Re: pflow(4) without flowsrc
On 31/08/13(Sat) 04:28, Nathanael Rensen wrote:
If no flowsrc is specified on a pflow(4) interface then the src address
is determined by ip_output(). However prior to calling ip_output() pflow(4)
has already calculated the UPD pseudo-header checksum based on INADDR_ANY.
This results in a bad UPD checksum and the resulting pflow packet is
rejected by the receiver.
The diff below resolves this by calling in_selectsrc() if flowsrc is not
specified.
I'm not sure we want to add yet-another different chunk of code to
determine a source address, especially when I'm working on reducing
their number ;)
I'm not familiar with pflow(4), but is there any advantage of not
specifying a flowsrc target? Because reducing the number of code
path passing an INADDR_ANY source address would simplify a lot of
our address lookups.
Otherwise did you considered deferring the checksum?
Index: if_pflow.c
===
RCS file: /cvs/src/sys/net/if_pflow.c,v
retrieving revision 1.34
diff -u -p -r1.34 if_pflow.c
--- if_pflow.c13 Aug 2013 08:44:05 - 1.34
+++ if_pflow.c30 Aug 2013 18:54:03 -
@@ -1512,8 +1512,37 @@ pflow_sendout_mbuf(struct pflow_softc *s
struct ifnet*ifp = sc-sc_if;
#endif
struct ip *ip;
+ struct in_addr sender_ip;
int err;
+ /* Determine the sender address */
+ sender_ip = sc-sc_sender_ip;
+ if (sender_ip.s_addr == INADDR_ANY) {
+ struct sockaddr_in sin;
+ struct sockaddr_in *ifaddr;
+ struct route ro;
+
+ bzero(ro, sizeof(ro));
+ bzero(sin, sizeof(sin));
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+ sin.sin_port = sc-sc_receiver_port;
+ sin.sin_addr = sc-sc_receiver_ip;
+
+ err = 0;
+ ifaddr = in_selectsrc(sin, ro, 0, NULL, err, 0);
+ if (ifaddr == NULL) {
+ if (err == 0)
+ err = EADDRNOTAVAIL;
+ return err;
+ }
+
+ sender_ip = ifaddr-sin_addr;
+
+ if (ro.ro_rt)
+ rtfree(ro.ro_rt);
+ }
+
/* UDP Header*/
M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT);
if (m == NULL) {
@@ -1523,7 +1552,7 @@ pflow_sendout_mbuf(struct pflow_softc *s
ui = mtod(m, struct udpiphdr *);
ui-ui_pr = IPPROTO_UDP;
- ui-ui_src = sc-sc_sender_ip;
+ ui-ui_src = sender_ip;
ui-ui_sport = sc-sc_sender_port;
ui-ui_dst = sc-sc_receiver_ip;
ui-ui_dport = sc-sc_receiver_port;
pms: synaptics touchpad resume fix
I've got a synaptics touchpad which is taking a relatively large
amount of time to respond to the synaptics magic query during resume.
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.0
The pms(4) driver gives up on it quickly, and then I end up with no
mouse in X after resume. I have to restart X to get the mouse back,
which works because at that time the touchpad has become responsive again.
This diff fixes that issue by making the pms driver wait longer.
But I don't want it to wait this long during usual touchpad detection,
since that would get in the way when no synaptics touchpad is present.
I had to tweak the state machine to always go into 'suspend' state
to allow the driver to decide to wait longer only when resuming.
Before this change, the driver only transitioned into 'suspend'
state if the device was still open when pmsactivate() was called.
But since apparently the X server closes mouse devices on suspend,
the current state is already 'disabled' when we get to pmsactivate().
I could never see the driver go into 'suspend' state without this diff.
FWIW, I usually see 3 'pms0: device not resuming, retrying' lines
during resume but I gave it some additional headroom. Does anyone
using a synaptics touchpad see a different number of one or more lines?
Testing with any touchpad appreciated.
Index: pms.c
===
RCS file: /cvs/src/sys/dev/pckbc/pms.c,v
retrieving revision 1.45
diff -u -p -r1.45 pms.c
--- pms.c 16 Jul 2013 08:11:39 - 1.45
+++ pms.c 2 Sep 2013 09:16:56 -
@@ -220,6 +220,8 @@ int pmsactivate(struct device *, int);
void pmsinput(void *, int);
intpms_change_state(struct pms_softc *, int, int);
+void pms_suspend_device(struct pms_softc *);
+void pms_resume_device(struct pms_softc *);
intpms_ioctl(void *, u_long, caddr_t, int, struct proc *);
intpms_enable(void *);
@@ -685,14 +687,10 @@ pmsactivate(struct device *self, int act
switch (act) {
case DVACT_SUSPEND:
- if (sc-sc_state == PMS_STATE_ENABLED)
- pms_change_state(sc, PMS_STATE_SUSPENDED,
- PMS_DEV_IGNORE);
+ pms_change_state(sc, PMS_STATE_SUSPENDED, PMS_DEV_IGNORE);
break;
case DVACT_RESUME:
- if (sc-sc_state == PMS_STATE_SUSPENDED)
- pms_change_state(sc, PMS_STATE_ENABLED,
- PMS_DEV_IGNORE);
+ pms_change_state(sc, PMS_STATE_ENABLED, PMS_DEV_IGNORE);
break;
}
return (0);
@@ -725,37 +723,61 @@ pms_change_state(struct pms_softc *sc, i
switch (newstate) {
case PMS_STATE_ENABLED:
- sc-inputstate = 0;
-
- pckbc_slot_enable(sc-sc_kbctag, PCKBC_AUX_SLOT, 1);
-
- if (sc-poll)
- pckbc_flush(sc-sc_kbctag, PCKBC_AUX_SLOT);
-
- pms_reset(sc);
- if (sc-protocol-type == PMS_STANDARD ||
- sc-protocol-enable(sc) == 0)
- pms_protocol_lookup(sc);
-
- pms_dev_enable(sc);
+ pms_resume_device(sc);
break;
case PMS_STATE_DISABLED:
case PMS_STATE_SUSPENDED:
- pms_dev_disable(sc);
-
- if (sc-protocol-disable)
- sc-protocol-disable(sc);
-
- pckbc_slot_enable(sc-sc_kbctag, PCKBC_AUX_SLOT, 0);
+ pms_suspend_device(sc);
break;
}
- sc-sc_state = newstate;
+ if (sc-sc_state == PMS_STATE_SUSPENDED) {
+ /*
+* We enabled the device during resume to re-detect it.
+* If the device isn't open we can disable it again now.
+*/
+ if (sc-sc_dev_enable == 0) {
+ pms_suspend_device(sc);
+ sc-sc_state = PMS_STATE_DISABLED;
+ } else
+ sc-sc_state = newstate;
+ } else
+ sc-sc_state = newstate;
+
sc-poll = (newstate == PMS_STATE_SUSPENDED) ? 1 : 0;
return (0);
}
+void
+pms_resume_device(struct pms_softc *sc)
+{
+ sc-inputstate = 0;
+
+ pckbc_slot_enable(sc-sc_kbctag, PCKBC_AUX_SLOT, 1);
+
+ if (sc-poll)
+ pckbc_flush(sc-sc_kbctag, PCKBC_AUX_SLOT);
+
+ pms_reset(sc);
+ if (sc-protocol-type == PMS_STANDARD ||
+ sc-protocol-enable(sc) == 0)
+ pms_protocol_lookup(sc);
+
+ pms_dev_enable(sc);
+}
+
+void
+pms_suspend_device(struct pms_softc *sc)
+{
+ pms_dev_disable(sc);
+
+ if (sc-protocol-disable)
+ sc-protocol-disable(sc);
+
+ pckbc_slot_enable(sc-sc_kbctag, PCKBC_AUX_SLOT, 0);
+}
+
int
pms_enable(void *v)
{
@@ -937,15 +959,38 @@ pms_enable_synaptics(struct pms_softc
Re: in_var.h incudes in6_var.h
On 30/08/13(Fri) 21:50, Alexander Bluhm wrote: Hi, The file netinet/in_var.h includes netinet6/in6_var.h. This creates a bunch of useless dependencies. For an upcomming change in in6_var.h I would like to split that up. Is this a good idea? comments/ok? I like the idea but we should be careful about ports assuming that in_var.h includes in6_var.h even if there's no RFC requirement. ok mpi@ The important part of my diff is in sys/netinet/in_var.h: -/* INET6 stuff */ -#include netinet6/in6_var.h bluhm Index: sbin/ifconfig/ifconfig.c === RCS file: /data/mirror/openbsd/cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.269 diff -u -p -u -p -r1.269 ifconfig.c --- sbin/ifconfig/ifconfig.c 19 Aug 2013 11:20:57 - 1.269 +++ sbin/ifconfig/ifconfig.c 27 Aug 2013 22:40:10 - @@ -70,6 +70,7 @@ #include net/if_types.h #include netinet/in.h #include netinet/in_var.h +#include netinet6/in6_var.h #include netinet6/nd6.h #include arpa/inet.h #include netinet/ip_ipsp.h Index: sys/net/bridgestp.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/bridgestp.c,v retrieving revision 1.44 diff -u -p -u -p -r1.44 bridgestp.c --- sys/net/bridgestp.c 20 Jun 2013 12:03:40 - 1.44 +++ sys/net/bridgestp.c 27 Aug 2013 22:27:28 - @@ -60,7 +60,6 @@ __FBSDID($FreeBSD: /repoman/r/ncvs/src/ #ifdef INET #include netinet/in.h #include netinet/in_systm.h -#include netinet/in_var.h #include netinet/ip.h #include netinet/if_ether.h #endif Index: sys/net/if.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if.c,v retrieving revision 1.264 diff -u -p -u -p -r1.264 if.c --- sys/net/if.c 28 Aug 2013 07:38:50 - 1.264 +++ sys/net/if.c 29 Aug 2013 20:49:43 - @@ -103,6 +103,7 @@ #ifndef INET #include netinet/in.h #endif +#include netinet6/in6_var.h #include netinet6/in6_ifattach.h #include netinet6/nd6.h #include netinet/ip6.h Index: sys/net/if_bridge.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_bridge.c,v retrieving revision 1.214 diff -u -p -u -p -r1.214 if_bridge.c --- sys/net/if_bridge.c 21 Aug 2013 13:53:48 - 1.214 +++ sys/net/if_bridge.c 27 Aug 2013 22:27:28 - @@ -71,6 +71,7 @@ #endif #ifdef INET6 +#include netinet6/in6_var.h #include netinet/ip6.h #include netinet6/ip6_var.h #endif Index: sys/net/if_fddisubr.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_fddisubr.c,v retrieving revision 1.61 diff -u -p -u -p -r1.61 if_fddisubr.c --- sys/net/if_fddisubr.c 28 Mar 2013 16:55:27 - 1.61 +++ sys/net/if_fddisubr.c 27 Aug 2013 22:27:28 - @@ -103,8 +103,8 @@ #ifdef INET6 #ifndef INET #include netinet/in.h -#include netinet/in_var.h #endif +#include netinet6/in6_var.h #include netinet6/nd6.h #endif Index: sys/net/if_gif.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_gif.c,v retrieving revision 1.62 diff -u -p -u -p -r1.62 if_gif.c --- sys/net/if_gif.c 17 Jun 2013 18:19:44 - 1.62 +++ sys/net/if_gif.c 27 Aug 2013 22:27:28 - @@ -57,6 +57,7 @@ #ifndef INET #include netinet/in.h #endif +#include netinet6/in6_var.h #include netinet/ip6.h #include netinet6/ip6_var.h #include netinet6/in6_gif.h Index: sys/net/if_gre.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_gre.c,v retrieving revision 1.62 diff -u -p -u -p -r1.62 if_gre.c --- sys/net/if_gre.c 5 Jun 2013 15:17:40 - 1.62 +++ sys/net/if_gre.c 27 Aug 2013 22:27:28 - @@ -60,7 +60,6 @@ #ifdef INET #include netinet/in.h #include netinet/in_systm.h -#include netinet/in_var.h #include netinet/ip.h #include netinet/ip_var.h #include netinet/if_ether.h Index: sys/net/if_mpe.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_mpe.c,v retrieving revision 1.29 diff -u -p -u -p -r1.29 if_mpe.c --- sys/net/if_mpe.c 28 Mar 2013 16:45:16 - 1.29 +++ sys/net/if_mpe.c 27 Aug 2013 22:27:28 - @@ -37,6 +37,7 @@ #endif #ifdef INET6 +#include netinet6/in6_var.h #include netinet/ip6.h #ifndef INET #include netinet/in.h Index: sys/net/if_pflog.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_pflog.c,v retrieving revision 1.54 diff -u -p -u -p -r1.54 if_pflog.c --- sys/net/if_pflog.c26 Jun 2013 09:12:39 - 1.54 +++ sys/net/if_pflog.c27 Aug
Re: defer routing table updates on link state changes
On Mon, Aug 26, 2013 at 13:36 +0200, Mike Belopuhov wrote:
hi,
in order to make our life a bit easier and prevent rogue
accesses to the routing table from the hardware interrupt
context violating all kinds of spl assumptions we would
like if_link_state_change that is called by network device
drivers in their interrupt service routines to defer its
work to the process context or thereabouts.
i did some testing here, but wouldn't mind if someone
tries this diff in gre/vlan/ospf/anything-weird setups.
making sure that hot-plugging/unplugging usb interfaces
doesn't produce any undesirable effects would be superb
as well.
please note that a token (an interface index) is passed
to the workq in order to make sure that if the interface
would be gone by the time syswq goes around to run the
task it would just fall through.
ok?
i've got an ok from mpi, anyone else would like to test
and/or comment?
diff --git sys/net/if.c sys/net/if.c
index 6dafd0d..5b6800a 100644
--- sys/net/if.c
+++ sys/net/if.c
@@ -79,10 +79,11 @@
#include sys/protosw.h
#include sys/kernel.h
#include sys/ioctl.h
#include sys/domain.h
#include sys/sysctl.h
+#include sys/workq.h
#include net/if.h
#include net/if_dl.h
#include net/if_media.h
#include net/if_types.h
@@ -151,10 +152,12 @@ int if_clone_list(struct if_clonereq *);
struct if_clone *if_clone_lookup(const char *, int *);
void if_congestion_clear(void *);
int if_group_egress_build(void);
+void if_link_state_change_task(void *, void *);
+
int ifai_cmp(struct ifaddr_item *, struct ifaddr_item *);
void ifa_item_insert(struct sockaddr *, struct ifaddr *, struct ifnet *);
void ifa_item_remove(struct sockaddr *, struct ifaddr *, struct ifnet *);
#ifndef SMALL_KERNEL
void ifa_print_rb(void);
@@ -1106,21 +1109,39 @@ if_up(struct ifnet *ifp)
m_clinitifp(ifp);
}
/*
- * Process a link state change.
- * NOTE: must be called at splsoftnet or equivalent.
+ * Schedule a link state change task.
*/
void
if_link_state_change(struct ifnet *ifp)
{
- rt_ifmsg(ifp);
+ /* try to put the routing table update task on syswq */
+ workq_add_task(NULL, 0, if_link_state_change_task,
+ (void *)((unsigned long)ifp-if_index), NULL);
+}
+
+/*
+ * Process a link state change.
+ */
+void
+if_link_state_change_task(void *arg, void *unused)
+{
+ unsigned int index = (unsigned long)arg;
+ struct ifnet *ifp;
+ int s;
+
+ s = splsoftnet();
+ if ((ifp = if_get(index)) != NULL) {
+ rt_ifmsg(ifp);
#ifndef SMALL_KERNEL
- rt_if_track(ifp);
+ rt_if_track(ifp);
#endif
- dohooks(ifp-if_linkstatehooks, 0);
+ dohooks(ifp-if_linkstatehooks, 0);
+ }
+ splx(s);
}
/*
* Handle interface watchdog timer routines. Called
* from softclock, we decrement timers (if set) and
Introduce rt_msg() (was nd6_rtmsg)
Diff below is just a small refactoring of two similar code chunks to
inform user processes that something changed regarding a route.
I'd like to get this in because it removes one use of rt_addrinfo in
netinet6.
There's no functional change, ok?
Index: net/route.c
===
RCS file: /home/ncvs/src/sys/net/route.c,v
retrieving revision 1.145
diff -u -p -r1.145 route.c
--- net/route.c 28 Aug 2013 06:58:57 - 1.145
+++ net/route.c 2 Sep 2013 10:18:59 -
@@ -346,17 +345,7 @@ rtalloc1(struct sockaddr *dst, int flags
goto miss;
}
/* Inform listeners of the new route */
- bzero(info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- if (rt-rt_ifp != NULL) {
- info.rti_info[RTAX_IFP] =
-
TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
- rt_missmsg(RTM_ADD, info, rt-rt_flags,
- rt-rt_ifp, 0, tableid);
+ rt_msg(rt, RTM_ADD, tableid);
} else
rt-rt_refcnt++;
} else {
@@ -410,6 +399,25 @@ rtfree(struct rtentry *rt)
Free(rt_key(rt));
pool_put(rtentry_pool, rt);
}
+}
+
+/* tell the change to user processes watching the routing socket. */
+void
+rt_msg(struct rtentry *rt, int cmd, u_int tableid)
+{
+ struct rt_addrinfo info;
+
+ bzero(info, sizeof(info));
+ info.rti_info[RTAX_DST] = rt_key(rt);
+ info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
+ info.rti_info[RTAX_NETMASK] = rt_mask(rt);
+ if (rt-rt_ifp != NULL) {
+ info.rti_info[RTAX_IFP] =
+ TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
+ info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
+ }
+
+ rt_missmsg(cmd, info, rt-rt_flags, rt-rt_ifp, 0, tableid);
}
void
Index: net/route.h
===
RCS file: /home/ncvs/src/sys/net/route.h,v
retrieving revision 1.78
diff -u -p -r1.78 route.h
--- net/route.h 19 Sep 2012 16:14:01 - 1.78
+++ net/route.h 2 Sep 2013 10:18:59 -
@@ -369,6 +369,7 @@ void rt_ifmsg(struct ifnet *);
voidrt_ifannouncemsg(struct ifnet *, int);
voidrt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);
+voidrt_msg(struct rtentry *, int, u_int);
voidrt_missmsg(int, struct rt_addrinfo *, int, struct ifnet *, int,
u_int);
voidrt_newaddrmsg(int, struct ifaddr *, int, struct rtentry *);
Index: netinet6/nd6_rtr.c
===
RCS file: /home/ncvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.72
diff -u -p -r1.72 nd6_rtr.c
--- netinet6/nd6_rtr.c 1 Jul 2013 14:22:20 - 1.72
+++ netinet6/nd6_rtr.c 2 Sep 2013 10:18:59 -
@@ -70,7 +70,6 @@ void pfxrtr_add(struct nd_prefix *, stru
void pfxrtr_del(struct nd_pfxrouter *);
struct nd_pfxrouter *find_pfxlist_reachable_router(struct nd_prefix *);
void defrouter_delreq(struct nd_defrouter *);
-void nd6_rtmsg(int, struct rtentry *);
void purge_detached(struct ifnet *);
void in6_init_address_ltimes(struct nd_prefix *, struct in6_addrlifetime *);
@@ -410,26 +409,6 @@ nd6_ra_input(struct mbuf *m, int off, in
/*
* default router list processing sub routines
*/
-
-/* tell the change to user processes watching the routing socket. */
-void
-nd6_rtmsg(int cmd, struct rtentry *rt)
-{
- struct rt_addrinfo info;
-
- bzero((caddr_t)info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- if (rt-rt_ifp) {
- info.rti_info[RTAX_IFP] =
- TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
-
- rt_missmsg(cmd, info, rt-rt_flags, rt-rt_ifp, 0, 0);
-}
-
void
defrouter_addreq(struct nd_defrouter *new)
{
@@ -459,7 +438,7 @@ defrouter_addreq(struct nd_defrouter *ne
error = rtrequest1(RTM_ADD, info, RTP_DEFAULT, newrt,
new-ifp-if_rdomain);
if (newrt) {
- nd6_rtmsg(RTM_ADD, newrt); /* tell user process */
+ rt_msg(newrt, RTM_ADD, 0); /* tell user process */
newrt-rt_refcnt--;
}
if (error == 0)
@@ -563,7 +542,7 @@ defrouter_delreq(struct nd_defrouter *dr
rtrequest1(RTM_DELETE, info, RTP_DEFAULT, oldrt,
dr-ifp-if_rdomain);
Re: Introduce rt_msg() (was nd6_rtmsg)
On 02/09/13(Mon) 07:54, Kenneth R Westerback wrote:
On Mon, Sep 02, 2013 at 12:43:51PM +0200, Martin Pieuchot wrote:
Diff below is just a small refactoring of two similar code chunks to
inform user processes that something changed regarding a route.
I'd like to get this in because it removes one use of rt_addrinfo in
netinet6.
There's no functional change, ok?
This seems sane. ok krw@ fwiw.
I would suggest copying the 'Inform listeners of the new route'
comment to replace the 'tell the change to user processes watching
the routing socket' comment. The latter reads very oddly to my
native english speaking brain.
Thanks Ken, I take your suggestion and I'll wait for the return of
claudio@ to see what he thinks about the direction of the routing
table before attempting any change.
Ken
Index: net/route.c
===
RCS file: /home/ncvs/src/sys/net/route.c,v
retrieving revision 1.145
diff -u -p -r1.145 route.c
--- net/route.c 28 Aug 2013 06:58:57 - 1.145
+++ net/route.c 2 Sep 2013 10:18:59 -
@@ -346,17 +345,7 @@ rtalloc1(struct sockaddr *dst, int flags
goto miss;
}
/* Inform listeners of the new route */
- bzero(info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- if (rt-rt_ifp != NULL) {
- info.rti_info[RTAX_IFP] =
-
TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
- rt_missmsg(RTM_ADD, info, rt-rt_flags,
- rt-rt_ifp, 0, tableid);
+ rt_msg(rt, RTM_ADD, tableid);
} else
rt-rt_refcnt++;
} else {
@@ -410,6 +399,25 @@ rtfree(struct rtentry *rt)
Free(rt_key(rt));
pool_put(rtentry_pool, rt);
}
+}
+
+/* tell the change to user processes watching the routing socket. */
+void
+rt_msg(struct rtentry *rt, int cmd, u_int tableid)
+{
+ struct rt_addrinfo info;
+
+ bzero(info, sizeof(info));
+ info.rti_info[RTAX_DST] = rt_key(rt);
+ info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
+ info.rti_info[RTAX_NETMASK] = rt_mask(rt);
+ if (rt-rt_ifp != NULL) {
+ info.rti_info[RTAX_IFP] =
+ TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
+ info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
+ }
+
+ rt_missmsg(cmd, info, rt-rt_flags, rt-rt_ifp, 0, tableid);
}
void
Index: net/route.h
===
RCS file: /home/ncvs/src/sys/net/route.h,v
retrieving revision 1.78
diff -u -p -r1.78 route.h
--- net/route.h 19 Sep 2012 16:14:01 - 1.78
+++ net/route.h 2 Sep 2013 10:18:59 -
@@ -369,6 +369,7 @@ void rt_ifmsg(struct ifnet *);
voidrt_ifannouncemsg(struct ifnet *, int);
voidrt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);
+voidrt_msg(struct rtentry *, int, u_int);
voidrt_missmsg(int, struct rt_addrinfo *, int, struct ifnet *, int,
u_int);
voidrt_newaddrmsg(int, struct ifaddr *, int, struct rtentry *);
Index: netinet6/nd6_rtr.c
===
RCS file: /home/ncvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.72
diff -u -p -r1.72 nd6_rtr.c
--- netinet6/nd6_rtr.c 1 Jul 2013 14:22:20 - 1.72
+++ netinet6/nd6_rtr.c 2 Sep 2013 10:18:59 -
@@ -70,7 +70,6 @@ void pfxrtr_add(struct nd_prefix *, stru
void pfxrtr_del(struct nd_pfxrouter *);
struct nd_pfxrouter *find_pfxlist_reachable_router(struct nd_prefix *);
void defrouter_delreq(struct nd_defrouter *);
-void nd6_rtmsg(int, struct rtentry *);
void purge_detached(struct ifnet *);
void in6_init_address_ltimes(struct nd_prefix *, struct in6_addrlifetime
*);
@@ -410,26 +409,6 @@ nd6_ra_input(struct mbuf *m, int off, in
/*
* default router list processing sub routines
*/
-
-/* tell the change to user processes watching the routing socket. */
-void
-nd6_rtmsg(int cmd, struct rtentry *rt)
-{
- struct rt_addrinfo info;
-
- bzero((caddr_t)info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- if (rt-rt_ifp) {
- info.rti_info[RTAX_IFP] =
- TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
Re: pms: synaptics touchpad resume fix
On 02/09/13(Mon) 11:44, Stefan Sperling wrote: I've got a synaptics touchpad which is taking a relatively large amount of time to respond to the synaptics magic query during resume. pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 wsmouse1 at pms0 mux 0 pms0: Synaptics clickpad, firmware 8.0 The pms(4) driver gives up on it quickly, and then I end up with no mouse in X after resume. I have to restart X to get the mouse back, which works because at that time the touchpad has become responsive again. This diff fixes that issue by making the pms driver wait longer. But I don't want it to wait this long during usual touchpad detection, since that would get in the way when no synaptics touchpad is present. Did you consider checking for the value of 'cold' instead? You might also rely on the fact that if you have a sc-synaptics already allocated to try harder. Because in this case you know that you have a synaptic touchpad. More generically I don't think that we need to resend the magic sequence at every resume because the device should not change ;) Martin
Re: Introduce rt_msg() (was nd6_rtmsg)
On Mon, Sep 02, 2013 at 12:43:51PM +0200, Martin Pieuchot wrote:
Diff below is just a small refactoring of two similar code chunks to
inform user processes that something changed regarding a route.
I'd like to get this in because it removes one use of rt_addrinfo in
netinet6.
There's no functional change, ok?
This seems sane. ok krw@ fwiw.
I would suggest copying the 'Inform listeners of the new route'
comment to replace the 'tell the change to user processes watching
the routing socket' comment. The latter reads very oddly to my
native english speaking brain.
Ken
Index: net/route.c
===
RCS file: /home/ncvs/src/sys/net/route.c,v
retrieving revision 1.145
diff -u -p -r1.145 route.c
--- net/route.c 28 Aug 2013 06:58:57 - 1.145
+++ net/route.c 2 Sep 2013 10:18:59 -
@@ -346,17 +345,7 @@ rtalloc1(struct sockaddr *dst, int flags
goto miss;
}
/* Inform listeners of the new route */
- bzero(info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- if (rt-rt_ifp != NULL) {
- info.rti_info[RTAX_IFP] =
-
TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
- rt_missmsg(RTM_ADD, info, rt-rt_flags,
- rt-rt_ifp, 0, tableid);
+ rt_msg(rt, RTM_ADD, tableid);
} else
rt-rt_refcnt++;
} else {
@@ -410,6 +399,25 @@ rtfree(struct rtentry *rt)
Free(rt_key(rt));
pool_put(rtentry_pool, rt);
}
+}
+
+/* tell the change to user processes watching the routing socket. */
+void
+rt_msg(struct rtentry *rt, int cmd, u_int tableid)
+{
+ struct rt_addrinfo info;
+
+ bzero(info, sizeof(info));
+ info.rti_info[RTAX_DST] = rt_key(rt);
+ info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
+ info.rti_info[RTAX_NETMASK] = rt_mask(rt);
+ if (rt-rt_ifp != NULL) {
+ info.rti_info[RTAX_IFP] =
+ TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
+ info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
+ }
+
+ rt_missmsg(cmd, info, rt-rt_flags, rt-rt_ifp, 0, tableid);
}
void
Index: net/route.h
===
RCS file: /home/ncvs/src/sys/net/route.h,v
retrieving revision 1.78
diff -u -p -r1.78 route.h
--- net/route.h 19 Sep 2012 16:14:01 - 1.78
+++ net/route.h 2 Sep 2013 10:18:59 -
@@ -369,6 +369,7 @@ void rt_ifmsg(struct ifnet *);
void rt_ifannouncemsg(struct ifnet *, int);
void rt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);
+void rt_msg(struct rtentry *, int, u_int);
void rt_missmsg(int, struct rt_addrinfo *, int, struct ifnet *, int,
u_int);
void rt_newaddrmsg(int, struct ifaddr *, int, struct rtentry *);
Index: netinet6/nd6_rtr.c
===
RCS file: /home/ncvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.72
diff -u -p -r1.72 nd6_rtr.c
--- netinet6/nd6_rtr.c1 Jul 2013 14:22:20 - 1.72
+++ netinet6/nd6_rtr.c2 Sep 2013 10:18:59 -
@@ -70,7 +70,6 @@ void pfxrtr_add(struct nd_prefix *, stru
void pfxrtr_del(struct nd_pfxrouter *);
struct nd_pfxrouter *find_pfxlist_reachable_router(struct nd_prefix *);
void defrouter_delreq(struct nd_defrouter *);
-void nd6_rtmsg(int, struct rtentry *);
void purge_detached(struct ifnet *);
void in6_init_address_ltimes(struct nd_prefix *, struct in6_addrlifetime *);
@@ -410,26 +409,6 @@ nd6_ra_input(struct mbuf *m, int off, in
/*
* default router list processing sub routines
*/
-
-/* tell the change to user processes watching the routing socket. */
-void
-nd6_rtmsg(int cmd, struct rtentry *rt)
-{
- struct rt_addrinfo info;
-
- bzero((caddr_t)info, sizeof(info));
- info.rti_info[RTAX_DST] = rt_key(rt);
- info.rti_info[RTAX_GATEWAY] = rt-rt_gateway;
- info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- if (rt-rt_ifp) {
- info.rti_info[RTAX_IFP] =
- TAILQ_FIRST(rt-rt_ifp-if_addrlist)-ifa_addr;
- info.rti_info[RTAX_IFA] = rt-rt_ifa-ifa_addr;
- }
-
- rt_missmsg(cmd, info, rt-rt_flags, rt-rt_ifp, 0, 0);
-}
-
void
defrouter_addreq(struct nd_defrouter *new)
{
@@ -459,7 +438,7 @@ defrouter_addreq(struct nd_defrouter *ne
error = rtrequest1(RTM_ADD, info, RTP_DEFAULT, newrt,
Re: useradd with empty -k doesn't chown/chmod new home directory
On 2013-08-31 Sat 11:45 AM |, patrick keshishian wrote: On Sat, Aug 31, 2013 at 06:23:25AM -0600, Todd C. Miller wrote: Assuming we want to make this a non-fatal error the following should do. You meant non-existent skel dir, not empty. Unless you meant empty argument for -k option, i.e., -k Yes, that was my intention. i.e. don't copy the skel dir but is there a good use-case for that? For example, if an organisation had a number of database administrators and they were added to the group 'dbas'. In /home/dba there could be files, scripts, passwords,... that only the DBA team should have common access to. Likewise for hostmasters, postmasters, webmasters, management, marketing, sales, http://article.gmane.org/gmane.os.openbsd.bugs/19980
Re: pflow(4) without flowsrc
On Mon, Sep 02, 2013 at 11:11:43AM +0200, Martin Pieuchot wrote:
On 31/08/13(Sat) 04:28, Nathanael Rensen wrote:
If no flowsrc is specified on a pflow(4) interface then the src address
is determined by ip_output(). However prior to calling ip_output() pflow(4)
has already calculated the UPD pseudo-header checksum based on INADDR_ANY.
This results in a bad UPD checksum and the resulting pflow packet is
rejected by the receiver.
The diff below resolves this by calling in_selectsrc() if flowsrc is not
specified.
I'm not sure we want to add yet-another different chunk of code to
determine a source address, especially when I'm working on reducing
their number ;)
I'm not familiar with pflow(4), but is there any advantage of not
specifying a flowsrc target? Because reducing the number of code
path passing an INADDR_ANY source address would simplify a lot of
our address lookups.
If there is no strong usecase for not specifying flowsrc I think it's
better to not take the interface up if there is no flowsrc like we are
doing with flowdst. That requires some dicking around in pflowioctl()
and needs to be documented. (And don't take it up if someone sets it
explicitly to INADDR_ANY.)
Also style(9) says:
Don't put declarations inside
blocks unless the routine is unusually complicated.
Otherwise did you considered deferring the checksum?
Index: if_pflow.c
===
RCS file: /cvs/src/sys/net/if_pflow.c,v
retrieving revision 1.34
diff -u -p -r1.34 if_pflow.c
--- if_pflow.c 13 Aug 2013 08:44:05 - 1.34
+++ if_pflow.c 30 Aug 2013 18:54:03 -
@@ -1512,8 +1512,37 @@ pflow_sendout_mbuf(struct pflow_softc *s
struct ifnet*ifp = sc-sc_if;
#endif
struct ip *ip;
+ struct in_addr sender_ip;
int err;
+ /* Determine the sender address */
+ sender_ip = sc-sc_sender_ip;
+ if (sender_ip.s_addr == INADDR_ANY) {
+ struct sockaddr_in sin;
+ struct sockaddr_in *ifaddr;
+ struct route ro;
+
+ bzero(ro, sizeof(ro));
+ bzero(sin, sizeof(sin));
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+ sin.sin_port = sc-sc_receiver_port;
+ sin.sin_addr = sc-sc_receiver_ip;
+
+ err = 0;
+ ifaddr = in_selectsrc(sin, ro, 0, NULL, err, 0);
+ if (ifaddr == NULL) {
+ if (err == 0)
+ err = EADDRNOTAVAIL;
+ return err;
+ }
+
+ sender_ip = ifaddr-sin_addr;
+
+ if (ro.ro_rt)
+ rtfree(ro.ro_rt);
+ }
+
/* UDP Header*/
M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT);
if (m == NULL) {
@@ -1523,7 +1552,7 @@ pflow_sendout_mbuf(struct pflow_softc *s
ui = mtod(m, struct udpiphdr *);
ui-ui_pr = IPPROTO_UDP;
- ui-ui_src = sc-sc_sender_ip;
+ ui-ui_src = sender_ip;
ui-ui_sport = sc-sc_sender_port;
ui-ui_dst = sc-sc_receiver_ip;
ui-ui_dport = sc-sc_receiver_port;
--
I'm not entirely sure you are real.
Re: pms: synaptics touchpad resume fix
On Mon, Sep 02, 2013 at 02:32:50PM +0200, Martin Pieuchot wrote:
You might also rely on the fact that if you have a sc-synaptics
already allocated to try harder. Because in this case you know
that you have a synaptic touchpad.
That works. Here's a simpler diff that fixes my issue, too.
Index: pms.c
===
RCS file: /cvs/src/sys/dev/pckbc/pms.c,v
retrieving revision 1.45
diff -u -p -r1.45 pms.c
--- pms.c 16 Jul 2013 08:11:39 - 1.45
+++ pms.c 2 Sep 2013 16:44:48 -
@@ -937,15 +937,38 @@ pms_enable_synaptics(struct pms_softc *s
struct synaptics_softc *syn = sc-synaptics;
struct wsmousedev_attach_args a;
u_char resp[3];
- int mode;
+ int mode, i;
if (pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_get_status(sc, resp) ||
- resp[1] != SYNAPTICS_ID_MAGIC)
- goto err;
+ resp[1] != SYNAPTICS_ID_MAGIC) {
+ if (sc-synaptics == NULL)
+ goto err;
+ /*
+* Some synaptics touchpads don't resume quickly.
+* Retry a few times.
+*/
+ for (i = 10; i 0; --i) {
+ printf(%s: device not resuming, retrying\n,
+ DEVNAME(sc));
+ pms_reset(sc);
+ if (pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_get_status(sc, resp) ||
+ resp[1] == SYNAPTICS_ID_MAGIC)
+ break;
+ delay(10);
+ }
+ if (i == 0) {
+ printf(%s: lost device\n, DEVNAME(sc));
+ goto err;
+ }
+ }
if (sc-synaptics == NULL) {
sc-synaptics = syn = malloc(sizeof(struct synaptics_softc),
Re: pms: synaptics touchpad resume fix
On Mon, Sep 02, 2013 at 06:51:36PM +0200, Stefan Sperling wrote:
On Mon, Sep 02, 2013 at 02:32:50PM +0200, Martin Pieuchot wrote:
You might also rely on the fact that if you have a sc-synaptics
already allocated to try harder. Because in this case you know
that you have a synaptic touchpad.
That works. Here's a simpler diff that fixes my issue, too.
Maybe it makes sense to try to increase the response time
Index: pckbc.c
===
RCS file: /cvs/src/sys/dev/ic/pckbc.c,v
retrieving revision 1.36
diff -u -p -r1.36 pckbc.c
--- pckbc.c 23 May 2013 18:29:51 - 1.36
+++ pckbc.c 2 Sep 2013 18:24:19 -
@@ -616,7 +616,7 @@ pckbc_poll_cmd1(struct pckbc_internal *t
while (cmd-responseidx cmd-responselen) {
if (cmd-flags KBC_CMDFLAG_SLOW)
- i = 100; /* 10s ??? */
+ i = 1000; /* 100s ??? */
else
i = 10; /* 1s ??? */
while (i--) {
or
Index: pckbc.c
===
RCS file: /cvs/src/sys/dev/ic/pckbc.c,v
retrieving revision 1.36
diff -u -p -r1.36 pckbc.c
--- pckbc.c 23 May 2013 18:29:51 - 1.36
+++ pckbc.c 2 Sep 2013 18:28:43 -
@@ -144,8 +144,8 @@ pckbc_poll_data1(bus_space_tag_t iot, bu
int i;
u_char stat;
- /* polls for ~100ms */
- for (i = 100; i; i--, delay(1000)) {
+ /* polls for ~1s */
+ for (i = 100; i; i--, delay(1)) {
stat = bus_space_read_1(iot, ioh_c, 0);
if (stat KBS_DIB) {
register u_char c;
Index: pms.c
===
RCS file: /cvs/src/sys/dev/pckbc/pms.c,v
retrieving revision 1.45
diff -u -p -r1.45 pms.c
--- pms.c 16 Jul 2013 08:11:39 - 1.45
+++ pms.c 2 Sep 2013 16:44:48 -
@@ -937,15 +937,38 @@ pms_enable_synaptics(struct pms_softc *s
struct synaptics_softc *syn = sc-synaptics;
struct wsmousedev_attach_args a;
u_char resp[3];
- int mode;
+ int mode, i;
if (pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_set_resolution(sc, 0) ||
pms_get_status(sc, resp) ||
- resp[1] != SYNAPTICS_ID_MAGIC)
- goto err;
+ resp[1] != SYNAPTICS_ID_MAGIC) {
+ if (sc-synaptics == NULL)
+ goto err;
+ /*
+ * Some synaptics touchpads don't resume quickly.
+ * Retry a few times.
+ */
+ for (i = 10; i 0; --i) {
+ printf(%s: device not resuming, retrying\n,
+ DEVNAME(sc));
+ pms_reset(sc);
+ if (pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_set_resolution(sc, 0) ||
+ pms_get_status(sc, resp) ||
+ resp[1] == SYNAPTICS_ID_MAGIC)
+ break;
+ delay(10);
+ }
+ if (i == 0) {
+ printf(%s: lost device\n, DEVNAME(sc));
+ goto err;
+ }
+ }
if (sc-synaptics == NULL) {
sc-synaptics = syn = malloc(sizeof(struct synaptics_softc),
--
Alexandr Shadchin
Re: pms: synaptics touchpad resume fix
On Tue, Sep 03, 2013 at 12:22:32AM +0600, Alexandr Shadchin wrote: Maybe it makes sense to try to increase the response time Changing these timeouts doesn't seem to make any difference. It's still retrying 3 or 4 times after resume, then works.
snmpd OPENBSD-PF-MIB table 'match' counters
Hi,
This diff adds the table packet/byte counters for match rules to PF-MIB.
In case gmail mucks up the formatting, the diff is here too:
http://www.packetmischief.ca/files/openbsd/patches/snmpd.match.diff
ok?
.joel
Index: OPENBSD-PF-MIB.txt
===
RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v
retrieving revision 1.2
diff -p -u -r1.2 OPENBSD-PF-MIB.txt
--- OPENBSD-PF-MIB.txt 11 Mar 2013 19:49:37 - 1.2
+++ OPENBSD-PF-MIB.txt 2 Sep 2013 22:28:49 -
@@ -1,6 +1,6 @@
-- $OpenBSD: OPENBSD-PF-MIB.txt,v 1.2 2013/03/11 19:49:37 sthen Exp $
--
--- Copyright (c) 2004-2012 Joel Knight knight.j...@gmail.com
+-- Copyright (c) 2004-2013 Joel Knight knight.j...@gmail.com
--
-- Permission to use, copy, modify, and distribute this document for any
-- purpose with or without fee is hereby granted, provided that the above
@@ -43,6 +43,8 @@ pfMIBObjects MODULE-IDENTITY
DESCRIPTION The MIB module for gathering information from
OpenBSD's packet filter.
+REVISION 201308310446Z
+DESCRIPTION Add pf(4) table byte/packet counters for 'match' rules
REVISION 201302242033Z
DESCRIPTION Add separate counter for failed translations
REVISION 20120126Z
@@ -919,7 +921,11 @@ TblEntry ::=
pfTblOutBlockBytes Counter64,
pfTblOutXPassPkts Counter64,
pfTblOutXPassBytes Counter64,
- pfTblStatsCleared TimeTicks
+ pfTblStatsCleared TimeTicks,
+ pfTblInMatchPkts Counter64,
+ pfTblInMatchBytes Counter64,
+ pfTblOutMatchPkts Counter64,
+ pfTblOutMatchBytes Counter64
}
pfTblIndex OBJECT-TYPE
@@ -1092,6 +1098,44 @@ pfTblStatsCleared OBJECT-TYPE
for this pf table were zeroed.
::= { pfTblEntry 20 }
+pfTblInMatchPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The number of inbound packets that hit a 'match' rule where this
+ particular table was referenced by the rule.
+ ::= { pfTblEntry 21 }
+
+pfTblInMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The total size in bytes of all inbound packets that hit a
+ 'match' rule where this particular table was referenced by
+ the rule.
+ ::= { pfTblEntry 22 }
+
+pfTblOutMatchPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The number of outbound packets that hit a 'match' rule where this
+ particular table was referenced by the rule.
+ ::= { pfTblEntry 23 }
+
+pfTblOutMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The total size in bytes of all outbound packets that hit a
+ 'match' rule where this particular table was referenced by
+ the rule.
+ ::= { pfTblEntry 24 }
+
pfTblAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF TblAddrEntry
MAX-ACCESS not-accessible
@@ -1124,7 +1168,11 @@ TblAddrEntry ::=
pfTblAddrOutBlockPkts Counter64,
pfTblAddrOutBlockBytes Counter64,
pfTblAddrOutPassPkts Counter64,
- pfTblAddrOutPassBytes Counter64
+ pfTblAddrOutPassBytes Counter64,
+ pfTblAddrInMatchPkts Counter64,
+ pfTblAddrInMatchBytes Counter64,
+ pfTblAddrOutMatchPkts Counter64,
+ pfTblAddrOutMatchBytes Counter64
}
pfTblAddrTblIndex OBJECT-TYPE
@@ -1235,6 +1283,42 @@ pfTblAddrOutPassBytes OBJECT-TYPE
The number of outbound bytes passed as a result of matchg
this table entry.
::= { pfTblAddrEntry 12 }
+
+pfTblAddrInMatchPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The number of inbound packets that hit a 'match' rule where
+ this table entry was referenced.
+ ::= { pfTblAddrEntry 13 }
+
+pfTblAddrInMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The total size in bytes of all inbound packets that hit
+ a 'match' rule where this table entry was referenced.
+ ::= { pfTblAddrEntry 14 }
+
+pfTblAddrOutMatchPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The number of outbound packets that hit a 'match' rule where
+ this table entry was referenced.
+ ::= { pfTblAddrEntry 15 }
+
+pfTblAddrOutMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ The total size in bytes of all outbound packets that hit
+ a 'match' rule where this table entry was referenced.
+ ::= { pfTblAddrEntry 16 }
-- pfLabels
Index: mib.c
===
RCS file: /cvs/src/usr.sbin/snmpd/mib.c,v
retrieving revision 1.64
diff -p -u -r1.64 mib.c
--- mib.c 11 Mar 2013 19:49:37 - 1.64
+++ mib.c 2 Sep 2013 22:29:54 -
@@ -1548,6 +1548,10 @@ static struct oid openbsd_mib[] = {
{ MIB(pfTblOutXPassPkts), OID_TRD, mib_pftables },
{ MIB(pfTblOutXPassBytes), OID_TRD, mib_pftables },
{ MIB(pfTblStatsCleared), OID_TRD, mib_pftables },
+ { MIB(pfTblInMatchPkts), OID_TRD, mib_pftables },
+ { MIB(pfTblInMatchBytes), OID_TRD, mib_pftables },
+ { MIB(pfTblOutMatchPkts), OID_TRD,
