Re: Patch to add -f flag to cat(1)
On Fri, Jul 17, 2015 at 8:07 PM, Sevan Janiyan ventur...@geeklan.co.uk wrote: Attached is a patch to add the -f flag to cat(1). -f ensures that cat is opening a regular file in non blocking mode aborts otherwise. Obtained from NetBSD src/bin/cat/cat.c r1.22 r1.34 You have in mind a place where this would be used? Where are there bugs that this would resolve? Philip Guenther
Re: [PATCH] Fix ospfd/carp start-up issue
On 28/05/15(Thu) 11:40, Johan Ymerson wrote: Hi, After the fix in carp to correctly initialize link state (ip_carp.c r1.257), ospfd no longer detect all carp interfaces in backup mode reliably on start-up. The problem is that carp interfaces in backup state isn't handled the same way on start-up as it is when up and running. Here is an example incorrectly detected carp interfaces: Interface AddressState HelloTimer Linkstate Uptimenc ac carp7 195.58.98.145/28 DOWN - backup 00:00:00 0 0 carp5 192.168.253.1/24 DOWN - backup 00:00:00 0 0 carp3 192.168.202.1/24 DOWN - backup 00:00:00 0 0 carp2 192.168.254.1/23 DOWN - backup 00:00:00 0 0 carp1 31.15.61.129/26DOWN - invalid00:00:00 0 0 carp0 92.33.0.202/30 DOWN - invalid00:00:00 0 0 bnx0192.168.200.5/24 OTHER 00:00:02 active 00:01:47 4 2 After restarting ospfd, it detects the correct link state: Interface AddressState HelloTimer Linkstate Uptimenc ac carp7 195.58.98.145/28 DOWN - backup 00:00:00 0 0 carp5 192.168.253.1/24 DOWN - backup 00:00:00 0 0 carp3 192.168.202.1/24 DOWN - backup 00:00:00 0 0 carp2 192.168.254.1/23 DOWN - backup 00:00:00 0 0 carp1 31.15.61.129/26DOWN - backup 00:00:00 0 0 carp0 92.33.0.202/30 DOWN - backup 00:00:00 0 0 bnx0192.168.200.5/24 OTHER 00:00:00 active 00:01:29 4 2 The current start-up code ignores the link state transition from INVALID to DOWN, as both are regarded as down. If this transition happens during ospfd start-up, ospfd will regard the interface as invalid. Otherwise it will correctly be regarded as backup. Here is a patch that fixes that by having the same exception for carp interfaces during startup: Committed! Thanks and sorry for the delay. Index: usr.sbin/ospfd/interface.c === RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v retrieving revision 1.75 diff -u -p -r1.75 interface.c --- usr.sbin/ospfd/interface.c 14 May 2012 10:17:21 - 1.75 +++ usr.sbin/ospfd/interface.c 28 May 2015 11:31:58 - @@ -338,8 +338,10 @@ if_act_start(struct iface *iface) struct in_addr addr; struct timeval now; - if (!((iface-flags IFF_UP) - LINK_STATE_IS_UP(iface-linkstate))) + if (!(iface-flags IFF_UP) || + (!LINK_STATE_IS_UP(iface-linkstate) + !(iface-media_type == IFT_CARP + iface-linkstate == LINK_STATE_DOWN))) return (0); if (iface-media_type == IFT_CARP iface-passive == 0) { Index: usr.sbin/ospfd/kroute.c === RCS file: /cvs/src/usr.sbin/ospfd/kroute.c,v retrieving revision 1.98 diff -u -p -r1.98 kroute.c --- usr.sbin/ospfd/kroute.c 11 Feb 2015 05:57:44 - 1.98 +++ usr.sbin/ospfd/kroute.c 28 May 2015 11:31:58 - @@ -1019,6 +1019,9 @@ if_change(u_short ifindex, int flags, st return; } + /* notify ospfe about interface link state */ + main_imsg_compose_ospfe(IMSG_IFINFO, 0, kif, sizeof(struct kif)); + reachable = (kif-flags IFF_UP) LINK_STATE_IS_UP(kif-link_state); @@ -1026,9 +1029,6 @@ if_change(u_short ifindex, int flags, st return; /* nothing changed wrt nexthop validity */ kif-nh_reachable = reachable; - - /* notify ospfe about interface link state */ - main_imsg_compose_ospfe(IMSG_IFINFO, 0, kif, sizeof(struct kif)); /* update redistribute list */ RB_FOREACH(kr, kroute_tree, krt) {
Coherent route(8) -priority
This applies phessler@'s logic to *all* the commands supporting the -priority switch. Plus some KNF. ok? Index: route.c === RCS file: /cvs/src/sbin/route/route.c,v retrieving revision 1.175 diff -u -p -r1.175 route.c --- route.c 18 Jul 2015 00:05:02 - 1.175 +++ route.c 18 Jul 2015 17:12:39 - @@ -85,7 +85,8 @@ void monitor(int, char *[]); int prefixlen(char *); voidsockaddr(char *, struct sockaddr *); voidsodump(sup, char *); -char *priorityname(u_int8_t); +char *priorityname(uint8_t); +uint8_t getpriority(char *); voidprint_getmsg(struct rt_msghdr *, int); const char *get_linkstate(int, int); voidprint_rtmsg(struct rt_msghdr *, int); @@ -96,7 +97,7 @@ void mask_addr(union sockunion *, union int inet6_makenetandmask(struct sockaddr_in6 *, char *); int getaddr(int, char *, struct hostent **); voidgetmplslabel(char *, int); -int rtmsg(int, int, int, u_char); +int rtmsg(int, int, int, uint8_t); __dead void usage(char *); voidset_metric(char *, int); voidinet_makenetandmask(u_int32_t, struct sockaddr_in *, int); @@ -230,13 +231,12 @@ main(int argc, char **argv) void flushroutes(int argc, char **argv) { - const char *errstr; size_t needed; int mib[7], rlen, seqno; char *buf = NULL, *next, *lim = NULL; struct rt_msghdr *rtm; struct sockaddr *sa; - u_char prio = 0; + uint8_t prio = 0; unsigned int ifindex = 0; if (uid) @@ -268,10 +268,7 @@ flushroutes(int argc, char **argv) case K_PRIORITY: if (!--argc) usage(1+*argv); - prio = strtonum(*++argv, 0, RTP_MAX, errstr); - if (errstr) - errx(1, priority is %s: %s, errstr, - *argv); + prio = getpriority(*++argv); break; default: usage(*argv); @@ -403,12 +400,11 @@ set_metric(char *value, int key) int newroute(int argc, char **argv) { - const char *errstr; char *cmd, *dest = , *gateway = , *error; int ishost = 0, ret = 0, attempts, oerrno, flags = RTF_STATIC; int fmask = 0; int key; - u_char prio = 0; + uint8_t prio = 0; struct hostent *hp = NULL; if (uid) @@ -581,10 +577,7 @@ newroute(int argc, char **argv) case K_PRIORITY: if (!--argc) usage(1+*argv); - prio = strtonum(*++argv, 0, RTP_MAX, errstr); - if (errstr) - errx(1, priority is %s: %s, errstr, - *argv); + prio = getpriority(*++argv); break; default: usage(1+*argv); @@ -663,8 +656,6 @@ show(int argc, char *argv[]) { int af = 0; char prio = 0; - char*priostr; - const char *errstr; while (--argc 0) { if (**(++argv)== '-') @@ -692,33 +683,7 @@ show(int argc, char *argv[]) case K_PRIORITY: if (!--argc) usage(1+*argv); - priostr = *++argv; - switch (keyword(priostr)) { - case K_LOCAL: - prio = RTP_LOCAL; - break; - case K_CONNECTED: - prio = RTP_CONNECTED; - break; - case K_STATIC: - prio = RTP_STATIC; - break; - case K_OSPF: - prio = RTP_OSPF; - break; - case K_RIP: - prio = RTP_RIP; - break; - case K_BGP: - prio = RTP_BGP; - break; - default: - prio = strtonum(priostr, -RTP_MAX, RTP_MAX, - errstr); -
Re: tcpdump: display 11n HT-operation element
On Sat, Jul 18, 2015 at 12:39:01AM +0200, Stefan Sperling wrote: Make tcpdump display the HT-operation element in 802.11n management frames. Sample output from hackroom: htop=40MHz channels 40:39,protect non-HT,non-greenfield STA,non-HT STA ok? Updated diff which shows the basic MCS rate set as well. ok? A test in an 11n network with only 11n clients would be appreciated. If you're in a position to test this, please do me a favour. On OpenBSD, apply this diff, then recompile and install tcpdump. Now put the wifi interface (e.g. iwn0) in monitor mode on the primary channel of your 11n network, and run: tcpdump -n -i iwn0 -y IEEE80211_RADIO -v Send me lines which mention the 'htop' element if the basic MCS set shows up as something other than 0x. Thanks. Index: print-802_11.c === RCS file: /cvs/src/usr.sbin/tcpdump/print-802_11.c,v retrieving revision 1.22 diff -u -p -r1.22 print-802_11.c --- print-802_11.c 17 Jul 2015 19:43:43 - 1.22 +++ print-802_11.c 18 Jul 2015 22:35:22 - @@ -81,6 +81,7 @@ void ieee80211_print_element(u_int8_t * voidieee80211_print_essid(u_int8_t *, u_int); voidieee80211_print_country(u_int8_t *, u_int); voidieee80211_print_htcaps(u_int8_t *, u_int); +voidieee80211_print_htop(u_int8_t *, u_int); int ieee80211_elements(struct ieee80211_frame *, u_int); int ieee80211_frame(struct ieee80211_frame *, u_int); int ieee80211_print(struct ieee80211_frame *, u_int); @@ -350,6 +351,104 @@ ieee80211_print_htcaps(u_int8_t *data, u printf(); } +/* Caller checks len */ +void +ieee80211_print_htop(u_int8_t *data, u_int len) +{ + u_int8_t primary_chan; + u_int8_t htopinfo[5]; + u_int8_t basic_mcs[16]; + int sco, prot, i; + + if (len sizeof(primary_chan) + sizeof(htopinfo) + sizeof(basic_mcs)) { + ieee80211_print_element(data, len); + return; + } + + htopinfo[0] = data[1]; + + printf(=); + + /* primary channel and secondary channel offset */ + primary_chan = data[0]; + sco = ((htopinfo[0] IEEE80211_HTOP0_SCO_MASK) +IEEE80211_HTOP0_SCO_SHIFT); + if (sco == 0) + printf(20MHz chan %d, primary_chan); + else if (sco == 1) + printf(40MHz primary chan %d secondary above, primary_chan); + else if (sco == 3) + printf(40MHz primary chan %d secondary below, primary_chan); + else + printf(chan %d [invalid secondary channel offset %d], + primary_chan, sco); + + /* STA channel width */ + if ((htopinfo[0] IEEE80211_HTOP0_CHW) == 0) + printf(,STA chanw 20MHz); + + /* reduced interframe space (RIFS) permitted */ + if (htopinfo[0] IEEE80211_HTOP0_RIFS) + printf(,RIFS); + + htopinfo[1] = data[2]; + + /* protection requirements for HT transmissions */ + prot = ((htopinfo[1] IEEE80211_HTOP1_PROT_MASK) +IEEE80211_HTOP1_PROT_SHIFT); + if (prot == 1) + printf(,protect non-member); + else if (prot == 2) + printf(,protect 20MHz); + else if (prot == 3) + printf(,protect non-HT); + + /* non-greenfield STA present */ + if (htopinfo[1] IEEE80211_HTOP1_NONGF_STA) + printf(,non-greenfield STA); + + /* non-HT STA present */ + if (htopinfo[1] IEEE80211_HTOP1_OBSS_NONHT_STA) + printf(,non-HT STA); + + htopinfo[3] = data[4]; + + /* dual-beacon */ + if (htopinfo[3] IEEE80211_HTOP2_DUALBEACON) + printf(,dualbeacon); + + /* dual CTS protection */ + if (htopinfo[3] IEEE80211_HTOP2_DUALCTSPROT) + printf(,dualctsprot); + + htopinfo[4] = data[5]; + + /* space-time block coding (STBC) beacon */ + if ((htopinfo[4] 8) IEEE80211_HTOP2_DUALCTSPROT) + printf(,STBC beacon); + + /* L-SIG (non-HT signal field) TX opportunity (TXOP) protection */ + if ((htopinfo[4] 8) IEEE80211_HTOP2_LSIGTXOP) + printf(,lsigtxprot); + + /* phased-coexistence operation (PCO) active */ + if ((htopinfo[4] 8) IEEE80211_HTOP2_PCOACTIVE) { + /* PCO phase */ + if ((htopinfo[4] 8) IEEE80211_HTOP2_PCOPHASE40) + printf(,pco40MHz); + else + printf(,pco20MHz); + } + + /* basic MCS set */ + memcpy(basic_mcs, data[6], sizeof(basic_mcs)); + printf(,basic MCS set 0x); + for (i = 0; i sizeof(basic_mcs) / sizeof(basic_mcs[0]); i++) + printf(%x, basic_mcs[i]); + + printf(); +} + int ieee80211_elements(struct ieee80211_frame *wh, u_int flen) { @@ -479,6 +578,11 @@ ieee80211_elements(struct ieee80211_fram
tame(2) WIP
I have been working for a while on a subsystem to restrict programs into a reduced feature operating model. Other people have made such systems in the past, but I have never been happy with them. I don't think I am alone. Generally there are two models of operation. The first model requires a major rewrite of application software for effective use (ie. capsicum). The other model in common use lacks granularity, and allows or denies an operation throughout the entire lifetime of a process. As a result, they lack differentiation between program initialization versus main servicing loop. systrace had the same problem. My observation is that programs need a large variety of calls during initialization, but few in their main loops. Some BPF-style approaches have showed up. So you need to write a program to observe your program, to keep things secure? That is insane. So I asked myself if I could invent a simple system call, which people would place directly into programs, between initialization and main-loop. Secondly, I wondered what kind of semantics such programs would need. Not just directly themselves, but for DNS and other macro operations. Anyways, enough explanation. A manual page follows. Then the kernel diff. Finally, a sample of 29 userland programs protected to various degrees by using it: cat pax ps dmesg ping ping6 dc diff finger from id kdump logger script sed signify uniq w wc whois arp authpf bgpd httpd ntpd relayd syslogd tcpdump traceroute Not all these are perfect, but it shows the trend. The changes are fairly simple. In the simplest non-network programs, network access is disabled. In simple network programs, file access goes away. That is the trend. Sometimes a program is easily modified, making it better, because the integration of tame hints at an improvement which will make it tighter under tame. sed is an example... TAME(2) System Calls Manual TAME(2) NAME tame - restrict system operations SYNOPSIS #include sys/tame.h int tame(int flags); DESCRIPTION The current process is forced into a restricted-service operating mode. A few subsets are available, roughly described as computation, memory management, read-write operations on file descriptors, opening of files, networking. In general, these modes were selected by studying the operation of many programs using libc and other such interfaces. Use of tame in an application will require at least some study and understanding of the interfaces called. Subsequent calls to tame() can reduce abilities further, but abilities can never be regained. A process which attempts a restricted operation is killed with SIGKILL. If TAME_ABORT is set, then a non-blockable SIGABRT is delivered instead, possibly resulting in a core(5) file. A flags value of 0 restricts the process to the _exit(2) system call. This can be used for pure computation operating on memory shared with another process. All TAME_* options below (with the exception of TAME_ABORT) permit the following system calls: clock_getres(2), clock_gettime(2), fchdir(2), getdtablecount(2), getegid(2), geteuid(2), getgid(2), getgroups(2), getitimer(2), getlogin(2), getpgid(2), getpgrp(2), getpid(2), getppid(2), getresgid(2), getresuid(2), getrlimit(2), getsid(2), getthrid(2), gettimeofday(2), getuid(2), getuid(2), issetugid(2), nanosleep(2), sendsyslog(2), setitimer(2), sigaction(2), sigprocmask(2), sigreturn(2), umask(2), wait4(2). Calls allowed with restrictions include: sysctl(3) A small set of read-only operations are allowed, sufficient to support: getifaddrs(3), getdomainname(3), gethostname(3), system sensor readings. access(2) May check for existance of /etc/localtime. adjtime(2)Read-only, for ntpd(8). open(2) May open /etc/localtime, any files below /usr/share/zoneinfo and files ending in libc.cat in below the directory /usr/share/nls/. readlink(2) May operate on /etc/malloc.conf. tame(2) Can only reduce permissions. The flags are specified as a bitwise OR of the following values: TAME_MALLOC To allow use of the malloc(3) family of functions, the following system calls are permitted: getentropy(2), madvise(2), minherit(2), mmap(2), mprotect(2), mquery(2), munmap(2). TAME_RW The following system calls are permitted to allow most types of IO operations on previously allocated file descriptors, including libevent or handwritten
Re: Coherent route(8) -priority
On Sat, Jul 18, 2015 at 07:14:27PM +0200, Martin Pieuchot wrote: This applies phessler@'s logic to *all* the commands supporting the -priority switch. Plus some KNF. ok? OK claudio@ Index: route.c === RCS file: /cvs/src/sbin/route/route.c,v retrieving revision 1.175 diff -u -p -r1.175 route.c --- route.c 18 Jul 2015 00:05:02 - 1.175 +++ route.c 18 Jul 2015 17:12:39 - @@ -85,7 +85,8 @@ void monitor(int, char *[]); int prefixlen(char *); void sockaddr(char *, struct sockaddr *); void sodump(sup, char *); -char *priorityname(u_int8_t); +char *priorityname(uint8_t); +uint8_t getpriority(char *); void print_getmsg(struct rt_msghdr *, int); const char *get_linkstate(int, int); void print_rtmsg(struct rt_msghdr *, int); @@ -96,7 +97,7 @@ void mask_addr(union sockunion *, union int inet6_makenetandmask(struct sockaddr_in6 *, char *); int getaddr(int, char *, struct hostent **); void getmplslabel(char *, int); -int rtmsg(int, int, int, u_char); +int rtmsg(int, int, int, uint8_t); __dead void usage(char *); void set_metric(char *, int); void inet_makenetandmask(u_int32_t, struct sockaddr_in *, int); @@ -230,13 +231,12 @@ main(int argc, char **argv) void flushroutes(int argc, char **argv) { - const char *errstr; size_t needed; int mib[7], rlen, seqno; char *buf = NULL, *next, *lim = NULL; struct rt_msghdr *rtm; struct sockaddr *sa; - u_char prio = 0; + uint8_t prio = 0; unsigned int ifindex = 0; if (uid) @@ -268,10 +268,7 @@ flushroutes(int argc, char **argv) case K_PRIORITY: if (!--argc) usage(1+*argv); - prio = strtonum(*++argv, 0, RTP_MAX, errstr); - if (errstr) - errx(1, priority is %s: %s, errstr, - *argv); + prio = getpriority(*++argv); break; default: usage(*argv); @@ -403,12 +400,11 @@ set_metric(char *value, int key) int newroute(int argc, char **argv) { - const char *errstr; char *cmd, *dest = , *gateway = , *error; int ishost = 0, ret = 0, attempts, oerrno, flags = RTF_STATIC; int fmask = 0; int key; - u_char prio = 0; + uint8_t prio = 0; struct hostent *hp = NULL; if (uid) @@ -581,10 +577,7 @@ newroute(int argc, char **argv) case K_PRIORITY: if (!--argc) usage(1+*argv); - prio = strtonum(*++argv, 0, RTP_MAX, errstr); - if (errstr) - errx(1, priority is %s: %s, errstr, - *argv); + prio = getpriority(*++argv); break; default: usage(1+*argv); @@ -663,8 +656,6 @@ show(int argc, char *argv[]) { int af = 0; char prio = 0; - char*priostr; - const char *errstr; while (--argc 0) { if (**(++argv)== '-') @@ -692,33 +683,7 @@ show(int argc, char *argv[]) case K_PRIORITY: if (!--argc) usage(1+*argv); - priostr = *++argv; - switch (keyword(priostr)) { - case K_LOCAL: - prio = RTP_LOCAL; - break; - case K_CONNECTED: - prio = RTP_CONNECTED; - break; - case K_STATIC: - prio = RTP_STATIC; - break; - case K_OSPF: - prio = RTP_OSPF; - break; - case K_RIP: - prio = RTP_RIP; - break; - case K_BGP: - prio = RTP_BGP; - break; - default: - prio = strtonum(priostr, -RTP_MAX, RTP_MAX, -
Re: httpd: hsts (rfc 6797)
On Sat, 18 Jul 2015 02:53:01 +0200 Reyk Floeter wrote: HSTS is a good thing and widely pushed, eg. by Google, in an effort to enforce HTTPS over HTTP. It is a useful security option I agree HSTS is useful but disagree with the rhetoric personally. It improves security for average website deployers using bog standard hosting and large websites that can't control their own sites or design them properly/well/securely/without js from 10s of domains. For me, however I don't buy google's argument of it doing no harm because of AES acceleration when SSL amplification DOS is taken into account and so I hope Google don't push too hard. When my sites get enough demand to require more than one server then I shall want to *maximise* the chances of delivering insecure content which dictates http only servers. Pages can be enforced over SSL without HSTS and cookies too which many advocates don't seem to realise (that the secure cookie flags and ways to control them exist).
Re: [patch] cleaner checksum modification for pf
Hi, On 16/06/2015, at 1:09 PM, Richard Procter wrote: - I was unable to test af-to, which does a lot of packet fiddling. I've now tested this without obvious issue. I neglected checksum regeneration within icmp af-to, which masked a couple of icmp af-to errata in my last patch. I've re-included the entire patch refreshed against HEAD below. (Thanks to whoever mentioned 'quilt' the other day!) Two further diffs then 0) fix the errata and 1) reintroduce checksum modification for icmp af-to. I see no remaining regeneration cases in PF. Note: Checksumless IPv4 UDP packets, illegal under IPv6, are now checksummed on af-to IPv6. This improves on HEAD. Note: pf_translate_af() flushes pd-pcksum to mbuf by flushing the entire transport header. Simple but possibly suboptimal; you may wish to do it another way. testing: $4 IPv4 - $6 IPv6 TCP:ssh $4 -- af-to $6 [good] ICMPv4-v6: ping $4 -- af-to $6 [good] UDP, ICMPv6-v4 quoting UDP: traceroute $4 -- af-to $6 [good] Checksumless UDP: traceroute -x $4 -- af-to $6 [good] $6 IPv6 - $4 IPv4 TCP:ssh $6 -- af-to $4 [good] ICMPv6: ping6 $6 -- af-to $4 [good] UDP, ICMPv4-v6 quoting UDP: traceroute6 $6 -- af-to $4 [good] best, Richard. To apply: # cd /src/sys/net # cat - | patch --- Rename pf_change_a() - pf_change_32_unaligned() to prepare for address-specific pf_change_a() Index: net/pf.c === --- net.orig/pf.c +++ net/pf.c @@ -1664,7 +1664,7 @@ pf_change_ap(struct pf_pdesc *pd, struct /* Changes a u_int32_t. Uses a void * so there are no align restrictions */ void -pf_change_a(struct pf_pdesc *pd, void *a, u_int32_t an) +pf_change_32_unaligned(struct pf_pdesc *pd, void *a, u_int32_t an) { if (pd-csum_status == PF_CSUM_UNKNOWN) pf_check_proto_cksum(pd, pd-off, pd-tot_len - pd-off, @@ -2273,10 +2273,10 @@ pf_modulate_sack(struct pf_pdesc *pd, st for (i = 2; i + TCPOLEN_SACK = olen; i += TCPOLEN_SACK) { memcpy(sack, opt[i], sizeof(sack)); - pf_change_a(pd, sack.start, + pf_change_32_unaligned(pd, sack.start, htonl(ntohl(sack.start) - dst-seqdiff)); - pf_change_a(pd, sack.end, + pf_change_32_unaligned(pd, sack.end, htonl(ntohl(sack.end) - dst-seqdiff)); memcpy(opt[i], sack, sizeof(sack)); @@ -3484,7 +3484,7 @@ pf_create_state(struct pf_pdesc *pd, str if ((s-src.seqdiff = pf_tcp_iss(pd) - s-src.seqlo) == 0) s-src.seqdiff = 1; - pf_change_a(pd, th-th_seq, + pf_change_32_unaligned(pd, th-th_seq, htonl(s-src.seqlo + s-src.seqdiff)); *rewrite = 1; } else @@ -3680,12 +3680,12 @@ pf_translate(struct pf_pdesc *pd, struct #endif /* INET6 */ } else { if (PF_ANEQ(saddr, pd-src, pd-af)) { - pf_change_a(pd, pd-src-v4.s_addr, + pf_change_32_unaligned(pd, pd-src-v4.s_addr, saddr-v4.s_addr); rewrite = 1; } if (PF_ANEQ(daddr, pd-dst, pd-af)) { - pf_change_a(pd, pd-dst-v4.s_addr, + pf_change_32_unaligned(pd, pd-dst-v4.s_addr, daddr-v4.s_addr); rewrite = 1; } @@ -3745,12 +3745,12 @@ pf_translate(struct pf_pdesc *pd, struct switch (pd-af) { case AF_INET: if (!afto PF_ANEQ(saddr, pd-src, pd-af)) { - pf_change_a(pd, pd-src-v4.s_addr, + pf_change_32_unaligned(pd, pd-src-v4.s_addr, saddr-v4.s_addr); rewrite = 1; } if (!afto PF_ANEQ(daddr, pd-dst, pd-af)) { - pf_change_a(pd, pd-dst-v4.s_addr, + pf_change_32_unaligned(pd, pd-dst-v4.s_addr, daddr-v4.s_addr); rewrite = 1; } @@ -3813,8 +3813,8 @@ pf_tcp_track_full(struct pf_pdesc *pd, s while ((src-seqdiff = arc4random() -
Re: iwm(4): make iwm_newstate() interrupt safe
On Thu, Jun 18, 2015 at 04:23:43PM +0200, Stefan Sperling wrote: The net80211 stack assumes drivers will switch IEEE80211_S_* states in interrupt context. iwm(4) does not follow this rule. Since it insists on responses from firmware commands to look for success or failure and it uses tsleep() to wait for responses it cannot switch state in interrupt context. So currently, the entire state machine is deferred to process context (big hammer solution) :-/ Complications arise in the suspend/resume path because of this, such as http://marc.info/?l=openbsd-techm=143438073018743w=2 apart from several other such issues where a failure on part of the firmware to respond will deadlock the driver in an endless tsleep. I would very much like iwm_newstate() to be interrupt safe and get rid of the pesky newstate_cb task which wraps it. It makes debugging and following the control flow difficult. And I hope the driver will be more stable overall. There are two ways to approach this: - Simply don't care about answers from firmware when in interrupt (note that this is what iwn(4) does) - Busy-wait for replies from the firmware when in interrupt Here's a diff implementing a third approach, discussed with mpi@. - Keep the newstate transitions in a task thread, but only ever schedule one 80211 state transition at a time. Requires a tweak for suspend/resume, which wants to run two state transitions at resume time if the interface was up during suspend (back to INIT, then INIT - SCAN). Please test this if you use iwm(4). It should make the driver more reliable, e.g. when bringing the interface up which sometimes fails because of... reasons. Index: if_iwm.c === RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v retrieving revision 1.45 diff -u -p -r1.45 if_iwm.c --- if_iwm.c15 Jun 2015 08:06:11 - 1.45 +++ if_iwm.c19 Jul 2015 02:13:13 - @@ -195,14 +195,6 @@ const struct iwm_rate { #define IWM_RIDX_IS_CCK(_i_) ((_i_) IWM_RIDX_OFDM) #define IWM_RIDX_IS_OFDM(_i_) ((_i_) = IWM_RIDX_OFDM) -struct iwm_newstate_state { - struct task ns_wk; - struct ieee80211com *ns_ic; - enum ieee80211_state ns_nstate; - int ns_arg; - int ns_generation; -}; - intiwm_store_cscheme(struct iwm_softc *, uint8_t *, size_t); intiwm_firmware_store_section(struct iwm_softc *, enum iwm_ucode_type, uint8_t *, size_t); @@ -406,13 +398,13 @@ struct ieee80211_node *iwm_node_alloc(st void iwm_calib_timeout(void *); void iwm_setrates(struct iwm_node *); intiwm_media_change(struct ifnet *); -void iwm_newstate_cb(void *); +void iwm_newstate_task(void *); intiwm_newstate(struct ieee80211com *, enum ieee80211_state, int); void iwm_endscan_cb(void *); intiwm_init_hw(struct iwm_softc *); intiwm_init(struct ifnet *); void iwm_start(struct ifnet *); -void iwm_stop(struct ifnet *, int); +void iwm_stop(struct ifnet *); void iwm_watchdog(struct ifnet *); intiwm_ioctl(struct ifnet *, u_long, iwm_caddr_t); const char *iwm_desc_lookup(uint32_t); @@ -427,7 +419,8 @@ voidiwm_attach_hook(iwm_hookarg_t); void iwm_attach(struct device *, struct device *, void *); void iwm_init_task(void *); intiwm_activate(struct device *, int); -void iwm_wakeup(struct iwm_softc *); +void iwm_suspend(struct iwm_softc *); +void iwm_resume(struct iwm_softc *); #if NBPFILTER 0 void iwm_radiotap_attach(struct iwm_softc *); @@ -5252,38 +5245,25 @@ iwm_media_change(struct ifnet *ifp) if ((ifp-if_flags (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) { - iwm_stop(ifp, 0); + iwm_stop(ifp); error = iwm_init(ifp); } return error; } void -iwm_newstate_cb(void *wk) +iwm_newstate_task(void *arg) { - struct iwm_newstate_state *iwmns = (void *)wk; - struct ieee80211com *ic = iwmns-ns_ic; - enum ieee80211_state nstate = iwmns-ns_nstate; - int generation = iwmns-ns_generation; + struct iwm_softc *sc = arg; + struct ieee80211com *ic = sc-sc_ic; + struct iwm_newstate_task_arg *task_arg = sc-sc_newstate_task_arg; + enum ieee80211_state nstate = task_arg-state; struct iwm_node *in; - int arg = iwmns-ns_arg; - struct ifnet *ifp = IC2IFP(ic); - struct iwm_softc *sc = ifp-if_softc; int error; - free(iwmns, M_DEVBUF, sizeof(*iwmns)); - - DPRINTF((Prepare to switch state %d-%d\n, ic-ic_state, nstate)); - if (sc-sc_generation != generation) { - DPRINTF((newstate_cb: someone pulled the plug meanwhile\n)); - if (nstate == IEEE80211_S_INIT) { - DPRINTF((newstate_cb: nstate == IEEE80211_S_INIT: calling sc_newstate()\n)); - sc-sc_newstate(ic, nstate, arg); - } -
usb hang related to xhci
Hello - Whenever I plug a device into my USB ports, my machine locks hard. I have the Intel Series 7 / C216 chip, so xhci attempts to route the port from ehci to xhci. The following diff is from FreeBSD and makes my USB devices work again. https://github.com/freebsd/freebsd/blob/e79c62ff68fc74d88cb6f479859f6fae9baa5101/sys/dev/usb/controller/xhci_pci.c#L153-L176 Index: sys/dev/pci/xhci_pci.c === RCS file: /cvs/src/sys/dev/pci/xhci_pci.c,v retrieving revision 1.6 diff -u -p -r1.6 xhci_pci.c --- sys/dev/pci/xhci_pci.c 22 Jun 2015 08:43:27 - 1.6 +++ sys/dev/pci/xhci_pci.c 19 Jul 2015 02:20:06 - @@ -92,33 +92,45 @@ xhci_pci_match(struct device *parent, vo static int xhci_pci_port_route(struct xhci_pci_softc *psc) { - pcireg_t val; + pcireg_t val, usb2_mask, usb3_mask; - /* -* Check USB3 Port Routing Mask register that indicates the ports -* can be changed from OS, and turn on by USB3 Port SS Enable register. -*/ - val = pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_USB3PRM); - DPRINTF((%s: USB3PRM / USB3.0 configurable ports: 0x%08x\n, - psc-sc.sc_bus.bdev.dv_xname, val)); +/* + * Check USB3 Port Routing Mask register that indicates the ports + * can be changed from OS, and turn on by USB3 Port SS Enable register. + */ +usb3_mask = pci_conf_read(psc-sc_pc, psc-sc_tag, + PCI_XHCI_INTEL_USB3PRM); +DPRINTF((%s: USB3PRM / USB3.0 configurable ports: 0x%08x\n, +psc-sc.sc_bus.bdev.dv_xname, usb3_mask)); + +/* + * Check USB2 Port Routing Mask register that indicates the USB2.0 + * ports to be controlled by xHCI HC, and switch them to xHCI HC. + */ +usb2_mask = pci_conf_read(psc-sc_pc, psc-sc_tag, + PCI_XHCI_INTEL_XUSB2PRM); +DPRINTF((%s: XUSB2PRM / USB2.0 ports can switch from EHCI to xHCI: +0x%08x\n, psc-sc.sc_bus.bdev.dv_xname, val)); + + val = pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_USB3_PSSEN) | + pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_XUSB2PR); - pci_conf_write(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_USB3_PSSEN, val); + + pci_conf_write(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_USB3_PSSEN, + val usb3_mask); +#ifdef XHCI_DEBUG val = pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_USB3_PSSEN); DPRINTF((%s: USB3_PSSEN / Enabled USB3.0 ports under xHCI: 0x%08x\n, psc-sc.sc_bus.bdev.dv_xname, val)); +#endif - /* -* Check USB2 Port Routing Mask register that indicates the USB2.0 -* ports to be controlled by xHCI HC, and switch them to xHCI HC. -*/ - val = pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_XUSB2PRM); - DPRINTF((%s: XUSB2PRM / USB2.0 ports can switch from EHCI to xHCI: - 0x%08x\n, psc-sc.sc_bus.bdev.dv_xname, val)); - - pci_conf_write(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_XUSB2PR, val); + pci_conf_write(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_XUSB2PR, + val usb2_mask); +#ifdef XHCI_DEBUG val = pci_conf_read(psc-sc_pc, psc-sc_tag, PCI_XHCI_INTEL_XUSB2PR); DPRINTF((%s: XUSB2PR / USB2.0 ports under xHCI: 0x%08x\n, psc-sc.sc_bus.bdev.dv_xname, val)); +#endif return (0); }