Re: NOINET6 by default
On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote:
so as discussed recently having the inet6 link-local addrs on every
interface by default is stupid and a security risk.
this diff fixes that. well, really two independent parts.
one: set the NOINET6 flag by default on each and every interface.
two: implement ifconfig if +inet6 to turn inet6 on and assign
the link-local addr.
this should be transparent for almost all real use cases of inet6
since assigning any inet6 address also resets the flag (and ll is
assigned then as well).
lo0 still gets it's ::1 and fe80::1%lo0 by default.
the only use case that needs config adoption: people ONLY using
link-local, they will need to put +inet6 in the corresponding
hostname.if file.
ok?
To be honest the right fix would be to get rid of IFXF_NOINET6 and
just make it the default. There is no need for such a flag anymore.
Index: sys/net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.288
diff -u -p -r1.288 if.c
--- sys/net/if.c 13 May 2014 14:33:25 - 1.288
+++ sys/net/if.c 14 May 2014 21:03:45 -
@@ -429,6 +429,9 @@ if_attach(struct ifnet *ifp)
#else
TAILQ_INSERT_TAIL(ifnet, ifp, if_list);
#endif
+#ifdef INET6
+ ifp-if_xflags |= IFXF_NOINET6;
+#endif
m_clinitifp(ifp);
Index: sbin/ifconfig/ifconfig.8
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.241
diff -u -p -r1.241 ifconfig.8
--- sbin/ifconfig/ifconfig.8 22 Apr 2014 10:11:32 - 1.241
+++ sbin/ifconfig/ifconfig.8 13 May 2014 14:58:58 -
@@ -283,8 +283,12 @@ Disable
on the given interface and remove all configured
.Xr inet6 4
addresses, including the link-local ones.
-To turn it on again, assign any inet6 address or run
+To turn it on again, use +inet6, assign any inet6 address or run
.Xr rtsol 8 .
+.It +inet6
+Enable
+.Xr inet6 4
+and assign a link local address if the interface doesn't have one yet.
.It Cm instance Ar minst
Set the media instance to
.Ar minst .
Index: sbin/ifconfig/ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.283
diff -u -p -r1.283 ifconfig.c
--- sbin/ifconfig/ifconfig.c 12 May 2014 08:47:37 - 1.283
+++ sbin/ifconfig/ifconfig.c 13 May 2014 14:56:25 -
@@ -412,6 +412,7 @@ const struct cmd {
{ -flowdst, 1,0, unsetpflow_receiver },
{ pflowproto, NEXTARG,0, setpflowproto },
{ -inet6, IFXF_NOINET6, 0, setifxflags } ,
+ { +inet6, 0, 0, setia6eui64 },
{ keepalive, NEXTARG2, 0, NULL, setkeepalive },
{ -keepalive, 1, 0, unsetkeepalive },
{ add,NEXTARG,0, bridge_add },
@@ -1310,7 +1311,9 @@ setia6eui64(const char *cmd, int val)
const struct in6_addr *lladdr = NULL;
struct in6_addr *in6;
- if (afp-af_af != AF_INET6)
+ if (!strcmp(cmd, +inet6))
+ setifxflags(inet6, -IFXF_NOINET6);
+ else if (afp-af_af != AF_INET6)
errx(1, %s not allowed for the AF, cmd);
in6 = (struct in6_addr *)in6_addreq.ifra_addr.sin6_addr;
if (memcmp(in6addr_any.s6_addr[8], in6-s6_addr[8], 8) != 0)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/
--
:wq Claudio
Re: NOINET6 by default
On Thu, May 15, 2014 at 05:48:16AM +0200, Henning Brauer wrote: * Reyk Flöter reyk.floe...@googlemail.com [2014-05-15 01:04]: On 15.05.2014, at 00:46, Henning Brauer lists-openbsdt...@bsws.de wrote: * Mark Kettenis mark.kette...@xs4all.nl [2014-05-15 00:15]: I don't think this is a good idea; didn't we establish the other day that ifconfig if eui64 already did what your +inet6 does? almost, it's ifconfig if inet6 eui64 - but that isn't all THAT intuitive. I like +inet6 as the opposite of -inet6. We don't have + something. It is foo or -foo but not +foo. I know that inet6 is already used for the regular addresses, but +inet6 sounds like an inconsistent workaround for a workaround. I don't like it. just inet6 doesn't work, since that is already used to show all inet6 addrs. i find +inet6 very intuitive... This should just die. Did you ever do ifconfig em0 inet or ifconfig em0 inet6? I never did and I have a few interfaces with a lot of IPs on them. It is a useless gimmick of ifconfig. To enable IPv6 link-local I would rather prefer two options to put either inet6 eui64 (or an alias like inet6 link-local) or an actual inet6 address in your hostname.if. The latter should automatically remove the flag and enable the link-local address - does it work this way? as said many times, yes it does. -- :wq Claudio
Re: recvmsg, fd passing and soreceive
On Wed, May 14, 2014 at 10:03:35PM -0700, Philip Guenther wrote:
On Wed, May 14, 2014 at 10:02 PM, Philip Guenther guent...@gmail.comwrote:
On Wed, May 14, 2014 at 4:58 AM, Jérémie Courrèges-Anglas
j...@wxcvbn.orgwrote:
...
So here's the diff I came up with:
- set MSG_TRUNC for atomic protocols only if there is actually a data
loss
- drop the remaining mbuf(s) if the protocol is atomic *or* it is an
empty message
I'm running this, and I can't see the downsides, but I could use eyes
and comments.
Index: kern/uipc_socket.c
===
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.127
diff -u -p -r1.127 uipc_socket.c
--- kern/uipc_socket.c 7 Apr 2014 10:04:17 - 1.127
+++ kern/uipc_socket.c 14 May 2014 02:56:09 -
@@ -935,13 +935,15 @@ dontblock:
}
}
- if (m pr-pr_flags PR_ATOMIC) {
+ if (m != NULL m-m_len != 0 pr-pr_flags PR_ATOMIC)
+ /* Drop the remaining data later. */
flags |= MSG_TRUNC;
- if ((flags MSG_PEEK) == 0)
- (void) sbdroprecord(so-so_rcv);
- }
+
bikeshedWith the comment 'inside' the 'if', I would probably keep the
braces./bikeshed
if ((flags MSG_PEEK) == 0) {
- if (m == NULL) {
+ if (m != NULL) {
+ if (m-m_len == 0 || pr-pr_flags PR_ATOMIC)
+ sbdroprecord(so-so_rcv);
+ } else {
/*
* First part is an inline SB_EMPTY_FIXUP().
Second
* part makes sure sb_lastrecord is up-to-date if
...and that's an ok guenther@. I would suggest prodding claudio@ for good
measure though.
I wonder what other systems do with regard to fd passing with empty
messages. I always had the feeling that this is not allowed but I never
looked deeper into the standards defining this.
--
:wq Claudio
Re: NOINET6 by default
On 2014/05/15 09:41, Claudio Jeker wrote: On Thu, May 15, 2014 at 05:48:16AM +0200, Henning Brauer wrote: * Reyk Flöter reyk.floe...@googlemail.com [2014-05-15 01:04]: On 15.05.2014, at 00:46, Henning Brauer lists-openbsdt...@bsws.de wrote: * Mark Kettenis mark.kette...@xs4all.nl [2014-05-15 00:15]: I don't think this is a good idea; didn't we establish the other day that ifconfig if eui64 already did what your +inet6 does? almost, it's ifconfig if inet6 eui64 - but that isn't all THAT intuitive. I like +inet6 as the opposite of -inet6. We don't have + something. It is foo or -foo but not +foo. I know that inet6 is already used for the regular addresses, but +inet6 sounds like an inconsistent workaround for a workaround. I don't like it. just inet6 doesn't work, since that is already used to show all inet6 addrs. i find +inet6 very intuitive... This should just die. Did you ever do ifconfig em0 inet or ifconfig em0 inet6? I never did and I have a few interfaces with a lot of IPs on them. It is a useless gimmick of ifconfig. The only place I'm aware of it being used is ifconfig lo0 inet6 in netstart to check whether the kernel is built with v6 support.
Re: NOINET6 by default
On Thu, May 15, 2014 at 06:58:53AM +0200, Jérémie Courrèges-Anglas wrote: Paul de Weerd we...@weirdnet.nl writes: [...] This makes a whole lot of sense to me. Please make OpenBSD the first OS to do (this part of) v6 in a sensible way. Actually that makes me laugh. Sensible, weeeh. Let's protect our users from the dangers of IPv6 link-local addresses! Wait, what users are we talking about? We have no users, right, we have developers that break stuff, and other developers that clean up the feces. Between +inet6 and eui64 all we have are non-idiomatic or broken alternatives. Link-local addresses have been exposed since almost 15 years now, it's a good time to decide that they are persona non grata in OpenBSD land. After all, the v6 stack has had all the testing it could get, now that we know that it works well, we don't need testing anymore. What could be sensible, though, is accepting the fact that IPv6 exists, and the fact that link-local addresses are part of it, whether you have global connectivity or not. Now call me a v6 zealot, I probably live and work in an imaginary world. That reasoning would also leed to the conclusion that we should remove 'up' and 'down' from ifconfig. Since you have a network card installed and it is part of the system and should therefor be running. There is no need to install a link-local address on an interface just because it was up-ed. Would you like that we install link local IPv4 addresses on all interfaces? It would be possible. It would be ridiculous. Also not every interface needs a link-local address. It actually causes strange behaviours when bridge(4)-ing stuff together. This is why -inet6 was created as a hack around the fact that IPv6 is greedy taking over your network. It is time to replace the hack with a proper solution. -- :wq Claudio
Re: IFT_L2VLAN is unused
On Thu, May 15, 2014 at 12:14:37AM +0200, Alexander Bluhm wrote: On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote: so as discussed recently having the inet6 link-local addrs on every interface by default is stupid and a security risk. Connecting a computer to the internet is a security risk. IPv4 is on by default, and so IPv6 should be on by default. No it's not 'on by default'. I want both to be handled the same way. Then by your logic, we should assign an IPv4 link local address as well, from the 169.254.0.0/16 range. the only use case that needs config adoption: people ONLY using link-local, they will need to put +inet6 in the corresponding hostname.if file. There is a use case for running IPv6 over an interface without setting an address. Yes, there is. Configure a global IPv6 address on lo0, run ospf6d on any physical interface and it will provide connection. But that is not a good use case. Read the RFCs. IPv6 autoconfiguration with link-local addresses is useful. It can be useful, but whether it should be the default or not is another matter. Autoconfiguration in general is dangerous and unnecessary. We have it as an option. Those who want to use it have a choice. Why don't the two OpenBSD users who actually use IPv6 just use link local addresses between themselves :-))) -- Creamy! 3
Re: NOINET6 by default
On Thu, May 15, 2014 at 10:24:57AM +0200, Claudio Jeker wrote: On Thu, May 15, 2014 at 06:58:53AM +0200, J?r?mie Courr?ges-Anglas wrote: Paul de Weerd we...@weirdnet.nl writes: [...] This makes a whole lot of sense to me. Please make OpenBSD the first OS to do (this part of) v6 in a sensible way. Actually that makes me laugh. Sensible, weeeh. Let's protect our users from the dangers of IPv6 link-local addresses! Wait, what users are we talking about? We have no users, right, we have developers that break stuff, and other developers that clean up the feces. Between +inet6 and eui64 all we have are non-idiomatic or broken alternatives. Link-local addresses have been exposed since almost 15 years now, it's a good time to decide that they are persona non grata in OpenBSD land. After all, the v6 stack has had all the testing it could get, now that we know that it works well, we don't need testing anymore. What could be sensible, though, is accepting the fact that IPv6 exists, and the fact that link-local addresses are part of it, whether you have global connectivity or not. Now call me a v6 zealot, I probably live and work in an imaginary world. That reasoning would also leed to the conclusion that we should remove 'up' and 'down' from ifconfig. Since you have a network card installed and it is part of the system and should therefor be running. And by this argument it should be running IPX/SPX and NBF all the time as well. Why not run the line up/line down protocol too for backwards compatibility. There is no need to install a link-local address on an interface just because it was up-ed. But to be clear, it is supposedly required to have a link-local address if IPv6 is to be used on that interface, unless it is used as a bridge without it's own IP address. Would you like that we install link local IPv4 addresses on all interfaces? It would be possible. It would be ridiculous. It would be ridiculous, but somebody would find a use for it. Also not every interface needs a link-local address. It actually causes strange behaviours when bridge(4)-ing stuff together. This is why -inet6 was created as a hack around the fact that IPv6 is greedy taking over your network. Damn this IPv6 virus! Is IPv6 really just an evil plan by the sinister corporations and governments of the world to DDOS the entire internet, one OpenBSD box at a time? Let's face it, EBCDIC didn't cause enough confusion and headaches so let's try confusing people with IPv6, complete with IP addresses that look like an MD5 checksum gone wrong, and impossible to remember. It is time to replace the hack with a proper solution. IPv6 exists. It's useful. OpenBSD supports it very well. Do we need it enabled by default? No. -- Creamy! 3
Re: libedit patch
Hi
This reads fine to me, did you take the NetBSD version of this diff?
Our libedit comes from NetBSD and we'll probably want to update from
there again some time.
On Wed, May 14, 2014 at 10:25:10PM -0700, Eitan Adler wrote:
Hi all,
The following patch has been committed in various forms to NetBSD and
FreeBSD. I ported it to OpenBSD and 'mildly' tested it.
I'm hoping someone on this list could pick this patch up, make sure it
fully conforms to OpenBSD style, and commits it.
For additional context: this patch enables saving history when run in
the capsicum sandbox. In particular new Fds can't be opened after
cap_enter( ) has been called.
Index: editline.3
===
RCS file: /cvs/src/lib/libedit/editline.3,v
retrieving revision 1.33
diff -u -p -r1.33 editline.3
--- editline.310 Jan 2013 14:21:47 - 1.33
+++ editline.315 May 2014 05:19:18 -
@@ -735,6 +735,11 @@ Load the history list stored in
.It Dv H_SAVE , Fa const char *file
Save the history list to
.Fa file .
+.It Dv H_SAVE_FP , Fa FILE *fp
+Save the history list to the opened
+.Fa fp
+.Ft FILE
+pointer .
.It Dv H_SETUNIQUE , Fa int unique
Set flag that adjacent identical event strings should not be entered
into the history.
Index: hist.h
===
RCS file: /cvs/src/lib/libedit/hist.h,v
retrieving revision 1.8
diff -u -p -r1.8 hist.h
--- hist.h30 Jun 2010 00:05:35 - 1.8
+++ hist.h15 May 2014 05:19:18 -
@@ -1,5 +1,5 @@
/* $OpenBSD: hist.h,v 1.8 2010/06/30 00:05:35 nicm Exp $ */
-/* $NetBSD: hist.h,v 1.12 2009/12/30 23:54:52 christos Exp $ */
+/* $NetBSD: hist.h,v 1.14 2014/05/11 01:05:17 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -74,6 +74,7 @@ typedef struct el_history_t {
#define HIST_SET(el, num) HIST_FUN(el, H_SET, num)
#define HIST_LOAD(el, fname)HIST_FUN(el, H_LOAD fname)
#define HIST_SAVE(el, fname)HIST_FUN(el, H_SAVE fname)
+#define HIST_SAVE_FP(el, fp)HIST_FUN(el, H_SAVE_FP fp)
protected inthist_init(EditLine *);
protected void hist_end(EditLine *);
Index: histedit.h
===
RCS file: /cvs/src/lib/libedit/histedit.h,v
retrieving revision 1.11
diff -u -p -r1.11 histedit.h
--- histedit.h7 Jul 2011 05:40:42 - 1.11
+++ histedit.h15 May 2014 05:19:19 -
@@ -1,5 +1,5 @@
/* $OpenBSD: histedit.h,v 1.11 2011/07/07 05:40:42 okan Exp $ */
-/* $NetBSD: histedit.h,v 1.46 2010/04/15 00:50:03 christos Exp $ */
+/* $NetBSD: histedit.h,v 1.52 2014/05/11 01:05:17 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -225,6 +225,7 @@ int history(History *, HistEvent *, int
#define H_NEXT_EVDATA 23 /* , const int, histdata_t *); */
#define H_DELDATA 24 /* , int, histdata_t *);*/
#define H_REPLACE 25 /* , const char *, histdata_t); */
+#define H_SAVE_FP 26 /* , FILE *); */
Index: history.c
===
RCS file: /cvs/src/lib/libedit/history.c,v
retrieving revision 1.17
diff -u -p -r1.17 history.c
--- history.c 19 Jan 2014 11:48:54 - 1.17
+++ history.c 15 May 2014 05:19:20 -
@@ -1,5 +1,5 @@
/* $OpenBSD: history.c,v 1.17 2014/01/19 11:48:54 tobias Exp $ */
-/* $NetBSD: history.c,v 1.37 2010/01/03 18:27:10 christos Exp $*/
+/* $NetBSD: history.c,v 1.47 2014/05/11 01:05:17 christos Exp $*/
/*-
* Copyright (c) 1992, 1993
@@ -103,6 +103,7 @@ private int history_getunique(TYPE(Histo
private int history_set_fun(TYPE(History) *, TYPE(History) *);
private int history_load(TYPE(History) *, const char *);
private int history_save(TYPE(History) *, const char *);
+private int history_save_fp(TYPE(History) *, FILE *);
private int history_prev_event(TYPE(History) *, TYPE(HistEvent) *, int);
private int history_next_event(TYPE(History) *, TYPE(HistEvent) *, int);
private int history_next_string(TYPE(History) *, TYPE(HistEvent) *,
const Char *);
@@ -784,13 +785,12 @@ done:
}
-/* history_save():
+/* history_save_fp():
* TYPE(History) save function
*/
private int
-history_save(TYPE(History) *h, const char *fname)
+history_save_fp(TYPE(History) *h, FILE *fp)
{
- FILE *fp;
TYPE(HistEvent) ev;
int i = -1, retval;
size_t len, max_size;
@@ -799,9 +799,6 @@ history_save(TYPE(History) *h, const cha
static ct_buffer_t conv;
#endif
- if ((fp = fopen(fname, w)) == NULL)
- return (-1);
-
if (fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1)
goto done;
if (fputs(hist_cookie, fp) == EOF)
@@ -830,10 +827,22 @@
Remove lladdrs from the RB-tree
Here's an updated diff to remove the link-layer address of every
interface from the RB-tree and the per-ifp lists.
ok?
Index: net/if.c
===
RCS file: /home/ncvs/src/sys/net/if.c,v
retrieving revision 1.288
diff -u -p -r1.288 if.c
--- net/if.c13 May 2014 14:33:25 - 1.288
+++ net/if.c14 May 2014 10:17:59 -
@@ -322,7 +322,7 @@ if_alloc_sadl(struct ifnet *ifp)
if (socksize sizeof(*sdl))
socksize = sizeof(*sdl);
socksize = ROUNDUP(socksize);
- ifasize = sizeof(*ifa) + 2 * socksize;
+ ifasize = sizeof(*ifa) + socksize;
ifa = malloc(ifasize, M_IFADDR, M_WAITOK|M_ZERO);
sdl = (struct sockaddr_dl *)(ifa + 1);
sdl-sdl_len = socksize;
@@ -337,12 +337,7 @@ if_alloc_sadl(struct ifnet *ifp)
ifa-ifa_rtrequest = link_rtrequest;
ifa-ifa_addr = (struct sockaddr *)sdl;
ifp-if_sadl = sdl;
- sdl = (struct sockaddr_dl *)(socksize + (caddr_t)sdl);
- ifa-ifa_netmask = (struct sockaddr *)sdl;
- sdl-sdl_len = masklen;
- while (namelen != 0)
- sdl-sdl_data[--namelen] = 0xff;
- ifa_add(ifp, ifa);
+ ifa-ifa_netmask = NULL;
}
/*
@@ -362,7 +357,6 @@ if_free_sadl(struct ifnet *ifp)
s = splnet();
rt_ifa_del(ifa, 0, ifa-ifa_addr);
- ifa_del(ifp, ifa);
ifafree(ifp-if_lladdr);
ifp-if_lladdr = NULL;
ifp-if_sadl = NULL;
@@ -1251,7 +1245,7 @@ ifioctl(struct socket *so, u_long cmd, c
struct ifgroupreq *ifgr;
char ifdescrbuf[IFDESCRSIZE];
char ifrtlabelbuf[RTLABEL_LEN];
- int s, error = 0, needsadd;
+ int s, error = 0;
size_t bytesdone;
short oif_flags;
const char *label;
@@ -1536,7 +1530,6 @@ ifioctl(struct socket *so, u_long cmd, c
/* remove all routing entries when switching domains */
/* XXX hell this is ugly */
- needsadd = 0;
if (ifr-ifr_rdomainid != ifp-if_rdomain) {
s = splnet();
if (ifp-if_flags IFF_UP)
@@ -1562,12 +1555,6 @@ ifioctl(struct socket *so, u_long cmd, c
#ifdef INET
in_ifdetach(ifp);
#endif
- /*
-* Remove sadl from ifa RB tree because rdomain is part
-* of the lookup key and re-add it after the switch.
-*/
- ifa_del(ifp, ifp-if_lladdr);
- needsadd = 1;
splx(s);
}
@@ -1578,10 +1565,6 @@ ifioctl(struct socket *so, u_long cmd, c
/* Add interface to the specified rdomain */
ifp-if_rdomain = ifr-ifr_rdomainid;
-
- /* re-add sadl to the ifa RB tree in new rdomain */
- if (needsadd)
- ifa_add(ifp, ifp-if_lladdr);
break;
case SIOCAIFGROUP:
@@ -2226,10 +2209,7 @@ sysctl_ifq(int *name, u_int namelen, voi
void
ifa_add(struct ifnet *ifp, struct ifaddr *ifa)
{
- if (ifa-ifa_addr-sa_family == AF_LINK)
- TAILQ_INSERT_HEAD(ifp-if_addrlist, ifa, ifa_list);
- else
- TAILQ_INSERT_TAIL(ifp-if_addrlist, ifa, ifa_list);
+ TAILQ_INSERT_TAIL(ifp-if_addrlist, ifa, ifa_list);
ifa_item_insert(ifa-ifa_addr, ifa, ifp);
if (ifp-if_flags IFF_BROADCAST ifa-ifa_broadaddr)
ifa_item_insert(ifa-ifa_broadaddr, ifa, ifp);
Index: net/rtsock.c
===
RCS file: /home/ncvs/src/sys/net/rtsock.c,v
retrieving revision 1.143
diff -u -p -r1.143 rtsock.c
--- net/rtsock.c25 Apr 2014 10:41:09 - 1.143
+++ net/rtsock.c14 May 2014 10:17:59 -
@@ -1317,8 +1317,7 @@ sysctl_iflist(int af, struct walkarg *w)
}
info.rti_info[RTAX_IFP] = NULL;
TAILQ_FOREACH(ifa, ifp-if_addrlist, ifa_list) {
- if (ifa-ifa_addr-sa_family == AF_LINK)
- continue;
+ KASSERT(ifa-ifa_addr-sa_family != AF_LINK);
if (af af != ifa-ifa_addr-sa_family)
continue;
info.rti_info[RTAX_IFA] = ifa-ifa_addr;
Re: run(4) firmware update; please test
On Thu, May 15, 2014 at 11:35:32AM +0200, Stefan Sperling wrote: cd /usr/src/sys/dev/microcode/rum # yes, rum with m patch this-patch make obj make depend sudo make install This should have said 'make' instead of 'make depend'.
ftp.fr mirror is going down
Hi. The ftp.fr mirror is going down for an undefined period of time (could be forever). Please migrate to another mirror for the time being. Thank you and sorry for the inconvenience. -- Antoine
Re: libedit patch
On 15 May 2014 01:40, Nicholas Marriott nicholas.marri...@gmail.com wrote: Hi This reads fine to me, did you take the NetBSD version of this diff? Our libedit comes from NetBSD and we'll probably want to update from there again some time. This is the NetBSD patch ported to OpenBSD (only minor changes were needed). A true vendor import would be sufficient as well. :) -- Eitan Adler
Re: run(4) firmware update; please test
On 05/15/14 10:35, Stefan Sperling wrote: This firmware update to version 0.33 is a prequisite for newer run(4) devices which are not yet supported. Can active users of run(4) devices please test this update to make sure no regressions are introduced for already working devices? I don't have a supported run(4) device to test with. cd /usr/src/sys/dev/microcode/rum # yes, rum with m patch this-patch make obj make depend sudo make install I've obtained permission from Mediatek/Ralink to distribute this firmware update under the terms in /etc/firmware/run-license. Hi, Tested with the at TP-Link TL-WN727N USB Wifi device: May 15 13:24:46 x41 /bsd: run0 at uhub0 port 4 Ralink 802.11 n WLAN rev 2.00/1.01 addr 3 May 15 13:24:46 x41 /bsd: run0: MAC/BBP RT3070 (rev 0x0201), RF RT3020 (MIMO 1T1R), address 74:ea:3a:8a:b6:8f No regressions with this diff. Thanks Fred
Re: libcrypto: stop some ASN.1 bleeding
As promised, here is a new diff. Bob Beck suggested introducing wrappers
to the time-related functions, so that the error path becomes easier to
understand; this makes the diff to these functions much simpler indeed.
Index: a_gentm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_gentm.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_gentm.c
--- a_gentm.c 19 Apr 2014 11:43:07 - 1.17
+++ a_gentm.c 15 May 2014 18:30:29 -
@@ -208,20 +208,15 @@ ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZE
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
}
-ASN1_GENERALIZEDTIME *
-ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
-long offset_sec)
+static ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj_internal(ASN1_GENERALIZEDTIME *s, time_t t,
+int offset_day, long offset_sec)
{
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
- if (s == NULL)
- s = M_ASN1_GENERALIZEDTIME_new();
- if (s == NULL)
- return (NULL);
-
ts = gmtime_r(t, data);
if (ts == NULL)
return (NULL);
@@ -249,4 +244,25 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZE
s-length = strlen(p);
s-type = V_ASN1_GENERALIZEDTIME;
return (s);
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
+long offset_sec)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (s == NULL) {
+ tmp = M_ASN1_GENERALIZEDTIME_new();
+ if (tmp == NULL)
+ return NULL;
+ s = tmp;
+ }
+
+ ret = ASN1_GENERALIZEDTIME_adj_internal(s, t, offset_day, offset_sec);
+ if (ret == NULL tmp != NULL)
+ M_ASN1_GENERALIZEDTIME_free(tmp);
+
+ return ret;
+
}
Index: a_time.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_time.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_time.c
--- a_time.c21 Apr 2014 00:52:00 - 1.17
+++ a_time.c15 May 2014 18:30:29 -
@@ -120,8 +120,8 @@ ASN1_TIME_check(ASN1_TIME *t)
}
/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *
-ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+static ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime_internal(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
{
ASN1_GENERALIZEDTIME *ret;
char *str;
@@ -131,13 +131,7 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
if (!ASN1_TIME_check(t))
return NULL;
- if (!out || !*out) {
- if (!(ret = ASN1_GENERALIZEDTIME_new ()))
- return NULL;
- if (out)
- *out = ret;
- } else
- ret = *out;
+ ret = *out;
/* If already GeneralizedTime just copy across */
if (t-type == V_ASN1_GENERALIZEDTIME) {
@@ -152,12 +146,32 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t-length + 2 + 1;
str = (char *)ret-data;
+ /* XXX ASN1_TIME is not Y2050 compatible */
i = snprintf(str, newlen, %s%s, (t-data[0] = '5') ? 19 : 20,
(char *) t-data);
if (i == -1 || i = newlen) {
- ASN1_STRING_free(ret);
+ M_ASN1_GENERALIZEDTIME_free(ret);
+ *out = NULL;
return NULL;
}
+ return ret;
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (!out || !*out) {
+ if (!(tmp = ASN1_GENERALIZEDTIME_new()))
+ return NULL;
+ out = tmp;
+ }
+
+ ret = ASN1_TIME_to_generalizedtime_internal(t, out);
+ if (ret == NULL tmp != NULL)
+ ASN1_GENERALIZEDTIME_free(tmp);
+
return ret;
}
Index: a_utctm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_utctm.c,v
retrieving revision 1.22
diff -u -p -r1.22 a_utctm.c
--- a_utctm.c 21 Apr 2014 11:23:09 - 1.22
+++ a_utctm.c 15 May 2014 18:30:29 -
@@ -149,19 +149,15 @@ ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t
return ASN1_UTCTIME_adj(s, t, 0, 0);
}
-ASN1_UTCTIME *
-ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
+static ASN1_UTCTIME *
+ASN1_UTCTIME_adj_internal(ASN1_UTCTIME *s, time_t t, int offset_day,
+long offset_sec)
{
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
- if (s == NULL)
- s = M_ASN1_UTCTIME_new();
- if (s == NULL)
- return (NULL);
-
ts = gmtime_r(t, data);
if (ts == NULL)
got me a 16-core octeon donated.
Its made by Movidis, and it has some linux on it now which boots. Of course, getting openbsd-octeon on it was the next step, but it won't load the bsd.rd correctly: Movidis X16 U-Boot version 1.6.1 (Build time: Nov 23 2007 - 18:27:52) CUST_WSX16 board revision major:1, minor:1, serial #: F12032617 OCTEON CN38XX-NSP revision: 3, Core clock: 500 MHz, DDR clock: 333 MHz (666 Mhz data rate) DRAM: 4096 MB Flash: 2 MB IPD backpressure workaround verified, took 11 loops Clearing DRAM done BIST check passed. Starting PCI PCI Status: PCI-X 64-bit PCI BAR 0: 0x, PCI BAR 1: Memory 0x PCI 0xf800 Net: octeth0, octeth1, octeth2, octeth3, octeth4, octeth5, octeth6, octeth7 0 Movidis x16 INTERRUPT Movidis x16 Movidis x16 setenv ipaddr 192.168.1.199 Movidis x16 setenv serverip 192.168.1.70 Movidis x16 tftpboot 0 bsd.octeon octeth0:Up 1Gbs Full duplex, (port 0) Using octeth0 device TFTP from server 192.168.1.70; our IP address is 192.168.1.199 Filename 'bsd.octeon'. Load address: 0x10 Loading: ### done Bytes transferred = 7291501 (6f426d hex), 346 Kbytes/sec Movidis x16 bootoctlinux ELF file is 64 bit Allocated memory for ELF segment: addr: 0x100, size 0x72fb80 Error allocating memory for elf image! ## Loading Linux kernel with entry point: 0x0010 ... Bootloader: Done loading app on coremask: 0x1 and then it just hangs there. Other info from the U-boot: Movidis x16 printenv bootdelay=0 baudrate=115200 download_baudrate=115200 bootloader_flash_update=protect off 0xbf43 0xbf47;erase 0xbf43 0xbf47;cp.b 0x10 0xbf43 0x5 flash_update=protect off 0xbec3 0xbec7;erase 0xbec3 0xbec7;cp.b 0x10 0xbec3 0x5 gatewayip=192.168.1.1 netmask=255.255.255.0 dnsip=192.168.1.1 ipaddr=192.168.1.77 serverip=192.168.1.151 bootsas=tftpboot; bootoctlinux 3100 mem=0 numcores=16 root=/dev/sda1 autostart=yes ethact=octeth0 bootfile=vmlinux.64 bootpartsize=1e0 fsloadfile=vmlinux.64.ram.1.6 bootcmd=fsload; bootoctlinux 10 numcores=16 endbootargs mtdparts=ws16-nand:30m(kernel),20m(rootfs),10m(appl) loadaddr=0x10 coremask_override=0x numcores=16 stdin=serial stdout=serial stderr=serial Environment size: 767/65532 bytes Movidis x16 base Base Address64: 0x8000, Base Address: 0x Movidis x16 namedprint List of currently allocated named bootmem blocks: Name: __tmp_load, address: 0x0010, size: 0x00f0, index: 0 Name: __tmp_reserved_linux, address: 0x0100, size: 0x0800, index: 1 So it doesn't seem to like either bsd nor bsd.rd, and it doesn't print anything after bootoctlinux. Where to go from here? Is the 0x10 boot address completely off? -- May the most significant bit of your life be positive.
Re: libcrypto: stop some ASN.1 bleeding
Miod Vallat m...@online.fr writes:
As promised, here is a new diff. Bob Beck suggested introducing wrappers
to the time-related functions, so that the error path becomes easier to
understand; this makes the diff to these functions much simpler
indeed.
That's helpful. It definitely makes it easier to read.
Index: a_gentm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_gentm.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_gentm.c
--- a_gentm.c 19 Apr 2014 11:43:07 - 1.17
+++ a_gentm.c 15 May 2014 18:30:29 -
@@ -208,20 +208,15 @@ ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZE
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
}
-ASN1_GENERALIZEDTIME *
-ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
-long offset_sec)
+static ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj_internal(ASN1_GENERALIZEDTIME *s, time_t t,
+int offset_day, long offset_sec)
{
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
- if (s == NULL)
- s = M_ASN1_GENERALIZEDTIME_new();
- if (s == NULL)
- return (NULL);
-
ts = gmtime_r(t, data);
if (ts == NULL)
return (NULL);
@@ -249,4 +244,25 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZE
s-length = strlen(p);
s-type = V_ASN1_GENERALIZEDTIME;
return (s);
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
+long offset_sec)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (s == NULL) {
+ tmp = M_ASN1_GENERALIZEDTIME_new();
+ if (tmp == NULL)
+ return NULL;
+ s = tmp;
+ }
+
+ ret = ASN1_GENERALIZEDTIME_adj_internal(s, t, offset_day, offset_sec);
+ if (ret == NULL tmp != NULL)
+ M_ASN1_GENERALIZEDTIME_free(tmp);
+
+ return ret;
+
}
Index: a_time.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_time.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_time.c
--- a_time.c 21 Apr 2014 00:52:00 - 1.17
+++ a_time.c 15 May 2014 18:30:29 -
@@ -120,8 +120,8 @@ ASN1_TIME_check(ASN1_TIME *t)
}
/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *
-ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+static ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime_internal(ASN1_TIME *t, ASN1_GENERALIZEDTIME
**out)
{
ASN1_GENERALIZEDTIME *ret;
char *str;
@@ -131,13 +131,7 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
if (!ASN1_TIME_check(t))
return NULL;
- if (!out || !*out) {
- if (!(ret = ASN1_GENERALIZEDTIME_new ()))
- return NULL;
- if (out)
- *out = ret;
- } else
- ret = *out;
+ ret = *out;
/* If already GeneralizedTime just copy across */
if (t-type == V_ASN1_GENERALIZEDTIME) {
@@ -152,12 +146,32 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t-length + 2 + 1;
str = (char *)ret-data;
+ /* XXX ASN1_TIME is not Y2050 compatible */
i = snprintf(str, newlen, %s%s, (t-data[0] = '5') ? 19 : 20,
(char *) t-data);
if (i == -1 || i = newlen) {
- ASN1_STRING_free(ret);
+ M_ASN1_GENERALIZEDTIME_free(ret);
+ *out = NULL;
return NULL;
}
+ return ret;
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (!out || !*out) {
+ if (!(tmp = ASN1_GENERALIZEDTIME_new()))
+ return NULL;
+ out = tmp;
So we no longer return the newly-allocated ASN1_GENERALIZEDTIME through
*out? This might be a problem, since callers seem to use the value in
*out instead of storing the return value.
+ }
+
+ ret = ASN1_TIME_to_generalizedtime_internal(t, out);
+ if (ret == NULL tmp != NULL)
+ ASN1_GENERALIZEDTIME_free(tmp);
+
return ret;
}
Index: a_utctm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_utctm.c,v
retrieving revision 1.22
diff -u -p -r1.22 a_utctm.c
--- a_utctm.c 21 Apr 2014 11:23:09 - 1.22
+++ a_utctm.c 15 May 2014 18:30:29 -
@@ -149,19 +149,15 @@ ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t
return ASN1_UTCTIME_adj(s, t, 0, 0);
}
-ASN1_UTCTIME *
-ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
+static ASN1_UTCTIME *
+ASN1_UTCTIME_adj_internal(ASN1_UTCTIME *s, time_t t, int offset_day,
+long
Re: libcrypto: stop some ASN.1 bleeding
Index: a_time.c
+ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (!out || !*out) {
+ if (!(tmp = ASN1_GENERALIZEDTIME_new()))
+ return NULL;
+ out = tmp;
So we no longer return the newly-allocated ASN1_GENERALIZEDTIME through
*out? This might be a problem, since callers seem to use the value in
*out instead of storing the return value.
Oh, you mean in the case where out != NULL but *out == NULL. You're
right. The last line above should be
if (out != NULL)
*out = tmp;
else
out = tmp;
Fixed diff below.
Index: a_gentm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_gentm.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_gentm.c
--- a_gentm.c 19 Apr 2014 11:43:07 - 1.17
+++ a_gentm.c 15 May 2014 19:34:46 -
@@ -208,20 +208,15 @@ ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZE
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
}
-ASN1_GENERALIZEDTIME *
-ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
-long offset_sec)
+static ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj_internal(ASN1_GENERALIZEDTIME *s, time_t t,
+int offset_day, long offset_sec)
{
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
- if (s == NULL)
- s = M_ASN1_GENERALIZEDTIME_new();
- if (s == NULL)
- return (NULL);
-
ts = gmtime_r(t, data);
if (ts == NULL)
return (NULL);
@@ -249,4 +244,25 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZE
s-length = strlen(p);
s-type = V_ASN1_GENERALIZEDTIME;
return (s);
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
+long offset_sec)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (s == NULL) {
+ tmp = M_ASN1_GENERALIZEDTIME_new();
+ if (tmp == NULL)
+ return NULL;
+ s = tmp;
+ }
+
+ ret = ASN1_GENERALIZEDTIME_adj_internal(s, t, offset_day, offset_sec);
+ if (ret == NULL tmp != NULL)
+ M_ASN1_GENERALIZEDTIME_free(tmp);
+
+ return ret;
+
}
Index: a_time.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_time.c,v
retrieving revision 1.17
diff -u -p -r1.17 a_time.c
--- a_time.c21 Apr 2014 00:52:00 - 1.17
+++ a_time.c15 May 2014 19:34:46 -
@@ -120,8 +120,8 @@ ASN1_TIME_check(ASN1_TIME *t)
}
/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *
-ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+static ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime_internal(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
{
ASN1_GENERALIZEDTIME *ret;
char *str;
@@ -131,13 +131,7 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
if (!ASN1_TIME_check(t))
return NULL;
- if (!out || !*out) {
- if (!(ret = ASN1_GENERALIZEDTIME_new ()))
- return NULL;
- if (out)
- *out = ret;
- } else
- ret = *out;
+ ret = *out;
/* If already GeneralizedTime just copy across */
if (t-type == V_ASN1_GENERALIZEDTIME) {
@@ -152,12 +146,35 @@ ASN1_TIME_to_generalizedtime(ASN1_TIME *
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t-length + 2 + 1;
str = (char *)ret-data;
+ /* XXX ASN1_TIME is not Y2050 compatible */
i = snprintf(str, newlen, %s%s, (t-data[0] = '5') ? 19 : 20,
(char *) t-data);
if (i == -1 || i = newlen) {
- ASN1_STRING_free(ret);
+ M_ASN1_GENERALIZEDTIME_free(ret);
+ *out = NULL;
return NULL;
}
+ return ret;
+}
+
+ASN1_GENERALIZEDTIME *
+ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+{
+ ASN1_GENERALIZEDTIME *tmp = NULL, *ret;
+
+ if (!out || !*out) {
+ if (!(tmp = ASN1_GENERALIZEDTIME_new()))
+ return NULL;
+ if (out != NULL)
+ *out = tmp;
+ else
+ out = tmp;
+ }
+
+ ret = ASN1_TIME_to_generalizedtime_internal(t, out);
+ if (ret == NULL tmp != NULL)
+ ASN1_GENERALIZEDTIME_free(tmp);
+
return ret;
}
Index: a_utctm.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_utctm.c,v
retrieving revision 1.22
diff -u -p -r1.22 a_utctm.c
--- a_utctm.c 21 Apr 2014 11:23:09 - 1.22
+++
Re: got me a 16-core octeon donated.
After some insight from jasper, I stripped away the randomdata section and voila: Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (RAMDISK) #0: Fri Mar 14 12:10:56 CET 2014 r...@octeon.office.jasper.la:/usr/src/sys/arch/octeon/compile/RAMDISK real mem = 4002201600 (3816MB) avail mem = 3970760704 (3786MB) warning: no entropy supplied by boot loader mainbus0 at root cpu0 at mainbus0: Unknown CPU type (0x0) rev 0.3 500 MHz, Software FP emulation cpu0: cache L1-I 32KB D 16KB 4 way, L2 128KB direct clock0 at mainbus0: int 5 iobus0 at mainbus0 octcf at iobus0 base 0x1d000800 irq 0 not configured pcibus0 at iobus0 irq 0 pci0 at pcibus0 bus 0 0:0:0: mem address conflict 0xf800/0x800 0:2:0: bridge mem address conflict 0x1000/0x10 vendor Cavium, unknown product 0x0005 (class processor subclass MIPS, rev 0x03) at pci0 dev 0 function 0 not configured Pericom PI7C21P100 PCIX-PCIX rev 0x01 at pci0 dev 2 function 0 not configured cn30xxgmx0 at iobus0 base 0x118000800 irq 48 unsupported octeon model: 0xd0003 octrng at iobus0 base 0x14000 irq 0 not configured uar: ns16550, no working fifo com0: console com1 at uartbus0 base 0x118000c00 irq 35: ns16550, no working fifo root on rd0a swap on rd0b dump on rd0b WARNING: No TOD clock, believing file system. WARNING: CHECK AND RESET THE DATE! erase ^?, werase ^W, kill ^U, intr ^C, status ^T Welcome to the OpenBSD/octeon 5.5 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s The command was (assuming you have a mips64 or build cross-tools): /usr/cross/octeon/usr/bin/mips64-unknown-openbsd5.5-strip -R .openbsd.randomdata /tftpboot/bsd.rd.octeon and then it JustWorked(tm)! 2014-05-15 21:32 GMT+02:00 Jasper Lievisse Adriaanse jas...@openbsd.org: On Thu, May 15, 2014 at 09:04:14PM +0200, Janne Johansson wrote: Its made by Movidis, and it has some linux on it now which boots. Of course, getting openbsd-octeon on it was the next step, but it won't load the bsd.rd correctly: Movidis X16 U-Boot version 1.6.1 (Build time: Nov 23 2007 - 18:27:52) CUST_WSX16 board revision major:1, minor:1, serial #: F12032617 OCTEON CN38XX-NSP revision: 3, Core clock: 500 MHz, DDR clock: 333 MHz (666 Mhz data rate) DRAM: 4096 MB Flash: 2 MB IPD backpressure workaround verified, took 11 loops Clearing DRAM done BIST check passed. Starting PCI PCI Status: PCI-X 64-bit PCI BAR 0: 0x, PCI BAR 1: Memory 0x PCI 0xf800 Net: octeth0, octeth1, octeth2, octeth3, octeth4, octeth5, octeth6, octeth7 0 Movidis x16 INTERRUPT Movidis x16 Movidis x16 setenv ipaddr 192.168.1.199 Movidis x16 setenv serverip 192.168.1.70 Movidis x16 tftpboot 0 bsd.octeon octeth0:Up 1Gbs Full duplex, (port 0) Using octeth0 device TFTP from server 192.168.1.70; our IP address is 192.168.1.199 Filename 'bsd.octeon'. Load address: 0x10 Loading: ### done Bytes transferred = 7291501 (6f426d hex), 346 Kbytes/sec Movidis x16 bootoctlinux ELF file is 64 bit Allocated memory for ELF segment: addr: 0x100, size 0x72fb80 Error allocating memory for elf image! ## Loading Linux kernel with entry point: 0x0010 ... Bootloader: Done loading app on coremask: 0x1 and then it just hangs there. Other info from the U-boot: Movidis x16 printenv bootdelay=0 baudrate=115200 download_baudrate=115200 bootloader_flash_update=protect off 0xbf43 0xbf47;erase 0xbf43 0xbf47;cp.b 0x10 0xbf43 0x5 flash_update=protect off 0xbec3 0xbec7;erase 0xbec3 0xbec7;cp.b 0x10 0xbec3 0x5 gatewayip=192.168.1.1 netmask=255.255.255.0 dnsip=192.168.1.1 ipaddr=192.168.1.77 serverip=192.168.1.151 bootsas=tftpboot; bootoctlinux 3100 mem=0 numcores=16 root=/dev/sda1 autostart=yes ethact=octeth0 bootfile=vmlinux.64 bootpartsize=1e0 fsloadfile=vmlinux.64.ram.1.6 bootcmd=fsload; bootoctlinux 10 numcores=16 endbootargs mtdparts=ws16-nand:30m(kernel),20m(rootfs),10m(appl) loadaddr=0x10 coremask_override=0x numcores=16 stdin=serial stdout=serial stderr=serial Environment size: 767/65532 bytes Movidis x16 base Base Address64: 0x8000, Base Address: 0x Movidis x16 namedprint List of currently allocated named bootmem blocks: Name: __tmp_load, address: 0x0010, size: 0x00f0, index: 0 Name: __tmp_reserved_linux, address: 0x0100, size: 0x0800, index: 1 So it doesn't seem to like either bsd nor bsd.rd, and it doesn't print anything after bootoctlinux. Where to go from here? Is the 0x10 boot address completely off? The load address looks correct, as in, it's the same as
Re: libcrypto: stop some ASN.1 bleeding
OK, the latest diff looks good to me.
Re: fun with smtpd, (two bugs)
Hi Jason, On Wed, May 14, 2014 at 11:16:59PM +0059, Jason McIntyre wrote: it's still missing some . also i think we can wholly simplify the auth/auth-optional line. Heh. Thought I found all, thanks for fixing the rest. -.Op Ic auth | auth-optional | auth Ar authtable | Ic auth-optional Ar authtable +.Op Ic auth | auth-optional Aq Ar authtable the man page sates that: Both auth and auth-optional accept an optional table as a parameter. When provided, credentials are looked up in this table. but reading the new smtpd.conf(5) gives the impression that authtable is mandatory. I haven't checked the code but the following passes a check with smtpd -n listen on iwn0 tls auth listen on em0 tls auth-optional so it seems to be a valid syntax. Index: usr.sbin/smtpd/smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.118 diff -u -r1.118 smtpd.conf.5 --- usr.sbin/smtpd/smtpd.conf.5 15 May 2014 19:36:45 - 1.118 +++ usr.sbin/smtpd/smtpd.conf.5 15 May 2014 20:40:52 - @@ -594,7 +594,9 @@ .Op Ic port Ar port .Op Ic tls | tls-require | tls-require verify | smtps | secure .Op Ic pki Ar pkiname -.Op Ic auth | auth-optional Aq Ar authtable +.Oo Ic auth | auth-optional +.Op Aq Ar authtable +.Oc .Op Ic tag Ar tag .Op Ic hostname Ar hostname .Op Ic hostnames Aq Ar names
Re: got me a 16-core octeon donated.
Date: Thu, 15 May 2014 22:04:16 +0200 From: Janne Johansson icepic...@gmail.com After some insight from jasper, I stripped away the randomdata section and voila: Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (RAMDISK) #0: Fri Mar 14 12:10:56 CET 2014 r...@octeon.office.jasper.la:/usr/src/sys/arch/octeon/compile/RAMDISK real mem = 4002201600 (3816MB) avail mem = 3970760704 (3786MB) warning: no entropy supplied by boot loader mainbus0 at root cpu0 at mainbus0: Unknown CPU type (0x0) rev 0.3 500 MHz, Software FP emulation cpu0: cache L1-I 32KB D 16KB 4 way, L2 128KB direct clock0 at mainbus0: int 5 iobus0 at mainbus0 octcf at iobus0 base 0x1d000800 irq 0 not configured pcibus0 at iobus0 irq 0 pci0 at pcibus0 bus 0 0:0:0: mem address conflict 0xf800/0x800 0:2:0: bridge mem address conflict 0x1000/0x10 vendor Cavium, unknown product 0x0005 (class processor subclass MIPS, rev 0x03) at pci0 dev 0 function 0 not configured Pericom PI7C21P100 PCIX-PCIX rev 0x01 at pci0 dev 2 function 0 not configured Looks like ppb(4) is missing from the kernel config.
Re: got me a 16-core octeon donated.
On Thu, May 15, 2014 at 11:03:10PM +0200, Mark Kettenis wrote: Date: Thu, 15 May 2014 22:04:16 +0200 From: Janne Johansson icepic...@gmail.com After some insight from jasper, I stripped away the randomdata section and voila: Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (RAMDISK) #0: Fri Mar 14 12:10:56 CET 2014 r...@octeon.office.jasper.la:/usr/src/sys/arch/octeon/compile/RAMDISK real mem = 4002201600 (3816MB) avail mem = 3970760704 (3786MB) warning: no entropy supplied by boot loader mainbus0 at root cpu0 at mainbus0: Unknown CPU type (0x0) rev 0.3 500 MHz, Software FP emulation cpu0: cache L1-I 32KB D 16KB 4 way, L2 128KB direct clock0 at mainbus0: int 5 iobus0 at mainbus0 octcf at iobus0 base 0x1d000800 irq 0 not configured pcibus0 at iobus0 irq 0 pci0 at pcibus0 bus 0 0:0:0: mem address conflict 0xf800/0x800 0:2:0: bridge mem address conflict 0x1000/0x10 vendor Cavium, unknown product 0x0005 (class processor subclass MIPS, rev 0x03) at pci0 dev 0 function 0 not configured Pericom PI7C21P100 PCIX-PCIX rev 0x01 at pci0 dev 2 function 0 not configured Looks like ppb(4) is missing from the kernel config. It is, I've got a diff to add it along with some devices when I get a chance to test them on my board.
proposed speedup for diff -q
Proposed enhancement to diff:
diff of two very different files can take a very long time
and a lot of memory.
diff -q uses the same algorithm even though the status is
known at the first difference.
I propose ending the comparison at the first difference if
diff is invoked with -q
diff is not invoked with -w, -i, or -b
The changes pass the regression tests and all the tests I've tried.
I believe the changes are not machine dependent.
I invite criticism and counterexamples.
Example:
$ ls -l trash.120403 trash.120711
-rw--- 1 gwes users 249686538 Apr 3 2012 trash.120403
-rw-r--r-- 1 gwes users 142356923 Jul 11 2012 trash.120711
$ time diff -q trash.120403 trash.120711
diff:
1m51.52s real 1m47.66s user 0m2.46s system
top output:
load averages: 1.02, 0.91, 0.58.oat.com 15:41:54
49 processes: 47 idle, 2 on processor
CPU0 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU1 states: 98.4% user, 0.0% nice, 1.6% system, 0.0% interrupt, 0.0% idle
Memory: Real: 403M/785M act/tot Free: 796M Cache: 312M Swap: 0K/1248M
PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND
18740 gwes 570 362M 333M onproc/1 biowait 1:05 95.61% diff
$ time work/newdiff/diff -q trash.120403 trash.120711
Files trash.120403 and trash.120711 differ
0m0.00s real 0m0.00s user 0m0.00s system
The code changes
$ diff -u diff.h work/newdiff/diff.h
--- diff.h Thu May 15 16:29:15 2014
+++ work/newdiff/diff.h Thu May 15 15:57:30 2014
@@ -64,6 +64,10 @@
#define D_PROTOTYPE0x080 /* Display C function prototype */
#define D_EXPANDTABS 0x100 /* Expand tabs to spaces */
#define D_IGNOREBLANKS 0x200 /* Ignore white space changes */
+ /* test for possible return at first difference
*/
+#define CANBRIEFRETURN(flags) (((flags) (D_FOLDBLANKS | D_IGNORECASE \
+ | D_IGNOREBLANKS \
+ )) == 0)
/*
* Status values for print_status() and diffreg() return values
$ diff -u diffreg.c work/newdiff/diffreg.c
--- diffreg.c Thu May 15 16:29:15 2014
+++ work/newdiff/diffreg.c Thu May 15 16:31:19 2014
@@ -366,6 +366,15 @@
status |= 1;
goto closem;
}
+ if ((diff_format == D_BRIEF) CANBRIEFRETURN(flags)) {
+ anychange = 1;
+ if (flags D_HEADER) {
+ diff_output(%s %s %s\n, \
+ diffargs, file1, file2);
+ flags = ~D_HEADER;
+ }
+ goto closem;
+ }
if (lflag) {
/* redirect stdout to pr */
int pfd[2];
Re: NOINET6 by default
* Todd T. Fries t...@openbsd.org [2014-05-15 06:29]:
Penned by Henning Brauer on 20140514 22:48.16, we have:
| * Reyk Flöter reyk.floe...@googlemail.com [2014-05-15 01:04]:
| On 15.05.2014, at 00:46, Henning Brauer lists-openbsdt...@bsws.de
wrote:
| * Mark Kettenis mark.kette...@xs4all.nl [2014-05-15 00:15]:
| I don't think this is a good idea; didn't we establish the other day
| that ifconfig if eui64 already did what your +inet6 does?
| almost, it's ifconfig if inet6 eui64 - but that isn't all THAT
| intuitive. I like +inet6 as the opposite of -inet6.
| We don't have + something. It is foo or -foo but not +foo. I know that
inet6 is already used for the regular addresses, but +inet6 sounds like an
inconsistent workaround for a workaround. I don't like it.
|
| just inet6 doesn't work, since that is already used to show all inet6
| addrs.
| i find +inet6 very intuitive...
|
| To enable IPv6 link-local I would rather prefer two options to put
| either inet6 eui64 (or an alias like inet6 link-local) or an actual
| inet6 address in your hostname.if. The latter should automatically
| remove the flag and enable the link-local address - does it work this
| way?
|
| as said many times, yes it does.
I ack that it is a security risk to auto address interfaces without some admin
action.
The proposed solution seems sound, 'inet6 eui64' seems sane. In theory it
should work, but I must be doing something wrong:
# ifconfig vether0 create
# ifconfig vether0 -inet6
# ifconfig vether0 inet6 eui64
ifconfig: could not determine link local address
eui64 by itself is NOT enough, this is why I have the 2 line change to
the eui64 handler in the diff for the +inet6 case. Making that
unconditional is trivial, I just don't think inet6 eui64 is very
intuitive. see, I even think about the inet6 users.
Once that works properly, I say we let the diff in and bikeshed if we
truly need to invent more syntax ('+inet6') that is unlike anything else
vs let the few of us that want this apparently obsecure case add 'inet6
eui64' and be done with it.
Aka, lets not hold up the rest of the functionality just because we
can't agree if we need a further diff to make 'inet6 eui64'
better/faster/easier/another way to skin the cat...
i couldn't agree more
IMHO, its time to polish in the tree. This is, afterall, a _security_
related diff, no?
i'd say so.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: NOINET6 by default
* Claudio Jeker cje...@diehard.n-r-g.com [2014-05-15 09:42]: On Thu, May 15, 2014 at 05:48:16AM +0200, Henning Brauer wrote: * Reyk Flöter reyk.floe...@googlemail.com [2014-05-15 01:04]: On 15.05.2014, at 00:46, Henning Brauer lists-openbsdt...@bsws.de wrote: * Mark Kettenis mark.kette...@xs4all.nl [2014-05-15 00:15]: I don't think this is a good idea; didn't we establish the other day that ifconfig if eui64 already did what your +inet6 does? almost, it's ifconfig if inet6 eui64 - but that isn't all THAT intuitive. I like +inet6 as the opposite of -inet6. We don't have + something. It is foo or -foo but not +foo. I know that inet6 is already used for the regular addresses, but +inet6 sounds like an inconsistent workaround for a workaround. I don't like it. just inet6 doesn't work, since that is already used to show all inet6 addrs. i find +inet6 very intuitive... This should just die. Did you ever do ifconfig em0 inet or ifconfig em0 inet6? I never did and I have a few interfaces with a lot of IPs on them. It is a useless gimmick of ifconfig. changing semantics of an existing interface like this is of course much more intrusive than adding a new one. if the concensus is that the current inet/inet6 to show the addreses of that af only is bollocks and we'd rather use inet6 to turn it on, that's simple to do as well. We just need to take a decision here instead of bikeshedding forever... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: NOINET6 by default
* Claudio Jeker cje...@diehard.n-r-g.com [2014-05-15 09:33]: On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote: so as discussed recently having the inet6 link-local addrs on every interface by default is stupid and a security risk. this diff fixes that. well, really two independent parts. one: set the NOINET6 flag by default on each and every interface. two: implement ifconfig if +inet6 to turn inet6 on and assign the link-local addr. this should be transparent for almost all real use cases of inet6 since assigning any inet6 address also resets the flag (and ll is assigned then as well). lo0 still gets it's ::1 and fe80::1%lo0 by default. the only use case that needs config adoption: people ONLY using link-local, they will need to put +inet6 in the corresponding hostname.if file. ok? To be honest the right fix would be to get rid of IFXF_NOINET6 and just make it the default. There is no need for such a flag anymore. very valid point, I'll happily clean that up right after - one thing at a time. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: NOINET6 by default
Penned by Henning Brauer on 20140516 0:26.37, we have: | * Claudio Jeker cje...@diehard.n-r-g.com [2014-05-15 09:33]: | On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote: | so as discussed recently having the inet6 link-local addrs on every | interface by default is stupid and a security risk. | | this diff fixes that. well, really two independent parts. | one: set the NOINET6 flag by default on each and every interface. | two: implement ifconfig if +inet6 to turn inet6 on and assign | the link-local addr. | | this should be transparent for almost all real use cases of inet6 | since assigning any inet6 address also resets the flag (and ll is | assigned then as well). | lo0 still gets it's ::1 and fe80::1%lo0 by default. | | the only use case that needs config adoption: people ONLY using | link-local, they will need to put +inet6 in the corresponding | hostname.if file. | | ok? | | To be honest the right fix would be to get rid of IFXF_NOINET6 and | just make it the default. There is no need for such a flag anymore. | | very valid point, I'll happily clean that up right after - one thing | at a time. When I travel between networks.. at home with rtsol capable networks .. and at e.g. a library that does not have native IPv6 .. I find it invaluable to 'zzz' then upon resume 'ifconfig wpi0 -inet6' for the library and then 'rtsol wpi0' at home. Just because the new default will be the equivalent of 'ifconfig wpi0 -inet6' until configured doesn't mean there isn't a use for clearing it later on as well. I wish there were an equivalent for IPv4, but at least dhclient clears the old address on 'ifconfig wpi0 down' ... Thanks, -- Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
