skip pflog interfaces in pcap_lookupdev()
Running tcpdump with no -i arg finds a good interface to listen on by default on many machines, but on my laptop it finds pflog0 before urtwn0. Can we skip pflog interfaces like loopbacks? I had a version that looked up the interface in the egress group but this is much simpler since pflog0 is usually the only other up interface that isn't important. Index: lib/libpcap/inet.c === RCS file: /cvs/src/lib/libpcap/inet.c,v retrieving revision 1.19 diff -u -p -u -p -r1.19 inet.c --- lib/libpcap/inet.c 26 Mar 2006 20:58:50 - 1.19 +++ lib/libpcap/inet.c 8 Aug 2013 05:10:19 - @@ -141,6 +141,8 @@ pcap_lookupdev(errbuf) continue; if (ISLOOPBACK(ifa-ifa_name, ifa-ifa_flags)) continue; + if (!strncmp(ifa-ifa_name, pflog, 5)) + continue; for (cp = ifa-ifa_name; !isdigit(*cp); ++cp) continue; n = atoi(cp);
Constify the null sockaddr in arp_rtrequest()
arp_rtrequest() uses a default static sockaddr_dl which is only used read-only: it is copied by rt_setgate(). I'd like to constify this structure to make it clear no value can be trashed if code using it is run in parallel. Also remove another reference to the name of the variable to make it clear it is used only once. ok? Index: netinet/if_ether.c === RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v retrieving revision 1.103 diff -u -p -r1.103 if_ether.c --- netinet/if_ether.c 1 Aug 2013 08:27:43 - 1.103 +++ netinet/if_ether.c 8 Aug 2013 10:31:34 - @@ -112,6 +112,8 @@ voiddb_print_llinfo(caddr_t); intdb_show_radix_node(struct radix_node *, void *, u_int); #endif +static const struct sockaddr_dl null_sdl = { sizeof(null_sdl), AF_LINK }; + /* * Timeout routine. Age arp_tab entries periodically. */ @@ -143,7 +145,6 @@ arp_rtrequest(int req, struct rtentry *r { struct sockaddr *gate = rt-rt_gateway; struct llinfo_arp *la = (struct llinfo_arp *)rt-rt_llinfo; - static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; struct in_ifaddr *ia; struct ifaddr *ifa; struct mbuf *m; @@ -234,7 +235,7 @@ arp_rtrequest(int req, struct rtentry *r /*FALLTHROUGH*/ case RTM_RESOLVE: if (gate-sa_family != AF_LINK || - gate-sa_len sizeof(null_sdl)) { + gate-sa_len sizeof(struct sockaddr_dl)) { log(LOG_DEBUG, arp_rtrequest: bad gateway value\n); break; }
Re: Constify the null sockaddr in arp_rtrequest()
On 8 August 2013 12:35, Martin Pieuchot mpieuc...@nolizard.org wrote: arp_rtrequest() uses a default static sockaddr_dl which is only used read-only: it is copied by rt_setgate(). I'd like to constify this structure to make it clear no value can be trashed if code using it is run in parallel. Also remove another reference to the name of the variable to make it clear it is used only once. ok? ok mikeb
Re: nd6 expire
On 08/08/13(Thu) 01:06, Alexander Bluhm wrote: Hi, To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Currently they are int or long, but expire should always be time_t. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it. It looks to me that the in6_oprlist structure is here only for some binary compatibility. So changing its fields makes no sense, however I think you can completely remove it as it has been introduced in 2002 and nothing use the SIOCGPRLST_IN6 ioctl(2) anymore. ;) Apart from that it looks ok to me. bluhm Index: netinet6/nd6.h === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.h,v retrieving revision 1.31 diff -u -p -u -p -r1.31 nd6.h --- netinet6/nd6.h1 Jul 2013 14:22:20 - 1.31 +++ netinet6/nd6.h7 Aug 2013 22:54:51 - @@ -46,14 +46,14 @@ structllinfo_nd6 { struct llinfo_nd6 *ln_prev; struct rtentry *ln_rt; struct mbuf *ln_hold; /* last packet until resolved/timeout */ - longln_asked; /* number of queries already sent for this addr */ - u_long ln_expire; /* lifetime for NDP state transition */ + time_t ln_expire; /* lifetime for NDP state transition */ + longln_asked; /* number of queries already sent for addr */ + int ln_byhint; /* # of times we made it reachable by UL hint */ short ln_state; /* reachability state */ short ln_router; /* 2^0: ND6 router bit */ - int ln_byhint; /* # of times we made it reachable by UL hint */ longln_ntick; - struct timeout ln_timer_ch; + struct timeout ln_timer_ch; }; #define ND6_LLINFO_PURGE -3 @@ -107,10 +107,10 @@ struct nd_ifinfo { struct in6_nbrinfo { char ifname[IFNAMSIZ]; /* if name, e.g. en0 */ struct in6_addr addr; /* IPv6 address of the neighbor */ - longasked; /* number of queries already sent for this addr */ + time_t expire; /* lifetime for NDP state transition */ + longasked; /* number of queries already sent for addr */ int isrouter; /* if it acts as a router */ int state; /* reachability state */ - int expire; /* lifetime for NDP state transition */ }; #define DRLSTSIZ 10 @@ -119,19 +119,19 @@ struct in6_drlist { char ifname[IFNAMSIZ]; struct { struct in6_addr rtaddr; - u_char flags; + time_t expire; u_short rtlifetime; - u_long expire; - u_short if_index; + u_short if_index; + u_char flags; } defrouter[DRLSTSIZ]; }; struct in6_defrouter { struct sockaddr_in6 rtaddr; - u_char flags; + time_t expire; u_short rtlifetime; - u_long expire; - u_short if_index; + u_short if_index; + u_char flags; }; #ifdef _KERNEL @@ -139,14 +139,14 @@ struct in6_oprlist { char ifname[IFNAMSIZ]; struct { struct in6_addr prefix; - struct prf_ra raflags; + struct prf_ra raflags; + time_t expire; + u_int32_t vltime; + u_int32_t pltime; + u_short if_index; + u_short advrtrs; /* number of advertisement routers */ u_char prefixlen; u_char origin; - u_long vltime; - u_long pltime; - u_long expire; - u_short if_index; - u_short advrtrs; /* number of advertisement routers */ struct in6_addr advrtr[DRLSTSIZ]; /* XXX: explicit limit */ } prefix[PRLSTSIZ]; }; @@ -156,30 +156,30 @@ struct in6_prlist { char ifname[IFNAMSIZ]; struct { struct in6_addr prefix; - struct prf_ra raflags; - u_char prefixlen; - u_char origin; + struct prf_ra raflags; + time_t expire; u_int32_t vltime; u_int32_t pltime; - time_t expire; - u_short if_index; - u_short advrtrs; /* number of advertisement routers */ + u_short if_index; + u_short advrtrs; /* number of advertisement routers */ + u_char prefixlen; + u_char origin; struct in6_addr advrtr[DRLSTSIZ]; /* XXX: explicit limit */ } prefix[PRLSTSIZ]; }; struct in6_prefix { struct sockaddr_in6 prefix; - struct prf_ra raflags; - u_char prefixlen; - u_char origin; + struct prf_ra raflags; + time_t expire; u_int32_t vltime; u_int32_t
Re: nd6 expire
On Thu, Aug 08, 2013 at 01:47:17PM +0200, Martin Pieuchot wrote: On 08/08/13(Thu) 01:06, Alexander Bluhm wrote: Hi, To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Currently they are int or long, but expire should always be time_t. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it. It looks to me that the in6_oprlist structure is here only for some binary compatibility. So changing its fields makes no sense, however I think you can completely remove it as it has been introduced in 2002 and nothing use the SIOCGPRLST_IN6 ioctl(2) anymore. ;) We have the code oprl-prefix[i].expire = pr-ndpr_expire; in the kernel right now. It is wrong to leave in6_oprlist.prefix-expire as u_long and ndpr_expire as time_t. Binary compatibility for ndp will break with this diff anyway and for most programs with the big time_t diff. Ndp implements ioctl(s, SIOCGPRLST_IN6, (caddr_t)pr), but does not use it because of #ifdef. I would like to do it this way: 1. fix time_t in all structures with this diff 2. throw away #ifdef in ndp 3. remove obsolete ioctl from kernel 4. remove obsolete struct from header ok? bluhm Apart from that it looks ok to me. bluhm Index: netinet6/nd6.h === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.h,v retrieving revision 1.31 diff -u -p -u -p -r1.31 nd6.h --- netinet6/nd6.h 1 Jul 2013 14:22:20 - 1.31 +++ netinet6/nd6.h 7 Aug 2013 22:54:51 - @@ -46,14 +46,14 @@ struct llinfo_nd6 { struct llinfo_nd6 *ln_prev; struct rtentry *ln_rt; struct mbuf *ln_hold; /* last packet until resolved/timeout */ - longln_asked; /* number of queries already sent for this addr */ - u_long ln_expire; /* lifetime for NDP state transition */ + time_t ln_expire; /* lifetime for NDP state transition */ + longln_asked; /* number of queries already sent for addr */ + int ln_byhint; /* # of times we made it reachable by UL hint */ short ln_state; /* reachability state */ short ln_router; /* 2^0: ND6 router bit */ - int ln_byhint; /* # of times we made it reachable by UL hint */ longln_ntick; - struct timeout ln_timer_ch; + struct timeout ln_timer_ch; }; #define ND6_LLINFO_PURGE -3 @@ -107,10 +107,10 @@ struct nd_ifinfo { struct in6_nbrinfo { char ifname[IFNAMSIZ]; /* if name, e.g. en0 */ struct in6_addr addr; /* IPv6 address of the neighbor */ - longasked; /* number of queries already sent for this addr */ + time_t expire; /* lifetime for NDP state transition */ + longasked; /* number of queries already sent for addr */ int isrouter; /* if it acts as a router */ int state; /* reachability state */ - int expire; /* lifetime for NDP state transition */ }; #define DRLSTSIZ 10 @@ -119,19 +119,19 @@ structin6_drlist { char ifname[IFNAMSIZ]; struct { struct in6_addr rtaddr; - u_char flags; + time_t expire; u_short rtlifetime; - u_long expire; - u_short if_index; + u_short if_index; + u_char flags; } defrouter[DRLSTSIZ]; }; struct in6_defrouter { struct sockaddr_in6 rtaddr; - u_char flags; + time_t expire; u_short rtlifetime; - u_long expire; - u_short if_index; + u_short if_index; + u_char flags; }; #ifdef _KERNEL @@ -139,14 +139,14 @@ structin6_oprlist { char ifname[IFNAMSIZ]; struct { struct in6_addr prefix; - struct prf_ra raflags; + struct prf_ra raflags; + time_t expire; + u_int32_t vltime; + u_int32_t pltime; + u_short if_index; + u_short advrtrs; /* number of advertisement routers */ u_char prefixlen; u_char origin; - u_long vltime; - u_long pltime; - u_long expire; - u_short if_index; - u_short advrtrs; /* number of advertisement routers */ struct in6_addr advrtr[DRLSTSIZ]; /* XXX: explicit limit */ } prefix[PRLSTSIZ]; }; @@ -156,30 +156,30 @@ structin6_prlist { char ifname[IFNAMSIZ]; struct { struct in6_addr prefix; - struct prf_ra raflags; - u_char prefixlen; - u_char origin; + struct prf_ra raflags; + time_t expire; u_int32_t vltime; u_int32_t pltime; -
ndp ifdef cleanup
Hi, Remove dead code and useless #include and #ifdef from ndp. No binary change. ok? bluhm Index: usr.sbin/ndp/Makefile === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/ndp/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- usr.sbin/ndp/Makefile 25 Jan 2004 20:45:13 - 1.2 +++ usr.sbin/ndp/Makefile 8 Aug 2013 21:49:27 - @@ -2,7 +2,7 @@ PROG= ndp SRCS= ndp.c gmt2local.c -MAN= ndp.8 # ndp.4 +MAN= ndp.8 CPPFLAGS+=-DINET6 -I${.CURDIR} Index: usr.sbin/ndp/gmt2local.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/ndp/gmt2local.c,v retrieving revision 1.3 diff -u -p -r1.3 gmt2local.c --- usr.sbin/ndp/gmt2local.c2 Oct 2008 23:55:18 - 1.3 +++ usr.sbin/ndp/gmt2local.c8 Aug 2013 22:00:26 - @@ -25,14 +25,7 @@ #include sys/time.h #include stdio.h -#ifdef TIME_WITH_SYS_TIME #include time.h -#endif - -#include gnuc.h -#ifdef HAVE_OS_PROTO_H -#include os-proto.h -#endif #include gmt2local.h Index: usr.sbin/ndp/gnuc.h === RCS file: usr.sbin/ndp/gnuc.h diff -N usr.sbin/ndp/gnuc.h --- usr.sbin/ndp/gnuc.h 10 Dec 1999 07:26:56 - 1.2 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,3 +0,0 @@ -/* $OpenBSD: gnuc.h,v 1.2 1999/12/10 07:26:56 itojun Exp $ */ - -/* this is dummy to pacify gmt2local.c. */ Index: usr.sbin/ndp/ndp.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/ndp/ndp.c,v retrieving revision 1.48 diff -u -p -r1.48 ndp.c --- usr.sbin/ndp/ndp.c 19 Jul 2013 09:12:51 - 1.48 +++ usr.sbin/ndp/ndp.c 8 Aug 2013 21:56:18 - @@ -145,14 +145,12 @@ static char *sec2str(time_t); static char *ether_str(struct sockaddr_dl *); static void ts_print(const struct timeval *); -#ifdef ICMPV6CTL_ND6_DRLIST static char *rtpref_str[] = { medium, /* 00 */ high, /* 01 */ rsv, /* 10 */ low /* 11 */ }; -#endif int mode = 0; char *arg = NULL; @@ -634,15 +632,8 @@ again:; getnameinfo((struct sockaddr *)sin, sin-sin6_len, host_buf, sizeof(host_buf), NULL, 0, (nflag ? NI_NUMERICHOST : 0)); if (cflag) { -#ifdef RTF_WASCLONED - if (rtm-rtm_flags RTF_WASCLONED) - delete(host_buf); -#elif defined(RTF_CLONED) if (rtm-rtm_flags RTF_CLONED) delete(host_buf); -#else - delete(host_buf); -#endif continue; } gettimeofday(time, 0); @@ -680,11 +671,6 @@ again:; case ND6_LLINFO_NOSTATE: printf( N); break; -#ifdef ND6_LLINFO_WAITDELETE - case ND6_LLINFO_WAITDELETE: -printf( W); -break; -#endif case ND6_LLINFO_INCOMPLETE: printf( I); break; @@ -893,9 +879,6 @@ ifinfo(char *ifname, int argc, char **ar struct in6_ndireq nd; int i, s; u_int32_t newflags; -#ifdef IPV6CTL_USETEMPADDR - u_int8_t nullbuf[8]; -#endif if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) 0) { err(1, socket); @@ -928,12 +911,7 @@ ifinfo(char *ifname, int argc, char **ar }\ } while (0) SETFLAG(nud, ND6_IFF_PERFORMNUD); -#ifdef ND6_IFF_ACCEPT_RTADV SETFLAG(accept_rtadv, ND6_IFF_ACCEPT_RTADV); -#endif -#ifdef ND6_IFF_PREFER_SOURCE - SETFLAG(prefer_source, ND6_IFF_PREFER_SOURCE); -#endif ND.flags = newflags; if (ioctl(s, SIOCSIFINFO_FLAGS, (caddr_t)nd) 0) { @@ -954,44 +932,12 @@ ifinfo(char *ifname, int argc, char **ar ND.basereachable / 1000, ND.basereachable % 1000); printf(, reachable=%ds, ND.reachable); printf(, retrans=%ds%dms, ND.retrans / 1000, ND.retrans % 1000); -#ifdef IPV6CTL_USETEMPADDR - memset(nullbuf, 0, sizeof(nullbuf)); - if (memcmp(nullbuf, ND.randomid, sizeof(nullbuf)) != 0) { - int j; - u_int8_t *rbuf; - - for (i = 0; i 3; i++) { - switch (i) { - case 0: - printf(\nRandom seed(0): ); - rbuf = ND.randomseed0; - break; - case 1: - printf(\nRandom seed(1): ); - rbuf = ND.randomseed1; - break; - case 2: -
Re: in_proto_cksum_out: fix ICMP checksum calculation
On Mon, Aug 05, 2013 at 10:28:57AM -0400, Lawrence Teo wrote: Index: ip_output.c === RCS file: /cvs/src/sys/netinet/ip_output.c,v retrieving revision 1.244 diff -U5 -p -r1.244 ip_output.c --- ip_output.c 31 Jul 2013 15:41:52 - 1.244 +++ ip_output.c 5 Aug 2013 02:44:20 - @@ -2058,25 +2058,35 @@ ip_mloopback(struct ifnet *ifp, struct m */ void in_delayed_cksum(struct mbuf *m) { struct ip *ip; - u_int16_t csum, offset; + u_int16_t csum = 0, offset; ip = mtod(m, struct ip *); offset = ip-ip_hl 2; + + if (ip-ip_p == IPPROTO_ICMP) + if (m_copyback(m, offset + offsetof(struct icmp, icmp_cksum), + sizeof(csum), csum, M_NOWAIT)) + return; The code at the end of this function tries to avoid the m_copyback() in the common case unless (offset + sizeof(u_int16_t)) m-m_len). Do we want this optimization here? bluhm + csum = in4_cksum(m, 0, offset, m-m_pkthdr.len - offset); - if (csum == 0 ip-ip_p == IPPROTO_UDP) - csum = 0x; switch (ip-ip_p) { case IPPROTO_TCP: offset += offsetof(struct tcphdr, th_sum); break; case IPPROTO_UDP: offset += offsetof(struct udphdr, uh_sum); + if (csum == 0) + csum = 0x; + break; + + case IPPROTO_ICMP: + offset += offsetof(struct icmp, icmp_cksum); break; default: return; } @@ -2101,17 +2111,9 @@ in_proto_cksum_out(struct mbuf *m, struc ifp-if_bridgeport != NULL) { in_delayed_cksum(m); m-m_pkthdr.csum_flags = ~M_UDP_CSUM_OUT; /* Clear */ } } else if (m-m_pkthdr.csum_flags M_ICMP_CSUM_OUT) { - struct ip *ip = mtod(m, struct ip *); - int hlen; - struct icmp *icp; - - hlen = ip-ip_hl 2; - icp = (struct icmp *)(mtod(m, caddr_t) + hlen); - icp-icmp_cksum = 0; - icp-icmp_cksum = in4_cksum(m, 0, hlen, - ntohs(ip-ip_len) - hlen); + in_delayed_cksum(m); m-m_pkthdr.csum_flags = ~M_ICMP_CSUM_OUT; /* Clear */ } }