Re: acme-client -t switch?

[Devin Reade]

Expanding on my previous email, it looks like the git version of
acme-client has a different implementation than what was implemented
in the version first committed (and later removed) from the OpenBSD
CVS sources.  The latter (CVS) version was calling "doas sh ..."
whereas the former (git) version writes challenges to stdout which
can then be processed by the invoking program.  Looking at the logs,
it appears the git version is a reworking of the functionality.

For the record, I was asking about introducing the mechanism (stdout)
currently used by the git version.

Devin

xenocara: honor CC, CXX, CXXFLAGS

[Christian Weisgerber]

I noticed that the xenocara build uses "gcc" and "g++" everywhere
if those exist at build time.  It's the result of an omission:
CC, CXX, and CXXFLAGS simply aren't passed into the build and the
GNU configure defaults are used.

Straightforward fix.  OK?

PS: Does anybody remember why we need to delete spaces at the end of
CFLAGS?  That's a very odd requirement.

Index: app/xlockmore/Makefile.bsd-wrapper
===
RCS file: /cvs/xenocara/app/xlockmore/Makefile.bsd-wrapper,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile.bsd-wrapper
--- app/xlockmore/Makefile.bsd-wrapper  13 Aug 2014 21:02:16 -  1.12
+++ app/xlockmore/Makefile.bsd-wrapper  7 Mar 2017 17:52:27 -
@@ -6,7 +6,10 @@ config.status:
AUTOMAKE_VERSION="$(AUTOMAKE_VERSION)" \
AUTOCONF_VERSION="$(AUTOCONF_VERSION)" \
ACLOCAL="aclocal -I ${X11BASE}/share/aclocal" \
+   CC="${CC}" \
CFLAGS="${CFLAGS}" \
+   CXX="${CXX}" \
+   CXXFLAGS="${CXXFLAGS}" \
PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \
CONFIG_SITE=$(CONFIG_SITE) \
sh ${.CURDIR}/configure --prefix=${X11BASE} \
Index: share/mk/bsd.xorg.mk
===
RCS file: /cvs/xenocara/share/mk/bsd.xorg.mk,v
retrieving revision 1.58
diff -u -p -r1.58 bsd.xorg.mk
--- share/mk/bsd.xorg.mk12 Feb 2017 18:19:54 -  1.58
+++ share/mk/bsd.xorg.mk7 Mar 2017 02:16:07 -
@@ -56,7 +56,10 @@ XENOCARA_PATH?=  /bin:/sbin:/usr/bin:/usr
 
 CONFIGURE_ENV= PKG_CONFIG_LIBDIR="$(PKG_CONFIG_LIBDIR)" \
CONFIG_SITE=$(CONFIG_SITE) \
+   CC="$(CC)" \
CFLAGS="$(CFLAGS:C/ *$//)" \
+   CXX="$(CXX)" \
+   CXXFLAGS="$(CXXFLAGS:C/ *$//)" \
MAKE="${MAKE}"
 
 CONFIGURE_ARGS+= --disable-silent-rules
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: xenocara: honor CC, CXX, CXXFLAGS

[Matthieu Herrb]

On Tue, Mar 07, 2017 at 09:26:01PM +0100, Christian Weisgerber wrote:
> I noticed that the xenocara build uses "gcc" and "g++" everywhere
> if those exist at build time.  It's the result of an omission:
> CC, CXX, and CXXFLAGS simply aren't passed into the build and the
> GNU configure defaults are used.
> 
> Straightforward fix.  OK?

yes ok matthieu@

> 
> PS: Does anybody remember why we need to delete spaces at the end of
> CFLAGS?  That's a very odd requirement.

I copied it from bsd.port.mk... And there the commit message was

Author: Marc Espie 
Date:   Tue Sep 14 23:07:21 2004 +

remove trailing spaces from CFLAGS/CXXFLAGS, to please autoconf...

> 
> Index: app/xlockmore/Makefile.bsd-wrapper
> ===
> RCS file: /cvs/xenocara/app/xlockmore/Makefile.bsd-wrapper,v
> retrieving revision 1.12
> diff -u -p -r1.12 Makefile.bsd-wrapper
> --- app/xlockmore/Makefile.bsd-wrapper13 Aug 2014 21:02:16 -  
> 1.12
> +++ app/xlockmore/Makefile.bsd-wrapper7 Mar 2017 17:52:27 -
> @@ -6,7 +6,10 @@ config.status:
>   AUTOMAKE_VERSION="$(AUTOMAKE_VERSION)" \
>   AUTOCONF_VERSION="$(AUTOCONF_VERSION)" \
>   ACLOCAL="aclocal -I ${X11BASE}/share/aclocal" \
> + CC="${CC}" \
>   CFLAGS="${CFLAGS}" \
> + CXX="${CXX}" \
> + CXXFLAGS="${CXXFLAGS}" \
>   PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \
>   CONFIG_SITE=$(CONFIG_SITE) \
>   sh ${.CURDIR}/configure --prefix=${X11BASE} \
> Index: share/mk/bsd.xorg.mk
> ===
> RCS file: /cvs/xenocara/share/mk/bsd.xorg.mk,v
> retrieving revision 1.58
> diff -u -p -r1.58 bsd.xorg.mk
> --- share/mk/bsd.xorg.mk  12 Feb 2017 18:19:54 -  1.58
> +++ share/mk/bsd.xorg.mk  7 Mar 2017 02:16:07 -
> @@ -56,7 +56,10 @@ XENOCARA_PATH?=/bin:/sbin:/usr/bin:/usr
>  
>  CONFIGURE_ENV=   PKG_CONFIG_LIBDIR="$(PKG_CONFIG_LIBDIR)" \
>   CONFIG_SITE=$(CONFIG_SITE) \
> + CC="$(CC)" \
>   CFLAGS="$(CFLAGS:C/ *$//)" \
> + CXX="$(CXX)" \
> + CXXFLAGS="$(CXXFLAGS:C/ *$//)" \
>   MAKE="${MAKE}"
>  
>  CONFIGURE_ARGS+= --disable-silent-rules
> -- 
> Christian "naddy" Weisgerber  na...@mips.inka.de

-- 
Matthieu Herrb

pf: time since uptime instead of wall clock?

[Patrick Wildt]

Hi,

currently the pf status struct contains the time since pf was enabled as
seen on the wall clock.  This means when time drifts, or is set to some
earlier value, the time will be off.  If we use time since uptime it
always increments and shows how long pf has been running compared to
its uptime.

Does this make sense?  Opinions?

Patrick


diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index e241b11f6fc..3cb321a33e0 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -520,15 +520,17 @@ void
 print_status(struct pf_status *s, int opts)
 {
charstatline[80], *running, *debug;
-   time_t  runtime;
+   time_t  runtime = 0;
+   struct timespec uptime;
int i;
charbuf[PF_MD5_DIGEST_LENGTH * 2 + 1];
static const char   hex[] = "0123456789abcdef";
 
-   runtime = time(NULL) - s->since;
+   if (!clock_gettime(CLOCK_UPTIME, ))
+   runtime = uptime.tv_sec - s->since;
running = s->running ? "Enabled" : "Disabled";
 
-   if (s->since) {
+   if (runtime) {
unsigned intsec, min, hrs;
time_t  day = runtime;
 
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 56a43a55ab8..fc409a1a7d8 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -994,7 +994,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, 
struct proc *p)
error = EEXIST;
else {
pf_status.running = 1;
-   pf_status.since = time_second;
+   pf_status.since = time_uptime;
if (pf_status.stateid == 0) {
pf_status.stateid = time_second;
pf_status.stateid = pf_status.stateid << 32;
@@ -1009,7 +1009,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, 
struct proc *p)
error = ENOENT;
else {
pf_status.running = 0;
-   pf_status.since = time_second;
+   pf_status.since = time_uptime;
pf_remove_queues();
DPFPRINTF(LOG_NOTICE, "pf: stopped");
}
@@ -1605,7 +1605,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, 
struct proc *p)
bzero(pf_status.counters, sizeof(pf_status.counters));
bzero(pf_status.fcounters, sizeof(pf_status.fcounters));
bzero(pf_status.scounters, sizeof(pf_status.scounters));
-   pf_status.since = time_second;
+   pf_status.since = time_uptime;
 
break;
}
diff --git a/usr.bin/systat/pf.c b/usr.bin/systat/pf.c
index 6e282bb7359..4df9ba11b0e 100644
--- a/usr.bin/systat/pf.c
+++ b/usr.bin/systat/pf.c
@@ -220,7 +220,8 @@ void
 print_pf(void)
 {
char*debug;
-   time_t  tm;
+   time_t  tm = 0;
+   struct timespec uptime;
int i;
struct pf_status *s = 
 
@@ -229,7 +230,8 @@ print_pf(void)
if (end > num_disp)
end = num_disp;
 
-   tm = time(NULL) - s->since;
+   if (!clock_gettime(CLOCK_UPTIME, ))
+   tm = uptime.tv_sec - s->since;
 
ADD_LINE_S("pf", "Status", s->running ? "Enabled" : "Disabled");
ADD_LINE_A("pf", "Since", tm);
diff --git a/usr.sbin/snmpd/mib.c b/usr.sbin/snmpd/mib.c
index f53d9379b07..acd3b751563 100644
--- a/usr.sbin/snmpd/mib.c
+++ b/usr.sbin/snmpd/mib.c
@@ -1650,7 +1650,8 @@ int
 mib_pfinfo(struct oid *oid, struct ber_oid *o, struct ber_element **elm)
 {
struct pf_status s;
-   time_t   runtime;
+   time_t   runtime = 0;
+   struct timespec  uptime;
char str[11];
 
if (pf_get_stats())
@@ -1661,10 +1662,8 @@ mib_pfinfo(struct oid *oid, struct ber_oid *o, struct 
ber_element **elm)
*elm = ber_add_integer(*elm, s.running);
break;
case 2:
-   if (s.since > 0)
-   runtime = time(NULL) - s.since;
-   else
-   runtime = 0;
+   if (!clock_gettime(CLOCK_UPTIME, ))
+   runtime = uptime.tv_sec - s.since;
runtime *= 100;
*elm = ber_add_integer(*elm, runtime);
ber_set_header(*elm, BER_CLASS_APPLICATION, SNMP_T_TIMETICKS);

Re: arm64 SMP support, diff #3/5

[Jonathan Gray]

On Tue, Mar 07, 2017 at 02:28:06AM -0500, Dale Rahn wrote:
>
> Updated diff, this has changed a bit since the psci driver has changed.
>
> diff --git a/sys/dev/fdt/psci.c b/sys/dev/fdt/psci.c
> index b24613a275c..2ba500ea718 100644
> --- a/sys/dev/fdt/psci.c
> +++ b/sys/dev/fdt/psci.c
> @@ -29,14 +29,18 @@
>  extern void (*cpuresetfn)(void);
>  extern void (*powerdownfn)(void);
>
> +extern int (*cpu_on_fn)(uint64_t, uint64_t) __attribute__((weak)) ;
> +
>  #define SYSTEM_OFF   0x8408
>  #define SYSTEM_RESET 0x8409
> +#define SYSTEM_CPU_ON64  0xC403
>
>  struct psci_softc {
>   struct devicesc_dev;
> - void (*callfn)(uint32_t, uint32_t, uint32_t, 
> uint32_t);
> + int  (*callfn)(uint32_t, uint32_t, uint32_t, 
> uint32_t);
>   int  sc_system_off;
>   int  sc_system_reset;
> + int  sc_system_on;

This should be sc_cpu_on

>  };
>
>  struct psci_softc *psci_sc;
> @@ -45,9 +49,10 @@ intpsci_match(struct device *, void *, void *);
>  void psci_attach(struct device *, struct device *, void *);
>  void psci_reset(void);
>  void psci_powerdown(void);
> +int  psci_cpu_on(uint64_t, uint64_t);
>
> -extern void hvc_call(uint32_t, uint32_t, uint32_t, uint32_t);
> -extern void smc_call(uint32_t, uint32_t, uint32_t, uint32_t);
> +extern int hvc_call(uint32_t, uint32_t, uint32_t, uint32_t);
> +extern int smc_call(uint32_t, uint32_t, uint32_t, uint32_t);
>
>  struct cfattach psci_ca = {
>   sizeof(struct psci_softc), psci_match, psci_attach
> @@ -90,11 +95,13 @@ psci_attach(struct device *parent, struct device *self, 
> void *aux)
>   OF_is_compatible(faa->fa_node, "arm,psci-1.0")) {
>   sc->sc_system_off = SYSTEM_OFF;
>   sc->sc_system_reset = SYSTEM_RESET;
> + sc->sc_system_on = OF_getpropint(faa->fa_node, "cpu_on", 0);

If psci-0.2 or psci-1.0 is claimed the properties are supposed to be ignored
according to the device tree binding documentation.

"Function IDs are not required and should be ignored by an OS with PSCI
0.2 support, but are permitted to be present for compatibility with
existing software when "arm,psci" is later in the compatible list"

It is clear this extends to cpu_on when looking at examples like
arm64/boot/dts/broadcom/ns2.dtsi

   cpus {
#address-cells = <2>;
#size-cells = <0>;

A57_0: cpu@0 {
device_type = "cpu";
compatible = "arm,cortex-a57", "arm,armv8";
reg = <0 0>;
enable-method = "psci";
next-level-cache = <_L2>;
};
...

psci {
compatible = "arm,psci-1.0";
method = "smc";
};

>   } else if (OF_is_compatible(faa->fa_node, "arm,psci")) {
>   sc->sc_system_off = OF_getpropint(faa->fa_node,
>   "system_off", 0);
>   sc->sc_system_reset = OF_getpropint(faa->fa_node,
>   "system_reset", 0);
> + sc->sc_system_on = OF_getpropint(faa->fa_node, "cpu_on", 0);
>   }
>
>   printf("\n");
> @@ -104,6 +111,10 @@ psci_attach(struct device *parent, struct device *self, 
> void *aux)
>   powerdownfn = psci_powerdown;
>   if (sc->sc_system_reset != 0)
>   cpuresetfn = psci_reset;
> +
> + if ((_on_fn != NULL) && (sc->sc_system_on == SYSTEM_CPU_ON64)) {

Isn't the address of a global going to always be non-NULL?

> + cpu_on_fn = psci_cpu_on;
> + }
>  }
>
>  void
> @@ -121,3 +132,12 @@ psci_powerdown(void)
>   if (sc->callfn)
>   (*sc->callfn)(sc->sc_system_off, 0, 0, 0);
>  }
> +
> +int
> +psci_cpu_on(uint64_t mpidr, uint64_t pc)
> +{
> + struct psci_softc *sc = psci_sc;
> + if (sc->callfn)
> + return (*sc->callfn)(sc->sc_system_on, mpidr, pc, 0);
> + return -1;
> +}
>
>
> Dale Rahn dr...@dalerahn.com
>

Unneeded splnet()/splx() in carp(4)

[Martin Pieuchot]

carp(4), as a pseudo-interface, is always executed in the 'softnet'
thread.  Using splnet()/splx() might have been relevant when link-state
handlers where directly executed from hardware interrupt handlers.  But
nowadays everything is run under the NET_LOCK() in a thread context, so
let's get rid of these superfluous splnet()/splx() dances.

ok?

Index: netinet/ip_carp.c
===
RCS file: /cvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.302
diff -u -p -r1.302 ip_carp.c
--- netinet/ip_carp.c   20 Feb 2017 06:29:42 -  1.302
+++ netinet/ip_carp.c   7 Mar 2017 10:05:08 -
@@ -898,7 +898,6 @@ carpdetach(struct carp_softc *sc)
 {
struct ifnet *ifp0;
struct carp_if *cif;
-   int s;
 
carp_del_all_timeouts(sc);
 
@@ -926,7 +925,6 @@ carpdetach(struct carp_softc *sc)
/* Restore previous input handler. */
if_ih_remove(ifp0, carp_input, cif);
 
-   s = splnet();
if (sc->lh_cookie != NULL)
hook_disestablish(ifp0->if_linkstatehooks, sc->lh_cookie);
 
@@ -938,7 +936,6 @@ carpdetach(struct carp_softc *sc)
free(cif, M_IFADDR, sizeof(*cif));
}
sc->sc_carpdev = NULL;
-   splx(s);
 }
 
 /* Detach an interface from the carp. */
@@ -1680,7 +1677,6 @@ carp_set_ifp(struct carp_softc *sc, stru
struct carp_if *cif, *ncif = NULL;
struct carp_softc *vr, *last = NULL, *after = NULL;
int myself = 0, error = 0;
-   int s;
 
KASSERT(ifp0 != sc->sc_carpdev);
KERNEL_ASSERT_LOCKED(); /* touching vhif_vrs */
@@ -1754,9 +1750,7 @@ carp_set_ifp(struct carp_softc *sc, stru
/* Change input handler of the physical interface. */
if_ih_insert(ifp0, carp_input, cif);
 
-   s = splnet();
carp_carpdev_state(ifp0);
-   splx(s);
 
return (0);
 }

Re: Fix style.9 offenders in includes

[Jeremie Courreges-Anglas]

Frederic Cambus  writes:

> Hi tech@,
>
> Here is a diff to fix style.9 offenders in includes.
>
> Prototypes should not have variable names associated with the types.

IIRC some people just disagree with this rule.  Variable names can help
the developer, but can also clash with macro definitions.  I believe
this is why thrkill(2) uses names prefixed with '_'.  Maybe we should
amend the wording used in style(9) instead.

> Comments? OK?

ok for auth_setpwd(3), getpwnam_r(3), getpwuid_r(3) and pledge(2).

I would leave others as is, or convert them to use prefixed names.

> Index: bsd_auth.h
> ===
> RCS file: /cvs/src/include/bsd_auth.h,v
> retrieving revision 1.10
> diff -u -p -r1.10 bsd_auth.h
> --- bsd_auth.h21 Apr 2014 11:27:34 -  1.10
> +++ bsd_auth.h26 Feb 2017 23:08:15 -
> @@ -85,7 +85,7 @@ int  auth_call(auth_session_t *, char *,
>  
>  int   auth_setdata(auth_session_t *, void *, size_t);
>  int   auth_setoption(auth_session_t *, char *, char *);
> -int   auth_setpwd(auth_session_t *, struct passwd *pwd);
> +int   auth_setpwd(auth_session_t *, struct passwd *);
>  void  auth_set_va_list(auth_session_t *, __va_list);
>  
>  struct passwd *auth_getpwd(auth_session_t *);
> Index: icdb.h
> ===
> RCS file: /cvs/src/include/icdb.h,v
> retrieving revision 1.4
> diff -u -p -r1.4 icdb.h
> --- icdb.h4 Sep 2016 14:51:39 -   1.4
> +++ icdb.h26 Feb 2017 23:08:15 -
> @@ -24,20 +24,19 @@ __BEGIN_DECLS
>  
>  struct icdb;
>  
> -struct icdb *icdb_new(uint32_t version, uint32_t nentries, uint32_t 
> entrysize,
> -uint32_t nkeys, const uint32_t *keysizes, const uint32_t *keyoffsets);
> +struct icdb *icdb_new(uint32_t, uint32_t, uint32_t, uint32_t,
> +const uint32_t *, const uint32_t *);
>  
> -struct icdb *icdb_open(const char *name, int flags, uint32_t version);
> -int icdb_get(struct icdb *db, void *entry, uint32_t idx);
> -int icdb_lookup(struct icdb *db, int keynum, const void *key, void *entry,
> -uint32_t *idxp);
> -int icdb_nentries(struct icdb *db);
> -const void *icdb_entries(struct icdb *db);
> -int icdb_update(struct icdb *db, const void *entry, int offset);
> -int icdb_add(struct icdb *db, const void *entry);
> -int icdb_rehash(struct icdb *db);
> -int icdb_save(struct icdb *db, int fd);
> -int icdb_close(struct icdb *db);
> +struct icdb *icdb_open(const char *, int, uint32_t);
> +int icdb_get(struct icdb *, void *, uint32_t);
> +int icdb_lookup(struct icdb *, int, const void *, void *, uint32_t *);
> +int icdb_nentries(struct icdb *);
> +const void *icdb_entries(struct icdb *);
> +int icdb_update(struct icdb *, const void *, int);
> +int icdb_add(struct icdb *, const void *);
> +int icdb_rehash(struct icdb *);
> +int icdb_save(struct icdb *, int);
> +int icdb_close(struct icdb *);
>  
>  __END_DECLS
>  
> Index: pwd.h
> ===
> RCS file: /cvs/src/include/pwd.h,v
> retrieving revision 1.24
> diff -u -p -r1.24 pwd.h
> --- pwd.h 18 Nov 2015 16:44:46 -  1.24
> +++ pwd.h 26 Feb 2017 23:08:15 -
> @@ -96,9 +96,9 @@ struct passwd   *getpwnam(const char *);
>  struct passwd*getpwuid_shadow(uid_t);
>  struct passwd*getpwnam_shadow(const char *);
>  int  getpwnam_r(const char *, struct passwd *, char *, size_t,
> - struct passwd **result);
> -int  getpwuid_r(uid_t uid, struct passwd *, char *buf, size_t buflen,
> - struct passwd **result);
> + struct passwd **);
> +int  getpwuid_r(uid_t, struct passwd *, char *, size_t,
> + struct passwd **);
>  #if __BSD_VISIBLE || __XPG_VISIBLE
>  struct passwd*getpwent(void);
>  void  setpwent(void);
> Index: signal.h
> ===
> RCS file: /cvs/src/include/signal.h,v
> retrieving revision 1.25
> diff -u -p -r1.25 signal.h
> --- signal.h  9 May 2016 23:55:52 -   1.25
> +++ signal.h  26 Feb 2017 23:08:15 -
> @@ -124,7 +124,7 @@ int   sigaltstack(const struct sigaltstack
>  int  sigblock(int);
>  int  sigsetmask(int);
>  int  sigvec(int, struct sigvec *, struct sigvec *);
> -int  thrkill(pid_t _tid, int _signum, void *_tcb);
> +int  thrkill(pid_t, int, void *);
>  #endif
>  #endif /* __BSD_VISIBLE || __XPG_VISIBLE >= 420 */
>  #if __BSD_VISIBLE ||  __POSIX_VISIBLE >= 199309 || __XPG_VISIBLE >= 500
> Index: unistd.h
> ===
> RCS file: /cvs/src/include/unistd.h,v
> retrieving revision 1.103
> diff -u -p -r1.103 unistd.h
> --- unistd.h  12 Sep 2016 19:36:26 -  1.103
> +++ unistd.h  26 Feb 2017 23:08:15 -
> @@ -519,10 +519,10 @@ int  setresgid(gid_t, gid_t, gid_t);
>  int   setresuid(uid_t, uid_t, uid_t);
>  void  

routing sockets & splsoftnet()

[Martin Pieuchot]

Remove unnecessary splsoftnet()/splx() dances.  Routing sockets do not
need the NET_LOCK() and in the code below the SPL has been raised to
shut up an assert, so they are no longer needed.

ok?

Index: net/rtsock.c
===
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.232
diff -u -p -r1.232 rtsock.c
--- net/rtsock.c7 Mar 2017 09:23:27 -   1.232
+++ net/rtsock.c7 Mar 2017 09:43:05 -
@@ -306,7 +306,6 @@ route_senddesync(void *data)
struct rawcb*rp;
struct routecb  *rop;
struct mbuf *desync_mbuf;
-   int  s;
 
rp = (struct rawcb *)data;
rop = (struct routecb *)rp;
@@ -321,15 +320,12 @@ route_senddesync(void *data)
 */
desync_mbuf = rtm_msg1(RTM_DESYNC, NULL);
if (desync_mbuf != NULL) {
-   s = splsoftnet();
if (sbappendaddr(>rcb_socket->so_rcv, _src,
desync_mbuf, NULL) != 0) {
rop->flags &= ~ROUTECB_FLAG_DESYNC;
sorwakeup(rp->rcb_socket);
-   splx(s);
return;
}
-   splx(s);
m_freem(desync_mbuf);
}
/* Re-add timeout to try sending msg again */
@@ -343,7 +339,7 @@ route_input(struct mbuf *m0, struct sock
struct routecb *rop;
struct rt_msghdr *rtm;
struct mbuf *m = m0;
-   int s, sockets = 0;
+   int sockets = 0;
struct socket *last = NULL;
struct sockaddr *sosrc, *sodst;
 
@@ -430,7 +426,6 @@ route_input(struct mbuf *m0, struct sock
if (last) {
struct mbuf *n;
if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) != NULL) {
-   s = splsoftnet();
if (sbspace(>so_rcv) < (2 * MSIZE) ||
sbappendaddr(>so_rcv, sosrc,
n, (struct mbuf *)NULL) == 0) {
@@ -447,13 +442,11 @@ route_input(struct mbuf *m0, struct sock
sorwakeup(last);
sockets++;
}
-   splx(s);
}
}
last = rp->rcb_socket;
}
if (last) {
-   s = splsoftnet();
if (sbspace(>so_rcv) < (2 * MSIZE) ||
sbappendaddr(>so_rcv, sosrc,
m, (struct mbuf *)NULL) == 0) {
@@ -466,7 +459,6 @@ route_input(struct mbuf *m0, struct sock
sorwakeup(last);
sockets++;
}
-   splx(s);
} else
m_freem(m);
 }

Mention maximum number of allowed fonts in wsfontload.8

[Frederic Cambus]

Hi tech@,

WSDISPLAY_MAXFONTCOUNT macro was introduced in sys/dev/wscons/wsconsio.h
(revision 1.75) to limit the number of fonts that can be loaded.

Reflect that in the man page as well.

Comments? OK?

Index: usr.sbin/wsfontload/wsfontload.8
===
RCS file: /cvs/src/usr.sbin/wsfontload/wsfontload.8,v
retrieving revision 1.19
diff -u -p -r1.19 wsfontload.8
--- usr.sbin/wsfontload/wsfontload.820 Oct 2013 13:22:44 -  1.19
+++ usr.sbin/wsfontload/wsfontload.87 Mar 2017 11:25:57 -
@@ -112,6 +112,8 @@ and 12 for raster displays.
 No font files are provided with the wscons framework.
 The fonts installed by PCVT can be used instead, as can raw font files from
 other operating system distributions.
+.Pp
+A maximum of 8 fonts can be loaded.
 .Sh FILES
 .Bl -tag -width "/usr/share/misc/pcvtfonts/XX" -compact
 .\" .It Pa /etc/wscons.conf

Re: 11n support for athn(4)

[Stefan Sperling]

On Tue, Mar 07, 2017 at 07:12:43AM +0200, Timo Myyrä wrote:
> I didn't think it would improve things yet but I had the antenna so I'd figure
> I'd stick it in the AP while I'm tweaking it anyway.
> 
> Speaking of 5Ghz, my AP uses athn chipset AR9280 which seems to support 2.4Ghz
> and 5Ghz. Can I use 5Ghz with my AP to see which devices would break after 
> such
> transition. I guess I would need to get 5Ghz antenna and just stick that to my
> AP?

Don't worry about antennas.
Just pick any channel >= 36 in the list shown by 'ifconfig athn0 chan'.
You can run a scan to see which of these channels are already occupied.

On my 9280 I have 24 5GHz channels to choose from.
Some 5GHz client devices may be limited to a subset of these, but all
devices should support channels 36-48.

See 
https://en.wikipedia.org/wiki/List_of_WLAN_channels#5.C2.A0GHz_.28802.11a.2Fh.2Fj.2Fn.2Fac.29.5B18.5D
for regulatory aspects. Channels marked "DFS" should be avoided because
OpenBSD has no support for DFS yet. There is nothing technical preventing
their use, it may just not be perfectly legal to operate such an AP.
The driver sticks to TX power limits configured in hardware so indoor
use of DFS channels should be reasonably safe if it can't be avoided.
My impression is that, in practice, these rules are taken very seriously
only when running long-haul wifi links across public space.

> Can OpenBSD AP work on both frequencies at the same time or is that something
> not yet supported?

No, that won't work. The hardware can do 'multi-BSS' which we don't
yet support but I believe that just means running separate SSIDs in
parallel on the same channel.

I have two firewalls in a carp setup and run a 5GHz AP on one and a 2GHz
on the other.

Sync nfs_connect w/ sys_connect

[Martin Pieuchot]

This code is mostly a copy of what's done in sys_connect(), so sync it
to use solock()/sosleep()/sounlock() instead of splsoftnet()/splx().

ok?

Index: nfs/nfs_socket.c
===
RCS file: /cvs/src/sys/nfs/nfs_socket.c,v
retrieving revision 1.114
diff -u -p -r1.114 nfs_socket.c
--- nfs/nfs_socket.c3 Mar 2017 09:41:20 -   1.114
+++ nfs/nfs_socket.c7 Mar 2017 09:53:02 -
@@ -306,25 +306,24 @@ nfs_connect(struct nfsmount *nmp, struct
 * connect system call but with the wait timing out so
 * that interruptible mounts don't hang here for a long time.
 */
-   s = splsoftnet();
+   s = solock(so);
while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
-   (void) tsleep((caddr_t)>so_timeo, PSOCK,
-   "nfscon", 2 * hz);
+   sosleep(so, >so_timeo, PSOCK, "nfscon", 2 * hz);
if ((so->so_state & SS_ISCONNECTING) &&
so->so_error == 0 && rep &&
(error = nfs_sigintr(nmp, rep, rep->r_procp)) != 0){
so->so_state &= ~SS_ISCONNECTING;
-   splx(s);
+   sounlock(s);
goto bad;
}
}
if (so->so_error) {
error = so->so_error;
so->so_error = 0;
-   splx(s);
+   sounlock(s);
goto bad;
}
-   splx(s);
+   sounlock(s);
}
/*
 * Always set receive timeout to detect server crash and reconnect.

Fix style.9 offenders in includes

[Frederic Cambus]

Hi tech@,

Here is a diff to fix style.9 offenders in includes.

Prototypes should not have variable names associated with the types.

Comments? OK?

Index: bsd_auth.h
===
RCS file: /cvs/src/include/bsd_auth.h,v
retrieving revision 1.10
diff -u -p -r1.10 bsd_auth.h
--- bsd_auth.h  21 Apr 2014 11:27:34 -  1.10
+++ bsd_auth.h  26 Feb 2017 23:08:15 -
@@ -85,7 +85,7 @@ intauth_call(auth_session_t *, char *,
 
 int auth_setdata(auth_session_t *, void *, size_t);
 int auth_setoption(auth_session_t *, char *, char *);
-int auth_setpwd(auth_session_t *, struct passwd *pwd);
+int auth_setpwd(auth_session_t *, struct passwd *);
 voidauth_set_va_list(auth_session_t *, __va_list);
 
 struct passwd *auth_getpwd(auth_session_t *);
Index: icdb.h
===
RCS file: /cvs/src/include/icdb.h,v
retrieving revision 1.4
diff -u -p -r1.4 icdb.h
--- icdb.h  4 Sep 2016 14:51:39 -   1.4
+++ icdb.h  26 Feb 2017 23:08:15 -
@@ -24,20 +24,19 @@ __BEGIN_DECLS
 
 struct icdb;
 
-struct icdb *icdb_new(uint32_t version, uint32_t nentries, uint32_t entrysize,
-uint32_t nkeys, const uint32_t *keysizes, const uint32_t *keyoffsets);
+struct icdb *icdb_new(uint32_t, uint32_t, uint32_t, uint32_t,
+const uint32_t *, const uint32_t *);
 
-struct icdb *icdb_open(const char *name, int flags, uint32_t version);
-int icdb_get(struct icdb *db, void *entry, uint32_t idx);
-int icdb_lookup(struct icdb *db, int keynum, const void *key, void *entry,
-uint32_t *idxp);
-int icdb_nentries(struct icdb *db);
-const void *icdb_entries(struct icdb *db);
-int icdb_update(struct icdb *db, const void *entry, int offset);
-int icdb_add(struct icdb *db, const void *entry);
-int icdb_rehash(struct icdb *db);
-int icdb_save(struct icdb *db, int fd);
-int icdb_close(struct icdb *db);
+struct icdb *icdb_open(const char *, int, uint32_t);
+int icdb_get(struct icdb *, void *, uint32_t);
+int icdb_lookup(struct icdb *, int, const void *, void *, uint32_t *);
+int icdb_nentries(struct icdb *);
+const void *icdb_entries(struct icdb *);
+int icdb_update(struct icdb *, const void *, int);
+int icdb_add(struct icdb *, const void *);
+int icdb_rehash(struct icdb *);
+int icdb_save(struct icdb *, int);
+int icdb_close(struct icdb *);
 
 __END_DECLS
 
Index: pwd.h
===
RCS file: /cvs/src/include/pwd.h,v
retrieving revision 1.24
diff -u -p -r1.24 pwd.h
--- pwd.h   18 Nov 2015 16:44:46 -  1.24
+++ pwd.h   26 Feb 2017 23:08:15 -
@@ -96,9 +96,9 @@ struct passwd *getpwnam(const char *);
 struct passwd  *getpwuid_shadow(uid_t);
 struct passwd  *getpwnam_shadow(const char *);
 intgetpwnam_r(const char *, struct passwd *, char *, size_t,
-   struct passwd **result);
-intgetpwuid_r(uid_t uid, struct passwd *, char *buf, size_t buflen,
-   struct passwd **result);
+   struct passwd **);
+intgetpwuid_r(uid_t, struct passwd *, char *, size_t,
+   struct passwd **);
 #if __BSD_VISIBLE || __XPG_VISIBLE
 struct passwd  *getpwent(void);
 voidsetpwent(void);
Index: signal.h
===
RCS file: /cvs/src/include/signal.h,v
retrieving revision 1.25
diff -u -p -r1.25 signal.h
--- signal.h9 May 2016 23:55:52 -   1.25
+++ signal.h26 Feb 2017 23:08:15 -
@@ -124,7 +124,7 @@ int sigaltstack(const struct sigaltstack
 intsigblock(int);
 intsigsetmask(int);
 intsigvec(int, struct sigvec *, struct sigvec *);
-intthrkill(pid_t _tid, int _signum, void *_tcb);
+intthrkill(pid_t, int, void *);
 #endif
 #endif /* __BSD_VISIBLE || __XPG_VISIBLE >= 420 */
 #if __BSD_VISIBLE ||  __POSIX_VISIBLE >= 199309 || __XPG_VISIBLE >= 500
Index: unistd.h
===
RCS file: /cvs/src/include/unistd.h,v
retrieving revision 1.103
diff -u -p -r1.103 unistd.h
--- unistd.h12 Sep 2016 19:36:26 -  1.103
+++ unistd.h26 Feb 2017 23:08:15 -
@@ -519,10 +519,10 @@ intsetresgid(gid_t, gid_t, gid_t);
 int setresuid(uid_t, uid_t, uid_t);
 voidsetusershell(void);
 int strtofflags(char **, u_int32_t *, u_int32_t *);
-int swapctl(int cmd, const void *arg, int misc);
+int swapctl(int, const void *, int);
 int syscall(int, ...);
 int getentropy(void *, size_t);
-int pledge(const char *, const char **paths);
+int pledge(const char *, const char **);
 pid_t   __tfork_thread(const struct __tfork *, size_t, void (*)(void *),
void *);
 #endif /* __BSD_VISIBLE */

Re: 11n support for athn(4)

[Stuart Henderson]

On 2017/03/07 10:40, Stefan Sperling wrote:
> On Tue, Mar 07, 2017 at 07:12:43AM +0200, Timo Myyrä wrote:
> > Can OpenBSD AP work on both frequencies at the same time or is that 
> > something
> > not yet supported?
> 
> No, that won't work. The hardware can do 'multi-BSS' which we don't
> yet support but I believe that just means running separate SSIDs in
> parallel on the same channel.

That's correct. The hardware can also do client + hostap simultaenously,
but again only on the same channel.

APs which support simultaneous dual-band have two radios.

newfs_ext2fs: lost+found ifdefs

[Carlin Bingham]

lost+found is always created and always has been, do the ifdefs need to
stick around?

-- 
Carlin


Index: sbin/newfs_ext2fs/mke2fs.c
===
RCS file: /cvs/src/sbin/newfs_ext2fs/mke2fs.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 mke2fs.c
--- sbin/newfs_ext2fs/mke2fs.c  14 Mar 2016 20:30:34 -  1.16
+++ sbin/newfs_ext2fs/mke2fs.c  7 Mar 2017 12:20:26 -
@@ -853,39 +853,26 @@ cgoverhead(uint c)
  * Initialize the file system
  */
 
-#define LOSTDIR/* e2fsck complains if there is no lost+found */
-
 #definePREDEFDIR   2
-
-#ifdef LOSTDIR
 #definePREDEFROOTDIR   (PREDEFDIR + 1)
-#else
-#definePREDEFROOTDIR   PREDEFDIR
-#endif
 
 struct ext2fs_direct root_dir[] = {
{ EXT2_ROOTINO, 0, 1, 0, "." },
{ EXT2_ROOTINO, 0, 2, 0, ".." },
-#ifdef LOSTDIR
{ EXT2_LOSTFOUNDINO, 0, 10, 0, "lost+found" },
-#endif
 };
 
-#ifdef LOSTDIR
 struct ext2fs_direct lost_found_dir[] = {
{ EXT2_LOSTFOUNDINO, 0, 1, 0, "." },
{ EXT2_ROOTINO, 0, 2, 0, ".." },
 };
 struct ext2fs_direct pad_dir = { 0, sizeof(struct ext2fs_direct), 0, 0, "" };
-#endif
 
 int
 fsinit(const struct timeval *tv)
 {
struct ext2fs_dinode node;
-#ifdef LOSTDIR
uint i, nblks_lostfound, blk;
-#endif
 
/*
 * Initialize the inode for the resizefs feature
@@ -898,7 +885,6 @@ fsinit(const struct timeval *tv)
 * Initialize the node
 */
 
-#ifdef LOSTDIR
/*
 * Create the lost+found directory
 */
@@ -949,7 +935,7 @@ fsinit(const struct timeval *tv)
buf);
}
iput(, EXT2_LOSTFOUNDINO);
-#endif
+
/*
 * create the root directory
 */
@@ -958,9 +944,7 @@ fsinit(const struct timeval *tv)
sblock.e2fs.e2fs_features_incompat & EXT2F_INCOMPAT_FTYPE) {
root_dir[0].e2d_type = EXT2_FT_DIR;
root_dir[1].e2d_type = EXT2_FT_DIR;
-#ifdef LOSTDIR
root_dir[2].e2d_type = EXT2_FT_DIR;
-#endif
}
node.e2di_mode = EXT2_IFDIR | EXT2_UMASK;
node.e2di_uid_low = geteuid();

Re: priq: proposed change in the behavior

[Mike Belopuhov]

On 7 March 2017 at 10:13, Martin Pieuchot  wrote:
> On 06/03/17(Mon) 23:13, Mike Belopuhov wrote:
>> On Thu, Mar 02, 2017 at 14:23 +0100, Mike Belopuhov wrote:
>> > On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote:
>> > > the current code has been very careful not to free an mbuf while
>> > > holding the ifq mutex. i would prefer to keep it that way.
>> > >
>> > > the least worst way to do that would be to return the mbuf to be
>> > > dropped for ifq_enqueue to free. this is complicated because of the
>> > > semantics that ifq_enqueue_try provides, but nothing uses that so
>> > > we can get rid of it to support this.
>> > >
>> > > the diff below makes the ifq enq op return an mbuf to be freed, and
>> > > gets rid of ifq_enqueue_try. that in turn should let you return
>> > > this mbuf here rather than free it directly.
>> > >
>> >
>> > The diff is OK by me provided that a fix like the one below is
>> > included.  We only need to return ENOBUFS when we've dropped
>> > the very packet we were trying to enqueue since the error is
>> > propagated up the stack to the userland.
>> >
>>
>>
>> Correction: we should do the "ifq->ifq_len++" block when we've
>> successfully enqueued the packet we had.  dm can refer to some
>> other one, so technically queue stats need to be adjusted.
>
> I'm puzzled, if dm is not NULL we dropped a packet, no?  In that
> case the length of the queue did not change.  So ``ifq_len''
> shouldn't be updated, right?
>

dlg has committed a cleaner version, but you're correct.  the queue
length shouldn't be updated.  that was an oversight.

Re: priq: convert to mbuf lists

[Mike Belopuhov]

On 7 March 2017 at 02:32, David Gwynne  wrote:
>
>> On 2 Mar 2017, at 21:19, Mike Belopuhov  wrote:
>>
>> On Thu, Mar 02, 2017 at 10:11 +0100, Martin Pieuchot wrote:
>>> On 02/03/17(Thu) 01:16, Mike Belopuhov wrote:
 On 2 March 2017 at 00:56, David Gwynne  wrote:
>
>> On 2 Mar 2017, at 06:43, Mike Belopuhov  wrote:
>>
>> This convers hand rolled lists into exactly the same mbuf_lists.
>> I need this because of the next diff that uses the ml_len packet
>> counter that mbuf_lists have.  Otherwise there's no functional
>> change.
>
> i didnt use mbuf lists here because they have an extra counter
> that isnt, or wasnt, needed.
>
> im not sure you need to know how long a list is in your later
> diff, you just need to know if it is not empty. you can do that
> by checking if the head is NULL.
>

 true, i was thinking about clarifying this, but i like the
 "declarativeness" of the length check.  i don't think that an
 extra counter is a big deal.  also mbuf lists make this code look
 simpler which is a good thing, imo.
>>>
>>> I agree.  I find the code much easier to understand with mikeb@'s diff.
>>>
>>> IMHO we should avoid hand-rolled lists.
>>>
>>> ok mpi@
>>>
>>
>> Here's an updated diff with suggestions from bluhm@ and it's
>> even slimmer now but I don't mind either way.  If David isn't
>> comfortable with this change, we don't have to do it.
>
> im really not keen, but i guess i will submit to populism if
> everyone else feels strongly about this.
>

I've pondered it a bit more and while I didn't think I care too
much, while rebasing I've realised that I'd be doing a disservice
for everyone coming later to this code.  What tipped the scales
was how you used priq_deq_commit in the last diff for the lack
of better API and I thought hell, there is a better API: mbuf_lists.
It's just much more fitting.  You've even invented it yourself!

And besides I'm of opinion that priq_deq_begin and priq_deq_commit
existence is purely accidental and they should be merged and drivers
using them are doing it wrong from the QoS point of view (albeit not
so much from the priq PoV).

USB use-after-fruit

[Martin Pieuchot]

ehrhardt@ reported to me a use-after-free in USB polling mode, turns out
it's a design problem.  That means there's a lot of them.  That's scary.

Diff below is a small piece of a huge fix.  It concerns root hub codes. 

To keep it short, it is not safe to dereference ``xfer'' after having
called usb_transfer_complete().  Internally usb_transfer_complete()
calls a callback that in some situations free the ``xfer''.

So in this case we should not return USBD_IN_PROGRESS, because doing
so will make usb_transfer() do the following check:

341:s = splusb();
342:while (!xfer->done) {
...

...and that's a user-after-free.

Instead return USBD_NORMAL_COMPLETION or the corresponding error code.

Index: ehci.c
===
RCS file: /cvs/src/sys/dev/usb/ehci.c,v
retrieving revision 1.195
diff -u -p -r1.195 ehci.c
--- ehci.c  8 Nov 2016 10:31:30 -   1.195
+++ ehci.c  7 Mar 2017 14:58:12 -
@@ -2170,7 +2170,7 @@ ehci_root_ctrl_start(struct usbd_xfer *x
s = splusb();
usb_transfer_complete(xfer);
splx(s);
-   return (USBD_IN_PROGRESS);
+   return (err);
 }
 
 void
Index: ohci.c
===
RCS file: /cvs/src/sys/dev/usb/ohci.c,v
retrieving revision 1.147
diff -u -p -r1.147 ohci.c
--- ohci.c  15 Sep 2016 02:00:17 -  1.147
+++ ohci.c  7 Mar 2017 14:58:33 -
@@ -2587,7 +2587,7 @@ ohci_root_ctrl_start(struct usbd_xfer *x
s = splusb();
usb_transfer_complete(xfer);
splx(s);
-   return (USBD_IN_PROGRESS);
+   return (err);
 }
 
 /* Abort a root control request. */
Index: uhci.c
===
RCS file: /cvs/src/sys/dev/usb/uhci.c,v
retrieving revision 1.140
diff -u -p -r1.140 uhci.c
--- uhci.c  2 Feb 2017 22:31:05 -   1.140
+++ uhci.c  7 Mar 2017 14:59:26 -
@@ -3231,7 +3231,7 @@ uhci_root_ctrl_start(struct usbd_xfer *x
s = splusb();
usb_transfer_complete(xfer);
splx(s);
-   return (USBD_IN_PROGRESS);
+   return (err);
 }
 
 /* Abort a root control request. */
Index: usbdi.c
===
RCS file: /cvs/src/sys/dev/usb/usbdi.c,v
retrieving revision 1.87
diff -u -p -r1.87 usbdi.c
--- usbdi.c 6 Mar 2017 12:13:58 -   1.87
+++ usbdi.c 7 Mar 2017 14:59:25 -
@@ -322,7 +322,7 @@ usbd_transfer(struct usbd_xfer *xfer)
 
err = pipe->methods->transfer(xfer);
 
-   if (err != USBD_IN_PROGRESS && err) {
+   if (err != USBD_IN_PROGRESS && err != USBD_NORMAL_COMPLETION) {
/* The transfer has not been queued, so free buffer. */
if (xfer->rqflags & URQ_AUTO_DMABUF) {
struct usbd_bus *bus = pipe->device->bus;
Index: xhci.c
===
RCS file: /cvs/src/sys/dev/usb/xhci.c,v
retrieving revision 1.70
diff -u -p -r1.70 xhci.c
--- xhci.c  8 Nov 2016 10:31:30 -   1.70
+++ xhci.c  7 Mar 2017 14:58:23 -
@@ -2366,7 +2366,7 @@ ret:
s = splusb();
usb_transfer_complete(xfer);
splx(s);
-   return (USBD_IN_PROGRESS);
+   return (err);
 }
 
 
Index: dwc2/dwc2.c
===
RCS file: /cvs/src/sys/dev/usb/dwc2/dwc2.c,v
retrieving revision 1.41
diff -u -p -r1.41 dwc2.c
--- dwc2/dwc2.c 16 Feb 2017 14:09:00 -  1.41
+++ dwc2/dwc2.c 7 Mar 2017 14:59:26 -
@@ -874,7 +874,7 @@ fail:
usb_transfer_complete(xfer);
splx(s);
 
-   return USBD_IN_PROGRESS;
+   return err;
 }
 
 STATIC void

ip_ipip.c / gif(4) percpu counters

[Jeremie Courreges-Anglas]

I failed to find a nice place where to initialize the counters.  The
code that uses counters is reachable even if gif(4) isn't compiled in.

I can think of 3 obvious ways to call the init function.

1. call ipip_init() through .pr_init.  The idea would be to call
   ipip_init() once per protosw entry that needs it, so the function
   should return early if it was already run.

2. call ipip_init() from ip_init(), after all ip_init() is always
   compiled in.

3. call ipip_init() from init_main.c.

The diff implements option 3, but what do you folks prefer?
Thoughts / ok?


Index: kern/init_main.c
===
RCS file: /d/cvs/src/sys/kern/init_main.c,v
retrieving revision 1.267
diff -u -p -r1.267 init_main.c
--- kern/init_main.c6 Mar 2017 10:48:16 -   1.267
+++ kern/init_main.c7 Mar 2017 14:20:17 -
@@ -147,6 +147,7 @@ voidtaskq_init(void);
 void   timeout_proc_init(void);
 void   pool_gc_pages(void *);
 void   percpu_init(void);
+void   ipip_init(void);
 
 extern char sigcode[], esigcode[], sigcoderet[];
 #ifdef SYSCALL_DEBUG
@@ -364,6 +365,9 @@ main(void *framep)
 
/* Per CPU memory allocation */
percpu_init();
+
+   /* IP-in-IP memory allocation */
+   ipip_init();
 
/* Initialize the file systems. */
 #if defined(NFSSERVER) || defined(NFSCLIENT)
Index: netinet/ip_ipip.c
===
RCS file: /d/cvs/src/sys/netinet/ip_ipip.c,v
retrieving revision 1.71
diff -u -p -r1.71 ip_ipip.c
--- netinet/ip_ipip.c   29 Jan 2017 19:58:47 -  1.71
+++ netinet/ip_ipip.c   7 Mar 2017 14:20:17 -
@@ -84,7 +84,14 @@
  */
 int ipip_allow = 0;
 
-struct ipipstat ipipstat;
+struct cpumem *ipipcounters;
+
+void
+ipip_init(void)
+{
+   if (ipipcounters == NULL)
+   ipipcounters = counters_alloc(ipips_ncounters);
+}
 
 /*
  * Really only a wrapper for ipip_input(), for use with pr_input.
@@ -95,7 +102,7 @@ ip4_input(struct mbuf **mp, int *offp, i
/* If we do not accept IP-in-IP explicitly, drop.  */
if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) {
DPRINTF(("ip4_input(): dropped due to policy\n"));
-   ipipstat.ipips_pdrops++;
+   ipipstat_inc(ipips_pdrops);
m_freem(*mp);
return IPPROTO_DONE;
}
@@ -129,7 +136,7 @@ ipip_input(struct mbuf **mp, int *offp, 
u_int8_t v;
sa_family_t af;
 
-   ipipstat.ipips_ipackets++;
+   ipipstat_inc(ipips_ipackets);
 
m_copydata(m, 0, 1, );
 
@@ -143,7 +150,7 @@ ipip_input(struct mbuf **mp, int *offp, 
break;
 #endif
default:
-   ipipstat.ipips_family++;
+   ipipstat_inc(ipips_family);
m_freem(m);
return IPPROTO_DONE;
}
@@ -152,7 +159,7 @@ ipip_input(struct mbuf **mp, int *offp, 
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("ipip_input(): m_pullup() failed\n"));
-   ipipstat.ipips_hdrops++;
+   ipipstat_inc(ipips_hdrops);
return IPPROTO_DONE;
}
}
@@ -179,7 +186,7 @@ ipip_input(struct mbuf **mp, int *offp, 
 
/* Sanity check */
if (m->m_pkthdr.len < sizeof(struct ip)) {
-   ipipstat.ipips_hdrops++;
+   ipipstat_inc(ipips_hdrops);
m_freem(m);
return IPPROTO_DONE;
}
@@ -195,7 +202,7 @@ ipip_input(struct mbuf **mp, int *offp, 
break;
 #endif
default:
-   ipipstat.ipips_family++;
+   ipipstat_inc(ipips_family);
m_freem(m);
return IPPROTO_DONE;
}
@@ -206,7 +213,7 @@ ipip_input(struct mbuf **mp, int *offp, 
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("ipip_input(): m_pullup() failed\n"));
-   ipipstat.ipips_hdrops++;
+   ipipstat_inc(ipips_hdrops);
return IPPROTO_DONE;
}
}
@@ -229,7 +236,7 @@ ipip_input(struct mbuf **mp, int *offp, 
ECN_ALLOWED_IPSEC : ECN_ALLOWED;
if (!ip_ecn_egress(mode, , >ip_tos)) {
DPRINTF(("ipip_input(): ip_ecn_egress() failed"));
-   ipipstat.ipips_pdrops++;
+   ipipstat_inc(ipips_pdrops);
m_freem(m);
return IPPROTO_DONE;
}
@@ -249,7 +256,7 @@ ipip_input(struct mbuf **mp, int *offp, 
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if (!ip_ecn_egress(ECN_ALLOWED, , )) {
DPRINTF(("ipip_input(): ip_ecn_egress() failed"));
-   ipipstat.ipips_pdrops++;
+ 

etherip(4) counters tweak

[Jeremie Courreges-Anglas]

The diff below renames the members of struct etheripstat to match other
*stat counters: "etherip_foo" -> "etherips_foo".  It also moves them all
to u_int64_t to mkae the conversion to percpu counters cleaner.

https://codesearch.debian.net/search?q=etheripstat returns no match and
shells/nsh doesn't use this, so I think it's safe ports-wise - I can
handle the fallout anyway.

ok?


Index: net/if_etherip.c
===
RCS file: /d/cvs/src/sys/net/if_etherip.c,v
retrieving revision 1.14
diff -u -p -r1.14 if_etherip.c
--- net/if_etherip.c29 Jan 2017 19:58:47 -  1.14
+++ net/if_etherip.c7 Mar 2017 17:28:35 -
@@ -366,7 +366,7 @@ ip_etherip_output(struct ifnet *ifp, str
 
M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT);
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return ENOBUFS;
}
eip = mtod(m, struct etherip_header *);
@@ -376,7 +376,7 @@ ip_etherip_output(struct ifnet *ifp, str
 
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return ENOBUFS;
}
ip = mtod(m, struct ip *);
@@ -397,8 +397,8 @@ ip_etherip_output(struct ifnet *ifp, str
 #if NPF > 0
pf_pkt_addr_changed(m);
 #endif
-   etheripstat.etherip_opackets++;
-   etheripstat.etherip_obytes += (m->m_pkthdr.len -
+   etheripstat.etherips_opackets++;
+   etheripstat.etherips_obytes += (m->m_pkthdr.len -
(sizeof(struct ip) + sizeof(struct etherip_header)));
 
return ip_output(m, NULL, NULL, IP_RAWOUTPUT, NULL, NULL, 0);
@@ -425,7 +425,7 @@ ip_etherip_input(struct mbuf **mp, int *
 
if (!etherip_allow) {
m_freem(m);
-   etheripstat.etherip_pdrops++;
+   etheripstat.etherips_pdrops++;
return IPPROTO_DONE;
}
 
@@ -455,7 +455,7 @@ ip_etherip_input(struct mbuf **mp, int *
 */
return etherip_input(mp, offp, proto);
 #else
-   etheripstat.etherip_noifdrops++;
+   etheripstat.etherips_noifdrops++;
m_freem(m);
return IPPROTO_DONE;
 #endif /* NGIF */
@@ -464,25 +464,25 @@ ip_etherip_input(struct mbuf **mp, int *
m_adj(m, *offp);
m = m_pullup(m, sizeof(struct etherip_header));
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return IPPROTO_DONE;
}
 
eip = mtod(m, struct etherip_header *);
if (eip->eip_ver != ETHERIP_VERSION || eip->eip_pad) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
m_freem(m);
return IPPROTO_DONE;
}
 
-   etheripstat.etherip_ipackets++;
-   etheripstat.etherip_ibytes += (m->m_pkthdr.len -
+   etheripstat.etherips_ipackets++;
+   etheripstat.etherips_ibytes += (m->m_pkthdr.len -
sizeof(struct etherip_header));
 
m_adj(m, sizeof(struct etherip_header));
m = m_pullup(m, sizeof(struct ether_header));
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return IPPROTO_DONE;
}
m->m_flags &= ~(M_BCAST|M_MCAST);
@@ -523,7 +523,7 @@ ip6_etherip_output(struct ifnet *ifp, st
 
M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT);
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return ENOBUFS;
}
eip = mtod(m, struct etherip_header *);
@@ -533,7 +533,7 @@ ip6_etherip_output(struct ifnet *ifp, st
 
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == NULL) {
-   etheripstat.etherip_adrops++;
+   etheripstat.etherips_adrops++;
return ENOBUFS;
}
ip6 = mtod(m, struct ip6_hdr *);
@@ -555,8 +555,8 @@ ip6_etherip_output(struct ifnet *ifp, st
 #if NPF > 0
pf_pkt_addr_changed(m);
 #endif
-   etheripstat.etherip_opackets++;
-   etheripstat.etherip_obytes += (m->m_pkthdr.len -
+   etheripstat.etherips_opackets++;
+   etheripstat.etherips_obytes += (m->m_pkthdr.len -
(sizeof(struct ip6_hdr) + sizeof(struct etherip_header)));
 
return ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL);
@@ -581,7 +581,7 @@ ip6_etherip_input(struct mbuf **mp, int 
 
if (!etherip_allow) {
m_freem(m);
-   etheripstat.etherip_pdrops++;
+   etheripstat.etherips_pdrops++;
return IPPROTO_NONE;
}
 
@@ -615,7 +615,7 @@ ip6_etherip_input(struct mbuf **mp, int 
 */
return 

Re: ip_ipip.c / gif(4) percpu counters

[Alexander Bluhm]

On Tue, Mar 07, 2017 at 06:16:30PM +0100, Jeremie Courreges-Anglas wrote:
> 
> I failed to find a nice place where to initialize the counters.  The
> code that uses counters is reachable even if gif(4) isn't compiled in.
> 
> I can think of 3 obvious ways to call the init function.
> 
> 1. call ipip_init() through .pr_init.  The idea would be to call
>ipip_init() once per protosw entry that needs it, so the function
>should return early if it was already run.
> 
> 2. call ipip_init() from ip_init(), after all ip_init() is always
>compiled in.
> 
> 3. call ipip_init() from init_main.c.
> 
> The diff implements option 3, but what do you folks prefer?
> Thoughts / ok?

I would use option 2 as ip_ipip.c is always comiled in.  Then you
don't need the "if (ipipcounters == NULL)" check.

OK bluhm@

> 
> 
> Index: kern/init_main.c
> ===
> RCS file: /d/cvs/src/sys/kern/init_main.c,v
> retrieving revision 1.267
> diff -u -p -r1.267 init_main.c
> --- kern/init_main.c  6 Mar 2017 10:48:16 -   1.267
> +++ kern/init_main.c  7 Mar 2017 14:20:17 -
> @@ -147,6 +147,7 @@ void  taskq_init(void);
>  void timeout_proc_init(void);
>  void pool_gc_pages(void *);
>  void percpu_init(void);
> +void ipip_init(void);
>  
>  extern char sigcode[], esigcode[], sigcoderet[];
>  #ifdef SYSCALL_DEBUG
> @@ -364,6 +365,9 @@ main(void *framep)
>  
>   /* Per CPU memory allocation */
>   percpu_init();
> +
> + /* IP-in-IP memory allocation */
> + ipip_init();
>  
>   /* Initialize the file systems. */
>  #if defined(NFSSERVER) || defined(NFSCLIENT)
> Index: netinet/ip_ipip.c
> ===
> RCS file: /d/cvs/src/sys/netinet/ip_ipip.c,v
> retrieving revision 1.71
> diff -u -p -r1.71 ip_ipip.c
> --- netinet/ip_ipip.c 29 Jan 2017 19:58:47 -  1.71
> +++ netinet/ip_ipip.c 7 Mar 2017 14:20:17 -
> @@ -84,7 +84,14 @@
>   */
>  int ipip_allow = 0;
>  
> -struct ipipstat ipipstat;
> +struct cpumem *ipipcounters;
> +
> +void
> +ipip_init(void)
> +{
> + if (ipipcounters == NULL)
> + ipipcounters = counters_alloc(ipips_ncounters);
> +}
>  
>  /*
>   * Really only a wrapper for ipip_input(), for use with pr_input.
> @@ -95,7 +102,7 @@ ip4_input(struct mbuf **mp, int *offp, i
>   /* If we do not accept IP-in-IP explicitly, drop.  */
>   if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) {
>   DPRINTF(("ip4_input(): dropped due to policy\n"));
> - ipipstat.ipips_pdrops++;
> + ipipstat_inc(ipips_pdrops);
>   m_freem(*mp);
>   return IPPROTO_DONE;
>   }
> @@ -129,7 +136,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   u_int8_t v;
>   sa_family_t af;
>  
> - ipipstat.ipips_ipackets++;
> + ipipstat_inc(ipips_ipackets);
>  
>   m_copydata(m, 0, 1, );
>  
> @@ -143,7 +150,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   break;
>  #endif
>   default:
> - ipipstat.ipips_family++;
> + ipipstat_inc(ipips_family);
>   m_freem(m);
>   return IPPROTO_DONE;
>   }
> @@ -152,7 +159,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   if (m->m_len < hlen) {
>   if ((m = m_pullup(m, hlen)) == NULL) {
>   DPRINTF(("ipip_input(): m_pullup() failed\n"));
> - ipipstat.ipips_hdrops++;
> + ipipstat_inc(ipips_hdrops);
>   return IPPROTO_DONE;
>   }
>   }
> @@ -179,7 +186,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>  
>   /* Sanity check */
>   if (m->m_pkthdr.len < sizeof(struct ip)) {
> - ipipstat.ipips_hdrops++;
> + ipipstat_inc(ipips_hdrops);
>   m_freem(m);
>   return IPPROTO_DONE;
>   }
> @@ -195,7 +202,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   break;
>  #endif
>   default:
> - ipipstat.ipips_family++;
> + ipipstat_inc(ipips_family);
>   m_freem(m);
>   return IPPROTO_DONE;
>   }
> @@ -206,7 +213,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   if (m->m_len < hlen) {
>   if ((m = m_pullup(m, hlen)) == NULL) {
>   DPRINTF(("ipip_input(): m_pullup() failed\n"));
> - ipipstat.ipips_hdrops++;
> + ipipstat_inc(ipips_hdrops);
>   return IPPROTO_DONE;
>   }
>   }
> @@ -229,7 +236,7 @@ ipip_input(struct mbuf **mp, int *offp, 
>   ECN_ALLOWED_IPSEC : ECN_ALLOWED;
>   if (!ip_ecn_egress(mode, , >ip_tos)) {
>   DPRINTF(("ipip_input(): ip_ecn_egress() failed"));
> - ipipstat.ipips_pdrops++;
> + ipipstat_inc(ipips_pdrops);
>   m_freem(m);
>   return 

Re: etherip(4) counters tweak

[Alexander Bluhm]

On Tue, Mar 07, 2017 at 06:53:56PM +0100, Jeremie Courreges-Anglas wrote:
> 
> The diff below renames the members of struct etheripstat to match other
> *stat counters: "etherip_foo" -> "etherips_foo".  It also moves them all
> to u_int64_t to mkae the conversion to percpu counters cleaner.
> 
> https://codesearch.debian.net/search?q=etheripstat returns no match and
> shells/nsh doesn't use this, so I think it's safe ports-wise - I can
> handle the fallout anyway.
> 
> ok?

I like consistency.  OK bluhm@
But remember to convert src/usr.bin/netstat/inet.c.

> Index: net/if_etherip.c
> ===
> RCS file: /d/cvs/src/sys/net/if_etherip.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 if_etherip.c
> --- net/if_etherip.c  29 Jan 2017 19:58:47 -  1.14
> +++ net/if_etherip.c  7 Mar 2017 17:28:35 -
> @@ -366,7 +366,7 @@ ip_etherip_output(struct ifnet *ifp, str
>  
>   M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT);
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return ENOBUFS;
>   }
>   eip = mtod(m, struct etherip_header *);
> @@ -376,7 +376,7 @@ ip_etherip_output(struct ifnet *ifp, str
>  
>   M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return ENOBUFS;
>   }
>   ip = mtod(m, struct ip *);
> @@ -397,8 +397,8 @@ ip_etherip_output(struct ifnet *ifp, str
>  #if NPF > 0
>   pf_pkt_addr_changed(m);
>  #endif
> - etheripstat.etherip_opackets++;
> - etheripstat.etherip_obytes += (m->m_pkthdr.len -
> + etheripstat.etherips_opackets++;
> + etheripstat.etherips_obytes += (m->m_pkthdr.len -
>   (sizeof(struct ip) + sizeof(struct etherip_header)));
>  
>   return ip_output(m, NULL, NULL, IP_RAWOUTPUT, NULL, NULL, 0);
> @@ -425,7 +425,7 @@ ip_etherip_input(struct mbuf **mp, int *
>  
>   if (!etherip_allow) {
>   m_freem(m);
> - etheripstat.etherip_pdrops++;
> + etheripstat.etherips_pdrops++;
>   return IPPROTO_DONE;
>   }
>  
> @@ -455,7 +455,7 @@ ip_etherip_input(struct mbuf **mp, int *
>*/
>   return etherip_input(mp, offp, proto);
>  #else
> - etheripstat.etherip_noifdrops++;
> + etheripstat.etherips_noifdrops++;
>   m_freem(m);
>   return IPPROTO_DONE;
>  #endif /* NGIF */
> @@ -464,25 +464,25 @@ ip_etherip_input(struct mbuf **mp, int *
>   m_adj(m, *offp);
>   m = m_pullup(m, sizeof(struct etherip_header));
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return IPPROTO_DONE;
>   }
>  
>   eip = mtod(m, struct etherip_header *);
>   if (eip->eip_ver != ETHERIP_VERSION || eip->eip_pad) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   m_freem(m);
>   return IPPROTO_DONE;
>   }
>  
> - etheripstat.etherip_ipackets++;
> - etheripstat.etherip_ibytes += (m->m_pkthdr.len -
> + etheripstat.etherips_ipackets++;
> + etheripstat.etherips_ibytes += (m->m_pkthdr.len -
>   sizeof(struct etherip_header));
>  
>   m_adj(m, sizeof(struct etherip_header));
>   m = m_pullup(m, sizeof(struct ether_header));
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return IPPROTO_DONE;
>   }
>   m->m_flags &= ~(M_BCAST|M_MCAST);
> @@ -523,7 +523,7 @@ ip6_etherip_output(struct ifnet *ifp, st
>  
>   M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT);
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return ENOBUFS;
>   }
>   eip = mtod(m, struct etherip_header *);
> @@ -533,7 +533,7 @@ ip6_etherip_output(struct ifnet *ifp, st
>  
>   M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
>   if (m == NULL) {
> - etheripstat.etherip_adrops++;
> + etheripstat.etherips_adrops++;
>   return ENOBUFS;
>   }
>   ip6 = mtod(m, struct ip6_hdr *);
> @@ -555,8 +555,8 @@ ip6_etherip_output(struct ifnet *ifp, st
>  #if NPF > 0
>   pf_pkt_addr_changed(m);
>  #endif
> - etheripstat.etherip_opackets++;
> - etheripstat.etherip_obytes += (m->m_pkthdr.len -
> + etheripstat.etherips_opackets++;
> + etheripstat.etherips_obytes += (m->m_pkthdr.len -
>   (sizeof(struct ip6_hdr) + sizeof(struct etherip_header)));
>  
>   return ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL);
> @@ -581,7 +581,7 @@ ip6_etherip_input(struct mbuf **mp, int 
>  
>   if (!etherip_allow) {
>   m_freem(m);
> - 

Re: tcpdump: etherip fix

[David Gwynne]

> On 8 Mar 2017, at 16:29, Jeremie Courreges-Anglas  wrote:
> 
> 
>  https://tools.ietf.org/html/draft-housley-etherip-01
> 
> still proposes a 1 byte header, the first nibble is the version (2).
> The published RFC specifies version 3 and a two bytes header.
> 
>  https://tools.ietf.org/html/rfc3378
> 
> print-etherip.c almost gets it right when trying to interpret the
> version.  Here's a diff to fix it.
> 
> Using tcpdump -envvvttt, before:
> 
> Mar 08 04:21:03.258703 fe:e1:ba:d1:94:57 fe:e1:ba:d1:94:56 0800 134: etherip 
> 10.64.20.2 > 10.64.20.1 ver unknown len 100 [tos 0x10] (ttl 64, id 33731, len 
> 120)
> Mar 08 04:21:03.259136 fe:e1:ba:d1:94:56 fe:e1:ba:d1:94:57 0800 134: etherip 
> 10.64.20.1 > 10.64.20.2 ver unknown len 100 [tos 0x10] (ttl 64, id 56533, len 
> 120)
> 
> After:
> 
> Mar 08 04:21:56.786890 fe:e1:ba:d1:94:57 fe:e1:ba:d1:94:56 0800 134: etherip 
> 10.64.20.2 > 10.64.20.1 ver 3 len 100: fe:e1:ba:d1:94:58 fe:e1:ba:d0:18:c3 
> 0800 98: 10.64.64.3 > 10.64.64.1: icmp: echo request (id:9d1b seq:8359) (ttl 
> 255, id 7825, len 84) [tos 0x10] (ttl 64, id 61952, len 120)
> Mar 08 04:21:56.787106 fe:e1:ba:d1:94:56 fe:e1:ba:d1:94:57 0800 134: etherip 
> 10.64.20.1 > 10.64.20.2 ver 3 len 100: fe:e1:ba:d0:18:c3 fe:e1:ba:d1:94:58 
> 0800 98: 10.64.64.1 > 10.64.64.3: icmp: echo reply (id:9d1b seq:8359) (ttl 
> 255, id 31193, len 84) [tos 0x10] (ttl 64, id 35562, len 120)
> 
> ok?

ok.

> 
> 
> Index: print-etherip.c
> ===
> RCS file: /d/cvs/src/usr.sbin/tcpdump/print-etherip.c,v
> retrieving revision 1.8
> diff -u -p -p -u -r1.8 print-etherip.c
> --- print-etherip.c   16 Jan 2015 06:40:21 -  1.8
> +++ print-etherip.c   8 Mar 2017 06:21:22 -
> @@ -72,7 +72,7 @@ etherip_print(const u_char *bp, u_int ca
>   printf("etherip %s > %s ver ", ipaddr_string(>ip_src),
>   ipaddr_string(>ip_dst));
> 
> - switch ((*pbuf) & 0xf) {
> + switch (*pbuf >> 4) {
>   case 2:
>   hlen = 1;
>   printf("%d", 2);
> 
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
> 

Re: acme-client -t switch?

[Stuart Henderson]

On 2017/03/07 13:24, Devin Reade wrote:
> Expanding on my previous email, it looks like the git version of
> acme-client has a different implementation than what was implemented
> in the version first committed (and later removed) from the OpenBSD
> CVS sources.  The latter (CVS) version was calling "doas sh ..."
> whereas the former (git) version writes challenges to stdout which
> can then be processed by the invoking program.  Looking at the logs,
> it appears the git version is a reworking of the functionality.
> 
> For the record, I was asking about introducing the mechanism (stdout)
> currently used by the git version.
> 
> Devin
> 

Both OpenBSD's version and the original have seen independent changes
after import, they have now diverged quite a lot.

Since this came up.. what does anyone think about adding the original
version back to ports? (personally, I could do with moving things away
from the python version, but I need dns-01..)

tcsetpgrp(3) can set errno to EINTR

[Todd C. Miller]

If tcsetpgrp() is called by a background process and there is a
SIGTTOU handler installed without SA_RESTART set, tcsetpgrp() will
return -1 and set errno to EINTR.

Index: lib/libc/termios/tcsetpgrp.3
===
RCS file: /cvs/src/lib/libc/termios/tcsetpgrp.3,v
retrieving revision 1.13
diff -u -p -u -r1.13 tcsetpgrp.3
--- lib/libc/termios/tcsetpgrp.310 Jul 2016 00:48:21 -  1.13
+++ lib/libc/termios/tcsetpgrp.37 Mar 2017 18:47:51 -
@@ -77,6 +77,10 @@ is set to indicate the error, as follows
 The
 .Fa fd
 argument is not a valid file descriptor.
+.It Bq Er EINTR
+The
+.Fn tcsetpgrp
+function was interrupted by a signal.
 .It Bq Er EINVAL
 An invalid value of
 .Fa pgrp_id

acme-client missing man-page bug item?

[Devin Reade]

I'm testing a git-based version of acme-client on OpenBSD 6.0 at the
moment and visually comparing source with that in CVS, but this is
relevant to OpenBSD 6.1 so bear with me here.

In the git version in revokeproc.c about line 237 we see the following
comment following the "Parse the SAN line" text:

   we don't allowing removing domains from certificates

This behavior matches what I saw empirically, which is why I went
looking at the source.

Inspection of the OpenBSD CVS source, although it doesn't have that
comment, appears to follow the same logic.  I'm still wading through
the ACME protocol spec, but so far I've not seen anything that would
prohibit removal of the domain.

So my question is: Is this behavior something that should be mentioned
in the BUGS section of the man page?  Or am I missing something in the
protocol spec?

To be clear, this would exhibit itself if you took a running
configuration of:

   domain example.com {
   alternative names { secure.example.com www.example.com }
   ...
   }

and changed it to:

   domain example.com {
   alternative names { www.example.com }
   ...
   }


Devin

acme-client -t switch?

[Devin Reade]

So I was looking to use acme-client's "-t" switch to orchestrate the
creation of certificates for non-HTTPS use and off-machine use.
However I see that it was removed in main.c version 1.15 in the
OpenBSD source tree.

(I'm currently testing acme-client via git on OpenBSD 6.0.)

Would folks be amenable to patches that would allow re-introducing
this switch?

Although I'm open to suggestions/comments on the approach, my intent
was to create a perl program / modules for CPAN that would use acme-client
to support both the dns-01 challenge and shipping certificates to
other machines (think of the IMAPS use case, as an example).

Devin