") == 0) type = RTYPE_TAL; @@ -966,7 +968,7 @@ proc_parser_file(char *file, unsigned ch else if (strcasecmp(file + sz - 4, ".gbr") == 0) type = RTYPE_GBR; else - errx(1, "%s: unsupported file type", file); + type = RTYPE_EOF;
Re: rpki-client: factor filename extension parsing into a function
On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote: > Not sure if it is that much of a win, but it saves some repetition and > makes sure we don't forget checking the file name to be longer than 4 > another time (missed on review in main() and proc_parser_file()). I like the diff. It is a good first step. One thing below but the diff is OK claudio@ > Index: main.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v > retrieving revision 1.178 > diff -u -p -r1.178 main.c > --- main.c19 Jan 2022 15:50:31 - 1.178 > +++ main.c19 Jan 2022 16:51:05 - > @@ -371,17 +372,18 @@ queue_add_from_mft_set(const struct mft > f = >files[i]; > sz = strlen(f->file); > assert(sz > 4); > - if (strcasecmp(f->file + sz - 4, ".crl") == 0) > + type = rtype_from_file_extension(f->file); > + switch (type) { > + case RTYPE_CER: > + case RTYPE_ROA: > + case RTYPE_GBR: > + queue_add_from_mft(mft->path, f, type, rp); > + break; > + case RTYPE_CRL: > continue; > - else if (strcasecmp(f->file + sz - 4, ".cer") == 0) > - queue_add_from_mft(mft->path, f, RTYPE_CER, rp); > - else if (strcasecmp(f->file + sz - 4, ".roa") == 0) > - queue_add_from_mft(mft->path, f, RTYPE_ROA, rp); > - else if (strcasecmp(f->file + sz - 4, ".gbr") == 0) > - queue_add_from_mft(mft->path, f, RTYPE_GBR, rp); > - else > - logx("%s: unsupported file type: %s", name, > - f->file); > + default: > + logx("%s: unsupported file type: %s", name, f->file); > + } > } > } > I was a bit confused here because you did not adjust the first for loop that just checks for .crl. I wonder if we should pass the RTYPE value in struct mftfile. This would make this code a lot simpler. -- :wq Claudio
perl clang -Wcompound-token-split-by-macro
Hi, Since clang 13 each Perl or Perl XS module compile spits out a lot of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay produces 3882 warnings generated. You cannot spot anything useful. The problem is burried deeply in the Perl macros and copied to everywhere. If we compile Perl with -Wno-compound-token-split-by-macro it gets stored in Config.pm and is used for most modules. $ perl -MConfig -e 'print $Config{ccflags},"\n"' -Wno-compound-token-split-by-macro -fno-strict-aliasing -fno-delete-null-pointer-checks -pipe -fstack-protector-strong -I/usr/local/include ok? bluhm Index: gnu/usr.bin/perl/Makefile.bsd-wrapper === RCS file: /data/mirror/openbsd/cvs/src/gnu/usr.bin/perl/Makefile.bsd-wrapper,v retrieving revision 1.111 diff -u -p -r1.111 Makefile.bsd-wrapper --- gnu/usr.bin/perl/Makefile.bsd-wrapper 1 Jul 2020 00:08:06 - 1.111 +++ gnu/usr.bin/perl/Makefile.bsd-wrapper 21 Jan 2022 12:39:15 - @@ -3,10 +3,16 @@ # Build wrapper for Perl # +.include + CONFIGURE_ARGS=-dse -Dopenbsd_distribution=defined .if !exists(${.OBJDIR}/config.over) CONFIGURE_ARGS+= -Dmksymlinks +.endif + +.if ${COMPILER_VERSION:L} == "clang" +CONFIGURE_ARGS+= -Dccflags=-Wno-compound-token-split-by-macro .endif .MAIN: all
Re: application.c be more paranoid for misbehaving backends
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2022.01.20 22:53:06 +0100: > There's a missing NULL check in appl_response(). This should only happenwhen > a backend is misbehaving, so I only managed to find this because > I'm actively bashing it right now. This should make us a little more > future-proof. Code further down the path already has similar NULL checks > against this variable. > > OK? ok > > martijn@ > > Index: application.c > === > RCS file: /cvs/src/usr.sbin/snmpd/application.c,v > retrieving revision 1.1 > diff -u -p -r1.1 application.c > --- application.c 19 Jan 2022 10:59:35 - 1.1 > +++ application.c 20 Jan 2022 21:52:41 - > @@ -1056,7 +1056,8 @@ appl_response(struct appl_backend *backe > appl_varbind_error(origvb, error); > origvb->avi_state = APPL_VBSTATE_DONE; > origvb->avi_varbind.av_oid = vb->av_oid; > - if (vb->av_value->be_class == BER_CLASS_CONTEXT && > + if (vb->av_value != NULL && > + vb->av_value->be_class == BER_CLASS_CONTEXT && > vb->av_value->be_type == APPL_EXC_ENDOFMIBVIEW) { > nregion = appl_region_next(ureq->aru_ctx, > &(vb->av_oid), origvb->avi_region); >
Re: 'pseudo-device dt' on macppc
On Tue, Jan 18, 2022 at 07:59:20AM +0300, Andrew Krasavin wrote: > Hello! > > Is there a reason not to enable dt(4) on macppc by default? I have > built a kernel with dt enabled for test purposes and it seems to work > correctly - commands like 'btrace /usr/share/btrace/kprofile.bt' > work and I get stacks. > > Maybe I'm missing something and there are known problems? But if > not - maybe dt(4) should be enabled by default on macppc? > > The diff I used is obvious, but anyway: > > --- sys/arch/macppc/conf/GENERIC.orig > +++ sys/arch/macppc/conf/GENERIC > @@ -406,4 +406,6 @@ owtemp* at onewire? # Temperature > owctr* at onewire? # Counter device > pseudo-device hotplug 1 # devices hot plugging > +pseudo-device dt > + > pseudo-device wsmux 2 # mouse & keyboard multiplexor > > In any case - thanks. This gets us useful flamegraphs on macppc. Feedback? Objections? OK? Index: sys/arch/macppc/conf/GENERIC === RCS file: /cvs/src/sys/arch/macppc/conf/GENERIC,v retrieving revision 1.275 diff -u -p -r1.275 GENERIC --- sys/arch/macppc/conf/GENERIC21 Oct 2021 18:36:42 - 1.275 +++ sys/arch/macppc/conf/GENERIC21 Jan 2022 11:36:54 - @@ -406,4 +406,5 @@ owtemp* at onewire? # Temperature owctr* at onewire? # Counter device pseudo-device hotplug 1 # devices hot plugging +pseudo-device dt pseudo-device wsmux 2 # mouse & keyboard multiplexor