Re: sync bioctl manual
On Thu, Oct 22, 2015 at 11:10:53AM +0300, Kirill Bychkov wrote: > > Index: bioctl.8 > === > RCS file: /cvs/src/sbin/bioctl/bioctl.8,v > retrieving revision 1.97 > diff -u -r1.97 bioctl.8 > --- bioctl.8 12 Sep 2015 14:21:25 - 1.97 > +++ bioctl.8 22 Oct 2015 08:10:10 - > @@ -260,7 +260,6 @@ > .It Fl p Ar passfile > Passphrase file used when crypto volumes are brought up. > This file must be root owned and have 0600 permissions. > -This option cannot be used during the initial creation of the crypto volume. > .It Fl r Ar rounds > When creating an encrypted volume, specifies the number of iterations of > the PBKDF2 algorithm used to convert a passphrase into a key. > fixed, thanks! jmc
Re: smtpd: pledge, chmod and deliver_maildir
On Wed, Oct 21, 2015 at 10:41:16PM +0200, Gregor Best wrote: > Nice to see rubber duck debugging working. The attached patch seems to > be enough > Thanks. There is work in progress to shring the pledge list but I have committed this meanwhile to fix the immediate issue. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: sync bioctl manual
On Thu, October 22, 2015 00:45, Jason McIntyre wrote: > On Thu, Oct 22, 2015 at 12:35:53AM +0300, Kirill Bychkov wrote: >> On Thu, October 22, 2015 00:16, Jason McIntyre wrote: >> > On Wed, Oct 21, 2015 at 11:19:12PM +0300, Kirill Bychkov wrote: >> >> Hi! >> >> After halex@ removed a restriction to use passfile for creation of >> >> crypto volume, man page wasn't changed to explain new behaviour. >> >> OK? >> >> >> > >> > why not just remove the sentence? if you really want to keep it, i >> >> An idea was to explicitly tell about this possibility because people still >> may >> think it's forbidden. >> > > yes, i see that. but it cuts both ways - in a release or two, no one > will remember we've put this there, and it will sound odd. > > i'd just zap it. Makes sense. > jmc > >> > suggest using "can" instead of "could also". >> >> I'll change it, if the line will remain in manual. >> >> > >> > jmc >> > Index: bioctl.8 === RCS file: /cvs/src/sbin/bioctl/bioctl.8,v retrieving revision 1.97 diff -u -r1.97 bioctl.8 --- bioctl.812 Sep 2015 14:21:25 - 1.97 +++ bioctl.822 Oct 2015 08:10:10 - @@ -260,7 +260,6 @@ .It Fl p Ar passfile Passphrase file used when crypto volumes are brought up. This file must be root owned and have 0600 permissions. -This option cannot be used during the initial creation of the crypto volume. .It Fl r Ar rounds When creating an encrypted volume, specifies the number of iterations of the PBKDF2 algorithm used to convert a passphrase into a key.
Re: towards mpsafe rtfree(9)
On Thu, Oct 22, 2015 at 07:42:24PM +0200, Martin Pieuchot wrote: > Now that we have a single refcounting mechanism for route entries, I'd > like to use atomic operations and grab the KERNEL_LOCK only if a CPU is > dropping the last reference on an entry. > > Currently this only matters for MPLS. I intentionally use atomic_* ops > because I'd like to see be able to see if a counter goes negative. > > For symmetry reasons I'm also moving the KERNEL_LOCK() inside rtalloc(). > These two functions are my current targets. > > Comments, oks? One comment inline... > > Index: sys/net/route.c > === > RCS file: /cvs/src/sys/net/route.c,v > retrieving revision 1.258 > diff -u -p -r1.258 route.c > --- sys/net/route.c 22 Oct 2015 17:19:38 - 1.258 > +++ sys/net/route.c 22 Oct 2015 17:21:52 - > @@ -215,6 +215,7 @@ rtalloc(struct sockaddr *dst, int flags, > info.rti_info[RTAX_DST] = dst; > > s = splsoftnet(); > + KERNEL_LOCK(); > rt = rtable_match(tableid, dst); > if (rt != NULL) { > if ((rt->rt_flags & RTF_CLONING) && ISSET(flags, RT_RESOLVE)) { > @@ -236,6 +237,7 @@ miss: > if (ISSET(flags, RT_REPORT)) > rt_missmsg(RTM_MISS, , 0, NULL, error, tableid); > } > + KERNEL_UNLOCK(); > splx(s); > return (rt); > } > @@ -337,7 +339,7 @@ rtalloc_mpath(struct sockaddr *dst, uint > void > rtref(struct rtentry *rt) > { > - rt->rt_refcnt++; > + atomic_inc_int(>rt_refcnt); > } > > void > @@ -348,14 +350,16 @@ rtfree(struct rtentry *rt) > if (rt == NULL) > return; > > - if (--rt->rt_refcnt <= 0) { > + if (atomic_dec_int_nv(>rt_refcnt) <= 0) { > KASSERT(!ISSET(rt->rt_flags, RTF_UP)); > KASSERT(!RT_ROOT(rt)); > - rttrash--; > + atomic_dec_int(); Are you using rttrash for debugging? It's unused anywhere else, and if it's just incrementing and decrementing a counter only used for debugging (or possibly not at all!), it might be better to put it in DEBUG kernels, or just remove it entirely. > if (rt->rt_refcnt < 0) { > printf("rtfree: %p not freed (neg refs)\n", rt); > return; > } > + > + KERNEL_LOCK(); > rt_timer_remove_all(rt); > ifa = rt->rt_ifa; > if (ifa) > @@ -368,6 +372,8 @@ rtfree(struct rtentry *rt) > if (rt->rt_gateway) > free(rt->rt_gateway, M_RTABLE, 0); > free(rt_key(rt), M_RTABLE, 0); > + KERNEL_UNLOCK(); > + > pool_put(_pool, rt); > } > } > @@ -773,7 +779,7 @@ rtrequest1(int req, struct rt_addrinfo * > rt->rt_flags &= ~RTF_UP; > if ((ifa = rt->rt_ifa) && ifa->ifa_rtrequest) > ifa->ifa_rtrequest(RTM_DELETE, rt); > - rttrash++; > + atomic_inc_int(); > > if (ret_nrt != NULL) > *ret_nrt = rt; > Index: sys/netmpls/mpls_input.c > === > RCS file: /cvs/src/sys/netmpls/mpls_input.c,v > retrieving revision 1.50 > diff -u -p -r1.50 mpls_input.c > --- sys/netmpls/mpls_input.c 23 Sep 2015 08:49:46 - 1.50 > +++ sys/netmpls/mpls_input.c 22 Oct 2015 17:21:52 - > @@ -170,9 +170,7 @@ do_v6: > } > } > > - KERNEL_LOCK(); > rt = rtalloc(smplstosa(smpls), RT_REPORT|RT_RESOLVE, 0); > - KERNEL_UNLOCK(); > if (rt == NULL) { > /* no entry for this label */ > #ifdef MPLS_DEBUG > @@ -290,9 +288,7 @@ do_v6: > if (ifp != NULL && rt_mpls->mpls_operation != MPLS_OP_LOCAL) > break; > > - KERNEL_LOCK(); > rtfree(rt); > - KERNEL_UNLOCK(); > rt = NULL; > } > > @@ -323,11 +319,7 @@ do_v6: > (*ifp->if_ll_output)(ifp, m, smplstosa(smpls), rt); > KERNEL_UNLOCK(); > done: > - if (rt) { > - KERNEL_LOCK(); > - rtfree(rt); > - KERNEL_UNLOCK(); > - } > + rtfree(rt); > } > > int > @@ -394,7 +386,7 @@ mpls_do_error(struct mbuf *m, int type, > struct in_ifaddr *ia; > struct icmp *icp; > struct ip *ip; > - int nstk; > + int nstk, error; > > for (nstk = 0; nstk < MPLS_INKERNEL_LOOP_MAX; nstk++) { > if (m->m_len < sizeof(*shim) && > @@ -427,9 +419,7 @@ mpls_do_error(struct mbuf *m, int type, > smpls->smpls_len = sizeof(*smpls); > smpls->smpls_label = shim->shim_label & MPLS_LABEL_MASK; > > - KERNEL_LOCK(); > rt = rtalloc(smplstosa(smpls), RT_REPORT|RT_RESOLVE, 0); > - KERNEL_UNLOCK(); > if (rt ==
Re: mpsafe gem(4)
Martin Pieuchot openbsd.org> writes: > + /* > + * If we have enough room, clear IFF_OACTIVE to tell the stack > + * that it iss OK to send packets. > + */ there's a typo here. "that it iss" should be "that it is".
Re: Kill link_rtrequest()
On Thu, Oct 22, 2015 at 06:50:01PM +0200, Martin Pieuchot wrote: > On 19/10/15(Mon) 14:07, Martin Pieuchot wrote: > > This function is a no-op, let's kill it. > > Anybody? What could go wrong? (mwhahahaha) Put it in and lets see on which dragons tail we're jumping around this time. > > > > Index: net/if.c > > === > > RCS file: /cvs/src/sys/net/if.c,v > > retrieving revision 1.389 > > diff -u -p -r1.389 if.c > > --- net/if.c12 Oct 2015 13:17:58 - 1.389 > > +++ net/if.c19 Oct 2015 11:43:32 - > > @@ -1274,30 +1274,6 @@ ifaof_ifpforaddr(struct sockaddr *addr, > > } > > > > /* > > - * Default action when installing a route with a Link Level gateway. > > - * Lookup an appropriate real ifa to point to. > > - * This should be moved to /sys/net/link.c eventually. > > - */ > > -void > > -link_rtrequest(int cmd, struct rtentry *rt) > > -{ > > - struct ifaddr *ifa; > > - struct sockaddr *dst; > > - struct ifnet *ifp; > > - > > - if (cmd != RTM_ADD || ((ifa = rt->rt_ifa) == 0) || > > - ((ifp = ifa->ifa_ifp) == 0) || ((dst = rt_key(rt)) == 0)) > > - return; > > - if ((ifa = ifaof_ifpforaddr(dst, ifp)) != NULL) { > > - ifa->ifa_refcnt++; > > - ifafree(rt->rt_ifa); > > - rt->rt_ifa = ifa; > > - if (ifa->ifa_rtrequest && ifa->ifa_rtrequest != link_rtrequest) > > - ifa->ifa_rtrequest(cmd, rt); > > - } > > -} > > - > > -/* > > * Default action when installing a local route on a point-to-point > > * interface. > > */ > > Index: net/if_enc.c > > === > > RCS file: /cvs/src/sys/net/if_enc.c,v > > retrieving revision 1.60 > > diff -u -p -r1.60 if_enc.c > > --- net/if_enc.c14 Mar 2015 03:38:51 - 1.60 > > +++ net/if_enc.c19 Oct 2015 11:38:10 - > > @@ -103,7 +103,6 @@ enc_clone_create(struct if_clone *ifc, i > > */ > > if_alloc_sadl(ifp); > > sc->sc_ifa.ifa_ifp = ifp; > > - sc->sc_ifa.ifa_rtrequest = link_rtrequest; > > sc->sc_ifa.ifa_addr = (struct sockaddr *)ifp->if_sadl; > > sc->sc_ifa.ifa_netmask = NULL; > > > > Index: net/if_mpe.c > > === > > RCS file: /cvs/src/sys/net/if_mpe.c,v > > retrieving revision 1.47 > > diff -u -p -r1.47 if_mpe.c > > --- net/if_mpe.c12 Sep 2015 20:50:17 - 1.47 > > +++ net/if_mpe.c19 Oct 2015 11:38:00 - > > @@ -104,7 +104,6 @@ mpe_clone_create(struct if_clone *ifc, i > > #endif > > > > mpeif->sc_ifa.ifa_ifp = ifp; > > - mpeif->sc_ifa.ifa_rtrequest = link_rtrequest; > > mpeif->sc_ifa.ifa_addr = (struct sockaddr *) ifp->if_sadl; > > mpeif->sc_smpls.smpls_len = sizeof(mpeif->sc_smpls); > > mpeif->sc_smpls.smpls_family = AF_MPLS; > > Index: net/if_mpw.c > > === > > RCS file: /cvs/src/sys/net/if_mpw.c,v > > retrieving revision 1.6 > > diff -u -p -r1.6 if_mpw.c > > --- net/if_mpw.c12 Sep 2015 20:50:17 - 1.6 > > +++ net/if_mpw.c19 Oct 2015 11:37:53 - > > @@ -104,7 +104,6 @@ mpw_clone_create(struct if_clone *ifc, i > > if_alloc_sadl(ifp); > > > > sc->sc_ifa.ifa_ifp = ifp; > > - sc->sc_ifa.ifa_rtrequest = link_rtrequest; > > sc->sc_ifa.ifa_addr = (struct sockaddr *) ifp->if_sadl; > > sc->sc_smpls.smpls_len = sizeof(sc->sc_smpls); > > sc->sc_smpls.smpls_family = AF_MPLS; > > Index: net/if_var.h > > === > > RCS file: /cvs/src/sys/net/if_var.h,v > > retrieving revision 1.48 > > diff -u -p -r1.48 if_var.h > > --- net/if_var.h12 Oct 2015 13:17:58 - 1.48 > > +++ net/if_var.h19 Oct 2015 11:38:22 - > > @@ -422,7 +422,6 @@ struct ifaddr *ifa_ifwithdstaddr(struct > > struct ifaddr *ifa_ifwithnet(struct sockaddr *, u_int); > > struct ifaddr *ifaof_ifpforaddr(struct sockaddr *, struct ifnet *); > > void ifafree(struct ifaddr *); > > -void link_rtrequest(int, struct rtentry *); > > void p2p_rtrequest(int, struct rtentry *); > > > > void if_clone_attach(struct if_clone *); > > > -- :wq Claudio
towards mpsafe rtfree(9)
Now that we have a single refcounting mechanism for route entries, I'd like to use atomic operations and grab the KERNEL_LOCK only if a CPU is dropping the last reference on an entry. Currently this only matters for MPLS. I intentionally use atomic_* ops because I'd like to see be able to see if a counter goes negative. For symmetry reasons I'm also moving the KERNEL_LOCK() inside rtalloc(). These two functions are my current targets. Comments, oks? Index: sys/net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision 1.258 diff -u -p -r1.258 route.c --- sys/net/route.c 22 Oct 2015 17:19:38 - 1.258 +++ sys/net/route.c 22 Oct 2015 17:21:52 - @@ -215,6 +215,7 @@ rtalloc(struct sockaddr *dst, int flags, info.rti_info[RTAX_DST] = dst; s = splsoftnet(); + KERNEL_LOCK(); rt = rtable_match(tableid, dst); if (rt != NULL) { if ((rt->rt_flags & RTF_CLONING) && ISSET(flags, RT_RESOLVE)) { @@ -236,6 +237,7 @@ miss: if (ISSET(flags, RT_REPORT)) rt_missmsg(RTM_MISS, , 0, NULL, error, tableid); } + KERNEL_UNLOCK(); splx(s); return (rt); } @@ -337,7 +339,7 @@ rtalloc_mpath(struct sockaddr *dst, uint void rtref(struct rtentry *rt) { - rt->rt_refcnt++; + atomic_inc_int(>rt_refcnt); } void @@ -348,14 +350,16 @@ rtfree(struct rtentry *rt) if (rt == NULL) return; - if (--rt->rt_refcnt <= 0) { + if (atomic_dec_int_nv(>rt_refcnt) <= 0) { KASSERT(!ISSET(rt->rt_flags, RTF_UP)); KASSERT(!RT_ROOT(rt)); - rttrash--; + atomic_dec_int(); if (rt->rt_refcnt < 0) { printf("rtfree: %p not freed (neg refs)\n", rt); return; } + + KERNEL_LOCK(); rt_timer_remove_all(rt); ifa = rt->rt_ifa; if (ifa) @@ -368,6 +372,8 @@ rtfree(struct rtentry *rt) if (rt->rt_gateway) free(rt->rt_gateway, M_RTABLE, 0); free(rt_key(rt), M_RTABLE, 0); + KERNEL_UNLOCK(); + pool_put(_pool, rt); } } @@ -773,7 +779,7 @@ rtrequest1(int req, struct rt_addrinfo * rt->rt_flags &= ~RTF_UP; if ((ifa = rt->rt_ifa) && ifa->ifa_rtrequest) ifa->ifa_rtrequest(RTM_DELETE, rt); - rttrash++; + atomic_inc_int(); if (ret_nrt != NULL) *ret_nrt = rt; Index: sys/netmpls/mpls_input.c === RCS file: /cvs/src/sys/netmpls/mpls_input.c,v retrieving revision 1.50 diff -u -p -r1.50 mpls_input.c --- sys/netmpls/mpls_input.c23 Sep 2015 08:49:46 - 1.50 +++ sys/netmpls/mpls_input.c22 Oct 2015 17:21:52 - @@ -170,9 +170,7 @@ do_v6: } } - KERNEL_LOCK(); rt = rtalloc(smplstosa(smpls), RT_REPORT|RT_RESOLVE, 0); - KERNEL_UNLOCK(); if (rt == NULL) { /* no entry for this label */ #ifdef MPLS_DEBUG @@ -290,9 +288,7 @@ do_v6: if (ifp != NULL && rt_mpls->mpls_operation != MPLS_OP_LOCAL) break; - KERNEL_LOCK(); rtfree(rt); - KERNEL_UNLOCK(); rt = NULL; } @@ -323,11 +319,7 @@ do_v6: (*ifp->if_ll_output)(ifp, m, smplstosa(smpls), rt); KERNEL_UNLOCK(); done: - if (rt) { - KERNEL_LOCK(); - rtfree(rt); - KERNEL_UNLOCK(); - } + rtfree(rt); } int @@ -394,7 +386,7 @@ mpls_do_error(struct mbuf *m, int type, struct in_ifaddr *ia; struct icmp *icp; struct ip *ip; - int nstk; + int nstk, error; for (nstk = 0; nstk < MPLS_INKERNEL_LOOP_MAX; nstk++) { if (m->m_len < sizeof(*shim) && @@ -427,9 +419,7 @@ mpls_do_error(struct mbuf *m, int type, smpls->smpls_len = sizeof(*smpls); smpls->smpls_label = shim->shim_label & MPLS_LABEL_MASK; - KERNEL_LOCK(); rt = rtalloc(smplstosa(smpls), RT_REPORT|RT_RESOLVE, 0); - KERNEL_UNLOCK(); if (rt == NULL) { /* no entry for this label */ m_freem(m); @@ -442,19 +432,16 @@ mpls_do_error(struct mbuf *m, int type, * less interface we need to find some other IP to * use as source. */ - KERNEL_LOCK(); rtfree(rt); - KERNEL_UNLOCK();
carp_iamatch() tweak
Instead of passing an ``ia'' to dereference ``ia_ifp'', pass ``ifp'' directly, we have it. ok? Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.172 diff -u -p -r1.172 if_ether.c --- netinet/if_ether.c 13 Oct 2015 10:21:27 - 1.172 +++ netinet/if_ether.c 22 Oct 2015 10:32:51 - @@ -578,7 +578,7 @@ in_arpinput(struct mbuf *m) (IFF_UP|IFF_RUNNING))) { if (op == ARPOP_REPLY) break; - if (carp_iamatch(ifatoia(ifa), ea->arp_sha, + if (carp_iamatch(ifp, ea->arp_sha, , _shost)) break; else Index: netinet/ip_carp.c === RCS file: /cvs/src/sys/netinet/ip_carp.c,v retrieving revision 1.276 diff -u -p -r1.276 ip_carp.c --- netinet/ip_carp.c 14 Oct 2015 13:59:31 - 1.276 +++ netinet/ip_carp.c 22 Oct 2015 10:32:51 - @@ -1355,10 +1355,10 @@ carp_update_lsmask(struct carp_softc *sc } int -carp_iamatch(struct in_ifaddr *ia, u_char *src, u_int8_t **sha, +carp_iamatch(struct ifnet *ifp, u_char *src, u_int8_t **sha, u_int8_t **ether_shost) { - struct carp_softc *sc = ia->ia_ifp->if_softc; + struct carp_softc *sc = ifp->if_softc; struct carp_vhost_entry *vhe = SRPL_FIRST_LOCKED(>carp_vhosts); KERNEL_ASSERT_LOCKED(); /* touching carp_vhosts */ Index: netinet/ip_carp.h === RCS file: /cvs/src/sys/netinet/ip_carp.h,v retrieving revision 1.34 diff -u -p -r1.34 ip_carp.h --- netinet/ip_carp.h 8 Jun 2015 13:40:48 - 1.34 +++ netinet/ip_carp.h 22 Oct 2015 10:32:50 - @@ -168,7 +168,7 @@ void carp_proto_input (struct mbuf *, voidcarp_carpdev_state(void *); voidcarp_group_demote_adj(struct ifnet *, int, char *); int carp6_proto_input(struct mbuf **, int *, int); -int carp_iamatch(struct in_ifaddr *, u_char *, u_int8_t **, +int carp_iamatch(struct ifnet *, u_char *, u_int8_t **, u_int8_t **); int carp_iamatch6(struct ifnet *, u_char *, struct sockaddr_dl **); struct ifnet *carp_ourether(void *, u_int8_t *);
rt_ifa_add() dead code
RTAX_IFA is specified so rt_getifa() is never called and this is simply dead code. ok? Index: net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision 1.254 diff -u -p -r1.254 route.c --- net/route.c 21 Oct 2015 08:21:06 - 1.254 +++ net/route.c 22 Oct 2015 11:02:00 - @@ -1133,19 +1133,6 @@ rt_ifa_add(struct ifaddr *ifa, int flags error = rtrequest1(RTM_ADD, , prio, , rtableid); if (error == 0) { - if (rt->rt_ifa != ifa) { - printf("%s: wrong ifa (%p) was (%p)\n", __func__, - ifa, rt->rt_ifa); - if (rt->rt_ifa->ifa_rtrequest) - rt->rt_ifa->ifa_rtrequest(RTM_DELETE, rt); - ifafree(rt->rt_ifa); - rt->rt_ifa = ifa; - rt->rt_ifp = ifa->ifa_ifp; - ifa->ifa_refcnt++; - if (ifa->ifa_rtrequest) - ifa->ifa_rtrequest(RTM_ADD, rt); - } - /* * A local route is created for every address configured * on an interface, so use this information to notify
Fwd: Allow bioctl to go through all controllers at once
ping? -- WBR, Vadim Zhukov -- Forwarded message -- From: Vadim ZhukovDate: 2015-10-01 21:59 GMT+03:00 Subject: Allow bioctl to go through all controllers at once To: tech@openbsd.org Hi all. I've recently found that this patch still produces M's in my tree. What it does is going through all bio(4)-enabled controllers in system, like ifconfig -A does. I didn't add SMALL_KERNEL ifdefs since its very useful on ramdisks, IMHO, but I don't insist on that. Any objections/okays/showers? -- WBR, Vadim Zhukov Index: sys/dev/bio.c === RCS file: /cvs/src/sys/dev/bio.c,v retrieving revision 1.17 diff -u -p -r1.17 bio.c --- sys/dev/bio.c 26 Aug 2015 22:28:57 - 1.17 +++ sys/dev/bio.c 1 Oct 2015 18:53:18 - @@ -52,6 +52,7 @@ int bioopen(dev_t, int, int, struct proc intbio_delegate_ioctl(struct bio_mapping *, u_long, caddr_t); struct bio_mapping *bio_lookup(char *); intbio_validate(void *); +intbio_listcontrollers(struct bioc_controllerlist *); void bioattach(int nunits) @@ -89,6 +90,9 @@ bioioctl(dev_t dev, u_long cmd, caddr_t return (ENOENT); break; + case BIOCLISTCONTROLLERS: + return (bio_listcontrollers((struct bioc_controllerlist*)addr)); + case BIOCINQ: case BIOCDISK: case BIOCVOL: @@ -138,6 +142,32 @@ bio_unregister(struct device *dev) free(bm, M_DEVBUF, sizeof(*bm)); } } +} + +int +bio_listcontrollers(struct bioc_controllerlist *bcl) { + struct bio_mapping *bm; + int error, i; + + if (bcl->bcl_size < 0) + return EINVAL; + if (bcl->bcl_size == 0) { + LIST_FOREACH(bm, , bm_link) + bcl->bcl_size++; + return 0; + } + i = 0; + LIST_FOREACH(bm, , bm_link) { + error = copyoutstr(bm->bm_dev->dv_xname, + bcl->bcl_list[i].bc_xname, + sizeof(bcl->bcl_list[i].bc_xname), NULL); + if (error) + return (error); + if (++i == bcl->bcl_size) + break; + } + bcl->bcl_size = i; + return 0; } struct bio_mapping * Index: sys/dev/biovar.h === RCS file: /cvs/src/sys/dev/biovar.h,v retrieving revision 1.44 diff -u -p -r1.44 biovar.h --- sys/dev/biovar.h29 May 2015 00:33:37 - 1.44 +++ sys/dev/biovar.h1 Oct 2015 18:53:18 - @@ -277,6 +277,15 @@ struct bioc_patrol { int bp_autonow; }; +#define BIOCLISTCONTROLLERS _IOWR('B', 43, struct bioc_controllerlist) +struct bioc_controller { + charbc_xname[16]; +}; +struct bioc_controllerlist { + struct bioc_controller *bcl_list; + int bcl_size; +}; + /* kernel and userspace defines */ #define BIOC_INQ 0x0001 #define BIOC_DISK 0x0002 Index: sbin/bioctl/bioctl.c === RCS file: /cvs/src/sbin/bioctl/bioctl.c,v retrieving revision 1.129 diff -u -p -r1.129 bioctl.c --- sbin/bioctl/bioctl.c18 Jul 2015 23:23:20 - 1.129 +++ sbin/bioctl/bioctl.c1 Oct 2015 18:53:18 - @@ -69,7 +69,8 @@ void bio_kdf_generate(struct sr_crypto void derive_key_pkcs(int, u_int8_t *, size_t, u_int8_t *, size_t, char *, int); -void bio_inq(char *); +void bio_listall(); +void bio_inq(char *, int); void bio_alarm(char *); intbio_getvolbyname(char *); void bio_setstate(char *, int, char *); @@ -110,12 +111,17 @@ main(int argc, char *argv[]) u_int16_t cr_level = 0; int biodev = 0; - if (argc < 2) - usage(); + if (argc < 2) { + bio_listall(); + return 0; + } - while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:O:Pp:qr:R:st:u:v")) != + while ((ch = getopt(argc, argv, "Aa:b:C:c:dH:hik:l:O:Pp:qr:R:st:u:v")) != -1) { switch (ch) { + case 'A': + bio_listall(); + return 0; case 'a': /* alarm */ func |= BIOC_ALARM; al_arg = optarg; @@ -243,7 +249,7 @@ main(int argc, char *argv[]) } else if (changepass && !biodev) { bio_changepass(devicename); } else if (func & BIOC_INQ) { - bio_inq(devicename); + bio_inq(devicename, 0); } else if (func == BIOC_ALARM) { bio_alarm(al_arg); } else if (func == BIOC_BLINK) { @@ -273,7
Do not change rt_ifa after insertion
Either because it has been specified in rt_ifa_add() or because rt_getifa() returns you the correct one. So if the key of a route matches an address on the ifp it *must* be the same ifa. Let's make sure of that, ok? Index: net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.390 diff -u -p -r1.390 if.c --- net/if.c22 Oct 2015 10:46:26 - 1.390 +++ net/if.c22 Oct 2015 11:06:11 - @@ -1321,6 +1321,8 @@ p2p_rtrequest(int req, struct rtentry *r if (ifa == NULL) break; + KASSERT(ifa == rt->rt_ifa); + /* * XXX Since lo0 is in the default rdomain we should not * (ab)use it for any route related to an interface of a @@ -1335,17 +1337,6 @@ p2p_rtrequest(int req, struct rtentry *r break; rt->rt_flags &= ~RTF_LLINFO; - - /* -* make sure to set rt->rt_ifa to the interface -* address we are using, otherwise we will have trouble -* with source address selection. -*/ - if (ifa != rt->rt_ifa) { - ifafree(rt->rt_ifa); - ifa->ifa_refcnt++; - rt->rt_ifa = ifa; - } break; case RTM_DELETE: case RTM_RESOLVE: Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.172 diff -u -p -r1.172 if_ether.c --- netinet/if_ether.c 13 Oct 2015 10:21:27 - 1.172 +++ netinet/if_ether.c 22 Oct 2015 11:06:13 - @@ -235,17 +235,8 @@ arp_rtrequest(int req, struct rtentry *r break; } if (ifa) { + KASSERT(ifa == rt->rt_ifa); rt->rt_expire = 0; - /* -* make sure to set rt->rt_ifa to the interface -* address we are using, otherwise we will have trouble -* with source address selection. -*/ - if (ifa != rt->rt_ifa) { - ifafree(rt->rt_ifa); - ifa->ifa_refcnt++; - rt->rt_ifa = ifa; - } } break; Index: netinet6/nd6.c === RCS file: /cvs/src/sys/netinet6/nd6.c,v retrieving revision 1.156 diff -u -p -r1.156 nd6.c --- netinet6/nd6.c 22 Oct 2015 10:27:22 - 1.156 +++ netinet6/nd6.c 22 Oct 2015 11:06:15 - @@ -1103,20 +1103,7 @@ nd6_rtrequest(int req, struct rtentry *r nd6_llinfo_settimer(ln, -1); ln->ln_state = ND6_LLINFO_REACHABLE; ln->ln_byhint = 0; - - /* -* Make sure rt_ifa be equal to the ifaddr -* corresponding to the address. -* We need this because when we refer -* rt_ifa->ia6_flags in ip6_input, we assume -* that the rt_ifa points to the address instead -* of the loopback address. -*/ - if (ifa != rt->rt_ifa) { - ifafree(rt->rt_ifa); - ifa->ifa_refcnt++; - rt->rt_ifa = ifa; - } + KASSERT(ifa == rt->rt_ifa); } else if (rt->rt_flags & RTF_ANNOUNCE) { nd6_llinfo_settimer(ln, -1); ln->ln_state = ND6_LLINFO_REACHABLE;
pledge(2) in quiz(6)
games/quiz.c popen()s a PAGER to display the help message. Throw that away and let the use pipe into a PAGER if needed. Then we can just pledge "stdio rpath". Jan Index: quiz.c === RCS file: /cvs/src/games/quiz/quiz.c,v retrieving revision 1.21 diff -u -p -u -p -r1.21 quiz.c --- quiz.c 29 Aug 2013 20:22:18 - 1.21 +++ quiz.c 22 Oct 2015 11:42:42 - @@ -66,6 +66,9 @@ main(int argc, char *argv[]) int ch; const char *indexfile; + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); + indexfile = _PATH_QUIZIDX; while ((ch = getopt(argc, argv, "i:t")) != -1) switch(ch) { @@ -144,30 +147,21 @@ show_index(void) { QE *qp; const char *p, *s; - FILE *pf; - const char *pager; - if (!isatty(1)) - pager = "/bin/cat"; - else if (!(pager = getenv("PAGER")) || (*pager == 0)) - pager = _PATH_PAGER; - if ((pf = popen(pager, "w")) == NULL) - err(1, "%s", pager); - (void)fprintf(pf, "Subjects:\n\n"); + printf("Subjects:\n\n"); for (qp = qlist.q_next; qp; qp = qp->q_next) { for (s = next_cat(qp->q_text); s; s = next_cat(s)) { if (!rxp_compile(s)) errx(1, "%s", rxperr); if ((p = rxp_expand())) - (void)fprintf(pf, "%s ", p); + printf("%s ", p); } - (void)fprintf(pf, "\n"); + printf("\n"); } - (void)fprintf(pf, "\n%s\n%s\n%s\n", + printf("\n%s\n%s\n%s\n", "For example, \"quiz victim killer\" prints a victim's name and you reply", "with the killer, and \"quiz killer victim\" works the other way around.", "Type an empty line to get the correct answer."); - (void)pclose(pf); } void
axphy(4): new dumb driver for axe(4) phys
The following diff adds a basic PHY for Axis dongles. Changes: ukphy0 at axe0 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000ec6, model 0x0001 ukphy0 at axe0 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000ec6, model 0x0008 To: axphy0 at axe0 phy 16: AX88772 10/100 PHY, rev. 1 axphy0 at axe0 phy 16: AX88772B 10/100 PHY, rev. 1 Tested on landisk and amd64. Okay? Index: dev/mii/axphy.c === RCS file: dev/mii/axphy.c diff -N dev/mii/axphy.c --- /dev/null 1 Jan 1970 00:00:00 - +++ dev/mii/axphy.c 22 Oct 2015 22:03:32 - @@ -0,0 +1,174 @@ +/* $OpenBSD$ */ + +/* + * Copyright (c) 2015 Paul Irofti+ * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +struct axphy_softc { + struct mii_softcsc_mii; /* common mii device part */ + + uint8_t sc_current_page; +}; + +intaxphymatch(struct device *, void *, void *); +void axphyattach(struct device *, struct device *, void *); + +struct cfattach axphy_ca = { sizeof(struct axphy_softc), + axphymatch, axphyattach, mii_phy_detach, +}; + +struct cfdriver axphy_cd = { + NULL, "axphy", DV_DULL +}; + +intaxphy_service(struct mii_softc *, struct mii_data *, int); +void axphy_status(struct mii_softc *); +void axphy_reset(struct mii_softc *); + +const struct mii_phy_funcs axphy_funcs = { + axphy_service, ukphy_status, mii_phy_reset, +}; + +static const struct mii_phydesc axphys[] = { + { MII_OUI_ASIX, MII_MODEL_ASIX_AX88772, + MII_STR_ASIX_AX88772 }, + { MII_OUI_ASIX, MII_MODEL_ASIX_AX88772B, + MII_STR_ASIX_AX88772B }, + + { 0,0, + NULL }, +}; + +int +axphymatch(struct device *parent, void *match, void *aux) +{ + struct mii_attach_args *ma = aux; + + if (mii_phy_match(ma, axphys) != NULL) + return (10); + + return (0); +} + +void +axphyattach(struct device *parent, struct device *self, void *aux) +{ + struct axphy_softc *bsc = (struct axphy_softc *)self; + struct mii_softc *sc = >sc_mii; + struct mii_attach_args *ma = aux; + struct mii_data *mii = ma->mii_data; + const struct mii_phydesc *mpd; + + mpd = mii_phy_match(ma, axphys); + printf(": %s, rev. %d\n", mpd->mpd_name, MII_REV(ma->mii_id2)); + + sc->mii_inst = mii->mii_instance; + sc->mii_phy = ma->mii_phyno; + sc->mii_funcs = _funcs; + sc->mii_model = MII_MODEL(ma->mii_id2); + sc->mii_rev = MII_REV(ma->mii_id2); + sc->mii_pdata = mii; + sc->mii_flags = ma->mii_flags; + sc->mii_anegticks = MII_ANEGTICKS_GIGE; + + sc->mii_flags |= MIIF_NOISOLATE | MIIF_NOLOOP; + + sc->mii_capabilities = PHY_READ(sc, MII_BMSR) & ma->mii_capmask; + + if (sc->mii_capabilities & BMSR_EXTSTAT) + sc->mii_extcapabilities = PHY_READ(sc, MII_EXTSR); + if ((sc->mii_capabilities & BMSR_MEDIAMASK) || + (sc->mii_extcapabilities & EXTSR_MEDIAMASK)) + mii_phy_add_media(sc); + + PHY_RESET(sc); +} + +int +axphy_service(struct mii_softc *sc, struct mii_data *mii, int cmd) +{ + struct ifmedia_entry *ife = mii->mii_media.ifm_cur; + int reg; + + if ((sc->mii_dev.dv_flags & DVF_ACTIVE) == 0) + return (ENXIO); + + switch (cmd) { + case MII_POLLSTAT: + /* +* If we're not polling our PHY instance, just return. +*/ + if (IFM_INST(ife->ifm_media) != sc->mii_inst) + return (0); + break; + + case MII_MEDIACHG: + /* +* If the media indicates a different PHY instance, +* isolate ourselves. +*/ + if (IFM_INST(ife->ifm_media) != sc->mii_inst) { + reg = PHY_READ(sc, MII_BMCR); + PHY_WRITE(sc, MII_BMCR, reg | BMCR_ISO); + return (0); + } + + /* +* If the interface is not up, don't
change gateway to gateway route
Hi, It is possible to create a gateway route pointing to another gateway route by changing the gateway. # route add 1/8 127.0.0.1 # route add 2/8 127.0.0.1 1/8127.0.0.1 UGS00 32768 8 lo0 2/8127.0.0.1 UGS00 32768 8 lo0 # route change 2/8 1.0.0.1 route: writing to routing socket: Network is unreachable change net 2/8: gateway 1.0.0.1: Network is unreachable 1/8127.0.0.1 UGS12 32768 8 lo0 2/81.0.0.1UGS00 32768 8 lo0 Despite the error message when doing so, the route has actually changed. The gateway is modified by rt_setgate(), the error is created by rt_getifa(). So these operations should be done the other way around. ok? bluhm Index: net/rtsock.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/rtsock.c,v retrieving revision 1.172 diff -u -p -u -p -r1.172 rtsock.c --- net/rtsock.c22 Oct 2015 15:37:47 - 1.172 +++ net/rtsock.c22 Oct 2015 21:05:51 - @@ -744,6 +744,13 @@ report: info.rti_info[RTAX_GATEWAY]->sa_len)) { newgate = 1; } + /* check reachable gateway before changing the route */ + if (newgate || info.rti_info[RTAX_IFP] != NULL || + info.rti_info[RTAX_IFA] != NULL) { + if ((error = rt_getifa(, tableid)) != 0) + goto flush; + ifa = info.rti_ifa; + } if (info.rti_info[RTAX_GATEWAY] != NULL && (error = rt_setgate(rt, info.rti_info[RTAX_GATEWAY], tableid))) @@ -753,12 +760,6 @@ report: * flags may also be different; ifp may be specified * by ll sockaddr when protocol address is ambiguous */ - if (newgate || info.rti_info[RTAX_IFP] != NULL || - info.rti_info[RTAX_IFA] != NULL) { - if ((error = rt_getifa(, tableid)) != 0) - goto flush; - ifa = info.rti_ifa; - } if (ifa) { if (rt->rt_ifa != ifa) { if (rt->rt_ifa->ifa_rtrequest)
connect routing domains on layer 2
Hi, this diff allows to interconnect routing domains. It is very useful to route traffic from one routing domain to another, without using the pf "rtable" hack (tested in production for a long time). eg., # ifconfig vether0 10.0.1.1/24 # ifconfig vether1 rdomain 1 10.0.1.2/24 # ping 10.1.1.2 # route -T 1 add default 10.0.1.1 # ifconfig bridge0 add vether0 add em0 for hacking/testing, you can do thing like: # dhcpd vether0 # dhclient vether1 It has been discussed in much detail if this is possible with bridge(4). It is not. The bridge is not designed for it and explain on request. OK? Reyk Index: sbin/ifconfig/ifconfig.8 === RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.257 diff -u -p -u -p -r1.257 ifconfig.8 --- sbin/ifconfig/ifconfig.86 Oct 2015 17:23:21 - 1.257 +++ sbin/ifconfig/ifconfig.822 Oct 2015 22:33:40 - @@ -1560,6 +1560,33 @@ The accepted size of the number depends it is a 24-bit number for .Xr vxlan 4 . .El +.\" VETHER +.Sh VETHER +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar vether-interface +.Op Oo Fl Oc Ns Cm crossover Ar interface +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr vether 4 +interface: +.Bl -tag -width Ds +.It Cm crossover Ar interface +Create a virtual crossover link with another +.Xr vether 4 +interface. +Any outgoing packets from the +.Ar vether-interface +will be received by the crossover +.Ar interface +and vice versa. +This link allows to interconnect two routing domains locally. +.It Fl crossover +If configured, disconnect the virtual crossover link. +.El .\" VLAN .Sh VLAN .nr nS 1 Index: sbin/ifconfig/ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.302 diff -u -p -u -p -r1.302 ifconfig.c --- sbin/ifconfig/ifconfig.c3 Oct 2015 10:44:23 - 1.302 +++ sbin/ifconfig/ifconfig.c22 Oct 2015 22:33:41 - @@ -275,6 +275,8 @@ voidsetifipdst(const char *, int); void setifdesc(const char *, int); void unsetifdesc(const char *, int); void printifhwfeatures(const char *, int); +void setxover(const char *, int); +void unsetxover(const char *, int); #else void setignore(const char *, int); #endif @@ -490,6 +492,8 @@ const structcmd { { "-descr", 1, 0, unsetifdesc }, { "wol",IFXF_WOL, 0, setifxflags }, { "-wol", -IFXF_WOL, 0, setifxflags }, + { "crossover", NEXTARG,0, setxover }, + { "-crossover", 1, 0, unsetxover }, #else /* SMALL */ { "powersave", NEXTARG0, 0, setignore }, { "priority", NEXTARG,0, setignore }, @@ -2917,6 +2921,7 @@ status(int link, struct sockaddr_dl *sdl struct ifreq ifrdesc; struct ifkalivereq ikardesc; char ifdescr[IFDESCRSIZE]; + char ifname[IF_NAMESIZE]; #endif uint64_t *media_list; int i; @@ -2955,6 +2960,9 @@ status(int link, struct sockaddr_dl *sdl (ikardesc.ikar_timeo != 0 || ikardesc.ikar_cnt != 0)) printf("\tkeepalive: timeout %d count %d\n", ikardesc.ikar_timeo, ikardesc.ikar_cnt); + if (ioctl(s, SIOCGXOVER, ) == 0 && ifrdesc.ifr_index != 0 && + if_indextoname(ifrdesc.ifr_index, ifname) != NULL) + printf("\tcrossover: %s\n", ifname); #endif vlan_status(); #ifndef SMALL @@ -5199,6 +5207,29 @@ setinstance(const char *id, int param) ifr.ifr_rdomainid = rdomainid; if (ioctl(s, SIOCSIFRDOMAIN, (caddr_t)) < 0) warn("SIOCSIFRDOMAIN"); +} +#endif + +#ifndef SMALL +void +setxover(const char *val, int d) +{ + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + if ((ifr.ifr_index = if_nametoindex(val)) == 0) { + errno = ENOENT; + err(1, "crossover %s", val); + } + if (ioctl(s, SIOCSXOVER, (caddr_t)) < 0) + warn("SIOCSXOVER"); +} + +void +unsetxover(const char *val, int d) +{ + ifr.ifr_index = 0; + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + if (ioctl(s, SIOCSXOVER, (caddr_t)) < 0) + warn("SIOCSXOVER"); } #endif Index: sys/net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.391 diff -u -p -u -p -r1.391 if.c --- sys/net/if.c22 Oct 2015 15:37:47 - 1.391 +++ sys/net/if.c22 Oct 2015 22:33:42 - @@ -1794,6 +1794,7 @@ ifioctl(struct socket *so, u_long cmd, c case SIOCDELMULTI: case SIOCSIFMEDIA: case SIOCSVNETID: + case SIOCSXOVER: if ((error = suser(p, 0)) != 0) return (error); /* FALLTHROUGH */ @@
mkdir pledge condition
& has lower precedence than ==, so this seems to be not what was intended (the condition is always false): === RCS file: /cvs/src/bin/mkdir/mkdir.c,v retrieving revision 1.28 diff -u -p -r1.28 mkdir.c --- mkdir.c 10 Oct 2015 20:18:30 - 1.28 +++ mkdir.c 23 Oct 2015 00:03:31 - @@ -82,7 +82,7 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - if (mode & (S_ISUID | S_ISGID | S_ISTXT) == 0) { + if ((mode & (S_ISUID | S_ISGID | S_ISTXT)) == 0) { if (pledge("stdio rpath cpath fattr", NULL) == -1) err(1, "pledge"); }
unused macros in ksh
=== RCS file: /cvs/src/bin/ksh/shf.c,v retrieving revision 1.25 diff -u -p -r1.25 shf.c --- shf.c 19 Oct 2015 14:42:16 - 1.25 +++ shf.c 23 Oct 2015 00:27:40 - @@ -707,10 +707,6 @@ shf_smprintf(const char *fmt, ...) return shf_sclose(); /* null terminates */ } -#define BUF_SIZE 128 -#define ABIGNUM32000 /* big number that will fit in a short */ -#define LOG2_103.321928094887362347870319429 /* log base 2 of 10 */ - #defineFL_HASH 0x001 /* `#' seen */ #define FL_PLUS0x002 /* `+' seen */ #define FL_RIGHT 0x004 /* `-' seen */ @@ -722,7 +718,6 @@ shf_smprintf(const char *fmt, ...) #define FL_DOT 0x100 /* '.' seen */ #define FL_UPPER 0x200 /* format character was uppercase */ #define FL_NUMBER 0x400 /* a number was formated %[douxefg] */ - int shf_vfprintf(struct shf *shf, const char *fmt, va_list args)
Re: axphy(4): new dumb driver for axe(4) phys
What does this do that ukphy doesn't? I don't see any errata or special handling here. On Fri, Oct 23, 2015 at 04:33:22AM +0300, Paul Irofti wrote: > The following diff adds a basic PHY for Axis dongles. > > Changes: > ukphy0 at axe0 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI > 0x000ec6, model 0x0001 > ukphy0 at axe0 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI > 0x000ec6, model 0x0008 > > To: > axphy0 at axe0 phy 16: AX88772 10/100 PHY, rev. 1 > axphy0 at axe0 phy 16: AX88772B 10/100 PHY, rev. 1 > > Tested on landisk and amd64. Okay? > > Index: dev/mii/axphy.c > === > RCS file: dev/mii/axphy.c > diff -N dev/mii/axphy.c > --- /dev/null 1 Jan 1970 00:00:00 - > +++ dev/mii/axphy.c 22 Oct 2015 22:03:32 - > @@ -0,0 +1,174 @@ > +/* $OpenBSD$ */ > + > +/* > + * Copyright (c) 2015 Paul Irofti> + * > + * Permission to use, copy, modify, and/or distribute this software for any > + * purpose with or without fee is hereby granted, provided that the above > + * copyright notice and this permission notice appear in all copies. > + * > + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES > + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR > + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES > + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN > + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > + > +#include > +#include > +#include > + > +struct axphy_softc { > + struct mii_softcsc_mii; /* common mii device part */ > + > + uint8_t sc_current_page; > +}; > + > +int axphymatch(struct device *, void *, void *); > +void axphyattach(struct device *, struct device *, void *); > + > +struct cfattach axphy_ca = { sizeof(struct axphy_softc), > + axphymatch, axphyattach, mii_phy_detach, > +}; > + > +struct cfdriver axphy_cd = { > + NULL, "axphy", DV_DULL > +}; > + > +int axphy_service(struct mii_softc *, struct mii_data *, int); > +void axphy_status(struct mii_softc *); > +void axphy_reset(struct mii_softc *); > + > +const struct mii_phy_funcs axphy_funcs = { > + axphy_service, ukphy_status, mii_phy_reset, > +}; > + > +static const struct mii_phydesc axphys[] = { > + { MII_OUI_ASIX, MII_MODEL_ASIX_AX88772, > + MII_STR_ASIX_AX88772 }, > + { MII_OUI_ASIX, MII_MODEL_ASIX_AX88772B, > + MII_STR_ASIX_AX88772B }, > + > + { 0,0, > + NULL }, > +}; > + > +int > +axphymatch(struct device *parent, void *match, void *aux) > +{ > + struct mii_attach_args *ma = aux; > + > + if (mii_phy_match(ma, axphys) != NULL) > + return (10); > + > + return (0); > +} > + > +void > +axphyattach(struct device *parent, struct device *self, void *aux) > +{ > + struct axphy_softc *bsc = (struct axphy_softc *)self; > + struct mii_softc *sc = >sc_mii; > + struct mii_attach_args *ma = aux; > + struct mii_data *mii = ma->mii_data; > + const struct mii_phydesc *mpd; > + > + mpd = mii_phy_match(ma, axphys); > + printf(": %s, rev. %d\n", mpd->mpd_name, MII_REV(ma->mii_id2)); > + > + sc->mii_inst = mii->mii_instance; > + sc->mii_phy = ma->mii_phyno; > + sc->mii_funcs = _funcs; > + sc->mii_model = MII_MODEL(ma->mii_id2); > + sc->mii_rev = MII_REV(ma->mii_id2); > + sc->mii_pdata = mii; > + sc->mii_flags = ma->mii_flags; > + sc->mii_anegticks = MII_ANEGTICKS_GIGE; > + > + sc->mii_flags |= MIIF_NOISOLATE | MIIF_NOLOOP; > + > + sc->mii_capabilities = PHY_READ(sc, MII_BMSR) & ma->mii_capmask; > + > + if (sc->mii_capabilities & BMSR_EXTSTAT) > + sc->mii_extcapabilities = PHY_READ(sc, MII_EXTSR); > + if ((sc->mii_capabilities & BMSR_MEDIAMASK) || > + (sc->mii_extcapabilities & EXTSR_MEDIAMASK)) > + mii_phy_add_media(sc); > + > + PHY_RESET(sc); > +} > + > +int > +axphy_service(struct mii_softc *sc, struct mii_data *mii, int cmd) > +{ > + struct ifmedia_entry *ife = mii->mii_media.ifm_cur; > + int reg; > + > + if ((sc->mii_dev.dv_flags & DVF_ACTIVE) == 0) > + return (ENXIO); > + > + switch (cmd) { > + case MII_POLLSTAT: > + /* > + * If we're not polling our PHY instance, just return. > + */ > + if (IFM_INST(ife->ifm_media) != sc->mii_inst) > + return (0); > + break; > + > + case MII_MEDIACHG: > + /* > + * If the media indicates a different PHY instance, > + * isolate
Re: unused macros in ksh
Beat me to it. ok mmcc@ Ilya Kaliman wrote: > === > RCS file: /cvs/src/bin/ksh/shf.c,v > retrieving revision 1.25 > diff -u -p -r1.25 shf.c > --- shf.c 19 Oct 2015 14:42:16 - 1.25 > +++ shf.c 23 Oct 2015 00:27:40 - > @@ -707,10 +707,6 @@ shf_smprintf(const char *fmt, ...) > return shf_sclose(); /* null terminates */ > } > > -#define BUF_SIZE 128 > -#define ABIGNUM32000 /* big number that will fit in > a short */ > -#define LOG2_103.321928094887362347870319429 /* log > base 2 of 10 */ > - > #defineFL_HASH 0x001 /* `#' seen */ > #define FL_PLUS0x002 /* `+' seen */ > #define FL_RIGHT 0x004 /* `-' seen */ > @@ -722,7 +718,6 @@ shf_smprintf(const char *fmt, ...) > #define FL_DOT 0x100 /* '.' seen */ > #define FL_UPPER 0x200 /* format character was uppercase */ > #define FL_NUMBER 0x400 /* a number was formated %[douxefg] */ > - > > int > shf_vfprintf(struct shf *shf, const char *fmt, va_list args) >
Re: catopen/catgets: out of boundary access
On Tue, Oct 06, 2015 at 11:57:40PM +0200, Tobias Stoeckmann wrote: > By the way, this is the second version with miod's feedback. Time to > send it to tech@ now, too. > > Fixed one issue due to missing braces and less ntohl() calls, which > makes the code easier to read. ok with me > Index: catopen.c > === > RCS file: /cvs/src/lib/libc/nls/catopen.c,v > retrieving revision 1.17 > diff -u -p -r1.17 catopen.c > --- catopen.c 5 Sep 2015 11:25:30 - 1.17 > +++ catopen.c 14 Sep 2015 18:27:00 - > @@ -30,20 +30,24 @@ > > #define _NLS_PRIVATE > > -#include > -#include > -#include > #include > #include > #include > -#include > +#include > #include > +#include > #include > +#include > +#include > +#include > + > +#define MAXIMUM(a, b)(((a) > (b)) ? (a) : (b)) > > #define NLS_DEFAULT_PATH > "/usr/share/nls/%L/%N.cat:/usr/share/nls/%l.%c/%N.cat:/usr/share/nls/%l/%N.cat" > #define NLS_DEFAULT_LANG "C" > > -static nl_catd load_msgcat(const char *); > +static nl_catd load_msgcat(const char *); > +static int verify_msgcat(nl_catd); > > nl_catd > catopen(const char *name, int oflag) > @@ -165,6 +169,8 @@ load_msgcat(const char *path) > void *data; > int fd; > > + catd = NULL; > + > if ((fd = open(path, O_RDONLY|O_CLOEXEC)) == -1) > return (nl_catd) -1; > > @@ -173,24 +179,106 @@ load_msgcat(const char *path) > return (nl_catd) -1; > } > > - data = mmap(0, (size_t) st.st_size, PROT_READ, MAP_SHARED, fd, > (off_t)0); > - close (fd); > - > - if (data == MAP_FAILED) { > + if (st.st_size > INT_MAX || st.st_size < sizeof (struct _nls_cat_hdr)) { > + errno = EINVAL; > + close (fd); > return (nl_catd) -1; > } > > - if (ntohl(((struct _nls_cat_hdr *) data)->__magic) != _NLS_MAGIC) { > - munmap(data, (size_t) st.st_size); > - return (nl_catd) -1; > - } > + data = mmap(0, (size_t)st.st_size, PROT_READ, MAP_SHARED, fd, (off_t)0); > + close (fd); > > - if ((catd = malloc(sizeof (*catd))) == 0) { > - munmap(data, (size_t) st.st_size); > + if (data == MAP_FAILED) > return (nl_catd) -1; > - } > + > + if (ntohl(((struct _nls_cat_hdr *) data)->__magic) != _NLS_MAGIC) > + goto invalid; > + > + if ((catd = malloc(sizeof (*catd))) == 0) > + goto invalid; > > catd->__data = data; > catd->__size = st.st_size; > + > + if (verify_msgcat(catd)) > + goto invalid; > + > return catd; > + > +invalid: > + free(catd); > + munmap(data, (size_t) st.st_size); > + errno = EINVAL; > + return (nl_catd) -1; > } > + > +static int > +verify_msgcat(nl_catd catd) > +{ > + struct _nls_cat_hdr *cat; > + struct _nls_set_hdr *set; > + struct _nls_msg_hdr *msg; > + size_t remain; > + int hdr_offset, i, index, j, msgs, nmsgs, nsets, off, txt_offset; > + > + remain = catd->__size; > + cat = (struct _nls_cat_hdr *) catd->__data; > + > + hdr_offset = ntohl(cat->__msg_hdr_offset); > + nsets = ntohl(cat->__nsets); > + txt_offset = ntohl(cat->__msg_txt_offset); > + > + /* catalog must contain at least one set and no negative offsets */ > + if (nsets < 1 || hdr_offset < 0 || txt_offset < 0) > + return (1); > + > + remain -= sizeof (*cat); > + > + /* check if offsets or set size overflow */ > + if (remain <= hdr_offset || remain <= ntohl(cat->__msg_txt_offset) || > + remain / sizeof (*set) < nsets) > + return (1); > + > + set = (struct _nls_set_hdr *) ((char *) catd->__data + sizeof (*cat)); > + > + /* make sure that msg has space for at least one index */ > + if (remain - hdr_offset < sizeof(*msg)) > + return (1); > + > + msg = (struct _nls_msg_hdr *) ((char *) catd->__data + sizeof (*cat) > + + hdr_offset); > + > + /* validate and retrieve largest string offset from sets */ > + off = 0; > + for (i = 0; i < nsets; i++) { > + index = ntohl(set[i].__index); > + nmsgs = ntohl(set[i].__nmsgs); > + /* set must contain at least one message */ > + if (index < 0 || nmsgs < 1) > + return (1); > + > + if (INT_MAX - nmsgs < index) > + return (1); > + msgs = index + nmsgs; > + > + /* avoid msg index overflow */ > + if ((remain - hdr_offset) / sizeof(*msg) < msgs) > + return (1); > + > + /* retrieve largest string offset */ > + for (j = index; j < nmsgs; j++) { > + if (ntohl(msg[j].__offset) < 0) > + return (1); > + off = MAXIMUM(off, ntohl(msg[j].__offset)); > + } > + } > + > +
Re: make iked not static
On 2015/10/21 22:30, Theo de Raadt wrote: > >Already, iked is started after /usr has been mounted, so why the > >static requirement? > > Historic theories about ipsec protected nfs? Who knows. > > >> --- etc/rc 18 Oct 2015 21:33:18 - 1.467 > >> +++ etc/rc 20 Oct 2015 18:03:58 - > >> @@ -353,7 +353,7 @@ make_keys > >> > >> echo -n 'starting early daemons:' > >> start_daemon syslogd ldattach pflogd nsd unbound ntpd > >> -start_daemon iscsid isakmpd iked sasyncd ldapd npppd > >> +start_daemon iscsid isakmpd sasyncd ldapd npppd > >> echo '.' > > > >Most of these are dynamically linked. > > > >You can make iked dynamic without moving it in the startup sequence. > > Let's focus on that question first. Where should it be started? > > Let's move isakmpd and iked at the same time. To where? > I think immediately before iscsid. They need to be after ntpd because you may be running on a machine without RTC and using X.509 certificates for IPsec. And after the DNS daemons because you might be connecting to a VPN by hostname. isakmpd should be before npppd. And actually I think "Load IPsec rules" should also be before npppd, should npppd move later to "starting network daemons"? On 2015/10/20 20:25, Reyk Floeter wrote: > echo -n 'starting network daemons:' > -start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated > +start_daemon iked ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated IPsec should be brought up before ypldap.
Fewer ifa_ifp
Two more cases, ok? Index: netinet6/in6_src.c === RCS file: /cvs/src/sys/netinet6/in6_src.c,v retrieving revision 1.64 diff -u -p -r1.64 in6_src.c --- netinet6/in6_src.c 19 Oct 2015 12:11:28 - 1.64 +++ netinet6/in6_src.c 22 Oct 2015 14:25:26 - @@ -285,7 +285,7 @@ in6_selectsrc(struct in6_addr **in6src, */ if (ro->ro_rt) { - ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst, + ia6 = in6_ifawithscope(ro->ro_rt->rt_ifp, dst, rtableid); if (ia6 == NULL) /* xxx scope error ?*/ ia6 = ifatoia6(ro->ro_rt->rt_ifa); @@ -456,15 +456,8 @@ in6_selectif(struct sockaddr_in6 *dstsoc if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) return (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); - /* -* Adjust the "outgoing" interface. If we're going to loop the packet -* back to ourselves, the ifp would be the loopback interface. -* However, we'd rather know the interface associated to the -* destination address (which should probably be one of our own -* addresses.) -*/ - if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp) - *retifp = if_ref(rt->rt_ifa->ifa_ifp); + if (rt != NULL) + *retifp = if_ref(rt->rt_ifp); return (0); }
Re: mpsafe gem(4)
On 16/10/15(Fri) 15:05, Martin Pieuchot wrote: > I'm a bit late to the party, but here's a diff to bring gem(4) to the > group of cool^WIPL_MPSAFE drivers. > > sparc and sparc64 are only compile tested, I've been running with this > on my dual G5. > > It includes Mark's diff to disable flow control since I'm running with > it and it does help in my lab! > > More tests and comments are welcome. New diff fixing two issues found by jmatthew@ Index: dev/ic/gem.c === RCS file: /cvs/src/sys/dev/ic/gem.c,v retrieving revision 1.113 diff -u -p -r1.113 gem.c --- dev/ic/gem.c11 Sep 2015 13:02:28 - 1.113 +++ dev/ic/gem.c22 Oct 2015 13:48:52 - @@ -96,6 +96,8 @@ void gem_rx_watchdog(void *); void gem_rxdrain(struct gem_softc *); void gem_fill_rx_ring(struct gem_softc *); intgem_add_rxbuf(struct gem_softc *, int idx); +intgem_load_mbuf(struct gem_softc *, struct gem_sxd *, + struct mbuf *); void gem_iff(struct gem_softc *); /* MII methods & callbacks */ @@ -539,6 +541,10 @@ gem_stop(struct ifnet *ifp, int softonly gem_reset_tx(sc); } + intr_barrier(sc->sc_ih); + + KASSERT((ifp->if_flags & IFF_RUNNING) == 0); + /* * Release any queued transmit buffers. */ @@ -949,6 +955,9 @@ gem_rint(struct gem_softc *sc) u_int64_t rxstat; int i, len; + if (if_rxr_inuse(>sc_rx_ring) == 0) + return (0); + for (i = sc->sc_rx_cons; if_rxr_inuse(>sc_rx_ring) > 0; i = GEM_NEXTRX(i)) { rxs = >sc_rxsoft[i]; @@ -1134,8 +1143,11 @@ gem_intr(void *v) printf("%s: MAC tx fault, status %x\n", sc->sc_dev.dv_xname, txstat); #endif - if (txstat & (GEM_MAC_TX_UNDERRUN | GEM_MAC_TX_PKT_TOO_LONG)) + if (txstat & (GEM_MAC_TX_UNDERRUN | GEM_MAC_TX_PKT_TOO_LONG)) { + KERNEL_LOCK(); gem_init(ifp); + KERNEL_UNLOCK(); + } } if (status & GEM_INTR_RX_MAC) { int rxstat = bus_space_read_4(t, seb, GEM_MAC_RX_STATUS); @@ -1617,6 +1629,7 @@ gem_tint(struct gem_softc *sc, u_int32_t struct ifnet *ifp = >sc_arpcom.ac_if; struct gem_sxd *sd; u_int32_t cons, hwcons; + u_int32_t used, free = 0;; hwcons = status >> 19; cons = sc->sc_tx_cons; @@ -1630,76 +1643,96 @@ gem_tint(struct gem_softc *sc, u_int32_t sd->sd_mbuf = NULL; ifp->if_opackets++; } - sc->sc_tx_cnt--; + free++; if (++cons == GEM_NTXDESC) cons = 0; } + sc->sc_tx_cons = cons; + used = atomic_sub_int_nv(>sc_tx_cnt, free); - if (sc->sc_tx_cnt < GEM_NTXDESC - 2) - ifp->if_flags &= ~IFF_OACTIVE; - if (sc->sc_tx_cnt == 0) + /* All clean, turn off the timer. */ + if (used == 0) ifp->if_timer = 0; - gem_start(ifp); + /* +* If we have enough room, clear IFF_OACTIVE to tell the stack +* that it iss OK to send packets. +*/ + if (ISSET(ifp->if_flags, IFF_OACTIVE) && (used < GEM_NTXDESC - 2)) { + KERNEL_LOCK(); + CLR(ifp->if_flags, IFF_OACTIVE); + gem_start(ifp); + KERNEL_UNLOCK(); + } return (1); } +int +gem_load_mbuf(struct gem_softc *sc, struct gem_sxd *sd, struct mbuf *m) +{ + int error; + + error = bus_dmamap_load_mbuf(sc->sc_dmatag, sd->sd_map, m, + BUS_DMA_NOWAIT); + switch (error) { + case 0: + break; + + case EFBIG: /* mbuf chain is too fragmented */ + if (m_defrag(m, M_DONTWAIT) == 0 && + bus_dmamap_load_mbuf(sc->sc_dmatag, sd->sd_map, m, + BUS_DMA_NOWAIT) == 0) + break; + /* FALLTHROUGH */ + default: + return (1); + } + + sd->sd_mbuf = m; + return (0); +} + void gem_start(struct ifnet *ifp) { struct gem_softc *sc = ifp->if_softc; + struct gem_sxd *sd; struct mbuf *m; u_int64_t flags; bus_dmamap_t map; - u_int32_t cur, frag, i; - int error; + u_int32_t cons, prod; + unsigned int used, new; if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) return; - while (sc->sc_txd[sc->sc_tx_prod].sd_mbuf == NULL) { - IFQ_POLL(>if_snd, m); + cons = prod = sc->sc_tx_prod; + used = sc->sc_tx_cnt; + new = 0; + + for (;;) { + IFQ_DEQUEUE(>if_snd, m); if (m == NULL) break; -
Re: Do not change rt_ifa after insertion
On Thu, Oct 22, 2015 at 01:34:20PM +0200, Martin Pieuchot wrote: > Either because it has been specified in rt_ifa_add() or because > rt_getifa() returns you the correct one. So if the key of a route > matches an address on the ifp it *must* be the same ifa. > > Let's make sure of that, ok? OK bluhm@ > > Index: net/if.c > === > RCS file: /cvs/src/sys/net/if.c,v > retrieving revision 1.390 > diff -u -p -r1.390 if.c > --- net/if.c 22 Oct 2015 10:46:26 - 1.390 > +++ net/if.c 22 Oct 2015 11:06:11 - > @@ -1321,6 +1321,8 @@ p2p_rtrequest(int req, struct rtentry *r > if (ifa == NULL) > break; > > + KASSERT(ifa == rt->rt_ifa); > + > /* >* XXX Since lo0 is in the default rdomain we should not >* (ab)use it for any route related to an interface of a > @@ -1335,17 +1337,6 @@ p2p_rtrequest(int req, struct rtentry *r > break; > > rt->rt_flags &= ~RTF_LLINFO; > - > - /* > - * make sure to set rt->rt_ifa to the interface > - * address we are using, otherwise we will have trouble > - * with source address selection. > - */ > - if (ifa != rt->rt_ifa) { > - ifafree(rt->rt_ifa); > - ifa->ifa_refcnt++; > - rt->rt_ifa = ifa; > - } > break; > case RTM_DELETE: > case RTM_RESOLVE: > Index: netinet/if_ether.c > === > RCS file: /cvs/src/sys/netinet/if_ether.c,v > retrieving revision 1.172 > diff -u -p -r1.172 if_ether.c > --- netinet/if_ether.c13 Oct 2015 10:21:27 - 1.172 > +++ netinet/if_ether.c22 Oct 2015 11:06:13 - > @@ -235,17 +235,8 @@ arp_rtrequest(int req, struct rtentry *r > break; > } > if (ifa) { > + KASSERT(ifa == rt->rt_ifa); > rt->rt_expire = 0; > - /* > - * make sure to set rt->rt_ifa to the interface > - * address we are using, otherwise we will have trouble > - * with source address selection. > - */ > - if (ifa != rt->rt_ifa) { > - ifafree(rt->rt_ifa); > - ifa->ifa_refcnt++; > - rt->rt_ifa = ifa; > - } > } > break; > > Index: netinet6/nd6.c > === > RCS file: /cvs/src/sys/netinet6/nd6.c,v > retrieving revision 1.156 > diff -u -p -r1.156 nd6.c > --- netinet6/nd6.c22 Oct 2015 10:27:22 - 1.156 > +++ netinet6/nd6.c22 Oct 2015 11:06:15 - > @@ -1103,20 +1103,7 @@ nd6_rtrequest(int req, struct rtentry *r > nd6_llinfo_settimer(ln, -1); > ln->ln_state = ND6_LLINFO_REACHABLE; > ln->ln_byhint = 0; > - > - /* > - * Make sure rt_ifa be equal to the ifaddr > - * corresponding to the address. > - * We need this because when we refer > - * rt_ifa->ia6_flags in ip6_input, we assume > - * that the rt_ifa points to the address instead > - * of the loopback address. > - */ > - if (ifa != rt->rt_ifa) { > - ifafree(rt->rt_ifa); > - ifa->ifa_refcnt++; > - rt->rt_ifa = ifa; > - } > + KASSERT(ifa == rt->rt_ifa); > } else if (rt->rt_flags & RTF_ANNOUNCE) { > nd6_llinfo_settimer(ln, -1); > ln->ln_state = ND6_LLINFO_REACHABLE;
Re: connect routing domains on layer 2
> On 23 Oct 2015, at 09:00, Reyk Floeterwrote: > > Hi, > > this diff allows to interconnect routing domains. > > It is very useful to route traffic from one routing domain to another, > without using the pf "rtable" hack (tested in production for a long > time). > > eg., > # ifconfig vether0 10.0.1.1/24 > # ifconfig vether1 rdomain 1 10.0.1.2/24 > # ping 10.1.1.2 > # route -T 1 add default 10.0.1.1 > # ifconfig bridge0 add vether0 add em0 > > for hacking/testing, you can do thing like: > # dhcpd vether0 > # dhclient vether1 > > It has been discussed in much detail if this is possible with > bridge(4). It is not. The bridge is not designed for it and explain > on request. the diff implements a crossover option, but the example above doesnt use them. does that mean you can use a bridge to build crossovers without the extra code, or the example is wrong? > > OK? > > Reyk > > Index: sbin/ifconfig/ifconfig.8 > === > RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v > retrieving revision 1.257 > diff -u -p -u -p -r1.257 ifconfig.8 > --- sbin/ifconfig/ifconfig.8 6 Oct 2015 17:23:21 - 1.257 > +++ sbin/ifconfig/ifconfig.8 22 Oct 2015 22:33:40 - > @@ -1560,6 +1560,33 @@ The accepted size of the number depends > it is a 24-bit number for > .Xr vxlan 4 . > .El > +.\" VETHER > +.Sh VETHER > +.nr nS 1 > +.Bk -words > +.Nm ifconfig > +.Ar vether-interface > +.Op Oo Fl Oc Ns Cm crossover Ar interface > +.Ek > +.nr nS 0 > +.Pp > +The following options are available for a > +.Xr vether 4 > +interface: > +.Bl -tag -width Ds > +.It Cm crossover Ar interface > +Create a virtual crossover link with another > +.Xr vether 4 > +interface. > +Any outgoing packets from the > +.Ar vether-interface > +will be received by the crossover > +.Ar interface > +and vice versa. > +This link allows to interconnect two routing domains locally. > +.It Fl crossover > +If configured, disconnect the virtual crossover link. > +.El > .\" VLAN > .Sh VLAN > .nr nS 1 > Index: sbin/ifconfig/ifconfig.c > === > RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v > retrieving revision 1.302 > diff -u -p -u -p -r1.302 ifconfig.c > --- sbin/ifconfig/ifconfig.c 3 Oct 2015 10:44:23 - 1.302 > +++ sbin/ifconfig/ifconfig.c 22 Oct 2015 22:33:41 - > @@ -275,6 +275,8 @@ void setifipdst(const char *, int); > void setifdesc(const char *, int); > void unsetifdesc(const char *, int); > void printifhwfeatures(const char *, int); > +void setxover(const char *, int); > +void unsetxover(const char *, int); > #else > void setignore(const char *, int); > #endif > @@ -490,6 +492,8 @@ const struct cmd { > { "-descr", 1, 0, unsetifdesc }, > { "wol",IFXF_WOL, 0, setifxflags }, > { "-wol", -IFXF_WOL, 0, setifxflags }, > + { "crossover", NEXTARG,0, setxover }, > + { "-crossover", 1, 0, unsetxover }, > #else /* SMALL */ > { "powersave", NEXTARG0, 0, setignore }, > { "priority", NEXTARG,0, setignore }, > @@ -2917,6 +2921,7 @@ status(int link, struct sockaddr_dl *sdl > struct ifreq ifrdesc; > struct ifkalivereq ikardesc; > char ifdescr[IFDESCRSIZE]; > + char ifname[IF_NAMESIZE]; > #endif > uint64_t *media_list; > int i; > @@ -2955,6 +2960,9 @@ status(int link, struct sockaddr_dl *sdl > (ikardesc.ikar_timeo != 0 || ikardesc.ikar_cnt != 0)) > printf("\tkeepalive: timeout %d count %d\n", > ikardesc.ikar_timeo, ikardesc.ikar_cnt); > + if (ioctl(s, SIOCGXOVER, ) == 0 && ifrdesc.ifr_index != 0 && > + if_indextoname(ifrdesc.ifr_index, ifname) != NULL) > + printf("\tcrossover: %s\n", ifname); > #endif > vlan_status(); > #ifndef SMALL > @@ -5199,6 +5207,29 @@ setinstance(const char *id, int param) > ifr.ifr_rdomainid = rdomainid; > if (ioctl(s, SIOCSIFRDOMAIN, (caddr_t)) < 0) > warn("SIOCSIFRDOMAIN"); > +} > +#endif > + > +#ifndef SMALL > +void > +setxover(const char *val, int d) > +{ > + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); > + if ((ifr.ifr_index = if_nametoindex(val)) == 0) { > + errno = ENOENT; > + err(1, "crossover %s", val); > + } > + if (ioctl(s, SIOCSXOVER, (caddr_t)) < 0) > + warn("SIOCSXOVER"); > +} > + > +void > +unsetxover(const char *val, int d) > +{ > + ifr.ifr_index = 0; > + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); > + if (ioctl(s, SIOCSXOVER, (caddr_t)) < 0) > + warn("SIOCSXOVER"); > } > #endif > > Index: sys/net/if.c > === > RCS file: /cvs/src/sys/net/if.c,v > retrieving revision
Re: A couple of style(9) tweaks
On Tue, Oct 20, 2015 at 3:55 PM, Ilya Kalimanwrote: ... > --- bin/ed/main.c 9 Oct 2015 21:24:05 - 1.53 > +++ bin/ed/main.c 20 Oct 2015 22:49:53 - > @@ -174,7 +174,7 @@ top: > signal(SIGHUP, signal_hup); > signal(SIGQUIT, SIG_IGN); > signal(SIGINT, signal_int); > - if (status = sigsetjmp(env, 1)) { > + if ((status = sigsetjmp(env, 1))) { This technically undefined behavior, as you are not allowed to capture the return value of setjmp(), _setjmp(), or sigsetjmp() in a variable To quote the C standard: An application shall ensure that an invocation of setjmp( ) appears in one of the following contexts only: · The entire controlling expression of a selection or iteration statement · One operand of a relational or equality operator with the other operand an integral constant expression, with the resulting expression being the entire controlling expression of a selection or iteration statement · The operand of a unary '!' operator with the resulting expression being the entire controlling expression of a selection or iteration · The entire expression of an expression statement (possibly cast to void) If the invocation appears in any other context, the behavior is undefined. POSIX extends that to the other two functions. Fortunately, ed only call sigsetjmpt() with the value -1, and status is initialized to zero, so the diff below should fix it without changing the behavior. oks? Philip Guenther --- bin/ed/main.c 21 Oct 2015 16:06:57 - 1.54 +++ bin/ed/main.c 23 Oct 2015 04:55:31 - @@ -174,7 +174,8 @@ top: signal(SIGHUP, signal_hup); signal(SIGQUIT, SIG_IGN); signal(SIGINT, signal_int); - if ((status = sigsetjmp(env, 1))) { + if (sigsetjmp(env, 1)) { + status = -1; fputs("\n?\n", stderr); seterrmsg("interrupt"); } else {
Re: Pledge "id" for identd
Gregor Bestwrites: > Hi people, Hi, > identd's parent process needs to pledge "id" so it can call setgroups > and friends later. Likely a victim of the "proc" -> "id" switch. The following diff survived a few tests. Index: identd.c === RCS file: /cvs/src/usr.sbin/identd/identd.c,v retrieving revision 1.32 diff -u -p -p -u -r1.32 identd.c --- identd.c16 Oct 2015 05:55:23 - 1.32 +++ identd.c22 Oct 2015 13:47:11 - @@ -314,7 +314,7 @@ main(int argc, char *argv[]) lerr(1, "signal(SIGPIPE)"); if (parent) { - if (pledge("stdio proc getpw rpath", NULL) == -1) + if (pledge("stdio getpw rpath id", NULL) == -1) err(1, "pledge"); SIMPLEQ_INIT(); -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: carp_iamatch() tweak
On Thu, Oct 22, 2015 at 12:34:56PM +0200, Martin Pieuchot wrote: > Instead of passing an ``ia'' to dereference ``ia_ifp'', pass ``ifp'' > directly, we have it. > > ok? OK bluhm@ > > Index: netinet/if_ether.c > === > RCS file: /cvs/src/sys/netinet/if_ether.c,v > retrieving revision 1.172 > diff -u -p -r1.172 if_ether.c > --- netinet/if_ether.c13 Oct 2015 10:21:27 - 1.172 > +++ netinet/if_ether.c22 Oct 2015 10:32:51 - > @@ -578,7 +578,7 @@ in_arpinput(struct mbuf *m) > (IFF_UP|IFF_RUNNING))) { > if (op == ARPOP_REPLY) > break; > - if (carp_iamatch(ifatoia(ifa), ea->arp_sha, > + if (carp_iamatch(ifp, ea->arp_sha, > , _shost)) > break; > else > Index: netinet/ip_carp.c > === > RCS file: /cvs/src/sys/netinet/ip_carp.c,v > retrieving revision 1.276 > diff -u -p -r1.276 ip_carp.c > --- netinet/ip_carp.c 14 Oct 2015 13:59:31 - 1.276 > +++ netinet/ip_carp.c 22 Oct 2015 10:32:51 - > @@ -1355,10 +1355,10 @@ carp_update_lsmask(struct carp_softc *sc > } > > int > -carp_iamatch(struct in_ifaddr *ia, u_char *src, u_int8_t **sha, > +carp_iamatch(struct ifnet *ifp, u_char *src, u_int8_t **sha, > u_int8_t **ether_shost) > { > - struct carp_softc *sc = ia->ia_ifp->if_softc; > + struct carp_softc *sc = ifp->if_softc; > struct carp_vhost_entry *vhe = SRPL_FIRST_LOCKED(>carp_vhosts); > > KERNEL_ASSERT_LOCKED(); /* touching carp_vhosts */ > Index: netinet/ip_carp.h > === > RCS file: /cvs/src/sys/netinet/ip_carp.h,v > retrieving revision 1.34 > diff -u -p -r1.34 ip_carp.h > --- netinet/ip_carp.h 8 Jun 2015 13:40:48 - 1.34 > +++ netinet/ip_carp.h 22 Oct 2015 10:32:50 - > @@ -168,7 +168,7 @@ void carp_proto_input (struct mbuf *, > void carp_carpdev_state(void *); > void carp_group_demote_adj(struct ifnet *, int, char *); > int carp6_proto_input(struct mbuf **, int *, int); > -int carp_iamatch(struct in_ifaddr *, u_char *, u_int8_t **, > +int carp_iamatch(struct ifnet *, u_char *, u_int8_t **, >u_int8_t **); > int carp_iamatch6(struct ifnet *, u_char *, struct sockaddr_dl **); > struct ifnet *carp_ourether(void *, u_int8_t *);
Re: rt_ifa_add() dead code
On Thu, Oct 22, 2015 at 01:04:16PM +0200, Martin Pieuchot wrote: > RTAX_IFA is specified so rt_getifa() is never called and this is simply > dead code. > > ok? OK bluhm@ > > Index: net/route.c > === > RCS file: /cvs/src/sys/net/route.c,v > retrieving revision 1.254 > diff -u -p -r1.254 route.c > --- net/route.c 21 Oct 2015 08:21:06 - 1.254 > +++ net/route.c 22 Oct 2015 11:02:00 - > @@ -1133,19 +1133,6 @@ rt_ifa_add(struct ifaddr *ifa, int flags > > error = rtrequest1(RTM_ADD, , prio, , rtableid); > if (error == 0) { > - if (rt->rt_ifa != ifa) { > - printf("%s: wrong ifa (%p) was (%p)\n", __func__, > - ifa, rt->rt_ifa); > - if (rt->rt_ifa->ifa_rtrequest) > - rt->rt_ifa->ifa_rtrequest(RTM_DELETE, rt); > - ifafree(rt->rt_ifa); > - rt->rt_ifa = ifa; > - rt->rt_ifp = ifa->ifa_ifp; > - ifa->ifa_refcnt++; > - if (ifa->ifa_rtrequest) > - ifa->ifa_rtrequest(RTM_ADD, rt); > - } > - > /* >* A local route is created for every address configured >* on an interface, so use this information to notify
support for malloc allocation canaries
Hi, This patch adds an opt-in malloc configuration option placing canaries after small allocations to detect heap overflows on free(...). It's intended to be used alongside guard pages for large allocations. Since it's essentially adding extra padding to all small allocations, a small heap overflow will be rendered harmless. The current implementation uses pointer-size canaries, but it could be easily extended to allow bumping up the size of the canaries by passing the option multiple times. The entry points into malloc account for the canary size when it's enabled and then it's generated on allocation and checked on free. Small allocations without room for a canary are simply turned into large allocations. Some care needs to be taken to avoid clobbering the canary in the junk filling code and realloc copying. The canary is placed at the very end of the memory allocations so there will often be slack space in between the real allocation and the canary preventing small overflows from being detected. It would be much better at detecting corruption with finer-grained size classes. The extreme would be every multiple of the alignment, but logarithmic growth would be more realistic (see jemalloc's size classes). Finer-grained size classes would also reduce the memory overhead caused by allocations being pushed into the next size class by the canary. The canaries are currently generated with canary_value ^ hash(canary_address). It would be best to avoid involving addresses to avoid introducing address leaks via read overflows where there were none before, but it's the easiest way to get unique canaries and is a minor issue to improve down the road. I implemented this feature after porting OpenBSD malloc to Android (in CopperheadOS) and it has found a few bugs in the app ecosystem. Note that I've only heavily tested it there, not on OpenBSD itself. I'm not sure if you want this feature but it seemed worth submitting. Hopefully you don't mind a patch generated with Git. :) diff --git a/stdlib/malloc.c b/stdlib/malloc.c index 424dd77..65b5027 100644 --- a/stdlib/malloc.c +++ b/stdlib/malloc.c @@ -185,12 +185,14 @@ struct malloc_readonly { int malloc_move;/* move allocations to end of page? */ int malloc_realloc; /* always realloc? */ int malloc_xmalloc; /* xmalloc behaviour? */ + size_t malloc_canaries;/* use canaries after chunks? */ size_t malloc_guard; /* use guard pages after allocations? */ u_int malloc_cache; /* free pages we cache */ #ifdef MALLOC_STATS int malloc_stats; /* dump statistics at end */ #endif u_int32_t malloc_canary;/* Matched against ones in malloc_pool */ + uintptr_t malloc_chunk_canary; }; /* This object is mapped PROT_READ after initialisation to prevent tampering */ @@ -526,6 +528,12 @@ omalloc_init(struct dir_info **dp) case 'A': mopts.malloc_abort = 1; break; + case 'c': + mopts.malloc_canaries = 0; + break; + case 'C': + mopts.malloc_canaries = sizeof(void *); + break; #ifdef MALLOC_STATS case 'd': mopts.malloc_stats = 0; @@ -619,6 +627,9 @@ omalloc_init(struct dir_info **dp) while ((mopts.malloc_canary = arc4random()) == 0) ; + arc4random_buf(_chunk_canary, + sizeof(mopts.malloc_chunk_canary)); + /* * Allocate dir_info with a guard page on either side. Also * randomise offset inside the page at which the dir_info @@ -984,8 +995,15 @@ malloc_bytes(struct dir_info *d, size_t size, void *f) k += (lp - bp->bits) * MALLOC_BITS; k <<= bp->shift; + if (mopts.malloc_canaries && bp->size > 0) { + char *end = (char *)bp->page + k + bp->size; + uintptr_t *canary = (uintptr_t *)(end - mopts.malloc_canaries); + *canary = mopts.malloc_chunk_canary ^ hash(canary); + } + if (mopts.malloc_junk == 2 && bp->size > 0) - memset((char *)bp->page + k, SOME_JUNK, bp->size); + memset((char *)bp->page + k, SOME_JUNK, + bp->size - mopts.malloc_canaries); return ((char *)bp->page + k); } @@ -999,6 +1017,13 @@ find_chunknum(struct dir_info *d, struct region_info *r, void *ptr) if (info->canary != d->canary1) wrterror("chunk info corrupted", NULL); + if (mopts.malloc_canaries && info->size > 0) { + char *end = (char *)ptr + info->size; + uintptr_t *canary = (uintptr_t *)(end - mopts.malloc_canaries); + if (*canary != (mopts.malloc_chunk_canary ^ hash(canary))) +
Re: ifa_ifp and RTF_LOCAL routes
On Wed, Oct 21, 2015 at 10:18:49AM +0200, Martin Pieuchot wrote: > Now that (rt_ifa->ifa_ifp == rt_ifp) we can simplify the check below. > > Ok? OK bluhm@ > > Index: net/route.c > === > RCS file: /cvs/src/sys/net/route.c,v > retrieving revision 1.253 > diff -u -p -r1.253 route.c > --- net/route.c 16 Oct 2015 12:36:02 - 1.253 > +++ net/route.c 21 Oct 2015 08:12:53 - > @@ -1666,8 +1666,7 @@ rt_if_linkstate_change(struct rtentry *r > { > struct ifnet *ifp = arg; > > - if ((rt->rt_ifp != ifp) && > - (rt->rt_ifa == NULL || rt->rt_ifa->ifa_ifp != ifp)) > + if (rt->rt_ifp != ifp) > return (0); > > /* Local routes are always usable. */
Re: Fewer ifa_ifp
On Thu, Oct 22, 2015 at 04:31:09PM +0200, Martin Pieuchot wrote: > Two more cases, ok? OK bluhm@ > > Index: netinet6/in6_src.c > === > RCS file: /cvs/src/sys/netinet6/in6_src.c,v > retrieving revision 1.64 > diff -u -p -r1.64 in6_src.c > --- netinet6/in6_src.c19 Oct 2015 12:11:28 - 1.64 > +++ netinet6/in6_src.c22 Oct 2015 14:25:26 - > @@ -285,7 +285,7 @@ in6_selectsrc(struct in6_addr **in6src, >*/ > > if (ro->ro_rt) { > - ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst, > + ia6 = in6_ifawithscope(ro->ro_rt->rt_ifp, dst, > rtableid); > if (ia6 == NULL) /* xxx scope error ?*/ > ia6 = ifatoia6(ro->ro_rt->rt_ifa); > @@ -456,15 +456,8 @@ in6_selectif(struct sockaddr_in6 *dstsoc > if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) > return (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); > > - /* > - * Adjust the "outgoing" interface. If we're going to loop the packet > - * back to ourselves, the ifp would be the loopback interface. > - * However, we'd rather know the interface associated to the > - * destination address (which should probably be one of our own > - * addresses.) > - */ > - if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp) > - *retifp = if_ref(rt->rt_ifa->ifa_ifp); > + if (rt != NULL) > + *retifp = if_ref(rt->rt_ifp); > > return (0); > }
Re: Kill link_rtrequest()
On 19/10/15(Mon) 14:07, Martin Pieuchot wrote: > This function is a no-op, let's kill it. Anybody? > > Index: net/if.c > === > RCS file: /cvs/src/sys/net/if.c,v > retrieving revision 1.389 > diff -u -p -r1.389 if.c > --- net/if.c 12 Oct 2015 13:17:58 - 1.389 > +++ net/if.c 19 Oct 2015 11:43:32 - > @@ -1274,30 +1274,6 @@ ifaof_ifpforaddr(struct sockaddr *addr, > } > > /* > - * Default action when installing a route with a Link Level gateway. > - * Lookup an appropriate real ifa to point to. > - * This should be moved to /sys/net/link.c eventually. > - */ > -void > -link_rtrequest(int cmd, struct rtentry *rt) > -{ > - struct ifaddr *ifa; > - struct sockaddr *dst; > - struct ifnet *ifp; > - > - if (cmd != RTM_ADD || ((ifa = rt->rt_ifa) == 0) || > - ((ifp = ifa->ifa_ifp) == 0) || ((dst = rt_key(rt)) == 0)) > - return; > - if ((ifa = ifaof_ifpforaddr(dst, ifp)) != NULL) { > - ifa->ifa_refcnt++; > - ifafree(rt->rt_ifa); > - rt->rt_ifa = ifa; > - if (ifa->ifa_rtrequest && ifa->ifa_rtrequest != link_rtrequest) > - ifa->ifa_rtrequest(cmd, rt); > - } > -} > - > -/* > * Default action when installing a local route on a point-to-point > * interface. > */ > Index: net/if_enc.c > === > RCS file: /cvs/src/sys/net/if_enc.c,v > retrieving revision 1.60 > diff -u -p -r1.60 if_enc.c > --- net/if_enc.c 14 Mar 2015 03:38:51 - 1.60 > +++ net/if_enc.c 19 Oct 2015 11:38:10 - > @@ -103,7 +103,6 @@ enc_clone_create(struct if_clone *ifc, i >*/ > if_alloc_sadl(ifp); > sc->sc_ifa.ifa_ifp = ifp; > - sc->sc_ifa.ifa_rtrequest = link_rtrequest; > sc->sc_ifa.ifa_addr = (struct sockaddr *)ifp->if_sadl; > sc->sc_ifa.ifa_netmask = NULL; > > Index: net/if_mpe.c > === > RCS file: /cvs/src/sys/net/if_mpe.c,v > retrieving revision 1.47 > diff -u -p -r1.47 if_mpe.c > --- net/if_mpe.c 12 Sep 2015 20:50:17 - 1.47 > +++ net/if_mpe.c 19 Oct 2015 11:38:00 - > @@ -104,7 +104,6 @@ mpe_clone_create(struct if_clone *ifc, i > #endif > > mpeif->sc_ifa.ifa_ifp = ifp; > - mpeif->sc_ifa.ifa_rtrequest = link_rtrequest; > mpeif->sc_ifa.ifa_addr = (struct sockaddr *) ifp->if_sadl; > mpeif->sc_smpls.smpls_len = sizeof(mpeif->sc_smpls); > mpeif->sc_smpls.smpls_family = AF_MPLS; > Index: net/if_mpw.c > === > RCS file: /cvs/src/sys/net/if_mpw.c,v > retrieving revision 1.6 > diff -u -p -r1.6 if_mpw.c > --- net/if_mpw.c 12 Sep 2015 20:50:17 - 1.6 > +++ net/if_mpw.c 19 Oct 2015 11:37:53 - > @@ -104,7 +104,6 @@ mpw_clone_create(struct if_clone *ifc, i > if_alloc_sadl(ifp); > > sc->sc_ifa.ifa_ifp = ifp; > - sc->sc_ifa.ifa_rtrequest = link_rtrequest; > sc->sc_ifa.ifa_addr = (struct sockaddr *) ifp->if_sadl; > sc->sc_smpls.smpls_len = sizeof(sc->sc_smpls); > sc->sc_smpls.smpls_family = AF_MPLS; > Index: net/if_var.h > === > RCS file: /cvs/src/sys/net/if_var.h,v > retrieving revision 1.48 > diff -u -p -r1.48 if_var.h > --- net/if_var.h 12 Oct 2015 13:17:58 - 1.48 > +++ net/if_var.h 19 Oct 2015 11:38:22 - > @@ -422,7 +422,6 @@ structifaddr *ifa_ifwithdstaddr(struct > struct ifaddr *ifa_ifwithnet(struct sockaddr *, u_int); > struct ifaddr *ifaof_ifpforaddr(struct sockaddr *, struct ifnet *); > void ifafree(struct ifaddr *); > -void link_rtrequest(int, struct rtentry *); > void p2p_rtrequest(int, struct rtentry *); > > void if_clone_attach(struct if_clone *); >