Re: azalia: use HDMI as second fallback

[Peter Hessler]

Yes please!


On 2023 Oct 29 (Sun) at 14:55:09 +0100 (+0100), Christopher Zimmermann wrote:
:Hi,
:
:for me azalia HDMI audio playback works fine. According to [1] it had or
:still has problems. For machines where the default audio should not be
:(possibly broken) rsnd/0, but rsnd/1 this can be configured in sndiod or
:AUDIODEVICE.
:
:This diff would attach azalia even when there are only HDMI codecs available.
:
:
:Christopher
:
:[1] 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/azalia.c?rev=1.155=text/x-cvsweb-markup
:
:
:
:Index: azalia.c
:===
:RCS file: /cvs/src/sys/dev/pci/azalia.c,v
:retrieving revision 1.284
:diff -u -p -r1.284 azalia.c
:--- azalia.c   30 Jul 2023 08:46:03 -  1.284
:+++ azalia.c   29 Oct 2023 13:39:04 -
:@@ -950,28 +950,19 @@ azalia_init_codecs(azalia_t *az)
:   return(1);
:   }
:-  /* Use the first codec capable of analog I/O.  If there are none,
:-   * use the first codec capable of digital I/O.  Skip HDMI codecs.
:-   */
:+  /* Prefer analog over digital codecs over HDMI codecs. */
:   c = -1;
:   for (i = 0; i < az->ncodecs; i++) {
:-  codec = >codecs[i];
:-  if ((codec->audiofunc < 0) ||
:-  (codec->codec_type == AZ_CODEC_TYPE_HDMI))
:-  continue;
:-  if (codec->codec_type == AZ_CODEC_TYPE_DIGITAL) {
:-  if (c < 0)
:-  c = i;
:-  } else {
:+  if (az->codecs[i].audiofunc >= 0 &&
:+  (c = -1 ||
:+  az->codecs[i].codec_type < az->codecs[c].codec_type))
:   c = i;
:-  break;
:-  }
:   }
:-  az->codecno = c;
:-  if (az->codecno < 0) {
:+  if (c == -1) {
:   printf("%s: no supported codecs\n", XNAME(az));
:   return(1);
:   }
:+  az->codecno = c;
:   printf("%s: codecs: ", XNAME(az));
:   for (i = 0; i < az->ncodecs; i++) {
:

Re: Replace selwakeup() with knote(9) in wscons(4) and make filterops mpsafe

[Peter Hessler]

On 2023 Jul 11 (Tue) at 16:40:32 +0300 (+0300), Vitaliy Makkoveev wrote:
:Use per 'wseventvar' structure `mtx' mutex(9) to protect `put' and `get'
:circular buffer indexes together with klist data. Not a big deal, but
:Xorg will not kernel lock while polling keyboard and mouse events. Also
:removed obsolete selinfo. 
:
:Feedback, objections, oks?
:

Brief testing on amd64 laptop, with some games and some network and
compiles happening.  Seems fine so far.


:Not related to this diff, but since 'wseventvar' members are not private
:to wscons/wsevent.c, does it make sense to add ws_ or wse_ prefix to
:them?
:
:Index: sys/dev/wscons/wsevent.c
:===
:RCS file: /cvs/src/sys/dev/wscons/wsevent.c,v
:retrieving revision 1.27
:diff -u -p -r1.27 wsevent.c
:--- sys/dev/wscons/wsevent.c   6 Jul 2023 10:16:58 -   1.27
:+++ sys/dev/wscons/wsevent.c   11 Jul 2023 13:36:26 -
:@@ -85,12 +85,16 @@
: 
: void  filt_wseventdetach(struct knote *);
: int   filt_wseventread(struct knote *, long);
:+int   filt_wseventmodify(struct kevent *, struct knote *);
:+int   filt_wseventprocess(struct knote *, struct kevent *);
: 
: const struct filterops wsevent_filtops = {
:-  .f_flags= FILTEROP_ISFD,
:+  .f_flags= FILTEROP_ISFD | FILTEROP_MPSAFE,
:   .f_attach   = NULL,
:   .f_detach   = filt_wseventdetach,
:   .f_event= filt_wseventread,
:+  .f_modify   = filt_wseventmodify,
:+  .f_process  = filt_wseventprocess,
: };
: 
: /*
:@@ -114,6 +118,8 @@ wsevent_init(struct wseventvar *ev)
:   ev->q = queue;
:   ev->get = ev->put = 0;
: 
:+  mtx_init_flags(>mtx, IPL_MPFLOOR, "wsevmtx", 0);
:+  klist_init_mutex(>klist, >mtx);
:   sigio_init(>sigio);
: 
:   return (0);
:@@ -134,7 +140,7 @@ wsevent_fini(struct wseventvar *ev)
:   free(ev->q, M_DEVBUF, WSEVENT_QSIZE * sizeof(struct wscons_event));
:   ev->q = NULL;
: 
:-  klist_invalidate(>sel.si_note);
:+  klist_invalidate(>klist);
: 
:   sigio_free(>sigio);
: }
:@@ -146,8 +152,8 @@ wsevent_fini(struct wseventvar *ev)
: int
: wsevent_read(struct wseventvar *ev, struct uio *uio, int flags)
: {
:-  int s, error;
:-  u_int cnt;
:+  int error, notwrap = 0;
:+  u_int cnt, tcnt, get;
:   size_t n;
: 
:   /*
:@@ -155,17 +161,19 @@ wsevent_read(struct wseventvar *ev, stru
:*/
:   if (uio->uio_resid < sizeof(struct wscons_event))
:   return (EMSGSIZE);  /* ??? */
:-  s = splwsevent();
:+
:+  mtx_enter(>mtx);
:+
:   while (ev->get == ev->put) {
:   if (flags & IO_NDELAY) {
:-  splx(s);
:+  mtx_leave(>mtx);
:   return (EWOULDBLOCK);
:   }
:   ev->wanted = 1;
:-  error = tsleep_nsec(ev, PWSEVENT | PCATCH,
:+  error = msleep_nsec(ev, >mtx, PWSEVENT | PCATCH,
:   "wsevent_read", INFSLP);
:   if (error) {
:-  splx(s);
:+  mtx_leave(>mtx);
:   return (error);
:   }
:   }
:@@ -177,37 +185,43 @@ wsevent_read(struct wseventvar *ev, stru
:   cnt = WSEVENT_QSIZE - ev->get;  /* events in [get..QSIZE) */
:   else
:   cnt = ev->put - ev->get;/* events in [get..put) */
:-  splx(s);
:+
:   n = howmany(uio->uio_resid, sizeof(struct wscons_event));
:   if (cnt > n)
:   cnt = n;
:-  error = uiomove((caddr_t)>q[ev->get],
:-  cnt * sizeof(struct wscons_event), uio);
:+
:+  get = ev->get;
:+  tcnt = ev->put;
:   n -= cnt;
:+
:+  if ((ev->get = (ev->get + cnt) % WSEVENT_QSIZE) != 0 || n == 0 ||
:+  tcnt == 0) {
:+  notwrap = 1;
:+  } else {
:+  if (tcnt > n)
:+  tcnt = n;
:+  ev->get = tcnt;
:+  }
:+
:+  mtx_leave(>mtx);
:+
:+  error = uiomove((caddr_t)>q[get],
:+  cnt * sizeof(struct wscons_event), uio);
:   /*
:* If we do not wrap to 0, used up all our space, or had an error,
:* stop.  Otherwise move from front of queue to put index, if there
:* is anything there to move.
:*/
:-  if ((ev->get = (ev->get + cnt) % WSEVENT_QSIZE) != 0 ||
:-  n == 0 || error || (cnt = ev->put) == 0)
:+  if (notwrap || error)
:   return (error);
:-  if (cnt > n)
:-  cnt = n;
:   error = uiomove((caddr_t)>q[0],
:-  cnt * sizeof(struct wscons_event), uio);
:-  ev->get = cnt;
:+  tcnt * sizeof(struct wscons_event), uio);
:   return (error);
: }
: 
: int
: wsevent_kqfilter(struct wseventvar *ev, struct knote *kn)
: {
:-  struct klist *klist;
:-  int s;
:-
:-  klist = >sel.si_note;
:-
:   switch (kn->kn_filter) {
:   case EVFILT_READ:
:   kn->kn_fop = _filtops;
:@@ -217,10 

Re: vmd/vmm: remove an ioctl from the vcpu hotpath, go brrr

[Peter Hessler]

I just upgraded to -current and didn't have this patch in for a little
bit, and woof that was super noticable.  Still works for my big VM host.

OK


On 2023 Sep 01 (Fri) at 15:50:31 -0400 (-0400), Dave Voutila wrote:
:Now that my i8259 fix is in, it's safe to expand the testing pool for
:this diff. (Without that fix, users would definitely hit the hung block
:device issue testing this one.) Hoping that folks that run non-OpenBSD
:guests or strange configurations can give it a spin.
:
:This change removes an ioctl(2) call from the vcpu thread hot path in
:vmd. Instead of making that syscall to toggle on/off a pending interrupt
:flag on the vcpu object in vmm(4), it adds a flag into the vm_run_params
:struct sent with the VMM_IOC_RUN ioctl. The in-kernel vcpu runloop can
:now toggle the pending interrupt state prior to vm entry.
:
:mbuhl@ and phessler@ have run this diff on their machines. Current
:observations are reduced average network latency for guests.
:
:My terse measurements using the following btrace script show some
:promising changes in terms of reducing ioctl syscalls:
:
:  /* VMM_IOC_INTR: 0x800c5606 -> 2148292102 */
:  syscall:ioctl:entry
:  /arg1 == 2148292102/
:  {
:@total[tid] = count();
:@running[tid] = count();
:  }
:  interval:hz:1
:  {
:print(@running);
:clear(@running);
:  }
:
:Measuring from boot of an OpenBSD guest to after the guest finishes
:relinking (based on my manual observation of the libevent thread
:settling down in syscall rate), I see a huge reduction in VMM_IOC_INTR
:ioctls for a single guest:
:
:## -current
:@total[433237]: 1325100  # vcpu thread (!!)
:@total[187073]: 80239# libevent thread
:
:## with diff
:@total[550347]: 42   # vcpu thread (!!)
:@total[256550]: 86946# libevent thread
:
:Most of the VMM_IOC_INTR ioctls on the vcpu threads come from seabios
:and the bootloader prodding some of the emulated hardware, but even
:after the bootloader you'll see ~10-20k/s of ioctl's on -current
:vs. ~4-5k/s with the diff.
:
:At steady-state, the vcpu thread no longer makes the VMM_IOC_INTR calls
:at all and you should see the libevent thread calling it at a rate ~100/s
:(probably hardclock?). *Without* the diff, I see a steady 650/s rate on
:the vcpu thread at idle. *With* the diff, it's 0/s at idle. :)
:
:To test:
:- rebuild & install new kernel
:- copy/symlink vmmvar.h into /usr/include/machine/
:- rebuild & re-install vmd & vmctl
:- reboot
:
:-dv
:
:
:diffstat refs/heads/master refs/heads/vmm-vrp_intr_pending
: M  sys/arch/amd64/amd64/vmm_machdep.c  |  10+   0-
: M  sys/arch/amd64/include/vmmvar.h |   1+   0-
: M  usr.sbin/vmd/vm.c   |   2+  16-
:
:3 files changed, 13 insertions(+), 16 deletions(-)
:
:diff refs/heads/master refs/heads/vmm-vrp_intr_pending
:commit - 8afcf90fb39e4a84606e93137c2b6c20f44312cb
:commit + 10eeb8a0414ec927b6282473c50043a7027d6b41
:blob - 24a376a8f3bc94bc4a4203fe66c5994594adff46
:blob + e3b6d10a0ae78b12ec2f3296f708b42540ce798e
:--- sys/arch/amd64/amd64/vmm_machdep.c
:+++ sys/arch/amd64/amd64/vmm_machdep.c
:@@ -3973,6 +3973,11 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *
:*/
:   irq = vrp->vrp_irq;
:
:+  if (vrp->vrp_intr_pending)
:+  vcpu->vc_intr = 1;
:+  else
:+  vcpu->vc_intr = 0;
:+
:   if (vrp->vrp_continue) {
:   switch (vcpu->vc_gueststate.vg_exit_reason) {
:   case VMX_EXIT_IO:
:@@ -6381,6 +6386,11 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *
:
:   irq = vrp->vrp_irq;
:
:+  if (vrp->vrp_intr_pending)
:+  vcpu->vc_intr = 1;
:+  else
:+  vcpu->vc_intr = 0;
:+
:   /*
:* If we are returning from userspace (vmd) because we exited
:* last time, fix up any needed vcpu state first. Which state
:blob - e9f8384cccfde33034d7ac9782610f93eb5dc640
:blob + 88545b54b35dd60280ba87403e343db9463d7419
:--- sys/arch/amd64/include/vmmvar.h
:+++ sys/arch/amd64/include/vmmvar.h
:@@ -456,6 +456,7 @@ struct vm_run_params {
:   uint32_tvrp_vcpu_id;
:   uint8_t vrp_continue;   /* Continuing from an exit */
:   uint16_tvrp_irq;/* IRQ to inject */
:+  uint8_t vrp_intr_pending;   /* Additional intrs pending? */
:
:   /* Input/output parameter to VMM_IOC_RUN */
:   struct vm_exit  *vrp_exit;  /* updated exit data */
:blob - 5f598bcc14af5115372d34a4176254d377aad91c
:blob + 447fc219adadf945de2bf25d5335993c2abdc26f
:--- usr.sbin/vmd/vm.c
:+++ usr.sbin/vmd/vm.c
:@@ -1610,22 +1610,8 @@ vcpu_run_loop(void *arg)
:   } else
:   vrp->vrp_irq = 0x;
:
:-  /* Still more pending? */
:-  if (i8259_is_pending()) {
:-  /*
:-   * XXX can probably avoid ioctls here by providing intr
:-   * in vrp
:-   */
:-  if 

Re: request_sleep: new machine independent sleep api

[Peter Hessler]

On 2023 Jul 08 (Sat) at 13:09:00 +0300 (+0300), Tobias Heider wrote:
:
:
:On July 8, 2023 11:36:21 AM GMT+03:00, Mark Kettenis  
wrote:
:>> Date: Sat, 8 Jul 2023 10:10:51 +0200
:>> From: Tobias Heider 
:>> 
:>> This diff adds request_sleep(), a MI way of sending the machine to sleep in 
a
:>> safe thread. Support is limited to amd64, i386 and arm64 at the moment, 
macppc
:>> is currently an empty stub since it doesn't implement a sleep task (yet).
:>> 
:>> Once this works, my next plan is adding a Ks_Cmd_Sleep keybinding that is 
handled
:>> in wskbd to get the suspend button working on my m2.
:>> 
:>> I also tested this on a bunch of different archs and kernel configs.
:>> 
:>> ok?
:>
:>Should the macppc version return EOPNOTSUPP?
:
:Sure, sounds a bit more descriptive.
:

OK

:>
:>> diff 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6 
a896f4652f8b00e4f2bbd64d751c85560c264222
:>> commit - 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6
:>> commit + a896f4652f8b00e4f2bbd64d751c85560c264222
:>> blob - 63d45d3697e4093cf5751308851d470bf5dc62bb
:>> blob + 721d18a4ae212c80f44313a3cd27f4191146c3d6
:>> --- sys/arch/arm64/dev/aplsmc.c
:>> +++ sys/arch/arm64/dev/aplsmc.c
:>> @@ -366,7 +366,6 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
:>> extern int allowpowerdown;
:>>  #ifdef SUSPEND
:>> extern int cpu_suspended;
:>> -   extern void suspend(void);
:>>  
:>> if (cpu_suspended) {
:>> switch (SMC_EV_TYPE(data)) {
:>> @@ -433,7 +432,7 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
:>> }
:>> case 1:
:>>  #ifdef SUSPEND
:>> -   suspend();
:>> +   request_sleep(SLEEP_SUSPEND);
:>>  #endif
:>> break;
:>> case 2:
:>> blob - 2ccc822991480c6b4f4dd44f263ac945a141a6bf
:>> blob + 4491ca380d08182244a8157874fc51bcc9665f26
:>> --- sys/arch/arm64/dev/apm.c
:>> +++ sys/arch/arm64/dev/apm.c
:>> @@ -57,11 +57,14 @@ struct taskq *suspend_taskq;
:>>  #endif
:>>  
:>>  #ifdef SUSPEND
:>> -struct taskq *suspend_taskq;
:>> +struct taskq *sleep_taskq;
:>>  struct task suspend_task;
:>>  void   do_suspend(void *);
:>> -void   suspend(void);
:>> +#ifdef HIBERNATE
:>> +struct task hibernate_task;
:>> +void   do_hibernate(void *);
:>>  #endif
:>> +#endif
:>>  
:>>  struct apm_softc {
:>> struct device sc_dev;
:>> @@ -128,9 +131,12 @@ apmattach(struct device *parent, struct device *self, 
:>>  apmattach(struct device *parent, struct device *self, void *aux)
:>>  {
:>>  #ifdef SUSPEND
:>> -   suspend_taskq = taskq_create("suspend", 1, IPL_NONE, 0);
:>> +   sleep_taskq = taskq_create("sleep", 1, IPL_NONE, 0);
:>> task_set(_task, do_suspend, NULL);
:>> +#ifdef HIBERNATE
:>> +   task_set(_task, do_hibernate, NULL);
:>>  #endif
:>> +#endif
:>>  
:>> acpiapm_open = apmopen;
:>> acpiapm_close = apmclose;
:>> @@ -224,7 +230,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
:>> error = EBADF;
:>> break;
:>> }
:>> -   suspend();
:>> +   error = request_sleep(SLEEP_SUSPEND);
:>> break;
:>>  #ifdef HIBERNATE
:>> case APM_IOC_HIBERNATE:
:>> @@ -234,11 +240,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
:>> error = EBADF;
:>> break;
:>> }
:>> -   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL) {
:>> -   error = EOPNOTSUPP;
:>> -   break;
:>> -   }
:>> -   sleep_state(NULL, SLEEP_HIBERNATE);
:>> +   error = request_sleep(SLEEP_HIBERNATE);
:>> break;
:>>  #endif
:>>  #endif
:>> @@ -358,13 +360,36 @@ void
:>> sleep_state(v, SLEEP_SUSPEND);
:>>  }
:>>  
:>> +#ifdef HIBERNATE
:>>  void
:>> -suspend(void)
:>> +do_hibernate(void *v)
:>>  {
:>> -   if (suspend_taskq)
:>> -   task_add(suspend_taskq, _task);
:>> +   sleep_state(v, SLEEP_HIBERNATE);
:>>  }
:>> +#endif
:>>  
:>> +int
:>> +request_sleep(int sleepmode)
:>> +{
:>> +   if (sleep_taskq == NULL)
:>> +   return EINVAL;
:>> +
:>> +   switch (sleepmode) {
:>> +   case SLEEP_SUSPEND:
:>> +   task_add(sleep_taskq, _task);
:>> +   break;
:>> +#ifdef HIBERNATE
:>> +   case SLEEP_HIBERNATE:
:>> +   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL)
:>> +   return EOPNOTSUPP;
:>> +   task_add(sleep_taskq, _task);
:>> +   break;
:>> +#endif
:>> +   }
:>> +
:>> +   return 0;
:>> +}
:>> +
:>>  #ifdef MULTIPROCESSOR
:>>  
:>>  void
:>> blob - 9082d868f963b80cf0f64453914146a980020883
:>> blob + 52166ca3bfcb826f8c47835024804e5d59061f96
:>> --- sys/arch/macppc/dev/apm.c
:>> +++ sys/arch/macppc/dev/apm.c
:>> @@ -337,6 +337,12 @@ apmkqfilter(dev_t dev, struct knote *kn)
:>>  
:>>  #ifdef SUSPEND
:>>  
:>> +int
:>> +request_sleep(int sleepmode)
:>> +{
:>> +   return 0;
:>> +}
:>> +
:>>  #ifdef MULTIPROCESSOR
:>>  
:>>  void
:>> blob - 

Re: ifconfig: SIOCSIFFLAGS: device not configured

[Peter Hessler]

On 2023 May 12 (Fri) at 16:21:10 +0200 (+0200), Jan Klemkow wrote:
:On Thu, May 11, 2023 at 09:17:37PM +0200, Hrvoje Popovski wrote:
:> ifconfig: SIOCSTRUNKPORT: Device busy
:> ifconfig: SIOCSTRUNKPORT: Device busy
:> 
:> to change
:> ifconfig ix0: SIOCSTRUNKPORT: Device busy
:> ifconfig ix1: SIOCSTRUNKPORT: Device busy
:
:I also run into this issue sometimes.  So, here is diff that prints the
:interface name in front of most of these anonym error messages.
:
:ok?
:
:Jan

OK


-- 
It is illegal to drive more than two thousand sheep down Hollywood
Boulevard at one time.

Re: cron: better error checking of random values

[Peter Hessler]

On 2023 May 05 (Fri) at 16:13:01 +1000 (+1000), Mark Jamsek wrote:
:On 23-05-04 05:40PM, Todd C. Miller wrote:
:> On Thu, 04 May 2023 21:41:26 -, Klemens Nanni wrote:
:> 
:> > On Thu, May 04, 2023 at 03:30:30PM -0600, Todd C. Miller wrote:
:> > > This fixes two issues with the parsing of random values:
:> > > 
:> > > 1) A random value with a step is now rejected.  For example:
:> > > 
:> > > ~/10* * * * echo invalid
:> >
:> > I've ben using ~/10 to randomly distribute four similar tasks so that
:> > they don't start at the same time.
:> >
:> > Is that wrong?
:> 
:> I'm fairly certain that doesn't do what you think it does.  When I
:> tested it "~/10" behaved the same as "~".  The step value is not
:> even parsed.
:

I really dislike "previously accepted (even if behaved differently)"
configs being rejected ...


:todd is correct in that the step value is not parsed with "~/10". We
:recently discovered this when setting up Got mirrors to sync every 15
:minutes. IIRC, Lucas (or op?) asked about syncing each mirror at
:a different 15 minute interval by using the same syntax kn is using.
:
:I found kn's attempted syntax intuitive though; it feels like a natural
:extension of the existing random and step syntax. I also assumed ~/15
:would run every 15 minutes starting with a random minute, and since
:discovering it didn't work like that, I've been carrying a simple patch
:that allows kn's syntax:
:
:  ~/15 random 15 minute intervals in [0, 59]
:  1~9/10   random 10 minute intervals in [1,59]
:

... but I really like this syntax and behaviour.

I haven't had a chance to review the code, but I think this would be a
better direction for us to go.

-peter


:8<
:diff refs/remotes/origin/master refs/heads/master
:commit - e253a7cc21de530da6fcf49c1279258fecade8f4
:commit + 761b09ae46431344766330cc14c958ffca5a3a0a
:blob - ab683b8476a8c862aabc53101b4080959820835a
:blob + 030ab599dcf07eb3e94efe90c118e4e9bea8f6c4
:--- usr.sbin/cron/entry.c
:+++ usr.sbin/cron/entry.c
:@@ -456,10 +456,11 @@ get_range(bitstr_t *bits, int low, int high, const cha
:   /* range = number | number* "~" number* | number "-" number ["/" number]
:*/
: 
:-  int i, num1, num2, num3;
:+  int i, num1, num2, num3, rndstep;
: 
:   num1 = low;
:   num2 = high;
:+  rndstep = 0;
: 
:   if (ch == '*') {
:   /* '*' means [low, high] but can still be modified by /step
:@@ -497,7 +498,7 @@ get_range(bitstr_t *bits, int low, int high, const cha
: 
:   /* get the (optional) number following the tilde
:*/
:-  ch = get_number(, low, names, ch, file, ", \t\n");
:+  ch = get_number(, low, names, ch, file, "/, \t\n");
:   if (ch == EOF)
:   ch = get_char(file);
:   if (ch == EOF || num1 > num2) {
:@@ -509,6 +510,10 @@ get_range(bitstr_t *bits, int low, int high, const cha
:*/
:   num3 = num1;
:   num1 = arc4random_uniform(num2 - num3 + 1) + num3;
:+  if (ch == '/') {
:+  rndstep = 1;
:+  break;
:+  }
:   /* FALLTHROUGH */
:   default:
:   /* not a range, it's a single number.
:@@ -538,6 +543,10 @@ get_range(bitstr_t *bits, int low, int high, const cha
:   ch = get_number(, 0, NULL, ch, file, ", \t\n");
:   if (ch == EOF || num3 == 0)
:   return (EOF);
:+  if (rndstep) {
:+  num1 %= num3;
:+  num2 = high;
:+  }
:   } else {
:   /* no step.  default==1.
:*/
:>8
:
:> It sounds like what you want is the proposed syntax "*/~10"
:> to use a random offset.
:
:But this would be nice too! Anything that enables regular intervals from
:a random offset would satisfy a common enough use case.
:
:-- 
:Mark Jamsek 
:GPG: F2FF 13DE 6A06 C471 CA80  E6E2 2930 DC66 86EE CF68

-- 
Time flies like an arrow, but fruit flies like a banana.

Re: Fix level-triggered ACPI GPIO interrupts on amd64

[Peter Hessler]

This was committed on Oct 20, and was shipped in OpenBSD 7.2.


On 2023 Jan 05 (Thu) at 14:15:26 +0100 (+0100), Matthias Schmidt wrote:
:Hi,
:
:did anyone else on the list had the chance to test this patch?  It
:really improved the touchpad hangs here.
:
:Cheers
:
:   Matthias
:
:* Mark Kettenis wrote:
:> > Date: Thu, 13 Oct 2022 00:17:37 +0200
:> > From: Mark Kettenis 
:> > 
:> > > Date: Mon, 10 Oct 2022 17:02:41 +0200
:> > > From: Matthias Schmidt 
:> > > 
:> > > * Matthias Schmidt wrote:
:> > > > Hi Mark,
:> > > > 
:> > > > Addendum after 24h of testing.  Your patch fixes the frequent touchpad
:> > > > freezes I see on this model and which I reported back then in
:> > > > https://marc.info/?l=openbsd-bugs=165328803822857=2
:> > > 
:> > > Any chance that this patch gets committed or wider testing in snaps?
:> > > It really improved the touchpad situation here.
:> > 
:> > Right, I should probably just commit the diff instead of waiting for
:> > more tests.
:> > 
:> > ok?
:> 
:> For reference, here is the diff again.
:> 
:> 
:> Index: dev/acpi/amdgpio.c
:> ===
:> RCS file: /cvs/src/sys/dev/acpi/amdgpio.c,v
:> retrieving revision 1.9
:> diff -u -p -r1.9 amdgpio.c
:> --- dev/acpi/amdgpio.c   27 Jun 2022 08:00:31 -  1.9
:> +++ dev/acpi/amdgpio.c   3 Oct 2022 19:10:03 -
:> @@ -92,6 +92,8 @@ const char *amdgpio_hids[] = {
:>  int amdgpio_read_pin(void *, int);
:>  voidamdgpio_write_pin(void *, int, int);
:>  voidamdgpio_intr_establish(void *, int, int, int (*)(void *), void 
*);
:> +voidamdgpio_intr_enable(void *, int);
:> +voidamdgpio_intr_disable(void *, int);
:>  int amdgpio_pin_intr(struct amdgpio_softc *, int);
:>  int amdgpio_intr(void *);
:>  voidamdgpio_save_pin(struct amdgpio_softc *, int pin);
:> @@ -163,6 +165,8 @@ amdgpio_attach(struct device *parent, st
:>  sc->sc_gpio.read_pin = amdgpio_read_pin;
:>  sc->sc_gpio.write_pin = amdgpio_write_pin;
:>  sc->sc_gpio.intr_establish = amdgpio_intr_establish;
:> +sc->sc_gpio.intr_enable = amdgpio_intr_enable;
:> +sc->sc_gpio.intr_disable = amdgpio_intr_disable;
:>  sc->sc_node->gpio = >sc_gpio;
:>  
:>  printf(", %d pins\n", sc->sc_npins);
:> @@ -275,6 +279,32 @@ amdgpio_intr_establish(void *cookie, int
:>  if ((flags & LR_GPIO_POLARITY) == LR_GPIO_ACTBOTH)
:>  reg |= AMDGPIO_CONF_ACTBOTH;
:>  reg |= (AMDGPIO_CONF_INT_MASK | AMDGPIO_CONF_INT_EN);
:> +bus_space_write_4(sc->sc_memt, sc->sc_memh, pin * 4, reg);
:> +}
:> +
:> +void
:> +amdgpio_intr_enable(void *cookie, int pin)
:> +{
:> +struct amdgpio_softc *sc = cookie;
:> +uint32_t reg;
:> +
:> +KASSERT(pin >= 0 && pin != 63 && pin < sc->sc_npins);
:> +
:> +reg = bus_space_read_4(sc->sc_memt, sc->sc_memh, pin * 4);
:> +reg |= (AMDGPIO_CONF_INT_MASK | AMDGPIO_CONF_INT_EN);
:> +bus_space_write_4(sc->sc_memt, sc->sc_memh, pin * 4, reg);
:> +}
:> +
:> +void
:> +amdgpio_intr_disable(void *cookie, int pin)
:> +{
:> +struct amdgpio_softc *sc = cookie;
:> +uint32_t reg;
:> +
:> +KASSERT(pin >= 0 && pin != 63 && pin < sc->sc_npins);
:> +
:> +reg = bus_space_read_4(sc->sc_memt, sc->sc_memh, pin * 4);
:> +reg &= ~(AMDGPIO_CONF_INT_MASK | AMDGPIO_CONF_INT_EN);
:>  bus_space_write_4(sc->sc_memt, sc->sc_memh, pin * 4, reg);
:>  }
:>  
:> Index: dev/acpi/aplgpio.c
:> ===
:> RCS file: /cvs/src/sys/dev/acpi/aplgpio.c,v
:> retrieving revision 1.5
:> diff -u -p -r1.5 aplgpio.c
:> --- dev/acpi/aplgpio.c   6 Apr 2022 18:59:27 -   1.5
:> +++ dev/acpi/aplgpio.c   3 Oct 2022 19:10:03 -
:> @@ -76,6 +76,8 @@ const char *aplgpio_hids[] = {
:>  int aplgpio_read_pin(void *, int);
:>  voidaplgpio_write_pin(void *, int, int);
:>  voidaplgpio_intr_establish(void *, int, int, int (*)(void *), void 
*);
:> +voidaplgpio_intr_enable(void *, int);
:> +voidaplgpio_intr_disable(void *, int);
:>  int aplgpio_intr(void *);
:>  
:>  int
:> @@ -150,6 +152,8 @@ aplgpio_attach(struct device *parent, st
:>  sc->sc_gpio.read_pin = aplgpio_read_pin;
:>  sc->sc_gpio.write_pin = aplgpio_write_pin;
:>  sc->sc_gpio.intr_establish = aplgpio_intr_establish;
:> +sc->sc_gpio.intr_enable = aplgpio_intr_enable;
:> +sc->sc_gpio.intr_disable = aplgpio_intr_disable;
:>  sc->sc_node->gpio = >sc_gpio;
:>  
:>  /* Mask and clear all interrupts. */
:> @@ -227,6 +231,36 @@ aplgpio_intr_establish(void *cookie, int
:>  reg = bus_space_read_4(sc->sc_memt, sc->sc_memh,
:>  APLGPIO_IRQ_EN + (pin / 32) * 4);
:>  reg |= (1 << (pin % 32));
:> +bus_space_write_4(sc->sc_memt, sc->sc_memh,
:> +APLGPIO_IRQ_EN + (pin / 32) * 4, reg);
:> +}
:> +
:> +void
:> +aplgpio_intr_enable(void *cookie, int pin)
:> +{
:> +struct aplgpio_softc *sc = cookie;
:> +uint32_t reg;
:> +
:> +KASSERT(pin 

Re: [patch] CPU frequency scheduler change proposal

[Peter Hessler]

On 2022 Mar 20 (Sun) at 18:13:20 + (+), Stuart Henderson wrote:
:On 2022/03/20 18:13, Solene Rapenne wrote:
:> I'm proposing a very simple change to the automatic policy of the CPU
:> frequency scheduler.
:> 
:> Currently, every 100ms the scheduler is doing this:
:> 
:> - when the CPU load exceeds the threshold, CPU frequency is set to the
:>   maximum and the variable downbeats is set to 5.
:> - when the CPU load is below the threshold, downbeats is decremented, if
:>   it's == 0 then the CPU load is reduced to 0
:> 
:> my proposal is to change the downbeat to be adaptive to the load, instead
:> of setting it to 5 all the time, I propose to increment it with a limit
:> of 5. Instead of having the frequency set at max for 500ms (5 cycles)
:> every time the CPU usage is above the treshold, we will keep the
:> frequency high for a number of cycles depending how long it was high
:> (up to 5). So, in case of short CPU usage burst like opening a new MP3
:> file for decoding or a click on a GUI, we have a frequency burst of
:> 100ms instead of 500ms.
:> 
:> I've been using it for a few days, I noticed a huge battery life
: ^
:> improvement with no responsiveness change.
:  ^^^
:
:This (and the couple of complaints from people who have now seen the fan
:stay on when plugged in, when it didn't previously) suggests that mwait
:is not everything and it _would_ still make sense to still have a way to
:set automatic frequency rather than just force-high for plugged-in use
:too...
:

In some unscientific tests, my laptop cpu cools down by 20c simply
between plugged in and on battery.

imho, it's time to ressurect Cool Mode.

:> 
:> Index: sched_bsd.c
:> ===
:> RCS file: /home/reposync/src/sys/kern/sched_bsd.c,v
:> retrieving revision 1.70
:> diff -u -r1.70 sched_bsd.c
:> --- sched_bsd.c  30 Oct 2021 23:24:48 -  1.70
:> +++ sched_bsd.c  20 Mar 2022 16:30:22 -
:> @@ -579,8 +579,8 @@
:>  }
:>  if (allidle < alltotal / 2)
:>  speedup = 1;
:> -if (speedup)
:> -downbeats = 5;
:> +if (speedup && downbeats < 5)
:> +downbeats++;
:>  
:>  if (speedup && perflevel != 100) {
:>  faster:
:> 
:

-- 
It's illegal in Wilbur, Washington, to ride an ugly horse.

Re: initial iwx(4) 11ac patch for testing

[Peter Hessler]

On 2022 Mar 10 (Thu) at 12:35:20 +0100 (+0100), Stefan Sperling wrote:
:On Thu, Mar 10, 2022 at 12:25:17PM +0100, Stefan Sperling wrote:
:> Unless anyone else finds a problem, this patch can be considered ready
:> for review and commit.
:
:Of course, I forgot to apply my sysassert fix to the second phy context
:command function...  Fixed here.
:

This bumped my speeds up to 150Mbps when running a speedtest.

I also tried some latency sensitive apps, and no regression was noticed.

  iwx0 at pci3 dev 0 function 0 "Intel Wi-Fi 6 AX200" rev 0x1a, msix
  iwx0: hw rev 0x340, fw ver 67.8f59b80b.0, address c0:3c:59:03:ae:53

  chan 64
  media: IEEE802.11 autoselect (VHT-MCS9 mode 11ac)

Over an Asus Wireless Router AC-RT58U.

Running fine for 2 hours so far.

-- 
Security check: INTRUDER ALERT!

Re: vport: set UP on ip assign

[Peter Hessler]

On 2021 Nov 15 (Mon) at 13:58:08 +0100 (+0100), Claudio Jeker wrote:
:On Mon, Nov 15, 2021 at 12:23:02PM +, Klemens Nanni wrote:
...
:Sure people got used to this mode. I agree with dlg@ that the way that
:this auto interface up happens is rather horrible from a network stack
:view. Also it makes it impossible to configure an interface all the way
:before bringing it up. This may be important for interfaces with more
:complex configuration.
:
:The current behaviour is great for casual users (that does not really
:care about network) but is annoying for network admins.
: 

This behaviour caused no ends of problems for me when I was
administering carp interfaces with several / many IPs assigned to them.
Extremely painful to add multiple addresses to the carp cluster.


:> > I've suggested previously that netstart should handle bringing an
:> > interface up. look for "netstart: implicit up and explicit down for
:> > hostname.if conf files" on tech@. I didn't hanve the energy to push
:> > it forward though.
:> 
:> I'll do the digging and try to catch up, thanks.
:
:Another option is to adjust ifconfig but then again one would like to do
:the up last after running multiple ifconfig calls. ifconfig has its own
:madness when it comes to execute multiple commands in one go.
: 

That will address several situations, but I don't know if it covers
all / enough of them.


:> > dhcpd should cope with an interface being down too. It should be about
:> > whetherthe addresses are right more than if the interface is up or not.
:
:I expect an interface that is down to remain down until I bring it up
:again. Same goes the other way. ifconfig up/down should only be used to
:implement admin shutdown. We fixed a few interfaces in the past that
:played with IFF_UP in the driver.
:

100% yes

:-- 
::wq Claudio
:

-- 
The plot was designed in a light vein that somehow became varicose.
-- David Lardner

audio devices for armv7

[Peter Hessler]

After the recent uaudio dma fixes, I tried out audio playing on my armv7
system.  Tested on the built-in audio port on hw.product=Tinker-RK3288,
sounds fine.

OK?

(N.B. 'twrget' is not a typo, even if it looks like one)


Index: etc/etc.armv7/MAKEDEV.md
===
RCS file: /cvs/src/etc/etc.armv7/MAKEDEV.md,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 MAKEDEV.md
--- etc/etc.armv7/MAKEDEV.md23 Jan 2021 05:08:33 -  1.19
+++ etc/etc.armv7/MAKEDEV.md24 May 2021 20:29:34 -
@@ -105,6 +105,7 @@ _std(1, 2, 8, 6)
 dnl
 dnl *** armv7 specific targets
 dnl
+twrget(all, au, audio, 0, 1, 2)dnl
 target(all, ch, 0)dnl
 target(all, vscsi, 0)dnl
 target(all, diskmap)dnl



-- 
"Amnesia used to be my favorite word, but then I forgot it."

Re: iwm(4) A-MSDU support

[Peter Hessler]

On 2021 Mar 30 (Tue) at 20:22:09 +0200 (+0200), Stefan Sperling wrote:
:On Tue, Mar 30, 2021 at 07:36:28PM +0200, Peter Hessler wrote:
:> Been running this for about 24 hours on my x395, seems to be good.
:> 
:> Had only one stuck wifi when first trying it, but I was also stuck on a
:> 2.4GHz channel and live in a dense apartment building.  Forcing it to
:> move to a 5GHz channel fixed it all up, and no problems since then.
:
:Understanding situations where it doesn't work is actually quite important.
:Is it repeatable? And how big is the impact?
:If you can fly somewhat in Minecraft on 2 GHz, and if it consistently
:recovers after stuttering, I'd consider that success.
:

I can fly around pretty well in Minecraft while in 2 GHz, taking off is
easy to do.

However, when I go to a part of my apartment with dodgy wifi
connectivity, I notice that my signal strength goes down to 23%, and I
can't connect any more.  I stay at HT-MCS15, even while it is flipping
around trying to connect.  if I try to ping the gateway I get the
dreaded "ping: sendmsg: No buffer space available" error, until I
down/up the interface.  That does occasionally happen without this diff,
so that is not a regression.

No noticable packet loss in my testing, even on 2GHz during the busiest
time of the day.


:This is a huge change for the device you are using; all the Rx BA logic
:is now handled by completely new code in the driver, with a bypass of the
:corresponding logic in net80211. We now let the firmware move the BA
:window forward and try to follow along, instead of maintaining our own
:(duplicated) state of the Rx BA session. net80211 is only involved in
:BA setup/teardown handshakes with the AP.
:
:In good conditions, I see virtually no packet loss.
:I've tried testing error recovery by moving far out and back to the AP.
:This seems to be OK. However, as with our net80211 Rx BA code we risk stuck
:connections if the Rx BA window doesn't resync properly after packet loss.
:
:The logic implemented here is from Intel, with very few changes (such as
:fixed timeout periods), so if the firmware and this new driver code work
:reliably on Linux, it should also work fine for us. But I cannot be sure
:that this code is free of bugs causing stuck connections. Like our net80211
:Rx BA code, this code will have to prove itself over time...
:

-- 
Misfortune, n.:
The kind of fortune that never misses.
-- Ambrose Bierce, "The Devil's Dictionary"

Re: iwm(4) A-MSDU support

[Peter Hessler]

On 2021 Mar 29 (Mon) at 19:27:15 +0200 (+0200), Stefan Sperling wrote:
:This patch attempts to add support for receiving A-MSDUs to iwm(4).
:If you are using iwm(4) then please run with this patch and let me
:know if it causes regressions. Thanks!
:
:ACHTUNG: This patch breaks iwx(4)! Don't use it there! For this reason,
:the patch can neither be committed nor be put into snapshots!!!
:
:Our net80211 stack de-aggregates A-MSDUs in software. This works fine with
:iwm 7k and 8k devices. However, iwm 9k devices de-aggregate A-MSDUs in
:hardware and net80211 is currently unable to handle this.
:
:Our current iwm 9k code only works because long ago I disabled reception
:of A-MSDUs for all devices. Unfortunately, the only way to get A-MSDUs
:working on 9k hardware is to add a bunch of driver-specific code which
:handles de-aggregation. Otherwise, net80211 will drop frames which appear
:to arrive out of order, or appear as duplicates even though they were
:simply part of the same A-MSDU and thus share a sequence number.
:The driver can re-order frames correctly based on information provided
:by firmware. I'd rather implement this than letting these devices miss
:out on A-MSDUs because the Rx speed advantage can be significant, around
:80/90 Mbps (but this will very much depend on the AP).
:
:If these A-* acronyms don't make sense and you'd like to know more, here
:is a fairly good explanation: https://mrncciew.com/2013/04/11/a-mpdu-a-msdu/
:Note that we care about the nested case, which is also mentioned in this
:article but not explained in detail. It's simply an A-MSDU stashed inside
:an A-MPDU. If an AP can do 11AC, then it should support this.
:
:iwx(4) hardware has the same problem.
:If this patch works fine on iwm(4) then I can port the changes to iwx(4),
:do another round of testing, and eventually commit to both drivers at
:the same time.
:
:Some of the changes below are based on code from the Linux iwlwifi driver.
:I am not entirely happy with some of its style. But the code should be in
:good enough shape to be tested.
:

Been running this for about 24 hours on my x395, seems to be good.

Had only one stuck wifi when first trying it, but I was also stuck on a
2.4GHz channel and live in a dense apartment building.  Forcing it to
move to a 5GHz channel fixed it all up, and no problems since then.

  iwm0 at pci1 dev 0 function 0 "Intel Dual Band Wireless-AC 9260" rev 0x29, 
msix
  iwm0: hw rev 0x320, fw ver 34.3125811985.0, address 0c:dd:24:83:e1:40



-- 
Churchill's Commentary on Man:
Man will occasionally stumble over the truth, but most of the
time he will pick himself up and continue on.

Re: slimblade support

[Peter Hessler]

On 2021 Jan 09 (Sat) at 07:00:29 -0700 (-0700), Thomas Frohwein wrote:
:On Sat, Nov 21, 2020 at 08:10:03AM +0200, Timo Myyrä wrote:
:> Hi,
:> 
:> The last attempt at adding Kensington Slimblade trackball support seems
:> to have stalled:
:> https://marc.info/?l=openbsd-tech=147444999319756=2
:> 
:> I tested the diff and it still seems apply with little fuzz and works
:> with my slimblade. It would be nice to have this included so I can paste
:> with mouse.
:> 
:> Here's cleaned up patch for reference.
:> 
:> timo
:
:I've been running with this diff through several snapshot upgrades
:without issues. Would be interested to hear if there are concerns about
:this diff or if I can get another ok? As far as quirks go, it's not
:much code and relatively simple...
:

this makes sense to have a quirk for, OK


:> 
:> 
:> Index: sys/dev/usb/ums.c
:> ===
:> RCS file: /cvs/src/sys/dev/usb/ums.c,v
:> retrieving revision 1.45
:> diff -u -p -u -p -r1.45 ums.c
:> --- sys/dev/usb/ums.c23 Aug 2020 11:08:02 -  1.45
:> +++ sys/dev/usb/ums.c20 Nov 2020 20:22:11 -
:> @@ -150,6 +150,8 @@ ums_attach(struct device *parent, struct
:>  qflags |= HIDMS_MS_BAD_CLASS;
:>  if (quirks & UQ_MS_LEADING_BYTE)
:>  qflags |= HIDMS_LEADINGBYTE;
:> +if (quirks & UQ_MS_VENDOR_BUTTONS)
:> +qflags |= HIDMS_VENDOR_BUTTONS;
:>  
:>  if (hidms_setup(self, ms, qflags, uha->reportid, desc, size) != 0)
:>  return;
:> Index: sys/dev/usb/usb_quirks.c
:> ===
:> RCS file: /cvs/src/sys/dev/usb/usb_quirks.c,v
:> retrieving revision 1.76
:> diff -u -p -u -p -r1.76 usb_quirks.c
:> --- sys/dev/usb/usb_quirks.c 5 Jan 2020 00:54:13 -   1.76
:> +++ sys/dev/usb/usb_quirks.c 20 Nov 2020 20:22:11 -
:> @@ -150,6 +150,9 @@ const struct usbd_quirk_entry {
:>   { USB_VENDOR_MICROSOFT, USB_PRODUCT_MICROSOFT_WLNOTEBOOK2,
:>  ANY, { UQ_MS_BAD_CLASS | UQ_MS_LEADING_BYTE }},
:>  
:> + { USB_VENDOR_KENSINGTON, USB_PRODUCT_KENSINGTON_SLIMBLADE,
:> +ANY, { UQ_MS_VENDOR_BUTTONS }},
:> +
:>   { 0, 0, 0, { 0 } }
:>  };
:>  
:> Index: sys/dev/usb/usb_quirks.h
:> ===
:> RCS file: /cvs/src/sys/dev/usb/usb_quirks.h,v
:> retrieving revision 1.16
:> diff -u -p -u -p -r1.16 usb_quirks.h
:> --- sys/dev/usb/usb_quirks.h 19 Jul 2010 05:08:37 -  1.16
:> +++ sys/dev/usb/usb_quirks.h 20 Nov 2020 20:22:11 -
:> @@ -49,6 +49,8 @@ struct usbd_quirks {
:>  #define UQ_MS_LEADING_BYTE  0x0001 /* mouse sends unknown leading byte 
*/
:>  #define UQ_EHCI_NEEDTO_DISOWN   0x0002 /* must hand device over to 
USB 1.1
:>  if attached to EHCI */
:> +#define UQ_MS_VENDOR_BUTTONS0x0004 /* mouse reports extra 
buttons in
:> +vendor page */
:>  };
:>  
:>  extern const struct usbd_quirks usbd_no_quirk;
:> Index: sys/dev/usb/usbdevs
:> ===
:> RCS file: /cvs/src/sys/dev/usb/usbdevs,v
:> retrieving revision 1.728
:> diff -u -p -u -p -r1.728 usbdevs
:> --- sys/dev/usb/usbdevs  16 Nov 2020 09:49:10 -  1.728
:> +++ sys/dev/usb/usbdevs  20 Nov 2020 20:22:11 -
:> @@ -2491,6 +2491,7 @@ product KENSINGTON TURBOBALL   0x1005  Turb
:>  product KENSINGTON ORBIT_MAC0x1009  Orbit trackball for Mac
:>  product KENSINGTON BT_EDR   0x105e  Bluetooth
:>  product KENSINGTON VIDEOCAM_VGA 0x5002  VideoCAM VGA
:> +product KENSINGTON SLIMBLADE0x2041  Slimblade Trackball
:>  
:>  /* Keyspan products */
:>  product KEYSPAN USA28_NF0x0101  USA-28 serial
:> Index: sys/dev/usb/usbdevs.h
:> ===
:> RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
:> retrieving revision 1.740
:> diff -u -p -u -p -r1.740 usbdevs.h
:> --- sys/dev/usb/usbdevs.h16 Nov 2020 09:49:40 -  1.740
:> +++ sys/dev/usb/usbdevs.h20 Nov 2020 20:22:11 -
:> @@ -2498,6 +2498,7 @@
:>  #define USB_PRODUCT_KENSINGTON_ORBIT_MAC0x1009  /* 
Orbit trackball for Mac */
:>  #define USB_PRODUCT_KENSINGTON_BT_EDR   0x105e  /* Bluetooth */
:>  #define USB_PRODUCT_KENSINGTON_VIDEOCAM_VGA 0x5002  /* 
VideoCAM VGA */
:> +#define USB_PRODUCT_KENSINGTON_SLIMBLADE0x2041  /* 
Slimblade Trackball */
:>  
:>  /* Keyspan products */
:>  #define USB_PRODUCT_KEYSPAN_USA28_NF0x0101  /* USA-28 
serial */
:> Index: sys/dev/usb/usbdevs_data.h
:> ===
:> RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
:> retrieving revision 1.734
:> diff -u -p -u -p -r1.734 usbdevs_data.h
:> --- sys/dev/usb/usbdevs_data.h   16 Nov 2020 09:49:40 -  1.734
:> +++ 

Re: net80211: fix announced RSN (WPA2) capabilities

[Peter Hessler]

Looks good, no regression for my AP at home.

OK

On 2020 Dec 07 (Mon) at 22:55:29 +0100 (+0100), Stefan Sperling wrote:
:When announcing RSN (WPA2) capabilities in management frames such as
:association requests, we currently echo back all RSN (i.e. WPA2)
:capabilities which were announced by our peer.
:
:This is bad in case the peer announces features we don't support.
:One such feature is Management Frame Protection (MFP). If we announce this
:capability then the peer sends us encrypted management frames which won't be
:processed. One symptom of this is that we fail to negotiate 11n block ack
:with APs that enable MFP if the client announces support for MFP (problem
:found by sthen@).
:
:With this patch we only echo the RSN capalibities which we actually support.
:I am handling MFP and PBAR bits here as done elsewhere, but note that
:neither of these features is enabled yet at run-time.
:(We do have code for MFP; but it is untested, and disabled in all of our
:wifi drivers. That's for another day...)
:
:ok?
:
:diff 18e888c6238d4d2767f9b9d181633c8a9b33b1a3 /usr/src
:blob - 1610fbf508ab3f6fb12721ee5c1ba7f56c0a94b3
:file + sys/net80211/ieee80211_output.c
:--- sys/net80211/ieee80211_output.c
:+++ sys/net80211/ieee80211_output.c
:@@ -941,7 +941,7 @@ ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211
: {
:   const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI;
:   u_int8_t *pcount;
:-  u_int16_t count;
:+  u_int16_t count, rsncaps;
: 
:   /* write Version field */
:   LE_WRITE_2(frm, 1); frm += 2;
:@@ -1017,7 +1017,16 @@ ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211
:   return frm;
: 
:   /* write RSN Capabilities field */
:-  LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2;
:+  rsncaps = (ni->ni_rsncaps & (IEEE80211_RSNCAP_PTKSA_RCNT_MASK |
:+  IEEE80211_RSNCAP_GTKSA_RCNT_MASK));
:+  if (ic->ic_caps & IEEE80211_C_MFP) {
:+  rsncaps |= IEEE80211_RSNCAP_MFPC;
:+  if (ic->ic_flags & IEEE80211_F_MFPR)
:+  rsncaps |= IEEE80211_RSNCAP_MFPR;
:+  }
:+  if (ic->ic_flags & IEEE80211_F_PBAR)
:+  rsncaps |= IEEE80211_RSNCAP_PBAC;
:+  LE_WRITE_2(frm, rsncaps); frm += 2;
: 
:   if (ni->ni_flags & IEEE80211_NODE_PMKID) {
:   /* write PMKID Count field */
:
:

Re: net80211: Use a BA agreement for rx immediately

[Peter Hessler]

On 2020 Dec 07 (Mon) at 16:41:33 +0100 (+0100), Stefan Sperling wrote:
:On Mon, Dec 07, 2020 at 03:49:20PM +0100, Tobias Heider wrote:
:> On Mon, Dec 07, 2020 at 02:33:10PM +0100, Stefan Sperling wrote:
:> > On Mon, Dec 07, 2020 at 01:31:09PM +0100, Tobias Heider wrote:
:> > > Some APs request a BA agreement and continue to send QOS packets
:> > > for the same tid (with normal ack policy). Currently, these packets
:> > > make it to the higher layers without going through BA reordering or the
:> > > BA buffer. This results in reduced performance later on as the sequence
:> > > numbers are expected by BA reordering.
:> > > 
:> > > To fix this, we should use BA agreement immediately after it is
:> > > requested by the AP.  This causes the sequence number counter in
:> > > the BA agreement to advance for the normal qos packets and the gap
:> > > wait later on is avoided.
:> > > 
:> > > ok?
:> > 
:> > Not yet, see below:
:> > 
:> 
:> Update with comments addressed.
:
:ok
:

OK


:> Index: ieee80211_input.c
:> ===
:> RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
:> retrieving revision 1.221
:> diff -u -p -r1.221 ieee80211_input.c
:> --- ieee80211_input.c28 Aug 2020 12:01:48 -  1.221
:> +++ ieee80211_input.c7 Dec 2020 14:38:24 -
:> @@ -358,6 +358,17 @@ ieee80211_inputm(struct ifnet *ifp, stru
:>  /* go through A-MPDU reordering */
:>  ieee80211_input_ba(ic, m, ni, tid, rxi, ml);
:>  return; /* don't free m! */
:> +} else if (ba_state == IEEE80211_BA_REQUESTED &&
:> +(qos & IEEE80211_QOS_ACK_POLICY_MASK) ==
:> +IEEE80211_QOS_ACK_POLICY_NORMAL) {
:> +/*
:> + * Apparently, qos frames for a tid where a
:> + * block ack agreement was requested but not
:> + * yet confirmed by us should still contribute
:> + * to the sequence number for this tid.
:> + */
:> +ieee80211_input_ba(ic, m, ni, tid, rxi, ml);
:> +return; /* don't free m! */
:>  }
:>  }
:>  
:> @@ -2698,6 +2709,9 @@ ieee80211_recv_addba_req(struct ieee8021
:>  ssn = LE_READ_2([7]) >> 4;
:>  
:>  ba = >ni_rx_ba[tid];
:> +/* The driver is still processing an ADDBA request for this tid. */
:> +if (ba->ba_state == IEEE80211_BA_REQUESTED)
:> +return;
:>  /* check if we already have a Block Ack agreement for this RA/TID */
:>  if (ba->ba_state == IEEE80211_BA_AGREED) {
:>  /* XXX should we update the timeout value? */
:> @@ -2737,7 +2751,7 @@ ieee80211_recv_addba_req(struct ieee8021
:>  goto refuse;
:>  
:>  /* setup Block Ack agreement */
:> -ba->ba_state = IEEE80211_BA_INIT;
:> +ba->ba_state = IEEE80211_BA_REQUESTED;
:>  ba->ba_timeout_val = timeout * IEEE80211_DUR_TU;
:>  ba->ba_ni = ni;
:>  ba->ba_token = token;
:> @@ -2816,6 +2830,7 @@ ieee80211_addba_req_refuse(struct ieee80
:>  free(ba->ba_buf, M_DEVBUF,
:>  IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf));
:>  ba->ba_buf = NULL;
:> +ba->ba_state = IEEE80211_BA_INIT;
:>  
:>  /* MLME-ADDBA.response */
:>  IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA,
:> 
:

-- 
Life is like a simile.

Re: iwm(4): decoding of multiple MPDUs in one receive packet

[Peter Hessler]

OK

On 2020 Dec 07 (Mon) at 10:28:59 +0100 (+0100), Tobias Heider wrote:
:Hi,
:
:In iwm_rx_pkt() the calculation of "remain" seems to be wrong if
:there are three or more MPDUs in one packet.
:"remain" is initialized with the output buffer size.
:Each time an MPDU is found in the packet remain is reduced
:by the offset of the MPDU in the receive buffer, which is only
:correct for the first MPDU in the packet.
:This causes spurious input errors.
:
:We can fix this by removing the "remain" variable.
:The variable "offset" always points to the current position in the
:receive buffer and the maximum size of the receive buffer is fixed.
:Thus offset can be used for the caculation of maxlen.
:
:ok?
:
:Index: if_iwm.c
:===
:RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
:retrieving revision 1.315
:diff -u -p -r1.315 if_iwm.c
:--- if_iwm.c   11 Oct 2020 07:05:28 -  1.315
:+++ if_iwm.c   7 Dec 2020 09:02:44 -
:@@ -8494,7 +8494,6 @@ iwm_rx_pkt(struct iwm_softc *sc, struct 
:   uint32_t offset = 0, nextoff = 0, nmpdu = 0, len;
:   struct mbuf *m0, *m;
:   const size_t minsz = sizeof(pkt->len_n_flags) + sizeof(pkt->hdr);
:-  size_t remain = IWM_RBUF_SIZE;
:   int qid, idx, code, handled = 1;
: 
:   bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE,
:@@ -8531,7 +8530,7 @@ iwm_rx_pkt(struct iwm_softc *sc, struct 
:   break;
: 
:   case IWM_REPLY_RX_MPDU_CMD: {
:-  size_t maxlen = remain - minsz;
:+  size_t maxlen = IWM_RBUF_SIZE - offset - minsz;
:   nextoff = offset +
:   roundup(len, IWM_FH_RSCSR_FRAME_ALIGN);
:   nextpkt = (struct iwm_rx_packet *)
:@@ -8569,11 +8568,6 @@ iwm_rx_pkt(struct iwm_softc *sc, struct 
:   iwm_rx_mpdu(sc, m, pkt->data,
:   maxlen, ml);
:   }
:-
:-  if (offset + minsz < remain)
:-  remain -= offset;
:-  else
:-  remain = minsz;
:   break;
:   }
: 
:

-- 
What color is a chameleon on a mirror?

Re: net80211: Better gapwait accounting

[Peter Hessler]

On 2020 Dec 07 (Mon) at 15:02:14 +0100 (+0100), Stefan Sperling wrote:
:On Mon, Dec 07, 2020 at 02:36:05PM +0100, Tobias Heider wrote:
:> Hi,
:> 
:> our net80211 gapwait accounting implementation seems to have several
:> problems:
:> - If we lose packets with serial numbers 0 und 2 but receive the
:>   packet with serial number 1, the first gap wait timeout will
:>   skip serial number 0, flush out serial number 1 and then wait
:>   for serial number 2. However, at this time the timeout is not
:>   re-armed and we have to wait for a window slide.
:> - The logic that does gap skip if too many packets are in the reorder
:>   buffer does not kick in if we lose two packets (as gapwait cannot
:>   reach windowsize - 1. Additionally, what the logic does is mostly
:>   equivalent to a normal window slide if we receive a packet that is
:>   beyond the window. So remove this logic completely.
:> 
:> To fix this use ba_gapwait to actually count all the packets
:> currently in the reorder buffer and restart the gap timeout if the
:> buffer is not empty after we flush out some of the packets.
:> 
:> Found and fix by Christian Erhardt (CC).
:> 
:> ok?
: 
:I am happy with this if it works well during testing.
:
:Could someone convince phessler@ to take this for a flight in Minecraft?
:

Works very well in my testing.

With all three of these diffs in my tree, playing in Minecraft over wifi
feels a lot closer to playing over wired.  In game taking off to fly is a
lot easier, and I have far fewer rubber-band incidents.

OK


:> Index: ieee80211_input.c
:> ===
:> RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
:> retrieving revision 1.221
:> diff -u -p -r1.221 ieee80211_input.c
:> --- ieee80211_input.c28 Aug 2020 12:01:48 -  1.221
:> +++ ieee80211_input.c7 Dec 2020 12:58:31 -
:> @@ -839,30 +839,10 @@ ieee80211_input_ba(struct ieee80211com *
:>  /* store Rx meta-data too */
:>  rxi->rxi_flags |= IEEE80211_RXI_AMPDU_DONE;
:>  ba->ba_buf[idx].rxi = *rxi;
:> +ba->ba_gapwait++;
:>  
:> -if (ba->ba_buf[ba->ba_head].m == NULL) {
:> -if (ba->ba_gapwait < (ba->ba_winsize - 1)) {
:> -if (ba->ba_gapwait == 0) {
:> -timeout_add_msec(>ba_gap_to,
:> -IEEE80211_BA_GAP_TIMEOUT);
:> -}
:> -ba->ba_gapwait++;
:> -} else {
:> -/*
:> - * A full BA window worth of frames is now waiting.
:> - * Skip the missing frame at the head of the window.
:> - */
:> -int skipped = ieee80211_input_ba_gap_skip(ba);
:> -ic->ic_stats.is_ht_rx_ba_frame_lost += skipped;
:> -ba->ba_gapwait = 0;
:> -if (timeout_pending(>ba_gap_to))
:> -timeout_del(>ba_gap_to);
:> -}
:> -} else {
:> -ba->ba_gapwait = 0;
:> -if (timeout_pending(>ba_gap_to))
:> -timeout_del(>ba_gap_to);
:> -}
:> +if (ba->ba_buf[ba->ba_head].m == NULL && ba->ba_gapwait == 1)
:> +timeout_add_msec(>ba_gap_to, IEEE80211_BA_GAP_TIMEOUT);
:>  
:>  ieee80211_input_ba_flush(ic, ni, ba, ml);
:>  }
:> @@ -894,6 +874,7 @@ ieee80211_input_ba_seq(struct ieee80211c
:>  ieee80211_inputm(ifp, ba->ba_buf[ba->ba_head].m,
:>  ni, >ba_buf[ba->ba_head].rxi, ml);
:>  ba->ba_buf[ba->ba_head].m = NULL;
:> +ba->ba_gapwait--;
:>  } else
:>  ic->ic_stats.is_ht_rx_ba_frame_lost++;
:>  ba->ba_head = (ba->ba_head + 1) % IEEE80211_BA_MAX_WINSZ;
:> @@ -916,12 +897,18 @@ ieee80211_input_ba_flush(struct ieee8021
:>  ieee80211_inputm(ifp, ba->ba_buf[ba->ba_head].m, ni,
:>  >ba_buf[ba->ba_head].rxi, ml);
:>  ba->ba_buf[ba->ba_head].m = NULL;
:> +ba->ba_gapwait--;
:>  
:>  ba->ba_head = (ba->ba_head + 1) % IEEE80211_BA_MAX_WINSZ;
:>  /* move window forward */
:>  ba->ba_winstart = (ba->ba_winstart + 1) & 0xfff;
:>  }
:>  ba->ba_winend = (ba->ba_winstart + ba->ba_winsize - 1) & 0xfff;
:> +
:> +if (timeout_pending(>ba_gap_to))
:> +timeout_del(>ba_gap_to);
:> +if (ba->ba_gapwait)
:> +timeout_add_msec(>ba_gap_to, IEEE80211_BA_GAP_TIMEOUT);
:>  }
:>  
:>  /* 
:> @@ -989,6 +976,7 @@ ieee80211_ba_move_window(struct ieee8021
:>  ieee80211_inputm(ifp, ba->ba_buf[ba->ba_head].m, ni,
:>  >ba_buf[ba->ba_head].rxi, ml);
:>  ba->ba_buf[ba->ba_head].m = NULL;
:> +ba->ba_gapwait--;
:>  } else
:>  ic->ic_stats.is_ht_rx_ba_frame_lost++;
:>  ba->ba_head = 

Re: Call uvm_grow() on armv7

[Peter Hessler]

On 2020 Sep 25 (Fri) at 14:51:01 +0200 (+0200), Mark Kettenis wrote:
:> Date: Fri, 25 Sep 2020 14:38:23 +0200
:> From: Peter Hessler 
:> 
:> After Mark noticed that arm64 didn't have it, I checked armv7 and it
:> also doesn't have it.
:> 
:> Successfully tested on a Tinker-RK3288
:> 
:> OK?
:> 
:> 
:> Index: sys/arch/arm/arm/fault.c
:> ===
:> RCS file: /home/cvs/openbsd/src/sys/arch/arm/arm/fault.c,v
:> retrieving revision 1.41
:> diff -u -p -u -p -r1.41 fault.c
:> --- sys/arch/arm/arm/fault.c 14 Sep 2020 18:23:32 -  1.41
:> +++ sys/arch/arm/arm/fault.c 25 Sep 2020 06:21:48 -
:> @@ -331,6 +331,8 @@ data_abort_handler(trapframe_t *tf)
:>  pcb->pcb_onfault = NULL;
:>  KERNEL_LOCK();
:>  error = uvm_fault(map, va, 0, ftype);
:> +if (error == 0)
:
:You need a map != kernel_map check here as this trap can be called for
:both kernel faults and userland faults.
:
:> +uvm_grow(p, va);
:>  KERNEL_UNLOCK();
:>  pcb->pcb_onfault = onfault;
:>  
:> @@ -588,6 +590,8 @@ prefetch_abort_handler(trapframe_t *tf)
:>  
:>  KERNEL_LOCK();
:>  error = uvm_fault(map, va, 0, PROT_READ | PROT_EXEC);
:> +if (error == 0)
:
:But not here since this one always has map != kernel_map.
:
:> +uvm_grow(p, va);
:>  KERNEL_UNLOCK();
:>  if (__predict_true(error == 0))
:>  goto out;
:> 

Thanks, fixed.


Index: sys/arch/arm/arm/fault.c
===
RCS file: /home/cvs/openbsd/src/sys/arch/arm/arm/fault.c,v
retrieving revision 1.41
diff -u -p -u -p -r1.41 fault.c
--- sys/arch/arm/arm/fault.c14 Sep 2020 18:23:32 -  1.41
+++ sys/arch/arm/arm/fault.c25 Sep 2020 13:16:55 -
@@ -331,6 +331,8 @@ data_abort_handler(trapframe_t *tf)
pcb->pcb_onfault = NULL;
KERNEL_LOCK();
error = uvm_fault(map, va, 0, ftype);
+   if (error == 0 && map != kernel_map)
+   uvm_grow(p, va);
KERNEL_UNLOCK();
pcb->pcb_onfault = onfault;
 
@@ -588,6 +590,8 @@ prefetch_abort_handler(trapframe_t *tf)
 
KERNEL_LOCK();
error = uvm_fault(map, va, 0, PROT_READ | PROT_EXEC);
+   if (error == 0)
+   uvm_grow(p, va);
KERNEL_UNLOCK();
if (__predict_true(error == 0))
goto out;




:> 
:> 
:> On 2020 Sep 24 (Thu) at 23:16:08 +0200 (+0200), Mark Kettenis wrote:
:> :The call is missing from the trap handler, probably because I was
:> :looking at arm64 where it is missing as well.  The result is that the
:> :stack size accounting will be wrong.
:> :
:> :In the diff below I only added the call to the "data" trap.  That
:> :means that an "instruction" trap will not run the accounting code.  Is
:> :that correct?  The uvm_fault() call should never return success in
:> :that case unless the stack has been mapped executable...
:> :

-- 
Millihelen, adj:
The amount of beauty required to launch one ship.

Call uvm_grow() on armv7

[Peter Hessler]

After Mark noticed that arm64 didn't have it, I checked armv7 and it
also doesn't have it.

Successfully tested on a Tinker-RK3288

OK?


Index: sys/arch/arm/arm/fault.c
===
RCS file: /home/cvs/openbsd/src/sys/arch/arm/arm/fault.c,v
retrieving revision 1.41
diff -u -p -u -p -r1.41 fault.c
--- sys/arch/arm/arm/fault.c14 Sep 2020 18:23:32 -  1.41
+++ sys/arch/arm/arm/fault.c25 Sep 2020 06:21:48 -
@@ -331,6 +331,8 @@ data_abort_handler(trapframe_t *tf)
pcb->pcb_onfault = NULL;
KERNEL_LOCK();
error = uvm_fault(map, va, 0, ftype);
+   if (error == 0)
+   uvm_grow(p, va);
KERNEL_UNLOCK();
pcb->pcb_onfault = onfault;
 
@@ -588,6 +590,8 @@ prefetch_abort_handler(trapframe_t *tf)
 
KERNEL_LOCK();
error = uvm_fault(map, va, 0, PROT_READ | PROT_EXEC);
+   if (error == 0)
+   uvm_grow(p, va);
KERNEL_UNLOCK();
if (__predict_true(error == 0))
goto out;



On 2020 Sep 24 (Thu) at 23:16:08 +0200 (+0200), Mark Kettenis wrote:
:The call is missing from the trap handler, probably because I was
:looking at arm64 where it is missing as well.  The result is that the
:stack size accounting will be wrong.
:
:In the diff below I only added the call to the "data" trap.  That
:means that an "instruction" trap will not run the accounting code.  Is
:that correct?  The uvm_fault() call should never return success in
:that case unless the stack has been mapped executable...
:


-- 
Nature is by and large to be found out of doors, a location where, it
cannot be argued, there are never enough comfortable chairs.
-- Fran Leibowitz

Re: apply changes immediately to join'd essids

[Peter Hessler]

On 2020 Jan 14 (Tue) at 13:11:57 +0100 (+0100), Stefan Sperling wrote:
:On Mon, Jan 13, 2020 at 10:38:35PM +0100, Peter Hessler wrote:
:> On 2020 Jan 12 (Sun) at 21:39:19 +0100 (+0100), Peter Hessler wrote:
:> :When we change attributes for a join essid, we should apply the change
:> :immediately instead of waiting to (randomly) switch away and switch
:> :back.
:> 
:> And if we are connected to an AP, remove the node from the cache so we
:> can properly reconnect.
:> 
:> OK?
:> 
:> 
...

:This should call ieee80211_free_node() instead. We should also make
:sure this code runs in station opmode (IEEE80211_M_STA) only.
:

...

Updated diff


Index: net80211/ieee80211_ioctl.c
===
RCS file: /home/cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.78
diff -u -p -u -p -r1.78 ieee80211_ioctl.c
--- net80211/ieee80211_ioctl.c  13 Jan 2020 09:57:25 -  1.78
+++ net80211/ieee80211_ioctl.c  14 Jan 2020 13:52:18 -
@@ -512,6 +512,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
case SIOCS80211JOIN:
if ((error = suser(curproc)) != 0)
break;
+   if (ic->ic_opmode != IEEE80211_M_STA)
+   break;
if ((error = copyin(ifr->ifr_data, , sizeof(join))) != 0)
break;
if (join.i_len > IEEE80211_NWID_LEN) {
@@ -543,7 +545,13 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
if (ic->ic_des_esslen == join.i_len &&
memcmp(join.i_nwid, ic->ic_des_essid,
join.i_len) == 0) {
+   struct ieee80211_node *ni;
+
ieee80211_deselect_ess(ic);
+   ni = ieee80211_find_node(ic,
+   ic->ic_bss->ni_bssid);
+   if (ni != NULL)
+   ieee80211_free_node(ic, ni);
error = ENETRESET;
}
/* save nwid for auto-join */
Index: net80211/ieee80211_node.c
===
RCS file: /home/cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.178
diff -u -p -u -p -r1.178 ieee80211_node.c
--- net80211/ieee80211_node.c   29 Dec 2019 14:00:36 -  1.178
+++ net80211/ieee80211_node.c   14 Jan 2020 13:53:55 -
@@ -72,7 +72,6 @@ int ieee80211_ess_is_better(struct ieee8
 void ieee80211_node_set_timeouts(struct ieee80211_node *);
 void ieee80211_setup_node(struct ieee80211com *, struct ieee80211_node *,
 const u_int8_t *);
-void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *);
 struct ieee80211_node *ieee80211_alloc_node_helper(struct ieee80211com *);
 void ieee80211_node_switch_bss(struct ieee80211com *, struct ieee80211_node *);
 void ieee80211_node_addba_request(struct ieee80211_node *, int);
Index: net80211/ieee80211_node.h
===
RCS file: /home/cvs/openbsd/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.84
diff -u -p -u -p -r1.84 ieee80211_node.h
--- net80211/ieee80211_node.h   29 Dec 2019 13:49:22 -  1.84
+++ net80211/ieee80211_node.h   14 Jan 2020 13:54:18 -
@@ -533,6 +533,7 @@ void ieee80211_create_ibss(struct ieee80
struct ieee80211_channel *);
 void ieee80211_notify_dtim(struct ieee80211com *);
 void ieee80211_set_tim(struct ieee80211com *, int, int);
+void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *);
 
 int ieee80211_node_cmp(const struct ieee80211_node *,
const struct ieee80211_node *);


-- 
This sentence contradicts itself -- no actually it doesn't.
-- Hofstadter

Re: apply changes immediately to join'd essids

[Peter Hessler]

On 2020 Jan 12 (Sun) at 21:39:19 +0100 (+0100), Peter Hessler wrote:
:When we change attributes for a join essid, we should apply the change
:immediately instead of waiting to (randomly) switch away and switch
:back.

And if we are connected to an AP, remove the node from the cache so we
can properly reconnect.

OK?


Index: net80211/ieee80211_ioctl.c
===
RCS file: /home/cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.78
diff -u -p -u -p -r1.78 ieee80211_ioctl.c
--- net80211/ieee80211_ioctl.c  13 Jan 2020 09:57:25 -  1.78
+++ net80211/ieee80211_ioctl.c  13 Jan 2020 16:16:18 -
@@ -543,7 +543,13 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
if (ic->ic_des_esslen == join.i_len &&
memcmp(join.i_nwid, ic->ic_des_essid,
join.i_len) == 0) {
+   struct ieee80211_node *ni;
+
ieee80211_deselect_ess(ic);
+   ni = ieee80211_find_node(ic,
+   ic->ic_bss->ni_bssid);
+   if (ni != NULL)
+   ieee80211_release_node(ic, ni);
error = ENETRESET;
}
/* save nwid for auto-join */

apply changes immediately to join'd essids

[Peter Hessler]

When we change attributes for a join essid, we should apply the change
immediately instead of waiting to (randomly) switch away and switch
back.

Found by martijn@

OK?


Index: net80211/ieee80211_ioctl.c
===
RCS file: /home/cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.77
diff -u -p -u -p -r1.77 ieee80211_ioctl.c
--- net80211/ieee80211_ioctl.c  11 Nov 2019 18:07:21 -  1.77
+++ net80211/ieee80211_ioctl.c  12 Jan 2020 18:38:44 -
@@ -540,6 +540,17 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
error = ENETRESET;
}
} else {
+   /* 
+* We are reconfiguring the active essid,
+* so reset the interface.
+*/
+   if (ic->ic_des_esslen == join.i_len &&
+   memcmp(join.i_nwid, ic->ic_des_essid,
+   join.i_len) == 0) {
+   ieee80211_deselect_ess(ic);
+   error = ENETRESET;
+   }
+
/* save nwid for auto-join */
if (ieee80211_add_ess(ic, ) == 0)
ic->ic_flags |= IEEE80211_F_AUTO_JOIN;


-- 
If the American dream is for Americans only, it will remain our dream
and never be our destiny.
-- René de Visme Williamson

Re: increase IEEE80211_CACHE_SIZE

[Peter Hessler]

OK


On 2019 Dec 28 (Sat) at 14:27:01 +0100 (+0100), Stefan Sperling wrote:
:The number of entries in the node cache is currently capped to 100.
:
:This limit is outdated. Modern hardware like iwm(4) 8265 supports 46
:distinct channels (1-13, 36-165) each of which can host multiple APs.
:
:The limit is easily reached at 36c6 which makes use of much of the
:available spectrum and provides at least 3 SSIDs on each channel:
:
:$ ifconfig iwm0 scan | grep nwid | wc -l
:  96
:
:So we may be missing out on the best AP to use.
:
:The cache uses an RB tree so performance impact should be negligible.
:
:ok?
:
:diff 5181eb992cbbf64c135f177197957b0e0b427e21 /usr/src
:blob - 7fada592641e683415ffc42cded1c8b27bf39c5c
:file + sys/net80211/ieee80211_node.h
:--- sys/net80211/ieee80211_node.h
:+++ sys/net80211/ieee80211_node.h
:@@ -39,7 +39,7 @@
: #define   IEEE80211_TRANS_WAIT5   /* transition wait */
: #define   IEEE80211_INACT_WAIT5   /* inactivity timer 
interval */
: #define   IEEE80211_INACT_MAX (300/IEEE80211_INACT_WAIT)
:-#define   IEEE80211_CACHE_SIZE100
:+#define   IEEE80211_CACHE_SIZE512
: #define   IEEE80211_CACHE_WAIT30
: #define   IEEE80211_INACT_SCAN10  /* for station mode */
: 
:

-- 
When I was a boy I was told that anybody could become President.
Now I'm beginning to believe it.
-- Clarence Darrow

Re: bfd: respond to poll sequence from peer

[Peter Hessler]

Hi Mitchell

Thanks a lot for the work you are putting into BFD, I'll be able to
review this properly over the weekend.

-peter


On 2019 Jun 03 (Mon) at 20:37:17 +1000 (+1000), Mitchell Krome wrote:
:Hi,
:
:Testing bfd against frr on linux, their bfd implementation sends polls
:as soon as the session is up even if the session timers haven't
:changed from what it was advertising while it was in the down state.
:Currently openbsd bfd doesn't respond to polls, so this diff adds that
:support. tcpdump output during session setup (.9 is openbsd):
:
:14:56:31.225339 10.10.20.9.58974 > 10.10.20.10.bfd-control: [udp sum ok] BFD 
v1 length 24 state down flags [] diag none my-discrim 3396727743 your-discrim 0 
mintx 100 minrx 100 minecho 0 multiplier 3 [to s 0xc0] (ttl 255, id 
48014, len 52)
:14:56:31.533645 10.10.20.10.49143 > 10.10.20.9.bfd-control: [udp sum ok] BFD 
v1 length 24 state init flags [] diag neighbor-down my-discrim 2 your-discrim 
3396727743 mintx 150 minrx 150 minecho 5 mul tiplier 3 (DF) [tos 
0xc0] (ttl 255, id 36838, len 52)
:14:56:32.022601 10.10.20.9.58974 > 10.10.20.10.bfd-control: [udp sum ok] BFD 
v1 length 24 state up flags [] diag none my-discrim 3396727743 your-discrim 2 
mintx 100 minrx 150 minecho 0 multiplier 3 [tos 0xc0] (ttl 255, id 
21474, len 52)
:14:56:32.023134 10.10.20.10.49143 > 10.10.20.9.bfd-control: [udp sum ok] BFD 
v1 length 24 state up flags [P] diag none my-discrim 2 your-discrim 3396727743 
mintx 150 minrx 150 minecho 5 multiplier 3 (DF) [tos 0xc0] (ttl 
255, id 36952, len 52)
:14:56:32.023207 10.10.20.9.58974 > 10.10.20.10.bfd-control: [udp sum ok] BFD 
v1 length 24 state up flags [F] diag none my-discrim 3396727743 your-discrim 2 
mintx 150 minrx 150 minecho 0 multiplier 3 [tos 0xc0] (ttl 255, id 
23805, len 52)
:14:56:32.997091 10.10.20.10.49143 > 10.10.20.9.bfd-control: [udp sum ok] BFD 
v1 length 24 state up flags [] diag none my-discrim 2 your-discrim 3396727743 
mintx 150 minrx 150 minecho 5 multiplier 3 ( DF) [tos 0xc0] (ttl 
255, id 36991, len 52)
:
:I also added some handling for generating polls and receiving finals while
:in there, but there isn't any code to actually start our own poll
:sequence just yet.
:
:I only have frr and openbsd peers to test with - if anybody has
:something else hooked up would be good to check what they do.
:
:Mitchell
:
:
:diff --git sys/net/bfd.c sys/net/bfd.c
:index 42995531a8a..2ae287a15bb 100644
:--- sys/net/bfd.c
:+++ sys/net/bfd.c
:@@ -741,6 +741,8 @@ bfd_reset(struct bfd_config *bfd)
: 
:   bfd->bc_mode = BFD_MODE_ASYNC;
:   bfd->bc_state = BFD_STATE_DOWN;
:+  bfd->bc_poll_seq = 0;
:+  bfd->bc_poll_rcvd = 0;
: 
:   /* rfc5880 6.8.18 */
:   bfd->bc_neighbor->bn_lstate = BFD_STATE_DOWN;
:@@ -825,7 +827,10 @@ bfd_input(struct bfd_config *bfd, struct mbuf *m)
:   bfd->bc_neighbor->bn_rdiscr = ntohl(peer->bfd_my_discriminator);
:   bfd->bc_neighbor->bn_rstate = state;
:   bfd->bc_neighbor->bn_rdemand = (flags & BFD_FLAG_D);
:-  bfd->bc_poll = (flags & BFD_FLAG_F);
:+
:+  if (flags & BFD_FLAG_F && bfd->bc_poll_seq) {
:+  bfd->bc_poll_seq = 0;
:+  }
: 
:   /* Local change to the algorithm, we don't accept below 50ms */
:   if (ntohl(peer->bfd_required_min_rx_interval) < BFD_MINIMUM)
:@@ -891,6 +896,12 @@ bfd_input(struct bfd_config *bfd, struct mbuf *m)
: 
:   bfd->bc_error = 0;
: 
:+  /* Reply to poll if we aren't down */
:+  if (flags & BFD_FLAG_P && bfd->bc_state > BFD_STATE_DOWN) {
:+  bfd->bc_poll_rcvd = 1;
:+  bfd_send_control(bfd);
:+  }
:+
:  discard:
:   bfd->bc_neighbor->bn_rdiag = diag;
:   m_free(m);
:@@ -979,6 +990,13 @@ bfd_send_control(void *x)
: 
:   h->bfd_ver_diag = ((BFD_VERSION << 5) | (bfd->bc_neighbor->bn_ldiag));
:   h->bfd_sta_flags = (bfd->bc_state << 6);
:+  /* Can't send a poll and a final in the same packet. */
:+  if (bfd->bc_poll_rcvd) {
:+  h->bfd_sta_flags |= BFD_FLAG_F;
:+  bfd->bc_poll_rcvd = 0;
:+  } else if (bfd->bc_poll_seq) {
:+  h->bfd_sta_flags |= BFD_FLAG_P;
:+  }
:   h->bfd_detect_multi = bfd->bc_neighbor->bn_mult;
:   h->bfd_length = BFD_HDRLEN;
:   h->bfd_my_discriminator = htonl(bfd->bc_neighbor->bn_ldiscr);
:diff --git sys/net/bfd.h sys/net/bfd.h
:index 3e8da45086f..8ee372faa5d 100644
:--- sys/net/bfd.h
:+++ sys/net/bfd.h
:@@ -143,7 +143,8 @@ struct bfd_config {
:   time_t   bc_lastuptime;
:   unsigned int bc_laststate;
:   unsigned int bc_state;
:-  unsigned int bc_poll;
:+  unsigned int bc_poll_seq;
:+  unsigned int bc_poll_rcvd;
:   unsigned int bc_error;
:   uint32_t bc_minrx;
:   uint32_t bc_mintx;
:

-- 
Philosophy will clip an angel's wings.
-- John Keats

Re: ifmedia_ioctl: ignore ENETRESET from ifm_change()

[Peter Hessler]

On 2019 Apr 24 (Wed) at 22:50:58 +1000 (+1000), Jonathan Matthew wrote:
:On Wed, Apr 24, 2019 at 12:21:47PM +0200, Stefan Sperling wrote:
:> On Sun, Apr 21, 2019 at 09:44:08PM +0800, Kevin Lo wrote:
:> > On Sun, Apr 21, 2019 at 01:02:39PM +1000, Jonathan Matthew wrote:
:> > > Currently we have some drivers with media_change
:> > > functions returning the errno from ieee80211_media_change (iwn, iwm) and 
some
:> > > just returning 0 at the end (run, rtwn, ral).  The ones returning 0 are 
mostly
:> > > ignoring possible errors from x_init() so I'm leaning towards making 
them more
:> > > like iwn/m.
:> > 
:> > Agreed.  Here's a follow-up diff which returns the errno from
:> > ieee80211_media_change().
:> 
:> OK by me. If this diff raises any new error condition, it's
:> an error that has been hidden and should be investigated.
:
:ok by me too.
:

OK


:> 
:> > Index: sys/dev/ic/bwfm.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/ic/bwfm.c,v
:> > retrieving revision 1.59
:> > diff -u -p -u -p -r1.59 bwfm.c
:> > --- sys/dev/ic/bwfm.c  1 Apr 2019 15:19:56 -   1.59
:> > +++ sys/dev/ic/bwfm.c  21 Apr 2019 13:26:12 -
:> > @@ -757,7 +757,7 @@ bwfm_media_change(struct ifnet *ifp)
:> >bwfm_stop(ifp);
:> >bwfm_init(ifp);
:> >}
:> > -  return 0;
:> > +  return error;
:> >  }
:> >  
:> >  /* Chip initialization (SDIO, PCIe) */
:> > Index: sys/dev/ic/rtwn.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/ic/rtwn.c,v
:> > retrieving revision 1.45
:> > diff -u -p -u -p -r1.45 rtwn.c
:> > --- sys/dev/ic/rtwn.c  11 Mar 2019 06:19:33 -  1.45
:> > +++ sys/dev/ic/rtwn.c  21 Apr 2019 13:26:12 -
:> > @@ -745,9 +745,9 @@ rtwn_media_change(struct ifnet *ifp)
:> >if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
:> >(IFF_UP | IFF_RUNNING)) {
:> >rtwn_stop(ifp);
:> > -  rtwn_init(ifp);
:> > +  error = rtwn_init(ifp);
:> >}
:> > -  return (0);
:> > +  return (error);
:> >  }
:> >  
:> >  /*
:> > Index: sys/dev/pci/if_iwi.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/pci/if_iwi.c,v
:> > retrieving revision 1.138
:> > diff -u -p -u -p -r1.138 if_iwi.c
:> > --- sys/dev/pci/if_iwi.c   26 Apr 2018 12:50:07 -  1.138
:> > +++ sys/dev/pci/if_iwi.c   21 Apr 2019 13:26:12 -
:> > @@ -647,9 +647,9 @@ iwi_media_change(struct ifnet *ifp)
:> >return error;
:> >  
:> >if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
:> > -  iwi_init(ifp);
:> > +  error = iwi_init(ifp);
:> >  
:> > -  return 0;
:> > +  return error;
:> >  }
:> >  
:> >  void
:> > Index: sys/dev/usb/if_ral.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/usb/if_ral.c,v
:> > retrieving revision 1.145
:> > diff -u -p -u -p -r1.145 if_ral.c
:> > --- sys/dev/usb/if_ral.c   13 Jan 2019 14:27:15 -  1.145
:> > +++ sys/dev/usb/if_ral.c   21 Apr 2019 13:26:12 -
:> > @@ -497,9 +497,9 @@ ural_media_change(struct ifnet *ifp)
:> >return error;
:> >  
:> >if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
:> > -  ural_init(ifp);
:> > +  error = ural_init(ifp);
:> >  
:> > -  return 0;
:> > +  return error;
:> >  }
:> >  
:> >  /*
:> > Index: sys/dev/usb/if_rsu.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/usb/if_rsu.c,v
:> > retrieving revision 1.43
:> > diff -u -p -u -p -r1.43 if_rsu.c
:> > --- sys/dev/usb/if_rsu.c   26 Apr 2018 12:50:07 -  1.43
:> > +++ sys/dev/usb/if_rsu.c   21 Apr 2019 13:26:12 -
:> > @@ -749,9 +749,9 @@ rsu_media_change(struct ifnet *ifp)
:> >if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
:> >(IFF_UP | IFF_RUNNING)) {
:> >rsu_stop(ifp);
:> > -  rsu_init(ifp);
:> > +  error = rsu_init(ifp);
:> >}
:> > -  return (0);
:> > +  return (error);
:> >  }
:> >  
:> >  void
:> > Index: sys/dev/usb/if_rum.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/usb/if_rum.c,v
:> > retrieving revision 1.123
:> > diff -u -p -u -p -r1.123 if_rum.c
:> > --- sys/dev/usb/if_rum.c   26 Oct 2017 15:00:28 -  1.123
:> > +++ sys/dev/usb/if_rum.c   21 Apr 2019 13:26:12 -
:> > @@ -591,9 +591,9 @@ rum_media_change(struct ifnet *ifp)
:> >return error;
:> >  
:> >if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
:> > -  rum_init(ifp);
:> > +  error = rum_init(ifp);
:> >  
:> > -  return 0;
:> > +  return error;
:> >  }
:> >  
:> >  /*
:> > Index: sys/dev/usb/if_run.c
:> > ===
:> > RCS file: /cvs/src/sys/dev/usb/if_run.c,v
:> > retrieving 

Re: ksh "clear-screen" editing command

[Peter Hessler]

On 2019 Apr 01 (Mon) at 09:53:31 -0600 (-0600), Todd C. Miller wrote:
:On Mon, 01 Apr 2019 16:52:34 +0200, Jeremie Courreges-Anglas wrote:
:
:> Since this went in, I'm using it on my machines instead of a bind -m hack.
:>
:> Can't we make ^L=clear-screen the default behavior?  I don't see
:> discussions about that.
:
:AT ksh doesn't clear the screen by default on ^L.  Other shells
:like bash, zsh, and tcsh do.  I don't object to making it the default
:but as I'm not a ksh user I'll defer to those who are.
:
: - todd
:

I always wondered why bash felt broken, this is one of the reasons.

I hate it, but I guess I can add a line to my configs.

-- 
There is nothing wrong with Southern California that a rise in the
ocean level wouldn't cure.
-- Ross MacDonald

Re: [4/4] Re: Add support for Meinberg DCF600USB to umbg(4)

[Peter Hessler]

OK

On 2019 Mar 22 (Fri) at 10:04:37 +0100 (+0100), Paul de Weerd wrote:
:Index: GENERIC
:===
:RCS file: /home/OpenBSD/cvs/src/sys/arch/amd64/conf/GENERIC,v
:retrieving revision 1.466
:diff -u -p -r1.466 GENERIC
:--- GENERIC19 Jan 2019 03:24:18 -  1.466
:+++ GENERIC22 Mar 2019 08:10:33 -
:@@ -306,6 +306,7 @@ urtw*  at uhub?# Realtek 8187
: rsu*  at uhub?# Realtek RTL8188SU/RTL8191SU/RTL8192SU
: urtwn*at uhub?# Realtek RTL8188CU/RTL8192CU
: udcf* at uhub?# Gude Expert mouseCLOCK
:+umbg* at uhub?# Meinberg Funkuhren USB5131/DCF600USB
: umb*  at uhub?# Mobile Broadband Interface Model
: uthum*at uhidev?  # TEMPerHUM sensor
: ugold*at uhidev?  # gold TEMPer sensor
:
:
:-- 
:>[<++>-]<+++.>+++[<-->-]<.>+++[<+
:+++>-]<.>++[<>-]<+.--.[-]
: http://www.weirdnet.nl/ 
:

Re: [3/4] Re: Add support for Meinberg DCF600USB to umbg(4)

[Peter Hessler]

OK


On 2019 Mar 22 (Fri) at 10:04:19 +0100 (+0100), Paul de Weerd wrote:
:
:Index: share/man/man4/umbg.4
:===
:RCS file: /home/OpenBSD/cvs/src/share/man/man4/umbg.4,v
:retrieving revision 1.4
:diff -u -p -r1.4 umbg.4
:--- share/man/man4/umbg.4  16 Jul 2013 16:05:49 -  1.4
:+++ share/man/man4/umbg.4  20 Mar 2019 12:16:03 -
:@@ -19,7 +19,7 @@
: .Os
: .Sh NAME
: .Nm umbg
:-.Nd Meinberg Funkuhren USB5131 timedelta sensor
:+.Nd Meinberg Funkuhren USB5131 and DCF600USB timedelta sensors
: .Sh SYNOPSIS
: .Cd "umbg* at uhub?"
: .Sh DESCRIPTION
:Index: sys/dev/usb/umbg.c
:===
:RCS file: /home/OpenBSD/cvs/src/sys/dev/usb/umbg.c,v
:retrieving revision 1.25
:diff -u -p -r1.25 umbg.c
:--- sys/dev/usb/umbg.c 30 Dec 2017 20:47:00 -  1.25
:+++ sys/dev/usb/umbg.c 22 Mar 2019 08:29:40 -
:@@ -156,8 +156,9 @@ umbg_match(struct device *parent, void *
:   if (uaa->iface == NULL)
:   return UMATCH_NONE;
: 
:-  return uaa->vendor == USB_VENDOR_MEINBERG &&
:-  uaa->product == USB_PRODUCT_MEINBERG_USB5131 ?
:+  return uaa->vendor == USB_VENDOR_MEINBERG && (
:+  uaa->product == USB_PRODUCT_MEINBERG_USB5131 ||
:+  uaa->product == USB_PRODUCT_MEINBERG_DCF600USB) ?
:   UMATCH_VENDOR_PRODUCT : UMATCH_NONE;
: }
: 
:@@ -172,6 +173,7 @@ umbg_attach(struct device *parent, struc
:   usb_endpoint_descriptor_t *ed;
:   usbd_status err;
:   int signal;
:+  const char *desc;
: #ifdef UMBG_DEBUG
:   char fw_id[MBG_ID_LEN];
: #endif
:@@ -182,7 +184,18 @@ umbg_attach(struct device *parent, struc
: 
:   sc->sc_timedelta.type = SENSOR_TIMEDELTA;
:   sc->sc_timedelta.status = SENSOR_S_UNKNOWN;
:-  strlcpy(sc->sc_timedelta.desc, "USB5131",
:+  
:+  switch (uaa->product) {
:+  case USB_PRODUCT_MEINBERG_DCF600USB:
:+  desc = "DCF600USB";
:+  break;
:+  case USB_PRODUCT_MEINBERG_USB5131:
:+  desc = "USB5131";
:+  break;
:+  default:
:+  desc = "Unspecified Radio clock";
:+  }
:+  strlcpy(sc->sc_timedelta.desc, desc,
:   sizeof(sc->sc_timedelta.desc));
:   sensor_attach(>sc_sensordev, >sc_timedelta);
: 
:
:-- 
:>[<++>-]<+++.>+++[<-->-]<.>+++[<+
:+++>-]<.>++[<>-]<+.--.[-]
: http://www.weirdnet.nl/ 
:

Re: xhci: set chain bit in link TRBs

[Peter Hessler]

On 2019 Feb 21 (Thu) at 16:19:22 +0100 (+0100), Patrick Wildt wrote:
:On Thu, Feb 21, 2019 at 03:56:57PM +0100, Stefan Sperling wrote:
:> On Thu, Feb 21, 2019 at 10:50:40AM +0100, Patrick Wildt wrote:
:> > Hi,
:> > 
:> > on my i.MX8M machine which features a DWC3 xHCI 1.10 controller I have
:> > seen this error while installing base64.tgz or running fsck:
:> > 
:> > umass0: Invalid CSW: sig 0x43425355 should be 0x53425355
:> > 
:> > As it turns out using a USB protocol analyzer, the transfers actually
:> > seem fine, the USB mass storage is not responding nonsense.  By further
:> > looking into it I realized that our xhci(4) is told the transfer was
:> > completed, even though the buffer had not been touched.
:> > 
:> > Further debugging revealed that the issue occured when a transfer that
:> > spans multiple TRBs loops over the ring.  This means one TRB is using
:> > idx 254, the next TRB is the link TRB which does not contain data and
:> > sits at idx 255, and the following data TRB is using idx 0.
:> > 
:> > Transfers that comprise of multiple TRBs must have the chain bit set in
:> > all but the last TRB.  Now in this case the link TRB which sits in the
:> > middle does not get the chain bit set, and thus processing stops.
:> > 
:> > Somewhere I have seen code that always sets the chain bit in the link
:> > TRB, so I'm wondering if we should follow that too.  For now I think the
:> > easiest fix for this is to set the chain bit in the link TRB if the
:> > transfer spans multiple TRBs.
:> > 
:> > Feedback?
:> 
:> Is this why the #if 0 isochronous transfer code doesn't work?
:> 
:
:That's possible.  Do you have a device you could test this with?
:

tested here with uvideo0:

xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x21: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
...
uvideo0 at uhub0 port 8 configuration 1 interface 0 "Chicony Electronics 
Co.,Ltd. Integrated Camera" rev 2.00/0.06 addr 3
video0 at uvideo0
...
xhci0: NULL xfer pointer
xhci0: wrong trb index (4227450112) max is 255
xhci0: wrong trb index (4227450112) max is 255
xhci0: NULL xfer pointer



-- 
Q:  How many Martians does it take to screw in a lightbulb?
A:  One and a half.

Re: spelling correction

[Peter Hessler]

$ grep -c nonexistant /usr/share/dict/words 
0
$ grep -c nonexistent /usr/share/dict/words
2

OK

or if someone else wants to give me an OK I can commit this.



On 2019 Feb 10 (Sun) at 11:13:04 -0500 (-0500), Pamela Mosiejczuk wrote:
:Hi,
:I noticed "non-existant" crop up in an error message and went hunting
:for other examples. This is a possible set of corrections.
:
:Thanks,
:Pamela
:
:
:
:Index: lib/libssl/d1_both.c
:===
:RCS file: /cvs/src/lib/libssl/d1_both.c,v
:retrieving revision 1.56
:diff -u -p -r1.56 d1_both.c
:--- lib/libssl/d1_both.c   8 Nov 2018 22:28:52 -   1.56
:+++ lib/libssl/d1_both.c   10 Feb 2019 15:54:50 -
:@@ -1046,7 +1046,7 @@ dtls1_retransmit_message(SSL *s, unsigne
:   item = pqueue_find(s->d1->sent_messages, seq64be);
:   if (item == NULL) {
: #ifdef DEBUG
:-  fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
:+  fprintf(stderr, "retransmit:  message %d non-existent\n", seq);
: #endif
:   *found = 0;
:   return 0;
:Index: regress/sys/kern/unveil/syscalls.c
:===
:RCS file: /cvs/src/regress/sys/kern/unveil/syscalls.c,v
:retrieving revision 1.20
:diff -u -p -r1.20 syscalls.c
:--- regress/sys/kern/unveil/syscalls.c 17 Jan 2019 03:26:19 -  1.20
:+++ regress/sys/kern/unveil/syscalls.c 10 Feb 2019 15:54:53 -
:@@ -605,8 +605,8 @@ static int
: test_stat2(int do_uv)
: {
:   if (do_uv) {
:-  printf("testing stat components to nonexistant \"rw\"\n");
:-  if (unveil("/usr/share/man/nonexistant", "rw") == -1)
:+  printf("testing stat components to nonexistent \"rw\"\n");
:+  if (unveil("/usr/share/man/nonexistent", "rw") == -1)
:   err(1, "%s:%d - unveil", __FILE__, __LINE__);
:   }
:   struct stat sb;
:@@ -616,7 +616,7 @@ test_stat2(int do_uv)
:   UV_SHOULD_SUCCEED((stat("/usr", ) == -1), "stat");
:   UV_SHOULD_SUCCEED((stat("/usr/share", ) == -1), "stat");
:   UV_SHOULD_SUCCEED((stat("/usr/share/man", ) == -1), "stat");
:-  UV_SHOULD_ENOENT((stat("/usr/share/man/nonexistant", ) == -1), 
"stat");
:+  UV_SHOULD_ENOENT((stat("/usr/share/man/nonexistent", ) == -1), 
"stat");
:   return 0;
: }
: 
:Index: sys/net/if_pfsync.c
:===
:RCS file: /cvs/src/sys/net/if_pfsync.c,v
:retrieving revision 1.261
:diff -u -p -r1.261 if_pfsync.c
:--- sys/net/if_pfsync.c3 Oct 2018 01:24:14 -   1.261
:+++ sys/net/if_pfsync.c10 Feb 2019 15:55:00 -
:@@ -2062,7 +2062,7 @@ pfsync_update_state_req(struct pf_state 
:   struct pfsync_softc *sc = pfsyncif;
: 
:   if (sc == NULL)
:-  panic("pfsync_update_state_req: nonexistant instance");
:+  panic("pfsync_update_state_req: nonexistent instance");
: 
:   if (ISSET(st->state_flags, PFSTATE_NOSYNC)) {
:   if (st->sync_state != PFSYNC_S_NONE)
:Index: sys/scsi/mpath.c
:===
:RCS file: /cvs/src/sys/scsi/mpath.c,v
:retrieving revision 1.41
:diff -u -p -r1.41 mpath.c
:--- sys/scsi/mpath.c   23 Aug 2015 01:55:39 -  1.41
:+++ sys/scsi/mpath.c   10 Feb 2019 15:55:00 -
:@@ -189,7 +189,7 @@ mpath_cmd(struct scsi_xfer *xs)
: 
: #ifdef DIAGNOSTIC
:   if (d == NULL)
:-  panic("mpath_cmd issued against nonexistant device");
:+  panic("mpath_cmd issued against nonexistent device");
: #endif
: 
:   if (ISSET(xs->flags, SCSI_POLL)) {
:@@ -404,7 +404,7 @@ mpath_minphys(struct buf *bp, struct scs
: 
: #ifdef DIAGNOSTIC
:   if (d == NULL)
:-  panic("mpath_minphys against nonexistant device");
:+  panic("mpath_minphys against nonexistent device");
: #endif
: 
:   mtx_enter(>d_mtx);
:@@ -548,7 +548,7 @@ mpath_path_detach(struct mpath_path *p)
: 
: #ifdef DIAGNOSTIC
:   if (g == NULL)
:-  panic("mpath: detaching a path from a nonexistant bus");
:+  panic("mpath: detaching a path from a nonexistent bus");
: #endif
:   d = g->g_dev;
:   p->p_group = NULL;
:Index: sys/uvm/uvm_map.c
:===
:RCS file: /cvs/src/sys/uvm/uvm_map.c,v
:retrieving revision 1.239
:diff -u -p -r1.239 uvm_map.c
:--- sys/uvm/uvm_map.c  31 Oct 2018 08:50:25 -  1.239
:+++ sys/uvm/uvm_map.c  10 Feb 2019 15:55:03 -
:@@ -1491,7 +1491,7 @@ uvm_mapent_merge(struct vm_map *map, str
:  * Attempt forward and backward joining of entry.
:  *
:  * Returns entry after joins.
:- * We are guaranteed that the amap of entry is either non-existant or
:+ * We are guaranteed that the amap of entry is either non-existent or
:  * has never been used.
:  */
: struct vm_map_entry*
:Index: usr.sbin/pkg_add/OpenBSD/PkgDelete.pm

Re: pvclock(4)

[Peter Hessler]

On 2018 Dec 04 (Tue) at 15:14:51 +0100 (+0100), Reyk Floeter wrote:
:On Tue, Dec 04, 2018 at 05:43:48AM -0800, Chris Cappuccio wrote:
:> Of course printf instead of panic for testers 
:> 
:
:Oh, right, thanks!
:
:@john:  Does this "slightly less simple" diff work for you?
:
:@phessler, Chris: Maybe we should get this fix tested and in, wait for
:reports, and I can use the time to think about my other option.  What
:do you think?
:

Yea, I think this diff would help avoid panics for systems where that
bit is never set, and should go in.

OK


:Reyk
:
:Index: sys/dev/pv/pvclock.c
:===
:RCS file: /cvs/src/sys/dev/pv/pvclock.c,v
:retrieving revision 1.2
:diff -u -p -u -p -r1.2 pvclock.c
:--- sys/dev/pv/pvclock.c   24 Nov 2018 13:12:29 -  1.2
:+++ sys/dev/pv/pvclock.c   4 Dec 2018 14:03:57 -
:@@ -70,6 +70,11 @@ uint pvclock_get_timecount(struct timec
: void   pvclock_read_time_info(struct pvclock_softc *,
:   struct pvclock_time_info *);
: 
:+static inline uint32_t
:+   pvclock_read_begin(const struct pvclock_time_info *);
:+static inline int
:+   pvclock_read_done(const struct pvclock_time_info *, uint32_t);
:+
: struct cfattach pvclock_ca = {
:   sizeof(struct pvclock_softc),
:   pvclock_match,
:@@ -127,8 +132,11 @@ pvclock_match(struct device *parent, voi
: void
: pvclock_attach(struct device *parent, struct device *self, void *aux)
: {
:-  struct pvclock_softc*sc = (struct pvclock_softc *)self;
:-  paddr_t  pa;
:+  struct pvclock_softc*sc = (struct pvclock_softc *)self;
:+  struct pvclock_time_info*ti;
:+  paddr_t  pa;
:+  uint32_t version;
:+  uint8_t  flags;
: 
:   if ((sc->sc_time = km_alloc(PAGE_SIZE,
:   _any, _zero, _nowait)) == NULL) {
:@@ -143,6 +151,19 @@ pvclock_attach(struct device *parent, st
: 
:   wrmsr(KVM_MSR_SYSTEM_TIME, pa | PVCLOCK_SYSTEM_TIME_ENABLE);
:   sc->sc_paddr = pa;
:+
:+  ti = sc->sc_time;
:+  do {
:+  version = pvclock_read_begin(ti);
:+  flags = ti->ti_flags;
:+  } while (!pvclock_read_done(ti, version));
:+
:+  if ((flags & PVCLOCK_FLAG_TSC_STABLE) == 0) {
:+  wrmsr(KVM_MSR_SYSTEM_TIME, pa & ~PVCLOCK_SYSTEM_TIME_ENABLE);
:+  km_free(sc->sc_time, PAGE_SIZE, _any, _zero);
:+  printf(": unstable clock\n");
:+  return;
:+  }
: 
:   sc->sc_tc = _timecounter;
:   sc->sc_tc->tc_name = DEVNAME(sc);
:

-- 
Reality is an obstacle to hallucination.

Re: pvclock(4)

[Peter Hessler]

On 2018 Dec 03 (Mon) at 16:56:10 -0800 (-0800), Chris Cappuccio wrote:
:Reyk Floeter [r...@openbsd.org] wrote:
:>
:> Yes, KVM???s stable bit is not a reliable indication as it is seems to 
depend on the capabilities of the KVM version and not the actual availability 
of the feature on the particular hardware. How annoying.
:>
:> As mentioned before: I???d like to disable pvclock for now and I can do that 
in the morning CET if nobody beats me to it.
:>
:> I have an idea how to deal with old platforms afterwards but this needs some 
more tests and thoughts.
:>
:
:Perhaps the solution is as "simple" as checking the status of the bit
:after the presence of the bit is established ?
:

This makes sense, OK




:Index: pvclock.c
:===
:RCS file: /cvs/src/sys/dev/pv/pvclock.c,v
:retrieving revision 1.2
:diff -u -p -u -r1.2 pvclock.c
:--- pvclock.c  24 Nov 2018 13:12:29 -  1.2
:+++ pvclock.c  4 Dec 2018 00:53:56 -
:@@ -127,8 +127,10 @@ pvclock_match(struct device *parent, voi
: void
: pvclock_attach(struct device *parent, struct device *self, void *aux)
: {
:-  struct pvclock_softc*sc = (struct pvclock_softc *)self;
:-  paddr_t  pa;
:+  struct pvclock_softc*sc = (struct pvclock_softc *)self;
:+  struct pvclock_time_info*ti;
:+  paddr_t  pa;
:+  uint8_t  flags;
: 
:   if ((sc->sc_time = km_alloc(PAGE_SIZE,
:   _any, _zero, _nowait)) == NULL) {
:@@ -151,6 +153,13 @@ pvclock_attach(struct device *parent, st
: 
:   /* Better than HPET but below TSC */
:   sc->sc_tc->tc_quality = 1500;
:+
:+  ti = sc->sc_time;
:+  flags = ti->ti_flags;
:+  if ((flags & PVCLOCK_FLAG_TSC_STABLE) == 0) {
:+  printf(": unstable timestamp counter\n");
:+  return;
:+  }
: 
:   tc_init(sc->sc_tc);
: 
:

-- 
fortune -as

Re: Add acpipci(4) on amd64

[Peter Hessler]

On 2018 Oct 22 (Mon) at 21:45:06 +0200 (+0200), Mark Kettenis wrote:
:Diff below adds an acpipci(4) driver on amd64.  For now the main
:purpose of this driver is to make the PCI-specific _OSC calls to
:advertise the functionality we support.  Most notably this advertises
:support for PCIE native hotplug as we have some indications that this
:will help Thunderbolt 3 support on some machines.
:
:I'd like to see this tested on a wide range of amd64 hardware, but
:especially on laptops.  Please reply with a diff of your dmesg before
:and after.  Make sure you run make config before building a new kernel.
:
:Thanks,
:
:Mark
:

Tested on Thinkpad X1 Carbon 5th Gen.  No explosions yet, but I don't
have any usb-c devices to try against it.

Diff is:

--- dmesg.boot  Tue Oct 23 12:57:31 2018
+++ dmesg.acpipci   Tue Oct 23 12:57:30 2018
@@ -1,7 +1,7 @@
-OpenBSD 6.4-current (GENERIC.MP) #0: Tue Oct 23 10:18:36 CEST 2018
+OpenBSD 6.4-current (GENERIC.MP) #1: Tue Oct 23 12:14:06 CEST 2018
 phess...@gwen.theapt.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 8446648320 (8055MB)
-avail mem = 8181391360 (7802MB)
+avail mem = 8181379072 (7802MB)
 mpath0 at root
 scsibus0 at mpath0: 256 targets
 mainbus0 at root
@@ -16,7 +16,7 @@ acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 2399 Hz
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
-cpu0: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 1197.70 MHz, 06-4e-03
+cpu0: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 1197.52 MHz, 06-4e-03
 cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
 cpu0: 256KB 64b/line 8-way L2 cache
 cpu0: smt 0, core 0, package 0
@@ -24,7 +24,7 @@ mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixe
 cpu0: apic clock running at 23MHz
 cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
 cpu1 at mainbus0: apid 2 (application processor)
-cpu1: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 963.35 MHz, 06-4e-03
+cpu1: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 971.76 MHz, 06-4e-03
 cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
 cpu1: 256KB 64b/line 8-way L2 cache
 cpu1: smt 0, core 1, package 0
@@ -75,8 +75,9 @@ acpipwrres0 at acpi0: PUBS, resource for XHC_
 acpipwrres1 at acpi0: WRST
 acpipwrres2 at acpi0: WRST
 acpitz0 at acpi0: critical temperature is 128 degC
+acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
 acpithinkpad0 at acpi0
-acpiac0 at acpi0: AC unit offline
+acpiac0 at acpi0: AC unit online
 acpibat0 at acpi0: BAT0 model "01AV430" serial  1267 type LiP oem "SMP"
 acpicmos0 at acpi0
 "ALPS" at acpi0 not configured


Full dmesg is:

OpenBSD 6.4-current (GENERIC.MP) #1: Tue Oct 23 12:14:06 CEST 2018
phess...@gwen.theapt.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8446648320 (8055MB)
avail mem = 8181379072 (7802MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xca6bb000 (62 entries)
bios0: vendor LENOVO version "N1MET49W (1.34 )" date 07/02/2018
bios0: LENOVO 20K4002VGE
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG ECDT SSDT BOOT 
BATB SLIC SSDT SSDT SSDT WSMT SSDT SSDT DBGP DBG2 MSDM DMAR ASF! FPDT UEFI
acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) RP02(S4) 
RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) RP09(S4) RP10(S4) RP11(S4) 
RP12(S4) RP13(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 1197.52 MHz, 06-4e-03
cpu0: 

Re: slaacd(8): moving between networks

[Peter Hessler]

On 2018 Jul 22 (Sun) at 18:19:01 +0200 (+0200), Florian Obser wrote:
:When one is connected to a network, suspends or hibernates, moves to a
:different network and wakes up one ends up with ip addresses from both
:networks and things probably go sideways. There is a good chance that
:source address selection picks the wrong IP.
:
:One common suggestion is that slaacd should just delete old addresses
:when it sees a new prefix announced. I'm afraid that's too simplistic.
:I'm aware of networks where two routers announce two different
:prefixes. We would flip flop between them.
:
:claudio@ recently suggested to delete addresses on link state change.
:I'm kinda worried that there might be still scenarios where we would
:flip flop between prefixes.
:
:So I hit the literature, but I couldn't find anything in the RFCs or
:in drafts on how to handle this. The stance in the RFCs is, if pltime
:> 0 the address is good, that's it.
:
:I was toying with the idea to solve this in the kernel, namely in the
:address selection algorithm and found this in RFC 6724:
:
:   2.  Added Rule 5.5 to allow choosing a source address from a prefix
:   advertised by the chosen next-hop for a given destination.  This
:   allows better connectivity in the presence of BCP 38 [RFC2827]
:   ingress filtering and egress filtering.  Previously, RFC 3484 had
:   issues with multiple egress networks reached via the same
:   interface, as discussed in [RFC5220].
:
:But that seems difficult to implement. We don't track the router for
:the prefix in the kernel.
:
:I note that my jesus laptop deletes old addresses. But I have no idea
:what heuristic they employ.
:
:So, how about we steer the address selection away from old addresses
:on link state change?
:
:If the link goes down deprecate all addresses by setting the pltime to
:0. The addresses are still valid, but will not be used for new connections.
:
:When the link comes back up we send a solicitation. If we are in a new
:network we get new addresses, the old addresses are deprecated and
:will no longer be used. Upper layers should take care of terminating
:existing connections with the old addresses.
:
:Thoughts? Tests? OKs?
:
:p.s. if someone knows of some documentation (RFC, draft, some writing
:what other implementations do) I'd be very interested.
:

I've done a little bit of testing of this.  So far, it does what it says
on the tin, changes addresses to deprecated and sets the pltime to 0.
When link comes back, and it's the same prefix, our expected soii address
is re-established.

OK


Noticed while testing, but can be a different diff:

However, at home I do not have any IPv6.  So while the IPv6 default route
is installed, my laptop will still try to use the deprecated addresses.

I think it would be best if we treated the default router the same way
as we treat the autoconf addresses, so change the lifetime to 0.  When
the link comes back, a default router can be learned and installed.


-- 
A general leading the State Department resembles a dragon commanding
ducks.
-- New York Times, Jan. 20, 1981

Re: rc(8): don't hide failures from route6d & rtadvd

[Peter Hessler]

net.inet6.ip6.forwarding=0
OK(failed)


On 2018 Jul 11 (Wed) at 09:58:18 +0200 (+0200), Florian Obser wrote:
:at least rtadvd has it's own check and failes to start if forwarding
:is not enabled, not sure what route6d is doing.
:
:rc(8) should not silently hide errors.
:
:OK?
:
:diff --git etc/rc etc/rc
:index 21f009306cb..938f4858301 100644
:--- etc/rc
:+++ etc/rc
:@@ -575,14 +575,7 @@ run_upgrade_script sysmerge
: 
: echo -n 'starting network daemons:'
: start_daemon ldomd sshd switchd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
:-start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd
:-
:-if ifconfig lo0 inet6 >/dev/null 2>&1; then
:-  if (($(sysctl -n net.inet6.ip6.forwarding) == 1)); then
:-  start_daemon route6d rtadvd
:-  fi
:-fi
:-
:+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd route6d 
rtadvd
: start_daemon hostapd lpd smtpd slowcgi httpd ftpd
: start_daemon ftpproxy ftpproxy6 tftpd tftpproxy identd inetd rarpd bootparamd
: start_daemon rbootd mopd vmd spamd spamlogd sndiod
:
:
:-- 
:I'm not entirely sure you are real.
:

-- 
An age is called Dark not because the light fails to shine, but because
people refuse to see it.
-- James Michener, "Space"

Re: bgpd softreconf in optimisation

[Peter Hessler]

yes please!

OK

On 2018 Jul 03 (Tue) at 22:37:29 +0200 (+0200), Claudio Jeker wrote:
:There is no need to run against both input filters.
:path_update() and prefix_remove() are both smart enough to handle all
:cases (similar to a regular update).  Should make reloads a bit faster.
:
:More precise
:- prefix_remove() of a non existing prefix is a NOP
:- path_update() does itself a path_compare() call and will not issue an
:  UPDATE if nothing changed.
:
:OK?
:-- 
::wq Claudio
:
:Index: rde.c
:===
:RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
:retrieving revision 1.383
:diff -u -p -r1.383 rde.c
:--- rde.c  28 Jun 2018 09:54:48 -  1.383
:+++ rde.c  3 Jul 2018 19:09:13 -
:@@ -3047,8 +3047,8 @@ rde_softreconfig_in(struct rib_entry *re
:   struct prefix   *p, *np;
:   struct pt_entry *pt;
:   struct rde_peer *peer;
:-  struct rde_aspath   *asp, *oasp, *nasp;
:-  enum filter_actions  oa, na;
:+  struct rde_aspath   *asp, *fasp;
:+  enum filter_actions  action;
:   struct bgpd_addr addr;
: 
:   pt = re->prefix;
:@@ -3062,39 +3062,20 @@ rde_softreconfig_in(struct rib_entry *re
:   asp = prefix_aspath(p);
:   peer = asp->peer;
: 
:-  /* check if prefix changed */
:-  if (rib->state == RECONF_RELOAD) {
:-  oa = rde_filter(rib->in_rules_tmp, peer, , p);
:-  oasp = oasp != NULL ? oasp : asp;
:-  } else {
:-  /* make sure we update everything for RECONF_REINIT */
:-  oa = ACTION_DENY;
:-  oasp = asp;
:-  }
:-  na = rde_filter(rib->in_rules, peer, , p);
:-  nasp = nasp != NULL ? nasp : asp;
:+  action = rde_filter(rib->in_rules, peer, , p);
:+  fasp = fasp != NULL ? fasp : asp;
: 
:-  /* go through all 4 possible combinations */
:-  /* if (oa == ACTION_DENY && na == ACTION_DENY) */
:-  /* nothing todo */
:-  if (oa == ACTION_DENY && na == ACTION_ALLOW) {
:+  if (action == ACTION_ALLOW) {
:   /* update Local-RIB */
:-  path_update(>rib, peer, nasp, ,
:+  path_update(>rib, peer, fasp, ,
:   pt->prefixlen, 0);
:-  } else if (oa == ACTION_ALLOW && na == ACTION_DENY) {
:+  } else if (action == ACTION_DENY) {
:   /* remove from Local-RIB */
:   prefix_remove(>rib, peer, , pt->prefixlen, 0);
:-  } else if (oa == ACTION_ALLOW && na == ACTION_ALLOW) {
:-  if (path_compare(nasp, oasp) != 0)
:-  /* send update */
:-  path_update(>rib, peer, nasp, ,
:-  pt->prefixlen, 0);
:   }
: 
:-  if (oasp != asp)
:-  path_put(oasp);
:-  if (nasp != asp)
:-  path_put(nasp);
:+  if (fasp != asp)
:+  path_put(fasp);
:   }
: }
: 
:

-- 
Old programmers never die.  They just branch to a new address.

Re: slaacd(8) handle RTM_DELETE of default route

[Peter Hessler]

Running this for a little bit, done a bunch of lladdr random tests, as
well as suspend resume tests (which I've added lladdr random on resume).

This fixes the issues I'm seeing, OK.


On 2018 May 17 (Thu) at 14:25:44 +0200 (+0200), Florian Obser wrote:
:Peter points out that I never got around to correctly handling
:RTM_DELETE in slaacd. If something deletes the slaacd handled default
:route we should just re-create it. (Something being an explicit
:route(8) delete or if it implicitly disapears because of on
:ifconfig(8) lladdr random).
:
:Tests, OKs?
:
:diff --git engine.c engine.c
:index 184b349f650..10a70bee230 100644
:--- engine.c
:+++ engine.c
:@@ -259,6 +259,8 @@ struct address_proposal
*find_address_proposal_by_addr(struct slaacd_iface *,
:struct sockaddr_in6 *);
: struct dfr_proposal   *find_dfr_proposal_by_id(struct slaacd_iface *,
:int64_t);
:+struct dfr_proposal   *find_dfr_proposal_by_gw(struct slaacd_iface *,
:+   struct sockaddr_in6 *);
: void   find_prefix(struct slaacd_iface *, struct
:address_proposal *, struct radv **, struct
:radv_prefix **);
:@@ -389,6 +391,7 @@ engine_dispatch_frontend(int fd, short event, void *bula)
:   struct address_proposal *addr_proposal = NULL;
:   struct dfr_proposal *dfr_proposal = NULL;
:   struct imsg_del_addr del_addr;
:+  struct imsg_del_routedel_route;
:   ssize_t  n;
:   int  shut = 0;
: #ifndef   SMALL
:@@ -520,6 +523,28 @@ engine_dispatch_frontend(int fd, short event, void *bula)
:   free_address_proposal(addr_proposal);
:   }
: 
:+  break;
:+  case IMSG_DEL_ROUTE:
:+  if (imsg.hdr.len != IMSG_HEADER_SIZE +
:+  sizeof(del_route))
:+  fatal("%s: IMSG_DEL_ROUTE wrong length: %d",
:+  __func__, imsg.hdr.len);
:+  memcpy(_route, imsg.data, sizeof(del_route));
:+  iface = get_slaacd_iface_by_id(del_addr.if_index);
:+  if (iface == NULL) {
:+  log_debug("IMSG_DEL_ROUTE: unknown interface"
:+  ", ignoring");
:+  break;
:+  }
:+
:+  dfr_proposal = find_dfr_proposal_by_gw(iface,
:+  _route.gw);
:+
:+  if (dfr_proposal) {
:+  dfr_proposal->state = PROPOSAL_WITHDRAWN;
:+  free_dfr_proposal(dfr_proposal);
:+  start_probe(iface);
:+  }
:   break;
:   default:
:   log_debug("%s: unexpected imsg %d", __func__,
:@@ -1932,10 +1957,7 @@ configure_dfr(struct dfr_proposal *dfr_proposal)
: 
:   if (prev_state == PROPOSAL_CONFIGURED || prev_state ==
:   PROPOSAL_NEARLY_EXPIRED) {
:-  /*
:-   * nothing to do here, routes do not expire in the kernel
:-   * XXX check if the route got deleted and re-add it?
:-   */
:+  /* nothing to do here, routes do not expire in the kernel */
:   return;
:   }
: 
:@@ -2276,6 +2298,20 @@ find_dfr_proposal_by_id(struct slaacd_iface *iface, 
int64_t id)
:   return (NULL);
: }
: 
:+struct dfr_proposal*
:+find_dfr_proposal_by_gw(struct slaacd_iface *iface, struct sockaddr_in6
:+*addr)
:+{
:+  struct dfr_proposal *dfr_proposal;
:+
:+  LIST_FOREACH (dfr_proposal, >dfr_proposals, entries) {
:+  if (memcmp(_proposal->addr, addr, sizeof(*addr)) == 0)
:+  return (dfr_proposal);
:+  }
:+
:+  return (NULL);
:+}
:+
: 
: /* XXX currently unused */
: void
:diff --git frontend.c frontend.c
:index b7d4d13f7d1..56eb3617143 100644
:--- frontend.c
:+++ frontend.c
:@@ -674,7 +674,9 @@ handle_route_message(struct rt_msghdr *rtm, struct 
sockaddr **rti_info)
:   struct if_msghdr*ifm;
:   struct imsg_proposal_ack proposal_ack;
:   struct imsg_del_addr del_addr;
:+  struct imsg_del_routedel_route;
:   struct sockaddr_rtlabel *rl;
:+  struct in6_addr *in6;
:   int64_t  id, pid;
:   int  flags, xflags, if_index;
:   char ifnamebuf[IFNAMSIZ];
:@@ -728,6 +730,46 @@ handle_route_message(struct rt_msghdr *rtm, struct 
sockaddr **rti_info)
:   log_debug("RTM_DELADDR: %s[%u]", if_name,
:   ifm->ifm_index);
:   }
:+  break;
:+  case 

Re: 5GHz AP RSSI measurement problem

[Peter Hessler]

On 2018 Apr 30 (Mon) at 10:55:22 +0200 (+0200), Stefan Sperling wrote:
:Setting aside concerns about my lack of understanding of the underlying
:reason for this behaviour, the hack below is sufficient to make this AP
:show up as a strong contender in the candidate list and be preferred
:over 2GHz as it should be.
:
:Should I commit this hack? I don't see any downsides.
:

OK

:Index: ieee80211_input.c
:===
:RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
:retrieving revision 1.200
:diff -u -p -r1.200 ieee80211_input.c
:--- ieee80211_input.c  29 Apr 2018 12:11:48 -  1.200
:+++ ieee80211_input.c  30 Apr 2018 08:32:58 -
:@@ -1689,13 +1689,26 @@ ieee80211_recv_probe_resp(struct ieee802
:   memcpy(ni->ni_essid, [2], ssid[1]);
:   }
:   IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
:-  ni->ni_rssi = rxi->rxi_rssi;
:+  /* XXX validate channel # */
:+  ni->ni_chan = >ic_channels[chan];
:+  if (ic->ic_state == IEEE80211_S_SCAN &&
:+  IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) {
:+  /*
:+   * During a scan on 5Ghz, prefer RSSI measured for probe
:+   * response frames. i.e. don't allow beacons to lower the
:+   * measured RSSI. Some 5GHz APs send beacons with much
:+   * less Tx power than they use for probe responses.
:+   */
:+   if (isprobe)
:+  ni->ni_rssi = rxi->rxi_rssi;
:+  else if (ni->ni_rssi < rxi->rxi_rssi)
:+  ni->ni_rssi = rxi->rxi_rssi;
:+  } else
:+  ni->ni_rssi = rxi->rxi_rssi;
:   ni->ni_rstamp = rxi->rxi_tstamp;
:   memcpy(ni->ni_tstamp, tstamp, sizeof(ni->ni_tstamp));
:   ni->ni_intval = bintval;
:   ni->ni_capinfo = capinfo;
:-  /* XXX validate channel # */
:-  ni->ni_chan = >ic_channels[chan];
:   ni->ni_erp = erp;
:   /* NB: must be after ni_chan is setup */
:   ieee80211_setup_rates(ic, ni, rates, xrates, IEEE80211_F_DOSORT);
:

-- 
I doubt, therefore I might be.

Re: rssi comparison threshold

[Peter Hessler]

On 2018 May 01 (Tue) at 11:20:54 +0200 (+0200), Stefan Sperling wrote:
:On Mon, Apr 30, 2018 at 08:57:23AM +0200, Peter Hessler wrote:
:> On 2018 Apr 29 (Sun) at 11:51:26 +0200 (+0200), Stefan Sperling wrote:
:> :This diff tries to avoid situations where background scans play
:> :ping-pong between different APs with nearly equal RSSI, as
:> :observed by phessler.
:> :
:> :Not all drivers represent RSSI values in dBm or percentage, so the
:> :diff includes the possibility for drivers to override the new RSSI
:> :comparison function. However, since the threshold is rather low
:> :applying this to all drivers for now should not do any harm, unless
:> :there is a driver where the RSSI value range is ridiculously small.
:> :I'm not aware of any such driver at present.
:> :
:> 
:> I'm concerned about two things.
:> 
:> The usage is confusing, because you pass two incompatible things to be
:> compared.  I would prefer ieee80211_node_cmprssi(ic, rssi_one, rssi_two).
:
:Agreed. Updated diff below. I've chosen to make it compare two nodes
:since the function lives in the nodes namespace. It makes the function
:a bit less flexible as it cannot be used to compare naked rssi values.
:But that's not really needed for the problem at hand; after all, we
:want to compare APs.
:
:> Also, in the case where ni->ni_rssi has a very weak signal, the second
:> comparison can underflow.
:
:Indeed. Thanks for catching this!
:

OK

:Index: ieee80211_node.c
:===
:RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
:retrieving revision 1.129
:diff -u -p -r1.129 ieee80211_node.c
:--- ieee80211_node.c   28 Apr 2018 14:49:07 -  1.129
:+++ ieee80211_node.c   30 Apr 2018 07:30:43 -
:@@ -67,6 +67,8 @@ u_int8_t ieee80211_node_getrssi(struct i
: const struct ieee80211_node *);
: int ieee80211_node_checkrssi(struct ieee80211com *,
: const struct ieee80211_node *);
:+int ieee80211_node_cmprssi(struct ieee80211com *,
:+const struct ieee80211_node *, const struct ieee80211_node *);
: void ieee80211_setup_node(struct ieee80211com *, struct ieee80211_node *,
: const u_int8_t *);
: void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *);
:@@ -133,6 +135,7 @@ ieee80211_node_attach(struct ifnet *ifp)
:   ic->ic_node_copy = ieee80211_node_copy;
:   ic->ic_node_getrssi = ieee80211_node_getrssi;
:   ic->ic_node_checkrssi = ieee80211_node_checkrssi;
:+  ic->ic_node_cmprssi = ieee80211_node_cmprssi;
:   ic->ic_scangen = 1;
:   ic->ic_max_nnodes = ieee80211_cache_size;
: 
:@@ -761,12 +764,15 @@ ieee80211_end_scan(struct ifnet *ifp)
: 
:   if (ic->ic_caps & IEEE80211_C_SCANALLBAND) {
:   if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) &&
:-  (selbs2 == NULL || ni->ni_rssi > selbs2->ni_rssi))
:+  (selbs2 == NULL ||
:+  ic->ic_node_cmprssi(ic, ni, selbs2) > 0))
:   selbs2 = ni;
:   else if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) &&
:-  (selbs5 == NULL || ni->ni_rssi > selbs5->ni_rssi))
:+  (selbs5 == NULL ||
:+  ic->ic_node_cmprssi(ic, ni, selbs5) > 0))
:   selbs5 = ni;
:-  } else if (selbs == NULL || ni->ni_rssi > selbs->ni_rssi)
:+  } else if (selbs == NULL ||
:+  ic->ic_node_cmprssi(ic, ni, selbs) > 0)
:   selbs = ni;
:   }
: 
:@@ -782,9 +788,12 @@ ieee80211_end_scan(struct ifnet *ifp)
:*/
:   if (selbs5 && selbs5->ni_rssi > min_5ghz_rssi)
:   selbs = selbs5;
:-  else if (selbs5 && selbs2)
:-  selbs = (selbs5->ni_rssi >= selbs2->ni_rssi ? selbs5 : selbs2);
:-  else if (selbs2)
:+  else if (selbs5 && selbs2) {
:+  if (ic->ic_node_cmprssi(ic, selbs5, selbs2) >= 0)
:+  selbs = selbs5;
:+  else
:+  selbs = selbs2;
:+  } else if (selbs2)
:   selbs = selbs2;
:   else if (selbs5)
:   selbs = selbs5;
:@@ -989,6 +998,38 @@ ieee80211_node_checkrssi(struct ieee8021
:   IEEE80211_RSSI_THRES_2GHZ :
:   IEEE80211_RSSI_THRES_5GHZ;
:   return (ni->ni_rssi >= (u_int8_t)thres);
:+}
:+
:+/*
:+ * Determine if RSSI values of two nodes are significantly different.
:+ * This function assumes RSSI values are represented either in dBm or
:+ * as a percentage of ic_max_rssi. Drivers should override this function
:+ * in case their RSSI values use a different representation.
:+ */
:+int
:+ieee80211_node_cmprssi(struct ieee80211com *ic,
:+const struct ieee80211_node *ni1, const struc

Re: rssi comparison threshold

[Peter Hessler]

On 2018 Apr 29 (Sun) at 11:51:26 +0200 (+0200), Stefan Sperling wrote:
:This diff tries to avoid situations where background scans play
:ping-pong between different APs with nearly equal RSSI, as
:observed by phessler.
:
:Not all drivers represent RSSI values in dBm or percentage, so the
:diff includes the possibility for drivers to override the new RSSI
:comparison function. However, since the threshold is rather low
:applying this to all drivers for now should not do any harm, unless
:there is a driver where the RSSI value range is ridiculously small.
:I'm not aware of any such driver at present.
:

I'm concerned about two things.

The usage is confusing, because you pass two incompatible things to be
compared.  I would prefer ieee80211_node_cmprssi(ic, rssi_one, rssi_two).

Also, in the case where ni->ni_rssi has a very weak signal, the second
comparison can underflow.


:@@ -991,6 +1000,31 @@ ieee80211_node_checkrssi(struct ieee8021
:   return (ni->ni_rssi >= (u_int8_t)thres);
: }
: 
:+/*
:+ * Determine if an RSSI value is significantly different from the
:+ * RSSI stored in a node structure. This function assumes RSSI values
:+ * are represented either dBm or as a percentage of ic_max_rssi.
:+ * Drivers should override this function in case their RSSI
:+ * values use a different representation.
:+ */
:+int
:+ieee80211_node_cmprssi(struct ieee80211com *ic,
:+const struct ieee80211_node *ni, uint8_t rssi)
:+{
:+  uint8_t thres;
:+
:+  if (ic->ic_max_rssi)
:+  thres = IEEE80211_RSSI_CMP_THRES_RATIO;
:+  else
:+  thres = IEEE80211_RSSI_CMP_THRES;
:+
:+  if (ni->ni_rssi + thres < rssi)
:+  return -1;
:+  if (ni->ni_rssi - thres > rssi)
:+  return 1;
:+  return 0;
:+}
:+
: void
: ieee80211_setup_node(struct ieee80211com *ic,
:   struct ieee80211_node *ni, const u_int8_t *macaddr)
:@@ -1259,7 +1293,8 @@ ieee80211_find_node_for_beacon(struct ie
:   if ((ni = ieee80211_find_node(ic, macaddr)) != NULL) {
:   s = splnet();
: 
:-  if (ni->ni_chan != chan && ni->ni_rssi >= rssi)
:+  if (ni->ni_chan != chan &&
:+  ic->ic_node_cmprssi(ic, ni, rssi) >= 0)
:   score++;
:   if (ssid[1] == 0 && ni->ni_esslen != 0)
:   score++;
:Index: ieee80211_var.h
:===
:RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
:retrieving revision 1.85
:diff -u -p -r1.85 ieee80211_var.h
:--- ieee80211_var.h26 Apr 2018 12:50:07 -  1.85
:+++ ieee80211_var.h29 Apr 2018 08:54:20 -
:@@ -62,6 +62,9 @@
: #define IEEE80211_RSSI_THRES_RATIO_2GHZ   60  /* in percent */
: #define IEEE80211_RSSI_THRES_RATIO_5GHZ   50  /* in percent */
: 
:+#define IEEE80211_RSSI_CMP_THRES  8   /* in dBm */
:+#define IEEE80211_RSSI_CMP_THRES_RATIO5   /* in percent */
:+
: #define IEEE80211_BGSCAN_FAIL_MAX 360 /* units of 500 msec */
: 
: enum ieee80211_phytype {
:@@ -270,6 +273,8 @@ struct ieee80211com {
:   const struct ieee80211_node *);
:   int (*ic_node_checkrssi)(struct ieee80211com *,
:   const struct ieee80211_node *);
:+  int (*ic_node_cmprssi)(struct ieee80211com *,
:+  const struct ieee80211_node *, uint8_t);
:   u_int8_tic_max_rssi;
:   struct ieee80211_tree   ic_tree;
:   int ic_nnodes;  /* length of ic_nnodes */
:

-- 
Illinois isn't exactly the land that God forgot -- it's more like the
land He's trying to ignore.

free all nodes and set linkstate to down when entering the SCAN state for all drivers

[Peter Hessler]

Some drivers use their own functions to change the link state for a
non-background scan, so ensure that they set the link state to down, and
free all nodes.  This is a follow up to stsp@'s ieee80211.c:r1.68.

(N.B. the atu driver already calls ieee80211_free_allnodes in this case
statement, but outside of the diff context)

Tested on iwm(4)

OK?


Index: ic/bwfm.c
===
RCS file: /cvs/openbsd/src/sys/dev/ic/bwfm.c,v
retrieving revision 1.42
diff -u -p -u -p -r1.42 bwfm.c
--- ic/bwfm.c   26 Apr 2018 12:50:07 -  1.42
+++ ic/bwfm.c   28 Apr 2018 15:01:55 -
@@ -2294,6 +2294,8 @@ bwfm_newstate(struct ieee80211com *ic, e
printf("%s: %s -> %s\n", DEVNAME(sc),
ieee80211_state_name[ic->ic_state],
ieee80211_state_name[nstate]);
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
+   ieee80211_free_allnodes(ic, 1);
ic->ic_state = nstate;
splx(s);
return 0;
Index: ic/pgt.c
===
RCS file: /cvs/openbsd/src/sys/dev/ic/pgt.c,v
retrieving revision 1.92
diff -u -p -u -p -r1.92 pgt.c
--- ic/pgt.c28 Apr 2018 14:49:07 -  1.92
+++ ic/pgt.c28 Apr 2018 15:17:35 -
@@ -2937,6 +2937,7 @@ pgt_newstate(struct ieee80211com *ic, en
ic->ic_mgt_timer = 0;
ic->ic_flags &= ~IEEE80211_F_SIBSS;
ieee80211_free_allnodes(ic, 1);
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
break;
case IEEE80211_S_SCAN:
ic->ic_if.if_timer = 1;
@@ -2946,6 +2947,7 @@ pgt_newstate(struct ieee80211com *ic, en
else
ieee80211_free_allnodes(ic, 1);
 
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
 #ifndef IEEE80211_STA_ONLY
/* Just use any old channel; we override it anyway. */
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
Index: pci/if_iwm.c
===
RCS file: /cvs/openbsd/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.227
diff -u -p -u -p -r1.227 if_iwm.c
--- pci/if_iwm.c26 Apr 2018 12:50:07 -  1.227
+++ pci/if_iwm.c28 Apr 2018 14:42:26 -
@@ -5501,6 +5501,10 @@ iwm_scan(struct iwm_softc *sc)
printf("%s: %s -> %s\n", ifp->if_xname,
ieee80211_state_name[ic->ic_state],
ieee80211_state_name[IEEE80211_S_SCAN]);
+   if ((sc->sc_flags & IWM_FLAG_BGSCAN) == 0) {
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
+   ieee80211_free_allnodes(ic, 1);
+   }
ic->ic_state = IEEE80211_S_SCAN;
iwm_led_blink_start(sc);
wakeup(>ic_state); /* wake iwm_init() */
Index: pci/if_iwn.c
===
RCS file: /cvs/openbsd/src/sys/dev/pci/if_iwn.c,v
retrieving revision 1.202
diff -u -p -u -p -r1.202 if_iwn.c
--- pci/if_iwn.c26 Apr 2018 12:50:07 -  1.202
+++ pci/if_iwn.c28 Apr 2018 14:59:42 -
@@ -1808,6 +1808,10 @@ iwn_newstate(struct ieee80211com *ic, en
printf("%s: %s -> %s\n", ifp->if_xname,
ieee80211_state_name[ic->ic_state],
ieee80211_state_name[nstate]);
+   if ((sc->sc_flags & IWN_FLAG_BGSCAN) == 0) {
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
+   ieee80211_free_allnodes(ic, 1);
+   }
ic->ic_state = nstate;
return 0;
 
Index: pci/if_wpi.c
===
RCS file: /cvs/openbsd/src/sys/dev/pci/if_wpi.c,v
retrieving revision 1.143
diff -u -p -u -p -r1.143 if_wpi.c
--- pci/if_wpi.c26 Apr 2018 12:50:07 -  1.143
+++ pci/if_wpi.c28 Apr 2018 14:58:59 -
@@ -1057,6 +1057,8 @@ wpi_newstate(struct ieee80211com *ic, en
printf("%s: %s -> %s\n", ifp->if_xname,
ieee80211_state_name[ic->ic_state],
ieee80211_state_name[nstate]);
+   ieee80211_set_link_state(ic, LINK_STATE_DOWN);
+   ieee80211_free_allnodes(ic, 1);
ic->ic_state = nstate;
return 0;
 
Index: usb/if_atu.c
===
RCS file: /cvs/openbsd/src/sys/dev/usb/if_atu.c,v
retrieving revision 1.125
diff -u -p -u -p -r1.125 if_atu.c
--- usb/if_atu.c28 Apr 2018 14:49:07 -  1.125
+++ usb/if_atu.c28 Apr 2018 15:17:23 -
@@ -1221,6 +1221,7 @@ atu_newstate(struct ieee80211com *ic, en
printf("%s: %s -> %s\n", ifp->if_xname,
ieee80211_state_name[ic->ic_state],
 

Re: net80211: fix WEP

[Peter Hessler]

On 2018 Apr 27 (Fri) at 17:45:44 +0300 (+0300), Paul Irofti wrote:
:On Fri, Apr 27, 2018 at 04:30:50PM +0200, Stefan Sperling wrote:
:> We just found out that WEP has been broken since August 2017.
:> Apparently not many people noticed. The commit which broke
:> it was:
:> 
:> [[[
:> CVSROOT: /cvs
:> Module name: src
:> Changes by:  s...@cvs.openbsd.org2017/08/18 11:30:12
:> 
:> Modified files:
:>  sys/net80211   : ieee80211_crypto.c ieee80211_crypto.h 
:>   ieee80211_proto.c 
:> 
:> Log message:
:> Clear WPA group keys from memory before initiating a key exchange
:> with an access point. Prevents false positive 'reused group key'
:> warnings in dmesg when re-associating to the same access point.
:> Problem reported by tb@
:> ok tb@
:> ]]]
:> 
:> Clear group keys in iee80211_newstate only if we're doing WPA.
:> Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP
:> keys configured by userland before associating.
:> (All WEP keys are group keys.)
:
:Hahahahha, isn't IEEE80211_F_WEPON a better flag to test?
:

As I understand it, we want to clear the group keys for WPA* (RSN).  So
it's better to check for the reason why.

:If not, OK.
:
:> 
:> Index: ieee80211_proto.c
:> ===
:> RCS file: /cvs/src/sys/net80211/ieee80211_proto.c,v
:> retrieving revision 1.83
:> diff -u -p -r1.83 ieee80211_proto.c
:> --- ieee80211_proto.c6 Feb 2018 22:14:52 -   1.83
:> +++ ieee80211_proto.c27 Apr 2018 14:00:22 -
:> @@ -948,7 +948,8 @@ justcleanup:
:>  break;
:>  }
:>  ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:> -ieee80211_crypto_clear_groupkeys(ic);
:> +if (ic->ic_flags & IEEE80211_F_RSNON)
:> +ieee80211_crypto_clear_groupkeys(ic);
:>  break;
:>  case IEEE80211_S_SCAN:
:>  ic->ic_flags &= ~IEEE80211_F_SIBSS;
:> @@ -960,7 +961,8 @@ justcleanup:
:>  ni->ni_associd = 0;
:>  ni->ni_rstamp = 0;
:>  ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:> -ieee80211_crypto_clear_groupkeys(ic);
:> +if (ic->ic_flags & IEEE80211_F_RSNON)
:> +ieee80211_crypto_clear_groupkeys(ic);
:>  switch (ostate) {
:>  case IEEE80211_S_INIT:
:>  #ifndef IEEE80211_STA_ONLY
:> @@ -1006,7 +1008,8 @@ justcleanup:
:>  break;
:>  case IEEE80211_S_AUTH:
:>  ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:> -ieee80211_crypto_clear_groupkeys(ic);
:> +if (ic->ic_flags & IEEE80211_F_RSNON)
:> +ieee80211_crypto_clear_groupkeys(ic);
:>  switch (ostate) {
:>  case IEEE80211_S_INIT:
:>  if (ifp->if_flags & IFF_DEBUG)
:

-- 
Thou shalt not omit adultery.

Re: net80211: fix WEP

[Peter Hessler]

Verified it fixes WEP.

OK

On 2018 Apr 27 (Fri) at 16:30:50 +0200 (+0200), Stefan Sperling wrote:
:We just found out that WEP has been broken since August 2017.
:Apparently not many people noticed. The commit which broke
:it was:
:
:[[[
:CVSROOT:   /cvs
:Module name:   src
:Changes by:s...@cvs.openbsd.org2017/08/18 11:30:12
:
:Modified files:
:   sys/net80211   : ieee80211_crypto.c ieee80211_crypto.h 
:ieee80211_proto.c 
:
:Log message:
:Clear WPA group keys from memory before initiating a key exchange
:with an access point. Prevents false positive 'reused group key'
:warnings in dmesg when re-associating to the same access point.
:Problem reported by tb@
:ok tb@
:]]]
:
:Clear group keys in iee80211_newstate only if we're doing WPA.
:Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP
:keys configured by userland before associating.
:(All WEP keys are group keys.)
:
:Index: ieee80211_proto.c
:===
:RCS file: /cvs/src/sys/net80211/ieee80211_proto.c,v
:retrieving revision 1.83
:diff -u -p -r1.83 ieee80211_proto.c
:--- ieee80211_proto.c  6 Feb 2018 22:14:52 -   1.83
:+++ ieee80211_proto.c  27 Apr 2018 14:00:22 -
:@@ -948,7 +948,8 @@ justcleanup:
:   break;
:   }
:   ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-  ieee80211_crypto_clear_groupkeys(ic);
:+  if (ic->ic_flags & IEEE80211_F_RSNON)
:+  ieee80211_crypto_clear_groupkeys(ic);
:   break;
:   case IEEE80211_S_SCAN:
:   ic->ic_flags &= ~IEEE80211_F_SIBSS;
:@@ -960,7 +961,8 @@ justcleanup:
:   ni->ni_associd = 0;
:   ni->ni_rstamp = 0;
:   ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-  ieee80211_crypto_clear_groupkeys(ic);
:+  if (ic->ic_flags & IEEE80211_F_RSNON)
:+  ieee80211_crypto_clear_groupkeys(ic);
:   switch (ostate) {
:   case IEEE80211_S_INIT:
: #ifndef IEEE80211_STA_ONLY
:@@ -1006,7 +1008,8 @@ justcleanup:
:   break;
:   case IEEE80211_S_AUTH:
:   ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-  ieee80211_crypto_clear_groupkeys(ic);
:+  if (ic->ic_flags & IEEE80211_F_RSNON)
:+  ieee80211_crypto_clear_groupkeys(ic);
:   switch (ostate) {
:   case IEEE80211_S_INIT:
:   if (ifp->if_flags & IFF_DEBUG)
:

-- 
Any two philosophers can tell each other all they know in two hours.
-- Oliver Wendell Holmes, Jr.

Re: RTM_CHGADDRATTR

[Peter Hessler]

On 2018 Apr 18 (Wed) at 19:49:41 +0200 (+0200), Florian Obser wrote:
:On Wed, Apr 18, 2018 at 05:05:59PM +0200, Florian Obser wrote:
:> This is to inform userland (i.e. slaacd(8)) when duplicate address
:> detection finishes.
:> 
:> Not a big fan of the lock/unlock dance but I guess it can't be helped
:> for now.
:> 
:> Comments, OKs?
:
:Theo points out that I suck at naming things. I guess we already knew
:that.
:
:How about RTM_CHGADDRATTR, we are changing the attribute of an
:address. Also fixes a tab vs. space in previous.
:

this looks fine, OK


:diff --git net/route.h net/route.h
:index 3c89348cb43..5fa12578e45 100644
:--- net/route.h
:+++ net/route.h
:@@ -241,6 +241,7 @@ struct rt_msghdr {
: #define RTM_INVALIDATE0x11/* Invalidate cache of L2 route */
: #define RTM_BFD   0x12/* bidirectional forwarding detection */
: #define RTM_PROPOSAL  0x13/* proposal for netconfigd */
:+#define RTM_CHGADDRATTR   0x14/* address attribute change */
: 
: #define RTV_MTU   0x1 /* init or lock _mtu */
: #define RTV_HOPCOUNT  0x2 /* init or lock _hopcount */
:diff --git netinet6/nd6_nbr.c netinet6/nd6_nbr.c
:index cb5c04c24ed..ef1644aa6f6 100644
:--- netinet6/nd6_nbr.c
:+++ netinet6/nd6_nbr.c
:@@ -1102,6 +1102,11 @@ nd6_dad_start(struct ifaddr *ifa)
:   KASSERT(ia6->ia6_flags & IN6_IFF_TENTATIVE);
:   if ((ia6->ia6_flags & IN6_IFF_ANYCAST) || (!ip6_dad_count)) {
:   ia6->ia6_flags &= ~IN6_IFF_TENTATIVE;
:+
:+  KERNEL_LOCK();
:+  rtm_addr(RTM_CHGADDRATTR, ifa);
:+  KERNEL_UNLOCK();
:+
:   return;
:   }
: 
:@@ -1250,6 +1255,10 @@ nd6_dad_timer(void *xifa)
:*/
:   ia6->ia6_flags &= ~IN6_IFF_TENTATIVE;
: 
:+  KERNEL_LOCK();
:+  rtm_addr(RTM_CHGADDRATTR, ifa);
:+  KERNEL_UNLOCK();
:+
:   nd6log((LOG_DEBUG,
:   "%s: DAD complete for %s - no duplicates found\n",
:   ifa->ifa_ifp->if_xname,
:@@ -1293,6 +1302,11 @@ nd6_dad_duplicated(struct dadq *dp)
:   ia6->ia_ifp->if_xname);
: 
:   TAILQ_REMOVE(, dp, dad_list);
:+
:+  KERNEL_LOCK();
:+  rtm_addr(RTM_CHGADDRATTR, dp->dad_ifa);
:+  KERNEL_UNLOCK();
:+
:   ifafree(dp->dad_ifa);
:   free(dp, M_IP6NDP, sizeof(*dp));
:   ip6_dad_pending--;
:
:
:
:-- 
:I'm not entirely sure you are real.
:

-- 
Worst Vegetable of the Year:
The brussels sprout.  This is also the worst vegetable of next
year.
-- Steve Rubenstein

Re: ifconfig,route,netstat: s/tableid/rtable/ for consistency

[Peter Hessler]

On 2018 Apr 11 (Wed) at 23:01:45 +0200 (+0200), Klemens Nanni wrote:
:On Wed, Apr 11, 2018 at 09:28:03AM +0200, Peter Hessler wrote:
:> No, all of these uses are correct as-is.
:`tableid' surely isn't wrong, but using the argument name across manuals
:seems nicer to me.
:

No, they are different things.  Different names help with the concept.


:Or is there any real difference between `tableid' and `rtable' I'm not
:aware of?
:

rtables are layer 3.

rdomains are layer 2 (aka, arp and ndp lookups).

You can have multiple rtables within an rdomain.  An interface can only
be a member of a single rdomain at a time.

-- 
Just about every computer on the market today runs Unix, except the Mac
(and nobody cares about it).
-- Bill Joy 6/21/85

Re: ifconfig,route,netstat: s/tableid/rtable/ for consistency

[Peter Hessler]

No, all of these uses are correct as-is.


On 2018 Apr 10 (Tue) at 23:23:24 +0200 (+0200), Klemens Nanni wrote:
:Several tools may operate on specific routing tables (or routing domains
:in special cases).
:
:With the exception of `tableid' in ifconfig(8), route(8) and netstat(1),
:all other manuals denote the respective argument as `rtable'.
:
:Looking for use cases of rdomain(4), `man -k ar~rtable' does not list
:those tools, so I'd like to rename arguments from `tableid' to`rtable'.
:Looking for `table' obviously shows all of them, but also includes other
:(false) positives.
:
:The following diff changes the wording in besaid manuals as well as
:route's usage for consistency and to ease searching.
:
:Variable names in code have not been touched.
:
:Feedback?
:
:Index: sbin/ifconfig/ifconfig.8
:===
:RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
:retrieving revision 1.305
:diff -u -p -r1.305 ifconfig.8
:--- sbin/ifconfig/ifconfig.8   16 Mar 2018 19:45:13 -  1.305
:+++ sbin/ifconfig/ifconfig.8   10 Apr 2018 20:42:02 -
:@@ -1613,7 +1613,7 @@ for a complete list of the available pro
: .Ar tunnel-interface
: .Op Oo Fl Oc Ns Cm keepalive Ar period count
: .Op Oo Fl Oc Ns Cm tunnel Ar src_address dest_address
:-.Op Cm tunneldomain Ar tableid
:+.Op Cm tunneldomain Ar rtable
: .Op Oo Fl Oc Ns Cm tunneldf
: .Op Cm tunnelttl Ar ttl
: .Op Oo Fl Oc Ns Cm vnetflowid
:@@ -1658,13 +1658,13 @@ The optional destination port can be spe
: which further encapsulate the packets in UDP datagrams.
: .It Cm -tunnel
: Remove the source and destination tunnel addresses.
:-.It Cm tunneldomain Ar tableid
:+.It Cm tunneldomain Ar rtable
: Use routing table
:-.Ar tableid
:+.Ar rtable
: instead of the default table.
: The tunnel does not need to terminate in the same routing domain as the
: interface itself.
:-.Ar tableid
:+.Ar rtable
: can be set to any valid routing table ID;
: the corresponding routing domain is derived from this table.
: .It Cm tunneldf
:Index: sbin/route/route.8
:===
:RCS file: /cvs/src/sbin/route/route.8,v
:retrieving revision 1.83
:diff -u -p -r1.83 route.8
:--- sbin/route/route.8 6 Sep 2017 20:21:22 -   1.83
:+++ sbin/route/route.8 10 Apr 2018 20:42:02 -
:@@ -39,7 +39,7 @@
: .Sh SYNOPSIS
: .Nm route
: .Op Fl dnqtv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Ar command
: .Oo
: .Op Ar modifiers
:@@ -84,7 +84,7 @@ may require correct operation of the net
: to forgo this, especially when attempting to repair networking operations.)
: .It Fl q
: Suppress all output.
:-.It Fl T Ar tableid
:+.It Fl T Ar rtable
: Select an alternate routing table to modify or query.
: The default is to use the current routing table.
: .It Fl t
:@@ -101,18 +101,18 @@ utility provides the following simple co
: .Bl -tag -width Fl
: .It Xo
: .Nm route
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm exec
: .Op Ar command ...
: .Xc
: Execute a command forcing the process and its children to use the
: routing table and appropriate routing domain as specified with the
:-.Fl T Ar tableid
:+.Fl T Ar rtable
: option.
: .It Xo
: .Nm route
: .Op Fl nqv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm flush
: .Op Ar modifiers
: .Xc
:@@ -130,7 +130,7 @@ modifiers.
: .It Xo
: .Nm route
: .Op Fl nv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm get
: .Op Ar modifiers
: .Ar address
:@@ -160,7 +160,7 @@ are shown.
: .It Xo
: .Nm route
: .Op Fl nv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm show
: .Op Ar family
: .Op Fl gateway
:@@ -194,7 +194,7 @@ have the syntax:
: .It Xo
: .Nm route
: .Op Fl dnqtv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm add
: .Op Ar modifiers
: .Ar destination gateway
:@@ -202,7 +202,7 @@ have the syntax:
: .It Xo
: .Nm route
: .Op Fl dnqtv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm change
: .Op Ar modifiers
: .Ar destination gateway
:@@ -210,7 +210,7 @@ have the syntax:
: .It Xo
: .Nm route
: .Op Fl dnqtv
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Cm del Ns Op Cm ete
: .Op Ar modifiers
: .Ar destination gateway
:Index: usr.bin/netstat/netstat.1
:===
:RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
:retrieving revision 1.81
:diff -u -p -r1.81 netstat.1
:--- usr.bin/netstat/netstat.1  12 Aug 2017 03:21:02 -  1.81
:+++ usr.bin/netstat/netstat.1  10 Apr 2018 20:42:02 -
:@@ -50,7 +50,7 @@
: .Op Fl p Ar protocol
: .Op Fl M Ar core
: .Op Fl N Ar system
:-.Op Fl T Ar tableid
:+.Op Fl T Ar rtable
: .Ek
: .Nm netstat
: .Op Fl bdhn
:@@ -272,7 +272,7 @@ option, also print routing labels.
: .It Fl s
: Show per-protocol statistics.
: If this option is repeated, counters with a value of zero are suppressed.
:-.It Fl T Ar tableid
:+.It Fl T Ar rtable
: Select an alternate routing table to query.
: The default is to use the current routing table.
: .It Fl t
:Index: route.c

Re: correctly calculate RFC7217 based IPv6 address

[Peter Hessler]

On 2018 Mar 13 (Tue) at 12:41:17 +0100 (+0100), Florian Obser wrote:
:(sending this to tech@ so that more people see this)
:
:semarie@ pointed out on bugs@ (
:https://marc.info/?l=openbsd-bugs=152084960013726=2 ) that his
:RFC7217 IPv6 address changed after an upgrade. Of course it should not.
:
:The reason for that was a mistake in the original implementation:
:
:In the original implemntation the bits of the sha512 hash and
:the IPv6 address aligned like this:
:
: 511 447   383   127   63  0
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:|   512 bit sha512 digest   |
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:
: 127 63  0 
:+-+-[...]-+-+-[...]-+-+
:|  IPv6 address   |
:+-+-[...]-+-+-[...]-+-+
:
:
:after phessler's change to support non-64 prefix lenght (rev1.22 of
:engine.c):
:
: 511 447   383   127   63  0
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:|   512 bit sha512 digest   |
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:
: 127 630 
:+-+-[...]-+-+-[...]-+
:|  IPv6 address |
:+-+-[...]-+-+-[...]-+
:
:So even with a /64 the bits are shifted and you end up with a
:different v6 address. This is what semarie observed.
:
:
:In section 5, page 9 RFC 7217 states:
:
:   2.  The Interface Identifier is finally obtained by taking as many
:   bits from the RID value (computed in the previous step) as
:   necessary, starting from the least significant bit.
:
:So it should have looked like this:
:
: 511 447   383   127   63  0
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:|   512 bit sha512 digest   |
:+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+-[...]-+-+
:
: 127   63  0 
:+-+-+-[...]-+-+-[...]-+-+
:|  IPv6 address |
:+-+-+-[...]-+-+-[...]-+-+
:
:
:I think we should implement what the RFC says. Unfortunately that
:means addresses change once more, but things change in current... I
:will put some wording into current.html. Having this churn now while
:it's a newly introduced feature is better then in two years time if we
:discover that we should really implement what the rfc says.
:
:OK?
:
:If you realy hate this and have a good reason why we should stick with
:the current algorithm speak up now, I'm going to commit this soonish
:to not drag out the address change for too long. Also this needs to
:make 6.3.
:

I don't see the point in mandating which part of the hash we use.  The
RFC allows us to use any algorithm to generate the stable identifier, so
its not expected to be portable to another implementation.  However, if
there is a cryptographic reason to prefer the least significant bits
instead of the most significatnt bits, I'm completely in support.  But as
I understand it, random data is random, *shrug*.

That being said, while I don't like shifting this around I'm not opposed
to it.

If you want to commit it, OK.


:diff --git sbin/slaacd/engine.c sbin/slaacd/engine.c
:index f473e3d0b80..e41a7c31751 100644
:--- sbin/slaacd/engine.c
:+++ sbin/slaacd/engine.c
:@@ -1239,6 +1239,8 @@ gen_addr(struct slaacd_iface *iface, struct radv_prefix 
*prefix, struct
:   int dad_counter = 0; /* XXX not used */
:   u_int8_t digest[SHA512_DIGEST_LENGTH];
: 
:+  memset(, 0, sizeof(iid));
:+
:   /* from in6_ifadd() in nd6_rtr.c */
:   /* XXX from in6.h, guarded by #ifdef _KERNEL   XXX nonstandard */
: #define s6_addr32 __u6_addr.__u6_addr32
:@@ -1275,7 +1277,8 @@ gen_addr(struct slaacd_iface *iface, struct radv_prefix 
*prefix, struct
:   sizeof(addr_proposal->soiikey));
:   SHA512Final(digest, );
: 
:-  memcpy(_addr, digest, sizeof(iid.s6_addr));
:+  memcpy(_addr, digest + (sizeof(digest) -
:+  sizeof(iid.s6_addr)), sizeof(iid.s6_addr));
:   } else {
:   /* This is safe, because we have a 64 prefix len */
:   memcpy(_addr, >ll_address.sin6_addr,
:diff --git sys/netinet6/in6_ifattach.c sys/netinet6/in6_ifattach.c
:index 0aa10fad94b..e2a4ab1dd92 100644
:--- sys/netinet6/in6_ifattach.c
:+++ sys/netinet6/in6_ifattach.c
:@@ -244,7 +244,7 @@ in6_get_soii_ifid(struct ifnet *ifp, struct in6_addr *in6)
:   SHA512Update(, ip6_soiikey, sizeof(ip6_soiikey));
:   SHA512Final(digest, );
: 
:-  bcopy(digest, >s6_addr[8], 8);
:+  bcopy(digest + (sizeof(digest) - 8), >s6_addr[8], 8);
: 
:   return 0;
: }


-- 
The revolution will not be televised.

Re: slaacd(8): RFC 7136

[Peter Hessler]

yup, makes sense.  OK


On 2018 Mar 07 (Wed) at 18:29:07 +0100 (+0100), Florian Obser wrote:
:RFC 7136 clarifies that the "u" and "g" bits are only significant when
:IPv6 unicast interface identifiers are derived from IEEE link-layer
:addresses. In all other cases the interface identifier should be
:treated as an opaque value.
:
:Accordingly stop fiddling with the bits for privacy addresses.
:
:While here initialize the whole priv_in6 struct with random data,
:currently no functional change but reduces amount of magic numbers,
:pointed out by phessler as part of a larger diff.
:
:OK?
:
:diff --git slaacd/engine.c slaacd/engine.c
:index f2424c392f2..ab955c3b5e3 100644
:--- slaacd/engine.c
:+++ slaacd/engine.c
:@@ -1243,18 +1243,6 @@ gen_addr(struct slaacd_iface *iface, struct radv_prefix 
*prefix, struct
:   /* XXX from in6.h, guarded by #ifdef _KERNEL   XXX nonstandard */
: #define s6_addr32 __u6_addr.__u6_addr32
: 
:-  /* XXX from in6_ifattach.c */
:-#define EUI64_GBIT0x01
:-#define EUI64_UBIT0x02
:-
:-  if (privacy) {
:-  arc4random_buf(_in6.s6_addr32[2], 8);
:-  priv_in6.s6_addr[8] &= ~EUI64_GBIT; /* g bit to "individual" */
:-  priv_in6.s6_addr[8] |= EUI64_UBIT;  /* u bit to "local" */
:-  /* convert EUI64 into IPv6 interface identifier */
:-  priv_in6.s6_addr[8] ^= EUI64_UBIT;
:-  }
:-
:   in6_prefixlen2mask(_proposal->mask, addr_proposal->prefix_len);
: 
:   memset(_proposal->addr, 0, sizeof(addr_proposal->addr));
:@@ -1275,6 +1263,7 @@ gen_addr(struct slaacd_iface *iface, struct radv_prefix 
*prefix, struct
:   addr_proposal->mask.s6_addr32[3];
: 
:   if (privacy) {
:+  arc4random_buf(_in6.s6_addr, sizeof(priv_in6.s6_addr));
:   addr_proposal->addr.sin6_addr.s6_addr32[0] |=
:   (priv_in6.s6_addr32[0] & ~addr_proposal->mask.s6_addr32[0]);
:   addr_proposal->addr.sin6_addr.s6_addr32[1] |=
:
:-- 
:I'm not entirely sure you are real.
:

-- 
Just go with the flow control, roll with the crunches, and, when you
get a prompt, type like hell.

Re: armv7 ABI fix

[Peter Hessler]

On 2018 Feb 27 (Tue) at 22:04:15 +0100 (+0100), Mark Kettenis wrote:
:The "new" AAPCS-based ABI that we have been using on armv7 for a while
:now requires various 64-bit types to be aligned on an 8-byte boundary.
:Unfortunately we didn't realize this when we switched and didn't
:adjust the definition of _ALIGNBYTES accordingly.  The diff below
:fixes that.
:
:However, this triggers a flag day.  It changes the CMSG ABI, which
:means that file descriptor passing breaks as soon as you boot a new
:kernel with old userland.  That sucks since many of our daemons use
:file descriptor passing, including sshd.  Can we deal with yet another
:ABI break on armv7?  I'm not sure the ports builders have recovered
:from the switch to clang yet...
:

That isn't the problem for armv7 ports builders, the main problem is all
of the alignment faults.  I have no problems with ABI breaks, do what
you need to.

I only use snaps for base+xenocara, so I can simply wait until a fixed
set is available.


-- 
It was a book to kill time for those who liked it better dead.

vmctl show

[Peter Hessler]

My fingers have typed "vmctl show" instead of "vmctl status" for over a
year now, so add it as an alias.

OK?


Index: main.c
===
RCS file: /cvs/openbsd/src/usr.sbin/vmctl/main.c,v
retrieving revision 1.34
diff -u -p -u -p -r1.34 main.c
--- main.c  3 Jan 2018 05:39:56 -   1.34
+++ main.c  10 Feb 2018 23:46:44 -
@@ -68,6 +68,7 @@ struct ctl_command ctl_commands[] = {
{ "log",CMD_LOG,ctl_log,"(verbose|brief)" },
{ "reload", CMD_RELOAD, ctl_reload, "" },
{ "reset",  CMD_RESET,  ctl_reset,  "[all|vms|switches]" },
+   { "show",   CMD_STATUS, ctl_status, "[id]" },
{ "start",  CMD_START,  ctl_start,  "\"name\""
" [-Lc] [-b image] [-r image] [-m size]\n"
"\t\t[-n switch] [-i count] [-d disk]*" },
Index: vmctl.8
===
RCS file: /cvs/openbsd/src/usr.sbin/vmctl/vmctl.8,v
retrieving revision 1.37
diff -u -p -u -p -r1.37 vmctl.8
--- vmctl.8 3 Jan 2018 08:17:18 -   1.37
+++ vmctl.8 10 Feb 2018 23:48:59 -
@@ -143,6 +143,10 @@ with '.', '-' or '_'.
 .It Cm status Op Ar id
 Lists VMs running on the host, optionally listing just the selected VM
 .Ar id .
+.It Cm show Op Ar id
+An alias for the
+.Cm status
+command.
 .It Cm stop Ar id
 Stops (terminates) a VM defined by the specified VM
 .Ar id .


-- 
Coito ergo sum

Re: switch armv7 to clang

[Peter Hessler]

On 2018 Jan 18 (Thu) at 19:08:17 +0100 (+0100), Mark Kettenis wrote:
:I think we are ready to switch.  The procedure is the same as with
:previous switches.

Here is the corresponding ports diff:

Index: infrastructure/mk/arch-defines.mk
===
RCS file: /cvs/openbsd/ports/infrastructure/mk/arch-defines.mk,v
retrieving revision 1.46
diff -u -p -u -p -r1.46 arch-defines.mk
--- infrastructure/mk/arch-defines.mk   23 Nov 2017 14:33:21 -  1.46
+++ infrastructure/mk/arch-defines.mk   18 Jan 2018 18:17:02 -
@@ -18,7 +18,7 @@ APM_ARCHS = amd64 i386 loongson macppc s
 BE_ARCHS = hppa m88k mips64 powerpc sparc64
 LE_ARCHS = aarch64 alpha amd64 arm i386 mips64el sh
 LP64_ARCHS = aarch64 alpha amd64 sparc64 mips64 mips64el
-GCC4_ARCHS = alpha arm hppa mips64 mips64el powerpc sh sparc64
+GCC4_ARCHS = alpha hppa mips64 mips64el powerpc sh sparc64
 GCC3_ARCHS = m88k
 # XXX easier for ports that depend on mono
 MONO_ARCHS = amd64 i386
@@ -27,7 +27,7 @@ OCAML_NATIVE_DYNLINK_ARCHS = i386 amd64
 GO_ARCHS = amd64 i386
 
 # arches where the base compiler is clang
-CLANG_ARCHS = aarch64 amd64 i386
+CLANG_ARCHS = aarch64 amd64 arm i386
 # arches using LLVM's linker (ld.lld); others use binutils' ld.bfd
 LLD_ARCHS = aarch64
 

-- 
If life is a stage, I want some better lighting.

Re: restrict carp use to ethernet interfaces

[Peter Hessler]

On 2018 Jan 11 (Thu) at 11:51:25 +0100 (+0100), Peter Hessler wrote:
:On 2018 Jan 11 (Thu) at 20:41:19 +1000 (+1000), David Gwynne wrote:
::vlan and trunk are definitely ethernet interfaces.
::
:
:Is there anything in OpenBSD that isn't an ethernet inteface?
:

based on a simplistic grep:  upl(4), umb(4), bridge(4), enc(4), gre(4),
lo(4), mpe(4), pflog(4), pflow(4), pfsync(4), ppp/pppoe/pppx/sppp,
trunk(4), tun(4), switch(4), mpw(4), and of course, carp(4).

-- 
Pity the meek, for they shall inherit the earth.
-- Don Marquis

Re: restrict carp use to ethernet interfaces

[Peter Hessler]

On 2018 Jan 11 (Thu) at 20:41:19 +1000 (+1000), David Gwynne wrote:
:vlan and trunk are definitely ethernet interfaces.
:

Is there anything in OpenBSD that isn't an ethernet inteface?


-- 
It is impossible to travel faster than light, and certainly not
desirable, as one's hat keeps blowing off.
-- Woody Allen

Re: Add reset option to boot command of ddb(4)

[Peter Hessler]

On 2017 Dec 14 (Thu) at 11:49:18 +0100 (+0100), Martin Pieuchot wrote:
:On 14/12/17(Thu) 11:30, Mark Kettenis wrote:
:> > X-Originating-IP: 88.153.7.170
:> > Date: Thu, 14 Dec 2017 10:30:21 +0100
:> > From: Martin Pieuchot 
:> > 
:> > On 13/12/17(Wed) 19:09, Florian Riehm wrote:
:> > > Hi,
:> > > 
:> > > This patch follows bluhm's attempt for a ddb command 'boot reset'.
:> > > My first attempt was not architecture aware.
:> > > 
:> > > Tested on i386 by bluhm@ and on amd64 by me.
:> > 
:> > I don't understand why we need to add "boot reset"?  To not fix ddb(4)
:> > and keep a broken "boot reboot"?  If we cannot fix our own code...
:> 
:> Funny you say that given the discussion about if_downall() on icb ;).
:
:There's nothing funny.  There's people not reporting bugs with traceback
:to bugs@ and coming around with workaround like that.
:
:> IIRC "boot reset" is all about avoiding the if_downall() call.  And we
:> really don't want to skip if_downall() in the "boot reboot".  We added
:> that call since not stopping the DMA engines of the network cards had
:> some very interesting effects when the machine rebooted...
:
:If if_downall() is a problem, then please show me a traceback where
:that's the case.  I'd be delighted to fix it :)
:

Trace is on bugs, Subject: arm64 panic uvm_fault failed: ff80002619b4 with 
bonus panic: netlock: lock not held

-- 
A truly wise man never plays leapfrog with a unicorn.

Re: relayd/ctl alternative control socket

[Peter Hessler]

bgpd uses that way *because* it can use an alternate socket.  Being able
to specify a different socket for daemon/client is pretty helpful.


On 2017 Nov 28 (Tue) at 16:06:51 +0100 (+0100), Sebastian benoit wrote:
:Hi,
:
:your diff looks good, but i would rather do it the way bgpd/bgpctl do it:
:
:there the default is  /var/run/bgpd.sock. where  is the
:routing domain bgpctl is running in.  To administer bgpd(8) in a different
:routing domain, run bgpctl in said routing domain.
:
:i.e. it detects the rdomain at startup, bgpctl does the same.
:
:Can you do that in relayd? It was commited there in sometime in summer.
:
:/Benno
:
:
:On 11/28/17 11:54, Kapetanakis Giannis wrote:
:> Hi,
:> 
:> On June I've posted a patch about using alternative control socket for 
relayd and relayctl.
:> There was a comment from David Gwynne which was evaluated.
:> 
:> Is it OK to get this is in order to be able to control multiple relayd 
daemons on different rdomains?
:> 
:> thanks
:> 
:> Giannis
:> 

-- 
"All my friends and I are crazy.  That's the only thing that keeps us
sane."

Re: hide wpakey from root by default

[Peter Hessler]

On 2017 Nov 27 (Mon) at 16:27:57 +0100 (+0100), Stefan Sperling wrote:
:On Mon, Nov 27, 2017 at 11:22:46AM +0100, Peter Hessler wrote:
:> This hides the username that is used, not the password/authkey.  Is the
:> username private information?
:
:Yes it seems best to avoid exposing these.
:We cannot assume that telcos follow best practices of data hygiene.

In that case, OK for that chunk too

-- 
Help stamp out and abolish redundancy.

Re: hide wpakey from root by default

[Peter Hessler]

On 2017 Nov 27 (Mon) at 02:33:59 +0100 (+0100), Stefan Sperling wrote:
:On Mon, Nov 27, 2017 at 01:31:17AM +0100, Stefan Sperling wrote:
:> On Sun, Nov 26, 2017 at 06:17:14PM +0100, Jeremie Courreges-Anglas wrote:
:> > 
:> > I don't think anything has been committed regarding this issue, right?
:> 
:> Nope.
:> 
:> I've been discussing this with people in person.
:> Will summarize those discussions and send a new diff soon.
:
:Most people I've talked to seem to be OK with never exposing
:these secrets to userland in the first place.
:
:OK?
:
:Index: net/if_spppsubr.c
:===
:RCS file: /cvs/src/sys/net/if_spppsubr.c,v
:retrieving revision 1.173
:diff -u -p -r1.173 if_spppsubr.c
:--- net/if_spppsubr.c  20 Oct 2017 09:35:09 -  1.173
:+++ net/if_spppsubr.c  27 Nov 2017 01:27:31 -
:@@ -4493,9 +4493,8 @@ sppp_get_params(struct sppp *sp, struct 
:   spa->proto = auth->proto;
:   spa->flags = auth->flags;
: 
:-  /* do not copy the secret, and only let root know the name */
:-  if (auth->name != NULL && suser(curproc, 0) == 0)
:-  strlcpy(spa->name, auth->name, sizeof(spa->name));
:+  /* do not copy the name and secret to userland */
:+  memset(spa->name, 0, sizeof(spa->name));
: 
:   if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) {
:   free(spa, M_DEVBUF, 0);

This hides the username that is used, not the password/authkey.  Is the
username private information?


:Index: net80211/ieee80211_ioctl.c
:===
:RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
:retrieving revision 1.57
:diff -u -p -r1.57 ieee80211_ioctl.c
:--- net80211/ieee80211_ioctl.c 6 Nov 2017 11:34:29 -   1.57
:+++ net80211/ieee80211_ioctl.c 27 Nov 2017 01:29:44 -
:@@ -252,9 +252,6 @@ static int
: ieee80211_ioctl_getnwkeys(struct ieee80211com *ic,
: struct ieee80211_nwkey *nwkey)
: {
:-  struct ieee80211_key *k;
:-  int error, i;
:-
:   if (ic->ic_flags & IEEE80211_F_WEPON)
:   nwkey->i_wepon = IEEE80211_NWKEY_WEP;
:   else
:@@ -262,23 +259,8 @@ ieee80211_ioctl_getnwkeys(struct ieee802
: 
:   nwkey->i_defkid = ic->ic_wep_txkey + 1;
: 
:-  for (i = 0; i < IEEE80211_WEP_NKID; i++) {
:-  if (nwkey->i_key[i].i_keydat == NULL)
:-  continue;
:-  /* do not show any keys to non-root user */
:-  if ((error = suser(curproc, 0)) != 0)
:-  return error;
:-  k = >ic_nw_keys[i];
:-  if (k->k_cipher != IEEE80211_CIPHER_WEP40 &&
:-  k->k_cipher != IEEE80211_CIPHER_WEP104)
:-  nwkey->i_key[i].i_keylen = 0;
:-  else
:-  nwkey->i_key[i].i_keylen = k->k_len;
:-  error = copyout(k->k_key, nwkey->i_key[i].i_keydat,
:-  nwkey->i_key[i].i_keylen);
:-  if (error != 0)
:-  return error;
:-  }
:+  /* do not show any keys to userland */
:+
:   return 0;
: }
: 
:@@ -491,14 +473,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
:   case SIOCG80211WPAPSK:
:   psk = (struct ieee80211_wpapsk *)data;
:   if (ic->ic_flags & IEEE80211_F_PSK) {
:-  psk->i_enabled = 1;
:-  /* do not show any keys to non-root user */
:-  if (suser(curproc, 0) != 0) {
:-  psk->i_enabled = 2;
:-  memset(psk->i_psk, 0, sizeof(psk->i_psk));
:-  break;  /* return ok but w/o key */
:-  }
:-  memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk));
:+  /* do not show any keys to userland */
:+  psk->i_enabled = 2;
:+  memset(psk->i_psk, 0, sizeof(psk->i_psk));
:+  break;  /* return ok but w/o key */
:   } else
:   psk->i_enabled = 0;
:   break;

OK

:Index: netinet/ip_carp.c
:===
:RCS file: /cvs/src/sys/netinet/ip_carp.c,v
:retrieving revision 1.319
:diff -u -p -r1.319 ip_carp.c
:--- netinet/ip_carp.c  21 Nov 2017 09:08:55 -  1.319
:+++ netinet/ip_carp.c  27 Nov 2017 01:29:34 -
:@@ -2158,9 +2158,8 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
:   }
:   carpr.carpr_advbase = sc->sc_advbase;
:   carpr.carpr_balancing = sc->sc_balancing;
:-  if (suser(p, 0) == 0)
:-  bcopy(sc->sc_key, carpr.carpr_key,
:-  sizeof(carpr.carpr_key));
:+  /* do not show any keys to userland */
:+  memset(carpr.carpr_key, 0, sizeof(carpr.carpr_key));
:   

Re: macppc: default to MBR for new installs

[Peter Hessler]

OK

On 2017 Nov 22 (Wed) at 23:20:46 +0100 (+0100), Stefan Sperling wrote:
:This flips the default response for the macppc disk layout question
:from HFS to MBR.
:
:I use an MBR on all my macppc machines. Booting OpenBSD is much simpler
:this way. I don't see why I cannot just hit enter for this question on
:new installs. I'd rather let Mac software archaeologists who wish to
:dual-boot an obsolete Mac OS with OpenBSD do the extra work.
:
:There is a follow-up question in md_prep_MBR which prints a warning
:and confirms this choice again. So I don't expect this change will
:cause anyone to overwrite an HFS partition table by accident.
:
:OK?
:
:Index: install.md
:===
:RCS file: /cvs/src/distrib/macppc/ramdisk/install.md,v
:retrieving revision 1.71
:diff -u -p -r1.71 install.md
:--- install.md 28 Jul 2017 18:15:44 -  1.71
:+++ install.md 22 Nov 2017 22:11:54 -
:@@ -144,7 +144,7 @@ md_prep_disklabel() {
:   PARTTABLE=
:   while [[ -z $PARTTABLE ]]; do
:   resp=MBR
:-  disk_has $_disk hfs && ask "Use HFS or MBR partition table?" HFS
:+  disk_has $_disk hfs && ask "Use HFS or MBR partition table?" MBR
:   case $resp in
:   [mM]*)  md_prep_MBR $_disk && PARTTABLE=MBR ;;
:   [hH]*)  md_prep_HFS $_disk && PARTTABLE=HFS ;;
:
:

-- 
There are times when truth is stranger than fiction and lunch time is
one of them.

ieee80211: disable wpa/wep when changing nwid

[Peter Hessler]

Changing nwid on a wifi network means it is a new network.  By definition
the WPA crypto keys use the nwid as part of the crypto hash.  And it is
super unlikely that a differently named network will have the same WEP
key.  In that case, you can enter it again.

With this, when you change wifi networks, you don't have to remember what
else you have to remove.

OK?


Index: sys/net80211/ieee80211_ioctl.c
===
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.55
diff -u -p -u -p -r1.55 ieee80211_ioctl.c
--- sys/net80211/ieee80211_ioctl.c  27 Oct 2017 12:22:40 -  1.55
+++ sys/net80211/ieee80211_ioctl.c  5 Nov 2017 16:49:55 -
@@ -439,6 +439,9 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
ic->ic_des_esslen = nwid.i_len;
memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len);
+   /* disable WPA/WEP */
+   ieee80211_disable_rsn(ic);
+   ieee80211_disable_wep(ic);
error = ENETRESET;
break;
case SIOCG80211NWID:


-- 
Larkinson's Law:
All laws are basically false.

Re: forbid config reloads in ospf6d

[Peter Hessler]

OK


On 2017 Nov 05 (Sun) at 15:50:42 +0100 (+0100), Jeremie Courreges-Anglas wrote:
:
:ospf6d consistently fails when I ask it to reload its config, even
:though I have a very basic test setup:
:
:area 0.0.0.0 {
:interface em0 { passive }
:interface vether0
:}
:
:Fixing ospf6d doesn't seem trivial.  Having it fail and exit doesn't
:seem to be a sufficient incentive, so I propose to disable reloading
:until it is fixed.
:
:Just a suggestion, objections (and oks) welcome.
:
:
:Index: ospf6ctl/ospf6ctl.c
:===
:RCS file: /d/cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
:retrieving revision 1.46
:diff -u -p -r1.46 ospf6ctl.c
:--- ospf6ctl/ospf6ctl.c12 Aug 2017 22:09:54 -  1.46
:+++ ospf6ctl/ospf6ctl.c5 Nov 2017 14:37:40 -
:@@ -232,10 +232,14 @@ main(int argc, char *argv[])
:   done = 1;
:   break;
:   case RELOAD:
:+#ifdef notyet
:   imsg_compose(ibuf, IMSG_CTL_RELOAD, 0, 0, -1, NULL, 0);
:   printf("reload request sent.\n");
:   done = 1;
:   break;
:+#else
:+  errx(1, "reload not supported");
:+#endif
:   }
: 
:   while (ibuf->w.queued)
:Index: ospf6d/ospf6d.c
:===
:RCS file: /d/cvs/src/usr.sbin/ospf6d/ospf6d.c,v
:retrieving revision 1.34
:diff -u -p -r1.34 ospf6d.c
:--- ospf6d/ospf6d.c12 Aug 2017 16:27:50 -  1.34
:+++ ospf6d/ospf6d.c5 Nov 2017 14:36:08 -
:@@ -561,6 +561,7 @@ ospf_redistribute(struct kroute *kr, u_i
: int
: ospf_reload(void)
: {
:+#ifdef notyet
:   struct area *area;
:   struct ospfd_conf   *xconf;
: 
:@@ -586,6 +587,9 @@ ospf_reload(void)
:   /* update redistribute lists */
:   kr_reload();
:   return (0);
:+#else
:+  return (-1);
:+#endif
: }
: 
: int
:
:
:-- 
:jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
:

-- 
APL is a write-only language.  I can write programs in APL, but I
can't read any of them.
-- Roy Keir

Re: add one more softnet taskq

[Peter Hessler]

reads fine, and works for me in light testing.

OK phessler@


On 2017 Oct 30 (Mon) at 08:36:34 +0100 (+0100), Alexandr Nedvedicky wrote:
:Hello,
:
:patch below adds additional softnet taskq. This will allow certain degree of
:parallelism for packet processing in pf_test(). The current plan is to let
:packets received by even NICs (even ifindex) to be processed by task0, packets
:received by odd NICs (odd ifindex) by task1.
:
:big thanks should go to mpi@, who 'programmed' me to program the patch below.
:
:OK?
:
:thanks and
:regards
:sasha
:
:8<---8<---8<--8<
:diff --git a/sys/net/if.c b/sys/net/if.c
:index e9e9f07add1..d688456b677 100644
:--- a/sys/net/if.c
:+++ b/sys/net/if.c
:@@ -224,7 +224,9 @@ intnet_livelocked(void);
: int   ifq_congestion;
: 
: intnetisr;
:-struct taskq  *softnettq;
:+
:+#define   SOFTNET_TASKS   2
:+struct taskq  *softnettq[SOFTNET_TASKS];
: 
: struct task if_input_task_locked = TASK_INITIALIZER(if_netisr, NULL);
: 
:@@ -240,6 +242,8 @@ struct rwlock netlock = RWLOCK_INITIALIZER("netlock");
: void
: ifinit(void)
: {
:+  unsigned inti;
:+
:   /*
:* most machines boot with 4 or 5 interfaces, so size the initial map
:* to accomodate this
:@@ -248,9 +252,11 @@ ifinit(void)
: 
:   timeout_set(_tick_to, net_tick, _tick_to);
: 
:-  softnettq = taskq_create("softnet", 1, IPL_NET, TASKQ_MPSAFE);
:-  if (softnettq == NULL)
:-  panic("unable to create softnet taskq");
:+  for (i = 0; i < SOFTNET_TASKS; i++) {
:+  softnettq[i] = taskq_create("softnet", 1, IPL_NET, 
TASKQ_MPSAFE);
:+  if (softnettq[i] == NULL)
:+  panic("unable to create softnet taskq");
:+  }
: 
:   net_tick(_tick_to);
: }
:@@ -725,7 +731,7 @@ if_input(struct ifnet *ifp, struct mbuf_list *ml)
: #endif
: 
:   if (mq_enlist(>if_inputqueue, ml) == 0)
:-  task_add(softnettq, ifp->if_inputtask);
:+  task_add(net_tq(ifp->if_index), ifp->if_inputtask);
: }
: 
: int
:@@ -1025,15 +1031,15 @@ if_detach(struct ifnet *ifp)
:   ifp->if_watchdog = NULL;
: 
:   /* Remove the input task */
:-  task_del(softnettq, ifp->if_inputtask);
:+  task_del(net_tq(ifp->if_index), ifp->if_inputtask);
:   mq_purge(>if_inputqueue);
: 
:   /* Remove the watchdog timeout & task */
:   timeout_del(ifp->if_slowtimo);
:-  task_del(softnettq, ifp->if_watchdogtask);
:+  task_del(net_tq(ifp->if_index), ifp->if_watchdogtask);
: 
:   /* Remove the link state task */
:-  task_del(softnettq, ifp->if_linkstatetask);
:+  task_del(net_tq(ifp->if_index), ifp->if_linkstatetask);
: 
: #if NBPFILTER > 0
:   bpfdetach(ifp);
:@@ -1583,7 +1589,7 @@ if_linkstate(struct ifnet *ifp)
: void
: if_link_state_change(struct ifnet *ifp)
: {
:-  task_add(softnettq, ifp->if_linkstatetask);
:+  task_add(net_tq(ifp->if_index), ifp->if_linkstatetask);
: }
: 
: /*
:@@ -1599,7 +1605,7 @@ if_slowtimo(void *arg)
: 
:   if (ifp->if_watchdog) {
:   if (ifp->if_timer > 0 && --ifp->if_timer == 0)
:-  task_add(softnettq, ifp->if_watchdogtask);
:+  task_add(net_tq(ifp->if_index), ifp->if_watchdogtask);
:   timeout_add(ifp->if_slowtimo, hz / IFNET_SLOWHZ);
:   }
:   splx(s);
:@@ -2881,3 +2887,13 @@ unhandled_af(int af)
: {
:   panic("unhandled af %d", af);
: }
:+
:+struct taskq *
:+net_tq(unsigned int ifindex)
:+{
:+  struct taskq *t = NULL;
:+
:+  t = softnettq[ifindex % SOFTNET_TASKS];
:+
:+  return (t);
:+}
:diff --git a/sys/net/if.h b/sys/net/if.h
:index 89867eac340..6a0770a8ea0 100644
:--- a/sys/net/if.h
:+++ b/sys/net/if.h
:@@ -489,6 +489,7 @@ void   if_congestion(void);
: int   if_congested(void);
: __dead void   unhandled_af(int);
: int   if_setlladdr(struct ifnet *, const uint8_t *);
:+struct taskq * net_tq(unsigned int);
: 
: #endif /* _KERNEL */
: 
:diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c
:index 277e7f966a2..e9f58a4ee52 100644
:--- a/sys/net/if_loop.c
:+++ b/sys/net/if_loop.c
:@@ -244,7 +244,7 @@ looutput(struct ifnet *ifp, struct mbuf *m, struct 
sockaddr *dst,
:   m->m_pkthdr.ph_family = dst->sa_family;
:   if (mq_enqueue(>if_inputqueue, m))
:   return ENOBUFS;
:-  task_add(softnettq, ifp->if_inputtask);
:+  task_add(net_tq(ifp->if_index), ifp->if_inputtask);
: 
:   return (0);
: }
:diff --git a/sys/net/if_pflow.c b/sys/net/if_pflow.c
:index 38efb02be7e..91a61fe4c15 100644
:--- a/sys/net/if_pflow.c
:+++ b/sys/net/if_pflow.c
:@@ -286,7 +286,7 @@ pflow_clone_destroy(struct ifnet *ifp)
:   if (timeout_initialized(>sc_tmo_tmpl))
:   timeout_del(>sc_tmo_tmpl);
:   pflow_flush(sc);
:-  task_del(softnettq, >sc_outputtask);
:+  task_del(net_tq(ifp->if_index), >sc_outputtask);
:   mq_purge(>sc_outputqueue);
:   m_freem(sc->send_nam);
:   if (sc->so != 

Re: add one more softnet taskq

[Peter Hessler]

On 2017 Oct 30 (Mon) at 08:36:34 +0100 (+0100), Alexandr Nedvedicky wrote:
:Hello,
:
:patch below adds additional softnet taskq. This will allow certain degree of
:parallelism for packet processing in pf_test(). The current plan is to let
:packets received by even NICs (even ifindex) to be processed by task0, packets
:received by odd NICs (odd ifindex) by task1.
:
:big thanks should go to mpi@, who 'programmed' me to program the patch below.
:
:OK?
:
:thanks and
:regards
:sasha
:
:diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
:index 95c9194efcb..33cc3161bcb 100644
:--- a/sys/netinet/ip_input.c
:+++ b/sys/netinet/ip_input.c
:@@ -1839,5 +1839,5 @@ void
: ip_send(struct mbuf *m)
: {
:   mq_enqueue(_mq, m);
:-  task_add(softnettq, _task);
:+  task_add(net_tq(0), _task);
: }

I'm only singling out one of them, but the comment applies to all of
this style.

What's the motivation to do net_tq(0) here, instead of hashing the
if_index?


-- 
In specifications, Murphy's Law supersedes Ohm's.

Re: preliminary kabylake support for inteldrm

[Peter Hessler]

On 2017 Sep 27 (Wed) at 00:07:42 +0200 (+0200), Robert Nagy wrote:
:
:Hi
:
:This is an updated diff for preliminary kabylake support for 6.2,
:this needs extensive testing on all inteldrm variants.
:
:This diff is also in snapshots now so please, test, test test!
:
:Thank you
:

Works fine on an i3-3220-based IvyBridge desktop with two monitors.


-- 
Although the moon is smaller than the earth, it is farther away.

Re: have netstart handle tap interfaces as well as tun

[Peter Hessler]

OK

On 2017 Sep 19 (Tue) at 16:54:04 +1000 (+1000), David Gwynne wrote:
:this helsp if you want to have a tap interface joined to a bridge
:on boot.
:
:ok?
:
:Index: netstart
:===
:RCS file: /cvs/src/etc/netstart,v
:retrieving revision 1.186
:diff -u -p -r1.186 netstart
:--- netstart   25 Jul 2017 21:17:11 -  1.186
:+++ netstart   19 Sep 2017 06:53:10 -
:@@ -255,7 +255,7 @@ fi
: 
: # Configure all the non-loopback interfaces which we know about, but
: # do not start interfaces which must be delayed. Refer to hostname.if(5)
:-ifmstart "" "trunk svlan vlan carp gif gre pfsync pppoe tun bridge switch 
pflow"
:+ifmstart "" "trunk svlan vlan carp gif gre pfsync pppoe tun tap bridge switch 
pflow"
: 
: # The trunk interfaces need to come up first in this list.
: # The (s)vlan interfaces need to come up after trunk.
:@@ -275,7 +275,7 @@ fi
: # require routes to be set. TUN might depend on PPPoE, and GIF or GRE may
: # depend on either of them. PFLOW might bind to ip addresses configured
: # on either of them.
:-ifmstart "pppoe tun gif gre bridge switch pflow"
:+ifmstart "pppoe tun tap gif gre bridge switch pflow"
: 
: # Reject 127/8 other than 127.0.0.1.
: route -qn add -net 127 127.0.0.1 -reject >/dev/null
:

-- 
Heavy, adj.:
Seduced by the chocolate side of the force.

teach wsconsctl about efifb

[Peter Hessler]

on a laptop with a simplefb[1] display, wsconsctl shows display.type=unknown_71.
With the below patch, it shows display.type=efifb

I checked the other values, and it was the only missing display type.

[1] simplefb claims to be WSDISPLAY_TYPE_EFIFB

OK?

Index: sbin/wsconsctl/util.c
===
RCS file: /cvs/openbsd/src/sbin/wsconsctl/util.c,v
retrieving revision 1.64
diff -u -p -u -p -r1.64 util.c
--- sbin/wsconsctl/util.c   21 Jul 2017 20:38:20 -  1.64
+++ sbin/wsconsctl/util.c   2 Sep 2017 20:55:06 -
@@ -167,7 +167,8 @@ static const struct nameint dpytype_tab[
{ WSDISPLAY_TYPE_NEWPORT,   "newport" },
{ WSDISPLAY_TYPE_LIGHT, "light" },
{ WSDISPLAY_TYPE_INTELDRM,  "inteldrm" },
-   { WSDISPLAY_TYPE_RADEONDRM, "radeondrm" }
+   { WSDISPLAY_TYPE_RADEONDRM, "radeondrm" },
+   { WSDISPLAY_TYPE_EFIFB, "efifb" }
 };
 
 static const struct nameint kbdenc_tab[] = {


-- 
"... the Mayo Clinic, named after its founder, Dr. Ted Clinic ..."
-- Dave Barry

Re: [phess...@openbsd.org: add pinebook support to u-boot]

[Peter Hessler]

On 2017 Aug 31 (Thu) at 19:16:57 +1000 (+1000), Jonathan Gray wrote:
:On Thu, Aug 31, 2017 at 10:59:20AM +0200, Peter Hessler wrote:
:> On 2017 Aug 31 (Thu) at 10:41:41 +0200 (+0200), Peter Hessler wrote:
:> :On 2017 Aug 27 (Sun) at 22:15:46 +0200 (+0200), Peter Hessler wrote:
:> ::- Forwarded message from Peter Hessler <phess...@openbsd.org> -
:> ::taken from Icenowy Zheng's repository,
:> ::commit bd656cab0c3e0669e977641c15095f32d7b0731f
:> ::
:> ::This gives us basic support for the Pine64 Pinebook
:> ::
:> ::OK?
:> ::
:> ::$ sysctl hw
:> ::hw.machine=arm64
:> ::hw.model=ARM Cortex-A53 r0p4
:> ::hw.ncpu=1
:> ::hw.byteorder=1234
:> ::hw.pagesize=4096
:> ::hw.disknames=sd0:d76c5b9369f79257
:> ::hw.diskcount=1
:> ::hw.product=Pinebook
:> ::hw.physmem=2021924864
:> ::hw.usermem=2021912576
:> ::hw.ncpufound=1
:> ::hw.allowpowerdown=1
:> ::
:> ::
:> :
:> :Updated to chase rc3, move new files to file/, slight simplification to
:> :the defconfig.
:> :
:> :OK?
:> :
:> 
:> Better version, sorry for the noise
:
:What is your intended change to the sopine configuration?
:Changing the model/compat strings in the device tree?
:

to start with, yes.  later, there will be more hardware supported.


:The defconfig should drop CONFIG_SUN8I_EMAC=y as there is Ethernet.
:
:Current difference to sopine_baseboard being
:-CONFIG_DEFAULT_DEVICE_TREE="sun50i-a64-pine64-plus"
:+CONFIG_DEFAULT_DEVICE_TREE="sun50i-a64-pinebook"
:
:I see no reason why the dts can't be almost the same as
:sun50i-a64-pine64-plus.dts:
:
:#include "sun50i-a64-pine64.dts"
:
:/ {
:   model = "Pinebook";
:   compatible = "pine64,pinebook", "allwinner,sun50i-a64";
:};
:

I pulled it from upstream.  
https://github.com/Icenowy/u-boot/blob/sunxi64-beta-pb-lcd-lpddr3/arch/arm/dts/sun50i-a64-pinebook.dts

I can trim it down, whatever.  Is there any other bikeshedding that
people want to do for this board?


-- 
She said, `I know you ... you cannot sing'.  I said, `That's nothing,
you should hear me play piano.'
-- Morrisey

Re: [phess...@openbsd.org: add pinebook support to u-boot]

[Peter Hessler]

On 2017 Aug 31 (Thu) at 10:41:41 +0200 (+0200), Peter Hessler wrote:
:On 2017 Aug 27 (Sun) at 22:15:46 +0200 (+0200), Peter Hessler wrote:
::- Forwarded message from Peter Hessler <phess...@openbsd.org> -
::taken from Icenowy Zheng's repository,
::commit bd656cab0c3e0669e977641c15095f32d7b0731f
::
::This gives us basic support for the Pine64 Pinebook
::
::OK?
::
::$ sysctl hw
::hw.machine=arm64
::hw.model=ARM Cortex-A53 r0p4
::hw.ncpu=1
::hw.byteorder=1234
::hw.pagesize=4096
::hw.disknames=sd0:d76c5b9369f79257
::hw.diskcount=1
::hw.product=Pinebook
::hw.physmem=2021924864
::hw.usermem=2021912576
::hw.ncpufound=1
::hw.allowpowerdown=1
::
::
:
:Updated to chase rc3, move new files to file/, slight simplification to
:the defconfig.
:
:OK?
:

Better version, sorry for the noise

Index: sysutils/u-boot/Makefile
===
RCS file: /cvs/openbsd/ports/sysutils/u-boot/Makefile,v
retrieving revision 1.26
diff -u -p -u -p -r1.26 Makefile
--- sysutils/u-boot/Makefile29 Aug 2017 07:14:50 -  1.26
+++ sysutils/u-boot/Makefile31 Aug 2017 08:42:35 -
@@ -7,6 +7,7 @@ FLAVOR?=arm
 
 COMMENT=   U-Boot firmware
 VERSION=   2017.09-rc3
+REVISION=  0
 DISTNAME=  u-boot-${VERSION}
 PKGNAME=   u-boot-${FLAVOR}-${VERSION:S/-//}
 FULLPKGNAME=   ${PKGNAME}
@@ -57,6 +58,7 @@ SUNXI64=\
orangepi_prime \
orangepi_win \
pine64_plus \
+   pinebook \
sopine_baseboard
 BOARDS=\
mvebu_espressobin-88f3720 \
@@ -140,6 +142,8 @@ pre-build:
 .for f in ${MODPY_ADJ_FILES}
${MODPY_BIN_ADJ} ${WRKSRC}/${f}
 .endfor
+   cp ${FILESDIR}/pinebook_defconfig ${WRKSRC}/configs/
+   cp ${FILESDIR}/sun50i-a64-pinebook.dts ${WRKSRC}/arch/arm/dts/
 
 do-build:
 .for BOARD in ${BOARDS}
Index: sysutils/u-boot/files/pinebook_defconfig
===
RCS file: sysutils/u-boot/files/pinebook_defconfig
diff -N sysutils/u-boot/files/pinebook_defconfig
--- /dev/null   1 Jan 1970 00:00:00 -
+++ sysutils/u-boot/files/pinebook_defconfig30 Aug 2017 17:40:34 -
@@ -0,0 +1,22 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_MACH_SUN50I=y
+CONFIG_RESERVE_ALLWINNER_BOOT0_HEADER=y
+CONFIG_SUNXI_DRAM_LPDDR3_STOCK=y
+CONFIG_DRAM_CLK=552
+CONFIG_DRAM_ZQ=3881949
+CONFIG_DRAM_ODT_EN=y
+CONFIG_MMC0_CD_PIN=""
+CONFIG_MMC_SUNXI_SLOT_EXTRA=2
+CONFIG_DEFAULT_DEVICE_TREE="sun50i-a64-pinebook"
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL=y
+# CONFIG_CMD_IMLS is not set
+# CONFIG_CMD_FLASH is not set
+# CONFIG_CMD_FPGA is not set
+# CONFIG_SPL_DOS_PARTITION is not set
+# CONFIG_SPL_ISO_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_SPL_SPI_SUNXI=y
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
Index: sysutils/u-boot/files/sun50i-a64-pinebook.dts
===
RCS file: sysutils/u-boot/files/sun50i-a64-pinebook.dts
diff -N sysutils/u-boot/files/sun50i-a64-pinebook.dts
--- /dev/null   1 Jan 1970 00:00:00 -
+++ sysutils/u-boot/files/sun50i-a64-pinebook.dts   30 Aug 2017 17:42:18 
-
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2016 ARM Ltd.
+ *
+ * This file is dual-licensed: you can use it either under the terms
+ * of the GPL or the X11 license, at your option. Note that this dual
+ * licensing only applies to this file, and not this project as a
+ * whole.
+ *
+ *  a) This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * Or, alternatively,
+ *
+ *  b) Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COP

Re: [phess...@openbsd.org: add pinebook support to u-boot]

[Peter Hessler]

On 2017 Aug 27 (Sun) at 22:15:46 +0200 (+0200), Peter Hessler wrote:
:- Forwarded message from Peter Hessler <phess...@openbsd.org> -
:taken from Icenowy Zheng's repository,
:commit bd656cab0c3e0669e977641c15095f32d7b0731f
:
:This gives us basic support for the Pine64 Pinebook
:
:OK?
:
:$ sysctl hw
:hw.machine=arm64
:hw.model=ARM Cortex-A53 r0p4
:hw.ncpu=1
:hw.byteorder=1234
:hw.pagesize=4096
:hw.disknames=sd0:d76c5b9369f79257
:hw.diskcount=1
:hw.product=Pinebook
:hw.physmem=2021924864
:hw.usermem=2021912576
:hw.ncpufound=1
:hw.allowpowerdown=1
:
:

Updated to chase rc3, move new files to file/, slight simplification to
the defconfig.

OK?

Index: sysutils/u-boot/Makefile
===
RCS file: /cvs/openbsd/ports/sysutils/u-boot/Makefile,v
retrieving revision 1.26
diff -u -p -u -p -r1.26 Makefile
--- sysutils/u-boot/Makefile29 Aug 2017 07:14:50 -  1.26
+++ sysutils/u-boot/Makefile31 Aug 2017 08:37:57 -
@@ -7,6 +7,7 @@ FLAVOR?=arm
 
 COMMENT=   U-Boot firmware
 VERSION=   2017.09-rc3
+REVISION=  0
 DISTNAME=  u-boot-${VERSION}
 PKGNAME=   u-boot-${FLAVOR}-${VERSION:S/-//}
 FULLPKGNAME=   ${PKGNAME}
@@ -57,6 +58,7 @@ SUNXI64=\
orangepi_prime \
orangepi_win \
pine64_plus \
+   pinebook \
sopine_baseboard
 BOARDS=\
mvebu_espressobin-88f3720 \
@@ -140,6 +142,9 @@ pre-build:
 .for f in ${MODPY_ADJ_FILES}
${MODPY_BIN_ADJ} ${WRKSRC}/${f}
 .endfor
+   cp ${FILESDIR}/pinebook_defconfig ${WRKSRC}/configs/
+   cp ${FILESDIR}/sun50i-a64-pinebook.dts ${WRKSRC}/arch/arm/dts/
+   cp ${FILESDIR}/sun50i-a64-pine64-common.dtsi ${WRKSRC}/arch/arm/dts/
 
 do-build:
 .for BOARD in ${BOARDS}
Index: sysutils/u-boot/files/pinebook_defconfig
===
RCS file: sysutils/u-boot/files/pinebook_defconfig
diff -N sysutils/u-boot/files/pinebook_defconfig
--- /dev/null   1 Jan 1970 00:00:00 -
+++ sysutils/u-boot/files/pinebook_defconfig30 Aug 2017 17:40:34 -
@@ -0,0 +1,22 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_MACH_SUN50I=y
+CONFIG_RESERVE_ALLWINNER_BOOT0_HEADER=y
+CONFIG_SUNXI_DRAM_LPDDR3_STOCK=y
+CONFIG_DRAM_CLK=552
+CONFIG_DRAM_ZQ=3881949
+CONFIG_DRAM_ODT_EN=y
+CONFIG_MMC0_CD_PIN=""
+CONFIG_MMC_SUNXI_SLOT_EXTRA=2
+CONFIG_DEFAULT_DEVICE_TREE="sun50i-a64-pinebook"
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL=y
+# CONFIG_CMD_IMLS is not set
+# CONFIG_CMD_FLASH is not set
+# CONFIG_CMD_FPGA is not set
+# CONFIG_SPL_DOS_PARTITION is not set
+# CONFIG_SPL_ISO_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_SPL_SPI_SUNXI=y
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
Index: sysutils/u-boot/files/sun50i-a64-pinebook.dts
===
RCS file: sysutils/u-boot/files/sun50i-a64-pinebook.dts
diff -N sysutils/u-boot/files/sun50i-a64-pinebook.dts
--- /dev/null   1 Jan 1970 00:00:00 -
+++ sysutils/u-boot/files/sun50i-a64-pinebook.dts   30 Aug 2017 17:42:18 
-
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2016 ARM Ltd.
+ *
+ * This file is dual-licensed: you can use it either under the terms
+ * of the GPL or the X11 license, at your option. Note that this dual
+ * licensing only applies to this file, and not this project as a
+ * whole.
+ *
+ *  a) This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * Or, alternatively,
+ *
+ *  b) Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR

Re: include pinebook firmware in the install media

[Peter Hessler]

On 2017 Aug 27 (Sun) at 21:54:07 +0200 (+0200), Peter Hessler wrote:
:(this depends on the patch to u-boot I just sent to ports@)
:
:If we should manage to boot on a Pinebook machine, we should install the
:correct firmware for it.
:
:OK?
:

Updated to a now working copy!  This grew bsd.rd a bit.  After
discussion with patrick@, we decided to grow from 7.5M to 9M.

This survives a bsd.rd Upgrade on my pinebook.  Still depends on the
u-boot port update, a new version will be emailed shortly.

OK?

Index: distrib/arm64/ramdisk/Makefile
===
RCS file: /cvs/src/distrib/arm64/ramdisk/Makefile,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 Makefile
--- distrib/arm64/ramdisk/Makefile  22 Aug 2017 23:20:00 -  1.3
+++ distrib/arm64/ramdisk/Makefile  31 Aug 2017 08:23:18 -
@@ -19,6 +19,7 @@ MAKEFSARGS_RD=-o disklabel=${DISKTYPE},
 
 DIRS=\
pine64 \
+   pinebook \
rpi
 
 .ifndef DESTDIR
Index: distrib/arm64/ramdisk/install.md
===
RCS file: /cvs/src/distrib/arm64/ramdisk/install.md,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 install.md
--- distrib/arm64/ramdisk/install.md22 Aug 2017 23:20:00 -  1.7
+++ distrib/arm64/ramdisk/install.md31 Aug 2017 08:23:18 -
@@ -40,6 +40,7 @@ md_installboot() {
 
case $(sysctl -n hw.product) in
*Pine64*)   _plat=pine64;;
+   *Pinebook*) _plat=pinebook;;
*'Raspberry Pi'*)   _plat=rpi;;
esac
 
@@ -52,7 +53,7 @@ md_installboot() {
_mdec=/usr/mdec/$_plat
 
case $_plat in
-   pine64)
+   pine64|pinebook)
dd if=$_mdec/u-boot-sunxi-with-spl.bin of=${_disk}c \
bs=1024 seek=8 >/dev/null 2>&1
;;
Index: distrib/arm64/ramdisk/list
===
RCS file: /cvs/src/distrib/arm64/ramdisk/list,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 list
--- distrib/arm64/ramdisk/list  22 Aug 2017 23:20:00 -  1.5
+++ distrib/arm64/ramdisk/list  31 Aug 2017 08:23:18 -
@@ -125,5 +125,6 @@ COPY/usr/local/share/raspberrypi-firmwa
 COPY   /usr/local/share/u-boot/rpi_3/u-boot.bin usr/mdec/rpi/u-boot.bin
 
 COPY   /usr/local/share/u-boot/pine64_plus/u-boot-sunxi-with-spl.bin 
usr/mdec/pine64/u-boot-sunxi-with-spl.bin
+COPY   /usr/local/share/u-boot/pinebook/u-boot-sunxi-with-spl.bin 
usr/mdec/pinebook/u-boot-sunxi-with-spl.bin
 
 TZ
Index: etc/etc.arm64/disktab
===
RCS file: /cvs/src/etc/etc.arm64/disktab,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 disktab
--- etc/etc.arm64/disktab   11 Jan 2017 17:05:29 -  1.1
+++ etc/etc.arm64/disktab   31 Aug 2017 08:23:18 -
@@ -2,9 +2,9 @@
 
 # Leave nc=16; adjust size using: ns
 rdroot|ramdiskroot|RAM-disk root FS image:\
-   :dt=rdroot:se#512:nc#16:nt#2:ns#480:\
-   :ta=4.2BSD:oa#0:pa#15360:fa#512:ba#4096:\
-   :ob#0:pb#0:oc#0:pc#15360:
+   :dt=rdroot:se#512:nc#16:nt#2:ns#576:\
+   :ta=4.2BSD:oa#0:pa#18432:fa#512:ba#4096:\
+   :ob#0:pb#0:oc#0:pc#18432:
 
 miniroot:\
:dt=rdroot:se#512:nc#9:nt#16:ns#256:\
Index: sys/arch/arm64/conf/RAMDISK
===
RCS file: /cvs/src/sys/arch/arm64/conf/RAMDISK,v
retrieving revision 1.35
diff -u -p -u -p -r1.35 RAMDISK
--- sys/arch/arm64/conf/RAMDISK 28 Aug 2017 11:16:04 -  1.35
+++ sys/arch/arm64/conf/RAMDISK 31 Aug 2017 08:23:18 -
@@ -30,7 +30,7 @@ optionNO_PROPOLICE
 option BOOT_CONFIG
 
 option RAMDISK_HOOKS
-option MINIROOTSIZE=15360
+option MINIROOTSIZE=18432
 
 option FFS
 option FFS2




-- 
"Wrong," said Renner.

"The tactful way," Rod said quietly, "the polite way to disagree with
the Senator would be to say, `That turns out not to be the case.'"

Re: [phess...@openbsd.org: add pinebook support to u-boot]

[Peter Hessler]

On 2017 Aug 27 (Sun) at 22:30:37 +0200 (+0200), Mark Kettenis wrote:
:> Date: Sun, 27 Aug 2017 22:15:46 +0200
:> From: Peter Hessler <phess...@openbsd.org>
:> 
:> This gives us basic support for the Pine64 Pinebook
:> 
:> OK?
:> 
:> $ sysctl hw
:> hw.machine=arm64
:> hw.model=ARM Cortex-A53 r0p4
:> hw.ncpu=1
:> hw.byteorder=1234
:> hw.pagesize=4096
:> hw.disknames=sd0:d76c5b9369f79257
:> hw.diskcount=1
:> hw.product=Pinebook
:> hw.physmem=2021924864
:> hw.usermem=2021912576
:> hw.ncpufound=1
:> hw.allowpowerdown=1
:> 
:> 
:> Index: Makefile
:> ===
:> RCS file: /cvs/openbsd/ports/sysutils/u-boot/Makefile,v
:> retrieving revision 1.25
:> diff -u -p -u -p -r1.25 Makefile
:> --- Makefile 24 Aug 2017 08:53:02 -  1.25
:> +++ Makefile 27 Aug 2017 19:38:53 -
:> @@ -7,7 +7,7 @@ FLAVOR?= arm
:>  
:>  COMMENT=U-Boot firmware
:>  VERSION=2017.09-rc2
:> -REVISION=   1
:> +REVISION=   2
:
:Revision needs another bump.
:

Why?  It's a separate variable from rc2, and is a ports-specific thing.


:>  DISTNAME=   u-boot-${VERSION}
:>  PKGNAME=u-boot-${FLAVOR}-${VERSION:S/-//}
:>  FULLPKGNAME=${PKGNAME}
:> @@ -56,6 +56,7 @@ SUNXI64=\
:>  orangepi_prime \
:>  orangepi_win \
:>  pine64_plus \
:> +pinebook \
:>  sopine_baseboard
:>  BOARDS=\
:>  mvebu_espressobin-88f3720 \
:
:> Index: patches/patch-configs_pinebook_defconfig
:> ===
:> RCS file: patches/patch-configs_pinebook_defconfig
:> diff -N patches/patch-configs_pinebook_defconfig
:> --- /dev/null1 Jan 1970 00:00:00 -
:> +++ patches/patch-configs_pinebook_defconfig 27 Aug 2017 19:17:25 -
:> @@ -0,0 +1,27 @@
:> +$OpenBSD$
:> +
:> +Index: configs/pinebook_defconfig
:> +--- configs/pinebook_defconfig.orig
:>  configs/pinebook_defconfig
:> +@@ -0,0 +1,21 @@
:> ++CONFIG_ARM=y
:> ++CONFIG_ARCH_SUNXI=y
:> ++CONFIG_MACH_SUN50I=y
:> ++CONFIG_RESERVE_ALLWINNER_BOOT0_HEADER=y
:> ++CONFIG_SUNXI_DRAM_LPDDR3_STOCK=y
:> ++CONFIG_DRAM_CLK=552
:> ++CONFIG_DRAM_ZQ=3881949
:> ++CONFIG_DRAM_ODT_EN=y
:> ++CONFIG_DEFAULT_DEVICE_TREE="sun50i-a64-pinebook"
:> ++# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
:> ++CONFIG_SPL=y
:> ++CONFIG_SPL_ATF_SUPPORT=y
:> ++CONFIG_SPL_ATF_TEXT_BASE=0x44000
:
:I don't think we need CONFIG_SPL_ATF_SUPPORT and
:CONFIG_SPL_ATF_TEXT_BASE.  At least the pine64 config doesn't ave
:them.
:

While it works without those lines, I'd prefer to leave them in.  This
is what is intended to be committed to mainline u-boot.


:> ++# CONFIG_CMD_IMLS is not set
:> ++# CONFIG_CMD_FLASH is not set
:> ++# CONFIG_CMD_FPGA is not set
:> ++# CONFIG_SPL_DOS_PARTITION is not set
:> ++# CONFIG_SPL_ISO_PARTITION is not set
:> ++# CONFIG_SPL_EFI_PARTITION is not set
:> ++CONFIG_SPL_SPI_SUNXI=y
:> ++CONFIG_USB_EHCI_HCD=y
:
:Otherwise this looks good.
:

[phess...@openbsd.org: add pinebook support to u-boot]

[Peter Hessler]

- Forwarded message from Peter Hessler <phess...@openbsd.org> -
taken from Icenowy Zheng's repository,
commit bd656cab0c3e0669e977641c15095f32d7b0731f

This gives us basic support for the Pine64 Pinebook

OK?

$ sysctl hw
hw.machine=arm64
hw.model=ARM Cortex-A53 r0p4
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:d76c5b9369f79257
hw.diskcount=1
hw.product=Pinebook
hw.physmem=2021924864
hw.usermem=2021912576
hw.ncpufound=1
hw.allowpowerdown=1


Index: Makefile
===
RCS file: /cvs/openbsd/ports/sysutils/u-boot/Makefile,v
retrieving revision 1.25
diff -u -p -u -p -r1.25 Makefile
--- Makefile24 Aug 2017 08:53:02 -  1.25
+++ Makefile27 Aug 2017 19:38:53 -
@@ -7,7 +7,7 @@ FLAVOR?=arm
 
 COMMENT=   U-Boot firmware
 VERSION=   2017.09-rc2
-REVISION=  1
+REVISION=  2
 DISTNAME=  u-boot-${VERSION}
 PKGNAME=   u-boot-${FLAVOR}-${VERSION:S/-//}
 FULLPKGNAME=   ${PKGNAME}
@@ -56,6 +56,7 @@ SUNXI64=\
orangepi_prime \
orangepi_win \
pine64_plus \
+   pinebook \
sopine_baseboard
 BOARDS=\
mvebu_espressobin-88f3720 \
Index: patches/patch-arch_arm_dts_Makefile
===
RCS file: patches/patch-arch_arm_dts_Makefile
diff -N patches/patch-arch_arm_dts_Makefile
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-arch_arm_dts_Makefile 27 Aug 2017 19:16:11 -
@@ -0,0 +1,15 @@
+$OpenBSD$
+
+Index: arch/arm/dts/Makefile
+--- arch/arm/dts/Makefile.orig
 arch/arm/dts/Makefile
+@@ -338,7 +338,8 @@ dtb-$(CONFIG_MACH_SUN50I) += \
+   sun50i-a64-bananapi-m64.dtb \
+   sun50i-a64-orangepi-win.dtb \
+   sun50i-a64-pine64-plus.dtb \
+-  sun50i-a64-pine64.dtb
++  sun50i-a64-pine64.dtb \
++  sun50i-a64-pinebook.dtb
+ dtb-$(CONFIG_MACH_SUN9I) += \
+   sun9i-a80-optimus.dtb \
+   sun9i-a80-cubieboard4.dtb \
Index: patches/patch-arch_arm_dts_sun50i-a64-pinebook_dts
===
RCS file: patches/patch-arch_arm_dts_sun50i-a64-pinebook_dts
diff -N patches/patch-arch_arm_dts_sun50i-a64-pinebook_dts
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-arch_arm_dts_sun50i-a64-pinebook_dts  27 Aug 2017 19:17:38 
-
@@ -0,0 +1,68 @@
+$OpenBSD$
+
+Index: arch/arm/dts/sun50i-a64-pinebook.dts
+--- arch/arm/dts/sun50i-a64-pinebook.dts.orig
 arch/arm/dts/sun50i-a64-pinebook.dts
+@@ -0,0 +1,62 @@
++/*
++ * Copyright (c) 2016 ARM Ltd.
++ *
++ * This file is dual-licensed: you can use it either under the terms
++ * of the GPL or the X11 license, at your option. Note that this dual
++ * licensing only applies to this file, and not this project as a
++ * whole.
++ *
++ *  a) This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * Or, alternatively,
++ *
++ *  b) Permission is hereby granted, free of charge, to any person
++ * obtaining a copy of this software and associated documentation
++ * files (the "Software"), to deal in the Software without
++ * restriction, including without limitation the rights to use,
++ * copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following
++ * conditions:
++ *
++ * The above copyright notice and this permission notice shall be
++ * included in all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
++ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ * OTHER DEALINGS IN THE SOFTWARE.
++ */
++
++/dts-v1/;
++
++#include "sun50i-a64-pine64.dts"
++
++/ {
++  model = "Pinebook";
++  compatible = "pine64,pinebook", "allwinner,sun50i-a64";
++
++  aliases {
++  serial0 = 
++  };
++
++  chosen {
++  stdout-path = "serial0:115200n8";
++  };
++
++  memory {
++ 

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

[Peter Hessler]

On 2017 Jun 23 (Fri) at 16:01:58 +0200 (+0200), Job Snijders wrote:
:Dear team,
:
:This patch makes 'unknown' well-known communities more of a first-class
:citizen.
:
:A powerful property of well-known communities is that (often) operators
:can implement the feature associated with a given well-known community
:through their local routing policy, ahead of time before their vendor
:releasing native support in the implementation. 
:
:Things that work now:
:
:   $ bgpctl show rib community 65535:0
:   ..

OK


:   $ bgpctl show rib community WELLKNOWN:0
:   ..
:   $ bgpctl show rib community WELLKNOWN:*
:   ..
:

Eh, I don't really see a reason to have syntatic sugar for '65535'.
In this case, I'm more likely to remember then number than which string
to use ;).


:   $ doas cat /etc/bgpd.conf | grep set
:   match from any set { community WELLKNOWN:0 community 65535:1 }
:

Same as before.  OK for setting 65535:1, but 'E' for 'WELLKNOWN:0'.

However, if we have one, then we need to have the other.


:Kind regards,
:
:Job
:
:---
: usr.sbin/bgpctl/parser.c | 15 +++
: usr.sbin/bgpd/parse.y| 14 ++
: 2 files changed, 13 insertions(+), 16 deletions(-)
:
:diff --git a/usr.sbin/bgpctl/parser.c b/usr.sbin/bgpctl/parser.c
:index 85300d1cd32..0d1e5d9fb3a 100644
:--- a/usr.sbin/bgpctl/parser.c
:+++ b/usr.sbin/bgpctl/parser.c
:@@ -413,7 +413,7 @@ int parse_addr(const char *, 
struct bgpd_addr *);
: intparse_asnum(const char *, size_t, u_int32_t *);
: intparse_number(const char *, struct parse_result *,
:enum token_type);
:-intgetcommunity(const char *);
:+intgetcommunity(const char *, int);
: intparse_community(const char *, struct parse_result *);
: u_int  getlargecommunity(const char *);
: intparse_largecommunity(const char *, struct parse_result 
*);
:@@ -927,7 +927,7 @@ parse_number(const char *word, struct parse_result *r, 
enum token_type type)
: }
: 
: int
:-getcommunity(const char *s)
:+getcommunity(const char *s, int msb)
: {
:   const char  *errstr;
:   u_int16_tuval;
:@@ -935,6 +935,9 @@ getcommunity(const char *s)
:   if (strcmp(s, "*") == 0)
:   return (COMMUNITY_ANY);
: 
:+  if (msb == 1 && strcmp(s, "WELLKNOWN") == 0)
:+  return (COMMUNITY_WELLKNOWN);
:+
:   uval = strtonum(s, 0, USHRT_MAX, );
:   if (errstr)
:   errx(1, "Community is %s: %s", errstr, s);
:@@ -978,8 +981,8 @@ parse_community(const char *word, struct parse_result *r)
:   }
:   *p++ = 0;
: 
:-  as = getcommunity(word);
:-  type = getcommunity(p);
:+  as = getcommunity(word, 1);
:+  type = getcommunity(p, 0);
: 
: done:
:   if (as == 0) {
:@@ -994,10 +997,6 @@ done:
:   case COMMUNITY_BLACKHOLE:
:   /* valid */
:   break;
:-  default:
:-  /* unknown */
:-  fprintf(stderr, "Unknown well-known community\n");
:-  return (0);
:   }
: 
:   if ((fs = calloc(1, sizeof(struct filter_set))) == NULL)
:diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
:index f0c96051e17..73bdb3a0cb9 100644
:--- a/usr.sbin/bgpd/parse.y
:+++ b/usr.sbin/bgpd/parse.y
:@@ -146,7 +146,7 @@ voidcopy_filterset(struct filter_set_head 
*,
: void   merge_filter_lists(struct filter_head *, struct filter_head *);
: struct filter_rule*get_rule(enum action_types);
: 
:-intgetcommunity(char *);
:+intgetcommunity(char *, int);
: intparsecommunity(struct filter_community *, char *);
: int64_tgetlargecommunity(char *);
: intparselargecommunity(struct filter_largecommunity *, char *);
:@@ -2963,11 +2963,13 @@ symget(const char *nam)
: }
: 
: int
:-getcommunity(char *s)
:+getcommunity(char *s, int msb)
: {
:   int  val;
:   const char  *errstr;
: 
:+  if (msb == 1 && strcmp(s, "WELLKNOWN") == 0)
:+  return (COMMUNITY_WELLKNOWN);
:   if (strcmp(s, "*") == 0)
:   return (COMMUNITY_ANY);
:   if (strcmp(s, "neighbor-as") == 0)
:@@ -3017,15 +3019,11 @@ parsecommunity(struct filter_community *c, char *s)
:   }
:   *p++ = 0;
: 
:-  if ((i = getcommunity(s)) == COMMUNITY_ERROR)
:+  if ((i = getcommunity(s, 1)) == COMMUNITY_ERROR)
:   return (-1);
:-  if (i == COMMUNITY_WELLKNOWN) {
:-  yyerror("Bad community AS number");
:-  return (-1);
:-  }
:   as = i;
: 
:-  if ((i = getcommunity(p)) == COMMUNITY_ERROR)
:+  if ((i = getcommunity(p, 0)) == COMMUNITY_ERROR)
:   return (-1);
:   c->as = as;
:   c->type = i;
:

-- 
There is nothing wrong with 

Re: [PATCH 3/3] openbgpd: Add well-known community GRACEFUL_SHUTDOWN

[Peter Hessler]

OK

On 2017 Jun 23 (Fri) at 16:02:13 +0200 (+0200), Job Snijders wrote:
:Dear team,
:
:This patch adds support for the "graceful shutdown" well-known
:community as described in draft-ietf-grow-bgp-gshut.
:
:An example implementation would be to add the following to your
:bgpd.conf:
:
:match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
:
:Kind regards,
:
:Job
:
:---
: etc/examples/bgpd.conf| 4 
: usr.sbin/bgpctl/bgpctl.c  | 3 +++
: usr.sbin/bgpctl/parser.c  | 7 ++-
: usr.sbin/bgpd/bgpd.conf.5 | 2 ++
: usr.sbin/bgpd/bgpd.h  | 1 +
: usr.sbin/bgpd/parse.y | 6 +-
: 6 files changed, 21 insertions(+), 2 deletions(-)
:
:diff --git a/etc/examples/bgpd.conf b/etc/examples/bgpd.conf
:index 2ec37b2c752..1caf200ceab 100644
:--- a/etc/examples/bgpd.conf
:+++ b/etc/examples/bgpd.conf
:@@ -87,6 +87,10 @@ allow from any inet6 prefixlen 16 - 48
: #allow from any prefix 0.0.0.0/0
: #allow from any prefix ::/0
: 
:+# Honor requests to gracefully shutdown BGP sessions
:+# https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut
:+match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
:+
: # https://www.arin.net/announcements/2014/20140130.html
: # This block will be subject to a minimum size allocation of /28 and a
: # maximum size allocation of /24. ARIN should use sparse allocation when
:diff --git a/usr.sbin/bgpctl/bgpctl.c b/usr.sbin/bgpctl/bgpctl.c
:index 4d9701da35b..8baa8be0ff2 100644
:--- a/usr.sbin/bgpctl/bgpctl.c
:+++ b/usr.sbin/bgpctl/bgpctl.c
:@@ -1532,6 +1532,9 @@ show_community(u_char *data, u_int16_t len)
:   v = ntohs(v);
:   if (a == COMMUNITY_WELLKNOWN)
:   switch (v) {
:+  case COMMUNITY_GRACEFUL_SHUTDOWN:
:+  printf("GRACEFUL_SHUTDOWN");
:+  break;
:   case COMMUNITY_NO_EXPORT:
:   printf("NO_EXPORT");
:   break;
:diff --git a/usr.sbin/bgpctl/parser.c b/usr.sbin/bgpctl/parser.c
:index 0d1e5d9fb3a..4ea16533b71 100644
:--- a/usr.sbin/bgpctl/parser.c
:+++ b/usr.sbin/bgpctl/parser.c
:@@ -953,7 +953,11 @@ parse_community(const char *word, struct parse_result *r)
:   int  as, type;
: 
:   /* Well-known communities */
:-  if (strcasecmp(word, "NO_EXPORT") == 0) {
:+  if (strcasecmp(word, "GRACEFUL_SHUTDOWN") == 0) {
:+  as = COMMUNITY_WELLKNOWN;
:+  type = COMMUNITY_GRACEFUL_SHUTDOWN;
:+  goto done;
:+  } else if (strcasecmp(word, "NO_EXPORT") == 0) {
:   as = COMMUNITY_WELLKNOWN;
:   type = COMMUNITY_NO_EXPORT;
:   goto done;
:@@ -991,6 +995,7 @@ done:
:   }
:   if (as == COMMUNITY_WELLKNOWN)
:   switch (type) {
:+  case COMMUNITY_GRACEFUL_SHUTDOWN:
:   case COMMUNITY_NO_EXPORT:
:   case COMMUNITY_NO_ADVERTISE:
:   case COMMUNITY_NO_EXPSUBCONFED:
:diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5
:index 6cecd7a5a80..3afc54ef385 100644
:--- a/usr.sbin/bgpd/bgpd.conf.5
:+++ b/usr.sbin/bgpd/bgpd.conf.5
:@@ -1173,6 +1173,7 @@ to do wildcard matching.
: Alternatively, well-known communities may be given by name instead and
: include
: .Ic BLACKHOLE ,
:+.Ic GRACEFUL_SHUTDOWN ,
: .Ic NO_EXPORT ,
: .Ic NO_ADVERTISE ,
: .Ic NO_EXPORT_SUBCONFED ,
:@@ -1444,6 +1445,7 @@ is an AS number and
: is a locally-significant number between zero and
: .Li 65535 .
: Alternately, well-known communities may be specified by name:
:+.Ic GRACEFUL_SHUTDOWN ,
: .Ic NO_EXPORT ,
: .Ic NO_ADVERTISE ,
: .Ic NO_EXPORT_SUBCONFED ,
:diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h
:index db52f858241..ef4e30ffd94 100644
:--- a/usr.sbin/bgpd/bgpd.h
:+++ b/usr.sbin/bgpd/bgpd.h
:@@ -750,6 +750,7 @@ struct filter_peers {
: #define   COMMUNITY_LOCAL_AS  -4
: #define   COMMUNITY_UNSET -5
: #define   COMMUNITY_WELLKNOWN 0x
:+#define   COMMUNITY_GRACEFUL_SHUTDOWN 0x  /* 
draft-ietf-grow-bgp-gshut */
: #define   COMMUNITY_BLACKHOLE 0x029A  /* RFC 7999 */
: #define   COMMUNITY_NO_EXPORT 0xff01
: #define   COMMUNITY_NO_ADVERTISE  0xff02
:diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
:index 73bdb3a0cb9..0b09f83bc0a 100644
:--- a/usr.sbin/bgpd/parse.y
:+++ b/usr.sbin/bgpd/parse.y
:@@ -2991,7 +2991,11 @@ parsecommunity(struct filter_community *c, char *s)
:   int i, as;
: 
:   /* Well-known communities */
:-  if (strcasecmp(s, "NO_EXPORT") == 0) {
:+  if (strcasecmp(s, "GRACEFUL_SHUTDOWN") == 0) {
:+  c->as = COMMUNITY_WELLKNOWN;
:+  c->type = COMMUNITY_GRACEFUL_SHUTDOWN;
:+  return (0);
:+  } else if (strcasecmp(s, "NO_EXPORT") == 0) {
:   c->as = COMMUNITY_WELLKNOWN;
:   c->type = COMMUNITY_NO_EXPORT;
:   

Re: [PATCH 1/3] openbgpd: Allow localpref of zero

[Peter Hessler]

OK

On 2017 Jun 23 (Fri) at 16:01:16 +0200 (+0200), Job Snijders wrote:
:Dear team,
:
:The lowest valid BGP LOCAL_PREF is 0, allowing bgpd to set 0 too will
:accomodate interopability.
:
:Kind regards,
:
:Job
:
:--- a/usr.sbin/bgpd/parse.y
:+++ b/usr.sbin/bgpd/parse.y
:@@ -1988,7 +1988,7 @@ filter_set_opt   : LOCALPREF NUMBER  {
:   }
:   if (($$ = calloc(1, sizeof(struct filter_set))) == NULL)
:   fatal(NULL);
:-  if ($2 > 0) {
:+  if ($2 >= 0) {
:   $$->type = ACTION_SET_LOCALPREF;
:   $$->action.metric = $2;
:   } else {
:

-- 
"A radioactive cat has eighteen half-lives."

Re: tcpdump: enable some more bgp info

[Peter Hessler]

On 2017 May 30 (Tue) at 10:21:17 +0200 (+0200), Michal Mazurek wrote:
:On 12:15:06, 29.05.17, Job Snijders wrote:
:> perhaps add a comment like /* RFC 6608 */ above the below:
:
:Right, it will make it more consistent.
:
:> > +static const char *bgpnotify_minor_fsm[] = {
:> > +  NULL, "In OpenSent State", "In OpenConfirm State",
:> > +  "In Established State",
:> > +};
:> 
:> and maybe s/NULL/"Unspecified Error"/
:
:If it's NULL, then tcpdump will print out the number:
:
:   if (p == NULL) {
:   snprintf(buf, sizeof(buf), "#%d", minor);
:
:

OK


:Index: usr.sbin/tcpdump/print-bgp.c
:===
:RCS file: /cvs/src/usr.sbin/tcpdump/print-bgp.c,v
:retrieving revision 1.21
:diff -u -p -r1.21 print-bgp.c
:--- usr.sbin/tcpdump/print-bgp.c   24 Apr 2017 20:35:35 -  1.21
:+++ usr.sbin/tcpdump/print-bgp.c   30 May 2017 08:12:17 -
:@@ -226,6 +226,16 @@ static const char *bgpnotify_minor_updat
:   "Invalid Network Field", "Malformed AS_PATH",
: };
: 
:+static const char *bgpnotify_minor_holdtime[] = {
:+  NULL,
:+};
:+
:+/* RFC 6608 */
:+static const char *bgpnotify_minor_fsm[] = {
:+  NULL, "In OpenSent State", "In OpenConfirm State",
:+  "In Established State",
:+};
:+
: /* RFC 4486 */
: #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
: /* draft-ietf-idr-shutdown-07 */
:@@ -246,14 +256,16 @@ static const char *bgpnotify_minor_cap[]
: 
: static const char **bgpnotify_minor[] = {
:   NULL, bgpnotify_minor_msg, bgpnotify_minor_open, bgpnotify_minor_update,
:+  bgpnotify_minor_holdtime, bgpnotify_minor_fsm, bgpnotify_minor_cease,
:+  bgpnotify_minor_cap,
: };
: static const int bgpnotify_minor_siz[] = {
:   0,
:   sizeof(bgpnotify_minor_msg)/sizeof(bgpnotify_minor_msg[0]),
:   sizeof(bgpnotify_minor_open)/sizeof(bgpnotify_minor_open[0]),
:   sizeof(bgpnotify_minor_update)/sizeof(bgpnotify_minor_update[0]),
:-  0,
:-  0,
:+  sizeof(bgpnotify_minor_holdtime)/sizeof(bgpnotify_minor_holdtime[0]),
:+  sizeof(bgpnotify_minor_fsm)/sizeof(bgpnotify_minor_fsm[0]),
:   sizeof(bgpnotify_minor_cease)/sizeof(bgpnotify_minor_cease[0]),
:   sizeof(bgpnotify_minor_cap)/sizeof(bgpnotify_minor_cap[0]),
: };
:
:-- 
:Michal Mazurek
:

-- 
There once was a man named Eugene
Who invented a screwing machine
Concave and convex
It served either sex
And it played with itself in between.

Re: bgpd on other rdomains

[Peter Hessler]

looks fine to me, OK


On 2017 May 28 (Sun) at 19:12:34 +0200 (+0200), Sebastian Benoit wrote:
:Hi,
:
:testing hennigs diff i found having to specify the socket on the command
:line annoying:
:
:  bgpctl -s /var/run/rdomain123.bgpd.sock sh rib
:
:srly?
:
:I figure when you are debuging things in rdomain , you will want to route
:-T  exec ksh anyway, so this makes bgpd create /var/run/bgpd.sock. when 
run in rdomain
:, and bgpctl to use /var/run/bgpd.sock. when run in rdomain .
:
:ok?
:
:(claudio suggested that we should do this in other routing daemons too - i
:will send diffs if this is acceptable).
:
:diff --git usr.sbin/bgpctl/bgpctl.8 usr.sbin/bgpctl/bgpctl.8
:index c17f4dcdd37..60e88f1f048 100644
:--- usr.sbin/bgpctl/bgpctl.8
:+++ usr.sbin/bgpctl/bgpctl.8
:@@ -44,10 +44,14 @@ Show neighbors' IP addresses instead of their description.
: .It Fl s Ar socket
: Use
: .Ar socket
:+to communicate with
:+.Xr bgpd 8
: instead of the default
: .Pa /var/run/bgpd.sock
:-to communicate with
:-.Xr bgpd 8 .
:+when run in routing domain 0, or
:+.Pa /var/run/bgpd.sock.
:+when run in routing domain
:+.Ar  .
: .El
: .Pp
: The commands are as follows:
:diff --git usr.sbin/bgpctl/bgpctl.c usr.sbin/bgpctl/bgpctl.c
:index c1acceec05c..f30e20b73fa 100644
:--- usr.sbin/bgpctl/bgpctl.c
:+++ usr.sbin/bgpctl/bgpctl.c
:@@ -20,6 +20,7 @@
: 
: #include 
: #include 
:+#include 
: #include 
: #include 
: #include 
:@@ -117,19 +118,27 @@ int
: main(int argc, char *argv[])
: {
:   struct sockaddr_un   sun;
:-  int  fd, n, done, ch, nodescr = 0, verbose = 0;
:+  int  fd, n, done, ch, nodescr = 0, verbose = 0, r;
:   struct imsg  imsg;
:   struct network_confignet;
:   struct parse_result *res;
:   struct ctl_neighbor  neighbor;
:   struct ctl_show_rib_request ribreq;
:-  char*sockname;
:+  struct stat  sb;
:+  char*sockname, *sockname_r = NULL;
:   enum imsg_type   type;
: 
:+  sockname = SOCKET_NAME;
:+  if ((r = getrtable()) > 0) {
:+  if (asprintf(_r, "%s.%d", SOCKET_NAME, r) == -1)
:+  err(1, "asprintf");
:+  if (stat(sockname_r, ) == 0)
:+  sockname = sockname_r;
:+  }
:+
:   if (pledge("stdio rpath wpath cpath unix inet dns", NULL) == -1)
:   err(1, "pledge");
: 
:-  sockname = SOCKET_NAME;
:   while ((ch = getopt(argc, argv, "ns:")) != -1) {
:   switch (ch) {
:   case 'n':
:@@ -173,6 +182,7 @@ main(int argc, char *argv[])
:   errx(1, "socket name too long");
:   if (connect(fd, (struct sockaddr *), sizeof(sun)) == -1)
:   err(1, "connect: %s", sockname);
:+  free(sockname_r);
: 
:   if (pledge("stdio rpath wpath", NULL) == -1)
:   err(1, "pledge");
:diff --git usr.sbin/bgpd/bgpd.conf.5 usr.sbin/bgpd/bgpd.conf.5
:index 2baaf5e3897..c6b05dbef89 100644
:--- usr.sbin/bgpd/bgpd.conf.5
:+++ usr.sbin/bgpd/bgpd.conf.5
:@@ -413,7 +413,13 @@ If
: is specified a restricted control socket will be created.
: By default
: .Pa /var/run/bgpd.sock
:-is used and no restricted socket is created.
:+is used when
:+.Xr bgpd 8
:+is run in routing domain 0, and
:+.Pa /var/run/bgpd.sock.
:+when run in routing domain
:+.Ar  .
:+By default, no restricted socket is created.
: .Pp
: .It Xo
: .Ic transparent-as
:diff --git usr.sbin/bgpd/config.c usr.sbin/bgpd/config.c
:index adbfaf380ee..33d89311677 100644
:--- usr.sbin/bgpd/config.c
:+++ usr.sbin/bgpd/config.c
:@@ -28,6 +28,7 @@
: #include 
: #include 
: #include 
:+#include 
: #include 
: #include 
: 
:@@ -44,7 +45,8 @@ void free_rdomains(struct rdomain_head *);
: struct bgpd_config *
: new_config(void)
: {
:-  struct bgpd_config *conf;
:+  struct bgpd_config  *conf;
:+  int  r;
: 
:   if ((conf = calloc(1, sizeof(struct bgpd_config))) == NULL)
:   fatal(NULL);
:@@ -53,7 +55,10 @@ new_config(void)
:   conf->bgpid = get_bgpid();
:   conf->fib_priority = RTP_BGP;
: 
:-  if ((conf->csock = strdup(SOCKET_NAME)) == NULL)
:+  if ((r = getrtable()) > 0) {
:+  if (asprintf(>csock, "%s.%d", SOCKET_NAME, r) == -1)
:+  fatal(NULL);
:+  } else if ((conf->csock = strdup(SOCKET_NAME)) == NULL)
:   fatal(NULL);
: 
:   if ((conf->filters = calloc(1, sizeof(struct filter_head))) == NULL)
:

-- 
"The Schizophrenic: An Unauthorized Autobiography"

Re: Throttle bgpd's RDE if the client is slow

[Peter Hessler]

This improves our AMS-IX border router (200 configured sessions, plus
Route Servers) starting performance.

>From 45 minutes to bring everyone up, to 3 minutes, and bgpctl stays
acceptably responsive during the thundering herd.  Memory pressure is
also far more relaxed.

OK


On 2017 May 26 (Fri) at 21:27:46 +0200 (+0200), Claudio Jeker wrote:
:Both bgpctl and bgp neighbors are often not fast enough to keep up with
:the RDE. The result is quite a bit of memory bloat or some ugly
:workarounds for bgpctl which can result in starving other bgpctl calls to
:death.
:
:This implements a simple XON / XOFF protocol for peers and control
:sessions and helps reducing the pain on busy boxes. It is a first step.
:There is still some major changes needed to reduce the update overhead
:seen when many session start up at the same time.
:
:I would love to hear from people with larger setups if there are any
:problems.
:-- 
::wq Claudio
:
:
:Index: bgpd.h
:===
:RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
:retrieving revision 1.300
:diff -u -p -r1.300 bgpd.h
:--- bgpd.h 25 Jan 2017 00:11:07 -  1.300
:+++ bgpd.h 25 Jan 2017 04:22:34 -
:@@ -87,13 +87,17 @@
: #define   F_RTLABEL   0x1
: 
: /*
:- * Limit the number of control messages generated by the RDE and queued in
:- * session engine. The RDE limit defines how many imsg are generated in
:- * one poll round. Then if the SE limit is hit the RDE control socket will no
:- * longer be polled.
:+ * Limit the number of messages queued in the session engine.
:+ * The SE will send an IMSG_XOFF messages to the RDE if the high water mark
:+ * is reached. The RDE should then throttle this peer or control connection.
:+ * Once the message queue in the SE drops below the low water mark an
:+ * IMSG_XON message will be sent and the RDE will produce more messages again.
:  */
: #define RDE_RUNNER_ROUNDS 100
:-#define SESSION_CTL_QUEUE_MAX 1
:+#define SESS_MSG_HIGH_MARK300
:+#define SESS_MSG_LOW_MARK 50
:+#define CTL_MSG_HIGH_MARK 500
:+#define CTL_MSG_LOW_MARK  100
: 
: enum bgpd_process {
:   PROC_MAIN,
:@@ -425,7 +429,9 @@ enum imsg_type {
:   IMSG_PFTABLE_COMMIT,
:   IMSG_REFRESH,
:   IMSG_IFINFO,
:-  IMSG_DEMOTE
:+  IMSG_DEMOTE,
:+  IMSG_XON,
:+  IMSG_XOFF
: };
: 
: struct demote_msg {
:Index: control.c
:===
:RCS file: /cvs/src/usr.sbin/bgpd/control.c,v
:retrieving revision 1.87
:diff -u -p -r1.87 control.c
:--- control.c  13 Feb 2017 14:48:44 -  1.87
:+++ control.c  16 Feb 2017 19:20:23 -
:@@ -213,11 +213,16 @@ control_dispatch_msg(struct pollfd *pfd,
:   return (0);
:   }
: 
:-  if (pfd->revents & POLLOUT)
:+  if (pfd->revents & POLLOUT) {
:   if (msgbuf_write(>ibuf.w) <= 0 && errno != EAGAIN) {
:   *ctl_cnt -= control_close(pfd->fd);
:   return (1);
:   }
:+  if (c->throttled && c->ibuf.w.queued < CTL_MSG_LOW_MARK) {
:+  if (imsg_ctl_rde(IMSG_XON, c->ibuf.pid, NULL, 0) != -1)
:+  c->throttled = 0;
:+  }
:+  }
: 
:   if (!(pfd->revents & POLLIN))
:   return (0);
:@@ -521,6 +526,11 @@ control_imsg_relay(struct imsg *imsg)
: 
:   if ((c = control_connbypid(imsg->hdr.pid)) == NULL)
:   return (0);
:+
:+  if (!c->throttled && c->ibuf.w.queued > CTL_MSG_HIGH_MARK) {
:+  if (imsg_ctl_rde(IMSG_XOFF, imsg->hdr.pid, NULL, 0) != -1)
:+  c->throttled = 1;
:+  }
: 
:   return (imsg_compose(>ibuf, imsg->hdr.type, 0, imsg->hdr.pid, -1,
:   imsg->data, imsg->hdr.len - IMSG_HEADER_SIZE));
:Index: rde.c
:===
:RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
:retrieving revision 1.361
:diff -u -p -r1.361 rde.c
:--- rde.c  25 Jan 2017 03:21:55 -  1.361
:+++ rde.c  26 May 2017 18:57:51 -
:@@ -76,7 +76,7 @@ void  rde_update_log(const char *, u_in
: void   rde_as4byte_fixup(struct rde_peer *, struct rde_aspath *);
: void   rde_reflector(struct rde_peer *, struct rde_aspath *);
: 
:-void   rde_dump_rib_as(struct prefix *, struct rde_aspath *,pid_t,
:+void   rde_dump_rib_as(struct prefix *, struct rde_aspath *, pid_t,
:int);
: void   rde_dump_filter(struct prefix *,
:struct ctl_show_rib_request *);
:@@ -86,8 +86,14 @@ void rde_dump_upcall(struct rib_entry 
: void   rde_dump_prefix_upcall(struct rib_entry *, void *);
: void   rde_dump_ctx_new(struct ctl_show_rib_request *, pid_t,
:enum imsg_type);
:-void   rde_dump_mrt_new(struct mrt *, pid_t, int);
:+void   rde_dump_ctx_throttle(pid_t pid, int throttle);

[bgpd] enforce local-as no

[Peter Hessler]

Allow us to receive our own AS paths from a neighbor.

Like several of the related diffs, this also invites dragons and grues
into your network.

Probably needs the most love in the man page, as usual ;).

OK?


Index: bgpd.conf.5
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.154
diff -u -p -u -p -r1.154 bgpd.conf.5
--- bgpd.conf.5 27 May 2017 10:33:15 -  1.154
+++ bgpd.conf.5 27 May 2017 12:49:42 -
@@ -767,6 +767,19 @@ section in
 .Sx GLOBAL CONFIGURATION .
 .Pp
 .It Xo
+.Ic enforce local-as
+.Pq Ic yes Ns | Ns Ic no
+.Xc
+If set to
+.Ic no ,
+.Em AS paths
+will not be checked for AS loop detection.
+Since there is no AS path loop check, this option is dangerous, and
+requires you to add filters to prevent receiving your own prefixes.
+The default value is
+.Ic yes .
+.Pp
+.It Xo
 .Ic enforce neighbor-as
 .Pq Ic yes Ns | Ns Ic no
 .Xc
Index: bgpd.h
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.303
diff -u -p -u -p -r1.303 bgpd.h
--- bgpd.h  27 May 2017 12:09:27 -  1.303
+++ bgpd.h  27 May 2017 12:34:57 -
@@ -309,6 +309,7 @@ struct peer_config {
u_int32_tmax_prefix;
enum announce_type   announce_type;
enum enforce_as  enforce_as;
+   enum enforce_as  enforce_local_as;
enum reconf_action   reconf_action;
u_int16_tmax_prefix_restart;
u_int16_tholdtime;
Index: parse.y
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.303
diff -u -p -u -p -r1.303 parse.y
--- parse.y 27 May 2017 10:33:15 -  1.303
+++ parse.y 27 May 2017 12:35:33 -
@@ -1183,6 +1183,12 @@ peeropts : REMOTEAS as4number{
else
curpeer->conf.enforce_as = ENFORCE_AS_OFF;
}
+   | ENFORCE LOCALAS yesno {
+   if ($3)
+   curpeer->conf.enforce_local_as = ENFORCE_AS_ON;
+   else
+   curpeer->conf.enforce_local_as = ENFORCE_AS_OFF;
+   }
| MAXPREFIX NUMBER restart {
if ($2 < 0 || $2 > UINT_MAX) {
yyerror("bad maximum number of prefixes");
@@ -3690,6 +3696,8 @@ neighbor_consistent(struct peer *p)
if (p->conf.enforce_as == ENFORCE_AS_UNDEF)
p->conf.enforce_as = p->conf.ebgp ?
ENFORCE_AS_ON : ENFORCE_AS_OFF;
+   if (p->conf.enforce_local_as == ENFORCE_AS_UNDEF)
+   p->conf.enforce_local_as = ENFORCE_AS_ON;
 
/* EBGP neighbors are not allowed in route reflector clusters */
if (p->conf.reflector_client && p->conf.ebgp) {
Index: printconf.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.102
diff -u -p -u -p -r1.102 printconf.c
--- printconf.c 27 May 2017 10:33:15 -  1.102
+++ printconf.c 27 May 2017 12:38:13 -
@@ -470,6 +470,10 @@ print_peer(struct peer_config *p, struct
printf("%s\tenforce neighbor-as yes\n", c);
else
printf("%s\tenforce neighbor-as no\n", c);
+   if (p->enforce_local_as == ENFORCE_AS_ON)
+   printf("%s\tenforce local-as yes\n", c);
+   else
+   printf("%s\tenforce local-as no\n", c);
if (p->reflector_client) {
if (conf->clusterid == 0)
printf("%s\troute-reflector\n", c);
Index: rde.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.362
diff -u -p -u -p -r1.362 rde.c
--- rde.c   27 May 2017 10:33:15 -  1.362
+++ rde.c   27 May 2017 12:41:06 -
@@ -1104,6 +1104,7 @@ rde_update_dispatch(struct imsg *imsg)
 
/* aspath needs to be loop free nota bene this is not a hard error */
if (peer->conf.ebgp &&
+   peer->conf.enforce_local_as == ENFORCE_AS_ON &&
!aspath_loopfree(asp->aspath, peer->conf.local_as))
asp->flags |= F_ATTR_LOOP;
 



-- 
The porcupine with the sharpest quills gets stuck on a tree more often.

[bgpd] local-as for use in filters

[Peter Hessler]

Right now, we have 'neighbor-as' that can be used as magic syntax sugar
for filter rules.  I want to have magic syntax sugar for 'local-as',
which expands to our ASN.  It already plays nicely with the local-as
diff I sent, and can be committed in either order.

match in from $neighbor set community local-as:neighbor-as
  
OK?


Index: bgpd.conf.5
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.152
diff -u -p -u -p -r1.152 bgpd.conf.5
--- bgpd.conf.5 13 Jan 2017 18:59:12 -  1.152
+++ bgpd.conf.5 27 May 2017 10:12:23 -
@@ -1079,7 +1079,9 @@ is an AS number as explained above under
 .Sx GLOBAL CONFIGURATION .
 It may be set to
 .Ic neighbor-as ,
-which is expanded to the current neighbor remote AS number.
+which is expanded to the current neighbor remote AS number, or
+.Ic self-as ,
+which is expanded to the locally assigned AS number.
 .Pp
 The
 .Ar operator
@@ -1149,7 +1151,9 @@ and
 .Ar local
 may be set to
 .Ic neighbor-as ,
-which is expanded to the current neighbor remote AS number.
+which is expanded to the current neighbor remote AS number, or
+.Ic self-as ,
+which is expanded to the locally assigned AS number.
 .Pp
 .It Xo
 .Ic large-community
@@ -1181,7 +1185,9 @@ and
 .Ar local
 may be set to
 .Ic neighbor-as ,
-which is expanded to the current neighbor remote AS number.
+which is expanded to the current neighbor remote AS number,
+.Ic self-as ,
+which is expanded to the locally assigned AS number.
 .Pp
 .It Xo
 .Ic ext-community
Index: bgpd.h
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 bgpd.h
--- bgpd.h  25 Jan 2017 00:11:07 -  1.300
+++ bgpd.h  27 May 2017 09:31:25 -
@@ -739,7 +739,8 @@ struct filter_peers {
 #defineCOMMUNITY_ERROR -1
 #defineCOMMUNITY_ANY   -2
 #defineCOMMUNITY_NEIGHBOR_AS   -3
-#defineCOMMUNITY_UNSET -4
+#defineCOMMUNITY_LOCAL_AS  -4
+#defineCOMMUNITY_UNSET -5
 #defineCOMMUNITY_WELLKNOWN 0x
 #defineCOMMUNITY_BLACKHOLE 0x029A  /* 
draft-ymbk-grow-blackholing-01 */
 #defineCOMMUNITY_NO_EXPORT 0xff01
Index: parse.y
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.301
diff -u -p -u -p -r1.301 parse.y
--- parse.y 26 May 2017 20:55:30 -  1.301
+++ parse.y 27 May 2017 09:30:58 -
@@ -2953,6 +2953,8 @@ getcommunity(char *s)
return (COMMUNITY_ANY);
if (strcmp(s, "neighbor-as") == 0)
return (COMMUNITY_NEIGHBOR_AS);
+   if (strcmp(s, "local-as") == 0)
+   return (COMMUNITY_LOCAL_AS);
val = strtonum(s, 0, USHRT_MAX, );
if (errstr) {
yyerror("Community %s is %s (max: %u)", s, errstr, USHRT_MAX);
@@ -3022,6 +3024,8 @@ getlargecommunity(char *s)
return (COMMUNITY_ANY);
if (strcmp(s, "neighbor-as") == 0)
return (COMMUNITY_NEIGHBOR_AS);
+   if (strcmp(s, "local-as") == 0)
+   return (COMMUNITY_LOCAL_AS);
val = strtonum(s, 0, UINT_MAX, );
if (errstr) {
yyerror("Large Community %s is %s (max: %u)",
Index: printconf.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.100
diff -u -p -u -p -r1.100 printconf.c
--- printconf.c 24 Jan 2017 04:22:42 -  1.100
+++ printconf.c 27 May 2017 10:10:42 -
@@ -94,6 +94,8 @@ print_community(int as, int type)
printf("*:");
else if (as == COMMUNITY_NEIGHBOR_AS)
printf("neighbor-as:");
+   else if (as == COMMUNITY_LOCAL_AS)
+   printf("local-as:");
else
printf("%u:", (unsigned int)as);
 
@@ -101,6 +103,8 @@ print_community(int as, int type)
printf("* ");
else if (type == COMMUNITY_NEIGHBOR_AS)
printf("neighbor-as ");
+   else if (type == COMMUNITY_LOCAL_AS)
+   printf("local-as");
else
printf("%d ", type);
 }
@@ -112,6 +116,8 @@ print_largecommunity(int64_t as, int64_t
printf("*:");
else if (as == COMMUNITY_NEIGHBOR_AS)
printf("neighbor-as:");
+   else if (as == COMMUNITY_LOCAL_AS)
+   printf("local-as:");
else
printf("%lld:", as);
 
@@ -119,6 +125,8 @@ print_largecommunity(int64_t as, int64_t
printf("*:");
else if (ld1 == COMMUNITY_NEIGHBOR_AS)
printf("neighbor-as:");
+   else if (ld1 == COMMUNITY_LOCAL_AS)

Re: bgpd: local-as

[Peter Hessler]

On 2017 May 27 (Sat) at 11:05:30 +0200 (+0200), Peter Hessler wrote:
:On 2016 Sep 26 (Mon) at 20:09:13 +0200 (+0200), Peter Hessler wrote:
::We already have a local AS saved per peer.  Let's use it.  This is very
::useful when one needs to change their local AS.
::
::"
::neighbor 192.0.2.1 {
::  remote-as 65530
::  local-as 131000
::}
::"
::
::OK?
::
:
:Updated!
:
:Now it works far better, it supports "local-as 131000 65000", works
:better with prepend-self.
:
:You MUST use filters to protect yourself from receiving your own routes
:over the local-as peer.  There be dragons and grues.
:
:OK?
:

Only an updated man page bit:


Index: bgpd.conf.5
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.152
diff -u -p -u -p -r1.152 bgpd.conf.5
--- bgpd.conf.5 13 Jan 2017 18:59:12 -  1.152
+++ bgpd.conf.5 27 May 2017 10:04:03 -
@@ -874,6 +874,17 @@ is given,
 .Xr bgpd 8
 binds to this address first.
 .Pp
+.It Ic local-as Ar as-number Op Ar as-number
+Set the AS number sent to the remote system.
+Used as described above under
+.Sx GLOBAL CONFIGURATION
+option
+.Ic AS .
+.Pp
+Since there is no AS path loop check, this option is dangerous, and
+requires you to add filters to prevent receiving your ASNs.
+Intended to be used temporarily, for migrations to another AS.
+.Pp
 .It Ic log no
 Disable neighbor specific logging.
 .Pp



-- 
Procrastinators do it tomorrow.

Re: bgpd: local-as

[Peter Hessler]

On 2016 Sep 26 (Mon) at 20:09:13 +0200 (+0200), Peter Hessler wrote:
:We already have a local AS saved per peer.  Let's use it.  This is very
:useful when one needs to change their local AS.
:
:"
:neighbor 192.0.2.1 {
:   remote-as 65530
:   local-as 131000
:}
:"
:
:OK?
:

Updated!

Now it works far better, it supports "local-as 131000 65000", works
better with prepend-self.

You MUST use filters to protect yourself from receiving your own routes
over the local-as peer.  There be dragons and grues.

OK?


Index: bgpd.conf.5
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.152
diff -u -p -u -p -r1.152 bgpd.conf.5
--- bgpd.conf.5 13 Jan 2017 18:59:12 -  1.152
+++ bgpd.conf.5 27 May 2017 09:04:28 -
@@ -874,6 +874,17 @@ is given,
 .Xr bgpd 8
 binds to this address first.
 .Pp
+.It Ic local-as Ar as-number Op Ar as-number
+Set the AS number sent to the remote system.
+If the first AS number is a 4-byte AS it is possible to specify a secondary
+2-byte AS number which is used for neighbors which do not support 4-byte AS
+numbers.
+The default for the secondary AS is 23456.
+.Pp
+This option is dangerous, and requires you to add filters to prevent
+receiving your global ASN from this peer.
+Intended to be used temporarily, for migrations to another AS.
+.Pp
 .It Ic log no
 Disable neighbor specific logging.
 .Pp
Index: parse.y
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 parse.y
--- parse.y 26 May 2017 14:08:51 -  1.300
+++ parse.y 27 May 2017 08:55:02 -
@@ -188,7 +188,7 @@ typedef struct {
 %token RDOMAIN RD EXPORTTRGT IMPORTTRGT
 %token RDE RIB EVALUATE IGNORE COMPARE
 %token GROUP NEIGHBOR NETWORK
-%token REMOTEAS DESCR LOCALADDR MULTIHOP PASSIVE MAXPREFIX RESTART
+%token LOCALAS REMOTEAS DESCR LOCALADDR MULTIHOP PASSIVE MAXPREFIX RESTART
 %token ANNOUNCE CAPABILITIES REFRESH AS4BYTE CONNECTRETRY
 %token DEMOTE ENFORCE NEIGHBORAS REFLECTOR DEPEND DOWN SOFTRECONFIG
 %token DUMP IN OUT SOCKET RESTRICTED
@@ -1038,6 +1038,17 @@ peeroptsl: peeropts nl
 peeropts   : REMOTEAS as4number{
curpeer->conf.remote_as = $2;
}
+   | LOCALAS as4number {
+   curpeer->conf.local_as = $2;
+   if ($2 > USHRT_MAX)
+   curpeer->conf.local_short_as = AS_TRANS;
+   else
+   curpeer->conf.local_short_as = $2;
+   }
+   | LOCALAS as4number asnumber {
+   curpeer->conf.local_as = $2;
+   curpeer->conf.local_short_as = $3;
+   }
| DESCR string  {
if (strlcpy(curpeer->conf.descr, $2,
sizeof(curpeer->conf.descr)) >=
@@ -2369,6 +2380,7 @@ lookup(char *s)
{ "large-community",LARGECOMMUNITY},
{ "listen", LISTEN},
{ "local-address",  LOCALADDR},
+   { "local-as",   LOCALAS},
{ "localpref",  LOCALPREF},
{ "log",LOG},
{ "match",  MATCH},
Index: printconf.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.100
diff -u -p -u -p -r1.100 printconf.c
--- printconf.c 24 Jan 2017 04:22:42 -  1.100
+++ printconf.c 26 May 2017 18:01:32 -
@@ -414,6 +414,8 @@ print_peer(struct peer_config *p, struct
printf("%s\trib \"%s\"\n", c, p->rib);
if (p->remote_as)
printf("%s\tremote-as %s\n", c, log_as(p->remote_as));
+   if (p->local_as != conf->as)
+   printf("%s\tlocal-as %s\n", c, log_as(p->local_as));
if (p->down)
printf("%s\tdown\n", c);
if (p->distance > 1)
Index: rde.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.361
diff -u -p -u -p -r1.361 rde.c
--- rde.c   25 Jan 2017 03:21:55 -  1.361
+++ rde.c   27 May 2017 08:26:56 -
@@ -1103,7 +1103,8 @@ rde_update_dispatch(struct imsg *imsg)
p += 2 + attrpath_len;
 
/* aspath needs to be loop free nota bene this is not a hard error */
-   if (peer->conf.ebgp && !aspath_loopfree(asp->aspath, conf->as))
+   if (peer->conf.ebgp &&
+   !aspath_loopfree(asp->aspath, peer->conf.local_as))
  

Re: [bgpd] RFC 7607 Codification of AS 0 Processing

[Peter Hessler]

On 2017 May 26 (Fri) at 22:15:37 +0200 (+0200), Sebastian Benoit wrote:
:diff is ok, but please consider this:
:
:i think we should limit the list to the features we support so
:that users can check if a certain something should work or not.
:
:this is not a feature, this is a protocol clarification/stability issue.
:

Listing the RFC in the man page was requested by jmc@.

I don't have a strong feeling either way.

But, if we prefer not to list 7607, we should also not list 7606 as it
is clarification.


:otherwise the list gets longer and useless.
:
:if you leave this out, put a /* rfc 7607 */ comment next to the
:aspath_extract() below.
:

I added it, because I think it should have that even if the man page part
stays.


-- 
Money is the root of all evil, and man needs roots.

Re: [bgpd] RFC 7607 Codification of AS 0 Processing

[Peter Hessler]

On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote:
:Apropos of "I found it", I implemented support for RFC 7607.  It's a
:super short RFC, but basically it forbids use of AS 0 anywhere.
:
:OK?
:
:

Fixed some denglish in an error message, mention the RFC in the man
page, and don't take down the session if we receive AS0 in the path.


Index: bgpd.8
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.8,v
retrieving revision 1.52
diff -u -p -u -p -r1.52 bgpd.8
--- bgpd.8  19 Feb 2017 11:38:24 -  1.52
+++ bgpd.8  26 May 2017 18:29:49 -
@@ -357,6 +357,16 @@ control socket
 .Re
 .Pp
 .Rs
+.%A W. Kumari
+.%A R. Bush
+.%A H. Schiller
+.%A K. Patel
+.%D August 2015
+.%R RFC 7607
+.%T Codification of AS 0 Processing
+.Re
+.Pp
+.Rs
 .%D August 2011
 .%R draft-ietf-grow-mrt-17
 .%T MRT routing information export format
Index: parse.y
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 parse.y
--- parse.y 26 May 2017 14:08:51 -  1.300
+++ parse.y 26 May 2017 18:15:33 -
@@ -3661,6 +3661,11 @@ neighbor_consistent(struct peer *p)
return (-1);
}
 
+   if (p->conf.remote_as == 0) {
+   yyerror("peer AS may not be zero");
+   return (-1);
+   }
+
/* set default values if they where undefined */
p->conf.ebgp = (p->conf.remote_as != conf->as);
if (p->conf.announce_type == ANNOUNCE_UNDEF)
Index: rde_attr.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde_attr.c,v
retrieving revision 1.97
diff -u -p -u -p -r1.97 rde_attr.c
--- rde_attr.c  24 Jan 2017 04:22:42 -  1.97
+++ rde_attr.c  26 May 2017 19:29:04 -
@@ -460,6 +460,9 @@ aspath_verify(void *data, u_int16_t len,
if (seg_size == 0)
/* empty aspath segments are not allowed */
return (AS_ERR_BAD);
+
+   if (aspath_extract(seg, 0) == 0)
+   return (AS_ERR_BAD);
}
return (error); /* aspath is valid but probably not loop free */
 }
Index: session.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.359
diff -u -p -u -p -r1.359 session.c
--- session.c   13 Feb 2017 14:48:44 -  1.359
+++ session.c   5 May 2017 17:26:16 -
@@ -2017,6 +2017,14 @@ parse_open(struct peer *peer)
memcpy(_as, p, sizeof(short_as));
p += sizeof(short_as);
as = peer->short_as = ntohs(short_as);
+   if (as == 0) {
+   log_peer_warnx(>conf,
+   "peer requests unacceptable AS %u", as);
+   session_notification(peer, ERR_OPEN, ERR_OPEN_AS,
+   NULL, 0);
+   change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+   return (-1);
+   }
 
memcpy(, p, sizeof(oholdtime));
p += sizeof(oholdtime);
@@ -2477,6 +2485,14 @@ parse_capabilities(struct peer *peer, u_
}
memcpy(_as, capa_val, sizeof(remote_as));
*as = ntohl(remote_as);
+   if (*as == 0) {
+   log_peer_warnx(>conf,
+   "peer requests unacceptable AS %u", *as);
+   session_notification(peer, ERR_OPEN, 
ERR_OPEN_AS,
+   NULL, 0);
+   change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+   return (-1);
+   }
peer->capa.peer.as4byte = 1;
break;
default:




-- 
Madam, there's no such thing as a tough child -- if you parboil them
first for seven hours, they always come out tender.
-- W. C. Fields

[bgpd] RFC 7607 Codification of AS 0 Processing

[Peter Hessler]

Apropos of "I found it", I implemented support for RFC 7607.  It's a
super short RFC, but basically it forbids use of AS 0 anywhere.

OK?


Index: parse.y
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 parse.y
--- parse.y 26 May 2017 14:08:51 -  1.300
+++ parse.y 26 May 2017 17:55:11 -
@@ -3661,6 +3661,11 @@ neighbor_consistent(struct peer *p)
return (-1);
}
 
+   if (p->conf.remote_as == 0) {
+   yyerror("peer AS needs to be not zero");
+   return (-1);
+   }
+
/* set default values if they where undefined */
p->conf.ebgp = (p->conf.remote_as != conf->as);
if (p->conf.announce_type == ANNOUNCE_UNDEF)
Index: rde.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.361
diff -u -p -u -p -r1.361 rde.c
--- rde.c   25 Jan 2017 03:21:55 -  1.361
+++ rde.c   26 May 2017 17:43:30 -
@@ -1102,6 +1102,14 @@ rde_update_dispatch(struct imsg *imsg)
/* shift to NLRI information */
p += 2 + attrpath_len;
 
+   /* aspath must not contain AS 0 */
+   if (!aspath_loopfree(asp->aspath, 0)) {
+   log_peer_warnx(>conf, "bad AS 0 in UPDATE");
+   rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
+   NULL, 0);
+   goto done;
+   }
+
/* aspath needs to be loop free nota bene this is not a hard error */
if (peer->conf.ebgp && !aspath_loopfree(asp->aspath, conf->as))
asp->flags |= F_ATTR_LOOP;
Index: session.c
===
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.359
diff -u -p -u -p -r1.359 session.c
--- session.c   13 Feb 2017 14:48:44 -  1.359
+++ session.c   5 May 2017 17:26:16 -
@@ -2017,6 +2017,14 @@ parse_open(struct peer *peer)
memcpy(_as, p, sizeof(short_as));
p += sizeof(short_as);
as = peer->short_as = ntohs(short_as);
+   if (as == 0) {
+   log_peer_warnx(>conf,
+   "peer requests unacceptable AS %u", as);
+   session_notification(peer, ERR_OPEN, ERR_OPEN_AS,
+   NULL, 0);
+   change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+   return (-1);
+   }
 
memcpy(, p, sizeof(oholdtime));
p += sizeof(oholdtime);
@@ -2477,6 +2485,14 @@ parse_capabilities(struct peer *peer, u_
}
memcpy(_as, capa_val, sizeof(remote_as));
*as = ntohl(remote_as);
+   if (*as == 0) {
+   log_peer_warnx(>conf,
+   "peer requests unacceptable AS %u", *as);
+   session_notification(peer, ERR_OPEN, 
ERR_OPEN_AS,
+   NULL, 0);
+   change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+   return (-1);
+   }
peer->capa.peer.as4byte = 1;
break;
default:


-- 
Taxes, n.:
Of life's two certainties, the only one for which you can get
an extension.

Re: OpenBGPd: expand rib list (updated for r1.295)

[Peter Hessler]

Also looks good to me, OK



On 2017 Jan 20 (Fri) at 21:19:22 +0100 (+0100), Denis Fondras wrote:
:Hello,
:
:Here is a patch to expand RIB names in rules. When playing with multi-RIBs, it
:allows to simplify ruleset.
:
: Ex :
:# cat /etc/bgpd.conf
:[...]
:peer_ribs = "{ m1, m2, m3 }"
:deny rib m2 from any
:allow rib $peer_ribs from any prefix { 2001:db8:1::/48, 2001:db8:2::/48 }
:
:# bgpd -dnv
:[...]
:deny rib m2 from any 
:allow rib m3 from any prefix 2001:db8:2::/48 
:allow rib m3 from any prefix 2001:db8:1::/48 
:allow rib m2 from any prefix 2001:db8:2::/48 
:allow rib m2 from any prefix 2001:db8:1::/48 
:allow rib m1 from any prefix 2001:db8:2::/48 
:allow rib m1 from any prefix 2001:db8:1::/48 
:
:
:Index: parse.y
:===
:RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
:retrieving revision 1.295
:diff -u -p -r1.295 parse.y
:--- parse.y18 Jan 2017 04:28:45 -  1.295
:+++ parse.y20 Jan 2017 20:15:20 -
:@@ -91,6 +91,11 @@ static struct filter_rule   *curpeer_filte
: static struct filter_rule *curgroup_filter[2];
: static u_int32_t   id;
: 
:+struct filter_rib_l {
:+  struct filter_rib_l *next;
:+  char name[PEER_DESCR_LEN];
:+};
:+
: struct filter_peers_l {
:   struct filter_peers_l   *next;
:   struct filter_peers  p;
:@@ -128,8 +133,9 @@ struct rde_rib *find_rib(char *);
: intget_id(struct peer *);
: intmerge_prefixspec(struct filter_prefix_l *,
:   struct filter_prefixlen *);
:-intexpand_rule(struct filter_rule *, struct filter_peers_l *,
:-  struct filter_match_l *, struct filter_set_head *);
:+intexpand_rule(struct filter_rule *, struct filter_rib_l *,
:+  struct filter_peers_l *, struct filter_match_l *,
:+  struct filter_set_head *);
: intstr2key(char *, char *, size_t);
: intneighbor_consistent(struct peer *);
: intmerge_filterset(struct filter_set_head *, struct filter_set *);
:@@ -153,6 +159,7 @@ typedef struct {
:   char*string;
:   struct bgpd_addr addr;
:   u_int8_t u8;
:+  struct filter_rib_l *filter_rib;
:   struct filter_peers_l   *filter_peers;
:   struct filter_match_lfilter_match;
:   struct filter_prefix_l  *filter_prefix;
:@@ -203,10 +210,11 @@ typedef struct {
: %type   asnumber as4number as4number_any optnumber
: %type   espah family restart origincode nettype
: %type   yesno inout restricted
:-%type   string filter_rib
:+%type   string
: %type address
: %type   prefix addrspec
: %type   action quick direction delete
:+%type   filter_rib_h filter_rib_l filter_rib
: %type filter_peer filter_peer_l filter_peer_h
: %type filter_match filter_elm filter_match_h
: %typefilter_as filter_as_l filter_as_h
:@@ -1469,9 +1477,10 @@ encspec : /* nada */{
:   }
:   ;
: 
:-filterrule: action quick filter_rib direction filter_peer_h 
filter_match_h filter_set
:+filterrule: action quick filter_rib_h direction filter_peer_h 
filter_match_h filter_set
:   {
:   struct filter_rule   r;
:+  struct filter_rib_l  *rb, *rbnext;
: 
:   bzero(, sizeof(r));
:   r.action = $1;
:@@ -1481,25 +1490,15 @@ filterrule : action quick filter_rib dir
:   if (r.dir != DIR_IN) {
:   yyerror("rib only allowed on \"from\" "
:   "rules.");
:-  free($3);
:-  YYERROR;
:-  }
:-  if (!find_rib($3)) {
:-  yyerror("rib \"%s\" does not exist.",
:-  $3);
:-  free($3);
:-  YYERROR;
:-  }
:-  if (strlcpy(r.rib, $3, sizeof(r.rib)) >=
:-  sizeof(r.rib)) {
:-  yyerror("rib name \"%s\" too long: "
:-  "max %zu", $3, sizeof(r.rib) - 1);
:-  free($3);
:+
:+  for (rb = $3; rb != NULL; rb = rbnext) {
:+  rbnext = rb->next;
:+  free(rb);
:+  }
:   YYERROR;
: 

Re: [patch/openbgpd] make man example works

[Peter Hessler]

looks good to me, OK


On 2017 May 21 (Sun) at 19:36:36 +0200 (+0200), Denis Fondras wrote:
:Hi,
:
:bgpd.conf manual has an example with :
:
:good="{ 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
:bad="{ 224.0.0.0/4 prefixlen >= 4, 240.0.0.0/4 prefixlen >= 4 }"
:ugly="{ 127.0.0.1/8, 169.254.0.0/16 }"
:deny from any prefix { $good $bad $ugly } 
:
:This syntax is not valid with current parse.y.
:
:Here is a patch to make it valid.
:
:Index: parse.y
:===
:RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
:retrieving revision 1.298
:diff -u -p -r1.298 parse.y
:--- parse.y22 Feb 2017 13:55:14 -  1.298
:+++ parse.y21 May 2017 17:29:11 -
:@@ -217,6 +217,7 @@ typedef struct {
: %type   filter_set_opt
: %type  filter_set filter_set_l
: %typefilter_prefix filter_prefix_l filter_prefix_h
:+%typefilter_prefix_m
: %type   unaryop equalityop binaryop filter_as_type
: %type  encspec
: %%
:@@ -1615,8 +1616,22 @@ filter_prefix_h : IPV4 prefixlenop  
 {
:   }
:   }
:   | PREFIX filter_prefix  { $$ = $2; }
:-  | PREFIX '{' filter_prefix_l '}'{ $$ = $3; }
:+  | PREFIX '{' filter_prefix_m '}'{ $$ = $3; }
:   ;
:+
:+filter_prefix_m   : filter_prefix_l
:+  | '{' filter_prefix_l '}'   { $$ = $2; }
:+  | '{' filter_prefix_l '}' filter_prefix_m
:+  {
:+  struct filter_prefix_l  *p;
:+
:+  /* merge, both can be lists */
:+  for (p = $2; p != NULL && p->next != NULL; p = p->next)
:+  ;   /* nothing */
:+  if (p != NULL)
:+  p->next = $4;
:+  $$ = $2;
:+  } 
: 
: filter_prefix_l   : filter_prefix { $$ = $1; }
:   | filter_prefix_l comma filter_prefix   {
:

-- 
Keep your Eye on the Ball,
Your Shoulder to the Wheel,
Your Nose to the Grindstone,
Your Feet on the Ground,
Your Head on your Shoulders.
Now ... try to get something DONE!

Re: inteldrm: setup backlight pwm alternate increment on backlight enable

[Peter Hessler]

On 2017 Feb 10 (Fri) at 11:52:20 +1100 (+1100), Jonathan Gray wrote:
:On Thu, Feb 09, 2017 at 06:39:13PM -0600, joshua stein wrote:
:> I have no idea why there are chickens involved, but this fixes the
:> problem on at least the MacBookAir7,1 (Broadwell) where upon S3
:> resume, the backlight value is treated as 0 or 100 despite reporting
:> intermediate values, so if the backlight value was anything other
:> than 100 at suspend time, the screen will stay off upon resume.
:
:Chicken bits are overrides for functions like clock gating, if it turns
:out there is a hardware bug in a particular feature these bits are used
:to disable them.
:
:This diff seems reasonable but it would be nice to get some tests
:on non-apple broadwell hardware.
:

Tested on a broadwell Thinkpad x250, seems fine.  Changed the brightness
to 40%, then did a few suspend-resumes.

dmesg:

OpenBSD 6.0-current (GENERIC.MP) #21: Fri Feb 10 10:39:29 CET 2017
phess...@dante.txl.hsgate.de:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8277168128 (7893MB)
avail mem = 8021643264 (7650MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xccbfd000 (64 entries)
bios0: vendor LENOVO version "N10ET28W (1.05 )" date 01/23/2015
bios0: LENOVO 20CM001UGE
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI MSDM BATB FPDT UEFI DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2594.33 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2594330400 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, 

preliminary diff to add BFD support to OpenBGPD

[Peter Hessler]

Here is the inital support for OpenBGPD to understand BFD messages.

With this, when BFD detects failure, it sets the nexthop for that
neighbor to Invalid.  Conversely, when BFD sets the state to up, it
removes that flag, setting the nexthop to Valid.


# when BFD state to 203.0.113.9 is Up
$ bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination  gateway  lpref   med aspath origin
I*>   192.0.2.1/32 203.0.113.1100 0 i
AI*   192.0.2.1/32 0.0.0.0100 0 i
I*>   192.0.2.9/32 203.0.113.9100 0 i
I*>   198.51.100.9/32  203.0.113.9100 0 i
I*>   203.0.113.0/24   203.0.113.9100 0 i


# when BFD state to 203.0.113.9 is Down
$ bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination  gateway  lpref   med aspath origin
I*>   192.0.2.1/32 203.0.113.1100 0 i
AI*   192.0.2.1/32 0.0.0.0100 0 i
I 192.0.2.9/32 203.0.113.9100 0 i
I 198.51.100.9/32  203.0.113.9100 0 i
I 203.0.113.0/24   203.0.113.9100 0 i



Index: bgpd.c
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v
retrieving revision 1.188
diff -u -p -u -p -r1.188 bgpd.c
--- bgpd.c  24 Jan 2017 04:22:42 -  1.188
+++ bgpd.c  25 Jan 2017 09:47:10 -
@@ -778,6 +778,12 @@ send_network(int type, struct network_co
 int
 bgpd_filternexthop(struct kroute *kr, struct kroute6 *kr6)
 {
+   /* BFD routes are special */
+   if (kr && kr->flags & F_BFDDOWN && kr->prefixlen != 0)
+   return (1);
+   if (kr6 && kr6->flags & F_BFDDOWN && kr6->prefixlen != 0)
+   return (1);
+
/* kernel routes are never filtered */
if (kr && kr->flags & F_KERNEL && kr->prefixlen != 0)
return (0);
Index: bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 bgpd.h
--- bgpd.h  25 Jan 2017 00:11:07 -  1.300
+++ bgpd.h  25 Jan 2017 09:47:10 -
@@ -85,6 +85,8 @@
 #defineF_CTL_ADJ_OUT   0x4000
 #defineF_CTL_ACTIVE0x8000
 #defineF_RTLABEL   0x1
+#defineF_BFD   0x2
+#defineF_BFDDOWN   0x4
 
 /*
  * Limit the number of control messages generated by the RDE and queued in
@@ -522,7 +524,7 @@ struct kroute {
struct in_addr  prefix;
struct in_addr  nexthop;
u_int32_t   mplslabel;
-   u_int16_t   flags;
+   u_int32_t   flags;
u_int16_t   labelid;
u_short ifindex;
u_int8_tprefixlen;
@@ -532,7 +534,7 @@ struct kroute {
 struct kroute6 {
struct in6_addr prefix;
struct in6_addr nexthop;
-   u_int16_t   flags;
+   u_int32_t   flags;
u_int16_t   labelid;
u_short ifindex;
u_int8_tprefixlen;
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.211
diff -u -p -u -p -r1.211 kroute.c
--- kroute.c24 Jan 2017 04:22:42 -  1.211
+++ kroute.c25 Jan 2017 09:47:10 -
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -163,6 +164,7 @@ u_int8_tmask2prefixlen6(struct sockaddr
 void   get_rtaddrs(int, struct sockaddr *, struct sockaddr **);
 void   if_change(u_short, int, struct if_data *);
 void   if_announce(void *);
+void   bfd_msg(void *, struct sockaddr *);
 
 intsend_rtmsg(int, int, struct ktable *, struct kroute *,
u_int8_t);
@@ -2093,7 +2095,7 @@ kroute_validate(struct kroute *kr)
 {
struct kif_node *kif;
 
-   if (kr->flags & (F_REJECT | F_BLACKHOLE))
+   if (kr->flags & (F_REJECT | F_BLACKHOLE | F_BFDDOWN))
return (0);
 
if ((kif = kif_find(kr->ifindex)) == NULL) {
@@ -2113,7 +2115,7 @@ kroute6_validate(struct kroute6 *kr)
 {
struct kif_node *kif;
 
-   if (kr->flags & (F_REJECT | F_BLACKHOLE))
+   if (kr->flags & (F_REJECT | F_BLACKHOLE | F_BFDDOWN))
return (0);
 
if ((kif = kif_find(kr->ifindex)) == NULL) {
@@ -2510,6 +2512,80 @@ if_change(u_short ifindex, int flags, st
 }
 
 void
+bfd_msg(void *msg, struct sockaddr *sa)
+{
+   struct bfd_msghdr   *bfd;
+   struct ktable   *kt;
+   struct knexthop_node*kn;
+   struct kroute_node  *kr;
+   struct kroute6_node *kr6;
+   struct bgpd_addr prefix;
+   

Re: let bfd survive link-down

[Peter Hessler]

On 2017 Jan 24 (Tue) at 02:38:54 +0100 (+0100), Peter Hessler wrote:
:When an interface loses link, we delete all directly connected and
:cloned routes.  However, this means we also lose any BFD configuration
:on those routes.
:
:Surviving link-down is pretty much mandatory for BFD to work.
:
:So instead, I bypass the route deletion, and clean up the link-local
:gateway information.
:
:$ arp -n | grep 203.0.113.9
:203.0.113.9  (incomplete)  em1 expired   
:
:$ netstat -rnf inet | grep 203.0.113.9
:203.0.113.9link#2 HLcF   2   53 - 3 em1  
:
:OK?
:

Even nicer, now I only expire the route, instead of poking at some of
the internals.


Index: sys/net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.347
diff -u -p -u -p -r1.347 route.c
--- sys/net/route.c 20 Jan 2017 08:10:54 -  1.347
+++ sys/net/route.c 24 Jan 2017 03:55:01 -
@@ -1760,13 +1760,27 @@ rt_if_linkstate_change(struct rtentry *r
 * new routes from a better source.
 */
if (ISSET(rt->rt_flags, RTF_CLONED|RTF_DYNAMIC) &&
-   !ISSET(rt->rt_flags, RTF_CACHED)) {
+   !ISSET(rt->rt_flags, RTF_CACHED)
+#ifdef BFD
+   && !ISSET(rt->rt_flags, RTF_BFD)
+#endif
+   ) {
int error;
 
if ((error = rtdeletemsg(rt, ifp, id)))
return (error);
return (EAGAIN);
}
+#ifdef BFD
+   /*
+* in the BFD case, expire the route
+*/
+   if (ISSET(rt->rt_flags, RTF_BFD) &&
+   ISSET(rt->rt_flags, RTF_CLONED) &&
+   (rt->rt_gateway->sa_family == AF_LINK)) {
+   rt->rt_expire = time_uptime;
+   }
+#endif
/* take route down */
rt->rt_flags &= ~RTF_UP;
rtable_mpath_reprio(id, rt_key(rt),


-- 
Only presidents, editors, and people with tapeworms have the right to
use the editorial "we."

let bfd survive link-down

[Peter Hessler]

When an interface loses link, we delete all directly connected and
cloned routes.  However, this means we also lose any BFD configuration
on those routes.

Surviving link-down is pretty much mandatory for BFD to work.

So instead, I bypass the route deletion, and clean up the link-local
gateway information.

$ arp -n | grep 203.0.113.9
203.0.113.9  (incomplete)  em1 expired   

$ netstat -rnf inet | grep 203.0.113.9
203.0.113.9link#2 HLcF   2   53 - 3 em1  

OK?

Index: sys/net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.347
diff -u -p -u -p -r1.347 route.c
--- sys/net/route.c 20 Jan 2017 08:10:54 -  1.347
+++ sys/net/route.c 24 Jan 2017 01:32:23 -
@@ -1760,13 +1760,28 @@ rt_if_linkstate_change(struct rtentry *r
 * new routes from a better source.
 */
if (ISSET(rt->rt_flags, RTF_CLONED|RTF_DYNAMIC) &&
-   !ISSET(rt->rt_flags, RTF_CACHED)) {
+   !ISSET(rt->rt_flags, RTF_CACHED)
+#ifdef BFD
+   && !ISSET(rt->rt_flags, RTF_BFD)
+#endif
+   ) {
int error;
 
if ((error = rtdeletemsg(rt, ifp, id)))
return (error);
return (EAGAIN);
}
+#ifdef BFD
+   if (ISSET(rt->rt_flags, RTF_BFD) &&
+   ISSET(rt->rt_flags, RTF_CLONED) &&
+   (rt->rt_gateway->sa_family == AF_LINK)) {
+   struct sockaddr_dl *sdl;
+   sdl = (struct sockaddr_dl *)rt->rt_gateway;
+   memset(sdl->sdl_data, 0, sdl->sdl_alen);
+   sdl->sdl_alen = 0;
+   rt->rt_expire = time_uptime;
+   }
+#endif
/* take route down */
rt->rt_flags &= ~RTF_UP;
rtable_mpath_reprio(id, rt_key(rt),


-- 
Show me a man who is a good loser and I'll show you a man who is
playing golf with his boss.

Re: BFD: route get and route monitor

[Peter Hessler]

On 2017 Jan 19 (Thu) at 06:26:25 +0100 (+0100), Peter Hessler wrote:
:On 2016 Dec 17 (Sat) at 14:05:40 +0100 (+0100), Peter Hessler wrote:
::On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
:::This diff makes route get and route monitor work.  sockaddr_bfd is so we
:::can play like the other RTAX_* indexes in rti_info of route messages.
:::
:
:In route(8), only say "up" or "down" for the state of BFD.  use -v or
:-bfd to get details that only matter to debug BFD.
:
:$ route -n get 203.0.113.9   
:   route to: 203.0.113.9
:destination: 203.0.113.9
:   mask: 255.255.255.255
:  interface: em1
: if address: 203.0.113.1
:   priority: 3 ()
:  flags: <UP,HOST,DONE,LLINFO,CLONED,BFD>
:BFD: up
: use   mtuexpire
:1402 0   922 
:sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
:
:I also fixed a number of things that mpi@ noticed.
:

And now with sockaddr_bfd (and bfd_msghdr for that matter) adjusted for
4 byte boundaries and sized to a power of two.


Index: sbin/route/Makefile
===
RCS file: /cvs/openbsd/src/sbin/route/Makefile,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 Makefile
--- sbin/route/Makefile 19 Jul 2013 14:41:46 -  1.13
+++ sbin/route/Makefile 17 Dec 2016 12:47:35 -
@@ -4,7 +4,7 @@ PROG=   route
 MAN=   route.8
 SRCS=  route.c show.c
 
-CFLAGS+=   -Wall
+CFLAGS+=   -Wall -DBFD
 
 route.o .depend lint tags: keywords.h
 
Index: sbin/route/route.c
===
RCS file: /cvs/openbsd/src/sbin/route/route.c,v
retrieving revision 1.194
diff -u -p -u -p -r1.194 route.c
--- sbin/route/route.c  17 Jan 2017 19:05:47 -  1.194
+++ sbin/route/route.c  19 Jan 2017 03:39:55 -
@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
 const char *bfd_diag(unsigned int);
 const char *bfd_calc_uptime(time_t);
 voidprint_bfdmsg(struct rt_msghdr *);
+voidprint_sabfd(struct sockaddr_bfd *, int);
 #endif
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
@@ -1444,6 +1445,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
struct sockaddr_dl *ifp = NULL;
struct sockaddr_rtlabel *sa_rl = NULL;
+#ifdef BFD
+   struct sockaddr_bfd *sa_bfd = NULL;
+#endif
struct sockaddr *mpls = NULL;
struct sockaddr *sa;
char *cp;
@@ -1492,6 +1496,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
case RTA_LABEL:
sa_rl = (struct sockaddr_rtlabel *)sa;
break;
+#ifdef BFD
+   case RTA_BFD:
+   sa_bfd = (struct sockaddr_bfd *)sa;
+   break;
+#endif
}
ADVANCE(cp, sa);
}
@@ -1524,6 +1533,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
printf("\n");
if (sa_rl != NULL)
printf("  label: %s\n", sa_rl->sr_label);
+#ifdef BFD
+   if (sa_bfd)
+   print_sabfd(sa_bfd, rtm->rtm_fmask);
+#endif
 
 #define lock(f)((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
relative_expire = rtm->rtm_rmx.rmx_expire ?
@@ -1626,40 +1639,61 @@ void
 print_bfdmsg(struct rt_msghdr *rtm)
 {
struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
+
+   printf("\n");
+   print_sabfd(>bm_sa, rtm->rtm_fmask);
+   pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
+}
+
+void
+print_sabfd(struct sockaddr_bfd *sa_bfd, int fmask)
+{
struct timeval tv;
 
gettimeofday(, NULL);
 
-   printf(" mode ");
-   switch (bfdm->bm_mode) {
+   printf("BFD:");
+
+   /* only show the state, unless verbose or -bfd */
+   if (!verbose && ((fmask & RTF_BFD) != RTF_BFD)) {
+   printf(" %s\n", bfd_state(sa_bfd->bs_state));
+   return;
+   }
+
+   switch (sa_bfd->bs_mode) {
case BFD_MODE_ASYNC:
-   printf("async");
+   printf(" async");
break;
case BFD_MODE_DEMAND:
-   printf("demand");
+   printf(" demand");
break;
default:
-   printf("unknown %u", bfdm->bm_mode);
+   printf(" unknown %u", sa_bfd->bs_mode);
break;
}
-   printf(" state %s", bfd_state(bfdm->bm_state));
-   printf(" remotestate %s", bfd_state(bfdm->bm_remotestate));
-   printf(" laststate %s", bfd_sta

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Dec 17 (Sat) at 14:05:40 +0100 (+0100), Peter Hessler wrote:
:On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
::This diff makes route get and route monitor work.  sockaddr_bfd is so we
::can play like the other RTAX_* indexes in rti_info of route messages.
::

In route(8), only say "up" or "down" for the state of BFD.  use -v or
-bfd to get details that only matter to debug BFD.

$ route -n get 203.0.113.9   
   route to: 203.0.113.9
destination: 203.0.113.9
   mask: 255.255.255.255
  interface: em1
 if address: 203.0.113.1
   priority: 3 ()
  flags: <UP,HOST,DONE,LLINFO,CLONED,BFD>
BFD: up
 use   mtuexpire
1402 0   922 
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>

I also fixed a number of things that mpi@ noticed.


Index: sbin/route/Makefile
===
RCS file: /cvs/openbsd/src/sbin/route/Makefile,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 Makefile
--- sbin/route/Makefile 19 Jul 2013 14:41:46 -  1.13
+++ sbin/route/Makefile 17 Dec 2016 12:47:35 -
@@ -4,7 +4,7 @@ PROG=   route
 MAN=   route.8
 SRCS=  route.c show.c
 
-CFLAGS+=   -Wall
+CFLAGS+=   -Wall -DBFD
 
 route.o .depend lint tags: keywords.h
 
Index: sbin/route/route.c
===
RCS file: /cvs/openbsd/src/sbin/route/route.c,v
retrieving revision 1.194
diff -u -p -u -p -r1.194 route.c
--- sbin/route/route.c  17 Jan 2017 19:05:47 -  1.194
+++ sbin/route/route.c  19 Jan 2017 03:39:55 -
@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
 const char *bfd_diag(unsigned int);
 const char *bfd_calc_uptime(time_t);
 voidprint_bfdmsg(struct rt_msghdr *);
+voidprint_sabfd(struct sockaddr_bfd *, int);
 #endif
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
@@ -1444,6 +1445,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
struct sockaddr_dl *ifp = NULL;
struct sockaddr_rtlabel *sa_rl = NULL;
+#ifdef BFD
+   struct sockaddr_bfd *sa_bfd = NULL;
+#endif
struct sockaddr *mpls = NULL;
struct sockaddr *sa;
char *cp;
@@ -1492,6 +1496,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
case RTA_LABEL:
sa_rl = (struct sockaddr_rtlabel *)sa;
break;
+#ifdef BFD
+   case RTA_BFD:
+   sa_bfd = (struct sockaddr_bfd *)sa;
+   break;
+#endif
}
ADVANCE(cp, sa);
}
@@ -1524,6 +1533,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
printf("\n");
if (sa_rl != NULL)
printf("  label: %s\n", sa_rl->sr_label);
+#ifdef BFD
+   if (sa_bfd)
+   print_sabfd(sa_bfd, rtm->rtm_fmask);
+#endif
 
 #define lock(f)((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
relative_expire = rtm->rtm_rmx.rmx_expire ?
@@ -1626,40 +1639,61 @@ void
 print_bfdmsg(struct rt_msghdr *rtm)
 {
struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
+
+   printf("\n");
+   print_sabfd(>bm_sa, rtm->rtm_fmask);
+   pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
+}
+
+void
+print_sabfd(struct sockaddr_bfd *sa_bfd, int fmask)
+{
struct timeval tv;
 
gettimeofday(, NULL);
 
-   printf(" mode ");
-   switch (bfdm->bm_mode) {
+   printf("BFD:");
+
+   /* only show the state, unless verbose or -bfd */
+   if (!verbose && ((fmask & RTF_BFD) != RTF_BFD)) {
+   printf(" %s\n", bfd_state(sa_bfd->bs_state));
+   return;
+   }
+
+   switch (sa_bfd->bs_mode) {
case BFD_MODE_ASYNC:
-   printf("async");
+   printf(" async");
break;
case BFD_MODE_DEMAND:
-   printf("demand");
+   printf(" demand");
break;
default:
-   printf("unknown %u", bfdm->bm_mode);
+   printf(" unknown %u", sa_bfd->bs_mode);
break;
}
-   printf(" state %s", bfd_state(bfdm->bm_state));
-   printf(" remotestate %s", bfd_state(bfdm->bm_remotestate));
-   printf(" laststate %s", bfd_state(bfdm->bm_laststate));
-
-   printf(" error %d", bfdm->bm_error);
-   printf(" localdiscr %u", bfdm->bm_localdiscr);
-   printf(" remotediscr %u", bfdm->bm_r

Re: libressl symbols

[Peter Hessler]

After discussion from jsing and beck, this is wrong.  I've fixed my
issue in the net/py-cryptography port instead.


On 2017 Jan 02 (Mon) at 17:06:46 +0100 (+0100), Reyk Floeter wrote:
:Hi,
:
:the function prototypes have been moved from he header to the .c file - you 
will have to revert this change as well.
:
:+1 from me for exposing the API - I recently also ran into it but didn't speak 
up because my use case was probably not important enough.
:
:Reyk
:
:
:> Am 02.01.2017 um 16:29 schrieb Peter Hessler <phess...@theapt.org>:
:> 
:> Looks like when libcrypto was convered to use a Symbol map, some
:> functions were not included.
:> 
:> This change lets py-openssl be loaded by python processes.
:> 
:> I did not include the minor version bump, as there might be more issues.
:> 
:> 
:> 
:> Index: lib/libcrypto/Symbols.list
:> ===
:> RCS file: /cvs/src/lib/libcrypto/Symbols.list,v
:> retrieving revision 1.1
:> diff -u -p -u -p -r1.1 Symbols.list
:> --- lib/libcrypto/Symbols.list21 Dec 2016 15:49:29 -1.1
:> +++ lib/libcrypto/Symbols.list2 Jan 2017 15:17:02 -
:> @@ -2805,6 +2805,8 @@ X509_VERIFY_PARAM_inherit
:> X509_VERIFY_PARAM_lookup
:> X509_VERIFY_PARAM_new
:> X509_VERIFY_PARAM_set1
:> +X509_VERIFY_PARAM_set1_email
:> +X509_VERIFY_PARAM_set1_ip
:> X509_VERIFY_PARAM_set1_name
:> X509_VERIFY_PARAM_set1_policies
:> X509_VERIFY_PARAM_set_depth
:> 
:> 
:> -- 
:> Reality is just a convenient measure of complexity.
:>-- Alvy Ray Smith
:> 
:

-- 
Death to all fanatics!

libressl symbols

[Peter Hessler]

Looks like when libcrypto was convered to use a Symbol map, some
functions were not included.

This change lets py-openssl be loaded by python processes.

I did not include the minor version bump, as there might be more issues.



Index: lib/libcrypto/Symbols.list
===
RCS file: /cvs/src/lib/libcrypto/Symbols.list,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 Symbols.list
--- lib/libcrypto/Symbols.list  21 Dec 2016 15:49:29 -  1.1
+++ lib/libcrypto/Symbols.list  2 Jan 2017 15:17:02 -
@@ -2805,6 +2805,8 @@ X509_VERIFY_PARAM_inherit
 X509_VERIFY_PARAM_lookup
 X509_VERIFY_PARAM_new
 X509_VERIFY_PARAM_set1
+X509_VERIFY_PARAM_set1_email
+X509_VERIFY_PARAM_set1_ip
 X509_VERIFY_PARAM_set1_name
 X509_VERIFY_PARAM_set1_policies
 X509_VERIFY_PARAM_set_depth


-- 
Reality is just a convenient measure of complexity.
-- Alvy Ray Smith

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Dec 23 (Fri) at 16:57:27 +0100 (+0100), Hrvoje Popovski wrote:
:On 21.12.2016. 23:15, Sebastian Benoit wrote:
:>> Hi,
:>>
:>> it seems that bfd is working with Force10 S4810 and Extreme Networks
:>> x460 switches. I can test it with cisco c6k5 if you want?
:> 
:> Hei,
:> 
:> i'm sure phessler (who might not read this for a couple of days) is happy
:> about any test you can do.
:> 
:> And thanks for doing these tests!
:> 
:> /Benno
:
:Hi,
:
:no bfd for me on Cisco c6k5. Will upgrade and report back.
:
:Tnx for bfd, really great feature ...
:
:

Many thanks for the testing.  Can you get some packet captures of the
failing bfd with that Cisco and send them to me offline?  I'd really
like to see what they are doing.

Thanks!

-- 
What the world *really* needs is a good Automatic Bicycle Sharpener.

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
:This diff makes route get and route monitor work.  sockaddr_bfd is so we
:can play like the other RTAX_* indexes in rti_info of route messages.
:
:OK?

Updated output, requested by Theo.  A normal get will show just the bfd
state, use "-bfd" to get all of the information.

OK?

$ route -n get 203.0.113.9
   route to: 203.0.113.9
destination: 203.0.113.9
   mask: 255.255.255.255
  interface: em1
 if address: 203.0.113.1
   priority: 4 (connected)
  flags: <UP,HOST,DONE,LLINFO,CLONED,BFD>
BFD: async state up remote up
 use   mtuexpire
   83924 0   133 
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>

$ route -n get 203.0.113.9 -bfd
   route to: 203.0.113.9
destination: 203.0.113.9
   mask: 255.255.255.255
  interface: em1
 if address: 203.0.113.1
   priority: 4 (connected)
  flags: <UP,HOST,DONE,LLINFO,CLONED,BFD>
BFD: async state up remote up laststate down error 0
 diag none remote neighbor-down
 discr 186919089 remote 55
 uptime 05d 2h07m29s
 mintx 100 minrx 100 minecho 0 multiplier 3
 use   mtuexpire
   83923 0   229 
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>


Index: sbin/route/Makefile
===
RCS file: /cvs/openbsd/src/sbin/route/Makefile,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 Makefile
--- sbin/route/Makefile 19 Jul 2013 14:41:46 -  1.13
+++ sbin/route/Makefile 17 Dec 2016 12:47:35 -
@@ -4,7 +4,7 @@ PROG=   route
 MAN=   route.8
 SRCS=  route.c show.c
 
-CFLAGS+=   -Wall
+CFLAGS+=   -Wall -DBFD
 
 route.o .depend lint tags: keywords.h
 
Index: sbin/route/route.c
===
RCS file: /cvs/openbsd/src/sbin/route/route.c,v
retrieving revision 1.193
diff -u -p -u -p -r1.193 route.c
--- sbin/route/route.c  13 Dec 2016 08:40:54 -  1.193
+++ sbin/route/route.c  17 Dec 2016 12:47:35 -
@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
 const char *bfd_diag(unsigned int);
 const char *bfd_calc_uptime(time_t);
 voidprint_bfdmsg(struct rt_msghdr *);
+voidprint_sabfd(struct sockaddr_bfd *, int);
 #endif
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
@@ -1443,6 +1444,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
struct sockaddr_dl *ifp = NULL;
struct sockaddr_rtlabel *sa_rl = NULL;
+#ifdef BFD
+   struct sockaddr_bfd *sa_bfd = NULL;
+#endif
struct sockaddr *mpls = NULL;
struct sockaddr *sa;
char *cp;
@@ -1491,6 +1495,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
case RTA_LABEL:
sa_rl = (struct sockaddr_rtlabel *)sa;
break;
+#ifdef BFD
+   case RTA_BFD:
+   sa_bfd = (struct sockaddr_bfd *)sa;
+   break;
+#endif
}
ADVANCE(cp, sa);
}
@@ -1523,6 +1532,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
printf("\n");
if (sa_rl != NULL)
printf("  label: %s\n", sa_rl->sr_label);
+#ifdef BFD
+   if (sa_bfd)
+   print_sabfd(sa_bfd, rtm->rtm_fmask);
+#endif
 
 #define lock(f)((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
relative_expire = rtm->rtm_rmx.rmx_expire ?
@@ -1625,12 +1638,21 @@ void
 print_bfdmsg(struct rt_msghdr *rtm)
 {
struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
+
+   printf("\n");
+   print_sabfd(>bm_sa, rtm->rtm_fmask);
+   pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
+}
+
+void
+print_sabfd(struct sockaddr_bfd *sa_bfd, int fmask)
+{
struct timeval tv;
 
gettimeofday(, NULL);
 
-   printf(" mode ");
-   switch (bfdm->bm_mode) {
+   printf("BFD: ");
+   switch (sa_bfd->bs_mode) {
case BFD_MODE_ASYNC:
printf("async");
break;
@@ -1638,27 +1660,36 @@ print_bfdmsg(struct rt_msghdr *rtm)
printf("demand");
break;
default:
-   printf("unknown %u", bfdm->bm_mode);
+   printf("unknown %u", sa_bfd->bs_mode);
break;
}
-   printf(" state %s", bfd_state(bfdm->bm_state));
-   printf(" remotestate %s", bfd_state(bfdm->bm_remotestate));
-   printf(" laststate %s", bfd_state(bfdm->bm_laststate));
-
-   print

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Dec 05 (Mon) at 15:39:31 +0100 (+0100), Peter Hessler wrote:
:On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
::This diff makes route get and route monitor work.  sockaddr_bfd is so we
::can play like the other RTAX_* indexes in rti_info of route messages.
::
::OK?
::
::
::$ route -n monitor
::got message of size 128 on Wed Sep 28 21:35:32 2016
::RTM_BFD: bidirectional forwarding detection: len 128
::BFD mode async state down remotestate down laststate admindown error 0
::localdiscr 4002401056 remotediscr 0 localdiag none remotediag none
::uptime 04m46s lastuptime 00s mintx 100 minrx 1 minecho 0 multiplier 3
::
::sockaddrs: <DST,IFA>
:: 192.168.50.1 192.168.50.61
::
::$ route -n get 192.168.50.1
::   route to: 192.168.50.1
::destination: 192.168.50.1
::   mask: 255.255.255.255
::  interface: vio0
:: if address: 192.168.50.61
::   priority: 4 (connected)
::  flags: <UP,HOST,DONE,LLINFO,CLONED,CACHED,BFD>
::BFD mode async state down remotestate down laststate admindown error 0
::localdiscr 4002401056 remotediscr 0 localdiag none remotediag none
::uptime 05m13s lastuptime 00s mintx 100 minrx 1 minecho 0 multiplier 3
:: use   mtuexpire
::   8 0   879 
::sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
::
:
:Here is a new diff, generated against -current.  No changes to the code.
:
:OK?
:

ping

:
:Index: sbin/route/Makefile
:===
:RCS file: /cvs/src/sbin/route/Makefile,v
:retrieving revision 1.13
:diff -u -p -u -p -r1.13 Makefile
:--- sbin/route/Makefile19 Jul 2013 14:41:46 -  1.13
:+++ sbin/route/Makefile5 Dec 2016 10:34:48 -
:@@ -4,7 +4,7 @@ PROG=  route
: MAN=  route.8
: SRCS= route.c show.c
: 
:-CFLAGS+=  -Wall
:+CFLAGS+=  -Wall -DBFD
: 
: route.o .depend lint tags: keywords.h
: 
:Index: sbin/route/route.c
:===
:RCS file: /cvs/src/sbin/route/route.c,v
:retrieving revision 1.192
:diff -u -p -u -p -r1.192 route.c
:--- sbin/route/route.c 24 Sep 2016 19:36:49 -  1.192
:+++ sbin/route/route.c 5 Dec 2016 10:34:48 -
:@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
: const char *bfd_diag(unsigned int);
: const char *bfd_calc_uptime(time_t);
: void   print_bfdmsg(struct rt_msghdr *);
:+void   print_sabfd(struct sockaddr_bfd *);
: #endif
: const char *get_linkstate(int, int);
: void   print_rtmsg(struct rt_msghdr *, int);
:@@ -1439,6 +1440,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
:   struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
:   struct sockaddr_dl *ifp = NULL;
:   struct sockaddr_rtlabel *sa_rl = NULL;
:+#ifdef BFD
:+  struct sockaddr_bfd *sa_bfd = NULL;
:+#endif
:   struct sockaddr *mpls = NULL;
:   struct sockaddr *sa;
:   char *cp;
:@@ -1487,6 +1491,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
:   case RTA_LABEL:
:   sa_rl = (struct sockaddr_rtlabel *)sa;
:   break;
:+#ifdef BFD
:+  case RTA_BFD:
:+  sa_bfd = (struct sockaddr_bfd *)sa;
:+  break;
:+#endif
:   }
:   ADVANCE(cp, sa);
:   }
:@@ -1519,6 +1528,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
:   printf("\n");
:   if (sa_rl != NULL)
:   printf("  label: %s\n", sa_rl->sr_label);
:+#ifdef BFD
:+  if (sa_bfd)
:+  print_sabfd(sa_bfd);
:+#endif
: 
: #define lock(f)   ((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
:   relative_expire = rtm->rtm_rmx.rmx_expire ?
:@@ -1621,12 +1634,21 @@ void
: print_bfdmsg(struct rt_msghdr *rtm)
: {
:   struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
:+
:+  printf("\n");
:+  print_sabfd(>bm_sa);
:+  pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
:+}
:+
:+void
:+print_sabfd(struct sockaddr_bfd *sa_bfd)
:+{
:   struct timeval tv;
: 
:   gettimeofday(, NULL);
: 
:-  printf(" mode ");
:-  switch (bfdm->bm_mode) {
:+  printf("BFD mode ");
:+  switch (sa_bfd->bs_mode) {
:   case BFD_MODE_ASYNC:
:   printf("async");
:   break;
:@@ -1634,27 +1656,26 @@ print_bfdmsg(struct rt_msghdr *rtm)
:   printf("demand");
:   break;
:   default:
:-  printf("unknown %u", bfdm->bm_mode);
:+  printf("unknown %u", sa_bfd->bs_mode);
:   break;
:   }
:-  printf(" state %s", bfd_state(bfdm->bm_state));
:-  printf(" remotestate %s", bfd_state(bfdm->

Re: BFD: route get and route monitor

[Peter Hessler]

On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote:
:This diff makes route get and route monitor work.  sockaddr_bfd is so we
:can play like the other RTAX_* indexes in rti_info of route messages.
:
:OK?
:
:
:$ route -n monitor
:got message of size 128 on Wed Sep 28 21:35:32 2016
:RTM_BFD: bidirectional forwarding detection: len 128
:BFD mode async state down remotestate down laststate admindown error 0
:localdiscr 4002401056 remotediscr 0 localdiag none remotediag none
:uptime 04m46s lastuptime 00s mintx 100 minrx 1 minecho 0 multiplier 3
:
:sockaddrs: <DST,IFA>
: 192.168.50.1 192.168.50.61
:
:$ route -n get 192.168.50.1
:   route to: 192.168.50.1
:destination: 192.168.50.1
:   mask: 255.255.255.255
:  interface: vio0
: if address: 192.168.50.61
:   priority: 4 (connected)
:  flags: <UP,HOST,DONE,LLINFO,CLONED,CACHED,BFD>
:BFD mode async state down remotestate down laststate admindown error 0
:localdiscr 4002401056 remotediscr 0 localdiag none remotediag none
:uptime 05m13s lastuptime 00s mintx 100 minrx 1 minecho 0 multiplier 3
: use   mtuexpire
:   8 0   879 
:sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
:

Here is a new diff, generated against -current.  No changes to the code.

OK?


Index: sbin/route/Makefile
===
RCS file: /cvs/src/sbin/route/Makefile,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 Makefile
--- sbin/route/Makefile 19 Jul 2013 14:41:46 -  1.13
+++ sbin/route/Makefile 5 Dec 2016 10:34:48 -
@@ -4,7 +4,7 @@ PROG=   route
 MAN=   route.8
 SRCS=  route.c show.c
 
-CFLAGS+=   -Wall
+CFLAGS+=   -Wall -DBFD
 
 route.o .depend lint tags: keywords.h
 
Index: sbin/route/route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.192
diff -u -p -u -p -r1.192 route.c
--- sbin/route/route.c  24 Sep 2016 19:36:49 -  1.192
+++ sbin/route/route.c  5 Dec 2016 10:34:48 -
@@ -100,6 +100,7 @@ const char *bfd_state(unsigned int);
 const char *bfd_diag(unsigned int);
 const char *bfd_calc_uptime(time_t);
 voidprint_bfdmsg(struct rt_msghdr *);
+voidprint_sabfd(struct sockaddr_bfd *);
 #endif
 const char *get_linkstate(int, int);
 voidprint_rtmsg(struct rt_msghdr *, int);
@@ -1439,6 +1440,9 @@ print_getmsg(struct rt_msghdr *rtm, int 
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL, *ifa = NULL;
struct sockaddr_dl *ifp = NULL;
struct sockaddr_rtlabel *sa_rl = NULL;
+#ifdef BFD
+   struct sockaddr_bfd *sa_bfd = NULL;
+#endif
struct sockaddr *mpls = NULL;
struct sockaddr *sa;
char *cp;
@@ -1487,6 +1491,11 @@ print_getmsg(struct rt_msghdr *rtm, int 
case RTA_LABEL:
sa_rl = (struct sockaddr_rtlabel *)sa;
break;
+#ifdef BFD
+   case RTA_BFD:
+   sa_bfd = (struct sockaddr_bfd *)sa;
+   break;
+#endif
}
ADVANCE(cp, sa);
}
@@ -1519,6 +1528,10 @@ print_getmsg(struct rt_msghdr *rtm, int 
printf("\n");
if (sa_rl != NULL)
printf("  label: %s\n", sa_rl->sr_label);
+#ifdef BFD
+   if (sa_bfd)
+   print_sabfd(sa_bfd);
+#endif
 
 #define lock(f)((rtm->rtm_rmx.rmx_locks & __CONCAT(RTV_,f)) ? 'L' : ' 
')
relative_expire = rtm->rtm_rmx.rmx_expire ?
@@ -1621,12 +1634,21 @@ void
 print_bfdmsg(struct rt_msghdr *rtm)
 {
struct bfd_msghdr *bfdm = (struct bfd_msghdr *)rtm;
+
+   printf("\n");
+   print_sabfd(>bm_sa);
+   pmsg_addrs(((char *)rtm + rtm->rtm_hdrlen), rtm->rtm_addrs);
+}
+
+void
+print_sabfd(struct sockaddr_bfd *sa_bfd)
+{
struct timeval tv;
 
gettimeofday(, NULL);
 
-   printf(" mode ");
-   switch (bfdm->bm_mode) {
+   printf("BFD mode ");
+   switch (sa_bfd->bs_mode) {
case BFD_MODE_ASYNC:
printf("async");
break;
@@ -1634,27 +1656,26 @@ print_bfdmsg(struct rt_msghdr *rtm)
printf("demand");
break;
default:
-   printf("unknown %u", bfdm->bm_mode);
+   printf("unknown %u", sa_bfd->bs_mode);
break;
}
-   printf(" state %s", bfd_state(bfdm->bm_state));
-   printf(" remotestate %s", bfd_state(bfdm->bm_remotestate));
-   printf(" laststate %s", bfd_state(bfdm->bm_laststate));
-
-   printf(" error %d", bfdm->bm_error);
-   pri

match rules for spamlogd?

[Peter Hessler]

the line checking for PF_PASS has not changed since 2006, which predates
the existence of match rules in PF.

We check for permissions in one place, but if they are (eventually)
permitted, we want spamlogd to handle the packet.

Is there a better way than checking the PF_MATCH state?  Is there an
"ultimately allowed" state that we can check?

OK?

Index: libexec/spamlogd/spamlogd.c
===
RCS file: /cvs/openbsd/src/libexec/spamlogd/spamlogd.c,v
retrieving revision 1.27
diff -u -p -u -p -r1.27 spamlogd.c
--- libexec/spamlogd/spamlogd.c 16 Mar 2016 14:47:04 -  1.27
+++ libexec/spamlogd/spamlogd.c 1 Nov 2016 15:56:48 -
@@ -173,7 +173,7 @@ logpkt_handler(u_char *user, const struc
}
 
/* We're interested in passed packets */
-   if (hdr->action != PF_PASS)
+   if (hdr->action != PF_PASS || hdr->action != PF_MATCH)
return;
 
af = hdr->af;



-- 
An age is called Dark not because the light fails to shine, but because
people refuse to see it.
-- James Michener, "Space"