Re: __syscall dropping 6th arg on amd64

2016-07-07 Thread Ted Unangst 
Philip Guenther wrote:
> > thank you. I didnt know about that.
> > I added an extra pad arg and I'm still getting weirdness:
> >
> > p2 = __syscall(197, 0x10, 4*4096, 7, MAP_ANON, -1, 0, 0);
> 
> varargs are so fun.  That last argument is a 64bit type, not an int,
> so you have to use 0LL there for the compiler to fill in the full
> 64bits.

The first two should have casts as well I think, but you get lucky because
they're passed in registers and not the stack?

Re: __syscall dropping 6th arg on amd64

2016-07-07 Thread Tim Newsham 
On Thu, Jul 7, 2016 at 1:43 PM, Philip Guenther  wrote:

> > p2 = __syscall(197, 0x10, 4*4096, 7, MAP_ANON, -1, 0, 0);
>
> varargs are so fun.  That last argument is a 64bit type, not an int,
> so you have to use 0LL there for the compiler to fill in the full
> 64bits.
>

That did the trick.. thank you.


> Philip Guenther
>

chrisC: glad to be of assistance.

-- 
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

Re: __syscall dropping 6th arg on amd64

2016-07-07 Thread Philip Guenther 
On Thu, Jul 7, 2016 at 4:11 PM, Tim Newsham  wrote:
>>
>> If you look at sys/kern/syscalls.master:
>> 197 STD { void *sys_mmap(void *addr, size_t len, int prot,
>> \
>> int flags, int fd, long pad, off_t pos); }
>>
>> There's a pad before any off_t syscall argument because 1993 or whatever.

(Because that guarantees that the stack layout of registers pushed in
ABI-matching order match the structure layout of the args structure.
sparc (32bit) is an example of the problem case, where longlong args
are pushed into the next two registers, effectively giving 4 byte
alignment while the args structure has 8 byte alignment.)


> thank you. I didnt know about that.
> I added an extra pad arg and I'm still getting weirdness:
>
> p2 = __syscall(197, 0x10, 4*4096, 7, MAP_ANON, -1, 0, 0);

varargs are so fun.  That last argument is a 64bit type, not an int,
so you have to use 0LL there for the compiler to fill in the full
64bits.


Philip Guenther

Re: __syscall dropping 6th arg on amd64

2016-07-07 Thread Tim Newsham 
>
> If you look at sys/kern/syscalls.master:
> 197 STD { void *sys_mmap(void *addr, size_t len, int prot,
> \
> int flags, int fd, long pad, off_t pos); }
>
> There's a pad before any off_t syscall argument because 1993 or whatever.
>


thank you. I didnt know about that.
I added an extra pad arg and I'm still getting weirdness:

p2 = __syscall(197, 0x10, 4*4096, 7, MAP_ANON, -1, 0, 0);

results in

  1947 a.outCALL
 
mmap(0x10,0x4000,0x7,0x1000,-1,0x7f7f)

vs straight call:

  1947 a.outCALL
 mmap(0,0x1,0x3,0x1002,-1,0)

-- 
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

Re: __syscall dropping 6th arg on amd64

2016-07-07 Thread Ted Unangst 
Tim Newsham wrote:
> I just noticed that the __syscall call is dropping the 6th argument
> (providing garbage) when I use it on amd64.  The attached program
> makes an mmap call "normally" and with __syscall.  Running the
> program in ktrace reveals that the last argument is garbage when
> using the __syscall entry, and not when using the "normal" entry.
> Is this known/expected behavior or a bug?

If you look at sys/kern/syscalls.master:
197 STD { void *sys_mmap(void *addr, size_t len, int prot, \
int flags, int fd, long pad, off_t pos); }

There's a pad before any off_t syscall argument because 1993 or whatever.

__syscall dropping 6th arg on amd64

2016-07-07 Thread Tim Newsham 
I just noticed that the __syscall call is dropping the 6th argument
(providing garbage) when I use it on amd64.  The attached program
makes an mmap call "normally" and with __syscall.  Running the
program in ktrace reveals that the last argument is garbage when
using the __syscall entry, and not when using the "normal" entry.
Is this known/expected behavior or a bug?

---
$ ktrace ./a.out
p 0x10
p 0x100528

---
$ kdump
  2631 a.outCALL
 mmap(0,0x1,0x3,0x1002,-1,0)
  2631 a.outRET   mmap 27609139748864/0x191c40f7a000

  2631 a.outCALL
 
mmap(0x10,0x4000,0x7,0x1000,-1,0x7f7c5bd8)
  2631 a.outRET   mmap 1051608/0x100bd8


#include 
#include 

int
main(int argc, char **argv)
{
void *p;
unsigned long long p2;

p = mmap((void*)0x10, 4*4096, 7, MAP_ANON, -1, 0);
printf("p %p\n", p);
munmap(p, 4*4096);

p2 = __syscall(197, 0x10, 4*4096, 7, MAP_ANON, -1, 0);
printf("p 0x%llx\n", p2);
return 0;
}


-- 
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

tcpdump mpls pseudowire support

2016-07-07 Thread Rafael Zalamena 
This diff teaches tcpdump to recognize MPLS pseudowires with control
words only. This should not be a problem since the control words are
used by default unless configured otherwise (ldpd does this).

It also makes possible to print encapsulated ethernet packets with the
new ethernet print function ether_tryprint(). Ethernet packets
encapsulated in MPLS pseudowires with no control words won't be shown,
because, as discussed previously, we have to make a lot of guesses to
find that out.

ok?

Note:
this is actually an updated diff of an old email I sent last year, the
differences between that and this are:
 * Use 'extern' in interface.h so the prototype looks like the others;
 * Re ordered the variable definition sequence;
 * print-mpls.c now uses the kernel headers to obtain the pseudowire
   macro definitions like: CW_ZERO_MASK and CW_FRAG_MASK;


Index: interface.h
===
RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v
retrieving revision 1.66
diff -u -p -r1.66 interface.h
--- interface.h 15 Nov 2015 20:35:36 -  1.66
+++ interface.h 7 Jul 2016 17:27:29 -
@@ -205,6 +205,7 @@ extern void pfsync_if_print(u_char *, co
 extern void pfsync_ip_print(const u_char *, u_int, const u_char *);
 extern void ether_if_print(u_char *, const struct pcap_pkthdr *,
const u_char *);
+extern void ether_tryprint(const u_char *, u_int, int);
 extern void fddi_if_print(u_char *, const struct pcap_pkthdr *, const u_char 
*);
 extern void ppp_ether_if_print(u_char *, const struct pcap_pkthdr *,
const u_char *);
Index: print-ether.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-ether.c,v
retrieving revision 1.30
diff -u -p -r1.30 print-ether.c
--- print-ether.c   16 Nov 2015 00:16:39 -  1.30
+++ print-ether.c   7 Jul 2016 17:27:29 -
@@ -89,29 +89,34 @@ u_short extracted_ethertype;
 void
 ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
-   u_int caplen = h->caplen;
-   u_int length = h->len;
-   struct ether_header *ep;
-   u_short ether_type;
-
ts_print(>ts);
 
-   if (caplen < sizeof(struct ether_header)) {
-   printf("[|ether]");
-   goto out;
-   }
-
/*
 * Some printers want to get back at the ethernet addresses,
 * and/or check that they're not walking off the end of the packet.
 * Rather than pass them all the way down, we set these globals.
 */
-   packetp = p;
-   snapend = p + caplen;
+   snapend = p + h->caplen;
+
+   ether_tryprint(p, h->len, 1);
+}
+
+void
+ether_tryprint(const u_char *p, u_int length, int first_header)
+{
+   struct ether_header *ep;
+   u_int caplen = snapend - p;
+   u_short ether_type;
+
+   if (caplen < sizeof(struct ether_header)) {
+   printf("[|ether]");
+   goto out;
+   }
 
if (eflag)
ether_print(p, length);
 
+   packetp = p;
length -= sizeof(struct ether_header);
caplen -= sizeof(struct ether_header);
ep = (struct ether_header *)p;
@@ -152,14 +157,15 @@ ether_if_print(u_char *user, const struc
default_print(p, caplen);
}
}
-   if (xflag) {
+   if (xflag && first_header) {
if (eflag)
default_print(packetp, snapend - packetp);
else
default_print(p, caplen);
}
  out:
-   putchar('\n');
+   if (first_header)
+   putchar('\n');
 }
 
 /*
Index: print-mpls.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/print-mpls.c,v
retrieving revision 1.2
diff -u -p -r1.2 print-mpls.c
--- print-mpls.c30 Jun 2010 19:01:06 -  1.2
+++ print-mpls.c7 Jul 2016 17:27:29 -
@@ -26,15 +26,24 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include 
+#include 
+#include 
+
 #include 
 
 #include "interface.h"
 #include "extract.h"   /* must come after interface.h */
 
+#define CW_SEQUENCE_MASK   (0xU)
+
+int controlword_tryprint(const u_char **, u_int *);
+
 void
 mpls_print(const u_char *bp, u_int len)
 {
u_int32_t tag, label, exp, bottom, ttl;
+   int has_cw;
 
  again:
if (bp + sizeof(tag) > snapend)
@@ -56,6 +65,9 @@ mpls_print(const u_char *bp, u_int len)
if (!bottom)
goto again;
 
+   /* Handle pseudowire control word. */
+   has_cw = controlword_tryprint(, );
+
/*
 * guessing the underlying protocol is about all we can do if
 * it's not explicitly defined.
@@ -107,7 +119,34 @@ mpls_print(const u_char *bp, u_int len)
}
}
 
+   if (has_cw)
+   ether_tryprint(bp, len, 0);
+
return;
 trunc:
printf("[|mpls]");
+}

Re: ntpd && pledge

2016-07-07 Thread Joel Sing 
On Thursday 07 July 2016 00:32:04 Ian Mcwilliam wrote:
> Seems changes to pledge have made ntpd abort.
> 
> ntpd(67855): syscall 5 "rpath"
> ntpd(81479): syscall 5 "rpath"
> 
> Jul  7 10:29:23 ianm-openbsd ntpd[76119]: constraint
> 2404:6800:4006:800::2004; terminated with signal 6 (Abort trap)

Thanks - this was actually due to a change to libtls, which has been reverted.

Re: add error check to ocsp_test.c

2016-07-07 Thread Bob Beck 
it's a regress test. it's ok to be a bit fugly. brent you have my ok
to commit it, and while you're at it modify it to just wrap
it in an appropriate #define #ifdef for the path so it's even easier
for portable.

On Thu, Jul 7, 2016 at 7:17 AM, Brent Cook  wrote:
> sure, this makes it easier to patch in the right path in portable as well
>
> On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
> kinichiro.inogu...@gmail.com> wrote:
>
>> Hi,
>>
>> I would like to add error check for CAfile loading
>> since some OS doesn't have /etc/ssl/cert.pem.
>>
>> Best regards,
>> Kinichiro Inoguchi
>>

Re: add error check to ocsp_test.c

2016-07-07 Thread Brent Cook 
sure, this makes it easier to patch in the right path in portable as well

On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:

> Hi,
>
> I would like to add error check for CAfile loading
> since some OS doesn't have /etc/ssl/cert.pem.
>
> Best regards,
> Kinichiro Inoguchi
>

add error check to ocsp_test.c

2016-07-07 Thread Kinichiro Inoguchi 
Hi,

I would like to add error check for CAfile loading
since some OS doesn't have /etc/ssl/cert.pem.

Best regards,
Kinichiro Inoguchi
diff --git src/regress/lib/libcrypto/ocsp/ocsp_test.c 
src/regress/lib/libcrypto/ocsp/ocsp_test.c
index 8867536..31594fa 100644
--- src/regress/lib/libcrypto/ocsp/ocsp_test.c
+++ src/regress/lib/libcrypto/ocsp/ocsp_test.c
@@ -47,6 +47,7 @@ int main(int argc, char *argv[]) {
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
char *host, *port;
+   char *cafile = "/etc/ssl/cert.pem";
 
SSL *ssl;
SSL_CTX *ctx;
@@ -56,7 +57,10 @@ int main(int argc, char *argv[]) {
 
ctx = SSL_CTX_new(SSLv23_client_method());
 
-   SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL);
+   if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) {
+   printf("failed to load %s\n", cafile);
+   exit(-1);
+   }
 
if (argc != 3)
errx(-1, "need a host and port to connect to");