Re: ix(4): enable checksum offload
Not sure what is wrong, if it is driver or chipset, but in freebsd I had to '-rxcsum6 -txcsum6 -tso -vlanhwtso’ in order to make it function. > On 16 apr. 2016, at 18:23, Hrvoje Popovskiwrote: > > On 9.9.2013. 22:07, Mike Belopuhov wrote: >> On 9 September 2013 21:48, Brad Smith wrote: >>> Here is a diff to enable the checksum offload support for ix(4). >>> >>> Looking for any testing. >>> >> >> last time i checked this broke ospf traffic. please make sure at least >> ip/tcp, ip/udp, ip/icmp, ip/ip, ip/gre, ip/esp, ip/ah and ip/ospf work fine >> with this. >> > > Hi all, > > is this still interesting topic? if it is, i have testbed to test csum > for em i350 (i350v2 is on the way) and ix 82599 or x540. and week ago i > ordered > http://www.supermicro.com/products/system/1U/5018/SYS-5018D-FN8T.cfm > with x552 or x557 not sure, i350-am4 and i210 ... lots of em's and ix's :) >
Re: mpsafe aesni
Not sure how much I can test here, but my tunnels are up. As well as my bgp sessions (this is "ART box” now) on top. I use aes-128-gcm. This is vmware. //mxb > On 26 mars 2016, at 16:25, Mike Belopuhov <m...@belopuhov.com> wrote: > > On Fri, Mar 25, 2016 at 22:43 +0100, Mark Kettenis wrote: >>> From: Mike Belopuhov <m...@belopuhov.com> >>> Date: Thu, 24 Mar 2016 21:33:25 +0100 >>> >>> On 24 March 2016 at 20:53, Mark Kettenis <mark.kette...@xs4all.nl> wrote: >>>> Diff below makes aesni crypto "mpsafe". It adds a CRYPTOCAP_F_MPSAFE >>>> flag that makes the crypto framework dispatch to an mpsafe taskq if it >>>> is set. In order to make the aesni_process() function that does the >>>> actual crypto work mpsafe, it moves the code over to a per-session >>>> working buffer. This obviously increases the cost of setting up a >>>> session a bit. Directly invoked crypto operations remain locked. My >>>> main laptop seem to do ipsec fine with this, but I'm not sure if there >>>> is an actual performance gain. So it would probably be good if >>>> somebody could benchmark this. >>>> >>>> Comments? >>> >>> It should be fairly simple to use SRP for the session list so that you >>> don't have to take the mutex in the aesni_process. Other than that I >>> think this should go in once tests are made and people a happy with >>> the results. >> >> Actually, I'm not sure that's possible. I think aesni_newsession() >> and aesni_freesession() can be called from interrupt context or at >> least are not supposed to sleep. > > I thought that it's not possible, but it looks like at least tdb_free > can be called anywhere and it will trigger freesession, which is a tad > unfortunate IMO, yet understandable. > >> They would call >> SRPL_INSERT_HEAD_LOCKED() and SRPL_REMOVE_LOCKED(), which can only be >> called from process context. >> > > Not process context though, but under a lock, which wouldn't save > us the mtx_enter anyway. > >>> Another question I have is why are you using an IPL_HIGH mutex? >> >> The crypto code may be called from any subsystem, so that is the only >> safe choice. > > Well, it's not called from all subsystems, just those that use > IPL_BIO and IPL_NET for interrupts and IPL_HIGH just includes > AUDIO and CLOCK which don't call any crypto(9) code. So what > are you trying to protect it from or is it just a placeholder > value? I'm fine if it is, just curious.
Re: ARP input path without KERNEL_LOCK
Even with updated diff, I see no breakage. //mxb > On 22 dec. 2015, at 13:48, Martin Pieuchot <m...@openbsd.org> wrote: > > On 04/12/15(Fri) 11:54, Martin Pieuchot wrote: >> Now that in_arpinput() only uses the routing table, if_get()/if_put() >> and carp_iamatch being already mpsafe we can kill the ARP input queue. >> >> This moves the ARP input path processing from the softnet interrupt >> context (under KERNEL_LOCK) to the sofnettask (without KERNEL_LOCK). > > Updated diff after trailer removal, I'm still interested in test > reports. > > Index: net/if_ethersubr.c > === > RCS file: /cvs/src/sys/net/if_ethersubr.c,v > retrieving revision 1.231 > diff -u -p -r1.231 if_ethersubr.c > --- net/if_ethersubr.c2 Dec 2015 08:47:00 - 1.231 > +++ net/if_ethersubr.c22 Dec 2015 12:34:28 - > @@ -372,14 +372,14 @@ decapsulate: > case ETHERTYPE_ARP: > if (ifp->if_flags & IFF_NOARP) > goto dropanyway; > - inq = > - break; > + arpinput(m); > + return (1); > > case ETHERTYPE_REVARP: > if (ifp->if_flags & IFF_NOARP) > goto dropanyway; > - inq = > - break; > + revarpinput(m); > + return (1); > > #ifdef INET6 > /* > Index: net/netisr.c > === > RCS file: /cvs/src/sys/net/netisr.c,v > retrieving revision 1.9 > diff -u -p -r1.9 netisr.c > --- net/netisr.c 5 Dec 2015 10:07:55 - 1.9 > +++ net/netisr.c 22 Dec 2015 12:34:28 - > @@ -20,7 +20,6 @@ > > #include > > -#include "ether.h" > #include "ppp.h" > #include "bridge.h" > #include "pppoe.h" > @@ -39,10 +38,6 @@ netintr(void *unused) > while ((n = netisr) != 0) { > atomic_clearbits_int(, n); > > -#if NETHER > 0 > - if (n & (1 << NETISR_ARP)) > - arpintr(); > -#endif > if (n & (1 << NETISR_IP)) > ipintr(); > #ifdef INET6 > Index: net/netisr.h > === > RCS file: /cvs/src/sys/net/netisr.h,v > retrieving revision 1.43 > diff -u -p -r1.43 netisr.h > --- net/netisr.h 3 Dec 2015 12:27:33 - 1.43 > +++ net/netisr.h 22 Dec 2015 12:34:28 - > @@ -53,7 +53,6 @@ > #define NETISR_IP 2 /* same as AF_INET */ > #define NETISR_TX 3 /* for if_snd processing */ > #define NETISR_PFSYNC 5 /* for pfsync "immediate" tx */ > -#define NETISR_ARP 18 /* same as AF_LINK */ > #define NETISR_IPV6 24 /* same as AF_INET6 */ > #define NETISR_ISDN 26 /* same as AF_E164 */ > #define NETISR_PPP 28 /* for PPP processing */ > @@ -64,7 +63,6 @@ > #ifdef _KERNEL > extern intnetisr; /* scheduling bits for network */ > > -void arpintr(void); > void ipintr(void); > void ip6intr(void); > void pppintr(void); > Index: netinet/if_ether.c > === > RCS file: /cvs/src/sys/netinet/if_ether.c,v > retrieving revision 1.198 > diff -u -p -r1.198 if_ether.c > --- netinet/if_ether.c17 Dec 2015 16:05:30 - 1.198 > +++ netinet/if_ether.c22 Dec 2015 12:41:12 - > @@ -82,14 +82,10 @@ void arptfree(struct rtentry *); > void arptimer(void *); > struct rtentry *arplookup(u_int32_t, int, int, u_int); > void in_arpinput(struct mbuf *); > -void revarpinput(struct mbuf *); > void in_revarpinput(struct mbuf *); > > LIST_HEAD(, llinfo_arp) arp_list; > structpool arp_pool; /* pool for llinfo_arp structures */ > -/* XXX hate magic numbers */ > -struct niqueue arpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP); > -struct niqueue rarpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP); > int arp_inuse, arp_allocated; > int arp_maxtries = 5; > int arpinit_done; > @@ -420,42 +416,32 @@ bad: > * then the protocol-specific routine is called. > */ > void > -arpintr(void) > +arpinput(struct mbuf *m) > { > - struct mbuf *m; > struct arphdr *ar; > int len; > > - while ((m = niq_dequeue()) != NULL) { > #ifdef DIAGNOSTIC > - if ((m->m_flags & M_PKTHDR) == 0) > - panic("arpintr
Re: ARP input path without KERNEL_LOCK
No regression here. > On 4 dec. 2015, at 11:54, Martin Pieuchotwrote: > > Now that in_arpinput() only uses the routing table, if_get()/if_put() > and carp_iamatch being already mpsafe we can kill the ARP input queue. > > This moves the ARP input path processing from the softnet interrupt > context (under KERNEL_LOCK) to the sofnettask (without KERNEL_LOCK). > > ok? > > Index: net/if_ethersubr.c > === > RCS file: /cvs/src/sys/net/if_ethersubr.c,v > retrieving revision 1.231 > diff -u -p -r1.231 if_ethersubr.c > --- net/if_ethersubr.c2 Dec 2015 08:47:00 - 1.231 > +++ net/if_ethersubr.c4 Dec 2015 10:42:14 - > @@ -372,14 +372,14 @@ decapsulate: > case ETHERTYPE_ARP: > if (ifp->if_flags & IFF_NOARP) > goto dropanyway; > - inq = > - break; > + arpinput(m); > + return (1); > > case ETHERTYPE_REVARP: > if (ifp->if_flags & IFF_NOARP) > goto dropanyway; > - inq = > - break; > + revarpinput(m); > + return (1); > > #ifdef INET6 > /* > Index: net/netisr.c > === > RCS file: /cvs/src/sys/net/netisr.c,v > retrieving revision 1.8 > diff -u -p -r1.8 netisr.c > --- net/netisr.c 3 Dec 2015 12:22:51 - 1.8 > +++ net/netisr.c 4 Dec 2015 10:43:35 - > @@ -20,7 +20,6 @@ > > #include > > -#include "ether.h" > #include "ppp.h" > #include "bridge.h" > #include "pppoe.h" > @@ -39,10 +38,6 @@ netintr(void *unused) /* ARGSUSED */ > while ((n = netisr) != 0) { > atomic_clearbits_int(, n); > > -#if NETHER > 0 > - if (n & (1 << NETISR_ARP)) > - arpintr(); > -#endif > if (n & (1 << NETISR_IP)) > ipintr(); > #ifdef INET6 > Index: net/netisr.h > === > RCS file: /cvs/src/sys/net/netisr.h,v > retrieving revision 1.43 > diff -u -p -r1.43 netisr.h > --- net/netisr.h 3 Dec 2015 12:27:33 - 1.43 > +++ net/netisr.h 4 Dec 2015 10:44:01 - > @@ -53,7 +53,6 @@ > #define NETISR_IP 2 /* same as AF_INET */ > #define NETISR_TX 3 /* for if_snd processing */ > #define NETISR_PFSYNC 5 /* for pfsync "immediate" tx */ > -#define NETISR_ARP 18 /* same as AF_LINK */ > #define NETISR_IPV6 24 /* same as AF_INET6 */ > #define NETISR_ISDN 26 /* same as AF_E164 */ > #define NETISR_PPP 28 /* for PPP processing */ > @@ -64,7 +63,6 @@ > #ifdef _KERNEL > extern intnetisr; /* scheduling bits for network */ > > -void arpintr(void); > void ipintr(void); > void ip6intr(void); > void pppintr(void); > Index: netinet/if_ether.c > === > RCS file: /cvs/src/sys/netinet/if_ether.c,v > retrieving revision 1.197 > diff -u -p -r1.197 if_ether.c > --- netinet/if_ether.c2 Dec 2015 22:02:18 - 1.197 > +++ netinet/if_ether.c4 Dec 2015 10:44:17 - > @@ -88,14 +88,10 @@ void arptfree(struct rtentry *); > void arptimer(void *); > struct rtentry *arplookup(u_int32_t, int, int, u_int); > void in_arpinput(struct mbuf *); > -void revarpinput(struct mbuf *); > void in_revarpinput(struct mbuf *); > > LIST_HEAD(, llinfo_arp) arp_list; > structpool arp_pool; /* pool for llinfo_arp structures */ > -/* XXX hate magic numbers */ > -struct niqueue arpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP); > -struct niqueue rarpintrq = NIQUEUE_INITIALIZER(50, NETISR_ARP); > int arp_inuse, arp_allocated; > int arp_maxtries = 5; > int arpinit_done; > @@ -426,43 +422,40 @@ bad: > * then the protocol-specific routine is called. > */ > void > -arpintr(void) > +arpinput(struct mbuf *m) > { > - struct mbuf *m; > struct arphdr *ar; > int len; > > - while ((m = niq_dequeue()) != NULL) { > #ifdef DIAGNOSTIC > - if ((m->m_flags & M_PKTHDR) == 0) > - panic("arpintr"); > + if ((m->m_flags & M_PKTHDR) == 0) > + panic("%s", __func__); > #endif > > - len = sizeof(struct arphdr); > - if (m->m_len < len && (m = m_pullup(m, len)) == NULL) > - continue; > - > - ar = mtod(m, struct arphdr *); > - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER) { > - m_freem(m); > - continue; > - } > + len = sizeof(struct arphdr); > + if (m->m_len < len && (m = m_pullup(m, len)) == NULL) > + return; > > - len += 2 * (ar->ar_hln + ar->ar_pln); > - if
Re: vmx(4) incorrect m_pulldown usage
No regression so far. //mxb > On 15 dec. 2015, at 14:18, Mike Belopuhov <m...@belopuhov.com> wrote: > > Hi, > > This has been in my tree for a while and I believe Yasuoka-san has > tested it in the scenario where it was crashing. > > m_pulldown is done here with a zero offset which means that if > there's been no space reserved for the Ethernet header in the mbuf > or the cluster it will allocate a new chunk of memory and return a > new pointer that the vmx code ignores. This can realistically > happen only during the bpf injection. > > The diff below makes sure to keep the modified chain pointer around > and passes it back to the calling code so that it will get properly > accounted for. m_pulldown with a zero offset is equivalent to a > m_pullup. > > OK? > > > diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c > index 055cfe1..50edb0b 100644 > --- sys/dev/pci/if_vmx.c > +++ sys/dev/pci/if_vmx.c > @@ -164,11 +164,11 @@ void vmxnet3_stop(struct ifnet *); > void vmxnet3_reset(struct vmxnet3_softc *); > int vmxnet3_init(struct vmxnet3_softc *); > int vmxnet3_ioctl(struct ifnet *, u_long, caddr_t); > void vmxnet3_start(struct ifnet *); > int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct vmxnet3_txring *, > -struct mbuf *); > +struct mbuf **); > void vmxnet3_watchdog(struct ifnet *); > void vmxnet3_media_status(struct ifnet *, struct ifmediareq *); > int vmxnet3_media_change(struct ifnet *); > void *vmxnet3_dma_allocmem(struct vmxnet3_softc *, u_int, u_int, bus_addr_t > *); > > @@ -1063,11 +1063,11 @@ vmxnet3_start(struct ifnet *ifp) > > IFQ_DEQUEUE(>if_snd, m); > if (m == NULL) > break; > > - n = vmxnet3_load_mbuf(sc, ring, m); > + n = vmxnet3_load_mbuf(sc, ring, ); > if (n == -1) { > ifp->if_oerrors++; > continue; > } > > @@ -1087,13 +1087,14 @@ vmxnet3_start(struct ifnet *ifp) > } > } > > int > vmxnet3_load_mbuf(struct vmxnet3_softc *sc, struct vmxnet3_txring *ring, > -struct mbuf *m) > +struct mbuf **mp) > { > struct vmxnet3_txdesc *txd, *sop; > + struct mbuf *n, *m = *mp; > bus_dmamap_t map; > u_int hlen = ETHER_HDR_LEN, csum_off; > u_int prod; > int gen, i; > > @@ -1105,29 +1106,29 @@ vmxnet3_load_mbuf(struct vmxnet3_softc *sc, struct > vmxnet3_txring *ring, > sc->sc_dev.dv_xname); > return -1; > } > #endif > if (m->m_pkthdr.csum_flags & (M_TCP_CSUM_OUT|M_UDP_CSUM_OUT)) { > - struct mbuf *mp; > struct ip *ip; > int offp; > > if (m->m_pkthdr.csum_flags & M_TCP_CSUM_OUT) > csum_off = offsetof(struct tcphdr, th_sum); > else > csum_off = offsetof(struct udphdr, uh_sum); > > - mp = m_pulldown(m, hlen, sizeof(*ip), ); > - if (mp == NULL) > + n = m_pulldown(m, hlen, sizeof(*ip), ); > + if (n == NULL) > return (-1); > > - ip = (struct ip *)(mp->m_data + offp); > + ip = (struct ip *)(n->m_data + offp); > hlen += ip->ip_hl << 2; > > - mp = m_pulldown(m, 0, hlen + csum_off + 2, ); > - if (mp == NULL) > + *mp = m_pullup(m, hlen + csum_off + 2); > + if (*mp == NULL) > return (-1); > + m = *mp; > } > > switch (bus_dmamap_load_mbuf(sc->sc_dmat, map, m, BUS_DMA_NOWAIT)) { > case 0: > break; >
relayd HTTP PATCH not handled.
Hey, HTTP_METHOD_PATCH is not handled by relayd at all. Well, actually in fals under default in switch(). PATCH is like PUT, eg. data is expected. One-liner below fixes this. Tested in production. --- relay_http.cMon Dec 14 16:16:07 2015 +++ relay_http.c.my Mon Dec 14 21:18:50 2015 @@ -371,6 +371,7 @@ break; case HTTP_METHOD_POST: case HTTP_METHOD_PUT: + case HTTP_METHOD_PATCH: case HTTP_METHOD_RESPONSE: /* HTTP request payload */ if (cre->toread > 0)
Re: Unable to install bootblocks
Is you disk is thick os thin provisioned? In should be thick and eager zeroed. There are ways to move from thin to thick. Google for it. //mxb > On 29 sep. 2015, at 22:52, Pedro Caetano <pedrocaet...@binaryflows.com> wrote: > > Hi, > > While installing openbsd on vmware using today's snapshot 29-sep-2015, I > get the following message on the final part of the install process, leaving > the system in an unusable state (not booting normally after installing from > bsd.rd). > > The hypervisor is running esx 5.1.0 > > Guest settings: > 128mb ram > 1gb hdd > SCSI controller is set to paravirtual > NIC is set to vmx3 > > installboot: invalid boot record signature (0x) @ sector 0 > > Failed to install bootblocks. > You will not be able to boot OpenBSD from sd0 > > Best regards, > Pedro Caetano
Re: gif(4) cleanup
My tunnels are working as well. //mxb > On 25 sep. 2015, at 11:38, Martin Pieuchot <m...@openbsd.org> wrote: > > As discussed in Calgary I don't think we need 6 different files for > gif(4). None of them are standalone. Since all our other pseudo- > drivers are self-contained, let's do the same! This will prevent > new pseud-drivers to copy this pattern and add yet another 6 files! > > This merge the following files into net/if_gif.{c,h}: > > netinet/in_gif.c > netinet/in_gif.h > netinet6/in6_gif.c > netinet6/in6_gif.h > > Tested with an etherip + ipsec setup, ok? > > Index: conf/files > === > RCS file: /cvs/src/sys/conf/files,v > retrieving revision 1.602 > diff -u -p -r1.602 files > --- conf/files10 Sep 2015 18:39:57 - 1.602 > +++ conf/files25 Sep 2015 09:01:56 - > @@ -937,8 +937,6 @@ file uvm/uvm_vnode.c > # IPv6 > file net/if_gif.c gif needs-count > file netinet/ip_ecn.c > -file netinet/in_gif.cgif > -file netinet6/in6_gif.c gif & inet6 > file netinet6/in6_pcb.c inet6 > file netinet6/in6.c inet6 > file netinet6/ip6_divert.cinet6 & pf > Index: net/if_gif.c > === > RCS file: /cvs/src/sys/net/if_gif.c,v > retrieving revision 1.79 > diff -u -p -r1.79 if_gif.c > --- net/if_gif.c 11 Sep 2015 08:17:06 - 1.79 > +++ net/if_gif.c 25 Sep 2015 09:01:56 - > @@ -41,26 +41,36 @@ > #include > #include > #include > -#include > > #include > #include > -#include > #include > #include > #include > +#include > > #ifdef INET6 > #include > #include > #include > -#include > #endif /* INET6 */ > > #include > > #include "bpfilter.h" > +#if NBPFILTER > 0 > +#include > +#endif > + > #include "bridge.h" > +#if NBRIDGE > 0 || defined(MPLS) > +#include > +#endif > + > +#include "pf.h" > +#if NPF > 0 > +#include > +#endif > > #define GIF_MTU (1280) /* Default MTU */ > #define GIF_MTU_MIN (1280) /* Minimum MTU */ > @@ -75,6 +85,9 @@ int gif_ioctl(struct ifnet *, u_long, ca > int gif_output(struct ifnet *, struct mbuf *, struct sockaddr *, > struct rtentry *); > > +int in_gif_output(struct ifnet *, int, struct mbuf **); > +int in6_gif_output(struct ifnet *, int, struct mbuf **); > + > /* > * gif global variable definitions > */ > @@ -628,3 +641,276 @@ gif_checkloop(struct ifnet *ifp, struct > m_tag_prepend(m, mtag); > return 0; > } > + > +int > +in_gif_output(struct ifnet *ifp, int family, struct mbuf **m0) > +{ > + struct gif_softc *sc = (struct gif_softc*)ifp; > + struct sockaddr_in *sin_src = satosin(sc->gif_psrc); > + struct sockaddr_in *sin_dst = satosin(sc->gif_pdst); > + struct tdb tdb; > + struct xformsw xfs; > + int error; > + struct mbuf *m = *m0; > + > + if (sin_src == NULL || sin_dst == NULL || > + sin_src->sin_family != AF_INET || > + sin_dst->sin_family != AF_INET) { > + m_freem(m); > + return EAFNOSUPPORT; > + } > + > +#ifdef DIAGNOSTIC > + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { > + printf("%s: trying to send packet on wrong domain. " > + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, > + ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), > + family); > + } > +#endif > + > + /* setup dummy tdb. it highly depends on ipip_output() code. */ > + bzero(, sizeof(tdb)); > + bzero(, sizeof(xfs)); > + tdb.tdb_src.sin.sin_family = AF_INET; > + tdb.tdb_src.sin.sin_len = sizeof(struct sockaddr_in); > + tdb.tdb_src.sin.sin_addr = sin_src->sin_addr; > + tdb.tdb_dst.sin.sin_family = AF_INET; > + tdb.tdb_dst.sin.sin_len = sizeof(struct sockaddr_in); > + tdb.tdb_dst.sin.sin_addr = sin_dst->sin_addr; > + tdb.tdb_xform = > + xfs.xf_type = -1; /* not XF_IP4 */ > + > + switch (family) { > + case AF_INET: > + break; > +#ifdef INET6 > + case AF_INET6: > + break; > +#endif > +#if NBRIDGE > 0 > + case AF_LINK: > + break; > +#endif > +#if MPLS > + case AF_MPLS: > + break; > +#endif > + default: >
Re: PF SMP: mutex for fragcache
Applied. > On 12 sep. 2015, at 19:20, Alexandr Nedvedicky >wrote: > > Hello, > > very small first step towards MP(i) friendly PF. Patch adds mutex around > fragment cache. > > Patch adds a lock around fragment cache. Unlike other parts of PF the fragment > cache is self-contained subsystem. In that sense we can easily guard its entry > points (pf_reassemble(), pf_reassemble6()) by mutex. The cache is shared > by both protocols (AF_INET, AF_INET6), hence we have just one lock. > > The locks (technically speaking mutexes) for other PF subsystems will follow > as > soon as the remove operations for PF data objects will get untangled. > What essentially needs to be done is to split remove and destroy operations > for > PF objects into separate functions. This is something, what's being worked on > currently. > > As you can see the mutex, when acquired, raises interrupt level to softnet. > Same interrupt level is used by ioctl() and purge threads. IMO it should be > fine, but I'd like to hear some confirmation... > > > any OKs? > > thanks and > regards > sasha > > 8<---8<---8<--8< > Index: pf_norm.c > === > RCS file: /cvs/src/sys/net/pf_norm.c,v > retrieving revision 1.182 > diff -u -p -r1.182 pf_norm.c > --- pf_norm.c 10 Sep 2015 08:28:31 - 1.182 > +++ pf_norm.c 12 Sep 2015 17:18:43 - > @@ -134,6 +134,7 @@ intpf_reassemble6(struct mbuf **, > st > struct poolpf_frent_pl, pf_frag_pl; > struct poolpf_state_scrub_pl; > intpf_nfrents; > +struct mutex pf_frag_mtx = MUTEX_INITIALIZER(IPL_SOFTNET); > > void > pf_normalize_init(void) > @@ -771,6 +772,7 @@ pf_normalize_ip(struct pf_pdesc *pd, u_s > struct ip *h = mtod(pd->m, struct ip *); > u_int16_tfragoff = (ntohs(h->ip_off) & IP_OFFMASK) << 3; > u_int16_tmff = (ntohs(h->ip_off) & IP_MF); > + int rv; > > if (!fragoff && !mff) > goto no_fragment; > @@ -792,8 +794,11 @@ pf_normalize_ip(struct pf_pdesc *pd, u_s > if (!pf_status.reass) > return (PF_PASS); /* no reassembly */ > > + PF_FRAG_LOCK(); > /* Returns PF_DROP or m is NULL or completely reassembled mbuf */ > - if (pf_reassemble(>m, pd->dir, reason) != PF_PASS) > + rv = pf_reassemble(>m, pd->dir, reason); > + PF_FRAG_UNLOCK(); > + if (rv != PF_PASS) > return (PF_DROP); > if (pd->m == NULL) > return (PF_PASS); /* packet has been reassembled, no error */ > @@ -813,6 +818,7 @@ int > pf_normalize_ip6(struct pf_pdesc *pd, u_short *reason) > { > struct ip6_frag frag; > + int rv; > > if (pd->fragoff == 0) > goto no_fragment; > @@ -824,9 +830,12 @@ pf_normalize_ip6(struct pf_pdesc *pd, u_ > if (!pf_status.reass) > return (PF_PASS); /* no reassembly */ > > + PF_FRAG_LOCK(); > /* Returns PF_DROP or m is NULL or completely reassembled mbuf */ > - if (pf_reassemble6(>m, , pd->fragoff + sizeof(frag), > - pd->extoff, pd->dir, reason) != PF_PASS) > + rv = pf_reassemble6(>m, , pd->fragoff + sizeof(frag), > + pd->extoff, pd->dir, reason); > + PF_FRAG_UNLOCK(); > + if (rv != PF_PASS) > return (PF_DROP); > if (pd->m == NULL) > return (PF_PASS); /* packet has been reassembled, no error */ > Index: pfvar.h > === > RCS file: /cvs/src/sys/net/pfvar.h,v > retrieving revision 1.420 > diff -u -p -r1.420 pfvar.h > --- pfvar.h 19 Aug 2015 21:22:41 - 1.420 > +++ pfvar.h 12 Sep 2015 17:18:43 - > @@ -1907,7 +1907,10 @@ int pf_postprocess_addr(struct > pf_sta > > void pf_cksum(struct pf_pdesc *, struct mbuf *); > > -#endif /* _KERNEL */ > +extern struct mutex pf_frag_mtx; > +#define PF_FRAG_LOCK() mtx_enter(_frag_mtx) > +#define PF_FRAG_UNLOCK()mtx_leave(_frag_mtx) > > +#endif /* _KERNEL */ > > #endif /* _NET_PFVAR_H_ */ >
Re: mpsafe vmx(4)
This one in the tree, so it’s live on my side. > On 14 sep. 2015, at 13:09, David Gwynnewrote: > > this is an attempt to make the interrupt path in vmx mpsafe. > > seems to hold up under load here, but more testing would be > appreciated. > > Index: if_vmx.c > === > RCS file: /cvs/src/sys/dev/pci/if_vmx.c,v > retrieving revision 1.30 > diff -u -p -r1.30 if_vmx.c > --- if_vmx.c 24 Jun 2015 09:40:54 - 1.30 > +++ if_vmx.c 14 Sep 2015 11:08:09 - > @@ -61,8 +61,9 @@ struct vmxnet3_txring { > struct mbuf *m[NTXDESC]; > bus_dmamap_t dmap[NTXDESC]; > struct vmxnet3_txdesc *txd; > - u_int head; > - u_int next; > + u_int prod; > + u_int cons; > + u_int free; > u_int8_t gen; > }; > > @@ -107,6 +108,7 @@ struct vmxnet3_softc { > bus_space_handle_t sc_ioh0; > bus_space_handle_t sc_ioh1; > bus_dma_tag_t sc_dmat; > + void *sc_ih; > > struct vmxnet3_txqueue sc_txq[NTXQUEUE]; > struct vmxnet3_rxqueue sc_rxq[NRXQUEUE]; > @@ -167,7 +169,8 @@ void vmxnet3_reset(struct vmxnet3_softc > int vmxnet3_init(struct vmxnet3_softc *); > int vmxnet3_ioctl(struct ifnet *, u_long, caddr_t); > void vmxnet3_start(struct ifnet *); > -int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct mbuf *); > +int vmxnet3_load_mbuf(struct vmxnet3_softc *, struct vmxnet3_txring *, > +struct mbuf *); > void vmxnet3_watchdog(struct ifnet *); > void vmxnet3_media_status(struct ifnet *, struct ifmediareq *); > int vmxnet3_media_change(struct ifnet *); > @@ -239,8 +242,8 @@ vmxnet3_attach(struct device *parent, st > printf(": failed to map interrupt\n"); > return; > } > - pci_intr_establish(pa->pa_pc, ih, IPL_NET, vmxnet3_intr, sc, > - self->dv_xname); > + sc->sc_ih = pci_intr_establish(pa->pa_pc, ih, IPL_NET | IPL_MPSAFE, > + vmxnet3_intr, sc, self->dv_xname); > intrstr = pci_intr_string(pa->pa_pc, ih); > if (intrstr) > printf(": %s", intrstr); > @@ -466,7 +469,8 @@ vmxnet3_txinit(struct vmxnet3_softc *sc, > struct vmxnet3_txring *ring = >cmd_ring; > struct vmxnet3_comp_ring *comp_ring = >comp_ring; > > - ring->head = ring->next = 0; > + ring->cons = ring->prod = 0; > + ring->free = NTXDESC; > ring->gen = 1; > comp_ring->next = 0; > comp_ring->gen = 1; > @@ -594,16 +598,19 @@ vmxnet3_intr(void *arg) > > if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0) > return 0; > - if (sc->sc_ds->event) > + > + if (sc->sc_ds->event) { > + KERNEL_LOCK(); > vmxnet3_evintr(sc); > -#ifdef VMXNET3_STAT > - vmxstat.intr++; > -#endif > + KERNEL_UNLOCK(); > + } > + > if (ifp->if_flags & IFF_RUNNING) { > vmxnet3_rxintr(sc, >sc_rxq[0]); > vmxnet3_txintr(sc, >sc_txq[0]); > vmxnet3_enable_intr(sc, 0); > } > + > return 1; > } > > @@ -649,7 +656,12 @@ vmxnet3_txintr(struct vmxnet3_softc *sc, > struct vmxnet3_comp_ring *comp_ring = >comp_ring; > struct vmxnet3_txcompdesc *txcd; > struct ifnet *ifp = >sc_arpcom.ac_if; > - u_int sop; > + bus_dmamap_t map; > + struct mbuf *m; > + u_int cons; > + u_int free = 0; > + > + cons = ring->cons; > > for (;;) { > txcd = _ring->txcd[comp_ring->next]; > @@ -664,21 +676,32 @@ vmxnet3_txintr(struct vmxnet3_softc *sc, > comp_ring->gen ^= 1; > } > > - sop = ring->next; > - if (ring->m[sop] == NULL) > - panic("%s: NULL ring->m[%u]", __func__, sop); > - m_freem(ring->m[sop]); > - ring->m[sop] = NULL; > - bus_dmamap_unload(sc->sc_dmat, ring->dmap[sop]); > - ring->next = (letoh32((txcd->txc_word0 >> > + m = ring->m[cons]; > + ring->m[cons] = NULL; > + > + KASSERT(m != NULL); > + > + map = ring->dmap[cons]; > + free += map->dm_nsegs; > + bus_dmamap_unload(sc->sc_dmat, map); > + m_freem(m); > + > + cons = (letoh32((txcd->txc_word0 >> > VMXNET3_TXC_EOPIDX_S) & VMXNET3_TXC_EOPIDX_M) + 1) > % NTXDESC; > - > - ifp->if_flags &= ~IFF_OACTIVE; > } > - if (ring->head == ring->next) > + > + ring->cons = cons; > + > + if (atomic_add_int_nv(>free, free) == NTXDESC) > ifp->if_timer = 0; > - vmxnet3_start(ifp); > + > + if (ISSET(ifp->if_flags, IFF_OACTIVE)) { > + KERNEL_LOCK(); > + CLR(ifp->if_flags, IFF_OACTIVE); > + vmxnet3_start(ifp); > + KERNEL_UNLOCK(); > + } > } > > void > @@ -911,6 +934,8 @@ vmxnet3_stop(struct ifnet *ifp) > > WRITE_CMD(sc, VMXNET3_CMD_DISABLE); > > + intr_barrier(sc->sc_ih); >
Re: mpsafe ip_carp
With setup like: node1: carpnodes 1:0,10:0 carpdev vmx0 balancing arp node2: carpnodes 1:100,10:100 carped vmx0 balancing arp (eg, I forced one machine to be a master for a while in my configs) node2 (-current) with your diff started to pollute dmesg with: duplicate IP address 192.168.78.123 sent from ethernet address 00:00:5e:00:01:64 while node1 (5.8-stable kernel) is: carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:01 <……> inet 192.168.78.123 netmask 0xff80 broadcast 192.168.78.127 to get rid of this I modified hostname.carp1 to remove both dual VHID (VHID 1 is what left) and balancing arp and done ‘sh /etc/netstart carp1’ after on both machines. node2 survived. //mxb > On 13 sep. 2015, at 10:34, David Gwynne <da...@gwynne.id.au> wrote: > > i did this yesterday, but havent had a chance to beat on it properly > yet. > > if anyone would like to give it a go it would be much appreciated. > im particularly interested in stability while carp configuration > is made or changed. if it happens to keep handling packets, thats > great, but not blowing up when you run ifconfig is the important > bit atm. > > Index: ip_carp.c > === > RCS file: /cvs/src/sys/netinet/ip_carp.c,v > retrieving revision 1.271 > diff -u -p -r1.271 ip_carp.c > --- ip_carp.c 12 Sep 2015 20:51:35 - 1.271 > +++ ip_carp.c 12 Sep 2015 21:07:42 - > @@ -48,6 +48,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -93,7 +94,9 @@ struct carp_mc_entry { > enum { HMAC_ORIG=0, HMAC_NOV6LL=1, HMAC_MAX=2 }; > > struct carp_vhost_entry { > - LIST_ENTRY(carp_vhost_entry)vhost_entries; > + struct srpl_entry vhost_entries; > + struct refcnt vhost_refcnt; > + > struct carp_softc *parent_sc; > int vhe_leader; > int vhid; > @@ -114,6 +117,12 @@ struct carp_vhost_entry { > struct sockaddr_dl vhe_sdl; /* for IPv6 ndp balancing */ > }; > > +void carp_vh_ref(void *, void *); > +void carp_vh_unref(void *, void *); > + > +struct srpl_rc carp_vh_rc = > +SRPL_RC_INITIALIZER(carp_vh_ref, carp_vh_unref, NULL); > + > struct carp_softc { > struct arpcom sc_ac; > #define sc_if sc_ac.ac_if > @@ -124,7 +133,9 @@ struct carp_softc { > #ifdef INET6 > struct ip6_moptions sc_im6o; > #endif /* INET6 */ > - TAILQ_ENTRY(carp_softc) sc_list; > + > + struct srpl_entry sc_list; > + struct refcnt sc_refcnt; > > int sc_suppress; > int sc_bow_out; > @@ -137,7 +148,7 @@ struct carp_softc { > > char sc_curlladdr[ETHER_ADDR_LEN]; > > - LIST_HEAD(__carp_vhosthead, carp_vhost_entry) carp_vhosts; > + struct srpl carp_vhosts; > int sc_vhe_count; > u_int8_t sc_vhids[CARP_MAXNODES]; > u_int8_t sc_advskews[CARP_MAXNODES]; > @@ -162,13 +173,19 @@ struct carp_softc { > struct carp_vhost_entry *cur_vhe; /* current active vhe */ > }; > > +void carp_sc_ref(void *, void *); > +void carp_sc_unref(void *, void *); > + > +struct srpl_rc carp_sc_rc = > +SRPL_RC_INITIALIZER(carp_sc_ref, carp_sc_unref, NULL); > + > int carp_opts[CARPCTL_MAXID] = { 0, 1, 0, LOG_CRIT }; /* XXX for now */ > struct carpstats carpstats; > > int carp_send_all_recur = 0; > > struct carp_if { > - TAILQ_HEAD(, carp_softc) vhif_vrs; > + struct srpl vhif_vrs; > }; > > #define CARP_LOG(l, sc, s) > \ > @@ -250,7 +267,9 @@ carp_hmac_prepare(struct carp_softc *sc) > struct carp_vhost_entry *vhe; > u_int8_t i; > > - LIST_FOREACH(vhe, >carp_vhosts, vhost_entries) { > + KERNEL_ASSERT_LOCKED(); /* touching carp_vhosts */ > + > + SRPL_FOREACH_LOCKED(vhe, >carp_vhosts, vhost_entries) { > for (i = 0; i < HMAC_MAX; i++) { > carp_hmac_prepare_ctx(vhe, i); > } > @@ -579,11 +598,12 @@ carp_proto_input_c(struct ifnet *ifp, st > else > cif = (struct carp_if *)ifp->if_carp; > > - TAILQ_FOREACH(sc, >vhif_vrs, sc_list) { > + KERNEL_ASSERT_LOCKED(); /* touching vhif_vrs + carp_vhosts */ > + SRPL_FOREACH_LOCKED(sc, >vhif_vrs, sc_list) { > if (af == AF_INET && > ismulti != IN_MULTICAST(sc->sc_peer.s_addr)) > continue; > - LIST_FOREACH(vhe, >carp_vhosts, vhost_entries) { > + SRPL_FOREACH_LOCKED(vhe, >carp_vhosts, vhost_entries) { > if (vhe->vhid == ch->c
Re: error:0906D064:PEM routines:PEM_read_bio:bad base64
Sure On 4 jul 2015, at 01:44, Brent Cook bust...@gmail.com wrote: Would you be comfortable adding some extra output to the various failure points in EVP_DecodeUpdate to see where we are bailing out?
Re: error:0906D064:PEM routines:PEM_read_bio:bad base64
OpenSSL 1.0.1o on OpenBSD-current does not have problem with this key as well. On 30 jun 2015, at 08:52, mxb m...@alumni.chalmers.se wrote: I’m sorry but I can’t provide private key. It is basically production and not self-signed. Comes from Thawte. I’m able to produce output from ‘openssl enc -d base64 key’, so issue from the link you pointed out is not on my side. I’m following OpenBSD-current by moving from snap to snap. I just actually started to deploy SSL acceleration with relayd, so I’m not aware on any prev. working snap. I had older snap which produced this issue, so I moved to up-to-date -CURRENT. Linux dist which working is FC20, with 'OpenSSL 1.0.1e-fips 11 Feb 2013’. I have 3 more key/cert pairs from Thawte. Those are OK both on FC20 and OpenBSD-current. Question how do I debug this? I’m happy to apply any patches for testing. Br //mxb On 30 jun 2015, at 05:25, Brent Cook bust...@gmail.com wrote: On Mon, Jun 29, 2015 at 1:22 AM, mxb m...@alumni.chalmers.se wrote: Hey, getting following error on OpenBSD-current as of yesterdays 'cvs up’: Does this imply that it worked in some earlier version of OpenBSD-current? If so, what was the version that worked? unable to load Private Key 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822: Cmd issued: 'openssl rsa -noout -modulus -in key’ ‘openssl version’: LibreSSL 2.2 This key is OK with openssl on Linux It's probably silly to ask for a copy of your private key, but could you share an example of the input that is failing here? Maybe if you can generate a new pem file? I seem to recall an actually invalid base64 encoding issue that was reported last year. Does this seem relevant? http://tech.openbsd.narkive.com/tHdomkKq/libressl-base64-decoding-error Saying 'openssl on Linux' doesn't help us much (especially without a sample of the input), though something like 'OpenSSL 1.0.1e on Ubuntu 14.04' might if we had something to test against. Br //mxb
Re: error:0906D064:PEM routines:PEM_read_bio:bad base64
I’m sorry but I can’t provide private key. It is basically production and not self-signed. Comes from Thawte. I’m able to produce output from ‘openssl enc -d base64 key’, so issue from the link you pointed out is not on my side. I’m following OpenBSD-current by moving from snap to snap. I just actually started to deploy SSL acceleration with relayd, so I’m not aware on any prev. working snap. I had older snap which produced this issue, so I moved to up-to-date -CURRENT. Linux dist which working is FC20, with 'OpenSSL 1.0.1e-fips 11 Feb 2013’. I have 3 more key/cert pairs from Thawte. Those are OK both on FC20 and OpenBSD-current. Question how do I debug this? I’m happy to apply any patches for testing. Br //mxb On 30 jun 2015, at 05:25, Brent Cook bust...@gmail.com wrote: On Mon, Jun 29, 2015 at 1:22 AM, mxb m...@alumni.chalmers.se wrote: Hey, getting following error on OpenBSD-current as of yesterdays 'cvs up’: Does this imply that it worked in some earlier version of OpenBSD-current? If so, what was the version that worked? unable to load Private Key 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822: Cmd issued: 'openssl rsa -noout -modulus -in key’ ‘openssl version’: LibreSSL 2.2 This key is OK with openssl on Linux It's probably silly to ask for a copy of your private key, but could you share an example of the input that is failing here? Maybe if you can generate a new pem file? I seem to recall an actually invalid base64 encoding issue that was reported last year. Does this seem relevant? http://tech.openbsd.narkive.com/tHdomkKq/libressl-base64-decoding-error Saying 'openssl on Linux' doesn't help us much (especially without a sample of the input), though something like 'OpenSSL 1.0.1e on Ubuntu 14.04' might if we had something to test against. Br //mxb
error:0906D064:PEM routines:PEM_read_bio:bad base64
Hey, getting following error on OpenBSD-current as of yesterdays 'cvs up’: unable to load Private Key 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822: Cmd issued: 'openssl rsa -noout -modulus -in key’ ‘openssl version’: LibreSSL 2.2 This key is OK with openssl on Linux Br //mxb
Re: SMP steroids for PF
And the rest of us is watching and waiting for diffs to apply :) It is like exiting movie - I have popcorn in front. Culmination must be soon, I guess :) //mxb On 2015-06-26 19:09, Martin Pieuchot wrote: On 26/06/15(Fri) 17:19, Alexandr Nedvedicky wrote: On Fri, Jun 26, 2015 at 04:34:06PM +0200, Martin Pieuchot wrote: On 26/06/15(Fri) 16:00, Alexandr Nedvedicky wrote: 2) I saw that you found some ALTQ leftovers, you have some Solaris (2) I think ALTQs leftovers are still in CVS repo, will double check anyway. Stack alignment is not Solaris compatibility hack it's sparc compatibility. May be your C compiler takes care of this and grants 16/32/64 bit stack alignment. I have not examined build process that closely yet. By Solaris compatibility I'm referring to the size of ``sa_family_t'' and the corresponding changes in struct pfr_table. I see. sa_family_t is kind of surprise it's defined as uint16_t on Solaris. PF at various places mixes sa_family_t with u_int8_t, so all af variables on Solaris had to be turned to sa_family_t. Some of those changes leaked backed during merge to current. Even if on OpenBSD sa_family_t is defined as uint8_t, I'd argue that for portability reasons we should use the correct type where it is appropriate. And here your leak is a good example of portability. If you have some changes that could improve the portability of the software and if you feel like sharing them, I'd be interested. Regards, Martin
Re: RTF_LOCAL and permanent ARP
Yes, incomplete is gone as well as arpresolve: unresolved and rt_expire == 0. //mxb On 2015-06-04 12:19, Martin Pieuchot wrote: I'd like to put the link-layer address back into the gateway field of RTF_LOCAL addresses. The problem is that RTF_LOCAL routes are also marked as RTF_LLINFO and a lot of code assume (correctly) that such routes contain valid ARP or ND information. I believe we decided to use an ``empty'' lladdr because previously all the routes created via rt_ifa_add(9) were using the same code and we needed the exact same gateway to remove MPATH routes. But now that only RTF_LOCAL routes use this code and taking into consideration that such route *cannot* be MPATH, we can simply use ifp-if_sadl instead of a blank sockaddr_dl. This should also fix the (imcomplete) output in arp(8) and ndp(8). Ok? Index: net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision 1.212 diff -u -p -r1.212 route.c --- net/route.c 26 May 2015 12:19:51 - 1.212 +++ net/route.c 4 Jun 2015 10:03:51 - @@ -1121,27 +1121,23 @@ rt_maskedcopy(struct sockaddr *src, stru int rt_ifa_add(struct ifaddr *ifa, int flags, struct sockaddr *dst) { + struct ifnet*ifp = ifa-ifa_ifp; struct rtentry *rt, *nrt = NULL; struct sockaddr_rtlabel sa_rl; - struct sockaddr_dl sa_dl = { sizeof(sa_dl), AF_LINK }; struct rt_addrinfo info; - u_short rtableid = ifa-ifa_ifp-if_rdomain; - u_int8_t prio = ifa-ifa_ifp-if_priority + RTP_STATIC; + u_short rtableid = ifp-if_rdomain; + u_int8_t prio = ifp-if_priority + RTP_STATIC; int error; - sa_dl.sdl_type = ifa-ifa_ifp-if_type; - sa_dl.sdl_index = ifa-ifa_ifp-if_index; - memset(info, 0, sizeof(info)); info.rti_ifa = ifa; info.rti_flags = flags | RTF_MPATH; info.rti_info[RTAX_DST] = dst; if (flags RTF_LLINFO) - info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)sa_dl; + info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)ifp-if_sadl; else info.rti_info[RTAX_GATEWAY] = ifa-ifa_addr; - info.rti_info[RTAX_LABEL] = - rtlabel_id2sa(ifa-ifa_ifp-if_rtlabelid, sa_rl); + info.rti_info[RTAX_LABEL] = rtlabel_id2sa(ifp-if_rtlabelid, sa_rl); #ifdef MPLS if ((flags RTF_MPLS) == RTF_MPLS) { @@ -1189,14 +1185,14 @@ rt_ifa_add(struct ifaddr *ifa, int flags int rt_ifa_del(struct ifaddr *ifa, int flags, struct sockaddr *dst) { + struct ifnet*ifp = ifa-ifa_ifp; struct rtentry *rt, *nrt = NULL; struct mbuf *m = NULL; struct sockaddr *deldst; struct rt_addrinfo info; struct sockaddr_rtlabel sa_rl; - struct sockaddr_dl sa_dl = { sizeof(sa_dl), AF_LINK }; - u_short rtableid = ifa-ifa_ifp-if_rdomain; - u_int8_t prio = ifa-ifa_ifp-if_priority + RTP_STATIC; + u_short rtableid = ifp-if_rdomain; + u_int8_t prio = ifp-if_priority + RTP_STATIC; int error; #ifdef MPLS @@ -1227,19 +1223,13 @@ rt_ifa_del(struct ifaddr *ifa, int flags } } - sa_dl.sdl_type = ifa-ifa_ifp-if_type; - sa_dl.sdl_index = ifa-ifa_ifp-if_index; - memset(info, 0, sizeof(info)); info.rti_ifa = ifa; info.rti_flags = flags; info.rti_info[RTAX_DST] = dst; - if (flags RTF_LLINFO) - info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)sa_dl; - else + if ((flags RTF_LLINFO) == 0) info.rti_info[RTAX_GATEWAY] = ifa-ifa_addr; - info.rti_info[RTAX_LABEL] = - rtlabel_id2sa(ifa-ifa_ifp-if_rtlabelid, sa_rl); + info.rti_info[RTAX_LABEL] = rtlabel_id2sa(ifp-if_rtlabelid, sa_rl); if ((flags RTF_HOST) == 0) info.rti_info[RTAX_NETMASK] = ifa-ifa_netmask; Index: netinet6/nd6.c === RCS file: /cvs/src/sys/netinet6/nd6.c,v retrieving revision 1.136 diff -u -p -r1.136 nd6.c --- netinet6/nd6.c 15 May 2015 12:00:57 - 1.136 +++ netinet6/nd6.c 4 Jun 2015 09:51:54 - @@ -651,7 +651,6 @@ nd6_lookup(struct in6_addr *addr6, int c } if (!rt) { if (create ifp) { - struct sockaddr_dl sa_dl = { sizeof(sa_dl), AF_LINK }; struct rt_addrinfo info; int e; @@ -667,9 +666,6 @@ nd6_lookup(struct in6_addr *addr6, int c if (ifa == NULL) return (NULL); - sa_dl.sdl_type = ifp-if_type; - sa_dl.sdl_index = ifp-if_index
Re: vmxnet3 panic
Any chance to get this committed? Stepped on it once more without this patch. //mxb On 2015-05-22 19:53, Mike Belopuhov wrote: On Fri, May 22, 2015 at 19:35 +0200, mxb wrote: Hey, got a panic as of todays ‘cvs up’ trace below panic: vmxnet3_rxintr: NULL ring-m[44] Stopped at Debugger+0x9: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO. DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0} Debugger() at Debugger+0x9 panic() at panic+0xfe vmxnet3_rxintr() at vmxnet3_rxintr+0x284 vmxnet3_intr() at vmxnet3_intr+0x4a intr_handler() at intr_handler+0x67 Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd --- interrupt --- Xspllower() at Xspllower+0xe if_downall() at if_downall+0x9b boot() at boot+0xe4 reboot() at reboot+0x26 sys_reboot() at sys_reboot+0x5e syscall() at syscall+0x297 --- syscall (number 55) --- end of kernel end trace frame: 0x7f7d5858, count: -12 0x184f48704eda: ddb{0} rebooting... OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015 //mxb vmx doesn't check if it's wasn't stopped before calling rx/tx interrupt routines... the patch below should fix it up. not entirely sure why do they need to re-enable the interrupt every time, but i'm pretty positive you don't want that if you're !IFF_RUNNING. diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c index 925a977..989cae1 100644 --- sys/dev/pci/if_vmx.c +++ sys/dev/pci/if_vmx.c @@ -588,21 +588,24 @@ vmxnet3_disable_all_intrs(struct vmxnet3_softc *sc) int vmxnet3_intr(void *arg) { struct vmxnet3_softc *sc = arg; + struct ifnet *ifp = sc-sc_arpcom.ac_if; if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0) return 0; if (sc-sc_ds-event) vmxnet3_evintr(sc); - vmxnet3_rxintr(sc, sc-sc_rxq[0]); - vmxnet3_txintr(sc, sc-sc_txq[0]); #ifdef VMXNET3_STAT vmxstat.intr++; #endif - vmxnet3_enable_intr(sc, 0); + if (ifp-if_flags IFF_RUNNING) { + vmxnet3_rxintr(sc, sc-sc_rxq[0]); + vmxnet3_txintr(sc, sc-sc_txq[0]); + vmxnet3_enable_intr(sc, 0); + } return 1; } void vmxnet3_evintr(struct vmxnet3_softc *sc)
Re: arpresolve: unresolved and rt_expire == 0
I had an old kernel from 'Apr 28' laying around, as well as from 'May 15' . Both are OK. On 2015-06-01 23:04, mxb wrote: Well, this is a vmware setup, thus I have vmx(4). I just made a clean 'cvs co -P src' from anoncvs.eu.openbsd.org and still have the same result. //mxb On 2015-06-01 10:55, Martin Pieuchot wrote: Any idea about how to reproduce it?
Re: arpresolve: unresolved and rt_expire == 0
Well, this is a vmware setup, thus I have vmx(4). I just made a clean 'cvs co -P src' from anoncvs.eu.openbsd.org and still have the same result. //mxb On 2015-06-01 10:55, Martin Pieuchot wrote: Any idea about how to reproduce it?
Re: arpresolve: unresolved and rt_expire == 0
1.152 not fixed this, thus reversion far back to 1.150 On 31 maj 2015, at 22:33, mxb m...@alumni.chalmers.se wrote: Reverting if_ether.c from 1.153 to 1.150 fixes my problem. //mxb On 31 maj 2015, at 22:05, mxb m...@alumni.chalmers.se wrote: Hello, any ideas regarding subject ? I see this in ‘dmesg’. Also all local (on machine itself) arp entries are incomplete: Host Ethernet Address Netif Expire Flags 10.1.240.1 fe:e1:ba:d3:b4:56 vether0 1m43s 10.1.240.2 (incomplete) vether0 permanent l 10.2.240.1 fe:e1:ba:d2:98:29 vether1 19m52s 10.2.240.2 (incomplete) vether1 permanent l 10.11.11.10 (incomplete)vmx2 permanent l 10.11.11.11 00:50:56:02:02:03 vmx2 15m30s 10.78.0.1(incomplete) vether78 permanent l 10.78.0.2be:ef:00:00:01:a2 vether78 43s 10.78.0.9(incomplete) vether79 permanent l 10.78.0.10 be:ef:00:00:01:b2 vether79 13s 46.59.censored 00:1e:bd:9a:f5:47 vmx1 19m33s 46.59.censored (incomplete)vmx1 permanent l 192.168.78.1 00:25:90:ad:8b:de vmx0 19m12s 192.168.78.2 f8:1e:df:f8:4c:12 vmx0 13m16s 192.168.78.3 90:84:0d:f0:8e:3c vmx0 18m21s 192.168.78.4 00:1a:4b:ed:dc:b4 vmx0 expired 192.168.78.6 98:d6:bb:1b:98:bd vmx0 1m36s 192.168.78.1268:5b:35:c5:15:bd vmx0 19m34s 192.168.78.1668:a8:6d:e8:b1:71 vmx0 18m36s 192.168.78.1840:6c:8f:0d:d9:15 vmx0 18m42s 192.168.78.2100:50:56:01:01:05 vmx0 18m28s 192.168.78.5698:fe:94:5c:9a:90 vmx0 7m24s 192.168.78.123 (incomplete) carp1 permanent l 192.168.78.124 (incomplete)vmx0 permanent l 192.168.78.125 00:50:56:02:02:01 vmx0 13m40s 192.168.79.123 (incomplete) carp2 permanent l 192.168.79.124 (incomplete)vmx3 permanent l //mxb
Re: arpresolve: unresolved and rt_expire == 0
Reverting if_ether.c from 1.153 to 1.150 fixes my problem. //mxb On 31 maj 2015, at 22:05, mxb m...@alumni.chalmers.se wrote: Hello, any ideas regarding subject ? I see this in ‘dmesg’. Also all local (on machine itself) arp entries are incomplete: Host Ethernet Address Netif Expire Flags 10.1.240.1 fe:e1:ba:d3:b4:56 vether0 1m43s 10.1.240.2 (incomplete) vether0 permanent l 10.2.240.1 fe:e1:ba:d2:98:29 vether1 19m52s 10.2.240.2 (incomplete) vether1 permanent l 10.11.11.10 (incomplete)vmx2 permanent l 10.11.11.11 00:50:56:02:02:03 vmx2 15m30s 10.78.0.1(incomplete) vether78 permanent l 10.78.0.2be:ef:00:00:01:a2 vether78 43s 10.78.0.9(incomplete) vether79 permanent l 10.78.0.10 be:ef:00:00:01:b2 vether79 13s 46.59.censored 00:1e:bd:9a:f5:47 vmx1 19m33s 46.59.censored (incomplete)vmx1 permanent l 192.168.78.1 00:25:90:ad:8b:de vmx0 19m12s 192.168.78.2 f8:1e:df:f8:4c:12 vmx0 13m16s 192.168.78.3 90:84:0d:f0:8e:3c vmx0 18m21s 192.168.78.4 00:1a:4b:ed:dc:b4 vmx0 expired 192.168.78.6 98:d6:bb:1b:98:bd vmx0 1m36s 192.168.78.1268:5b:35:c5:15:bd vmx0 19m34s 192.168.78.1668:a8:6d:e8:b1:71 vmx0 18m36s 192.168.78.1840:6c:8f:0d:d9:15 vmx0 18m42s 192.168.78.2100:50:56:01:01:05 vmx0 18m28s 192.168.78.5698:fe:94:5c:9a:90 vmx0 7m24s 192.168.78.123 (incomplete) carp1 permanent l 192.168.78.124 (incomplete)vmx0 permanent l 192.168.78.125 00:50:56:02:02:01 vmx0 13m40s 192.168.79.123 (incomplete) carp2 permanent l 192.168.79.124 (incomplete)vmx3 permanent l //mxb
arpresolve: unresolved and rt_expire == 0
Hello, any ideas regarding subject ? I see this in ‘dmesg’. Also all local (on machine itself) arp entries are incomplete: Host Ethernet Address Netif Expire Flags 10.1.240.1 fe:e1:ba:d3:b4:56 vether0 1m43s 10.1.240.2 (incomplete) vether0 permanent l 10.2.240.1 fe:e1:ba:d2:98:29 vether1 19m52s 10.2.240.2 (incomplete) vether1 permanent l 10.11.11.10 (incomplete)vmx2 permanent l 10.11.11.11 00:50:56:02:02:03 vmx2 15m30s 10.78.0.1(incomplete) vether78 permanent l 10.78.0.2be:ef:00:00:01:a2 vether78 43s 10.78.0.9(incomplete) vether79 permanent l 10.78.0.10 be:ef:00:00:01:b2 vether79 13s 46.59.censored 00:1e:bd:9a:f5:47 vmx1 19m33s 46.59.censored (incomplete)vmx1 permanent l 192.168.78.1 00:25:90:ad:8b:de vmx0 19m12s 192.168.78.2 f8:1e:df:f8:4c:12 vmx0 13m16s 192.168.78.3 90:84:0d:f0:8e:3c vmx0 18m21s 192.168.78.4 00:1a:4b:ed:dc:b4 vmx0 expired 192.168.78.6 98:d6:bb:1b:98:bd vmx0 1m36s 192.168.78.1268:5b:35:c5:15:bd vmx0 19m34s 192.168.78.1668:a8:6d:e8:b1:71 vmx0 18m36s 192.168.78.1840:6c:8f:0d:d9:15 vmx0 18m42s 192.168.78.2100:50:56:01:01:05 vmx0 18m28s 192.168.78.5698:fe:94:5c:9a:90 vmx0 7m24s 192.168.78.123 (incomplete) carp1 permanent l 192.168.78.124 (incomplete)vmx0 permanent l 192.168.78.125 00:50:56:02:02:01 vmx0 13m40s 192.168.79.123 (incomplete) carp2 permanent l 192.168.79.124 (incomplete)vmx3 permanent l //mxb
Re: tun(4) and if_input()
Don’t have tun(4), but applied. As well as latest carp and bridge patches. So far no problems, except that I see following in dmesg : arpresolve: unresolved and rt_expire == 0 but this is probably not related to new diffs. //mxb On 28 maj 2015, at 11:28, Martin Pieuchot m...@openbsd.org wrote: Replace the last ether_input_mbuf() by if_input(). Index: net/if_tun.c === RCS file: /cvs/src/sys/net/if_tun.c,v retrieving revision 1.144 diff -u -p -r1.144 if_tun.c --- net/if_tun.c 26 May 2015 11:36:26 - 1.144 +++ net/if_tun.c 28 May 2015 09:25:52 - @@ -871,32 +871,34 @@ tunwrite(dev_t dev, struct uio *uio, int } top-m_pkthdr.len = tlen; - top-m_pkthdr.rcvif = ifp; - -#if NBPFILTER 0 - if (ifp-if_bpf) { - s = splnet(); - bpf_mtap(ifp-if_bpf, top, BPF_DIRECTION_IN); - splx(s); - } -#endif if (tp-tun_flags TUN_LAYER2) { + struct mbuf_list ml = MBUF_LIST_INITIALIZER(); + + ml_enqueue(ml, top); s = splnet(); - ether_input_mbuf(ifp, top); + if_input(ifp, ml); splx(s); - ifp-if_ipackets++; return (0); } +#if NBPFILTER 0 + if (ifp-if_bpf) { + s = splnet(); + bpf_mtap(ifp-if_bpf, top, BPF_DIRECTION_IN); + splx(s); + } +#endif + th = mtod(top, u_int32_t *); /* strip the tunnel header */ top-m_data += sizeof(*th); top-m_len -= sizeof(*th); top-m_pkthdr.len -= sizeof(*th); top-m_pkthdr.ph_rtableid = ifp-if_rdomain; + top-m_pkthdr.rcvif = ifp; switch (ntohl(*th)) { case AF_INET:
Re: carp(4) is out
Hey, so far no problems. //mxb On 22 maj 2015, at 16:05, Martin Pieuchot m...@openbsd.org wrote: Let's take carp(4) out of ether_input(). This is quite similar to what happened to trunk(4) and vlan(4). I appreciate tests of any kind, reviews and oks. Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.199 diff -u -p -r1.199 if_ethersubr.c --- net/if_ethersubr.c19 May 2015 11:09:24 - 1.199 +++ net/if_ethersubr.c22 May 2015 13:39:44 - @@ -502,18 +502,6 @@ ether_input(struct mbuf *m, void *hdr) } #endif -#if NCARP 0 - if (ifp-if_carp) { - if (ifp-if_type != IFT_CARP (carp_input(ifp, eh, m) == 0)) - return (1); - /* clear mcast if received on a carp IP balanced address */ - else if (ifp-if_type == IFT_CARP - m-m_flags (M_BCAST|M_MCAST) - carp_our_mcastaddr(ifp, (u_int8_t *)eh-ether_dhost)) - m-m_flags = ~(M_BCAST|M_MCAST); - } -#endif /* NCARP 0 */ - ac = (struct arpcom *)ifp; /* Index: netinet/ip_carp.c === RCS file: /cvs/src/sys/netinet/ip_carp.c,v retrieving revision 1.257 diff -u -p -r1.257 ip_carp.c --- netinet/ip_carp.c 21 May 2015 09:17:53 - 1.257 +++ netinet/ip_carp.c 22 May 2015 13:54:30 - @@ -120,6 +120,7 @@ struct carp_softc { #define sc_carpdev sc_ac.ac_if.if_carpdev void *ah_cookie; void *lh_cookie; + struct ifih *sc_ifih; struct ip_moptions sc_imo; #ifdef INET6 struct ip6_moptions sc_im6o; @@ -193,6 +194,7 @@ void carp_hmac_generate(struct carp_vhos unsigned char *, u_int8_t); int carp_hmac_verify(struct carp_vhost_entry *, u_int32_t *, unsigned char *); +int carp_input(struct mbuf *, void *); void carp_proto_input_c(struct mbuf *, struct carp_header *, int, sa_family_t); void carpattach(int); @@ -824,6 +826,7 @@ carp_del_all_timeouts(struct carp_softc void carpdetach(struct carp_softc *sc) { + struct ifnet *ifp; struct carp_if *cif; int s; @@ -839,20 +842,29 @@ carpdetach(struct carp_softc *sc) carp_setrun_all(sc, 0); carp_multicast_cleanup(sc); - s = splnet(); if (sc-ah_cookie != NULL) hook_disestablish(sc-sc_if.if_addrhooks, sc-ah_cookie); - if (sc-sc_carpdev != NULL) { - if (sc-lh_cookie != NULL) - hook_disestablish(sc-sc_carpdev-if_linkstatehooks, - sc-lh_cookie); - cif = (struct carp_if *)sc-sc_carpdev-if_carp; - TAILQ_REMOVE(cif-vhif_vrs, sc, sc_list); - if (!--cif-vhif_nvrs) { - ifpromisc(sc-sc_carpdev, 0); - sc-sc_carpdev-if_carp = NULL; - free(cif, M_IFADDR, sizeof(*cif)); - } + + ifp = sc-sc_carpdev; + if (ifp == NULL) + return; + + s = splnet(); + /* Restore previous input handler. */ + if (--sc-sc_ifih-ifih_refcnt == 0) { + SLIST_REMOVE(ifp-if_inputs, sc-sc_ifih, ifih, ifih_next); + free(sc-sc_ifih, M_DEVBUF, sizeof(*sc-sc_ifih)); + } + + if (sc-lh_cookie != NULL) + hook_disestablish(ifp-if_linkstatehooks, + sc-lh_cookie); + cif = (struct carp_if *)ifp-if_carp; + TAILQ_REMOVE(cif-vhif_vrs, sc, sc_list); + if (!--cif-vhif_nvrs) { + ifpromisc(ifp, 0); + ifp-if_carp = NULL; + free(cif, M_IFADDR, sizeof(*cif)); } sc-sc_carpdev = NULL; splx(s); @@ -1403,27 +1415,21 @@ carp_get_srclladdr(struct ifnet *ifp, u_ } int -carp_our_mcastaddr(struct ifnet *ifp, u_int8_t *d_enaddr) -{ - struct carp_softc *sc = ifp-if_softc; - - if (sc-sc_balancing != CARP_BAL_IP) - return (0); - - return (!memcmp(sc-sc_ac.ac_enaddr, d_enaddr, ETHER_ADDR_LEN)); -} - - -int -carp_input(struct ifnet *ifp0, struct ether_header *eh0, struct mbuf *m) +carp_input(struct mbuf *m, void *hdr) { + struct carp_softc *sc; struct ether_header *eh; - struct carp_if *cif = (struct carp_if *)ifp0-if_carp; - struct ifnet *ifp; + struct mbuf_list ml = MBUF_LIST_INITIALIZER(); + struct carp_if *cif; + struct ifnet *ifp0, *ifp; - ifp = carp_ourether(cif, eh0-ether_dhost); - if (ifp == NULL (m-m_flags (M_BCAST|M_MCAST)) == 0) - return (1); + ifp0 = m-m_pkthdr.rcvif; + eh = mtod(m, struct ether_header *); + cif = (struct carp_if *)ifp0-if_carp; + + ifp = carp_ourether(cif, eh-ether_dhost); + if (ifp == NULL !ETHER_IS_MULTICAST(eh-ether_dhost)) + return (0); if (ifp
vmxnet3 panic
Hey, got a panic as of todays ‘cvs up’ trace below panic: vmxnet3_rxintr: NULL ring-m[44] Stopped at Debugger+0x9: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO. DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0} Debugger() at Debugger+0x9 panic() at panic+0xfe vmxnet3_rxintr() at vmxnet3_rxintr+0x284 vmxnet3_intr() at vmxnet3_intr+0x4a intr_handler() at intr_handler+0x67 Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd --- interrupt --- Xspllower() at Xspllower+0xe if_downall() at if_downall+0x9b boot() at boot+0xe4 reboot() at reboot+0x26 sys_reboot() at sys_reboot+0x5e syscall() at syscall+0x297 --- syscall (number 55) --- end of kernel end trace frame: 0x7f7d5858, count: -12 0x184f48704eda: ddb{0} rebooting... OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015 //mxb
Re: vmxnet3 panic
Not sure if I’ll be able to reproduce this at all. Never seen this before. But diff is applied. //mxb On 22 maj 2015, at 19:53, Mike Belopuhov m...@belopuhov.com wrote: On Fri, May 22, 2015 at 19:35 +0200, mxb wrote: Hey, got a panic as of todays ‘cvs up’ trace below panic: vmxnet3_rxintr: NULL ring-m[44] Stopped at Debugger+0x9: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! IF RUNNING SMP, USE 'mach ddbcpu #' AND 'trace' ON OTHER PROCESSORS, TOO. DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0} Debugger() at Debugger+0x9 panic() at panic+0xfe vmxnet3_rxintr() at vmxnet3_rxintr+0x284 vmxnet3_intr() at vmxnet3_intr+0x4a intr_handler() at intr_handler+0x67 Xintr_ioapic_level10() at Xintr_ioapic_level10+0xcd --- interrupt --- Xspllower() at Xspllower+0xe if_downall() at if_downall+0x9b boot() at boot+0xe4 reboot() at reboot+0x26 sys_reboot() at sys_reboot+0x5e syscall() at syscall+0x297 --- syscall (number 55) --- end of kernel end trace frame: 0x7f7d5858, count: -12 0x184f48704eda: ddb{0} rebooting... OpenBSD 5.7-current (GENERIC.MP) #0: Fri May 22 16:30:54 CEST 2015 //mxb vmx doesn't check if it's wasn't stopped before calling rx/tx interrupt routines... the patch below should fix it up. not entirely sure why do they need to re-enable the interrupt every time, but i'm pretty positive you don't want that if you're !IFF_RUNNING. diff --git sys/dev/pci/if_vmx.c sys/dev/pci/if_vmx.c index 925a977..989cae1 100644 --- sys/dev/pci/if_vmx.c +++ sys/dev/pci/if_vmx.c @@ -588,21 +588,24 @@ vmxnet3_disable_all_intrs(struct vmxnet3_softc *sc) int vmxnet3_intr(void *arg) { struct vmxnet3_softc *sc = arg; + struct ifnet *ifp = sc-sc_arpcom.ac_if; if (READ_BAR1(sc, VMXNET3_BAR1_INTR) == 0) return 0; if (sc-sc_ds-event) vmxnet3_evintr(sc); - vmxnet3_rxintr(sc, sc-sc_rxq[0]); - vmxnet3_txintr(sc, sc-sc_txq[0]); #ifdef VMXNET3_STAT vmxstat.intr++; #endif - vmxnet3_enable_intr(sc, 0); + if (ifp-if_flags IFF_RUNNING) { + vmxnet3_rxintr(sc, sc-sc_rxq[0]); + vmxnet3_txintr(sc, sc-sc_txq[0]); + vmxnet3_enable_intr(sc, 0); + } return 1; } void vmxnet3_evintr(struct vmxnet3_softc *sc)
Re: vlan+bridge fix
Diff is applied. So far no problems. Unfortunately I can’t test this fully - no vlans on my side. //mxb On 15 maj 2015, at 13:14, Martin Pieuchot m...@openbsd.org wrote: I have one setup with multiple interfaces in a bridge and on some of these interfaces some vlan(4)s. But there's currently a bug that prevent us to send (receive is fine) VLAN packets in such config. Diff below fixes that. The problem is that vlan_output() does not pass its parent interface to ether_output(). That's a mis-design that should be fixed later. The reason for not passing the parent interface is that we want to tcpdump(8) packets on vlan interfaces and the easiest hack^Wsolution was to add a bpf handler in vlan_start()*. Since my vlans are not part of the bridge, the check below is never true and my packets never go through the bridge. By moving this check to if_output() we kill two birds with one diff. First of all we fix this vlan bug and secondly we simplify ether_output() which in turn will allow us to fix all pseudo-interface *output() functions. One of the goals of if_output() is to move all bpf handlers instead of having them in multiple if_start(). Of course, this will also help us removing the various #if PSEUDODRIVER from our stack... Ok? *: Note that for the exact same reason we cannot tcpdump output packets on a carp(4) interface, this will be fixed at the same time in upcoming diffs. Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.198 diff -u -p -r1.198 if_ethersubr.c --- net/if_ethersubr.c15 May 2015 10:15:13 - 1.198 +++ net/if_ethersubr.c15 May 2015 10:58:37 - @@ -363,47 +363,6 @@ ether_output(struct ifnet *ifp0, struct if (ether_addheader(m, ifp, etype, esrc, edst) == -1) senderr(ENOBUFS); -#if NBRIDGE 0 - /* - * Interfaces that are bridgeports need special handling for output. - */ - if (ifp-if_bridgeport) { - struct m_tag *mtag; - - /* - * Check if this packet has already been sent out through - * this bridgeport, in which case we simply send it out - * without further bridge processing. - */ - for (mtag = m_tag_find(m, PACKET_TAG_BRIDGE, NULL); mtag; - mtag = m_tag_find(m, PACKET_TAG_BRIDGE, mtag)) { -#ifdef DEBUG - /* Check that the information is there */ - if (mtag-m_tag_len != sizeof(caddr_t)) { - error = EINVAL; - goto bad; - } -#endif - if (!memcmp(ifp-if_bridgeport, mtag + 1, - sizeof(caddr_t))) - break; - } - if (mtag == NULL) { - /* Attach a tag so we can detect loops */ - mtag = m_tag_get(PACKET_TAG_BRIDGE, sizeof(caddr_t), - M_NOWAIT); - if (mtag == NULL) { - error = ENOBUFS; - goto bad; - } - memcpy(mtag + 1, ifp-if_bridgeport, sizeof(caddr_t)); - m_tag_prepend(m, mtag); - error = bridge_output(ifp, m, NULL, NULL); - return (error); - } - } -#endif - len = m-m_pkthdr.len; error = if_output(ifp, m); Index: net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.331 diff -u -p -r1.331 if.c --- net/if.c 15 May 2015 10:15:13 - 1.331 +++ net/if.c 15 May 2015 10:58:37 - @@ -450,6 +450,40 @@ if_output(struct ifnet *ifp, struct mbuf length = m-m_pkthdr.len; mflags = m-m_flags; +#if NBRIDGE 0 + /* + * Interfaces that are bridgeports need special handling for output. + */ + if (ifp-if_bridgeport) { + struct m_tag *mtag; + + /* + * Check if this packet has already been sent out through + * this bridgeport, in which case we simply send it out + * without further bridge processing. + */ + for (mtag = m_tag_find(m, PACKET_TAG_BRIDGE, NULL); mtag; + mtag = m_tag_find(m, PACKET_TAG_BRIDGE, mtag)) { + if (!memcmp(ifp-if_bridgeport, mtag + 1, + sizeof(caddr_t))) + break; + } + if (mtag == NULL) { + /* Attach a tag so we can detect loops */ + mtag = m_tag_get(PACKET_TAG_BRIDGE, sizeof(caddr_t), + M_NOWAIT); + if (mtag == NULL
Re: Small bridge(4) fix
No regression on my side. //mxb On 15 maj 2015, at 12:54, Martin Pieuchot m...@openbsd.org wrote: If we change the rcvif pointer of a packet we need to run if_input() again otherwise we might skip the handlers on the new interface. Ultimately it would be nice to only assign rcvif in if_input(), but that's for another diff. This fix one case I left out in my previous conversion, ok? Index: net/if_bridge.c === RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.238 diff -u -p -r1.238 if_bridge.c --- net/if_bridge.c 15 May 2015 10:15:13 - 1.238 +++ net/if_bridge.c 15 May 2015 10:50:32 - @@ -1478,12 +1478,9 @@ bridge_dispatch(struct bridge_iflist *if m-m_pkthdr.rcvif = ifl-ifp; m-m_pkthdr.ph_rtableid = ifl-ifp-if_rdomain; - if (ifp-if_type == IFT_GIF) { - m-m_flags |= M_PROTO1; - ether_input_mbuf(ifl-ifp, m); - m = NULL; - } - return (m); + m-m_flags |= M_PROTO1; + ether_input_mbuf(ifl-ifp, m); + return (NULL); } if (bcmp(ac-ac_enaddr, eh-ether_shost, ETHER_ADDR_LEN) == 0 #if NCARP 0
Re: bridge(4) and ether_input_mbuf()
Applied. I don’t see any regressions so far. I use bridge+vether. //mxb On 28 apr 2015, at 23:06, Martin Pieuchot m...@openbsd.org wrote: On 21/04/15(Tue) 12:35, Martin Pieuchot wrote: This diff adds the necessary glue to bridge(4) to be able to convert other pseudo-drivers to if_input(). This will also help bridge(4)'s own conversion. Since bridge_input() already returns a mbuf, I believe this change is less error prone than the carp(4) one. But I appreciate reviews, tests and oks. Anybody? Index: net/bridgestp.c === RCS file: /cvs/src/sys/net/bridgestp.c,v retrieving revision 1.52 diff -u -p -r1.52 bridgestp.c --- net/bridgestp.c 14 Mar 2015 03:38:51 - 1.52 +++ net/bridgestp.c 20 Apr 2015 11:35:56 - @@ -596,6 +596,9 @@ bstp_input(struct bstp_state *bs, struct len = ntohs(eh-ether_type); if (len sizeof(tpdu)) goto out; + +m_adj(m, ETHER_HDR_LEN); + if (m-m_pkthdr.len len) m_adj(m, len - m-m_pkthdr.len); if ((m = m_pullup(m, sizeof(tpdu))) == NULL) Index: net/if_bridge.c === RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.235 diff -u -p -r1.235 if_bridge.c --- net/if_bridge.c 17 Apr 2015 11:04:01 - 1.235 +++ net/if_bridge.c 20 Apr 2015 11:55:38 - @@ -115,10 +115,9 @@ voidbridge_broadcast(struct bridge_soft struct ether_header *, struct mbuf *); void bridge_localbroadcast(struct bridge_softc *, struct ifnet *, struct ether_header *, struct mbuf *); -voidbridge_span(struct bridge_softc *, struct ether_header *, -struct mbuf *); +voidbridge_span(struct bridge_softc *, struct mbuf *); struct mbuf *bridge_dispatch(struct bridge_iflist *, struct ifnet *, -struct ether_header *, struct mbuf *); + struct mbuf *); void bridge_stop(struct bridge_softc *); void bridge_init(struct bridge_softc *); int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); @@ -180,6 +179,7 @@ int bridge_clone_create(struct if_clone *ifc, int unit) { struct bridge_softc *sc; +struct ifih *bridge_ifih; struct ifnet *ifp; int i, s; @@ -187,8 +187,15 @@ bridge_clone_create(struct if_clone *ifc if (!sc) return (ENOMEM); +bridge_ifih = malloc(sizeof(*bridge_ifih), M_DEVBUF, M_NOWAIT); +if (bridge_ifih == NULL) { +free(sc, M_DEVBUF, 0); +return (ENOMEM); +} + sc-sc_stp = bstp_create(sc-sc_if); if (!sc-sc_stp) { +free(bridge_ifih, M_DEVBUF, sizeof(*bridge_ifih)); free(sc, M_DEVBUF, 0); return (ENOMEM); } @@ -222,6 +229,9 @@ bridge_clone_create(struct if_clone *ifc DLT_EN10MB, ETHER_HDR_LEN); #endif +bridge_ifih-ifih_input = ether_input; +SLIST_INSERT_HEAD(ifp-if_inputs, bridge_ifih, ifih_next); + s = splnet(); LIST_INSERT_HEAD(bridge_list, sc, sc_list); splx(s); @@ -234,6 +244,7 @@ bridge_clone_destroy(struct ifnet *ifp) { struct bridge_softc *sc = ifp-if_softc; struct bridge_iflist *bif; +struct ifih *bridge_ifih; int s; bridge_stop(sc); @@ -250,6 +261,17 @@ bridge_clone_destroy(struct ifnet *ifp) splx(s); bstp_destroy(sc-sc_stp); + +/* Undo pseudo-driver changes. */ +if_deactivate(ifp); + +bridge_ifih = SLIST_FIRST(ifp-if_inputs); +SLIST_REMOVE_HEAD(ifp-if_inputs, ifih_next); + +KASSERT(SLIST_EMPTY(ifp-if_inputs)); + +free(bridge_ifih, M_DEVBUF, sizeof(*bridge_ifih)); + if_detach(ifp); free(sc, M_DEVBUF, 0); @@ -990,7 +1012,7 @@ bridge_output(struct ifnet *ifp, struct struct mbuf *mc; int used = 0; -bridge_span(sc, NULL, m); +bridge_span(sc, m); TAILQ_FOREACH(p, sc-sc_iflist, next) { dst_if = p-ifp; @@ -1066,7 +1088,7 @@ sendunicast: (sa = bridge_tunneltag(m, dst_p-brt_tunnel.sa.sa_family)) != NULL) memcpy(sa, dst_p-brt_tunnel.sa, dst_p-brt_tunnel.sa.sa_len); -bridge_span(sc, NULL, m); +bridge_span(sc, m); if ((dst_if-if_flags IFF_RUNNING) == 0) { m_freem(m); return (ENETDOWN); @@ -1282,12 +1304,13 @@ bridgeintr_frame(struct bridge_softc *sc * not for us, and schedule an interrupt. */ struct mbuf * -bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) +bridge_input(struct ifnet *ifp, struct ether_header *eh0, struct mbuf *m) { struct bridge_softc *sc; struct bridge_iflist *ifl; +struct ether_header *eh; #if NVLAN 0 -uint16_t etype = ntohs(eh-ether_type); +uint16_t etype = ntohs(eh0-ether_type); #endif /* NVLAN 0 */ /* @@ -1306,15 +1329,20 @@ bridge_input(struct ifnet *ifp, struct e
Re: Dell R630 high interrupts on acpi0
On 16 dec 2014, at 06:40, David Gwynne da...@gwynne.id.au wrote: others have hit this on r620s as well I don’t see it on mine. interrupt total rate irq0/clock 9587998940 1599 irq0/ipi136166514 22 irq144/acpi020 irq112/ix029053603446 4847 irq113/ix127844456217 4646 irq96/mfi080725871 irq114/ubsec0 3101629892 517 irq98/ehci0 1120 irq115/em0 4928262870 822 irq116/em1 211437268 35 irq99/ehci1280 irq100/ahci010 Total 7487162787712493 This is a pre-5.6 OpenBSD 5.6-current (GENERIC.MP) #394: Wed Oct 1 12:54:54 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8492285952 (8098MB) avail mem = 8257511424 (7874MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries) bios0: vendor Dell Inc. version 1.3.6 date 09/11/2012 bios0: Dell Inc. PowerEdge R620 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ TCPA PC__ SRAT SSDT acpi0: wakeup devices PCI0(S5) PCI1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 32 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 0, package 1 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 34 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 1, package 1 cpu4 at mainbus0: apid 4 (application processor) cpu4: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 0, core 2, package 0 cpu5 at mainbus0: apid 36 (application processor) cpu5: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu5: 256KB 64b/line 8-way L2 cache cpu5: smt 0, core 2, package 1 cpu6 at mainbus0: apid 6 (application processor) cpu6: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC cpu6: 256KB 64b/line 8-way L2 cache cpu6: smt 0, core 3, package 0 cpu7 at mainbus0: apid 38 (application processor) cpu7: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz,
Re: idea to block some scanners
Could you please, post updated version to the list? //mxb On 27 jun 2014, at 20:09, Leclerc, Sebastien sebastien.lecl...@saint-georges.ca wrote: Stuart Henderson st...@openbsd.org, 2014-06-27 11:00 +/* Stolen from ftp-proxy */ Old version of ftp-proxy I guess. It hasn't used DIOCNATLOOK for several releases, it has switched to the much easier-to-use divert-to / getsockname(). And also : Henning Brauer lists-openbsdt...@bsws.de, 2014-06-27 14:07 no DIOCNATLOOK is stupid. I'll celebrate the day when I can kill it. Please look at less ancient ftp-proxy/*-proxy code for inspiration. Way simpler, indeed! Thank you --- tarpitd.c.bak Fri Jun 27 13:25:06 2014 +++ tarpitd.c Fri Jun 27 14:01:35 2014 @@ -56,21 +56,11 @@ struct con { int il; } *con; -/* From netinet/in.h, but only _KERNEL_ gets them. */ -#define satosin(sa)((struct sockaddr_in *)(sa)) -#define satosin6(sa) ((struct sockaddr_in6 *)(sa)) -int server_lookup4(struct sockaddr_in *, struct sockaddr_in *, -struct sockaddr_in *); -int server_lookup6(struct sockaddr_in6 *, struct sockaddr_in6 *, -struct sockaddr_in6 *); - void usage(void); void initcon(struct con *, int, struct sockaddr *); void closecon(struct con *); void handler(struct con *); void getcaddr(struct con *); -int server_lookup(struct sockaddr *, struct sockaddr *, -struct sockaddr *); int blockhost(char *); int blocklistener(void); @@ -84,7 +74,6 @@ int maxfiles; int maxcon = MAXCON; int clients; int debug; -int pfdev; int window = 0; int autoblock = 1; int pipel[2] = { -1, -1 }; @@ -160,90 +149,11 @@ int blocklistener(void) return(ret); } -/* Stolen from ftp-proxy */ -int -server_lookup(struct sockaddr *client, struct sockaddr *proxy, -struct sockaddr *server) -{ - if (client-sa_family == AF_INET) - return (server_lookup4(satosin(client), satosin(proxy), - satosin(server))); - - if (client-sa_family == AF_INET6) - return (server_lookup6(satosin6(client), satosin6(proxy), - satosin6(server))); - - errno = EPROTONOSUPPORT; - return (-1); -} - -int -server_lookup4(struct sockaddr_in *client, struct sockaddr_in *proxy, -struct sockaddr_in *server) -{ - struct pfioc_natlook pnl; - - memset(pnl, 0, sizeof pnl); - pnl.direction = PF_OUT; - pnl.af = AF_INET; - pnl.proto = IPPROTO_TCP; - memcpy(pnl.saddr.v4, client-sin_addr.s_addr, sizeof pnl.saddr.v4); - memcpy(pnl.daddr.v4, proxy-sin_addr.s_addr, sizeof pnl.daddr.v4); - pnl.sport = client-sin_port; - pnl.dport = proxy-sin_port; - - if (ioctl(pfdev, DIOCNATLOOK, pnl) == -1) - return (-1); - - memset(server, 0, sizeof(struct sockaddr_in)); - server-sin_len = sizeof(struct sockaddr_in); - server-sin_family = AF_INET; - memcpy(server-sin_addr.s_addr, pnl.rdaddr.v4, - sizeof server-sin_addr.s_addr); - server-sin_port = pnl.rdport; - - return (0); -} - -int -server_lookup6(struct sockaddr_in6 *client, struct sockaddr_in6 *proxy, -struct sockaddr_in6 *server) -{ - struct pfioc_natlook pnl; - - memset(pnl, 0, sizeof pnl); - pnl.direction = PF_OUT; - pnl.af = AF_INET6; - pnl.proto = IPPROTO_TCP; - memcpy(pnl.saddr.v6, client-sin6_addr.s6_addr, sizeof pnl.saddr.v6); - memcpy(pnl.daddr.v6, proxy-sin6_addr.s6_addr, sizeof pnl.daddr.v6); - pnl.sport = client-sin6_port; - pnl.dport = proxy-sin6_port; - - if (ioctl(pfdev, DIOCNATLOOK, pnl) == -1) - return (-1); - - memset(server, 0, sizeof(struct sockaddr_in6)); - server-sin6_len = sizeof(struct sockaddr_in6); - server-sin6_family = AF_INET6; - memcpy(server-sin6_addr.s6_addr, pnl.rdaddr.v6, - sizeof server-sin6_addr); - server-sin6_port = pnl.rdport; - - return (0); -} - -/* - * Get address client connected to, by doing a DIOCNATLOOK call. - * Uses server_lookup code from ftp-proxy. - */ void getcaddr(struct con *cp) { struct sockaddr_storage spamd_end; struct sockaddr *sep = (struct sockaddr *) spamd_end; - struct sockaddr_storage original_destination; - struct sockaddr *odp = (struct sockaddr *) original_destination; socklen_t len = sizeof(struct sockaddr_storage); int error; @@ -251,9 +161,7 @@ getcaddr(struct con *cp) cp-cport[0] = '\0'; if (getsockname(cp-fd, sep, len) == -1) return; - if (server_lookup((struct sockaddr *)cp-ss, sep, odp) != 0) - return; - error = getnameinfo(odp, odp-sa_len, cp-caddr, sizeof(cp-caddr), + error = getnameinfo(sep, sep-sa_len, cp-caddr
Re: bnx(4): enable checksum offload
This is bnx0 at pci3 dev 4 function 0 Broadcom BCM5706 rev 0x02 On 8 okt 2013, at 22:34, mxb m...@alumni.chalmers.se wrote: I have it spinning now. bnx0: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 hwfeatures=36CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING hardmtu 1500 lladdr 00:14:c2:5d:31:a8 priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active So far - no problems. //mxb On 9 sep 2013, at 21:46, Brad Smith b...@comstyle.com wrote: Here is a diff to enable the checksum offload support for bnx(4). Looking for any testing. Index: if_bnx.c === RCS file: /home/cvs/src/sys/dev/pci/if_bnx.c,v retrieving revision 1.101 diff -u -p -r1.101 if_bnx.c --- if_bnx.c 28 Mar 2013 17:21:44 - 1.101 +++ if_bnx.c 9 Sep 2013 18:43:07 - @@ -884,11 +884,8 @@ bnx_attachhook(void *xsc) bcopy(sc-eaddr, sc-arpcom.ac_enaddr, ETHER_ADDR_LEN); bcopy(sc-bnx_dev.dv_xname, ifp-if_xname, IFNAMSIZ); -ifp-if_capabilities = IFCAP_VLAN_MTU; - -#ifdef BNX_CSUM -ifp-if_capabilities |= IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4; -#endif +ifp-if_capabilities = IFCAP_VLAN_MTU | IFCAP_CSUM_TCPv4 | +IFCAP_CSUM_UDPv4; #if NVLAN 0 ifp-if_capabilities |= IFCAP_VLAN_HWTAGGING; -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: memset.S for amd64
This file is already in base. /usr/src/sys/lib/libkern/arch/amd64/memset.S On 18 sep 2013, at 20:28, Edd Barrett vex...@gmail.com wrote: On Wed, Sep 18, 2013 at 07:08:31PM +0100, Edd Barrett wrote: In short, each experiment warms up by setting and checking a load of buffers before setting as many buffers as possible given a one minute timeframe. The experiments were run with varying buffer sizes under both memset.S and memset.c. Forgot to say, each experiment was repeated 5 times (each bufsz/ memset combination) and averages were taken. See the Python scripts in the repo for details. -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
Re: memset.S for amd64
On 19 sep 2013, at 19:23, Brad Smith b...@comstyle.com wrote: That is in the kernel not libc. Yes, I know. Can't it be re-used instead of maintaining same file in two places? //mxb
rc.d/dhcpd
Then running dhcpd with pf-support (-A tbl -C tbl). dhcpd spawns child process which is not handled by rc-script then stop/restart. Here is a diff to fix it. Yes, I know, normally one might want to flush PF-tables as well and this is not handled by the diff. But at least I don't have to kill child process manually. --- dhcpd Wed Nov 28 10:16:33 2012 +++ dhcpd.myWed Nov 28 09:47:28 2012 @@ -12,4 +12,17 @@ touch /var/db/dhcpd.leases } -rc_cmd $1 +case $1 in +restart) +rc_stop +pkill dhcpd +rc_start +;; + stop) + rc_stop + pkill dhcpd + ;; +*) +rc_cmd $1 +;; +esac
Re: X540T: link is not detected
Compiling if_ix.c with IX_DEBUG yields ../../../../dev/pci/if_ix.c: In function 'ixgbe_print_hw_stats': ../../../../dev/pci/if_ix.c:3525: error: 'struct ix_softc' has no member named 'mbuf_alloc_failed' ../../../../dev/pci/if_ix.c:3526: error: 'struct ix_softc' has no member named 'mbuf_cluster_failed' According to the if_ix.h those two are gone. Diff to fix it. --- if_ix.c Wed Nov 28 12:34:30 2012 +++ if_ix.c.my Wed Nov 28 12:31:04 2012 @@ -3515,15 +3515,17 @@ { struct ifnet *ifp = sc-arpcom.ac_if;; - printf(%s: mbuf alloc failed %lu, mbuf cluster failed %lu, + printf(%s: mbuf defrag failed %lu, mbuf header failed %lu, + mbuf packet failed %lu, missed pkts %llu, rx len errs %llu, crc errs %llu, dropped pkts %lu, watchdog timeouts %ld, XON rx %llu, XON tx %llu, XOFF rx %llu, XOFF tx %llu, total pkts rx %llu, good pkts rx %llu, good pkts tx %llu, tso tx %lu\n, ifp-if_xname, - sc-mbuf_alloc_failed, - sc-mbuf_cluster_failed, + sc-mbuf_defrag_failed, + sc-mbuf_header_failed, + sc-mbuf_packet_failed, (long long)sc-stats.mpc[0], (long long)sc-stats.roc + (long long)sc-stats.ruc, (long long)sc-stats.crcerrs, On 28 nov 2012, at 10:38, isnk00 isn...@gmail.com wrote: I have the same issue with Linksys WUSB54GC v3 (Ralink Technology) device. As long as 5.2-current boots up with the device attached there is no problem to detect it. The device does not seem to authenticate properly if it is not in USB port to begin with. Luke 2012/11/27 mxb m...@alumni.chalmers.se There is however, no problem then: plugged - boot - wait - unplug - wait - plug in. On 27 nov 2012, at 13:50, mxb m...@alumni.chalmers.se wrote: Hi tech@, ix(4) does not detects link then cable is plugged in into already running machine. ix0: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:10 description: HW_EXT priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255 ix1: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:12 description: HW_INT priority: 0 media: Ethernet autoselect status: no carrier inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255 ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi //maxim
X540T: link is not detected
Hi tech@, ix(4) does not detects link then cable is plugged in into already running machine. ix0: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:10 description: HW_EXT priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255 ix1: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:12 description: HW_INT priority: 0 media: Ethernet autoselect status: no carrier inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255 ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi //maxim
Re: X540T: link is not detected
There is however, no problem then: plugged - boot - wait - unplug - wait - plug in. On 27 nov 2012, at 13:50, mxb m...@alumni.chalmers.se wrote: Hi tech@, ix(4) does not detects link then cable is plugged in into already running machine. ix0: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:10 description: HW_EXT priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.0.232 netmask 0xf800 broadcast 172.16.7.255 ix1: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr bc:30:5b:f3:60:12 description: HW_INT priority: 0 media: Ethernet autoselect status: no carrier inet 192.168.10.3 netmask 0xff00 broadcast 192.168.10.255 ix0 at pci1 dev 0 function 0 Intel X540T rev 0x01: msi ix1 at pci1 dev 0 function 1 Intel X540T rev 0x01: msi //maxim
TX_/RX_CSUM on Intel I350/X540T
Hey tech@, I'll more than gladly test any diffs for subject. Regards, Maxim
Re: em(4): enable TCP/UDP checksum offload
In my case, it is a CARP backup(master will be upgraded soon) rolling ospf on top of gre on top of ipsec, running npppd, and daily NAT/RDR for about 100 clients. On 6 nov 2012, at 21:31, Stuart Henderson s...@spacehopper.org wrote: For people who are testing checksum-offload-enabling diffs, it would help if you could say what sort of things have tested. Things like fragments/NFS are far more likely to exercise bugs in the hardware than standard web browsing.
Re: bge(4): enable TCP/UDP checksum offload
Can someone, please, point me to the right cvs URL for those changes. Thanks. On 3 nov 2012, at 22:41, Christian Weisgerber na...@mips.inka.de wrote: Henning's epic rewrite of the checksum handling has fixed
Re: PF: match dir ... tag tag; pass tagged { tag, tag } keep state
Exactly what I meant. To many 'pass tagged' on each new line in pf.conf Sent from my iDevice On Sep 17, 2012, at 17:25, Henning Brauer lists-openbsdt...@bsws.de wrote: * Stuart Henderson s...@spacehopper.org [2012-09-17 17:23]: On 2012/09/17 17:14, Mike Belopuhov wrote: On Mon, Sep 17, 2012 at 5:03 PM, Henning Brauer henn...@openbsd.org wrote: * mxb m...@alumni.chalmers.se [2012-09-10 17:51]: is there any plans to expand 'tagged' keyword in PF into list? not that I am aware of, but it would make sense to have list expansion there as well. would it mean tagged foo AND bar or tagged foo OR bar? it would have to be foo OR bar because you can only have one tag at a time. it is even easier than that. pass tagged { FOO, BAR } expands to pass tagged FOO pass tagged BAR it's just list expansion. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
PF: match dir ... tag tag; pass tagged { tag, tag } keep state
Hi list@, is there any plans to expand 'tagged' keyword in PF into list? Example of usage: match in ... tag ABC match in ... tag BCD pass in on egress tagged { ABC, BCD } If yes, is anyone already working on that? Any diff for testing? Yes, I started to look at this, but it will take time for me to produce something useful. Regards, Maxim
add vmxnet3 to pcidevs
Diff below adds vmxnet3 to pcidevs. vmxnet and vmxnet2 have the same PCI ID and thus catched by the same macro - VMWARE NET. While there, remove \t with space for MACHINE_2 //maxim Index: sys/dev/pci/pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.1639 diff -u -p -r1.1639 pcidevs --- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 - 1.1639 +++ sys/dev/pci/pcidevs 23 Apr 2012 08:31:32 - @@ -5870,7 +5870,8 @@ product VLSI 82C925 0x0280 82C925 product VMWARE VIRTUAL20x0405 Virtual SVGA II product VMWARE VIRTUAL 0x0710 Virtual SVGA product VMWARE NET 0x0720 Virtual NIC -productVMWARE MACHINE_20x0740 Virtual Machine Communication Interface +product VMWARE NET30x07b0 Virtual NIC III +product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface product VMWARE EHCI0x0770 Virtual EHCI product VMWARE PCI 0x0790 Virtual PCI-PCI product VMWARE PCIE0x07a0 Virtual PCIE-PCIE
Re: add vmxnet3 to pcidevs
On 04/23/2012 10:39 AM, Brad Smith wrote: On 23/04/12 4:32 AM, mxb wrote: Diff below adds vmxnet3 to pcidevs. vmxnet and vmxnet2 have the same PCI ID and thus catched by the same macro - VMWARE NET. While there, remove \t with space for MACHINE_2 The PCI id entries are sorted so this new addition needs to be moved further down so it is in order. //maxim Index: sys/dev/pci/pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.1639 diff -u -p -r1.1639 pcidevs --- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 - 1.1639 +++ sys/dev/pci/pcidevs 23 Apr 2012 08:31:32 - @@ -5870,7 +5870,8 @@ product VLSI 82C925 0x0280 82C925 product VMWARE VIRTUAL2 0x0405 Virtual SVGA II product VMWARE VIRTUAL 0x0710 Virtual SVGA product VMWARE NET 0x0720 Virtual NIC -product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface +product VMWARE NET3 0x07b0 Virtual NIC III +product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface product VMWARE EHCI 0x0770 Virtual EHCI product VMWARE PCI 0x0790 Virtual PCI-PCI product VMWARE PCIE 0x07a0 Virtual PCIE-PCIE Sorry, forgot that one. Been long time. New diff below. Index: sys/dev/pci/pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.1639 diff -u -p -r1.1639 pcidevs --- sys/dev/pci/pcidevs 14 Apr 2012 08:59:53 - 1.1639 +++ sys/dev/pci/pcidevs 23 Apr 2012 09:00:38 - @@ -5870,11 +5870,12 @@ product VLSI 82C925 0x0280 82C925 product VMWARE VIRTUAL20x0405 Virtual SVGA II product VMWARE VIRTUAL 0x0710 Virtual SVGA product VMWARE NET 0x0720 Virtual NIC -productVMWARE MACHINE_20x0740 Virtual Machine Communication Interface +product VMWARE MACHINE_2 0x0740 Virtual Machine Communication Interface product VMWARE EHCI0x0770 Virtual EHCI product VMWARE PCI 0x0790 Virtual PCI-PCI product VMWARE PCIE0x07a0 Virtual PCIE-PCIE -productVMWARE MACHINE 0x0801 Virtual Machine Interface +product VMWARE NET30x07b0 Virtual NIC III +product VMWARE MACHINE 0x0801 Virtual Machine Interface /* Weitek products */ product WEITEK P9000 0x9001 P9000
Re: diff: fix bpf problem of pipex
On Apr 4, 2012, at 7:36 PM, YASUOKA Masahiko wrote: Hi, On Wed, 4 Apr 2012 13:19:06 +0200 Claudio Jeker cje...@diehard.n-r-g.com wrote: On Wed, Apr 04, 2012 at 02:34:46PM +0900, Yasuoka Masahiko wrote: On Tue, 31 Jan 2012 13:59:17 +0100 Sebastian Reitenbach sebas...@l00-bugdead-prods.de wrote: However, I noted with tcpdump, listening on tun0: # tcpdump -n -i tun0 tcpdump: listening on tun0, link-type LOOP 13:51:15.354776 tcpdump: WARNING: compensating for unaligned libpcap packets 13:51:15.354795 10.66.66.1 10.66.66.129: icmp: echo reply (DF) 13:51:16.334984 13:51:16.334997 10.66.66.1 10.66.66.129: icmp: echo reply (DF) 13:51:17.355463 (snip) The incoming packets look weird, and this is not only true for icmp, with tcp/udp its the same. Attached diff will fix the problem. bpf requires to use different byte order for DLT_LOOP and DLT_NULL on address family header. pipex works with both pppx(DLT_NULL) and tun(DLT_LOOP), so it should switch the byte order. ok? or comment? Since pppx(4) is only used by npppd/pipex shouldn't we change the DLT there so that we don't need any magic inside pipex? Yes. Using same DLT of tun for pppx makes things simple. Let me update the diff. ok? Index: sys/net/if_pppx.c === RCS file: /cvs/src/sys/net/if_pppx.c,v retrieving revision 1.13 diff -u -p -r1.13 if_pppx.c --- sys/net/if_pppx.c 25 Oct 2011 23:54:58 - 1.13 +++ sys/net/if_pppx.c 4 Apr 2012 15:10:23 - @@ -877,7 +877,7 @@ pppx_add_session(struct pppx_dev *pxd, s if_alloc_sadl(ifp); #if NBPFILTER 0 - bpfattach(ifp-if_bpf, ifp, DLT_NULL, 0); + bpfattach(ifp-if_bpf, ifp, DLT_LOOP, 0); #endif SET(ifp-if_flags, IFF_RUNNING); Index: sys/net/pipex.c === RCS file: /cvs/src/sys/net/pipex.c,v retrieving revision 1.27 diff -u -p -r1.27 pipex.c --- sys/net/pipex.c 4 Apr 2012 04:31:38 - 1.27 +++ sys/net/pipex.c 4 Apr 2012 15:10:25 - @@ -1163,7 +1163,7 @@ pipex_ip_input(struct mbuf *m0, struct p #if NBPFILTER 0 if (ifp-if_bpf) - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN); + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0, BPF_DIRECTION_IN); #endif s = splnet(); @@ -1240,7 +1240,7 @@ pipex_ip6_input(struct mbuf *m0, struct #if NBPFILTER 0 if (ifp-if_bpf) - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN); + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0, BPF_DIRECTION_IN); #endif s = splnet(); No breaks here. amd64 //maxim
Re: diff: fix bpf problem of pipex (was Re: diff: fix LCP keepalive failures on L2TP.)
On 04/04/2012 07:34 AM, YASUOKA Masahiko wrote: On Tue, 31 Jan 2012 13:59:17 +0100 Sebastian Reitenbachsebas...@l00-bugdead-prods.de wrote: However, I noted with tcpdump, listening on tun0: # tcpdump -n -i tun0 tcpdump: listening on tun0, link-type LOOP 13:51:15.354776 tcpdump: WARNING: compensating for unaligned libpcap packets 13:51:15.354795 10.66.66.1 10.66.66.129: icmp: echo reply (DF) 13:51:16.334984 13:51:16.334997 10.66.66.1 10.66.66.129: icmp: echo reply (DF) 13:51:17.355463 (snip) The incoming packets look weird, and this is not only true for icmp, with tcp/udp its the same. Attached diff will fix the problem. bpf requires to use different byte order for DLT_LOOP and DLT_NULL on address family header. pipex works with both pppx(DLT_NULL) and tun(DLT_LOOP), so it should switch the byte order. ok? or comment? Index: sys/net/pipex.c === RCS file: /cvs/src/sys/net/pipex.c,v retrieving revision 1.26 diff -u -p -r1.26 pipex.c --- sys/net/pipex.c 31 Jan 2012 12:04:20 - 1.26 +++ sys/net/pipex.c 8 Feb 2012 05:23:13 - @@ -1162,8 +1162,13 @@ pipex_ip_input(struct mbuf *m0, struct p len = m0-m_pkthdr.len; #if NBPFILTER 0 - if (ifp-if_bpf) - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN); + if (ifp-if_bpf) { + if (ifp-if_type == IFT_TUNNEL) + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET), m0, + BPF_DIRECTION_IN); + else + bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN); + } #endif s = splnet(); @@ -1239,8 +1244,14 @@ pipex_ip6_input(struct mbuf *m0, struct len = m0-m_pkthdr.len; #if NBPFILTER 0 - if (ifp-if_bpf) - bpf_mtap_af(ifp-if_bpf, AF_INET, m0, BPF_DIRECTION_IN); + if (ifp-if_bpf) { + if (ifp-if_type == IFT_TUNNEL) + bpf_mtap_af(ifp-if_bpf, htonl(AF_INET6), m0, + BPF_DIRECTION_IN); + else + bpf_mtap_af(ifp-if_bpf, AF_INET6, m0, + BPF_DIRECTION_IN); + } #endif s = splnet(); Breaks nothing for me so far. //maxim
npppd_arp.h missing in the tree
Hi, looks like npppd_arp.h is missing in the tree. Is it in purpose or just a miss? npppd.c: snip #ifdef USE_NPPPD_ARP #include npppd_arp.h #endif /snip Regards, Maxim