libtls leak in tls_connect()
As noticed by jturner, there is a leak with libtls seen when you connect to a server multiple times. By looking at the contents of coredumps I worked out that it wasn't freeing the server cert, and tracked it to tls_connect_fds(). OK? Index: tls_client.c === RCS file: /cvs/src/lib/libtls/tls_client.c,v retrieving revision 1.15 diff -u -p -u -2 -4 -r1.15 tls_client.c --- tls_client.c11 Feb 2015 07:01:10 - 1.15 +++ tls_client.c21 Mar 2015 15:03:46 - @@ -246,33 +246,34 @@ tls_connect_fds(struct tls *ctx, int fd_ connecting: if ((ret = SSL_connect(ctx-ssl_conn)) != 1) { err = tls_ssl_error(ctx, ret, connect); if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) { ctx-flags |= TLS_CONNECTING; return (err); } goto err; } ctx-flags = ~TLS_CONNECTING; if (ctx-config-verify_name) { cert = SSL_get_peer_certificate(ctx-ssl_conn); if (cert == NULL) { tls_set_error(ctx, no server certificate); goto err; } if ((ret = tls_check_servername(ctx, cert, servername)) != 0) { if (ret != -2) tls_set_error(ctx, name `%s' not present in server certificate, servername); goto err; } + X509_free(cert); } return (0); err: X509_free(cert); return (-1); }
Re: ARP mbuf queues
On 19 Mar 2015, at 11:11 pm, Martin Pieuchot m...@openbsd.org wrote: When a host want to send packets to a destination whose Ethernet address that has not been resolved yet, it puts such packet on a mbuf queue. Right now this queue, linked to the corresponding ARP data structure, is hand rolled. I wrote the diff below during s2k15 to make use of the mq_enqueue(9) API instead. I verified that the queue is correctly dropped when an infinite recursion in in_arpinput() is triggered. Comments, Ok? the global count is annoying to read, but i get it. why mbuf_queues instead of mbuf_lists? just to get the drop on mq_enqueue? Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.148 diff -u -p -r1.148 if_ether.c --- netinet/if_ether.c14 Mar 2015 17:13:44 - 1.148 +++ netinet/if_ether.c19 Mar 2015 13:04:28 - @@ -69,7 +69,6 @@ #endif #define SDL(s) ((struct sockaddr_dl *)s) -#define SRP(s) ((struct sockaddr_inarp *)s) /* * ARP trailer negotiation. Trailer protocol is not IP specific, @@ -77,6 +76,15 @@ */ #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL +struct llinfo_arp { + LIST_ENTRY(llinfo_arp) la_list; + struct rtentry *la_rt; /* backpointer to rtentry */ + long la_asked; /* last time we QUERIED */ + struct mbuf_queuela_mq; /* packet hold queue */ +}; +#define LA_HOLD_QUEUE 10 +#define LA_HOLD_TOTAL 100 + /* timer values */ int arpt_prune = (5*60*1); /* walk list every 5 minutes */ int arpt_keep = (20*60);/* once resolved, good for 20 more minutes */ @@ -220,6 +228,7 @@ arp_rtrequest(int req, struct rtentry *r * add with a LL address. */ la = pool_get(arp_pool, PR_NOWAIT | PR_ZERO); + mq_init(la-la_mq, LA_HOLD_QUEUE, IPL_NONE); rt-rt_llinfo = (caddr_t)la; if (la == NULL) { log(LOG_DEBUG, %s: malloc failed\n, __func__); @@ -282,8 +291,7 @@ arp_rtrequest(int req, struct rtentry *r LIST_REMOVE(la, la_list); rt-rt_llinfo = 0; rt-rt_flags = ~RTF_LLINFO; - while ((m = la-la_hold_head) != NULL) { - la-la_hold_head = la-la_hold_head-m_nextpkt; + while ((m = mq_dequeue(la-la_mq)) != NULL) { la_hold_total--; m_freem(m); } @@ -425,32 +433,14 @@ arpresolve(struct arpcom *ac, struct rte * response yet. Insert mbuf in hold queue if below limit * if above the limit free the queue without queuing the new packet. */ - if (la_hold_total MAX_HOLD_TOTAL la_hold_total nmbclust / 64) { - if (la-la_hold_count = MAX_HOLD_QUEUE) { - mh = la-la_hold_head; - la-la_hold_head = la-la_hold_head-m_nextpkt; - if (mh == la-la_hold_tail) - la-la_hold_tail = NULL; - la-la_hold_count--; - la_hold_total--; - m_freem(mh); - } - if (la-la_hold_tail == NULL) - la-la_hold_head = m; - else - la-la_hold_tail-m_nextpkt = m; - la-la_hold_tail = m; - la-la_hold_count++; - la_hold_total++; + if (la_hold_total LA_HOLD_TOTAL la_hold_total nmbclust / 64) { + if (mq_enqueue(la-la_mq, m) == 0) + la_hold_total++; } else { - while ((mh = la-la_hold_head) != NULL) { - la-la_hold_head = - la-la_hold_head-m_nextpkt; + while ((mh = mq_dequeue(la-la_mq)) != NULL) { la_hold_total--; m_freem(mh); } - la-la_hold_tail = NULL; - la-la_hold_count = 0; m_freem(m); } @@ -483,14 +473,10 @@ arpresolve(struct arpcom *ac, struct rte rt-rt_flags |= RTF_REJECT; rt-rt_expire += arpt_down; la-la_asked = 0; - while ((mh = la-la_hold_head) != NULL) { - la-la_hold_head = - la-la_hold_head-m_nextpkt; + while ((mh = mq_dequeue(la-la_mq)) != NULL) { la_hold_total--; m_freem(mh); } - la-la_hold_tail = NULL; - la-la_hold_count = 0; } } } @@ -570,13 +556,14 @@ in_arpinput(struct mbuf
Re: ARP mbuf queues
On 21/03/15(Sat) 17:48, David Gwynne wrote: On 19 Mar 2015, at 11:11 pm, Martin Pieuchot m...@openbsd.org wrote: When a host want to send packets to a destination whose Ethernet address that has not been resolved yet, it puts such packet on a mbuf queue. Right now this queue, linked to the corresponding ARP data structure, is hand rolled. I wrote the diff below during s2k15 to make use of the mq_enqueue(9) API instead. I verified that the queue is correctly dropped when an infinite recursion in in_arpinput() is triggered. Comments, Ok? the global count is annoying to read, but i get it. why mbuf_queues instead of mbuf_lists? just to get the drop on mq_enqueue? Yep... That might be overkill since we do not really use the mutex. Do you prefer the version below using a mbuf_list? As a bonus this diff only call ml_init() if the pool allocation succeed. Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.148 diff -u -p -r1.148 if_ether.c --- netinet/if_ether.c 14 Mar 2015 17:13:44 - 1.148 +++ netinet/if_ether.c 21 Mar 2015 13:59:55 - @@ -69,7 +69,6 @@ #endif #define SDL(s) ((struct sockaddr_dl *)s) -#define SRP(s) ((struct sockaddr_inarp *)s) /* * ARP trailer negotiation. Trailer protocol is not IP specific, @@ -77,6 +76,15 @@ */ #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL +struct llinfo_arp { + LIST_ENTRY(llinfo_arp) la_list; + struct rtentry *la_rt; /* backpointer to rtentry */ + long la_asked; /* last time we QUERIED */ + struct mbuf_list la_ml; /* packet hold queue */ +}; +#define LA_HOLD_QUEUE 10 +#define LA_HOLD_TOTAL 100 + /* timer values */ intarpt_prune = (5*60*1); /* walk list every 5 minutes */ intarpt_keep = (20*60);/* once resolved, good for 20 more minutes */ @@ -227,6 +235,7 @@ arp_rtrequest(int req, struct rtentry *r } arp_inuse++; arp_allocated++; + ml_init(la-la_ml); la-la_rt = rt; rt-rt_flags |= RTF_LLINFO; LIST_INSERT_HEAD(llinfo_arp, la, la_list); @@ -282,8 +291,7 @@ arp_rtrequest(int req, struct rtentry *r LIST_REMOVE(la, la_list); rt-rt_llinfo = 0; rt-rt_flags = ~RTF_LLINFO; - while ((m = la-la_hold_head) != NULL) { - la-la_hold_head = la-la_hold_head-m_nextpkt; + while ((m = ml_dequeue(la-la_ml)) != NULL) { la_hold_total--; m_freem(m); } @@ -425,32 +433,19 @@ arpresolve(struct arpcom *ac, struct rte * response yet. Insert mbuf in hold queue if below limit * if above the limit free the queue without queuing the new packet. */ - if (la_hold_total MAX_HOLD_TOTAL la_hold_total nmbclust / 64) { - if (la-la_hold_count = MAX_HOLD_QUEUE) { - mh = la-la_hold_head; - la-la_hold_head = la-la_hold_head-m_nextpkt; - if (mh == la-la_hold_tail) - la-la_hold_tail = NULL; - la-la_hold_count--; + if (la_hold_total LA_HOLD_TOTAL la_hold_total nmbclust / 64) { + if (ml_len(la-la_ml) = LA_HOLD_QUEUE) { + mh = ml_dequeue(la-la_ml); la_hold_total--; m_freem(mh); } - if (la-la_hold_tail == NULL) - la-la_hold_head = m; - else - la-la_hold_tail-m_nextpkt = m; - la-la_hold_tail = m; - la-la_hold_count++; + ml_enqueue(la-la_ml, m); la_hold_total++; } else { - while ((mh = la-la_hold_head) != NULL) { - la-la_hold_head = - la-la_hold_head-m_nextpkt; + while ((mh = ml_dequeue(la-la_ml)) != NULL) { la_hold_total--; m_freem(mh); } - la-la_hold_tail = NULL; - la-la_hold_count = 0; m_freem(m); } @@ -483,14 +478,10 @@ arpresolve(struct arpcom *ac, struct rte rt-rt_flags |= RTF_REJECT; rt-rt_expire += arpt_down; la-la_asked = 0; - while ((mh = la-la_hold_head) != NULL) { - la-la_hold_head = - la-la_hold_head-m_nextpkt; + while ((mh = ml_dequeue(la-la_ml)) != NULL) { la_hold_total--;
Re: mpe(4) broken on -current
On Thu, Mar 19, 2015 at 11:50 PM, Rafael Zalamena rzalam...@gmail.com wrote: On Thu, Mar 19, 2015 at 8:32 AM, Martin Pieuchot m...@openbsd.org wrote: On 18/03/15(Wed) 22:58, Rafael Zalamena wrote: mpe(4) is not installing routes / label in the interface in -current. Snippet: # ifconfig mpe0 mplslabel 100 ifconfig: SIOCSETLABEL: Network is unreachable Quickly looking at the code I found out that since the old MPLS route installer function (mpe_newlabel) doesn't include an ifa pointer later on rt_getifa() will fail and return ENETUNREACH. Trace: mpe_newlabel - rtrequest1 - switch (RTM_ADD) - rt_getifa I tried moving it to rt_ifa_add() using my old VPLS datapath diffs, but there are some other problems like panic()s or NULL MPLS routes installed for mpeX that might be happening because of my poor understanding of the new network stack design (no more ifp-if_lladdr). So mpe(4) was also abusing if_lladdr? (this commit: https://github.com/rzalamena/vpls-src/commit/675216b75b665f42b06bd2b0b18cbd0deab84f57) This is good. You can initialize sc_ifa in mpe_clone_create(), look at how enc(4) does it. --- SNIPPED OLD CHAT --- Thanks, I'll send a diff sometime soon if you don't do it first. Here is a diff to fix the mpe(4) route installation that wasn't working. Code changes: * Add sc_ifa field and change sc_shim to sc_smpls (struct shim_hdr - struct sockaddr_smpls) in mpe_softc; sc_ifa will be used by rt_ifa_* functions to install routes and sc_smpls was changed to simplify route install. * Removed old mpe_newlabel() function and replaced it with rt_ifa_*() calls; * Introduced code to deal with MPLS routes in rt_ifa_add() and rt_ifa_del(); rt_ifa_add() and rt_ifa_del() should work on rdomain 0 when dealing with MPLS. Index: sys/net/if_mpe.c === RCS file: /cvs/src/sys/net/if_mpe.c,v retrieving revision 1.41 diff -u -p -r1.41 if_mpe.c --- sys/net/if_mpe.c22 Dec 2014 11:05:53 - 1.41 +++ sys/net/if_mpe.c21 Mar 2015 19:00:13 - @@ -57,7 +57,6 @@ int mpeioctl(struct ifnet *, u_long, cad void mpestart(struct ifnet *); intmpe_clone_create(struct if_clone *, int); intmpe_clone_destroy(struct ifnet *); -intmpe_newlabel(struct ifnet *, int, struct shim_hdr *); LIST_HEAD(, mpe_softc) mpeif_list; struct if_clonempe_cloner = @@ -85,7 +84,6 @@ mpe_clone_create(struct if_clone *ifc, i M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); - mpeif-sc_shim.shim_label = 0; mpeif-sc_unit = unit; ifp = mpeif-sc_if; snprintf(ifp-if_xname, sizeof ifp-if_xname, mpe%d, unit); @@ -105,6 +103,12 @@ mpe_clone_create(struct if_clone *ifc, i bpfattach(ifp-if_bpf, ifp, DLT_LOOP, sizeof(u_int32_t)); #endif + mpeif-sc_ifa.ifa_ifp = ifp; + mpeif-sc_ifa.ifa_rtrequest = link_rtrequest; + mpeif-sc_ifa.ifa_addr = (struct sockaddr *) ifp-if_sadl; + mpeif-sc_smpls.smpls_len = sizeof(mpeif-sc_smpls); + mpeif-sc_smpls.smpls_family = AF_MPLS; + LIST_INSERT_HEAD(mpeif_list, mpeif, sc_list); return (0); @@ -114,9 +118,17 @@ int mpe_clone_destroy(struct ifnet *ifp) { struct mpe_softc*mpeif = ifp-if_softc; + int s; LIST_REMOVE(mpeif, sc_list); + if (mpeif-sc_smpls.smpls_label) { + s = splsoftnet(); + rt_ifa_del(mpeif-sc_ifa, RTF_MPLS | RTF_UP, + smplstosa(mpeif-sc_smpls)); + splx(s); + } + if_detach(ifp); free(mpeif, M_DEVBUF, 0); return (0); @@ -292,7 +304,7 @@ mpeioctl(struct ifnet *ifp, u_long cmd, case SIOCGETLABEL: ifm = ifp-if_softc; shim.shim_label = - ((ntohl(ifm-sc_shim.shim_label MPLS_LABEL_MASK)) + ((ntohl(ifm-sc_smpls.smpls_label MPLS_LABEL_MASK)) MPLS_LABEL_OFFSET); error = copyout(shim, ifr-ifr_data, sizeof(shim)); break; @@ -306,11 +318,11 @@ mpeioctl(struct ifnet *ifp, u_long cmd, break; } shim.shim_label = htonl(shim.shim_label MPLS_LABEL_OFFSET); - if (ifm-sc_shim.shim_label == shim.shim_label) + if (ifm-sc_smpls.smpls_label == shim.shim_label) break; LIST_FOREACH(ifm, mpeif_list, sc_list) { if (ifm != ifp-if_softc - ifm-sc_shim.shim_label == shim.shim_label) { + ifm-sc_smpls.smpls_label == shim.shim_label) { error = EEXIST; break; } @@ -319,25 +331,29 @@ mpeioctl(struct ifnet *ifp, u_long cmd, break; ifm = ifp-if_softc; s = splsoftnet(); -
Re: telnet not sending return
Hi tech@, The following patch [1] resolves my issue with telnet - by allowing me to login into a Cisco CP-7940G IP Phone - and slightly improves the telnet issue with regards to 'send dont echo' [2]. There is still an issue that if you set 'dont echo' all characters appear twice on the terminal, this existed prior to Brabec's bug report and with the fix to [2], as shown: Cisco7960 telnet send dont echo sshhooww Thanks Fred [2] http://marc.info/?l=openbsd-bugsm=142168911530356w=2 [2] Index: sys_bsd.c === RCS file: /cvs/src/usr.bin/telnet/sys_bsd.c,v retrieving revision 1.29 diff -u -p -u -r1.29 sys_bsd.c --- sys_bsd.c 12 Feb 2015 09:50:50 - 1.29 +++ sys_bsd.c 21 Mar 2015 23:28:23 - @@ -283,6 +283,7 @@ TerminalNewMode(int f) } else { tmp_tc.c_lflag = ~ECHO; tmp_tc.c_oflag = ~ONLCR; + tmp_tc.c_iflag = ~ICRNL; } if ((fMODE_FLOW) == 0) {
ntpd:support adjusting initial time = y2k36 on 32-bit time_t platforms
This came up in the OpenNTPD issue tracker: https://github.com/openntpd-portable/openntpd-openbsd/pull/4 The issue is an overflow when calculating time offsets with a 32-bit time_t in early 2036. The main reason to fix it in now, in 2015, is that OpenNTPD fails to adjust time if such a system simply has a bad initial time value. I could maintain this as a local patch on the portable tree, but it felt like this one should be upstream rather than hidden away in a patch file. Suggestions on better wording or oks? Maybe 'sorry in advance for prolonging the Android uprising an additional 2 years'. Index: client.c === RCS file: /cvs/src/usr.sbin/ntpd/client.c,v retrieving revision 1.100 diff -u -p -u -p -r1.100 client.c --- client.c12 Feb 2015 01:54:57 - 1.100 +++ client.c22 Mar 2015 03:21:08 - @@ -258,7 +258,11 @@ client_dispatch(struct ntp_peer *p, u_in if (cmsg-cmsg_level == SOL_SOCKET cmsg-cmsg_type == SCM_TIMESTAMP) { memcpy(tv, CMSG_DATA(cmsg), sizeof(tv)); - T4 += tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec; + /* +* Account for overflow that occurs on OSes that still +* have a 32-bit time_t. +*/ + T4 += (uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec; break; } } Index: util.c === RCS file: /cvs/src/usr.sbin/ntpd/util.c,v retrieving revision 1.18 diff -u -p -u -p -r1.18 util.c --- util.c 10 Feb 2015 11:46:39 - 1.18 +++ util.c 22 Mar 2015 03:21:08 - @@ -45,13 +45,21 @@ gettime(void) if (gettimeofday(tv, NULL) == -1) fatal(gettimeofday); - return (tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec); + /* +* Account for overflow that occurs on OSes that still +* have a 32-bit time_t. +*/ + return ((uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec); } double gettime_from_timeval(struct timeval *tv) { - return (tv-tv_sec + JAN_1970 + 1.0e-6 * tv-tv_usec); + /* +* Account for overflow that occurs on OSes that still +* have a 32-bit time_t. +*/ + return ((uint64_t)tv-tv_sec + JAN_1970 + 1.0e-6 * tv-tv_usec); } time_t
the libressl wikipedia article is awful.
Someone who wikipedias should fix it. It runs on a lot more than OpenBSD and FreeBSD.
Re: the libressl wikipedia article is awful.
Good morning Bob, I did a quick fix OpenBSD, FreeBSD[2] and many others Where I can get list of supported operating systems, please? I will add them. I can also add list of removed operating systems in the text, if someone will see it valuable there. In general - I can go through the article and the check the accuracy. I’m not sure, if will be able to check all details. Which our documents can be used as my inputs? Thank you, Jiri -- Jiri Navratil, http://kouc.navratil.cz, +420 222 767 131 22. 3. 2015 v 2:51, Bob Beck b...@obtuse.com: Someone who wikipedias should fix it. It runs on a lot more than OpenBSD and FreeBSD.