zmore diff
This diff makes zmore and zless recognise options starting with + so that commands like "zless +G foo.gz" work. It makes sense to do this for zmore, too, because the less implementation of more also supports + options. cvs server: Diffing compress Index: compress/zmore === RCS file: /cvs/src/usr.bin/compress/zmore,v retrieving revision 1.7 diff -u -r1.7 zmore --- compress/zmore 7 May 2014 21:42:50 - 1.7 +++ compress/zmore 9 Apr 2015 06:36:46 - @@ -29,7 +29,7 @@ shift break ;; - -*) + -*|+*) flags="$flags $1" shift ;;
Re: libressl-2.1.6 on AIX
Thanks Michael, I have incorporated some initial AIX patches - can you please check out the latest tree? https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03 There are a few changes from your original patch set, but this should make it easier to move forward now that they are in-tree. You can just patch on top of that rather than sending the whole thing. I undid some of the formatting changes for the getentropy file so it matched the other files - the style is intentional between the files so its easy to diff between them to spot changes. The perfstat stuff moves into the inner loop like the other files as well. I added the network counters (we have network counters on OS X too), but also added wpar cpu stats. The issetugid currently short circuits to always return '1' because I think it still needs some work, as we discussed earlier. If we can't find a way to make it work, a failsafe version isn't really a bad thing for most uses. Also, I didn't add the configure.ac line that set CFLAGS to empty string that was in the original patch. The current master branch has switched to letting autoconf initialize the CFLAGS directly. This worked fine with gcc when I tried it, but I'd be interested in seeing how it works with other AIX compilers. One slightly annoying thing I found was the system library loader would find other versions of libcrypto.a / libssl.a under LIBPATH and try to load those when running binaries in-tree rather than the build versions. I don't know if that was just a misconfiguration with my system. - Brent > On Apr 8, 2015, at 9:19 PM, Michael Felt wrote: > > I applied the patch I had sent in before, made one change (correction) - > correcting a typo that brent had pointed out (netinfo that needs to be > "diskinfo") in the getentrophy_aix.c > > If you need the patch again, I can send it again. I am curious about whether > this is moving forward - and if there is anything extra I can do to assist. > > > Testsuite summary for libressl 2.1.6 > > # TOTAL: 47 > # PASS: 47 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > > > regards, > Michael
libressl-2.1.6 on AIX
I applied the patch I had sent in before, made one change (correction) - correcting a typo that brent had pointed out (netinfo that needs to be "diskinfo") in the getentrophy_aix.c If you need the patch again, I can send it again. I am curious about whether this is moving forward - and if there is anything extra I can do to assist. Testsuite summary for libressl 2.1.6 # TOTAL: 47 # PASS: 47 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 regards, Michael
Re: autoinstall(8) tweaks
> Our autolabel sizes seem mostly based around desktop-type machines (though > /usr/local is a bit too small these days, /usr/X11R6 acceptable but seems > stingy, and there are probably equal numbers of those who would quite > like to have /usr/ports and those who really wouldn't want to waste the > space). > I do not agree with those assessments. > And I think that is who we optimised for. People who don't know what they > want can hit enter, people who do go through disklabel(8). In that case, what's the fuss? > That doesn't carry across to "everyone hits enter" for autoinstall. autoinstall is a definately a lower-class citizen in this regard. The proposed hacks to support fdisk/disklabel this are deeply invasive and will harm maintainablity of the install scripts. I believe maintainability for the generic case is more useful, and I continue to believe that the usage cases these hacks are written by scrimpers. > for many of the sorts of machine where autoinstall would be useful, the > current /usr/local size is reasonable, /home is way too big, and 4GB max > in alloc_big[] for /var on a "server" just seems dangerous. Well then you and others should be proposing step-by-step tweaks and improvements to the heuristics, rather than asking for incredibly complex direct configuration, or more buttons which people won't select because the effects are not easily described. (I will continue my mission against complex semantics which are described in some corner of some monster FAQ...) > So what else could we do? Separate "server"/"client" tables? Even just > swapping the standard sizes of /home and /var for an autoinstall would make > it a lot more useful. I disagree on all those points.
Re: autoinstall(8) tweaks
Our autolabel sizes seem mostly based around desktop-type machines (though /usr/local is a bit too small these days, /usr/X11R6 acceptable but seems stingy, and there are probably equal numbers of those who would quite like to have /usr/ports and those who really wouldn't want to waste the space). And I think that is who we optimised for. People who don't know what they want can hit enter, people who do go through disklabel(8). That doesn't carry across to "everyone hits enter" for autoinstall. For many of the sorts of machine where autoinstall would be useful, the current /usr/local size is reasonable, /home is way too big, and 4GB max in alloc_big[] for /var on a "server" just seems dangerous. So what else could we do? Separate "server"/"client" tables? Even just swapping the standard sizes of /home and /var for an autoinstall would make it a lot more useful.
Re: autoinstall(8) tweaks
> On 2015/04/09 01:53, Alexander Hall wrote: > > On April 8, 2015 9:13:27 AM GMT+02:00, Stuart Henderson > > wrote: > > >On 2015/04/07 20:02, Alex Wilson wrote: > > >> On the topic of local tweaks to autoinstall, I was trying to use it > > >for a > > >> bunch of blades with very limited disk the other day, and I really > > >wanted to > > >> make them just create a single slice for / and some swap. > > >.. > > >> So that then I could put > > >> > > >> Use (W)hole disk, use the = W > > >> Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = C > > >> disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n > > >> > > >> in my install.conf > > > > > >I think this diff has been written a few times now, iirc everybody > > >settled on the same method.. > > > > We strive to make install.conf readable, and not contain semi-binary > > data. Also, the question asked should be specific enough to allow for > > more than one disk (unless we only do the disklabel for the primary > > disk?). > > > > I haven't put a great effort into it, but I'd rather present a > > possibility to suck in a disklabel from a separate file and allow the > > user to point out said file. IIRC, krw@ made some changes that improved > > that possibility. > > > > /Alexander > > Are people really wanting to change fsize, bsize and work out offsets > here? I'd have thought they want to say things like "I want 2G /, 2G > /home, 8G /var, 4G /usr, 20G /usr/local, and split the rest of the disk > between /var/www and /data", or "this is all great except this humongous > /home, change it to 4G and put the rest in /mail". I think this entire conversation is ridiculous, right from the start. If you have very small disk, disklabel will give you one partition. No problem. DONE. If you have ample disk, it will try to give you more partitions, because the split partition scheme is MORE SECURE. It will stepwise increase the number of partitions in use, using a heuristic that a lot of development effort went into. Why all that effort? Because opportunisticallysplitting the partitions up like that brings significant security benefits in the worst case misbehaviour cases for badly written daemon software. So the OP wants to purposely turn off the split partitition scheme? That is ridiculous. Your usage case is obviously proprietary to your situation, and is not a general usage case. Like Alexander, I do believe the install script should become more complicated to handle such an obscure bad usage case, and in fact it probably should not handle it at all. And sorry, if the autoinstaller does not handle every single type of configuration change? Well that was known as a problem from the start, yet these are for things which 99.9% of people don't need to change. Oh come on, cut the BS, how big is the disk in this case, 270K or something? I am sorry, but these days such configurations are simply narrow minded. Frankly, I think the OP should be left to his own devices.
Re: autoinstall(8) tweaks
On 2015/04/09 01:53, Alexander Hall wrote: > On April 8, 2015 9:13:27 AM GMT+02:00, Stuart Henderson > wrote: > >On 2015/04/07 20:02, Alex Wilson wrote: > >> On the topic of local tweaks to autoinstall, I was trying to use it > >for a > >> bunch of blades with very limited disk the other day, and I really > >wanted to > >> make them just create a single slice for / and some swap. > >.. > >> So that then I could put > >> > >> Use (W)hole disk, use the = W > >> Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = C > >> disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n > >> > >> in my install.conf > > > >I think this diff has been written a few times now, iirc everybody > >settled on the same method.. > > We strive to make install.conf readable, and not contain semi-binary > data. Also, the question asked should be specific enough to allow for > more than one disk (unless we only do the disklabel for the primary > disk?). > > I haven't put a great effort into it, but I'd rather present a > possibility to suck in a disklabel from a separate file and allow the > user to point out said file. IIRC, krw@ made some changes that improved > that possibility. > > /Alexander Are people really wanting to change fsize, bsize and work out offsets here? I'd have thought they want to say things like "I want 2G /, 2G /home, 8G /var, 4G /usr, 20G /usr/local, and split the rest of the disk between /var/www and /data", or "this is all great except this humongous /home, change it to 4G and put the rest in /mail". If I'm not mistaken disklabel only looks at the first letter, so it could be a bit more self-documenting, disklabel = Default\nadd b\n\n4g\n\nadd a\n\n\n\n/\nprint\nquit\n or neatened (to some eyes) with an s_;_\n_g disklabel = Default;add b;;4g;;add a/;print;quit; For the rest of the autoinstall file, while the questions and answers are readable, they aren't documented, so basing it on a manual installer run seems the only way to get started (it could even be automated from a serial port capture), the disklabel -E "language" seems a reasonable fit with this doesn't it?
fix for re(4) with 7k jumbos
hello,
below is a diff to fix a regression on re chips which have
7k jumbo support (RL_JUMBO_MTU_7K) as reported by daniel jakots
and emilio perea. the regression was caused because RL_JUMBO_FRAMELEN
was changed to 9k and i missed fixing up the RL_JUMBO_MTU_7K macro.
Index: rtl81x9reg.h
===
RCS file: /cvs/src/sys/dev/ic/rtl81x9reg.h,v
retrieving revision 1.93
diff -u -p -u -r1.93 rtl81x9reg.h
--- rtl81x9reg.h20 Mar 2015 12:04:09 - 1.93
+++ rtl81x9reg.h8 Apr 2015 09:52:10 -
@@ -751,7 +751,7 @@ struct rl_stats {
#define RL_JUMBO_MTU_6K\
((6 * 1024) - ETHER_HDR_LEN - ETHER_CRC_LEN - ETHER_VLAN_ENCAP_LEN)
#define RL_JUMBO_MTU_7K\
- (RL_JUMBO_FRAMELEN - ETHER_HDR_LEN - ETHER_CRC_LEN -
ETHER_VLAN_ENCAP_LEN)
+ ((7 * 1024) - ETHER_HDR_LEN - ETHER_CRC_LEN - ETHER_VLAN_ENCAP_LEN)
#define RL_JUMBO_MTU_9K\
((9 * 1024) - ETHER_HDR_LEN - ETHER_CRC_LEN - ETHER_VLAN_ENCAP_LEN)
#define RL_MTU ETHERMTU
Re: autoinstall(8) tweaks
On April 8, 2015 9:13:27 AM GMT+02:00, Stuart Henderson wrote: >On 2015/04/07 20:02, Alex Wilson wrote: >> On the topic of local tweaks to autoinstall, I was trying to use it >for a >> bunch of blades with very limited disk the other day, and I really >wanted to >> make them just create a single slice for / and some swap. >.. >> So that then I could put >> >> Use (W)hole disk, use the = W >> Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = C >> disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n >> >> in my install.conf > >I think this diff has been written a few times now, iirc everybody >settled on the same method.. We strive to make install.conf readable, and not contain semi-binary data. Also, the question asked should be specific enough to allow for more than one disk (unless we only do the disklabel for the primary disk?). I haven't put a great effort into it, but I'd rather present a possibility to suck in a disklabel from a separate file and allow the user to point out said file. IIRC, krw@ made some changes that improved that possibility. /Alexander
Re: print 802.11h chan switch announcements
On Wed, Apr 08, 2015 at 01:01:51PM +0100, Stuart Henderson wrote:
> This teaches tcpdump to print the channel switch announcements used
> for DFS and Ruckus ChannelFly, described in 7.3.2.20 in 802.11h-2003.
> I think the "noTX" is used for radar-detected DFS where you want
> everybody to shut up quickly, I don't have a good way to trigger
> that ;)
>
> I considered hiding output behind -v, but I think it's important enough
> to display by default (it isn't present in every beacon, only in the ones
> immediately preceding a channel switch, so doesn't add spam to the normal
> case).
>
> Sample output below the diff.
>
> Any comments/OKs? Thanks.
OK with me.
> Index: sys/net80211/ieee80211.h
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211.h,v
> retrieving revision 1.50
> diff -u -p -r1.50 ieee80211.h
> --- sys/net80211/ieee80211.h 17 Jan 2013 02:51:56 - 1.50
> +++ sys/net80211/ieee80211.h 8 Apr 2015 11:48:11 -
> @@ -327,6 +327,7 @@ enum {
> IEEE80211_ELEMID_EDCAPARMS = 12,
> IEEE80211_ELEMID_CHALLENGE = 16,
> /* 17-31 reserved for challenge text extension */
> + IEEE80211_ELEMID_CSA= 37, /* 11h */
> IEEE80211_ELEMID_ERP= 42,
> IEEE80211_ELEMID_HTCAPS = 45, /* 11n */
> IEEE80211_ELEMID_QOS_CAP= 46,
> Index: usr.sbin/tcpdump/print-802_11.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdump/print-802_11.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 print-802_11.c
> --- usr.sbin/tcpdump/print-802_11.c 16 Jan 2015 06:40:21 - 1.16
> +++ usr.sbin/tcpdump/print-802_11.c 8 Apr 2015 11:48:11 -
> @@ -323,6 +323,10 @@ ieee80211_elements(struct ieee80211_fram
> if (vflag)
> ieee80211_print_element(data, len);
> break;
> + case IEEE80211_ELEMID_CSA:
> + printf(", csa (chan %u count %u%s)", data[1], data[2],
> + (data[0] == 1) ? " noTX" : "");
> + break;
> case IEEE80211_ELEMID_ERP:
> printf(", erp");
> if (vflag)
>
> 12:24:47.546150 802.11: beacon, ssid (Y2), rates, ds, tim, erp, xrates,
> vendor, 45:26, 61:22, 127:4, vendor, rsn, -62dBm, noise -91dBm>
> 12:24:49.899297 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 6), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -59dBm, noise -91dBm>
> 12:24:50.001676 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 5), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -54dBm, noise -91dBm>
> 12:24:50.104076 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 4), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -63dBm, noise -83dBm>
> 12:24:50.206478 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 3), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -62dBm, noise -83dBm>
> 12:24:50.308877 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 2), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -62dBm, noise -91dBm>
> 12:24:50.411272 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
> 1), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn, 11, 11g, sig -64dBm, noise -91dBm>
Re: prevent busy loop in rnd.c
> Your diff looks correct, though I don't think the explicit casts > are needed since the prototypes are in scope. Perhaps it quiets a > warning with some compiler flags? The casts are not strictly necessary and you are correct about the warnings; both gcc (I believe since version 4.3 with the -Wconversion flag) and clang (with -Wshorten64-to-32 or -Wconversion) warn about implicit integer truncation. Apart from silencing compiler warnings, I think that having explicit casts in the souce code helps the casual reader to understand the code, as it shows, that truncation is in fact desired. That said, feel free to drop the casts from the diff if you prefer so. > There's a scary number of instances of min(foo, uio->uio_resid) in > the kernel that should probably be fixed as well. Indeed! We have already been fixing a sizeable number of such constructs for Bitrig. As my time permits, I will continue sending diffs of this nature to this mailing list for changes I deem relevant. > > - todd cheers, natano
Re: add m_defrag to pcn driver
On Wednesday 08 April 2015 09:48:14, David Gwynne wrote: > >> +continue; > >> +} > > > > > > > > Other drivers don't dequeue mbufs in out of mem situations. I > > think you should just set IFF_OACTIVE and break out of the for > > loop (not shown in the diff). The old code just does the break, > > but I think setting IFF_OACTIVE would be correct here. > > OACTIVE means the tx ring is full. it (generally) gets cleared by a > driver when the tx ring is emptied. > > if the tx ring is empty but we set it when the system runs out of > resources (ie, memory shortages, dma mappings, iommu slot > exhaustion, solar flares, etc), then there's no event to clear > OACTIVE with. if we cant map the mbuf we should drop it and move > on. Sounds reasonable but many drivers (e.g. em, ix, bge) don't do that but set OACTIVE in this case. Is there a reason for that? From a casual glance at the source it is not clear to me that they have some other way to recover. Some have a watchdog that will reset the device after some time.
Re: pfi_kif leaks for PBR rules
On Sun, Apr 05, 2015 at 12:06 +0200, Alexandr Nedvedicky wrote:
> Hello,
>
> while testing PBR on Solaris we found out the pfi_kif instances
> are not removed from pfi_ifs table. We took a look at crashdump
> and have seen pfik_route counter at those object is still
> non-zero, while all rules were gone.
>
> looking at sources we can see the 'pfik_route' (PFI_KIF_REF_ROUTE)
> reference is being grabbed in pfr_create_kentry():
>
> 840 case PFRKE_ROUTE:
> 841 if (ad->pfra_ifname[0])
> 842 ke->pfrke_rkif = pfi_kif_get(ad->pfra_ifname);
> 843 if (ke->pfrke_rkif)
> 844 pfi_kif_ref(ke->pfrke_rkif, PFI_KIF_REF_ROUTE);
> 845 break;
> 846 default:
> 847 panic("unknown pfrke_type %d", ke->pfrke_type);
> 848 break;
>
> however we have not found any matching pfi_kif_ref() command, which
> would remove the reference created by pfr_create_kentry(). It seems
> to us the call to
>
> pfi_kif_unref(ke->pfrke_rkif, PFI_KIF_REF_ROUTE)
>
> is missing at pfr_destroy_kentry(). We created patch against OpenBSD CURRENT.
> We have no OpenBSD boxes around, where we could verify our fix.
>
> also for your info: IPF in Solaris is on its death row. PF in 11.3
> release will be available as optional firewall. We hope to make PF
> default (and only firewall) in Solaris 12. You've made excellent job,
> your PF is crystal-clear design.
>
> kind regards
> sasha
>
> --- cut here to get a patch ---
>
> Index: pf_table.c
> ===
> RCS file: /cvs/src/sys/net/pf_table.c,v
> retrieving revision 1.106
> diff -u -r1.106 pf_table.c
> --- pf_table.c 14 Mar 2015 03:38:51 - 1.106
> +++ pf_table.c 5 Apr 2015 09:59:58 -
> @@ -877,6 +877,17 @@
> {
> if (ke->pfrke_counters)
> pool_put(&pfr_kcounters_pl, ke->pfrke_counters);
> +
> + switch (ke->pfrke_type) {
> + case PFRKE_COST:
> + /* FALLTHROUGH */
> + case PFRKE_ROUTE:
> + if (ke->pfrke_rkif != NULL) {
> + pfi_kif_unref(ke->pfrke_rkif, PFI_KIF_REF_ROUTE);
> + }
> + break;
> + default:
> + }
> pool_put(&pfr_kentry_pl[ke->pfrke_type], ke);
> }
>
>
Hi,
Your analysis is correct. I'd drop the switch statement here for
simplicity though.
Anyone's willing to OK?
diff --git sys/net/pf_table.c sys/net/pf_table.c
index 10e6e4f..6c32c68 100644
--- sys/net/pf_table.c
+++ sys/net/pf_table.c
@@ -875,10 +875,13 @@ pfr_destroy_kentries(struct pfr_kentryworkq *workq)
void
pfr_destroy_kentry(struct pfr_kentry *ke)
{
if (ke->pfrke_counters)
pool_put(&pfr_kcounters_pl, ke->pfrke_counters);
+ if (ke->pfrke_type == PFRKE_COST || ke->pfrke_type == PFRKE_ROUTE)
+ pfi_kif_unref(((struct pfr_kentry_all *)ke)->pfrke_rkif,
+ PFI_KIF_REF_ROUTE);
pool_put(&pfr_kentry_pl[ke->pfrke_type], ke);
}
void
pfr_insert_kentries(struct pfr_ktable *kt,
Re: prevent busy loop in rnd.c
Your diff looks correct, though I don't think the explicit casts are needed since the prototypes are in scope. Perhaps it quiets a warning with some compiler flags? There's a scary number of instances of min(foo, uio->uio_resid) in the kernel that should probably be fixed as well. - todd
Re: falloc and related stuff
On 08 Apr 2015, at 17:33, kanonenvogel@gmail.com wrote: > > Is it a good idea? bad idea because of sys_pread
Re: falloc and related stuff
On 08 Apr 2015, at 17:33, kanonenvogel@gmail.com wrote: > > Is it a good idea? bad idea because of sys_pread/sys_pwrite
prevent busy loop in rnd.c
Due to an involuntary integer overflow, the randomread() and
randomwrite() functions can be tricked into entering an endless loop.
That loop can be triggered by performing a read() of UINT_MAX + 1 bytes
from /dev/random on a platform where sizeof(size_t) > sizeof(u_int).
This holds true for e.g. amd64. A minimal program like the one included
below can be used to trigger the bug.
---
#include
#include
#include
int
main(void)
{
int fd;
ssize_t n;
fd = open("/dev/random", O_RDONLY);
if (fd == -1)
err(1, "open");
n = read(fd, NULL, (size_t)1 << 32);
if (n == -1)
err(1, "read");
(void)close(fd);
return (0);
}
---
Replacing min() with ulmin() prevents the busy loop.
Index: dev/rnd.c
===
RCS file: /cvs/src/sys/dev/rnd.c,v
retrieving revision 1.173
diff -u -p -r1.173 rnd.c
--- dev/rnd.c 14 Mar 2015 03:38:46 - 1.173
+++ dev/rnd.c 8 Apr 2015 12:30:32 -
@@ -840,16 +840,16 @@ randomread(dev_t dev, struct uio *uio, i
}
while (ret == 0 && uio->uio_resid > 0) {
- int n = min(POOLBYTES, uio->uio_resid);
+ size_t n = ulmin(POOLBYTES, uio->uio_resid);
if (myctx) {
#ifndef KEYSTREAM_ONLY
memset(buf, 0, n);
#endif
- chacha_encrypt_bytes(&lctx, buf, buf, n);
+ chacha_encrypt_bytes(&lctx, buf, buf, (u32)n);
} else
arc4random_buf(buf, n);
- ret = uiomovei(buf, n, uio);
+ ret = uiomove(buf, n, uio);
if (ret == 0 && uio->uio_resid > 0)
yield();
}
@@ -872,14 +872,14 @@ randomwrite(dev_t dev, struct uio *uio,
buf = malloc(POOLBYTES, M_TEMP, M_WAITOK);
while (ret == 0 && uio->uio_resid > 0) {
- int n = min(POOLBYTES, uio->uio_resid);
+ size_t n = ulmin(POOLBYTES, uio->uio_resid);
- ret = uiomovei(buf, n, uio);
+ ret = uiomove(buf, n, uio);
if (ret != 0)
break;
while (n % sizeof(u_int32_t))
((u_int8_t *)buf)[n++] = 0;
- add_entropy_words(buf, n / 4);
+ add_entropy_words(buf, (u_int)(n / 4));
if (uio->uio_resid > 0)
yield();
newdata = 1;
Although size_t is unsigned long on all supported platforms, POSIX
only guarantees u_long to be at least 2**32 bits of size. At Bitrig
we have introduced szmin() and szmax() to libkern, which operates like
ulmin() and ulmax(), but with size_t values as input/output. If there
is interest, I'll be happy to produce a patch for this mailing list,
that adds szmin/max to libkern.
cheers,
natano
Re: falloc and related stuff
On 08 Apr 2015, at 15:03, Ted Unangst wrote:
> Also, this only helps if you're sure that the code reading the flag will do so
> in an smp safe way. In many cases, the reading code will also need to acquire
> a lock in order to correctly do something after reading the flag. From the
> diff context, it looks like most of this code will definitely already have
> some other lock.
What do you think about f_offset protection? Lock file struct object within
of_read or fo_write routine?
For example for vn_read()
int
vn_read(struct file *fp, off_t *poff, struct uio *uio, struct ucred *cred)
{
struct vnode *vp = (struct vnode *)fp->f_data;
int error = 0;
size_t count = uio->uio_resid;
struct proc *p = uio->uio_procp;
FILE_LOCK(fp);
/* no wrap around of offsets except on character devices */
if (vp->v_type != VCHR && count > LLONG_MAX - *poff) {
FILE_UNLOCK(fp);
return (EINVAL);
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
uio->uio_offset = *poff;
if (vp->v_type != VDIR)
error = VOP_READ(vp, uio,
(fp->f_flag & FNONBLOCK) ? IO_NDELAY : 0, cred);
*poff += count - uio->uio_resid;
VOP_UNLOCK(vp, 0, p);
FILE_UNLOCK(fp);
return (error);
}
Is it a good idea?
Re: unused argument in pfr_create_kentry()
On 30 September 2014 at 18:03, Alexandr Nedvedicky wrote: > Hello, > > while working with PF code we've found the arg1 (flags) of pfr_create_kentry() > is unused. > > the patch is trivial, just in case you are interested. > > regards > sasha > committed, thanks.
m_devget(9), m_clget(9) and ifp
Now that all the drivers using m_devget(9) have been converted to
if_input() we no longer need to pass an interface pointer to set
`rcvif'.
This is a small step towards the removal of an interface pointer
in the mbuf header.
While here, m_clget(9) also no longer needs an ifp.
Ok?
Index: arch/sparc/dev/hme.c
===
RCS file: /cvs/src/sys/arch/sparc/dev/hme.c,v
retrieving revision 1.68
diff -u -p -r1.68 hme.c
--- arch/sparc/dev/hme.c8 Apr 2015 10:07:47 - 1.68
+++ arch/sparc/dev/hme.c8 Apr 2015 12:58:56 -
@@ -828,7 +828,7 @@ hme_read(sc, idx, len, flags)
/* Pull packet off interface. */
m = m_devget(sc->sc_bufs->rx_buf[idx] + HME_RX_OFFSET, len,
- HME_RX_OFFSET, &sc->sc_arpcom.ac_if);
+ HME_RX_OFFSET);
if (m == NULL) {
ifp->if_ierrors++;
return;
Index: arch/sparc64/dev/vnet.c
===
RCS file: /cvs/src/sys/arch/sparc64/dev/vnet.c,v
retrieving revision 1.43
diff -u -p -r1.43 vnet.c
--- arch/sparc64/dev/vnet.c 2 Apr 2015 09:46:48 - 1.43
+++ arch/sparc64/dev/vnet.c 8 Apr 2015 12:59:02 -
@@ -734,7 +734,7 @@ vnet_rx_vio_desc_data(struct vnet_softc
}
/* Stupid OBP doesn't align properly. */
-m = m_devget(buf, dm->nbytes, ETHER_ALIGN, ifp);
+m = m_devget(buf, dm->nbytes, ETHER_ALIGN);
pool_put(&sc->sc_pool, buf);
if (m == NULL) {
ifp->if_ierrors++;
Index: dev/ic/dc.c
===
RCS file: /cvs/src/sys/dev/ic/dc.c,v
retrieving revision 1.139
diff -u -p -r1.139 dc.c
--- dev/ic/dc.c 14 Mar 2015 03:38:47 - 1.139
+++ dev/ic/dc.c 8 Apr 2015 12:59:05 -
@@ -2143,7 +2143,7 @@ dc_rxeof(struct dc_softc *sc)
/* No errors; receive the packet. */
total_len -= ETHER_CRC_LEN;
- m0 = m_devget(mtod(m, char *), total_len, ETHER_ALIGN, ifp);
+ m0 = m_devget(mtod(m, char *), total_len, ETHER_ALIGN);
dc_newbuf(sc, i, m);
DC_INC(i, DC_RX_LIST_CNT);
if (m0 == NULL) {
Index: dev/ic/mtd8xx.c
===
RCS file: /cvs/src/sys/dev/ic/mtd8xx.c,v
retrieving revision 1.25
diff -u -p -r1.25 mtd8xx.c
--- dev/ic/mtd8xx.c 8 Apr 2015 12:58:24 - 1.25
+++ dev/ic/mtd8xx.c 8 Apr 2015 12:59:08 -
@@ -924,7 +924,7 @@ mtd_rxeof(struct mtd_softc *sc)
0, sc->mtd_cdata.mtd_rx_chain[i].sd_map->dm_mapsize,
BUS_DMASYNC_POSTREAD);
- m0 = m_devget(mtod(m, char *), total_len, ETHER_ALIGN, ifp);
+ m0 = m_devget(mtod(m, char *), total_len, ETHER_ALIGN);
mtd_newbuf(sc, i, m);
i = (i + 1) % MTD_RX_LIST_CNT;
if (m0 == NULL) {
Index: dev/ic/rtl81x9.c
===
RCS file: /cvs/src/sys/dev/ic/rtl81x9.c,v
retrieving revision 1.89
diff -u -p -r1.89 rtl81x9.c
--- dev/ic/rtl81x9.c30 Mar 2015 10:04:11 - 1.89
+++ dev/ic/rtl81x9.c8 Apr 2015 12:59:17 -
@@ -643,7 +643,7 @@ rl_rxeof(struct rl_softc *sc)
wrap = (sc->rl_cdata.rl_rx_buf + RL_RXBUFLEN) - rxbufpos;
if (total_len > wrap) {
- m = m_devget(rxbufpos, wrap, ETHER_ALIGN, ifp);
+ m = m_devget(rxbufpos, wrap, ETHER_ALIGN);
if (m != NULL) {
m_copyback(m, wrap, total_len - wrap,
sc->rl_cdata.rl_rx_buf, M_NOWAIT);
@@ -654,7 +654,7 @@ rl_rxeof(struct rl_softc *sc)
}
cur_rx = (total_len - wrap + ETHER_CRC_LEN);
} else {
- m = m_devget(rxbufpos, total_len, ETHER_ALIGN, ifp);
+ m = m_devget(rxbufpos, total_len, ETHER_ALIGN);
cur_rx += total_len + 4 + ETHER_CRC_LEN;
}
Index: dev/pci/if_ale.c
===
RCS file: /cvs/src/sys/dev/pci/if_ale.c,v
retrieving revision 1.37
diff -u -p -r1.37 if_ale.c
--- dev/pci/if_ale.c24 Mar 2015 10:09:06 - 1.37
+++ dev/pci/if_ale.c8 Apr 2015 12:59:25 -
@@ -1532,7 +1532,7 @@ ale_rxeof(struct ale_softc *sc)
* on these low-end consumer ethernet controller.
*/
m = m_devget((char *)(rs + 1), length - ETHER_CRC_LEN,
- ETHER_ALIGN, ifp);
+ ETHER_ALIGN);
if (m == NULL) {
ifp->if_iqdrops++;
ale_rx_update_page(sc, &rx_page, length, &prod);
Index: dev/pci/if_bc
Re: copy'n'paste like typo in pf.c
On 5 April 2015 at 15:14, Florian Obser wrote: > On Sun, Apr 05, 2015 at 11:48:21AM +0200, Alexandr Nedvedicky wrote: >> Hello, >> >> when we ran PF sources through coverity we got an error >> as follows: >> >> 8310 if (ri->r->dst.addr.type == PF_ADDR_TABLE) >> 8311 pfr_update_stats(ri->r->dst.addr.p.tbl, >> 8312 &s->key[(s->direction == PF_IN)]-> >> 8313 addr[(s->direction == PF_IN)], >> >> >> CID 38100 (#1 of 1): Copy-paste error (COPY_PASTE_ERROR)copy_paste_error: src >> in ri->r->src.neg looks like a copy-paste error. >> >> Should it say dst instead? >> 8314pd, ri->r->action, ri->r->src.neg); >> 8315} >> 8316} >> >> (note: line numbers won't match line numbers in OpenBSD). >> >> It seems to me coveirty is right. Patch against CURRENT is attached. >> >> kind regards >> sasha >> [snip] > > This looks correct. > OK florian@ > Committed, thanks!
Re: falloc and related stuff
On 08 Apr 2015, at 15:03, Ted Unangst wrote: > The atomic functions are quite expensive on > some architectures, so we don't want to just use them everywhere. So, rwlock is better here? Also, can you explain this lines from finishdup() function (openbsd-5., file kern/kern_descrip.c, lines 576-577): fp->f_count++; FRELE(fp, p); it looks useless, or I misunderstood something?
Re: rename gettdbbyaddr to gettdbbydst
On 8 April 2015 at 12:46, Martin Pieuchot wrote: > On 08/04/15(Wed) 12:15, Mike Belopuhov wrote: >> OK to rename gettdbbyaddr to gettdbbydst since that's what it does >> and it aligns well with gettdbbysrc? > > Makes sense to me. This is also coherent to the comments in ip_ipsp.h. > > One comment though, you're moving a splsoftnet() in tdb_delete() but it > seems that the hash function does not need this protection, or am I > misunderstanding something? > Just a better place for it to be. Especially if somebody will turn it into something else. There's no functional change.
Re: falloc and related stuff
kanonenvogel@gmail.com wrote: > > On 08 Apr 2015, at 02:31, Philip Guenther wrote: > > > On Tue, Apr 7, 2015 at 3:57 PM, Kanonenvogel > > wrote: > >> I have idea to modify falloc() function and related logic. > >> Now, after successful faclloc call, we have half-initialized struct file > >> object, protected by FIF_LARVAL flag. > >> I want to initialise struct file object within falloc() and then put it to > >> fd_ofiles array and filehead list. This modification > >> permits to avoid half-initialization state and remove FIF_LARVAL flag and > >> related logic. > > > > The hard case is blocking opens of fifos, as the underlying operation > > involves a change visible to another process and that therefore cannot > > be rolled back. > > > > > > Philip Guenther > Ok, I understood. > And what about make struct file more smp friendly? For example, make > operations under > f_iflags and f_flags atomic? This can help, but not always. The atomic functions are quite expensive on some architectures, so we don't want to just use them everywhere. Also, this only helps if you're sure that the code reading the flag will do so in an smp safe way. In many cases, the reading code will also need to acquire a lock in order to correctly do something after reading the flag. From the diff context, it looks like most of this code will definitely already have some other lock.
print 802.11h chan switch announcements
This teaches tcpdump to print the channel switch announcements used
for DFS and Ruckus ChannelFly, described in 7.3.2.20 in 802.11h-2003.
I think the "noTX" is used for radar-detected DFS where you want
everybody to shut up quickly, I don't have a good way to trigger
that ;)
I considered hiding output behind -v, but I think it's important enough
to display by default (it isn't present in every beacon, only in the ones
immediately preceding a channel switch, so doesn't add spam to the normal
case).
Sample output below the diff.
Any comments/OKs? Thanks.
Index: sys/net80211/ieee80211.h
===
RCS file: /cvs/src/sys/net80211/ieee80211.h,v
retrieving revision 1.50
diff -u -p -r1.50 ieee80211.h
--- sys/net80211/ieee80211.h17 Jan 2013 02:51:56 - 1.50
+++ sys/net80211/ieee80211.h8 Apr 2015 11:48:11 -
@@ -327,6 +327,7 @@ enum {
IEEE80211_ELEMID_EDCAPARMS = 12,
IEEE80211_ELEMID_CHALLENGE = 16,
/* 17-31 reserved for challenge text extension */
+ IEEE80211_ELEMID_CSA= 37, /* 11h */
IEEE80211_ELEMID_ERP= 42,
IEEE80211_ELEMID_HTCAPS = 45, /* 11n */
IEEE80211_ELEMID_QOS_CAP= 46,
Index: usr.sbin/tcpdump/print-802_11.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-802_11.c,v
retrieving revision 1.16
diff -u -p -r1.16 print-802_11.c
--- usr.sbin/tcpdump/print-802_11.c 16 Jan 2015 06:40:21 - 1.16
+++ usr.sbin/tcpdump/print-802_11.c 8 Apr 2015 11:48:11 -
@@ -323,6 +323,10 @@ ieee80211_elements(struct ieee80211_fram
if (vflag)
ieee80211_print_element(data, len);
break;
+ case IEEE80211_ELEMID_CSA:
+ printf(", csa (chan %u count %u%s)", data[1], data[2],
+ (data[0] == 1) ? " noTX" : "");
+ break;
case IEEE80211_ELEMID_ERP:
printf(", erp");
if (vflag)
12:24:47.546150 802.11: beacon, ssid (Y2), rates, ds, tim, erp, xrates, vendor,
45:26, 61:22, 127:4, vendor, rsn,
12:24:49.899297 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
6), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
12:24:50.001676 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
5), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
12:24:50.104076 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
4), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
12:24:50.206478 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
3), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
12:24:50.308877 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
2), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
12:24:50.411272 802.11: beacon, ssid (Y2), rates, ds, tim, csa (chan 9 count
1), erp, xrates, vendor, 45:26, 61:22, 127:4, vendor, rsn,
Re: bce(4), lge(4), nge(4), vge(4), wb(4), malo(4) and hme(4/sparc)
> On 8 Apr 2015, at 8:09 pm, Martin Pieuchot wrote:
>
> On 08/04/15(Wed) 10:03, David Gwynne wrote:
>>
>>> On 8 Apr 2015, at 01:38, Martin Pieuchot wrote:
>>>
>>> Here's a diff to convert these drivers to if_input(). They all make
>>> use of m_devget(9) which takes an ifp as argument and I'd like to
>>> change that. But first I need to make sure all these drivers are
>>> converted.
>>> [...]
>>> Index: dev/ic/mtd8xx.c
>>> ===
>>> RCS file: /cvs/src/sys/dev/ic/mtd8xx.c,v
>>> retrieving revision 1.24
>>> diff -u -p -r1.24 mtd8xx.c
>>> --- dev/ic/mtd8xx.c 22 Dec 2014 02:28:51 - 1.24
>>> +++ dev/ic/mtd8xx.c 7 Apr 2015 15:24:43 -
>>> @@ -874,6 +874,7 @@ mtd_intr(void *xsc)
>>> static void
>>> mtd_rxeof(struct mtd_softc *sc)
>>> {
>>> + struct mbuf_list ml = MBUF_LIST_INITIALIZER();
>>> struct mbuf *m;
>>> struct ifnet *ifp;
>>> struct mtd_rx_desc *cur_rx;
>>> @@ -934,12 +935,10 @@ mtd_rxeof(struct mtd_softc *sc)
>>>
>>> ifp->if_ipackets++;
>>>
>>> -#if NBPFILTER > 0
>>> - if (ifp->if_bpf)
>>> - bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_IN);
>>> -#endif
>>> - ether_input_mbuf(ifp, m);
>>> + ml_enqueue(&ml, m);
>>> }
>>> +
>>> + if_input(ifp, &ml);
>>>
>>> sc->mtd_cdata.mtd_rx_prod = i;
>>> }
>>
>> no.
>>
>> there's a return inside the loop in this driver, which means you'll leak the
>> mbufs on ml. if you use break instead of return it should be ok.
>
> Like that?
yes. ok :)
>
> Index: dev/ic/mtd8xx.c
> ===
> RCS file: /cvs/src/sys/dev/ic/mtd8xx.c,v
> retrieving revision 1.24
> diff -u -p -r1.24 mtd8xx.c
> --- dev/ic/mtd8xx.c 22 Dec 2014 02:28:51 - 1.24
> +++ dev/ic/mtd8xx.c 8 Apr 2015 10:08:37 -
> @@ -874,6 +874,7 @@ mtd_intr(void *xsc)
> static void
> mtd_rxeof(struct mtd_softc *sc)
> {
> + struct mbuf_list ml = MBUF_LIST_INITIALIZER();
> struct mbuf *m;
> struct ifnet *ifp;
> struct mtd_rx_desc *cur_rx;
> @@ -912,7 +913,7 @@ mtd_rxeof(struct mtd_softc *sc)
> continue;
> } else {
> mtd_init(ifp);
> - return;
> + break;
> }
> }
>
> @@ -934,12 +935,10 @@ mtd_rxeof(struct mtd_softc *sc)
>
> ifp->if_ipackets++;
>
> -#if NBPFILTER > 0
> - if (ifp->if_bpf)
> - bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_IN);
> -#endif
> - ether_input_mbuf(ifp, m);
> + ml_enqueue(&ml, m);
> }
> +
> + if_input(ifp, &ml);
>
> sc->mtd_cdata.mtd_rx_prod = i;
> }
>
Re: rename gettdbbyaddr to gettdbbydst
On 08/04/15(Wed) 12:15, Mike Belopuhov wrote:
> OK to rename gettdbbyaddr to gettdbbydst since that's what it does
> and it aligns well with gettdbbysrc?
Makes sense to me. This is also coherent to the comments in ip_ipsp.h.
One comment though, you're moving a splsoftnet() in tdb_delete() but it
seems that the hash function does not need this protection, or am I
misunderstanding something?
> ---
> sys/netinet/ip_ipsp.c | 47 +--
> sys/netinet/ip_ipsp.h | 4 ++--
> sys/netinet/ip_spd.c | 6 +++---
> 3 files changed, 30 insertions(+), 27 deletions(-)
>
> diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
> index f6e598f..edeabc8 100644
> --- sys/netinet/ip_ipsp.c
> +++ sys/netinet/ip_ipsp.c
> @@ -118,21 +118,21 @@ struct xformsw xformsw[] = {
> tcp_signature_tdb_zeroize,tcp_signature_tdb_input,
> tcp_signature_tdb_output, }
> #endif /* TCP_SIGNATURE */
> };
>
> struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)];
>
> #define TDB_HASHSIZE_INIT 32
>
> static struct tdb **tdbh = NULL;
> -static struct tdb **tdbaddr = NULL;
> +static struct tdb **tdbdst = NULL;
> static struct tdb **tdbsrc = NULL;
> static u_int tdb_hashmask = TDB_HASHSIZE_INIT - 1;
> static int tdb_count;
>
> /*
> * Our hashing function needs to stir things with a non-zero random
> multiplier
> * so we cannot be DoS-attacked via choosing of the data to hash.
> */
> int
> tdb_hash(u_int rdomain, u_int32_t spi, union sockaddr_union *dst,
> @@ -393,34 +393,34 @@ ipsp_aux_match(struct tdb *tdb,
> }
>
> return 1;
> }
>
> /*
> * Get an SA given the remote address, the security protocol type, and
> * the desired IDs.
> */
> struct tdb *
> -gettdbbyaddr(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
> +gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
> struct ipsec_ref *srcid, struct ipsec_ref *dstid,
> struct ipsec_ref *local_cred, struct sockaddr_encap *filter,
> struct sockaddr_encap *filtermask)
> {
> u_int32_t hashval;
> struct tdb *tdbp;
>
> - if (tdbaddr == NULL)
> + if (tdbdst == NULL)
> return (struct tdb *) NULL;
>
> hashval = tdb_hash(rdomain, 0, dst, sproto);
>
> - for (tdbp = tdbaddr[hashval]; tdbp != NULL; tdbp = tdbp->tdb_anext)
> + for (tdbp = tdbdst[hashval]; tdbp != NULL; tdbp = tdbp->tdb_dnext)
> if ((tdbp->tdb_sproto == sproto) &&
> (tdbp->tdb_rdomain == rdomain) &&
> ((tdbp->tdb_flags & TDBF_INVALID) == 0) &&
> (!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa {
> /* Do IDs and local credentials match ? */
> if (!ipsp_aux_match(tdbp, srcid, dstid,
> local_cred, NULL, filter, filtermask))
> continue;
> break;
> }
> @@ -576,85 +576,85 @@ tdb_soft_firstuse(void *v)
> pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
> tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
> }
>
> /*
> * Caller is responsible for splsoftnet().
> */
> void
> tdb_rehash(void)
> {
> - struct tdb **new_tdbh, **new_tdbaddr, **new_srcaddr, *tdbp, *tdbnp;
> + struct tdb **new_tdbh, **new_tdbdst, **new_srcaddr, *tdbp, *tdbnp;
> u_int i, old_hashmask = tdb_hashmask;
> u_int32_t hashval;
>
> tdb_hashmask = (tdb_hashmask << 1) | 1;
>
> new_tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
> M_WAITOK | M_ZERO);
> - new_tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
> + new_tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
> M_WAITOK | M_ZERO);
> new_srcaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
> M_WAITOK | M_ZERO);
>
> for (i = 0; i <= old_hashmask; i++) {
> for (tdbp = tdbh[i]; tdbp != NULL; tdbp = tdbnp) {
> tdbnp = tdbp->tdb_hnext;
> hashval = tdb_hash(tdbp->tdb_rdomain,
> tdbp->tdb_spi, &tdbp->tdb_dst,
> tdbp->tdb_sproto);
> tdbp->tdb_hnext = new_tdbh[hashval];
> new_tdbh[hashval] = tdbp;
> }
>
> - for (tdbp = tdbaddr[i]; tdbp != NULL; tdbp = tdbnp) {
> - tdbnp = tdbp->tdb_anext;
> + for (tdbp = tdbdst[i]; tdbp != NULL; tdbp = tdbnp) {
> + tdbnp = tdbp->tdb_dnext;
> hashval = tdb_hash(tdbp->tdb_rdomain,
> 0, &tdbp->tdb_dst,
> tdbp->tdb_sproto);
> - tdbp->tdb_anext = new_tdbaddr[hashval];
> - new_tdbaddr[hashval] = tdbp;
> + tdbp->tdb_dnext = new_tdbdst[hashval];
> +
use tdb_flow for IP_IPSECFLOWINFO
Convert IP_IPSECFLOWINFO to use tdb flow id instead of an SPI.
Tested with npppd and Windows NAT-T clients. OK?
---
sys/netinet/ip_spd.c | 49 +++-
sys/netinet/udp_usrreq.c | 2 +-
2 files changed, 29 insertions(+), 22 deletions(-)
diff --git sys/netinet/ip_spd.c sys/netinet/ip_spd.c
index e4b858c..e451ad0 100644
--- sys/netinet/ip_spd.c
+++ sys/netinet/ip_spd.c
@@ -78,22 +78,21 @@ int ipsec_acquire_pool_initialized = 0;
* returned.
*/
struct tdb *
ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction,
struct tdb *tdbp, struct inpcb *inp, u_int32_t ipsecflowinfo)
{
struct rtentry *rt;
union sockaddr_union sdst, ssrc;
struct sockaddr_encap *ddst, dst;
struct ipsec_policy *ipo;
- struct ipsec_ref *dstid = NULL, *srcid = NULL;
- struct tdb *tdbin = NULL;
+ struct tdb *tdbpp = NULL;
int signore = 0, dignore = 0;
u_int rdomain = rtable_l2(m->m_pkthdr.ph_rtableid);
/*
* If there are no flows in place, there's no point
* continuing with the SPD lookup.
*/
if (!ipsec_in_use && inp == NULL) {
*error = 0;
return NULL;
@@ -337,84 +336,92 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int
*error, int direction,
IPSEC_LEVEL_BYPASS) &&
(inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) {
/* Direct match. */
if (dignore ||
!memcmp(&sdst, &ipo->ipo_dst, sdst.sa.sa_len)) {
*error = 0;
return NULL;
}
}
- /*
-* Fetch the incoming TDB based on the SPI passed
-* in ipsecflow and use it's dstid when looking
-* up the outgoing TDB.
-*/
- if (ipsecflowinfo &&
- (tdbin = gettdb(rdomain, ipsecflowinfo, &ssrc,
- ipo->ipo_sproto)) != NULL) {
- srcid = tdbin->tdb_dstid;
- dstid = tdbin->tdb_srcid;
- }
+ /* Fetch the TDB based on the flow ID in ipsecflow. */
+ if (ipsecflowinfo)
+ tdbpp = gettdbbyflow(rdomain, ipsecflowinfo,
+ dignore ? &sdst : &ipo->ipo_dst, ipo->ipo_sproto);
/* Check that the cached TDB (if present), is appropriate. */
if (ipo->ipo_tdb) {
if ((ipo->ipo_last_searched <= ipsec_last_added) ||
(ipo->ipo_sproto != ipo->ipo_tdb->tdb_sproto) ||
memcmp(dignore ? &sdst : &ipo->ipo_dst,
&ipo->ipo_tdb->tdb_dst,
ipo->ipo_tdb->tdb_dst.sa.sa_len))
goto nomatchout;
- if (!ipsp_aux_match(ipo->ipo_tdb,
- srcid ? srcid : ipo->ipo_srcid,
- dstid ? dstid : ipo->ipo_dstid,
+ if (tdbpp && ipo->ipo_tdb != tdbpp)
+ goto nomatchout;
+ else if (!ipsp_aux_match(ipo->ipo_tdb,
+ ipo->ipo_srcid, ipo->ipo_dstid,
ipo->ipo_local_cred, NULL,
&ipo->ipo_addr, &ipo->ipo_mask))
goto nomatchout;
/* Cached entry is good. */
*error = 0;
return ipsp_spd_inp(m, af, hlen, error, direction,
tdbp, inp, ipo);
nomatchout:
/* Cached TDB was not good. */
TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
ipo_tdb_next);
ipo->ipo_tdb = NULL;
ipo->ipo_last_searched = 0;
}
+ /* Use the SA we have found via the ipsecflowinfo */
+ if (tdbpp) {
+ if (ipo->ipo_last_searched <= ipsec_last_added) {
+ /* "Touch" the entry. */
+ if (dignore == 0)
+ ipo->ipo_last_searched = time_second;
+ }
+
+ ipo->ipo_tdb = tdbpp;
+ TAILQ_INSERT_TAIL(&ipo->ipo_tdb->tdb_policy_head, ipo,
+ ipo_tdb_next);
+ *error = 0;
+ return ipsp_spd_inp(m, af, hlen, error, direction, tdbp,
+ inp, ipo);
+ }
+
/*
* If no SA has been added since the last time we did a
* lookup, there's no point searching for one. However, if the
introduce tdb flows and tdb flow hash
Each tdb (SA) bundle will receive a "flow" identificator that will
be reassigned to the newly established SAs upon rekeying. Later
this will be passed as IP_IPSECFLOWINFO control message to userland.
Discussed with with Markus and Bret Lambert. OK?
---
sys/netinet/ip_ipsp.c | 101 +-
sys/netinet/ip_ipsp.h | 3 ++
2 files changed, 103 insertions(+), 1 deletion(-)
diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
index 184c28f..55c3871 100644
--- sys/netinet/ip_ipsp.c
+++ sys/netinet/ip_ipsp.c
@@ -118,24 +118,26 @@ struct xformsw xformsw[] = {
tcp_signature_tdb_zeroize,tcp_signature_tdb_input,
tcp_signature_tdb_output, }
#endif /* TCP_SIGNATURE */
};
struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)];
#defineTDB_HASHSIZE_INIT 32
static struct tdb **tdbh = NULL;
+static struct tdb **tdbflow = NULL;
static struct tdb **tdbdst = NULL;
static struct tdb **tdbsrc = NULL;
static u_int tdb_hashmask = TDB_HASHSIZE_INIT - 1;
static int tdb_count;
+static u_int tdb_flow;
/*
* Our hashing function needs to stir things with a non-zero random multiplier
* so we cannot be DoS-attacked via choosing of the data to hash.
*/
int
tdb_hash(u_int rdomain, u_int32_t spi, union sockaddr_union *dst,
u_int8_t proto)
{
static u_int32_t mult1 = 0, mult2 = 0;
@@ -286,20 +288,41 @@ gettdb(u_int rdomain, u_int32_t spi, union sockaddr_union
*dst, u_int8_t proto)
for (tdbp = tdbh[hashval]; tdbp != NULL; tdbp = tdbp->tdb_hnext)
if ((tdbp->tdb_spi == spi) && (tdbp->tdb_sproto == proto) &&
(tdbp->tdb_rdomain == rdomain) &&
!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))
break;
return tdbp;
}
+struct tdb *
+gettdbbyflow(u_int rdomain, u_int32_t flow, union sockaddr_union *dst,
+u_int8_t proto)
+{
+ u_int32_t hashval;
+ struct tdb *tdbp;
+
+ if (tdbflow == NULL)
+ return (NULL);
+
+ hashval = tdb_hash(rdomain, flow, dst, proto);
+
+ for (tdbp = tdbflow[hashval]; tdbp != NULL; tdbp = tdbp->tdb_hnext)
+ if ((tdbp->tdb_flow == flow) && (tdbp->tdb_sproto == proto) &&
+ (tdbp->tdb_rdomain == rdomain) &&
+ !memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))
+ break;
+
+ return (tdbp);
+}
+
/*
* Same as gettdb() but compare SRC as well, so we
* use the tdbsrc[] hash table. Setting spi to 0
* matches all SPIs.
*/
struct tdb *
gettdbbysrcdst(u_int rdomain, u_int32_t spi, union sockaddr_union *src,
union sockaddr_union *dst, u_int8_t proto)
{
u_int32_t hashval;
@@ -577,43 +600,55 @@ tdb_soft_firstuse(void *v)
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
}
/*
* Caller is responsible for splsoftnet().
*/
void
tdb_rehash(void)
{
- struct tdb **new_tdbh, **new_tdbdst, **new_srcaddr, *tdbp, *tdbnp;
+ struct tdb **new_tdbh, **new_tdbflow, **new_tdbdst, **new_srcaddr;
+ struct tdb *tdbp, *tdbnp;
u_int i, old_hashmask = tdb_hashmask;
u_int32_t hashval;
tdb_hashmask = (tdb_hashmask << 1) | 1;
new_tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
+ new_tdbflow = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
+ M_WAITOK | M_ZERO);
new_tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
new_srcaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
for (i = 0; i <= old_hashmask; i++) {
for (tdbp = tdbh[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_hnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
tdbp->tdb_spi, &tdbp->tdb_dst,
tdbp->tdb_sproto);
tdbp->tdb_hnext = new_tdbh[hashval];
new_tdbh[hashval] = tdbp;
}
+ for (tdbp = tdbflow[i]; tdbp != NULL; tdbp = tdbnp) {
+ tdbnp = tdbp->tdb_fnext;
+ hashval = tdb_hash(tdbp->tdb_rdomain,
+ tdbp->tdb_flow, &tdbp->tdb_dst,
+ tdbp->tdb_sproto);
+ tdbp->tdb_fnext = new_tdbh[hashval];
+ new_tdbflow[hashval] = tdbp;
+ }
+
for (tdbp = tdbdst[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_dnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
0, &tdbp->tdb_dst,
tdbp->tdb_sproto);
tdbp->tdb_dnext = new_tdbdst[hashval];
make filter match optional in ipsp_aux_match
Since all other arguments are optional I don't see why filter is special.
OK?
---
sys/netinet/ip_ipsp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
index edeabc8..184c28f 100644
--- sys/netinet/ip_ipsp.c
+++ sys/netinet/ip_ipsp.c
@@ -370,21 +370,22 @@ ipsp_aux_match(struct tdb *tdb,
if (tdb->tdb_local_cred == NULL ||
!ipsp_ref_match(tdb->tdb_local_cred, plcred))
return 0;
if (prcred != NULL)
if (tdb->tdb_remote_cred == NULL ||
!ipsp_ref_match(tdb->tdb_remote_cred, prcred))
return 0;
/* Check for filter matches. */
- if (tdb->tdb_filter.sen_type) {
+ if (pfilter != NULL && pfiltermask != NULL &&
+ tdb->tdb_filter.sen_type) {
/*
* XXX We should really be doing a subnet-check (see
* whether the TDB-associated filter is a subset
* of the policy's. For now, an exact match will solve
* most problems (all this will do is make every
* policy get its own SAs).
*/
if (memcmp(&tdb->tdb_filter, pfilter,
sizeof(struct sockaddr_encap)) ||
memcmp(&tdb->tdb_filtermask, pfiltermask,
--
2.3.4
perform bypass check before ipsecflowinfo
It's better to perform the socket bypass check before we start dealing
with SAs. OK?
---
sys/netinet/ip_spd.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git sys/netinet/ip_spd.c sys/netinet/ip_spd.c
index 81e22da..e4b858c 100644
--- sys/netinet/ip_spd.c
+++ sys/netinet/ip_spd.c
@@ -320,48 +320,49 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int
*error, int direction,
/* Do we have a cached entry ? If so, check if it's still valid. */
if ((ipo->ipo_tdb) && (ipo->ipo_tdb->tdb_flags & TDBF_INVALID)) {
TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
ipo_tdb_next);
ipo->ipo_tdb = NULL;
}
/* Outgoing packet policy check. */
if (direction == IPSP_DIRECTION_OUT) {
/*
-* Fetch the incoming TDB based on the SPI passed
-* in ipsecflow and use it's dstid when looking
-* up the outgoing TDB.
-*/
- if (ipsecflowinfo &&
- (tdbin = gettdb(rdomain, ipsecflowinfo, &ssrc,
- ipo->ipo_sproto)) != NULL) {
- srcid = tdbin->tdb_dstid;
- dstid = tdbin->tdb_srcid;
- }
- /*
* If the packet is destined for the policy-specified
* gateway/endhost, and the socket has the BYPASS
* option set, skip IPsec processing.
*/
if ((inp != NULL) &&
(inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) &&
(inp->inp_seclevel[SL_ESP_NETWORK] ==
IPSEC_LEVEL_BYPASS) &&
(inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) {
/* Direct match. */
if (dignore ||
!memcmp(&sdst, &ipo->ipo_dst, sdst.sa.sa_len)) {
*error = 0;
return NULL;
}
}
+ /*
+* Fetch the incoming TDB based on the SPI passed
+* in ipsecflow and use it's dstid when looking
+* up the outgoing TDB.
+*/
+ if (ipsecflowinfo &&
+ (tdbin = gettdb(rdomain, ipsecflowinfo, &ssrc,
+ ipo->ipo_sproto)) != NULL) {
+ srcid = tdbin->tdb_dstid;
+ dstid = tdbin->tdb_srcid;
+ }
+
/* Check that the cached TDB (if present), is appropriate. */
if (ipo->ipo_tdb) {
if ((ipo->ipo_last_searched <= ipsec_last_added) ||
(ipo->ipo_sproto != ipo->ipo_tdb->tdb_sproto) ||
memcmp(dignore ? &sdst : &ipo->ipo_dst,
&ipo->ipo_tdb->tdb_dst,
ipo->ipo_tdb->tdb_dst.sa.sa_len))
goto nomatchout;
if (!ipsp_aux_match(ipo->ipo_tdb,
--
2.3.4
rename gettdbbyaddr to gettdbbydst
OK to rename gettdbbyaddr to gettdbbydst since that's what it does
and it aligns well with gettdbbysrc?
---
sys/netinet/ip_ipsp.c | 47 +--
sys/netinet/ip_ipsp.h | 4 ++--
sys/netinet/ip_spd.c | 6 +++---
3 files changed, 30 insertions(+), 27 deletions(-)
diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
index f6e598f..edeabc8 100644
--- sys/netinet/ip_ipsp.c
+++ sys/netinet/ip_ipsp.c
@@ -118,21 +118,21 @@ struct xformsw xformsw[] = {
tcp_signature_tdb_zeroize,tcp_signature_tdb_input,
tcp_signature_tdb_output, }
#endif /* TCP_SIGNATURE */
};
struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)];
#defineTDB_HASHSIZE_INIT 32
static struct tdb **tdbh = NULL;
-static struct tdb **tdbaddr = NULL;
+static struct tdb **tdbdst = NULL;
static struct tdb **tdbsrc = NULL;
static u_int tdb_hashmask = TDB_HASHSIZE_INIT - 1;
static int tdb_count;
/*
* Our hashing function needs to stir things with a non-zero random multiplier
* so we cannot be DoS-attacked via choosing of the data to hash.
*/
int
tdb_hash(u_int rdomain, u_int32_t spi, union sockaddr_union *dst,
@@ -393,34 +393,34 @@ ipsp_aux_match(struct tdb *tdb,
}
return 1;
}
/*
* Get an SA given the remote address, the security protocol type, and
* the desired IDs.
*/
struct tdb *
-gettdbbyaddr(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
+gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
struct ipsec_ref *srcid, struct ipsec_ref *dstid,
struct ipsec_ref *local_cred, struct sockaddr_encap *filter,
struct sockaddr_encap *filtermask)
{
u_int32_t hashval;
struct tdb *tdbp;
- if (tdbaddr == NULL)
+ if (tdbdst == NULL)
return (struct tdb *) NULL;
hashval = tdb_hash(rdomain, 0, dst, sproto);
- for (tdbp = tdbaddr[hashval]; tdbp != NULL; tdbp = tdbp->tdb_anext)
+ for (tdbp = tdbdst[hashval]; tdbp != NULL; tdbp = tdbp->tdb_dnext)
if ((tdbp->tdb_sproto == sproto) &&
(tdbp->tdb_rdomain == rdomain) &&
((tdbp->tdb_flags & TDBF_INVALID) == 0) &&
(!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa {
/* Do IDs and local credentials match ? */
if (!ipsp_aux_match(tdbp, srcid, dstid,
local_cred, NULL, filter, filtermask))
continue;
break;
}
@@ -576,85 +576,85 @@ tdb_soft_firstuse(void *v)
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
}
/*
* Caller is responsible for splsoftnet().
*/
void
tdb_rehash(void)
{
- struct tdb **new_tdbh, **new_tdbaddr, **new_srcaddr, *tdbp, *tdbnp;
+ struct tdb **new_tdbh, **new_tdbdst, **new_srcaddr, *tdbp, *tdbnp;
u_int i, old_hashmask = tdb_hashmask;
u_int32_t hashval;
tdb_hashmask = (tdb_hashmask << 1) | 1;
new_tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
- new_tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
+ new_tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
new_srcaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
for (i = 0; i <= old_hashmask; i++) {
for (tdbp = tdbh[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_hnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
tdbp->tdb_spi, &tdbp->tdb_dst,
tdbp->tdb_sproto);
tdbp->tdb_hnext = new_tdbh[hashval];
new_tdbh[hashval] = tdbp;
}
- for (tdbp = tdbaddr[i]; tdbp != NULL; tdbp = tdbnp) {
- tdbnp = tdbp->tdb_anext;
+ for (tdbp = tdbdst[i]; tdbp != NULL; tdbp = tdbnp) {
+ tdbnp = tdbp->tdb_dnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
0, &tdbp->tdb_dst,
tdbp->tdb_sproto);
- tdbp->tdb_anext = new_tdbaddr[hashval];
- new_tdbaddr[hashval] = tdbp;
+ tdbp->tdb_dnext = new_tdbdst[hashval];
+ new_tdbdst[hashval] = tdbp;
}
for (tdbp = tdbsrc[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_snext;
hashval = tdb_hash(tdbp->tdb_rdomain,
0, &tdbp->tdb_src,
tdbp->tdb_sproto);
tdbp->tdb_snext = new_srcaddr[hashval];
gettdb* functions do not need mbuf and af arguments
OK to remove unused arguments?
---
sys/netinet/ip_ipsp.c | 7 +++
sys/netinet/ip_ipsp.h | 7 +++
sys/netinet/ip_spd.c | 13 ++---
3 files changed, 12 insertions(+), 15 deletions(-)
diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
index c6864e8..f6e598f 100644
--- sys/netinet/ip_ipsp.c
+++ sys/netinet/ip_ipsp.c
@@ -395,22 +395,22 @@ ipsp_aux_match(struct tdb *tdb,
return 1;
}
/*
* Get an SA given the remote address, the security protocol type, and
* the desired IDs.
*/
struct tdb *
gettdbbyaddr(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
struct ipsec_ref *srcid, struct ipsec_ref *dstid,
-struct ipsec_ref *local_cred, struct mbuf *m, int af,
-struct sockaddr_encap *filter, struct sockaddr_encap *filtermask)
+struct ipsec_ref *local_cred, struct sockaddr_encap *filter,
+struct sockaddr_encap *filtermask)
{
u_int32_t hashval;
struct tdb *tdbp;
if (tdbaddr == NULL)
return (struct tdb *) NULL;
hashval = tdb_hash(rdomain, 0, dst, sproto);
for (tdbp = tdbaddr[hashval]; tdbp != NULL; tdbp = tdbp->tdb_anext)
@@ -428,22 +428,21 @@ gettdbbyaddr(u_int rdomain, union sockaddr_union *dst,
u_int8_t sproto,
return tdbp;
}
/*
* Get an SA given the source address, the security protocol type, and
* the desired IDs.
*/
struct tdb *
gettdbbysrc(u_int rdomain, union sockaddr_union *src, u_int8_t sproto,
struct ipsec_ref *srcid, struct ipsec_ref *dstid,
-struct mbuf *m, int af, struct sockaddr_encap *filter,
-struct sockaddr_encap *filtermask)
+struct sockaddr_encap *filter, struct sockaddr_encap *filtermask)
{
u_int32_t hashval;
struct tdb *tdbp;
if (tdbsrc == NULL)
return (struct tdb *) NULL;
hashval = tdb_hash(rdomain, 0, src, sproto);
for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext)
diff --git sys/netinet/ip_ipsp.h sys/netinet/ip_ipsp.h
index c7e2e1e..8c24fc1 100644
--- sys/netinet/ip_ipsp.h
+++ sys/netinet/ip_ipsp.h
@@ -497,26 +497,25 @@ do {
\
uint8_tget_sa_require(struct inpcb *);
#ifdef ENCDEBUG
const char *ipsp_address(union sockaddr_union, char *, socklen_t);
#endif /* ENCDEBUG */
/* TDB management routines */
void tdb_add_inp(struct tdb *, struct inpcb *, int);
uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t, int *);
struct tdb *gettdb(u_int, u_int32_t, union sockaddr_union *, u_int8_t);
-struct tdb *gettdbbyaddr(u_int, union sockaddr_union *, u_int8_t,
+struct tdb *gettdbbyaddr(u_int, union sockaddr_union *, u_int8_t,
struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *,
- struct mbuf *, int, struct sockaddr_encap *,
- struct sockaddr_encap *);
+ struct sockaddr_encap *, struct sockaddr_encap *);
struct tdb *gettdbbysrc(u_int, union sockaddr_union *, u_int8_t,
- struct ipsec_ref *, struct ipsec_ref *, struct mbuf *, int,
+ struct ipsec_ref *, struct ipsec_ref *,
struct sockaddr_encap *, struct sockaddr_encap *);
struct tdb *gettdbbysrcdst(u_int, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t);
void puttdb(struct tdb *);
void tdb_delete(struct tdb *);
struct tdb *tdb_alloc(u_int);
void tdb_free(struct tdb *);
inttdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
inttdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);
diff --git sys/netinet/ip_spd.c sys/netinet/ip_spd.c
index 68a08c5..3287e2f 100644
--- sys/netinet/ip_spd.c
+++ sys/netinet/ip_spd.c
@@ -398,22 +398,22 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int
*error, int direction,
if (dignore == 0)
ipo->ipo_last_searched = time_second;
/* Find an appropriate SA from the existing ones. */
ipo->ipo_tdb =
gettdbbyaddr(rdomain,
dignore ? &sdst : &ipo->ipo_dst,
ipo->ipo_sproto,
srcid ? srcid : ipo->ipo_srcid,
dstid ? dstid : ipo->ipo_dstid,
- ipo->ipo_local_cred, m, af,
- &ipo->ipo_addr, &ipo->ipo_mask);
+ ipo->ipo_local_cred, &ipo->ipo_addr,
+ &ipo->ipo_mask);
if (ipo->ipo_tdb) {
TAILQ_INSERT_TAIL(&ipo->ipo_tdb->tdb_policy_head,
ipo, ipo_tdb_next);
*error = 0;
return ipsp_spd_inp(m, af, hlen, error,
Re: bce(4), lge(4), nge(4), vge(4), wb(4), malo(4) and hme(4/sparc)
On 08/04/15(Wed) 10:03, David Gwynne wrote:
>
> > On 8 Apr 2015, at 01:38, Martin Pieuchot wrote:
> >
> > Here's a diff to convert these drivers to if_input(). They all make
> > use of m_devget(9) which takes an ifp as argument and I'd like to
> > change that. But first I need to make sure all these drivers are
> > converted.
> > [...]
> > Index: dev/ic/mtd8xx.c
> > ===
> > RCS file: /cvs/src/sys/dev/ic/mtd8xx.c,v
> > retrieving revision 1.24
> > diff -u -p -r1.24 mtd8xx.c
> > --- dev/ic/mtd8xx.c 22 Dec 2014 02:28:51 - 1.24
> > +++ dev/ic/mtd8xx.c 7 Apr 2015 15:24:43 -
> > @@ -874,6 +874,7 @@ mtd_intr(void *xsc)
> > static void
> > mtd_rxeof(struct mtd_softc *sc)
> > {
> > + struct mbuf_list ml = MBUF_LIST_INITIALIZER();
> > struct mbuf *m;
> > struct ifnet *ifp;
> > struct mtd_rx_desc *cur_rx;
> > @@ -934,12 +935,10 @@ mtd_rxeof(struct mtd_softc *sc)
> >
> > ifp->if_ipackets++;
> >
> > -#if NBPFILTER > 0
> > - if (ifp->if_bpf)
> > - bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_IN);
> > -#endif
> > - ether_input_mbuf(ifp, m);
> > + ml_enqueue(&ml, m);
> > }
> > +
> > + if_input(ifp, &ml);
> >
> > sc->mtd_cdata.mtd_rx_prod = i;
> > }
>
> no.
>
> there's a return inside the loop in this driver, which means you'll leak the
> mbufs on ml. if you use break instead of return it should be ok.
Like that?
Index: dev/ic/mtd8xx.c
===
RCS file: /cvs/src/sys/dev/ic/mtd8xx.c,v
retrieving revision 1.24
diff -u -p -r1.24 mtd8xx.c
--- dev/ic/mtd8xx.c 22 Dec 2014 02:28:51 - 1.24
+++ dev/ic/mtd8xx.c 8 Apr 2015 10:08:37 -
@@ -874,6 +874,7 @@ mtd_intr(void *xsc)
static void
mtd_rxeof(struct mtd_softc *sc)
{
+ struct mbuf_list ml = MBUF_LIST_INITIALIZER();
struct mbuf *m;
struct ifnet *ifp;
struct mtd_rx_desc *cur_rx;
@@ -912,7 +913,7 @@ mtd_rxeof(struct mtd_softc *sc)
continue;
} else {
mtd_init(ifp);
- return;
+ break;
}
}
@@ -934,12 +935,10 @@ mtd_rxeof(struct mtd_softc *sc)
ifp->if_ipackets++;
-#if NBPFILTER > 0
- if (ifp->if_bpf)
- bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_IN);
-#endif
- ether_input_mbuf(ifp, m);
+ ml_enqueue(&ml, m);
}
+
+ if_input(ifp, &ml);
sc->mtd_cdata.mtd_rx_prod = i;
}
Re: falloc and related stuff
On 08 Apr 2015, at 02:31, Philip Guenther wrote:
> On Tue, Apr 7, 2015 at 3:57 PM, Kanonenvogel
> wrote:
>> I have idea to modify falloc() function and related logic.
>> Now, after successful faclloc call, we have half-initialized struct file
>> object, protected by FIF_LARVAL flag.
>> I want to initialise struct file object within falloc() and then put it to
>> fd_ofiles array and filehead list. This modification
>> permits to avoid half-initialization state and remove FIF_LARVAL flag and
>> related logic.
>
> The hard case is blocking opens of fifos, as the underlying operation
> involves a change visible to another process and that therefore cannot
> be rolled back.
>
>
> Philip Guenther
Ok, I understood.
And what about make struct file more smp friendly? For example, make operations
under
f_iflags and f_flags atomic?
Index: kern/kern_descrip.c
===
RCS file: /cvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.116
diff -u -p -r1.116 kern_descrip.c
--- kern/kern_descrip.c 19 Jan 2015 01:19:17 - 1.116
+++ kern/kern_descrip.c 8 Apr 2015 09:21:19 -
@@ -61,6 +61,7 @@
#include
#include
#include
+#include
#include
@@ -332,6 +333,7 @@ sys_fcntl(struct proc *p, void *v, regis
int i, tmp, newmin, flg = F_POSIX;
struct flock fl;
int error = 0;
+ int oflag, nflag;
restart:
if ((fp = fd_getfile(fdp, fd)) == NULL)
@@ -384,8 +386,12 @@ restart:
break;
case F_SETFL:
- fp->f_flag &= ~FCNTLFLAGS;
- fp->f_flag |= FFLAGS((long)SCARG(uap, arg)) & FCNTLFLAGS;
+ do {
+ oflag = fp->f_flag;
+ nflag = oflag & ~FCNTLFLAGS;
+ nflag |= FFLAGS((long)SCARG(uap, arg)) & FCNTLFLAGS;
+ } while (atomic_cas_uint(&fp->f_flag, oflag, nflag) != oflag);
+
tmp = fp->f_flag & FNONBLOCK;
error = (*fp->f_ops->fo_ioctl)(fp, FIONBIO, (caddr_t)&tmp, p);
if (error)
@@ -394,7 +400,7 @@ restart:
error = (*fp->f_ops->fo_ioctl)(fp, FIOASYNC, (caddr_t)&tmp, p);
if (!error)
break;
- fp->f_flag &= ~FNONBLOCK;
+ atomic_clearbits_int(&fp->f_flag, FNONBLOCK);
tmp = 0;
(void) (*fp->f_ops->fo_ioctl)(fp, FIONBIO, (caddr_t)&tmp, p);
break;
@@ -1160,7 +1166,7 @@ sys_flock(struct proc *p, void *v, regis
lf.l_len = 0;
if (how & LOCK_UN) {
lf.l_type = F_UNLCK;
- fp->f_iflags &= ~FIF_HASLOCK;
+ atomic_clearbits_int(&fp->f_iflags, FIF_HASLOCK);
error = VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK);
goto out;
}
@@ -1172,7 +1178,7 @@ sys_flock(struct proc *p, void *v, regis
error = EINVAL;
goto out;
}
- fp->f_iflags |= FIF_HASLOCK;
+ atomic_setbits_int(&fp->f_iflags, FIF_HASLOCK);
if (how & LOCK_NB)
error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, F_FLOCK);
else
Index: kern/sys_generic.c
===
RCS file: /cvs/src/sys/kern/sys_generic.c,v
retrieving revision 1.96
diff -u -p -r1.96 sys_generic.c
--- kern/sys_generic.c 12 Feb 2015 22:27:04 - 1.96
+++ kern/sys_generic.c 8 Apr 2015 09:21:19 -
@@ -52,6 +52,7 @@
#include
#include
#include
+#include
#ifdef KTRACE
#include
#endif
@@ -456,17 +457,17 @@ sys_ioctl(struct proc *p, void *v, regis
case FIONBIO:
if ((tmp = *(int *)data) != 0)
- fp->f_flag |= FNONBLOCK;
+ atomic_setbits_int(&fp->f_flag, FNONBLOCK);
else
- fp->f_flag &= ~FNONBLOCK;
+ atomic_clearbits_int(&fp->f_flag, FNONBLOCK);
error = (*fp->f_ops->fo_ioctl)(fp, FIONBIO, (caddr_t)&tmp, p);
break;
case FIOASYNC:
if ((tmp = *(int *)data) != 0)
- fp->f_flag |= FASYNC;
+ atomic_setbits_int(&fp->f_flag, FASYNC);
else
- fp->f_flag &= ~FASYNC;
+ atomic_clearbits_int(&fp->f_flag, FASYNC);
error = (*fp->f_ops->fo_ioctl)(fp, FIOASYNC, (caddr_t)&tmp, p);
break;
Index: kern/uipc_usrreq.c
===
RCS file: /cvs/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.79
diff -u -p -r1.79 uipc_usrreq.c
--- kern/uipc_usrreq.c 11 Dec 2014 19:21:57 - 1.79
+++ kern/uipc_usrreq.c 8 Apr 2015 09:21:19 -
@@ -884,11 +884,11 @@ unp_gc(void)
unp_gcing = 1;
unp_defer = 0;
LIST_FOREACH(fp, &filehead, f_list)
- fp->f_iflags &= ~(FIF_
Re: autoinstall(8) tweaks
On 2015/04/07 20:02, Alex Wilson wrote: > On the topic of local tweaks to autoinstall, I was trying to use it for a > bunch of blades with very limited disk the other day, and I really wanted to > make them just create a single slice for / and some swap. .. > So that then I could put > > Use (W)hole disk, use the = W > Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = C > disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n > > in my install.conf I think this diff has been written a few times now, iirc everybody settled on the same method..
