Re: ix(4): enable checksum offload

[mxb]

Not sure what is wrong, if it is driver or chipset, but in freebsd I had to 
'-rxcsum6 -txcsum6 -tso -vlanhwtso’ in order to make it function.

> On 16 apr. 2016, at 18:23, Hrvoje Popovski  wrote:
> 
> On 9.9.2013. 22:07, Mike Belopuhov wrote:
>> On 9 September 2013 21:48, Brad Smith  wrote:
>>> Here is a diff to enable the checksum offload support for ix(4).
>>> 
>>> Looking for any testing.
>>> 
>> 
>> last time i checked this broke ospf traffic.  please make sure at least
>> ip/tcp, ip/udp, ip/icmp, ip/ip, ip/gre, ip/esp, ip/ah and ip/ospf work fine
>> with this.
>> 
> 
> Hi all,
> 
> is this still interesting topic? if it is, i have testbed to test csum
> for em i350 (i350v2 is on the way) and ix 82599 or x540. and week ago i
> ordered
> http://www.supermicro.com/products/system/1U/5018/SYS-5018D-FN8T.cfm
> with x552 or x557 not sure, i350-am4 and i210 ... lots of em's and ix's :)
> 

Re: mpsafe aesni

[mxb]

Not sure how much I can test here, but my tunnels are up.
As well as my bgp sessions (this is "ART box” now) on top.

I use aes-128-gcm.
This is vmware.

//mxb

> On 26 mars 2016, at 16:25, Mike Belopuhov <m...@belopuhov.com> wrote:
> 
> On Fri, Mar 25, 2016 at 22:43 +0100, Mark Kettenis wrote:
>>> From: Mike Belopuhov <m...@belopuhov.com>
>>> Date: Thu, 24 Mar 2016 21:33:25 +0100
>>> 
>>> On 24 March 2016 at 20:53, Mark Kettenis <mark.kette...@xs4all.nl> wrote:
>>>> Diff below makes aesni crypto "mpsafe".  It adds a CRYPTOCAP_F_MPSAFE
>>>> flag that makes the crypto framework dispatch to an mpsafe taskq if it
>>>> is set.  In order to make the aesni_process() function that does the
>>>> actual crypto work mpsafe, it moves the code over to a per-session
>>>> working buffer.  This obviously increases the cost of setting up a
>>>> session a bit.  Directly invoked crypto operations remain locked.  My
>>>> main laptop seem to do ipsec fine with this, but I'm not sure if there
>>>> is an actual performance gain.  So it would probably be good if
>>>> somebody could benchmark this.
>>>> 
>>>> Comments?
>>> 
>>> It should be fairly simple to use SRP for the session list so that you
>>> don't have to take the mutex in the aesni_process.  Other than that I
>>> think this should go in once tests are made and people a happy with
>>> the results.
>> 
>> Actually, I'm not sure that's possible.  I think aesni_newsession()
>> and aesni_freesession() can be called from interrupt context or at
>> least are not supposed to sleep. 
> 
> I thought that it's not possible, but it looks like at least tdb_free
> can be called anywhere and it will trigger freesession, which is a tad
> unfortunate IMO, yet understandable.
> 
>> They would call
>> SRPL_INSERT_HEAD_LOCKED() and SRPL_REMOVE_LOCKED(), which can only be
>> called from process context.
>> 
> 
> Not process context though, but under a lock, which wouldn't save
> us the mtx_enter anyway.
> 
>>> Another question I have is why are you using an IPL_HIGH mutex?
>> 
>> The crypto code may be called from any subsystem, so that is the only
>> safe choice.
> 
> Well, it's not called from all subsystems, just those that use
> IPL_BIO and IPL_NET for interrupts and IPL_HIGH just includes
> AUDIO and CLOCK which don't call any crypto(9) code.  So what
> are you trying to protect it from or is it just a placeholder
> value?  I'm fine if it is, just curious.

Re: ARP input path without KERNEL_LOCK

[mxb]

Even with updated diff, I see no breakage.

//mxb

> On 22 dec. 2015, at 13:48, Martin Pieuchot <m...@openbsd.org> wrote:
> 
> On 04/12/15(Fri) 11:54, Martin Pieuchot wrote:
>> Now that in_arpinput() only uses the routing table, if_get()/if_put()
>> and carp_iamatch being already mpsafe we can kill the ARP input queue.
>> 
>> This moves the ARP input path processing from the softnet interrupt
>> context (under KERNEL_LOCK) to the sofnettask (without KERNEL_LOCK).
> 
> Updated diff after trailer removal, I'm still interested in test
> reports.
> 
> Index: net/if_ethersubr.c
> ===
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.231
> diff -u -p -r1.231 if_ethersubr.c
> --- net/if_ethersubr.c2 Dec 2015 08:47:00 -   1.231
> +++ net/if_ethersubr.c22 Dec 2015 12:34:28 -
> @@ -372,14 +372,14 @@ decapsulate:
>   case ETHERTYPE_ARP:
>   if (ifp->if_flags & IFF_NOARP)
>   goto dropanyway;
> - inq = 
> - break;
> + arpinput(m);
> + return (1);
> 
>   case ETHERTYPE_REVARP:
>   if (ifp->if_flags & IFF_NOARP)
>   goto dropanyway;
> - inq = 
> - break;
> + revarpinput(m);
> + return (1);
> 
> #ifdef INET6
>   /*
> Index: net/netisr.c
> ===
> RCS file: /cvs/src/sys/net/netisr.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 netisr.c
> --- net/netisr.c  5 Dec 2015 10:07:55 -   1.9
> +++ net/netisr.c  22 Dec 2015 12:34:28 -
> @@ -20,7 +20,6 @@
> 
> #include 
> 
> -#include "ether.h"
> #include "ppp.h"
> #include "bridge.h"
> #include "pppoe.h"
> @@ -39,10 +38,6 @@ netintr(void *unused)
>   while ((n = netisr) != 0) {
>   atomic_clearbits_int(, n);
> 
> -#if NETHER > 0
> - if (n & (1 << NETISR_ARP))
> - arpintr();
> -#endif
>   if (n & (1 << NETISR_IP))
>   ipintr();
> #ifdef INET6
> Index: net/netisr.h
> ===
> RCS file: /cvs/src/sys/net/netisr.h,v
> retrieving revision 1.43
> diff -u -p -r1.43 netisr.h
> --- net/netisr.h  3 Dec 2015 12:27:33 -   1.43
> +++ net/netisr.h  22 Dec 2015 12:34:28 -
> @@ -53,7 +53,6 @@
> #define   NETISR_IP   2   /* same as AF_INET */
> #define   NETISR_TX   3   /* for if_snd processing */
> #define   NETISR_PFSYNC   5   /* for pfsync "immediate" tx */
> -#define  NETISR_ARP  18  /* same as AF_LINK */
> #define   NETISR_IPV6 24  /* same as AF_INET6 */
> #define   NETISR_ISDN 26  /* same as AF_E164 */
> #define   NETISR_PPP  28  /* for PPP processing */
> @@ -64,7 +63,6 @@
> #ifdef _KERNEL
> extern intnetisr; /* scheduling bits for network */
> 
> -void arpintr(void);
> void  ipintr(void);
> void  ip6intr(void);
> void  pppintr(void);
> Index: netinet/if_ether.c
> ===
> RCS file: /cvs/src/sys/netinet/if_ether.c,v
> retrieving revision 1.198
> diff -u -p -r1.198 if_ether.c
> --- netinet/if_ether.c17 Dec 2015 16:05:30 -  1.198
> +++ netinet/if_ether.c22 Dec 2015 12:41:12 -
> @@ -82,14 +82,10 @@ void arptfree(struct rtentry *);
> void arptimer(void *);
> struct rtentry *arplookup(u_int32_t, int, int, u_int);
> void in_arpinput(struct mbuf *);
> -void revarpinput(struct mbuf *);
> void in_revarpinput(struct mbuf *);
> 
> LIST_HEAD(, llinfo_arp) arp_list;
> structpool arp_pool;  /* pool for llinfo_arp structures */
> -/* XXX hate magic numbers */
> -struct   niqueue arpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP);
> -struct   niqueue rarpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP);
> int   arp_inuse, arp_allocated;
> int   arp_maxtries = 5;
> int   arpinit_done;
> @@ -420,42 +416,32 @@ bad:
>  * then the protocol-specific routine is called.
>  */
> void
> -arpintr(void)
> +arpinput(struct mbuf *m)
> {
> - struct mbuf *m;
>   struct arphdr *ar;
>   int len;
> 
> - while ((m = niq_dequeue()) != NULL) {
> #ifdef DIAGNOSTIC
> - if ((m->m_flags & M_PKTHDR) == 0)
> - panic("arpintr

Re: ARP input path without KERNEL_LOCK

[mxb]

No regression here.

> On 4 dec. 2015, at 11:54, Martin Pieuchot  wrote:
> 
> Now that in_arpinput() only uses the routing table, if_get()/if_put()
> and carp_iamatch being already mpsafe we can kill the ARP input queue.
> 
> This moves the ARP input path processing from the softnet interrupt
> context (under KERNEL_LOCK) to the sofnettask (without KERNEL_LOCK).
> 
> ok?
> 
> Index: net/if_ethersubr.c
> ===
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.231
> diff -u -p -r1.231 if_ethersubr.c
> --- net/if_ethersubr.c2 Dec 2015 08:47:00 -   1.231
> +++ net/if_ethersubr.c4 Dec 2015 10:42:14 -
> @@ -372,14 +372,14 @@ decapsulate:
>   case ETHERTYPE_ARP:
>   if (ifp->if_flags & IFF_NOARP)
>   goto dropanyway;
> - inq = 
> - break;
> + arpinput(m);
> + return (1);
> 
>   case ETHERTYPE_REVARP:
>   if (ifp->if_flags & IFF_NOARP)
>   goto dropanyway;
> - inq = 
> - break;
> + revarpinput(m);
> + return (1);
> 
> #ifdef INET6
>   /*
> Index: net/netisr.c
> ===
> RCS file: /cvs/src/sys/net/netisr.c,v
> retrieving revision 1.8
> diff -u -p -r1.8 netisr.c
> --- net/netisr.c  3 Dec 2015 12:22:51 -   1.8
> +++ net/netisr.c  4 Dec 2015 10:43:35 -
> @@ -20,7 +20,6 @@
> 
> #include 
> 
> -#include "ether.h"
> #include "ppp.h"
> #include "bridge.h"
> #include "pppoe.h"
> @@ -39,10 +38,6 @@ netintr(void *unused) /* ARGSUSED */
>   while ((n = netisr) != 0) {
>   atomic_clearbits_int(, n);
> 
> -#if NETHER > 0
> - if (n & (1 << NETISR_ARP))
> - arpintr();
> -#endif
>   if (n & (1 << NETISR_IP))
>   ipintr();
> #ifdef INET6
> Index: net/netisr.h
> ===
> RCS file: /cvs/src/sys/net/netisr.h,v
> retrieving revision 1.43
> diff -u -p -r1.43 netisr.h
> --- net/netisr.h  3 Dec 2015 12:27:33 -   1.43
> +++ net/netisr.h  4 Dec 2015 10:44:01 -
> @@ -53,7 +53,6 @@
> #define   NETISR_IP   2   /* same as AF_INET */
> #define   NETISR_TX   3   /* for if_snd processing */
> #define   NETISR_PFSYNC   5   /* for pfsync "immediate" tx */
> -#define  NETISR_ARP  18  /* same as AF_LINK */
> #define   NETISR_IPV6 24  /* same as AF_INET6 */
> #define   NETISR_ISDN 26  /* same as AF_E164 */
> #define   NETISR_PPP  28  /* for PPP processing */
> @@ -64,7 +63,6 @@
> #ifdef _KERNEL
> extern intnetisr; /* scheduling bits for network */
> 
> -void arpintr(void);
> void  ipintr(void);
> void  ip6intr(void);
> void  pppintr(void);
> Index: netinet/if_ether.c
> ===
> RCS file: /cvs/src/sys/netinet/if_ether.c,v
> retrieving revision 1.197
> diff -u -p -r1.197 if_ether.c
> --- netinet/if_ether.c2 Dec 2015 22:02:18 -   1.197
> +++ netinet/if_ether.c4 Dec 2015 10:44:17 -
> @@ -88,14 +88,10 @@ void arptfree(struct rtentry *);
> void arptimer(void *);
> struct rtentry *arplookup(u_int32_t, int, int, u_int);
> void in_arpinput(struct mbuf *);
> -void revarpinput(struct mbuf *);
> void in_revarpinput(struct mbuf *);
> 
> LIST_HEAD(, llinfo_arp) arp_list;
> structpool arp_pool;  /* pool for llinfo_arp structures */
> -/* XXX hate magic numbers */
> -struct   niqueue arpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP);
> -struct   niqueue rarpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP);
> int   arp_inuse, arp_allocated;
> int   arp_maxtries = 5;
> int   arpinit_done;
> @@ -426,43 +422,40 @@ bad:
>  * then the protocol-specific routine is called.
>  */
> void
> -arpintr(void)
> +arpinput(struct mbuf *m)
> {
> - struct mbuf *m;
>   struct arphdr *ar;
>   int len;
> 
> - while ((m = niq_dequeue()) != NULL) {
> #ifdef DIAGNOSTIC
> - if ((m->m_flags & M_PKTHDR) == 0)
> - panic("arpintr");
> + if ((m->m_flags & M_PKTHDR) == 0)
> + panic("%s", __func__);
> #endif
> 
> - len = sizeof(struct arphdr);
> - if (m->m_len < len && (m = m_pullup(m, len)) == NULL)
> - continue;
> -
> - ar = mtod(m, struct arphdr *);
> - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER) {
> - m_freem(m);
> - continue;
> - }
> + len = sizeof(struct arphdr);
> + if (m->m_len < len && (m = m_pullup(m, len)) == NULL)
> + return;
> 
> - len += 2 * (ar->ar_hln + ar->ar_pln);
> - if 

Re: vmx(4) incorrect m_pulldown usage

[mxb]

No regression so far.

//mxb

> On 15 dec. 2015, at 14:18, Mike Belopuhov <m...@belopuhov.com> wrote:
> 
> Hi,
> 
> This has been in my tree for a while and I believe Yasuoka-san has
> tested it in the scenario where it was crashing.
> 
> m_pulldown is done here with a zero offset which means that if
> there's been no space reserved for the Ethernet header in the mbuf
> or the cluster it will allocate a new chunk of memory and return a
> new pointer that the vmx code ignores.  This can realistically
> happen only during the bpf injection.
> 
> The diff below makes sure to keep the modified chain pointer around
> and passes it back to the calling code so that it will get properly
> accounted for.  m_pulldown with a zero offset is equivalent to a
> m_pullup.
> 
> OK?
> 
> 
> diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c
> index 055cfe1..50edb0b 100644
> --- sys/dev/pci/if_vmx.c
> +++ sys/dev/pci/if_vmx.c
> @@ -164,11 +164,11 @@ void vmxnet3_stop(struct ifnet *);
> void vmxnet3_reset(struct vmxnet3_softc *);
> int vmxnet3_init(struct vmxnet3_softc *);
> int vmxnet3_ioctl(struct ifnet *, u_long, caddr_t);
> void vmxnet3_start(struct ifnet *);
> int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct vmxnet3_txring *,
> -struct mbuf *);
> +struct mbuf **);
> void vmxnet3_watchdog(struct ifnet *);
> void vmxnet3_media_status(struct ifnet *, struct ifmediareq *);
> int vmxnet3_media_change(struct ifnet *);
> void *vmxnet3_dma_allocmem(struct vmxnet3_softc *, u_int, u_int, bus_addr_t 
> *);
> 
> @@ -1063,11 +1063,11 @@ vmxnet3_start(struct ifnet *ifp)
> 
>   IFQ_DEQUEUE(>if_snd, m);
>   if (m == NULL)
>   break;
> 
> - n = vmxnet3_load_mbuf(sc, ring, m);
> + n = vmxnet3_load_mbuf(sc, ring, );
>   if (n == -1) {
>   ifp->if_oerrors++;
>   continue;
>   }
> 
> @@ -1087,13 +1087,14 @@ vmxnet3_start(struct ifnet *ifp)
>   }
> }
> 
> int
> vmxnet3_load_mbuf(struct vmxnet3_softc *sc, struct vmxnet3_txring *ring,
> -struct mbuf *m)
> +struct mbuf **mp)
> {
>   struct vmxnet3_txdesc *txd, *sop;
> + struct mbuf *n, *m = *mp;
>   bus_dmamap_t map;
>   u_int hlen = ETHER_HDR_LEN, csum_off;
>   u_int prod;
>   int gen, i;
> 
> @@ -1105,29 +1106,29 @@ vmxnet3_load_mbuf(struct vmxnet3_softc *sc, struct 
> vmxnet3_txring *ring,
>   sc->sc_dev.dv_xname);
>   return -1;
>   }
> #endif
>   if (m->m_pkthdr.csum_flags & (M_TCP_CSUM_OUT|M_UDP_CSUM_OUT)) {
> - struct mbuf *mp;
>   struct ip *ip;
>   int offp;
> 
>   if (m->m_pkthdr.csum_flags & M_TCP_CSUM_OUT)
>   csum_off = offsetof(struct tcphdr, th_sum);
>   else
>   csum_off = offsetof(struct udphdr, uh_sum);
> 
> - mp = m_pulldown(m, hlen, sizeof(*ip), );
> - if (mp == NULL)
> + n = m_pulldown(m, hlen, sizeof(*ip), );
> + if (n == NULL)
>   return (-1);
> 
> - ip = (struct ip *)(mp->m_data + offp);
> + ip = (struct ip *)(n->m_data + offp);
>   hlen += ip->ip_hl << 2;
> 
> - mp = m_pulldown(m, 0, hlen + csum_off + 2, );
> - if (mp == NULL)
> + *mp = m_pullup(m, hlen + csum_off + 2);
> + if (*mp == NULL)
>   return (-1);
> + m = *mp;
>   }
> 
>   switch (bus_dmamap_load_mbuf(sc->sc_dmat, map, m, BUS_DMA_NOWAIT)) {
>   case 0:
>   break;
> 

relayd HTTP PATCH not handled.

[mxb]

Hey,
HTTP_METHOD_PATCH is not handled by relayd at all.
Well, actually in fals under default in switch().
PATCH is like PUT, eg. data is expected.

One-liner below fixes this. Tested in production.

--- relay_http.cMon Dec 14 16:16:07 2015
+++ relay_http.c.my Mon Dec 14 21:18:50 2015
@@ -371,6 +371,7 @@
break;
case HTTP_METHOD_POST:
case HTTP_METHOD_PUT:
+   case HTTP_METHOD_PATCH:
case HTTP_METHOD_RESPONSE:
/* HTTP request payload */
if (cre->toread > 0)

Re: Unable to install bootblocks

[mxb]

Is you disk is thick os thin provisioned?
In should be thick and eager zeroed.

There are ways to move from thin to thick. Google for it.

//mxb


> On 29 sep. 2015, at 22:52, Pedro Caetano <pedrocaet...@binaryflows.com> wrote:
> 
> Hi,
> 
> While installing openbsd on vmware using today's snapshot 29-sep-2015, I
> get the following message on the final part of the install process, leaving
> the system in an unusable state (not booting normally after installing from
> bsd.rd).
> 
> The hypervisor is running esx 5.1.0
> 
> Guest settings:
> 128mb ram
> 1gb hdd
> SCSI controller is set to paravirtual
> NIC is set to vmx3
> 
> installboot: invalid boot record signature (0x) @ sector 0
> 
> Failed to install bootblocks.
> You will not be able to boot OpenBSD from sd0
> 
> Best regards,
> Pedro Caetano

Re: gif(4) cleanup

[mxb]

My tunnels are working as well.

//mxb

> On 25 sep. 2015, at 11:38, Martin Pieuchot <m...@openbsd.org> wrote:
> 
> As discussed in Calgary I don't think we need 6 different files for
> gif(4).  None of them are standalone.  Since all our other pseudo-
> drivers are self-contained, let's do the same!  This will prevent
> new pseud-drivers to copy this pattern and add yet another 6 files!
> 
> This merge the following files into net/if_gif.{c,h}:
> 
>   netinet/in_gif.c
>   netinet/in_gif.h
>   netinet6/in6_gif.c
>   netinet6/in6_gif.h
> 
> Tested with an etherip + ipsec setup, ok?
> 
> Index: conf/files
> ===
> RCS file: /cvs/src/sys/conf/files,v
> retrieving revision 1.602
> diff -u -p -r1.602 files
> --- conf/files10 Sep 2015 18:39:57 -  1.602
> +++ conf/files25 Sep 2015 09:01:56 -
> @@ -937,8 +937,6 @@ file uvm/uvm_vnode.c
> # IPv6
> file net/if_gif.c gif needs-count
> file netinet/ip_ecn.c
> -file netinet/in_gif.cgif
> -file netinet6/in6_gif.c  gif & inet6
> file netinet6/in6_pcb.c   inet6
> file netinet6/in6.c   inet6
> file netinet6/ip6_divert.cinet6 & pf
> Index: net/if_gif.c
> ===
> RCS file: /cvs/src/sys/net/if_gif.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 if_gif.c
> --- net/if_gif.c  11 Sep 2015 08:17:06 -  1.79
> +++ net/if_gif.c  25 Sep 2015 09:01:56 -
> @@ -41,26 +41,36 @@
> #include 
> #include 
> #include 
> -#include 
> 
> #include 
> #include 
> -#include 
> #include 
> #include 
> #include 
> +#include 
> 
> #ifdef INET6
> #include 
> #include 
> #include 
> -#include 
> #endif /* INET6 */
> 
> #include 
> 
> #include "bpfilter.h"
> +#if NBPFILTER > 0
> +#include 
> +#endif
> +
> #include "bridge.h"
> +#if NBRIDGE > 0 || defined(MPLS)
> +#include 
> +#endif
> +
> +#include "pf.h"
> +#if NPF > 0
> +#include 
> +#endif
> 
> #define GIF_MTU   (1280)  /* Default MTU */
> #define GIF_MTU_MIN   (1280)  /* Minimum MTU */
> @@ -75,6 +85,9 @@ int gif_ioctl(struct ifnet *, u_long, ca
> int   gif_output(struct ifnet *, struct mbuf *, struct sockaddr *,
>   struct rtentry *);
> 
> +int  in_gif_output(struct ifnet *, int, struct mbuf **);
> +int  in6_gif_output(struct ifnet *, int, struct mbuf **);
> +
> /*
>  * gif global variable definitions
>  */
> @@ -628,3 +641,276 @@ gif_checkloop(struct ifnet *ifp, struct 
>   m_tag_prepend(m, mtag);
>   return 0;
> }
> +
> +int
> +in_gif_output(struct ifnet *ifp, int family, struct mbuf **m0)
> +{
> + struct gif_softc *sc = (struct gif_softc*)ifp;
> + struct sockaddr_in *sin_src = satosin(sc->gif_psrc);
> + struct sockaddr_in *sin_dst = satosin(sc->gif_pdst);
> + struct tdb tdb;
> + struct xformsw xfs;
> + int error;
> + struct mbuf *m = *m0;
> +
> + if (sin_src == NULL || sin_dst == NULL ||
> + sin_src->sin_family != AF_INET ||
> + sin_dst->sin_family != AF_INET) {
> + m_freem(m);
> + return EAFNOSUPPORT;
> + }
> +
> +#ifdef DIAGNOSTIC
> + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) {
> + printf("%s: trying to send packet on wrong domain. "
> + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname,
> + ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid),
> + family);
> + }
> +#endif
> +
> + /* setup dummy tdb.  it highly depends on ipip_output() code. */
> + bzero(, sizeof(tdb));
> + bzero(, sizeof(xfs));
> + tdb.tdb_src.sin.sin_family = AF_INET;
> + tdb.tdb_src.sin.sin_len = sizeof(struct sockaddr_in);
> + tdb.tdb_src.sin.sin_addr = sin_src->sin_addr;
> + tdb.tdb_dst.sin.sin_family = AF_INET;
> + tdb.tdb_dst.sin.sin_len = sizeof(struct sockaddr_in);
> + tdb.tdb_dst.sin.sin_addr = sin_dst->sin_addr;
> + tdb.tdb_xform = 
> + xfs.xf_type = -1;   /* not XF_IP4 */
> +
> + switch (family) {
> + case AF_INET:
> + break;
> +#ifdef INET6
> + case AF_INET6:
> + break;
> +#endif
> +#if NBRIDGE > 0
> + case AF_LINK:
> + break;
> +#endif
> +#if MPLS
> + case AF_MPLS:
> + break;
> +#endif
> + default:
> 

Re: PF SMP: mutex for fragcache

[mxb]

Applied.

> On 12 sep. 2015, at 19:20, Alexandr Nedvedicky 
>  wrote:
> 
> Hello,
> 
> very small first step towards MP(i) friendly PF. Patch adds mutex around
> fragment cache.
> 
> Patch adds a lock around fragment cache. Unlike other parts of PF the fragment
> cache is self-contained subsystem. In that sense we can easily guard its entry
> points (pf_reassemble(), pf_reassemble6()) by mutex. The cache is shared
> by both protocols (AF_INET, AF_INET6), hence we have just one lock.
> 
> The locks (technically speaking mutexes) for other PF subsystems will follow 
> as
> soon as the remove operations for PF data objects will get untangled.
> What essentially needs to be done is to split remove and destroy operations 
> for
> PF objects into separate functions. This is something, what's being worked on
> currently.
> 
> As you can see the mutex, when acquired, raises  interrupt level to softnet.
> Same interrupt level is used by ioctl() and purge threads. IMO it should be
> fine, but I'd like to hear some confirmation...
> 
> 
> any OKs?
> 
> thanks and
> regards
> sasha
> 
> 8<---8<---8<--8<
> Index: pf_norm.c
> ===
> RCS file: /cvs/src/sys/net/pf_norm.c,v
> retrieving revision 1.182
> diff -u -p -r1.182 pf_norm.c
> --- pf_norm.c 10 Sep 2015 08:28:31 -  1.182
> +++ pf_norm.c 12 Sep 2015 17:18:43 -
> @@ -134,6 +134,7 @@ intpf_reassemble6(struct mbuf **, 
> st
> struct poolpf_frent_pl, pf_frag_pl;
> struct poolpf_state_scrub_pl;
> intpf_nfrents;
> +struct mutex  pf_frag_mtx = MUTEX_INITIALIZER(IPL_SOFTNET);
> 
> void
> pf_normalize_init(void)
> @@ -771,6 +772,7 @@ pf_normalize_ip(struct pf_pdesc *pd, u_s
>   struct ip   *h = mtod(pd->m, struct ip *);
>   u_int16_tfragoff = (ntohs(h->ip_off) & IP_OFFMASK) << 3;
>   u_int16_tmff = (ntohs(h->ip_off) & IP_MF);
> + int  rv;
> 
>   if (!fragoff && !mff)
>   goto no_fragment;
> @@ -792,8 +794,11 @@ pf_normalize_ip(struct pf_pdesc *pd, u_s
>   if (!pf_status.reass)
>   return (PF_PASS);   /* no reassembly */
> 
> + PF_FRAG_LOCK();
>   /* Returns PF_DROP or m is NULL or completely reassembled mbuf */
> - if (pf_reassemble(>m, pd->dir, reason) != PF_PASS)
> + rv = pf_reassemble(>m, pd->dir, reason);
> + PF_FRAG_UNLOCK();
> + if (rv != PF_PASS)
>   return (PF_DROP);
>   if (pd->m == NULL)
>   return (PF_PASS);  /* packet has been reassembled, no error */
> @@ -813,6 +818,7 @@ int
> pf_normalize_ip6(struct pf_pdesc *pd, u_short *reason)
> {
>   struct ip6_frag  frag;
> + int  rv;
> 
>   if (pd->fragoff == 0)
>   goto no_fragment;
> @@ -824,9 +830,12 @@ pf_normalize_ip6(struct pf_pdesc *pd, u_
>   if (!pf_status.reass)
>   return (PF_PASS);   /* no reassembly */
> 
> + PF_FRAG_LOCK();
>   /* Returns PF_DROP or m is NULL or completely reassembled mbuf */
> - if (pf_reassemble6(>m, , pd->fragoff + sizeof(frag),
> - pd->extoff, pd->dir, reason) != PF_PASS)
> + rv = pf_reassemble6(>m, , pd->fragoff + sizeof(frag),
> + pd->extoff, pd->dir, reason);
> + PF_FRAG_UNLOCK();
> + if (rv != PF_PASS)
>   return (PF_DROP);
>   if (pd->m == NULL)
>   return (PF_PASS);  /* packet has been reassembled, no error */
> Index: pfvar.h
> ===
> RCS file: /cvs/src/sys/net/pfvar.h,v
> retrieving revision 1.420
> diff -u -p -r1.420 pfvar.h
> --- pfvar.h   19 Aug 2015 21:22:41 -  1.420
> +++ pfvar.h   12 Sep 2015 17:18:43 -
> @@ -1907,7 +1907,10 @@ int pf_postprocess_addr(struct 
> pf_sta
> 
> void   pf_cksum(struct pf_pdesc *, struct mbuf *);
> 
> -#endif /* _KERNEL */
> +extern struct mutex pf_frag_mtx;
> +#define  PF_FRAG_LOCK()  mtx_enter(_frag_mtx)
> +#define  PF_FRAG_UNLOCK()mtx_leave(_frag_mtx)
> 
> +#endif /* _KERNEL */
> 
> #endif /* _NET_PFVAR_H_ */
> 

Re: mpsafe vmx(4)

[mxb]

This one in the tree, so it’s live on my side.
 
> On 14 sep. 2015, at 13:09, David Gwynne  wrote:
> 
> this is an attempt to make the interrupt path in vmx mpsafe.
> 
> seems to hold up under load here, but more testing would be
> appreciated.
> 
> Index: if_vmx.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_vmx.c,v
> retrieving revision 1.30
> diff -u -p -r1.30 if_vmx.c
> --- if_vmx.c  24 Jun 2015 09:40:54 -  1.30
> +++ if_vmx.c  14 Sep 2015 11:08:09 -
> @@ -61,8 +61,9 @@ struct vmxnet3_txring {
>   struct mbuf *m[NTXDESC];
>   bus_dmamap_t dmap[NTXDESC];
>   struct vmxnet3_txdesc *txd;
> - u_int head;
> - u_int next;
> + u_int prod;
> + u_int cons;
> + u_int free;
>   u_int8_t gen;
> };
> 
> @@ -107,6 +108,7 @@ struct vmxnet3_softc {
>   bus_space_handle_t sc_ioh0;
>   bus_space_handle_t sc_ioh1;
>   bus_dma_tag_t sc_dmat;
> + void *sc_ih;
> 
>   struct vmxnet3_txqueue sc_txq[NTXQUEUE];
>   struct vmxnet3_rxqueue sc_rxq[NRXQUEUE];
> @@ -167,7 +169,8 @@ void vmxnet3_reset(struct vmxnet3_softc 
> int vmxnet3_init(struct vmxnet3_softc *);
> int vmxnet3_ioctl(struct ifnet *, u_long, caddr_t);
> void vmxnet3_start(struct ifnet *);
> -int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct mbuf *);
> +int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct vmxnet3_txring *,
> +struct mbuf *);
> void vmxnet3_watchdog(struct ifnet *);
> void vmxnet3_media_status(struct ifnet *, struct ifmediareq *);
> int vmxnet3_media_change(struct ifnet *);
> @@ -239,8 +242,8 @@ vmxnet3_attach(struct device *parent, st
>   printf(": failed to map interrupt\n");
>   return;
>   }
> - pci_intr_establish(pa->pa_pc, ih, IPL_NET, vmxnet3_intr, sc,
> - self->dv_xname);
> + sc->sc_ih = pci_intr_establish(pa->pa_pc, ih, IPL_NET | IPL_MPSAFE,
> + vmxnet3_intr, sc, self->dv_xname);
>   intrstr = pci_intr_string(pa->pa_pc, ih);
>   if (intrstr)
>   printf(": %s", intrstr);
> @@ -466,7 +469,8 @@ vmxnet3_txinit(struct vmxnet3_softc *sc,
>   struct vmxnet3_txring *ring = >cmd_ring;
>   struct vmxnet3_comp_ring *comp_ring = >comp_ring;
> 
> - ring->head = ring->next = 0;
> + ring->cons = ring->prod = 0;
> + ring->free = NTXDESC;
>   ring->gen = 1;
>   comp_ring->next = 0;
>   comp_ring->gen = 1;
> @@ -594,16 +598,19 @@ vmxnet3_intr(void *arg)
> 
>   if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0)
>   return 0;
> - if (sc->sc_ds->event)
> +
> + if (sc->sc_ds->event) {
> + KERNEL_LOCK();
>   vmxnet3_evintr(sc);
> -#ifdef VMXNET3_STAT
> - vmxstat.intr++;
> -#endif
> + KERNEL_UNLOCK();
> + }
> +
>   if (ifp->if_flags & IFF_RUNNING) {
>   vmxnet3_rxintr(sc, >sc_rxq[0]);
>   vmxnet3_txintr(sc, >sc_txq[0]);
>   vmxnet3_enable_intr(sc, 0);
>   }
> +
>   return 1;
> }
> 
> @@ -649,7 +656,12 @@ vmxnet3_txintr(struct vmxnet3_softc *sc,
>   struct vmxnet3_comp_ring *comp_ring = >comp_ring;
>   struct vmxnet3_txcompdesc *txcd;
>   struct ifnet *ifp = >sc_arpcom.ac_if;
> - u_int sop;
> + bus_dmamap_t map;
> + struct mbuf *m;
> + u_int cons;
> + u_int free = 0;
> +
> + cons = ring->cons;
> 
>   for (;;) {
>   txcd = _ring->txcd[comp_ring->next];
> @@ -664,21 +676,32 @@ vmxnet3_txintr(struct vmxnet3_softc *sc,
>   comp_ring->gen ^= 1;
>   }
> 
> - sop = ring->next;
> - if (ring->m[sop] == NULL)
> - panic("%s: NULL ring->m[%u]", __func__, sop);
> - m_freem(ring->m[sop]);
> - ring->m[sop] = NULL;
> - bus_dmamap_unload(sc->sc_dmat, ring->dmap[sop]);
> - ring->next = (letoh32((txcd->txc_word0 >>
> + m = ring->m[cons];
> + ring->m[cons] = NULL;
> +
> + KASSERT(m != NULL);
> +
> + map = ring->dmap[cons];
> + free += map->dm_nsegs;
> + bus_dmamap_unload(sc->sc_dmat, map);
> + m_freem(m);
> +
> + cons = (letoh32((txcd->txc_word0 >>
>   VMXNET3_TXC_EOPIDX_S) & VMXNET3_TXC_EOPIDX_M) + 1)
>   % NTXDESC;
> -
> - ifp->if_flags &= ~IFF_OACTIVE;
>   }
> - if (ring->head == ring->next)
> +
> + ring->cons = cons;
> +
> + if (atomic_add_int_nv(>free, free) == NTXDESC)
>   ifp->if_timer = 0;
> - vmxnet3_start(ifp);
> +
> + if (ISSET(ifp->if_flags, IFF_OACTIVE)) {
> + KERNEL_LOCK();
> + CLR(ifp->if_flags, IFF_OACTIVE);
> + vmxnet3_start(ifp);
> + KERNEL_UNLOCK();
> + }
> }
> 
> void
> @@ -911,6 +934,8 @@ vmxnet3_stop(struct ifnet *ifp)
> 
>   WRITE_CMD(sc, VMXNET3_CMD_DISABLE);
> 
> + intr_barrier(sc->sc_ih);
> 

Re: mpsafe ip_carp

[mxb]

With setup like:

node1: carpnodes 1:0,10:0 carpdev vmx0 balancing arp
node2: carpnodes 1:100,10:100 carped vmx0 balancing arp
(eg, I forced one machine to be a master for a while in my configs)

node2 (-current) with your diff started to pollute dmesg with:
duplicate IP address 192.168.78.123 sent from ethernet address 00:00:5e:00:01:64

while node1 (5.8-stable kernel) is:
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
<……>
inet 192.168.78.123 netmask 0xff80 broadcast 192.168.78.127


to get rid of this I modified hostname.carp1 to remove both dual VHID (VHID 1 
is what left) and balancing arp
and done ‘sh /etc/netstart carp1’ after on both machines.

node2 survived.

//mxb


> On 13 sep. 2015, at 10:34, David Gwynne <da...@gwynne.id.au> wrote:
> 
> i did this yesterday, but havent had a chance to beat on it properly
> yet.
> 
> if anyone would like to give it a go it would be much appreciated.
> im particularly interested in stability while carp configuration
> is made or changed. if it happens to keep handling packets, thats
> great, but not blowing up when you run ifconfig is the important
> bit atm.
> 
> Index: ip_carp.c
> ===
> RCS file: /cvs/src/sys/netinet/ip_carp.c,v
> retrieving revision 1.271
> diff -u -p -r1.271 ip_carp.c
> --- ip_carp.c 12 Sep 2015 20:51:35 -  1.271
> +++ ip_carp.c 12 Sep 2015 21:07:42 -
> @@ -48,6 +48,7 @@
> #include 
> #include 
> #include 
> +#include 
> 
> #include 
> #include 
> @@ -93,7 +94,9 @@ struct carp_mc_entry {
> enum { HMAC_ORIG=0, HMAC_NOV6LL=1, HMAC_MAX=2 };
> 
> struct carp_vhost_entry {
> - LIST_ENTRY(carp_vhost_entry)vhost_entries;
> + struct srpl_entry vhost_entries;
> + struct refcnt vhost_refcnt;
> +
>   struct carp_softc *parent_sc;
>   int vhe_leader;
>   int vhid;
> @@ -114,6 +117,12 @@ struct carp_vhost_entry {
>   struct sockaddr_dl vhe_sdl; /* for IPv6 ndp balancing */
> };
> 
> +void carp_vh_ref(void *, void *);
> +void carp_vh_unref(void *, void *);
> +
> +struct srpl_rc carp_vh_rc =
> +SRPL_RC_INITIALIZER(carp_vh_ref, carp_vh_unref, NULL);
> +
> struct carp_softc {
>   struct arpcom sc_ac;
> #define   sc_if   sc_ac.ac_if
> @@ -124,7 +133,9 @@ struct carp_softc {
> #ifdef INET6
>   struct ip6_moptions sc_im6o;
> #endif /* INET6 */
> - TAILQ_ENTRY(carp_softc) sc_list;
> +
> + struct srpl_entry sc_list;
> + struct refcnt sc_refcnt;
> 
>   int sc_suppress;
>   int sc_bow_out;
> @@ -137,7 +148,7 @@ struct carp_softc {
> 
>   char sc_curlladdr[ETHER_ADDR_LEN];
> 
> - LIST_HEAD(__carp_vhosthead, carp_vhost_entry)   carp_vhosts;
> + struct srpl carp_vhosts;
>   int sc_vhe_count;
>   u_int8_t sc_vhids[CARP_MAXNODES];
>   u_int8_t sc_advskews[CARP_MAXNODES];
> @@ -162,13 +173,19 @@ struct carp_softc {
>   struct carp_vhost_entry *cur_vhe; /* current active vhe */
> };
> 
> +void carp_sc_ref(void *, void *);
> +void carp_sc_unref(void *, void *);
> +
> +struct srpl_rc carp_sc_rc =
> +SRPL_RC_INITIALIZER(carp_sc_ref, carp_sc_unref, NULL);
> +
> int carp_opts[CARPCTL_MAXID] = { 0, 1, 0, LOG_CRIT }; /* XXX for now */
> struct carpstats carpstats;
> 
> int   carp_send_all_recur = 0;
> 
> struct carp_if {
> - TAILQ_HEAD(, carp_softc) vhif_vrs;
> + struct srpl vhif_vrs;
> };
> 
> #define   CARP_LOG(l, sc, s)  
> \
> @@ -250,7 +267,9 @@ carp_hmac_prepare(struct carp_softc *sc)
>   struct carp_vhost_entry *vhe;
>   u_int8_t i;
> 
> - LIST_FOREACH(vhe, >carp_vhosts, vhost_entries) {
> + KERNEL_ASSERT_LOCKED(); /* touching carp_vhosts */
> +
> + SRPL_FOREACH_LOCKED(vhe, >carp_vhosts, vhost_entries) {
>   for (i = 0; i < HMAC_MAX; i++) {
>   carp_hmac_prepare_ctx(vhe, i);
>   }
> @@ -579,11 +598,12 @@ carp_proto_input_c(struct ifnet *ifp, st
>   else
>   cif = (struct carp_if *)ifp->if_carp;
> 
> - TAILQ_FOREACH(sc, >vhif_vrs, sc_list) {
> + KERNEL_ASSERT_LOCKED(); /* touching vhif_vrs + carp_vhosts */
> + SRPL_FOREACH_LOCKED(sc, >vhif_vrs, sc_list) {
>   if (af == AF_INET &&
>   ismulti != IN_MULTICAST(sc->sc_peer.s_addr))
>   continue;
> - LIST_FOREACH(vhe, >carp_vhosts, vhost_entries) {
> + SRPL_FOREACH_LOCKED(vhe, >carp_vhosts, vhost_entries) {
>   if (vhe->vhid == ch->c

Re: error:0906D064:PEM routines:PEM_read_bio:bad base64

[mxb]

Sure

 On 4 jul 2015, at 01:44, Brent Cook bust...@gmail.com wrote:
 
 Would you be comfortable adding some extra output to the various failure 
 points in EVP_DecodeUpdate to see where we are bailing out?

Re: error:0906D064:PEM routines:PEM_read_bio:bad base64

[mxb]

OpenSSL 1.0.1o on OpenBSD-current does not have problem with this key as well.


 On 30 jun 2015, at 08:52, mxb m...@alumni.chalmers.se wrote:
 
 
 I’m sorry but I can’t provide private key. 
 It is basically production and not self-signed. Comes from Thawte.
 
 I’m able to produce output from ‘openssl enc -d base64  key’, 
 so issue from the link you pointed out is not on my side.
 
 I’m following OpenBSD-current by moving from snap to snap.
 I just actually started to deploy SSL acceleration with relayd, so I’m not 
 aware on
 any prev. working snap. I had older snap which produced this issue, so I 
 moved to
 up-to-date -CURRENT.
 
 Linux dist which working is FC20, with 'OpenSSL 1.0.1e-fips 11 Feb 2013’.
 I have 3 more key/cert pairs from Thawte. Those are OK both on FC20 and 
 OpenBSD-current.
 
 Question how do I debug this?
 I’m happy to apply any patches for testing.
 
 Br
 //mxb
 
 On 30 jun 2015, at 05:25, Brent Cook bust...@gmail.com wrote:
 
 On Mon, Jun 29, 2015 at 1:22 AM, mxb m...@alumni.chalmers.se wrote:
 Hey,
 
 getting following error on OpenBSD-current as of yesterdays 'cvs up’:
 
 Does this imply that it worked in some earlier version of
 OpenBSD-current? If so, what was the version that worked?
 
 unable to load Private Key
 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 
 decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822:
 
 Cmd issued: 'openssl rsa -noout -modulus -in key’
 
 ‘openssl version’: LibreSSL 2.2
 
 This key is OK with openssl on Linux
 
 It's probably silly to ask for a copy of your private key, but could
 you share an example of the input that is failing here? Maybe if you
 can generate a new pem file?
 
 I seem to recall an actually invalid base64 encoding issue that was
 reported last year. Does this seem relevant?
 
 http://tech.openbsd.narkive.com/tHdomkKq/libressl-base64-decoding-error
 
 Saying 'openssl on Linux' doesn't help us much (especially without a
 sample of the input), though something like 'OpenSSL 1.0.1e on Ubuntu
 14.04' might if we had something to test against.
 
 Br
 
 //mxb
 
 
 

Re: error:0906D064:PEM routines:PEM_read_bio:bad base64

[mxb]

I’m sorry but I can’t provide private key. 
It is basically production and not self-signed. Comes from Thawte.

I’m able to produce output from ‘openssl enc -d base64  key’, 
so issue from the link you pointed out is not on my side.

I’m following OpenBSD-current by moving from snap to snap.
I just actually started to deploy SSL acceleration with relayd, so I’m not 
aware on
any prev. working snap. I had older snap which produced this issue, so I moved 
to
up-to-date -CURRENT.

Linux dist which working is FC20, with 'OpenSSL 1.0.1e-fips 11 Feb 2013’.
I have 3 more key/cert pairs from Thawte. Those are OK both on FC20 and 
OpenBSD-current.

Question how do I debug this?
I’m happy to apply any patches for testing.

Br
//mxb

 On 30 jun 2015, at 05:25, Brent Cook bust...@gmail.com wrote:
 
 On Mon, Jun 29, 2015 at 1:22 AM, mxb m...@alumni.chalmers.se wrote:
 Hey,
 
 getting following error on OpenBSD-current as of yesterdays 'cvs up’:
 
 Does this imply that it worked in some earlier version of
 OpenBSD-current? If so, what was the version that worked?
 
 unable to load Private Key
 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 
 decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822:
 
 Cmd issued: 'openssl rsa -noout -modulus -in key’
 
 ‘openssl version’: LibreSSL 2.2
 
 This key is OK with openssl on Linux
 
 It's probably silly to ask for a copy of your private key, but could
 you share an example of the input that is failing here? Maybe if you
 can generate a new pem file?
 
 I seem to recall an actually invalid base64 encoding issue that was
 reported last year. Does this seem relevant?
 
 http://tech.openbsd.narkive.com/tHdomkKq/libressl-base64-decoding-error
 
 Saying 'openssl on Linux' doesn't help us much (especially without a
 sample of the input), though something like 'OpenSSL 1.0.1e on Ubuntu
 14.04' might if we had something to test against.
 
 Br
 
 //mxb
 
 

error:0906D064:PEM routines:PEM_read_bio:bad base64

[mxb]

Hey,

getting following error on OpenBSD-current as of yesterdays 'cvs up’:

unable to load Private Key
30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 
decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822:

Cmd issued: 'openssl rsa -noout -modulus -in key’

‘openssl version’: LibreSSL 2.2

This key is OK with openssl on Linux

Br

//mxb

Re: SMP steroids for PF

[mxb]

And the rest of us is watching and waiting for diffs to apply :)
It is like exiting movie - I have popcorn in front.
Culmination must be soon, I guess :)

//mxb

On 2015-06-26 19:09, Martin Pieuchot wrote:

On 26/06/15(Fri) 17:19, Alexandr Nedvedicky wrote:

On Fri, Jun 26, 2015 at 04:34:06PM +0200, Martin Pieuchot wrote:

On 26/06/15(Fri) 16:00, Alexandr Nedvedicky wrote:

2)  I saw that you found some ALTQ leftovers, you have some Solaris

(2) I think ALTQs leftovers are still in CVS repo, will double check
anyway. Stack alignment is not Solaris compatibility hack it's sparc
compatibility. May be your C compiler takes care of this and grants
16/32/64 bit stack alignment. I have not examined build process
that closely yet.

By Solaris compatibility I'm referring to the size of ``sa_family_t''
and the corresponding changes in struct pfr_table.


I see. sa_family_t is kind of surprise it's defined as uint16_t on Solaris.
PF at various places mixes sa_family_t with u_int8_t, so all af variables
on Solaris had to be turned to sa_family_t. Some of those changes leaked
backed during merge to current.

Even if on OpenBSD sa_family_t is defined as uint8_t, I'd argue that
for portability reasons we should use the correct type where it is
appropriate.  And here your leak is a good example of portability.

If you have some changes that could improve the portability of the
software and if you feel like sharing them, I'd be interested.

Regards,
Martin

Re: RTF_LOCAL and permanent ARP

[mxb]

Yes, incomplete is gone as well as arpresolve: unresolved and 
rt_expire == 0.


//mxb

On 2015-06-04 12:19, Martin Pieuchot wrote:

I'd like to put the link-layer address back into the gateway field of
RTF_LOCAL addresses.  The problem is that RTF_LOCAL routes are also
marked as RTF_LLINFO and a lot of code assume (correctly) that such
routes contain valid ARP or ND information.

I believe we decided to use an ``empty'' lladdr because previously all
the routes created via rt_ifa_add(9) were using the same code and we
needed the exact same gateway to remove MPATH routes.  But now that
only RTF_LOCAL routes use this code and taking into consideration that
such route *cannot* be MPATH, we can simply use ifp-if_sadl instead
of a blank sockaddr_dl.

This should also fix the (imcomplete) output in arp(8) and ndp(8).

Ok?

Index: net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.212
diff -u -p -r1.212 route.c
--- net/route.c 26 May 2015 12:19:51 -  1.212
+++ net/route.c 4 Jun 2015 10:03:51 -
@@ -1121,27 +1121,23 @@ rt_maskedcopy(struct sockaddr *src, stru
  int
  rt_ifa_add(struct ifaddr *ifa, int flags, struct sockaddr *dst)
  {
+   struct ifnet*ifp = ifa-ifa_ifp;
struct rtentry  *rt, *nrt = NULL;
struct sockaddr_rtlabel  sa_rl;
-   struct sockaddr_dl   sa_dl = { sizeof(sa_dl), AF_LINK };
struct rt_addrinfo   info;
-   u_short  rtableid = ifa-ifa_ifp-if_rdomain;
-   u_int8_t prio = ifa-ifa_ifp-if_priority + RTP_STATIC;
+   u_short  rtableid = ifp-if_rdomain;
+   u_int8_t prio = ifp-if_priority + RTP_STATIC;
int  error;
  
-	sa_dl.sdl_type = ifa-ifa_ifp-if_type;

-   sa_dl.sdl_index = ifa-ifa_ifp-if_index;
-
memset(info, 0, sizeof(info));
info.rti_ifa = ifa;
info.rti_flags = flags | RTF_MPATH;
info.rti_info[RTAX_DST] = dst;
if (flags  RTF_LLINFO)
-   info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)sa_dl;
+   info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)ifp-if_sadl;
else
info.rti_info[RTAX_GATEWAY] = ifa-ifa_addr;
-   info.rti_info[RTAX_LABEL] =
-   rtlabel_id2sa(ifa-ifa_ifp-if_rtlabelid, sa_rl);
+   info.rti_info[RTAX_LABEL] = rtlabel_id2sa(ifp-if_rtlabelid, sa_rl);
  
  #ifdef MPLS

if ((flags  RTF_MPLS) == RTF_MPLS) {
@@ -1189,14 +1185,14 @@ rt_ifa_add(struct ifaddr *ifa, int flags
  int
  rt_ifa_del(struct ifaddr *ifa, int flags, struct sockaddr *dst)
  {
+   struct ifnet*ifp = ifa-ifa_ifp;
struct rtentry  *rt, *nrt = NULL;
struct mbuf *m = NULL;
struct sockaddr *deldst;
struct rt_addrinfo   info;
struct sockaddr_rtlabel  sa_rl;
-   struct sockaddr_dl   sa_dl = { sizeof(sa_dl), AF_LINK };
-   u_short  rtableid = ifa-ifa_ifp-if_rdomain;
-   u_int8_t prio = ifa-ifa_ifp-if_priority + RTP_STATIC;
+   u_short  rtableid = ifp-if_rdomain;
+   u_int8_t prio = ifp-if_priority + RTP_STATIC;
int  error;
  
  #ifdef MPLS

@@ -1227,19 +1223,13 @@ rt_ifa_del(struct ifaddr *ifa, int flags
}
}
  
-	sa_dl.sdl_type = ifa-ifa_ifp-if_type;

-   sa_dl.sdl_index = ifa-ifa_ifp-if_index;
-
memset(info, 0, sizeof(info));
info.rti_ifa = ifa;
info.rti_flags = flags;
info.rti_info[RTAX_DST] = dst;
-   if (flags  RTF_LLINFO)
-   info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)sa_dl;
-   else
+   if ((flags  RTF_LLINFO) == 0)
info.rti_info[RTAX_GATEWAY] = ifa-ifa_addr;
-   info.rti_info[RTAX_LABEL] =
-   rtlabel_id2sa(ifa-ifa_ifp-if_rtlabelid, sa_rl);
+   info.rti_info[RTAX_LABEL] = rtlabel_id2sa(ifp-if_rtlabelid, sa_rl);
  
  	if ((flags  RTF_HOST) == 0)

info.rti_info[RTAX_NETMASK] = ifa-ifa_netmask;
Index: netinet6/nd6.c
===
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.136
diff -u -p -r1.136 nd6.c
--- netinet6/nd6.c  15 May 2015 12:00:57 -  1.136
+++ netinet6/nd6.c  4 Jun 2015 09:51:54 -
@@ -651,7 +651,6 @@ nd6_lookup(struct in6_addr *addr6, int c
}
if (!rt) {
if (create  ifp) {
-   struct sockaddr_dl sa_dl = { sizeof(sa_dl), AF_LINK };
struct rt_addrinfo info;
int e;
  
@@ -667,9 +666,6 @@ nd6_lookup(struct in6_addr *addr6, int c

if (ifa == NULL)
return (NULL);
  
-			sa_dl.sdl_type = ifp-if_type;

-   sa_dl.sdl_index = ifp-if_index

Re: vmxnet3 panic

[mxb]

Any chance to get this committed?
Stepped on it once more without this patch.

//mxb

On 2015-05-22 19:53, Mike Belopuhov wrote:

On Fri, May 22, 2015 at 19:35 +0200, mxb wrote:

Hey,
got a panic as of todays ‘cvs up’
trace below

panic: vmxnet3_rxintr: NULL ring-m[44]
Stopped at  Debugger+0x9:   leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO.
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb{0} Debugger() at Debugger+0x9
panic() at panic+0xfe
vmxnet3_rxintr() at vmxnet3_rxintr+0x284
vmxnet3_intr() at vmxnet3_intr+0x4a
intr_handler() at intr_handler+0x67
Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd
--- interrupt ---
Xspllower() at Xspllower+0xe
if_downall() at if_downall+0x9b
boot() at boot+0xe4
reboot() at reboot+0x26
sys_reboot() at sys_reboot+0x5e
syscall() at syscall+0x297
--- syscall (number 55) ---
end of kernel
end trace frame: 0x7f7d5858, count: -12
0x184f48704eda:
ddb{0} rebooting...
OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015

//mxb


vmx doesn't check if it's wasn't stopped before calling rx/tx
interrupt routines...  the patch below should fix it up.  not
entirely sure why do they need to re-enable the interrupt
every time, but i'm pretty positive you don't want that if
you're !IFF_RUNNING.

diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c
index 925a977..989cae1 100644
--- sys/dev/pci/if_vmx.c
+++ sys/dev/pci/if_vmx.c
@@ -588,21 +588,24 @@ vmxnet3_disable_all_intrs(struct vmxnet3_softc *sc)
  
  int

  vmxnet3_intr(void *arg)
  {
struct vmxnet3_softc *sc = arg;
+   struct ifnet *ifp = sc-sc_arpcom.ac_if;
  
  	if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0)

return 0;
if (sc-sc_ds-event)
vmxnet3_evintr(sc);
-   vmxnet3_rxintr(sc, sc-sc_rxq[0]);
-   vmxnet3_txintr(sc, sc-sc_txq[0]);
  #ifdef VMXNET3_STAT
vmxstat.intr++;
  #endif
-   vmxnet3_enable_intr(sc, 0);
+   if (ifp-if_flags  IFF_RUNNING) {
+   vmxnet3_rxintr(sc, sc-sc_rxq[0]);
+   vmxnet3_txintr(sc, sc-sc_txq[0]);
+   vmxnet3_enable_intr(sc, 0);
+   }
return 1;
  }
  
  void

  vmxnet3_evintr(struct vmxnet3_softc *sc)

Re: arpresolve: unresolved and rt_expire == 0

[mxb]

I had an old kernel from 'Apr 28' laying around, as well as from 'May 15' .
Both are OK.

On 2015-06-01 23:04, mxb wrote:


Well, this is a vmware setup, thus I have vmx(4).
I just made a clean 'cvs co -P src' from anoncvs.eu.openbsd.org
and still have the same result.

//mxb

On 2015-06-01 10:55, Martin Pieuchot wrote:

Any idea about how to reproduce it?

Re: arpresolve: unresolved and rt_expire == 0

[mxb]

Well, this is a vmware setup, thus I have vmx(4).
I just made a clean 'cvs co -P src' from anoncvs.eu.openbsd.org
and still have the same result.

//mxb

On 2015-06-01 10:55, Martin Pieuchot wrote:

Any idea about how to reproduce it?

Re: arpresolve: unresolved and rt_expire == 0

[mxb]

1.152 not fixed this, thus reversion far back to 1.150

 On 31 maj 2015, at 22:33, mxb m...@alumni.chalmers.se wrote:
 
 
 Reverting if_ether.c from 1.153 to 1.150 fixes my problem.
 
 //mxb
 
 On 31 maj 2015, at 22:05, mxb m...@alumni.chalmers.se wrote:
 
 
 Hello,
 any ideas regarding subject ?
 I see this in ‘dmesg’. 
 
 Also all local (on machine itself) arp entries are incomplete:
 
 Host Ethernet Address   Netif Expire 
 Flags
 10.1.240.1   fe:e1:ba:d3:b4:56 vether0 1m43s
 10.1.240.2   (incomplete)  vether0 permanent  l
 10.2.240.1   fe:e1:ba:d2:98:29 vether1 19m52s
 10.2.240.2   (incomplete)  vether1 permanent  l
 10.11.11.10  (incomplete)vmx2 permanent  l
 10.11.11.11  00:50:56:02:02:03   vmx2 15m30s
 10.78.0.1(incomplete)  vether78 permanent  l
 10.78.0.2be:ef:00:00:01:a2 vether78 43s
 10.78.0.9(incomplete)  vether79 permanent  l
 10.78.0.10   be:ef:00:00:01:b2 vether79 13s
 46.59.censored   00:1e:bd:9a:f5:47   vmx1 19m33s
 46.59.censored  (incomplete)vmx1 permanent  l
 192.168.78.1 00:25:90:ad:8b:de   vmx0 19m12s
 192.168.78.2 f8:1e:df:f8:4c:12   vmx0 13m16s
 192.168.78.3 90:84:0d:f0:8e:3c   vmx0 18m21s
 192.168.78.4 00:1a:4b:ed:dc:b4   vmx0 expired
 192.168.78.6 98:d6:bb:1b:98:bd   vmx0 1m36s
 192.168.78.1268:5b:35:c5:15:bd   vmx0 19m34s
 192.168.78.1668:a8:6d:e8:b1:71   vmx0 18m36s
 192.168.78.1840:6c:8f:0d:d9:15   vmx0 18m42s
 192.168.78.2100:50:56:01:01:05   vmx0 18m28s
 192.168.78.5698:fe:94:5c:9a:90   vmx0 7m24s
 192.168.78.123   (incomplete)   carp1 permanent  l
 192.168.78.124   (incomplete)vmx0 permanent  l
 192.168.78.125   00:50:56:02:02:01   vmx0 13m40s
 192.168.79.123   (incomplete)   carp2 permanent  l
 192.168.79.124   (incomplete)vmx3 permanent  l
 
 
 //mxb
 
 
 

Re: arpresolve: unresolved and rt_expire == 0

[mxb]

Reverting if_ether.c from 1.153 to 1.150 fixes my problem.

//mxb

 On 31 maj 2015, at 22:05, mxb m...@alumni.chalmers.se wrote:
 
 
 Hello,
 any ideas regarding subject ?
 I see this in ‘dmesg’. 
 
 Also all local (on machine itself) arp entries are incomplete:
 
 Host Ethernet Address   Netif Expire Flags
 10.1.240.1   fe:e1:ba:d3:b4:56 vether0 1m43s
 10.1.240.2   (incomplete)  vether0 permanent  l
 10.2.240.1   fe:e1:ba:d2:98:29 vether1 19m52s
 10.2.240.2   (incomplete)  vether1 permanent  l
 10.11.11.10  (incomplete)vmx2 permanent  l
 10.11.11.11  00:50:56:02:02:03   vmx2 15m30s
 10.78.0.1(incomplete)  vether78 permanent  l
 10.78.0.2be:ef:00:00:01:a2 vether78 43s
 10.78.0.9(incomplete)  vether79 permanent  l
 10.78.0.10   be:ef:00:00:01:b2 vether79 13s
 46.59.censored   00:1e:bd:9a:f5:47   vmx1 19m33s
 46.59.censored  (incomplete)vmx1 permanent  l
 192.168.78.1 00:25:90:ad:8b:de   vmx0 19m12s
 192.168.78.2 f8:1e:df:f8:4c:12   vmx0 13m16s
 192.168.78.3 90:84:0d:f0:8e:3c   vmx0 18m21s
 192.168.78.4 00:1a:4b:ed:dc:b4   vmx0 expired
 192.168.78.6 98:d6:bb:1b:98:bd   vmx0 1m36s
 192.168.78.1268:5b:35:c5:15:bd   vmx0 19m34s
 192.168.78.1668:a8:6d:e8:b1:71   vmx0 18m36s
 192.168.78.1840:6c:8f:0d:d9:15   vmx0 18m42s
 192.168.78.2100:50:56:01:01:05   vmx0 18m28s
 192.168.78.5698:fe:94:5c:9a:90   vmx0 7m24s
 192.168.78.123   (incomplete)   carp1 permanent  l
 192.168.78.124   (incomplete)vmx0 permanent  l
 192.168.78.125   00:50:56:02:02:01   vmx0 13m40s
 192.168.79.123   (incomplete)   carp2 permanent  l
 192.168.79.124   (incomplete)vmx3 permanent  l
 
 
 //mxb
 
 

arpresolve: unresolved and rt_expire == 0

[mxb]

Hello,
any ideas regarding subject ?
I see this in ‘dmesg’. 

Also all local (on machine itself) arp entries are incomplete:

Host Ethernet Address   Netif Expire Flags
10.1.240.1   fe:e1:ba:d3:b4:56 vether0 1m43s
10.1.240.2   (incomplete)  vether0 permanent  l
10.2.240.1   fe:e1:ba:d2:98:29 vether1 19m52s
10.2.240.2   (incomplete)  vether1 permanent  l
10.11.11.10  (incomplete)vmx2 permanent  l
10.11.11.11  00:50:56:02:02:03   vmx2 15m30s
10.78.0.1(incomplete)  vether78 permanent  l
10.78.0.2be:ef:00:00:01:a2 vether78 43s
10.78.0.9(incomplete)  vether79 permanent  l
10.78.0.10   be:ef:00:00:01:b2 vether79 13s
46.59.censored   00:1e:bd:9a:f5:47   vmx1 19m33s
46.59.censored  (incomplete)vmx1 permanent  l
192.168.78.1 00:25:90:ad:8b:de   vmx0 19m12s
192.168.78.2 f8:1e:df:f8:4c:12   vmx0 13m16s
192.168.78.3 90:84:0d:f0:8e:3c   vmx0 18m21s
192.168.78.4 00:1a:4b:ed:dc:b4   vmx0 expired
192.168.78.6 98:d6:bb:1b:98:bd   vmx0 1m36s
192.168.78.1268:5b:35:c5:15:bd   vmx0 19m34s
192.168.78.1668:a8:6d:e8:b1:71   vmx0 18m36s
192.168.78.1840:6c:8f:0d:d9:15   vmx0 18m42s
192.168.78.2100:50:56:01:01:05   vmx0 18m28s
192.168.78.5698:fe:94:5c:9a:90   vmx0 7m24s
192.168.78.123   (incomplete)   carp1 permanent  l
192.168.78.124   (incomplete)vmx0 permanent  l
192.168.78.125   00:50:56:02:02:01   vmx0 13m40s
192.168.79.123   (incomplete)   carp2 permanent  l
192.168.79.124   (incomplete)vmx3 permanent  l


//mxb

Re: tun(4) and if_input()

[mxb]

Don’t have tun(4), but applied.
As well as latest carp and bridge patches.
So far no problems, except that I see following in dmesg :

arpresolve: unresolved and rt_expire == 0

but this is probably not related to new diffs.

//mxb

 On 28 maj 2015, at 11:28, Martin Pieuchot m...@openbsd.org wrote:
 
 Replace the last ether_input_mbuf() by if_input().
 
 Index: net/if_tun.c
 ===
 RCS file: /cvs/src/sys/net/if_tun.c,v
 retrieving revision 1.144
 diff -u -p -r1.144 if_tun.c
 --- net/if_tun.c  26 May 2015 11:36:26 -  1.144
 +++ net/if_tun.c  28 May 2015 09:25:52 -
 @@ -871,32 +871,34 @@ tunwrite(dev_t dev, struct uio *uio, int
   }
 
   top-m_pkthdr.len = tlen;
 - top-m_pkthdr.rcvif = ifp;
 -
 -#if NBPFILTER  0
 - if (ifp-if_bpf) {
 - s = splnet();
 - bpf_mtap(ifp-if_bpf, top, BPF_DIRECTION_IN);
 - splx(s);
 - }
 -#endif
 
   if (tp-tun_flags  TUN_LAYER2) {
 + struct mbuf_list ml = MBUF_LIST_INITIALIZER();
 +
 + ml_enqueue(ml, top);
   s = splnet();
 - ether_input_mbuf(ifp, top);
 + if_input(ifp, ml);
   splx(s);
 -
   ifp-if_ipackets++;
 
   return (0);
   }
 
 +#if NBPFILTER  0
 + if (ifp-if_bpf) {
 + s = splnet();
 + bpf_mtap(ifp-if_bpf, top, BPF_DIRECTION_IN);
 + splx(s);
 + }
 +#endif
 +
   th = mtod(top, u_int32_t *);
   /* strip the tunnel header */
   top-m_data += sizeof(*th);
   top-m_len  -= sizeof(*th);
   top-m_pkthdr.len -= sizeof(*th);
   top-m_pkthdr.ph_rtableid = ifp-if_rdomain;
 + top-m_pkthdr.rcvif = ifp;
 
   switch (ntohl(*th)) {
   case AF_INET:
 

Re: carp(4) is out

[mxb]

Hey,
so far no problems.

//mxb

 On 22 maj 2015, at 16:05, Martin Pieuchot m...@openbsd.org wrote:
 
 Let's take carp(4) out of ether_input().  This is quite similar to what
 happened to trunk(4) and vlan(4).
 
 I appreciate tests of any kind, reviews and oks.
 
 
 Index: net/if_ethersubr.c
 ===
 RCS file: /cvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.199
 diff -u -p -r1.199 if_ethersubr.c
 --- net/if_ethersubr.c19 May 2015 11:09:24 -  1.199
 +++ net/if_ethersubr.c22 May 2015 13:39:44 -
 @@ -502,18 +502,6 @@ ether_input(struct mbuf *m, void *hdr)
   }
 #endif
 
 -#if NCARP  0
 - if (ifp-if_carp) {
 - if (ifp-if_type != IFT_CARP  (carp_input(ifp, eh, m) == 0))
 - return (1);
 - /* clear mcast if received on a carp IP balanced address */
 - else if (ifp-if_type == IFT_CARP 
 - m-m_flags  (M_BCAST|M_MCAST) 
 - carp_our_mcastaddr(ifp, (u_int8_t *)eh-ether_dhost))
 - m-m_flags = ~(M_BCAST|M_MCAST);
 - }
 -#endif /* NCARP  0 */
 -
   ac = (struct arpcom *)ifp;
 
   /*
 Index: netinet/ip_carp.c
 ===
 RCS file: /cvs/src/sys/netinet/ip_carp.c,v
 retrieving revision 1.257
 diff -u -p -r1.257 ip_carp.c
 --- netinet/ip_carp.c 21 May 2015 09:17:53 -  1.257
 +++ netinet/ip_carp.c 22 May 2015 13:54:30 -
 @@ -120,6 +120,7 @@ struct carp_softc {
 #define   sc_carpdev  sc_ac.ac_if.if_carpdev
   void *ah_cookie;
   void *lh_cookie;
 + struct ifih *sc_ifih;
   struct ip_moptions sc_imo;
 #ifdef INET6
   struct ip6_moptions sc_im6o;
 @@ -193,6 +194,7 @@ void  carp_hmac_generate(struct carp_vhos
   unsigned char *, u_int8_t);
 int   carp_hmac_verify(struct carp_vhost_entry *, u_int32_t *,
   unsigned char *);
 +int  carp_input(struct mbuf *, void *);
 void  carp_proto_input_c(struct mbuf *, struct carp_header *, int,
   sa_family_t);
 void  carpattach(int);
 @@ -824,6 +826,7 @@ carp_del_all_timeouts(struct carp_softc 
 void
 carpdetach(struct carp_softc *sc)
 {
 + struct ifnet *ifp;
   struct carp_if *cif;
   int s;
 
 @@ -839,20 +842,29 @@ carpdetach(struct carp_softc *sc)
   carp_setrun_all(sc, 0);
   carp_multicast_cleanup(sc);
 
 - s = splnet();
   if (sc-ah_cookie != NULL)
   hook_disestablish(sc-sc_if.if_addrhooks, sc-ah_cookie);
 - if (sc-sc_carpdev != NULL) {
 - if (sc-lh_cookie != NULL)
 - hook_disestablish(sc-sc_carpdev-if_linkstatehooks,
 - sc-lh_cookie);
 - cif = (struct carp_if *)sc-sc_carpdev-if_carp;
 - TAILQ_REMOVE(cif-vhif_vrs, sc, sc_list);
 - if (!--cif-vhif_nvrs) {
 - ifpromisc(sc-sc_carpdev, 0);
 - sc-sc_carpdev-if_carp = NULL;
 - free(cif, M_IFADDR, sizeof(*cif));
 - }
 +
 + ifp = sc-sc_carpdev;
 + if (ifp == NULL)
 + return;
 +
 + s = splnet();
 + /* Restore previous input handler. */
 + if (--sc-sc_ifih-ifih_refcnt == 0) {
 + SLIST_REMOVE(ifp-if_inputs, sc-sc_ifih, ifih, ifih_next);
 + free(sc-sc_ifih, M_DEVBUF, sizeof(*sc-sc_ifih));
 + }
 +
 + if (sc-lh_cookie != NULL)
 + hook_disestablish(ifp-if_linkstatehooks,
 + sc-lh_cookie);
 + cif = (struct carp_if *)ifp-if_carp;
 + TAILQ_REMOVE(cif-vhif_vrs, sc, sc_list);
 + if (!--cif-vhif_nvrs) {
 + ifpromisc(ifp, 0);
 + ifp-if_carp = NULL;
 + free(cif, M_IFADDR, sizeof(*cif));
   }
   sc-sc_carpdev = NULL;
   splx(s);
 @@ -1403,27 +1415,21 @@ carp_get_srclladdr(struct ifnet *ifp, u_
 }
 
 int
 -carp_our_mcastaddr(struct ifnet *ifp, u_int8_t *d_enaddr)
 -{
 - struct carp_softc *sc = ifp-if_softc;
 -
 - if (sc-sc_balancing != CARP_BAL_IP)
 - return (0);
 -
 - return (!memcmp(sc-sc_ac.ac_enaddr, d_enaddr, ETHER_ADDR_LEN));
 -}
 -
 -
 -int
 -carp_input(struct ifnet *ifp0, struct ether_header *eh0, struct mbuf *m)
 +carp_input(struct mbuf *m, void *hdr)
 {
 + struct carp_softc *sc;
   struct ether_header *eh;
 - struct carp_if *cif = (struct carp_if *)ifp0-if_carp;
 - struct ifnet *ifp;
 + struct mbuf_list ml = MBUF_LIST_INITIALIZER();
 + struct carp_if *cif;
 + struct ifnet *ifp0, *ifp;
 
 - ifp = carp_ourether(cif, eh0-ether_dhost);
 - if (ifp == NULL  (m-m_flags  (M_BCAST|M_MCAST)) == 0)
 - return (1);
 + ifp0 = m-m_pkthdr.rcvif;
 + eh = mtod(m, struct ether_header *);
 + cif = (struct carp_if *)ifp0-if_carp;
 +
 + ifp = carp_ourether(cif, eh-ether_dhost);
 + if (ifp == NULL  !ETHER_IS_MULTICAST(eh-ether_dhost))
 + return (0);
 
   if (ifp

vmxnet3 panic

[mxb]

Hey,
got a panic as of todays ‘cvs up’
trace below

panic: vmxnet3_rxintr: NULL ring-m[44]
Stopped at  Debugger+0x9:   leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO.
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb{0} Debugger() at Debugger+0x9
panic() at panic+0xfe
vmxnet3_rxintr() at vmxnet3_rxintr+0x284
vmxnet3_intr() at vmxnet3_intr+0x4a
intr_handler() at intr_handler+0x67
Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd
--- interrupt ---
Xspllower() at Xspllower+0xe
if_downall() at if_downall+0x9b
boot() at boot+0xe4
reboot() at reboot+0x26
sys_reboot() at sys_reboot+0x5e
syscall() at syscall+0x297
--- syscall (number 55) ---
end of kernel
end trace frame: 0x7f7d5858, count: -12
0x184f48704eda:
ddb{0} rebooting...
OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015

//mxb

Re: vmxnet3 panic

[mxb]

Not sure if I’ll be able to reproduce this at all.
Never seen this before.
But diff is applied.

//mxb

 On 22 maj 2015, at 19:53, Mike Belopuhov m...@belopuhov.com wrote:
 
 On Fri, May 22, 2015 at 19:35 +0200, mxb wrote:
 
 Hey,
 got a panic as of todays ‘cvs up’
 trace below
 
 panic: vmxnet3_rxintr: NULL ring-m[44]
 Stopped at  Debugger+0x9:   leave
 RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
 IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO.
 DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
 ddb{0} Debugger() at Debugger+0x9
 panic() at panic+0xfe
 vmxnet3_rxintr() at vmxnet3_rxintr+0x284
 vmxnet3_intr() at vmxnet3_intr+0x4a
 intr_handler() at intr_handler+0x67
 Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd
 --- interrupt ---
 Xspllower() at Xspllower+0xe
 if_downall() at if_downall+0x9b
 boot() at boot+0xe4
 reboot() at reboot+0x26
 sys_reboot() at sys_reboot+0x5e
 syscall() at syscall+0x297
 --- syscall (number 55) ---
 end of kernel
 end trace frame: 0x7f7d5858, count: -12
 0x184f48704eda:
 ddb{0} rebooting...
 OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015
 
 //mxb
 
 
 vmx doesn't check if it's wasn't stopped before calling rx/tx
 interrupt routines...  the patch below should fix it up.  not
 entirely sure why do they need to re-enable the interrupt
 every time, but i'm pretty positive you don't want that if
 you're !IFF_RUNNING.
 
 diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c
 index 925a977..989cae1 100644
 --- sys/dev/pci/if_vmx.c
 +++ sys/dev/pci/if_vmx.c
 @@ -588,21 +588,24 @@ vmxnet3_disable_all_intrs(struct vmxnet3_softc *sc)
 
 int
 vmxnet3_intr(void *arg)
 {
   struct vmxnet3_softc *sc = arg;
 + struct ifnet *ifp = sc-sc_arpcom.ac_if;
 
   if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0)
   return 0;
   if (sc-sc_ds-event)
   vmxnet3_evintr(sc);
 - vmxnet3_rxintr(sc, sc-sc_rxq[0]);
 - vmxnet3_txintr(sc, sc-sc_txq[0]);
 #ifdef VMXNET3_STAT
   vmxstat.intr++;
 #endif
 - vmxnet3_enable_intr(sc, 0);
 + if (ifp-if_flags  IFF_RUNNING) {
 + vmxnet3_rxintr(sc, sc-sc_rxq[0]);
 + vmxnet3_txintr(sc, sc-sc_txq[0]);
 + vmxnet3_enable_intr(sc, 0);
 + }
   return 1;
 }
 
 void
 vmxnet3_evintr(struct vmxnet3_softc *sc)

Re: vlan+bridge fix

[mxb]

Diff is applied. So far no problems.
Unfortunately I can’t test this fully - no vlans on my side.

//mxb


 On 15 maj 2015, at 13:14, Martin Pieuchot m...@openbsd.org wrote:
 
 I have one setup with multiple interfaces in a bridge and on some of
 these interfaces some vlan(4)s.  But there's currently a bug that
 prevent us to send (receive is fine) VLAN packets in such config.
 Diff below fixes that.
 
 The problem is that vlan_output() does not pass its parent interface
 to ether_output().  That's a mis-design that should be fixed later.
 The reason for not passing the parent interface is that we want to
 tcpdump(8) packets on vlan interfaces and the easiest hack^Wsolution
 was to add a bpf handler in vlan_start()*.
 
 Since my vlans are not part of the bridge, the check below is never
 true and my packets never go through the bridge.  By moving this
 check to if_output() we kill two birds with one diff.  First of
 all we fix this vlan bug and secondly we simplify ether_output()
 which in turn will allow us to fix all pseudo-interface *output()
 functions.
 
 One of the goals of if_output() is to move all bpf handlers instead
 of having them in multiple if_start().  Of course, this will also
 help us removing the various #if PSEUDODRIVER from our stack...
 
 Ok?
 
 *: Note that for the exact same reason we cannot tcpdump output
 packets on a carp(4) interface, this will be fixed at the same
 time in upcoming diffs.
 
 
 Index: net/if_ethersubr.c
 ===
 RCS file: /cvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.198
 diff -u -p -r1.198 if_ethersubr.c
 --- net/if_ethersubr.c15 May 2015 10:15:13 -  1.198
 +++ net/if_ethersubr.c15 May 2015 10:58:37 -
 @@ -363,47 +363,6 @@ ether_output(struct ifnet *ifp0, struct 
   if (ether_addheader(m, ifp, etype, esrc, edst) == -1)
   senderr(ENOBUFS);
 
 -#if NBRIDGE  0
 - /*
 -  * Interfaces that are bridgeports need special handling for output.
 -  */
 - if (ifp-if_bridgeport) {
 - struct m_tag *mtag;
 -
 - /*
 -  * Check if this packet has already been sent out through
 -  * this bridgeport, in which case we simply send it out
 -  * without further bridge processing.
 -  */
 - for (mtag = m_tag_find(m, PACKET_TAG_BRIDGE, NULL); mtag;
 - mtag = m_tag_find(m, PACKET_TAG_BRIDGE, mtag)) {
 -#ifdef DEBUG
 - /* Check that the information is there */
 - if (mtag-m_tag_len != sizeof(caddr_t)) {
 - error = EINVAL;
 - goto bad;
 - }
 -#endif
 - if (!memcmp(ifp-if_bridgeport, mtag + 1,
 - sizeof(caddr_t)))
 - break;
 - }
 - if (mtag == NULL) {
 - /* Attach a tag so we can detect loops */
 - mtag = m_tag_get(PACKET_TAG_BRIDGE, sizeof(caddr_t),
 - M_NOWAIT);
 - if (mtag == NULL) {
 - error = ENOBUFS;
 - goto bad;
 - }
 - memcpy(mtag + 1, ifp-if_bridgeport, sizeof(caddr_t));
 - m_tag_prepend(m, mtag);
 - error = bridge_output(ifp, m, NULL, NULL);
 - return (error);
 - }
 - }
 -#endif
 -
   len = m-m_pkthdr.len;
 
   error = if_output(ifp, m);
 Index: net/if.c
 ===
 RCS file: /cvs/src/sys/net/if.c,v
 retrieving revision 1.331
 diff -u -p -r1.331 if.c
 --- net/if.c  15 May 2015 10:15:13 -  1.331
 +++ net/if.c  15 May 2015 10:58:37 -
 @@ -450,6 +450,40 @@ if_output(struct ifnet *ifp, struct mbuf
   length = m-m_pkthdr.len;
   mflags = m-m_flags;
 
 +#if NBRIDGE  0
 + /*
 +  * Interfaces that are bridgeports need special handling for output.
 +  */
 + if (ifp-if_bridgeport) {
 + struct m_tag *mtag;
 +
 + /*
 +  * Check if this packet has already been sent out through
 +  * this bridgeport, in which case we simply send it out
 +  * without further bridge processing.
 +  */
 + for (mtag = m_tag_find(m, PACKET_TAG_BRIDGE, NULL); mtag;
 + mtag = m_tag_find(m, PACKET_TAG_BRIDGE, mtag)) {
 + if (!memcmp(ifp-if_bridgeport, mtag + 1,
 + sizeof(caddr_t)))
 + break;
 + }
 + if (mtag == NULL) {
 + /* Attach a tag so we can detect loops */
 + mtag = m_tag_get(PACKET_TAG_BRIDGE, sizeof(caddr_t),
 + M_NOWAIT);
 + if (mtag == NULL

Re: Small bridge(4) fix

[mxb]

No regression on my side.

//mxb

 On 15 maj 2015, at 12:54, Martin Pieuchot m...@openbsd.org wrote:
 
 If we change the rcvif pointer of a packet we need to run if_input()
 again otherwise we might skip the handlers on the new interface.
 
 Ultimately it would be nice to only assign rcvif in  if_input(), but
 that's for another diff.
 
 This fix one case I left out in my previous conversion, ok?
 
 Index: net/if_bridge.c
 ===
 RCS file: /cvs/src/sys/net/if_bridge.c,v
 retrieving revision 1.238
 diff -u -p -r1.238 if_bridge.c
 --- net/if_bridge.c   15 May 2015 10:15:13 -  1.238
 +++ net/if_bridge.c   15 May 2015 10:50:32 -
 @@ -1478,12 +1478,9 @@ bridge_dispatch(struct bridge_iflist *if
 
   m-m_pkthdr.rcvif = ifl-ifp;
   m-m_pkthdr.ph_rtableid = ifl-ifp-if_rdomain;
 - if (ifp-if_type == IFT_GIF) {
 - m-m_flags |= M_PROTO1;
 - ether_input_mbuf(ifl-ifp, m);
 - m = NULL;
 - }
 - return (m);
 + m-m_flags |= M_PROTO1;
 + ether_input_mbuf(ifl-ifp, m);
 + return (NULL);
   }
   if (bcmp(ac-ac_enaddr, eh-ether_shost, ETHER_ADDR_LEN) == 0
 #if NCARP  0
 

Re: bridge(4) and ether_input_mbuf()

[mxb]

Applied.
I don’t see any regressions so far.
I use bridge+vether.

//mxb

 On 28 apr 2015, at 23:06, Martin Pieuchot m...@openbsd.org wrote:
 
 On 21/04/15(Tue) 12:35, Martin Pieuchot wrote:
 This diff adds the necessary glue to bridge(4) to be able to convert
 other pseudo-drivers to if_input().  This will also help bridge(4)'s
 own conversion.
 
 Since bridge_input() already returns a mbuf, I believe this change is
 less error prone than the carp(4) one.  But I appreciate reviews,
 tests and oks.
 
 Anybody?
 
 
 Index: net/bridgestp.c
 ===
 RCS file: /cvs/src/sys/net/bridgestp.c,v
 retrieving revision 1.52
 diff -u -p -r1.52 bridgestp.c
 --- net/bridgestp.c  14 Mar 2015 03:38:51 -  1.52
 +++ net/bridgestp.c  20 Apr 2015 11:35:56 -
 @@ -596,6 +596,9 @@ bstp_input(struct bstp_state *bs, struct
  len = ntohs(eh-ether_type);
  if (len  sizeof(tpdu))
  goto out;
 +
 +m_adj(m, ETHER_HDR_LEN);
 +
  if (m-m_pkthdr.len  len)
  m_adj(m, len - m-m_pkthdr.len);
  if ((m = m_pullup(m, sizeof(tpdu))) == NULL)
 Index: net/if_bridge.c
 ===
 RCS file: /cvs/src/sys/net/if_bridge.c,v
 retrieving revision 1.235
 diff -u -p -r1.235 if_bridge.c
 --- net/if_bridge.c  17 Apr 2015 11:04:01 -  1.235
 +++ net/if_bridge.c  20 Apr 2015 11:55:38 -
 @@ -115,10 +115,9 @@ voidbridge_broadcast(struct bridge_soft
 struct ether_header *, struct mbuf *);
 void bridge_localbroadcast(struct bridge_softc *, struct ifnet *,
 struct ether_header *, struct mbuf *);
 -voidbridge_span(struct bridge_softc *, struct ether_header *,
 -struct mbuf *);
 +voidbridge_span(struct bridge_softc *, struct mbuf *);
 struct mbuf *bridge_dispatch(struct bridge_iflist *, struct ifnet *,
 -struct ether_header *, struct mbuf *);
 + struct mbuf *);
 void bridge_stop(struct bridge_softc *);
 void bridge_init(struct bridge_softc *);
 int  bridge_bifconf(struct bridge_softc *, struct ifbifconf *);
 @@ -180,6 +179,7 @@ int
 bridge_clone_create(struct if_clone *ifc, int unit)
 {
  struct bridge_softc *sc;
 +struct ifih *bridge_ifih;
  struct ifnet *ifp;
  int i, s;
 
 @@ -187,8 +187,15 @@ bridge_clone_create(struct if_clone *ifc
  if (!sc)
  return (ENOMEM);
 
 +bridge_ifih = malloc(sizeof(*bridge_ifih), M_DEVBUF, M_NOWAIT);
 +if (bridge_ifih == NULL) {
 +free(sc, M_DEVBUF, 0);
 +return (ENOMEM);
 +}
 +
  sc-sc_stp = bstp_create(sc-sc_if);
  if (!sc-sc_stp) {
 +free(bridge_ifih, M_DEVBUF, sizeof(*bridge_ifih));
  free(sc, M_DEVBUF, 0);
  return (ENOMEM);
  }
 @@ -222,6 +229,9 @@ bridge_clone_create(struct if_clone *ifc
  DLT_EN10MB, ETHER_HDR_LEN);
 #endif
 
 +bridge_ifih-ifih_input = ether_input;
 +SLIST_INSERT_HEAD(ifp-if_inputs, bridge_ifih, ifih_next);
 +
  s = splnet();
  LIST_INSERT_HEAD(bridge_list, sc, sc_list);
  splx(s);
 @@ -234,6 +244,7 @@ bridge_clone_destroy(struct ifnet *ifp)
 {
  struct bridge_softc *sc = ifp-if_softc;
  struct bridge_iflist *bif;
 +struct ifih *bridge_ifih;
  int s;
 
  bridge_stop(sc);
 @@ -250,6 +261,17 @@ bridge_clone_destroy(struct ifnet *ifp)
  splx(s);
 
  bstp_destroy(sc-sc_stp);
 +
 +/* Undo pseudo-driver changes. */
 +if_deactivate(ifp);
 +
 +bridge_ifih = SLIST_FIRST(ifp-if_inputs);
 +SLIST_REMOVE_HEAD(ifp-if_inputs, ifih_next);
 +
 +KASSERT(SLIST_EMPTY(ifp-if_inputs));
 +
 +free(bridge_ifih, M_DEVBUF, sizeof(*bridge_ifih));
 +
  if_detach(ifp);
 
  free(sc, M_DEVBUF, 0);
 @@ -990,7 +1012,7 @@ bridge_output(struct ifnet *ifp, struct 
  struct mbuf *mc;
  int used = 0;
 
 -bridge_span(sc, NULL, m);
 +bridge_span(sc, m);
 
  TAILQ_FOREACH(p, sc-sc_iflist, next) {
  dst_if = p-ifp;
 @@ -1066,7 +1088,7 @@ sendunicast:
  (sa = bridge_tunneltag(m, dst_p-brt_tunnel.sa.sa_family)) != NULL)
  memcpy(sa, dst_p-brt_tunnel.sa, dst_p-brt_tunnel.sa.sa_len);
 
 -bridge_span(sc, NULL, m);
 +bridge_span(sc, m);
  if ((dst_if-if_flags  IFF_RUNNING) == 0) {
  m_freem(m);
  return (ENETDOWN);
 @@ -1282,12 +1304,13 @@ bridgeintr_frame(struct bridge_softc *sc
  * not for us, and schedule an interrupt.
  */
 struct mbuf *
 -bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m)
 +bridge_input(struct ifnet *ifp, struct ether_header *eh0, struct mbuf *m)
 {
  struct bridge_softc *sc;
  struct bridge_iflist *ifl;
 +struct ether_header *eh;
 #if NVLAN  0
 -uint16_t etype = ntohs(eh-ether_type);
 +uint16_t etype = ntohs(eh0-ether_type);
 #endif /* NVLAN  0 */
 
  /*
 @@ -1306,15 +1329,20 @@ bridge_input(struct ifnet *ifp, struct e

Re: Dell R630 high interrupts on acpi0

[mxb]

 On 16 dec 2014, at 06:40, David Gwynne da...@gwynne.id.au wrote:
 
 others have hit this on r620s as well

I don’t see it on mine.

interrupt   total rate
irq0/clock 9587998940 1599
irq0/ipi136166514   22
irq144/acpi020
irq112/ix029053603446 4847
irq113/ix127844456217 4646
irq96/mfi080725871
irq114/ubsec0  3101629892  517
irq98/ehci0   1120
irq115/em0 4928262870  822
irq116/em1  211437268   35
irq99/ehci1280
irq100/ahci010
Total 7487162787712493


This is a pre-5.6

OpenBSD 5.6-current (GENERIC.MP) #394: Wed Oct  1 12:54:54 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8492285952 (8098MB)
avail mem = 8257511424 (7874MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version 1.3.6 date 09/11/2012
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ 
TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5) PCI1(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 32 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 0, package 1
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 34 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 1, package 1
cpu4 at mainbus0: apid 4 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 2, package 0
cpu5 at mainbus0: apid 36 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 0, core 2, package 1
cpu6 at mainbus0: apid 6 (application processor)
cpu6: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz
cpu6: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 0, core 3, package 0
cpu7 at mainbus0: apid 38 (application processor)
cpu7: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 

Re: idea to block some scanners

[mxb]

Could you please, post updated version to the list?

//mxb

On 27 jun 2014, at 20:09, Leclerc, Sebastien 
sebastien.lecl...@saint-georges.ca wrote:

 Stuart Henderson st...@openbsd.org, 2014-06-27 11:00 
 
 +/* Stolen from ftp-proxy */
 
 Old version of ftp-proxy I guess. It hasn't used DIOCNATLOOK for several
 releases, it has switched to the much easier-to-use divert-to / 
 getsockname().
 
 And also :
 
 Henning Brauer lists-openbsdt...@bsws.de, 2014-06-27 14:07
 no
 
 DIOCNATLOOK is stupid. I'll celebrate the day when I can kill it.
 Please look at less ancient ftp-proxy/*-proxy code for inspiration.
 
 Way simpler, indeed!
 Thank you
 
 
 --- tarpitd.c.bak   Fri Jun 27 13:25:06 2014
 +++ tarpitd.c   Fri Jun 27 14:01:35 2014
 @@ -56,21 +56,11 @@ struct con {
int il;
 } *con;
 
 -/* From netinet/in.h, but only _KERNEL_ gets them. */
 -#define satosin(sa)((struct sockaddr_in *)(sa))
 -#define satosin6(sa)   ((struct sockaddr_in6 *)(sa))
 -int server_lookup4(struct sockaddr_in *, struct sockaddr_in *,
 -struct sockaddr_in *);
 -int server_lookup6(struct sockaddr_in6 *, struct sockaddr_in6 *,
 -struct sockaddr_in6 *);
 -
 void usage(void);
 void initcon(struct con *, int, struct sockaddr *);
 void closecon(struct con *);
 void handler(struct con *);
 void getcaddr(struct con *);
 -int  server_lookup(struct sockaddr *, struct sockaddr *,
 -struct sockaddr *);
 int  blockhost(char *);
 int  blocklistener(void);
 
 @@ -84,7 +74,6 @@ int maxfiles;
 int maxcon = MAXCON;
 int clients;
 int debug;
 -int pfdev;
 int window = 0;
 int autoblock = 1;
 int pipel[2] = { -1, -1 };
 @@ -160,90 +149,11 @@ int blocklistener(void)
return(ret);
 }
 
 -/* Stolen from ftp-proxy */
 -int
 -server_lookup(struct sockaddr *client, struct sockaddr *proxy,
 -struct sockaddr *server)
 -{
 -   if (client-sa_family == AF_INET)
 -   return (server_lookup4(satosin(client), satosin(proxy),
 -   satosin(server)));
 -
 -   if (client-sa_family == AF_INET6)
 -   return (server_lookup6(satosin6(client), satosin6(proxy),
 -   satosin6(server)));
 -
 -   errno = EPROTONOSUPPORT;
 -   return (-1);
 -}
 -
 -int
 -server_lookup4(struct sockaddr_in *client, struct sockaddr_in *proxy,
 -struct sockaddr_in *server)
 -{
 -   struct pfioc_natlook pnl;
 -
 -   memset(pnl, 0, sizeof pnl);
 -   pnl.direction = PF_OUT;
 -   pnl.af = AF_INET;
 -   pnl.proto = IPPROTO_TCP;
 -   memcpy(pnl.saddr.v4, client-sin_addr.s_addr, sizeof pnl.saddr.v4);
 -   memcpy(pnl.daddr.v4, proxy-sin_addr.s_addr, sizeof pnl.daddr.v4);
 -   pnl.sport = client-sin_port;
 -   pnl.dport = proxy-sin_port;
 -
 -   if (ioctl(pfdev, DIOCNATLOOK, pnl) == -1)
 -   return (-1);
 -
 -   memset(server, 0, sizeof(struct sockaddr_in));
 -   server-sin_len = sizeof(struct sockaddr_in);
 -   server-sin_family = AF_INET;
 -   memcpy(server-sin_addr.s_addr, pnl.rdaddr.v4,
 -   sizeof server-sin_addr.s_addr);
 -   server-sin_port = pnl.rdport;
 -
 -   return (0);
 -}
 -
 -int
 -server_lookup6(struct sockaddr_in6 *client, struct sockaddr_in6 *proxy,
 -struct sockaddr_in6 *server)
 -{
 -   struct pfioc_natlook pnl;
 -
 -   memset(pnl, 0, sizeof pnl);
 -   pnl.direction = PF_OUT;
 -   pnl.af = AF_INET6;
 -   pnl.proto = IPPROTO_TCP;
 -   memcpy(pnl.saddr.v6, client-sin6_addr.s6_addr, sizeof 
 pnl.saddr.v6);
 -   memcpy(pnl.daddr.v6, proxy-sin6_addr.s6_addr, sizeof pnl.daddr.v6);
 -   pnl.sport = client-sin6_port;
 -   pnl.dport = proxy-sin6_port;
 -
 -   if (ioctl(pfdev, DIOCNATLOOK, pnl) == -1)
 -   return (-1);
 -
 -   memset(server, 0, sizeof(struct sockaddr_in6));
 -   server-sin6_len = sizeof(struct sockaddr_in6);
 -   server-sin6_family = AF_INET6;
 -   memcpy(server-sin6_addr.s6_addr, pnl.rdaddr.v6,
 -   sizeof server-sin6_addr);
 -   server-sin6_port = pnl.rdport;
 -
 -   return (0);
 -}
 -
 -/*
 - * Get address client connected to, by doing a DIOCNATLOOK call.
 - * Uses server_lookup code from ftp-proxy.
 - */
 void
 getcaddr(struct con *cp)
 {
struct sockaddr_storage spamd_end;
struct sockaddr *sep = (struct sockaddr *) spamd_end;
 -   struct sockaddr_storage original_destination;
 -   struct sockaddr *odp = (struct sockaddr *) original_destination;
socklen_t len = sizeof(struct sockaddr_storage);
int error;
 
 @@ -251,9 +161,7 @@ getcaddr(struct con *cp)
cp-cport[0] = '\0';
if (getsockname(cp-fd, sep, len) == -1)
return;
 -   if (server_lookup((struct sockaddr *)cp-ss, sep, odp) != 0)
 -   return;
 -   error = getnameinfo(odp, odp-sa_len, cp-caddr, sizeof(cp-caddr),
 +   error = getnameinfo(sep, sep-sa_len, cp-caddr

Re: bnx(4): enable checksum offload

[mxb]

This is

bnx0 at pci3 dev 4 function 0 Broadcom BCM5706 rev 0x02

On 8 okt 2013, at 22:34, mxb m...@alumni.chalmers.se wrote:

 
 I have it spinning now. 
 
 bnx0: 
 flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 
 mtu 1500
hwfeatures=36CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING hardmtu 
 1500
lladdr 00:14:c2:5d:31:a8
priority: 0
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT 
 full-duplex,master,rxpause,txpause)
status: active
 
 So far - no problems.
 
 //mxb
 
 On 9 sep 2013, at 21:46, Brad Smith b...@comstyle.com wrote:
 
 Here is a diff to enable the checksum offload support for bnx(4).
 
 Looking for any testing.
 
 
 Index: if_bnx.c
 ===
 RCS file: /home/cvs/src/sys/dev/pci/if_bnx.c,v
 retrieving revision 1.101
 diff -u -p -r1.101 if_bnx.c
 --- if_bnx.c 28 Mar 2013 17:21:44 -  1.101
 +++ if_bnx.c 9 Sep 2013 18:43:07 -
 @@ -884,11 +884,8 @@ bnx_attachhook(void *xsc)
  bcopy(sc-eaddr, sc-arpcom.ac_enaddr, ETHER_ADDR_LEN);
  bcopy(sc-bnx_dev.dv_xname, ifp-if_xname, IFNAMSIZ);
 
 -ifp-if_capabilities = IFCAP_VLAN_MTU;
 -
 -#ifdef BNX_CSUM
 -ifp-if_capabilities |= IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4;
 -#endif  
 +ifp-if_capabilities = IFCAP_VLAN_MTU | IFCAP_CSUM_TCPv4 |
 +IFCAP_CSUM_UDPv4;
 
 #if NVLAN  0
  ifp-if_capabilities |= IFCAP_VLAN_HWTAGGING;
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 

Re: memset.S for amd64

[mxb]

This file is already in base.
/usr/src/sys/lib/libkern/arch/amd64/memset.S


On 18 sep 2013, at 20:28, Edd Barrett vex...@gmail.com wrote:

 On Wed, Sep 18, 2013 at 07:08:31PM +0100, Edd Barrett wrote:
 In short, each experiment warms up by setting and checking a load of buffers
 before setting as many buffers as possible given a one minute timeframe. The
 experiments were run with varying buffer sizes under both memset.S and
 memset.c.
 
 Forgot to say, each experiment was repeated 5 times (each bufsz/
 memset combination) and averages were taken.
 
 See the Python scripts in the repo for details.
 
 -- 
 Best Regards
 Edd Barrett
 
 http://www.theunixzoo.co.uk
 

Re: memset.S for amd64

[mxb]

On 19 sep 2013, at 19:23, Brad Smith b...@comstyle.com wrote:

 That is in the kernel not libc.


Yes, I know.
Can't it be re-used instead of maintaining same file in two places? 

//mxb

rc.d/dhcpd

[mxb]

Then running dhcpd with pf-support (-A tbl -C tbl).
dhcpd spawns child process which is not handled by rc-script then stop/restart.

Here is a diff to fix it.

Yes, I know, normally one might want to flush PF-tables as well and this is not 
handled by the diff.
But at least I don't have to kill child process manually.

--- dhcpd   Wed Nov 28 10:16:33 2012
+++ dhcpd.myWed Nov 28 09:47:28 2012
@@ -12,4 +12,17 @@
touch /var/db/dhcpd.leases
 }
 
-rc_cmd $1
+case $1 in
+restart)
+rc_stop
+pkill dhcpd 
+rc_start
+;;
+   stop)
+   rc_stop
+   pkill dhcpd
+   ;;
+*)
+rc_cmd $1
+;;
+esac

Re: X540T: link is not detected

[mxb]

Compiling if_ix.c with IX_DEBUG yields

../../../../dev/pci/if_ix.c: In function 'ixgbe_print_hw_stats':
../../../../dev/pci/if_ix.c:3525: error: 'struct ix_softc' has no member named
'mbuf_alloc_failed'
../../../../dev/pci/if_ix.c:3526: error: 'struct ix_softc' has no member named
'mbuf_cluster_failed'

According to the if_ix.h those two are gone.

Diff to fix it.

--- if_ix.c Wed Nov 28 12:34:30 2012
+++ if_ix.c.my  Wed Nov 28 12:31:04 2012
@@ -3515,15 +3515,17 @@
 {
struct ifnet   *ifp = sc-arpcom.ac_if;;

-   printf(%s: mbuf alloc failed %lu, mbuf cluster failed %lu, 
+   printf(%s: mbuf defrag failed %lu, mbuf header failed %lu, 
+   mbuf packet failed %lu, 
missed pkts %llu, rx len errs %llu, crc errs %llu, 
dropped pkts %lu, watchdog timeouts %ld, 
XON rx %llu, XON tx %llu, XOFF rx %llu, XOFF tx %llu, 
total pkts rx %llu, good pkts rx %llu, good pkts tx %llu, 
tso tx %lu\n,
ifp-if_xname,
-   sc-mbuf_alloc_failed,
-   sc-mbuf_cluster_failed,
+   sc-mbuf_defrag_failed,
+   sc-mbuf_header_failed,
+   sc-mbuf_packet_failed,
(long long)sc-stats.mpc[0],
(long long)sc-stats.roc + (long long)sc-stats.ruc,
(long long)sc-stats.crcerrs,

On 28 nov 2012, at 10:38, isnk00 isn...@gmail.com wrote:

 I have the same issue with Linksys WUSB54GC v3 (Ralink Technology) device.
As long as 5.2-current boots up with the device attached there is no problem
to detect it. The device does not seem to authenticate properly if it is not
in USB port to begin with.

 Luke


 2012/11/27 mxb m...@alumni.chalmers.se
 There is however, no problem then:

 plugged - boot - wait - unplug - wait - plug in.

 On 27 nov 2012, at 13:50, mxb m...@alumni.chalmers.se wrote:

 
  Hi tech@,
 
  ix(4) does not detects link then cable is plugged in into already running
machine.
 
  ix0:
flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6
mtu 1500
 lladdr bc:30:5b:f3:60:10
 description: HW_EXT
 priority: 0
 media: Ethernet autoselect (1000baseT full-duplex)
 status: active
 inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255
  ix1:
flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6
mtu 1500
 lladdr bc:30:5b:f3:60:12
 description: HW_INT
 priority: 0
 media: Ethernet autoselect
 status: no carrier
 inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255
 
  ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi
  ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi
 
  //maxim

X540T: link is not detected

[mxb]

Hi tech@,

ix(4) does not detects link then cable is plugged in into already running 
machine.

ix0: 
flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 
mtu 1500
lladdr bc:30:5b:f3:60:10
description: HW_EXT
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255
ix1: 
flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 
mtu 1500
lladdr bc:30:5b:f3:60:12
description: HW_INT
priority: 0
media: Ethernet autoselect
status: no carrier
inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255

ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi
ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi

//maxim

Re: X540T: link is not detected

[mxb]

There is however, no problem then:

plugged - boot - wait - unplug - wait - plug in.

On 27 nov 2012, at 13:50, mxb m...@alumni.chalmers.se wrote:

 
 Hi tech@,
 
 ix(4) does not detects link then cable is plugged in into already running 
 machine.
 
 ix0: 
 flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 
 mtu 1500
lladdr bc:30:5b:f3:60:10
description: HW_EXT
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255
 ix1: 
 flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 
 mtu 1500
lladdr bc:30:5b:f3:60:12
description: HW_INT
priority: 0
media: Ethernet autoselect
status: no carrier
inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255
 
 ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi
 ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi
 
 //maxim

TX_/RX_CSUM on Intel I350/X540T

[mxb]

Hey tech@,

I'll more than gladly test any diffs for subject.

Regards,
Maxim

Re: em(4): enable TCP/UDP checksum offload

[mxb]

In my case,
it is a CARP backup(master will be upgraded soon) rolling ospf on top of gre on 
top of ipsec, running npppd,
and daily NAT/RDR for about 100 clients.

On 6 nov 2012, at 21:31, Stuart Henderson s...@spacehopper.org wrote:

 For people who are testing checksum-offload-enabling diffs, it would
 help if you could say what sort of things have tested. Things like
 fragments/NFS are far more likely to exercise bugs in the hardware
 than standard web browsing.

Re: bge(4): enable TCP/UDP checksum offload

[mxb]

Can someone, please, point me to the right cvs URL for those changes.
Thanks.

On 3 nov 2012, at 22:41, Christian Weisgerber na...@mips.inka.de wrote:

 Henning's epic rewrite of the checksum handling has fixed

Re: PF: match dir ... tag tag; pass tagged { tag, tag } keep state

[mxb]

Exactly what I meant.
To many 'pass tagged' on each new line in pf.conf

Sent from my iDevice

On Sep 17, 2012, at 17:25, Henning Brauer lists-openbsdt...@bsws.de wrote:

 * Stuart Henderson s...@spacehopper.org [2012-09-17 17:23]:
 On 2012/09/17 17:14, Mike Belopuhov wrote:
 On Mon, Sep 17, 2012 at 5:03 PM, Henning Brauer henn...@openbsd.org
wrote:
 * mxb m...@alumni.chalmers.se [2012-09-10 17:51]:
 is there any plans to expand 'tagged' keyword in PF into list?
 not that I am aware of, but it would make sense to have list expansion
 there as well.
 would it mean tagged foo AND bar or tagged foo OR bar?
 it would have to be foo OR bar because you can only have one tag at a
time.

 it is even easier than that.

  pass tagged { FOO, BAR }

 expands to

  pass tagged FOO
  pass tagged BAR

 it's just list expansion.

 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de, Full-Service ISP
 Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
 Henning Brauer Consulting, http://henningbrauer.com/

PF: match dir ... tag tag; pass tagged { tag, tag } keep state

[mxb]

Hi list@,

is there any plans to expand 'tagged' keyword in PF into list?

Example of usage:

match in ... tag ABC
match in ... tag BCD

pass in on egress tagged { ABC, BCD }

If yes, is anyone already working on that? Any diff for testing?
Yes, I started to look at this, but it will take time for me to produce
something useful.

Regards,
Maxim

add vmxnet3 to pcidevs

[mxb]

Diff below adds vmxnet3 to pcidevs.
vmxnet and vmxnet2 have the same PCI ID and thus catched by the same 
macro - VMWARE NET.


While there, remove \t with space for MACHINE_2

//maxim

Index: sys/dev/pci/pcidevs
===
RCS file: /cvs/src/sys/dev/pci/pcidevs,v
retrieving revision 1.1639
diff -u -p -r1.1639 pcidevs
--- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 -  1.1639
+++ sys/dev/pci/pcidevs 23 Apr 2012 08:31:32 -
@@ -5870,7 +5870,8 @@ product VLSI 82C925   0x0280  82C925
 product VMWARE VIRTUAL20x0405  Virtual SVGA II
 product VMWARE VIRTUAL 0x0710  Virtual SVGA
 product VMWARE NET 0x0720  Virtual NIC
-productVMWARE MACHINE_20x0740  Virtual Machine 
Communication Interface

+product VMWARE NET30x07b0  Virtual NIC III
+product VMWARE MACHINE_2   0x0740  Virtual Machine Communication 
Interface

 product VMWARE EHCI0x0770  Virtual EHCI
 product VMWARE PCI 0x0790  Virtual PCI-PCI
 product VMWARE PCIE0x07a0  Virtual PCIE-PCIE

Re: add vmxnet3 to pcidevs

[mxb]

On 04/23/2012 10:39 AM, Brad Smith wrote:

On 23/04/12 4:32 AM, mxb wrote:

Diff below adds vmxnet3 to pcidevs.
vmxnet and vmxnet2 have the same PCI ID and thus catched by the same
macro - VMWARE NET.

While there, remove \t with space for MACHINE_2


The PCI id entries are sorted so this new addition needs to be
moved further down so it is in order.


//maxim

Index: sys/dev/pci/pcidevs
===
RCS file: /cvs/src/sys/dev/pci/pcidevs,v
retrieving revision 1.1639
diff -u -p -r1.1639 pcidevs
--- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 - 1.1639
+++ sys/dev/pci/pcidevs 23 Apr 2012 08:31:32 -
@@ -5870,7 +5870,8 @@ product VLSI 82C925 0x0280 82C925
product VMWARE VIRTUAL2 0x0405 Virtual SVGA II
product VMWARE VIRTUAL 0x0710 Virtual SVGA
product VMWARE NET 0x0720 Virtual NIC
-product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface
+product VMWARE NET3 0x07b0 Virtual NIC III
+product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface
product VMWARE EHCI 0x0770 Virtual EHCI
product VMWARE PCI 0x0790 Virtual PCI-PCI
product VMWARE PCIE 0x07a0 Virtual PCIE-PCIE






Sorry, forgot that one. Been long time.
New diff below.

Index: sys/dev/pci/pcidevs
===
RCS file: /cvs/src/sys/dev/pci/pcidevs,v
retrieving revision 1.1639
diff -u -p -r1.1639 pcidevs
--- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 -  1.1639
+++ sys/dev/pci/pcidevs 23 Apr 2012 09:00:38 -
@@ -5870,11 +5870,12 @@ product VLSI 82C925 0x0280  82C925
 product VMWARE VIRTUAL20x0405  Virtual SVGA II
 product VMWARE VIRTUAL 0x0710  Virtual SVGA
 product VMWARE NET 0x0720  Virtual NIC
-productVMWARE MACHINE_20x0740  Virtual Machine 
Communication Interface
+product VMWARE MACHINE_2   0x0740  Virtual Machine Communication 
Interface

 product VMWARE EHCI0x0770  Virtual EHCI
 product VMWARE PCI 0x0790  Virtual PCI-PCI
 product VMWARE PCIE0x07a0  Virtual PCIE-PCIE
-productVMWARE MACHINE  0x0801  Virtual Machine Interface
+product VMWARE NET30x07b0  Virtual NIC III
+product VMWARE MACHINE 0x0801  Virtual Machine Interface

 /* Weitek products */
 product WEITEK P9000   0x9001  P9000

Re: diff: fix bpf problem of pipex

[mxb]

On Apr 4, 2012, at 7:36 PM, YASUOKA Masahiko wrote:

 Hi,

 On Wed, 4 Apr 2012 13:19:06 +0200
 Claudio Jeker cje...@diehard.n-r-g.com wrote:
 On Wed, Apr 04, 2012 at 02:34:46PM +0900, Yasuoka Masahiko wrote:
 On Tue, 31 Jan 2012 13:59:17 +0100
 Sebastian Reitenbach sebas...@l00-bugdead-prods.de wrote:
 However, I noted with tcpdump, listening on tun0:

 # tcpdump -n -i tun0
 tcpdump: listening on tun0, link-type LOOP
 13:51:15.354776
 tcpdump: WARNING: compensating for unaligned libpcap packets
 13:51:15.354795 10.66.66.1  10.66.66.129: icmp: echo reply (DF)
 13:51:16.334984
 13:51:16.334997 10.66.66.1  10.66.66.129: icmp: echo reply (DF)
 13:51:17.355463
 (snip)
 The incoming packets look weird, and this is not only true for icmp,
 with tcp/udp its the same.

 Attached diff will fix the problem.

 bpf requires to use different byte order for DLT_LOOP and DLT_NULL on
 address family header.  pipex works with both pppx(DLT_NULL) and
 tun(DLT_LOOP), so it should switch the byte order.

 ok? or comment?

 Since pppx(4) is only used by npppd/pipex shouldn't we change the DLT
there
 so that we don't need any magic inside pipex?

 Yes.  Using same DLT of tun for pppx makes things simple.

 Let me update the diff.  ok?

 Index: sys/net/if_pppx.c
 ===
 RCS file: /cvs/src/sys/net/if_pppx.c,v
 retrieving revision 1.13
 diff -u -p -r1.13 if_pppx.c
 --- sys/net/if_pppx.c 25 Oct 2011 23:54:58 -  1.13
 +++ sys/net/if_pppx.c 4 Apr 2012 15:10:23 -
 @@ -877,7 +877,7 @@ pppx_add_session(struct pppx_dev *pxd, s
   if_alloc_sadl(ifp);

 #if NBPFILTER  0
 - bpfattach(ifp-if_bpf, ifp, DLT_NULL, 0);
 + bpfattach(ifp-if_bpf, ifp, DLT_LOOP, 0);
 #endif
   SET(ifp-if_flags, IFF_RUNNING);

 Index: sys/net/pipex.c
 ===
 RCS file: /cvs/src/sys/net/pipex.c,v
 retrieving revision 1.27
 diff -u -p -r1.27 pipex.c
 --- sys/net/pipex.c   4 Apr 2012 04:31:38 -   1.27
 +++ sys/net/pipex.c   4 Apr 2012 15:10:25 -
 @@ -1163,7 +1163,7 @@ pipex_ip_input(struct mbuf *m0, struct p

 #if NBPFILTER  0
   if (ifp-if_bpf)
 - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
 + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0, BPF_DIRECTION_IN);
 #endif

   s = splnet();
 @@ -1240,7 +1240,7 @@ pipex_ip6_input(struct mbuf *m0, struct

 #if NBPFILTER  0
   if (ifp-if_bpf)
 - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
 + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0, BPF_DIRECTION_IN);
 #endif

   s = splnet();



No breaks here. amd64

//maxim

Re: diff: fix bpf problem of pipex (was Re: diff: fix LCP keepalive failures on L2TP.)

[mxb]

On 04/04/2012 07:34 AM, YASUOKA Masahiko wrote:

On Tue, 31 Jan 2012 13:59:17 +0100
Sebastian Reitenbachsebas...@l00-bugdead-prods.de  wrote:

However, I noted with tcpdump, listening on tun0:

# tcpdump -n -i tun0
tcpdump: listening on tun0, link-type LOOP
13:51:15.354776
tcpdump: WARNING: compensating for unaligned libpcap packets
13:51:15.354795 10.66.66.1  10.66.66.129: icmp: echo reply (DF)
13:51:16.334984
13:51:16.334997 10.66.66.1  10.66.66.129: icmp: echo reply (DF)
13:51:17.355463

(snip)

The incoming packets look weird, and this is not only true for icmp,
with tcp/udp its the same.

Attached diff will fix the problem.

bpf requires to use different byte order for DLT_LOOP and DLT_NULL on
address family header.  pipex works with both pppx(DLT_NULL) and
tun(DLT_LOOP), so it should switch the byte order.

ok? or comment?

Index: sys/net/pipex.c
===
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.26
diff -u -p -r1.26 pipex.c
--- sys/net/pipex.c 31 Jan 2012 12:04:20 -  1.26
+++ sys/net/pipex.c 8 Feb 2012 05:23:13 -
@@ -1162,8 +1162,13 @@ pipex_ip_input(struct mbuf *m0, struct p
len = m0-m_pkthdr.len;

  #if NBPFILTER  0
-   if (ifp-if_bpf)
-   bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
+   if (ifp-if_bpf) {
+   if (ifp-if_type == IFT_TUNNEL)
+   bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0,
+   BPF_DIRECTION_IN);
+   else
+   bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
+   }
  #endif

s = splnet();
@@ -1239,8 +1244,14 @@ pipex_ip6_input(struct mbuf *m0, struct
len = m0-m_pkthdr.len;

  #if NBPFILTER  0
-   if (ifp-if_bpf)
-   bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
+   if (ifp-if_bpf) {
+   if (ifp-if_type == IFT_TUNNEL)
+   bpf_mtap_af(ifp-if_bpf, htonl(AF_INET6), m0,
+   BPF_DIRECTION_IN);
+   else
+   bpf_mtap_af(ifp-if_bpf, AF_INET6, m0,
+   BPF_DIRECTION_IN);
+   }
  #endif

s = splnet();



Breaks nothing for me so far.

//maxim

npppd_arp.h missing in the tree

[mxb]

Hi,
looks like npppd_arp.h is missing in the tree.

Is it in purpose or just a miss?

npppd.c:
snip
#ifdef USE_NPPPD_ARP
#include npppd_arp.h
#endif
/snip


Regards,
Maxim