Re: Hyper-V entropy driver

[Mike Larkin]

On Tue, Jan 10, 2017 at 02:19:35PM +1100, Jonathan Gray wrote:
> Hyper-V hosts make 64 bytes of entropy available to guests in the form
> of a OEM0 acpi table.  Feed that into the entropy pool.
> 
> This is less interesting for machines with rdrand, but there are still
> pre ivy bridge machines running Hyper-V (including parts of Azure).
> 

This reads ok to me. ok mlarkin@

> Index: sys/dev/acpi/files.acpi
> ===
> RCS file: /cvs/src/sys/dev/acpi/files.acpi,v
> retrieving revision 1.35
> diff -u -p -r1.35 files.acpi
> --- sys/dev/acpi/files.acpi   3 Aug 2016 17:23:38 -   1.35
> +++ sys/dev/acpi/files.acpi   9 Jan 2017 12:47:20 -
> @@ -145,3 +145,8 @@ file  dev/acpi/acpials.c  acpials
>  device   tpm
>  attach   tpm at acpi
>  file dev/acpi/tpm.c  tpm
> +
> +# Hyper-V Entropy
> +device   acpihve
> +attach   acpihve at acpi
> +file dev/acpi/acpihve.c  acpihve
> Index: sys/arch/amd64/conf/GENERIC
> ===
> RCS file: /cvs/src/sys/arch/amd64/conf/GENERIC,v
> retrieving revision 1.437
> diff -u -p -r1.437 GENERIC
> --- sys/arch/amd64/conf/GENERIC   13 Dec 2016 19:47:32 -  1.437
> +++ sys/arch/amd64/conf/GENERIC   9 Jan 2017 12:48:09 -
> @@ -67,6 +67,7 @@ sdhc*   at acpi?
>  acpicbkbd*   at acpi?
>  acpials* at acpi?
>  tpm* at acpi?
> +acpihve* at acpi?
>  
>  mpbios0  at bios0
>  
> --- /dev/null Tue Jan 10 13:56:15 2017
> +++ sys/dev/acpi/acpihve.cTue Jan 10 13:55:28 2017
> @@ -0,0 +1,89 @@
> +/*   $OpenBSD$   */
> +
> +/*
> + * Copyright (c) 2017 Jonathan Gray 
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#include 
> +#include 
> +#include 
> +
> +#include 
> +#include 
> +#include 
> +
> +int   acpihve_match(struct device *, void *, void *);
> +void  acpihve_attach(struct device *, struct device *, void *);
> +
> +struct acpi_oem0 {
> + struct acpi_table_headerhdr;
> + uint32_tentropy[16];
> +} __packed;
> +
> +struct acpihve_softc {
> + struct device   sc_dev;
> +};
> +
> +struct cfattach acpihve_ca = {
> + sizeof(struct acpihve_softc), acpihve_match, acpihve_attach
> +};
> +
> +struct cfdriver acpihve_cd = {
> + NULL, "acpihve", DV_DULL
> +};
> +
> +int   acpihve_attached;
> +
> +int
> +acpihve_match(struct device *parent, void *match, void *aux)
> +{
> + struct acpi_attach_args *aaa = aux;
> + struct acpi_table_header *hdr;
> +
> + /*
> +  * If we do not have a table, it is not us; attach only once
> +  */
> + if (acpihve_attached || aaa->aaa_table == NULL)
> + return (0);
> +
> + hdr = (struct acpi_table_header *)aaa->aaa_table;
> + if (memcmp(hdr->signature, "OEM0", 4) != 0 ||
> + memcmp(hdr->oemid, "VRTUAL", 6) != 0 ||
> + memcmp(hdr->oemtableid, "MICROSFT", 8) != 0)
> + return (0);
> +
> + return (1);
> +}
> +
> +void
> +acpihve_attach(struct device *parent, struct device *self, void *aux)
> +{
> + struct acpi_attach_args *aaa = aux;
> + struct acpi_oem0 *oem0 = (struct acpi_oem0 *)aaa->aaa_table;
> + int i;
> +
> + acpihve_attached++;
> +
> + /* should be 64 bytes of entropy */
> + if (oem0->hdr.length != sizeof(*oem0)) {
> + printf(": unexpected table length %u\n", oem0->hdr.length);
> + return;
> + }
> +
> + for (i = 0; i < nitems(oem0->entropy); i++)
> + add_true_randomness(oem0->entropy[i]);
> +
> + printf(": added %lu bytes of entropy\n", sizeof(oem0->entropy));
> +}
> --- /dev/null Tue Jan 10 13:56:29 2017
> +++ share/man/man4/acpihve.4  Tue Jan 10 13:49:52 2017
> @@ -0,0 +1,38 @@
> +.\"  $OpenBSD$
> +.\"
> +.\" Copyright (c) 2017 Jonathan Gray 
> +.\"
> +.\" Permission to use, copy, modify, and distribute this software for any
> +.\" purpose with or without fee is hereby granted, provided that the above
> +.\" copyright notice and this permission notice appear in all copies.
> +.\"
> +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> 

Re: Fix memory leak in LibreSSL/tls_conninfo_free()

[Shuo Chen]

On Mon, Jan 9, 2017 at 7:31 AM, Joel Sing  wrote:
> On Sunday 08 January 2017 07:59:34 Shuo Chen wrote:
>> Valgrind finds out that conninfo->servername is not free()d by
>> tls_conninfo_free().
>>
>> Here's a quick fix.
>
> Committed, thanks!

Thank you!

csu: prevent too aggressive optimization by clang

[Patrick Wildt]

Hi,

while working on OpenBSD/arm64 I stumbled upon the issue that the CTOR
and DTOR LIST was optimized away by clang.  Instead of the __ctors()
call it created an endless loop, doing nothing at all.  I don't know
why it does exactly that optimization.  Marking the lists as __used
prevents clang from opimizing those away and fixes my programs.

Comments?

Patrick

diff --git a/lib/csu/crtbegin.c b/lib/csu/crtbegin.c
index 534f4dfb4a1..67c91ef747a 100644
--- a/lib/csu/crtbegin.c
+++ b/lib/csu/crtbegin.c
@@ -84,9 +84,9 @@ __asm(".hidden  __dso_handle");
 long __guard_local __dso_hidden 
__attribute__((section(".openbsd.randomdata")));
 
 
-static init_f __CTOR_LIST__[1]
+static init_f __CTOR_LIST__[1] __used
 __attribute__((section(".ctors"))) = { (void *)-1 };   /* XXX */
-static init_f __DTOR_LIST__[1]
+static init_f __DTOR_LIST__[1] __used
 __attribute__((section(".dtors"))) = { (void *)-1 };   /* XXX */
 
 static void__dtors(void) __used;
diff --git a/lib/csu/crtbeginS.c b/lib/csu/crtbeginS.c
index f97d30f22b0..d2732b458ab 100644
--- a/lib/csu/crtbeginS.c
+++ b/lib/csu/crtbeginS.c
@@ -95,9 +95,9 @@ pthread_atfork(void (*prep)(void), void (*parent)(void), void 
(*child)(void))
 asm(".hidden pthread_atfork\n .weak pthread_atfork");
 
 
-static init_f __CTOR_LIST__[1]
+static init_f __CTOR_LIST__[1] __used
 __attribute__((section(".ctors"))) = { (void *)-1 };   /* XXX */
-static init_f __DTOR_LIST__[1]
+static init_f __DTOR_LIST__[1] __used
 __attribute__((section(".dtors"))) = { (void *)-1 };   /* XXX */
 
 static void__dtors(void) __used;

Re: 11n support for athn(4)

[Stefan Sperling]

On Mon, Jan 09, 2017 at 01:54:55PM +0100, Stefan Sperling wrote:
> This diff adds 11n support to the athn(4) driver.
> Requires -current net80211 code from today.

A better diff which fixes several bugs.

Most notably this should fix a crash in hostap mode triggered by clients
joining and leaving in a loop. This is fixed by making sure timeout handlers
managed by mira aren't overwritten when a client rejoins, and by cancelling
these timeouts properly. I'd like to rename some mira API functions for
better clarity but that's left for later.

This also restores USB device firmware rate scaling in client mode which was
disabled by commits I made in 2015. I found a missing 'usc->nnodes--;' in
the code from before those commits, and I hope adding that is a proper
fix for the problems we were hunting back then.

Known issues (not blocking issues IMO):

 - The athn(4) driver selects low transmit rates relative to what iwn(4)
   and iwm(4) clients select.

 - USB client in 11n mode only sends with legacy rates (up to 54Mbit/s).
   Technically this is legal behaviour, and receiving MCS sent by the AP works.
   Rate selection is done in firmware so this isn't straightforward to debug.

Index: dev/cardbus/if_athn_cardbus.c
===
RCS file: /cvs/src/sys/dev/cardbus/if_athn_cardbus.c,v
retrieving revision 1.14
diff -u -p -r1.14 if_athn_cardbus.c
--- dev/cardbus/if_athn_cardbus.c   24 Nov 2015 17:11:39 -  1.14
+++ dev/cardbus/if_athn_cardbus.c   8 Jan 2017 09:31:28 -
@@ -43,6 +43,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 #include 
Index: dev/ic/ar5008.c
===
RCS file: /cvs/src/sys/dev/ic/ar5008.c,v
retrieving revision 1.37
diff -u -p -r1.37 ar5008.c
--- dev/ic/ar5008.c 29 Nov 2016 10:22:30 -  1.37
+++ dev/ic/ar5008.c 9 Jan 2017 22:30:38 -
@@ -51,6 +51,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 #include 
@@ -217,7 +218,7 @@ ar5008_attach(struct athn_softc *sc)
sc->flags |= ATHN_FLAG_11A;
if (base->opCapFlags & AR_OPFLAGS_11G)
sc->flags |= ATHN_FLAG_11G;
-   if (base->opCapFlags & AR_OPFLAGS_11N)
+   if ((base->opCapFlags & AR_OPFLAGS_11N_DISABLED) == 0)
sc->flags |= ATHN_FLAG_11N;
 
IEEE80211_ADDR_COPY(ic->ic_myaddr, base->macAddr);
@@ -952,9 +953,11 @@ ar5008_tx_process(struct athn_softc *sc,
struct ifnet *ifp = >ic_if;
struct athn_txq *txq = >txq[qid];
struct athn_node *an;
+   struct ieee80211_node *ni;
struct athn_tx_buf *bf;
struct ar_tx_desc *ds;
uint8_t failcnt;
+   int txfail;
 
bf = SIMPLEQ_FIRST(>head);
if (bf == NULL)
@@ -970,13 +973,16 @@ ar5008_tx_process(struct athn_softc *sc,
 
sc->sc_tx_timer = 0;
 
-   if (ds->ds_status1 & AR_TXS1_EXCESSIVE_RETRIES)
+   txfail = (ds->ds_status1 & AR_TXS1_EXCESSIVE_RETRIES);
+   if (txfail)
ifp->if_oerrors++;
 
if (ds->ds_status1 & AR_TXS1_UNDERRUN)
athn_inc_tx_trigger_level(sc);
 
an = (struct athn_node *)bf->bf_ni;
+   ni = (struct ieee80211_node *)bf->bf_ni;
+
/*
 * NB: the data fail count contains the number of un-acked tries
 * for the final series used.  We must add the number of tries for
@@ -987,10 +993,26 @@ ar5008_tx_process(struct athn_softc *sc,
failcnt += MS(ds->ds_status9, AR_TXS9_FINAL_IDX) * 2;
 
/* Update rate control statistics. */
-   an->amn.amn_txcnt++;
-   if (failcnt > 0)
-   an->amn.amn_retrycnt++;
-
+   if (ni->ni_flags & IEEE80211_NODE_HT) {
+   an->mn.frames++;
+   an->mn.ampdu_size = bf->bf_m->m_pkthdr.len + IEEE80211_CRC_LEN;
+   an->mn.agglen = 1; /* XXX We do not yet support Tx agg. */
+   if (failcnt > 0)
+   an->mn.retries++;
+   if (txfail)
+   an->mn.txfail++;
+   if (ic->ic_state == IEEE80211_S_RUN) {
+#ifndef IEEE80211_STA_ONLY
+   if (ic->ic_opmode != IEEE80211_M_HOSTAP ||
+   ni->ni_state == IEEE80211_STA_ASSOC)
+#endif
+   ieee80211_mira_choose(>mn, ic, ni);
+   }
+   } else {
+   an->amn.amn_txcnt++;
+   if (failcnt > 0)
+   an->amn.amn_retrycnt++;
+   }
DPRINTFN(5, ("Tx done qid=%d status1=%d fail count=%d\n",
qid, ds->ds_status1, failcnt));
 
@@ -1110,7 +1132,7 @@ ar5008_swba_intr(struct athn_softc *sc)
ds->ds_ctl2 = SM(AR_TXC2_XMIT_DATA_TRIES0, 1);
 
/* Write Tx rate. */
-   ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
+   ridx = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ?
ATHN_RIDX_OFDM6 : ATHN_RIDX_CCK1;
hwrate = athn_rates[ridx].hwrate;
ds->ds_ctl3 = 

Re: Pointless use of 'struct route_in6'

[Sebastian Benoit]

Martin Pieuchot(m...@openbsd.org) on 2017.01.09 21:11:54 +0100:
> Simply use a 'struct rtentry' instead, ok?

ok
 
> Index: netinet6/ip6_output.c
> ===
> RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
> retrieving revision 1.218
> diff -u -p -r1.218 ip6_output.c
> --- netinet6/ip6_output.c 18 Nov 2016 02:53:47 -  1.218
> +++ netinet6/ip6_output.c 9 Jan 2017 20:09:10 -
> @@ -1917,8 +1917,6 @@ ip6_setmoptions(int optname, struct ip6_
>   struct ipv6_mreq *mreq;
>   struct ifnet *ifp;
>   struct ip6_moptions *im6o = *im6op;
> - struct route_in6 ro;
> - struct sockaddr_in6 *dst;
>   struct in6_multi_mship *imm;
>   struct proc *p = curproc;   /* XXX */
>  
> @@ -2034,25 +2032,21 @@ ip6_setmoptions(int optname, struct ip6_
>* appropriate one according to the given multicast address.
>*/
>   if (mreq->ipv6mr_interface == 0) {
> - /*
> -  * Look up the routing table for the
> -  * address, and choose the outgoing interface.
> -  *   XXX: is it a good approach?
> -  */
> - bzero(, sizeof(ro));
> - ro.ro_tableid = m->m_pkthdr.ph_rtableid;
> - dst = _dst;
> - dst->sin6_len = sizeof(struct sockaddr_in6);
> - dst->sin6_family = AF_INET6;
> - dst->sin6_addr = mreq->ipv6mr_multiaddr;
> - ro.ro_rt = rtalloc(sin6tosa(_dst),
> - RT_RESOLVE, ro.ro_tableid);
> - if (ro.ro_rt == NULL) {
> + struct rtentry *rt;
> + struct sockaddr_in6 dst;
> +
> + memset(, 0, sizeof(dst));
> + dst.sin6_len = sizeof(dst);
> + dst.sin6_family = AF_INET6;
> + dst.sin6_addr = mreq->ipv6mr_multiaddr;
> + rt = rtalloc(sin6tosa(), RT_RESOLVE,
> + m->m_pkthdr.ph_rtableid);
> + if (rt == NULL) {
>   error = EADDRNOTAVAIL;
>   break;
>   }
> - ifp = if_get(ro.ro_rt->rt_ifidx);
> - rtfree(ro.ro_rt);
> + ifp = if_get(rt->rt_ifidx);
> + rtfree(rt);
>   } else {
>   /*
>* If the interface is specified, validate it.
> 

Re: NET_LOCK() pr_sysctl

[Alexander Bluhm]

On Thu, Dec 22, 2016 at 01:38:17AM +0100, Mateusz Guzik wrote:
> In this particular case, what happens if the access results in a page
> fault and the area comes from a nfs mapped file? If network i/o is done
> from the same context, this should result in 'locking against myself'
> assertion failure.

I have written a program the sets a sysctl value from a memory
mapped file mounted on NFS.  As expected it panics when NET_LOCK()
is enabled.

panic: rw_enter: netlock locking against myself
Stopped at  Debugger+0x7:   leave
   TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
*45785  40072  0 0x3  00  mmap-sysctl

ddb{0}> trace
Debugger(d09f4dbd,f57706d0,d09cc44c,f57706d0,0) at Debugger+0x7
panic(d09cc44c,d09d634f,f5770700,f57706fc,0) at panic+0x71
rw_enter(d0b4ef38,1,f5770784,d04a8b3d,d953c00c) at rw_enter+0x1b4
rw_enter_write(d0b4ef38,1,0,d03cc0ce,d0bbcf80) at rw_enter_write+0x3c
sosend(d9569730,0,0,d976aa00,0) at sosend+0xf5
nfs_send(d9569730,d957bd00,d976aa00,d953c00c,d954a5b0) at nfs_send+0x8a
nfs_request(d96fda84,6,f57708ac,0,d96fda84) at nfs_request+0x3a3
nfs_readrpc(d96fda84,f5770930,0,0,39fcef3f) at nfs_readrpc+0x14e
nfs_doio(d954a5b0,d9540738,0,2000,d9540738) at nfs_doio+0x321
nfs_bioread(d96fda84,f5770b38,0,d97fa840,d9540738) at nfs_bioread+0x4ff
nfs_read(f5770ae0,3,33,d30b5870,d9745ed4) at nfs_read+0x35
VOP_READ(d96fda84,f5770b38,0,d97fa840,d30b5870) at VOP_READ+0x3f
uvn_io(d9745ed4,f5770bc0,1,2,0) at uvn_io+0x2d5
uvn_get(d9745ed4,0,0,f5770cf8,f5770d00) at uvn_get+0x234
uvm_fault(d9581d24,8a1b1000,0,1,f5770d5c) at uvm_fault+0xf8e
trap() at trap+0x723
--- trap (number 4) ---

bluhm

Re: FreeType 2.7.1

[Stuart Henderson]

On 2017/01/09 15:29, David Coppa wrote:
> 
> Hi all,
> 
> Here's the update to freetype-2.7.1, both inline and as attachment.
> 
> As usual, please test it.
> 
> And, if you can, put it in your next bulk build.

I'll start an i386 bulk tomorrow.

Re: openbgpd: support for bgp administrative shutdown communication

[Job Snijders]

Dear all,

The below is based on feedback from Sebastian Benoit, Theo de Raadt,
and Peter Hessler. The patch adds less lines of code, and adheres
better to style(9). Thank you for your time.

Kind regards,

Job


Index: bgpctl/bgpctl.8
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v
retrieving revision 1.71
diff -u -p -r1.71 bgpctl.8
--- bgpctl/bgpctl.8 26 Oct 2016 17:24:13 -  1.71
+++ bgpctl/bgpctl.8 9 Jan 2017 21:52:31 -
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 26 2016 $
+.Dd $Mdocdate: January 9 2017 $
 .Dt BGPCTL 8
 .Os
 .Sh NAME
@@ -104,8 +104,14 @@ Destroy a previously cloned peer.
 The peer must be down before calling this function.
 .Ar peer
 may be the neighbor's address or description.
-.It Cm neighbor Ar peer Cm down
-Take the BGP session to the specified neighbor down.
+.It Cm neighbor Ar peer Cm down Op Ar reason
+Take the BGP session to the specified neighbor down. If a
+.Ar reason
+is provided, the
+.Ar reason
+is sent as Administrative Shutdown Communication to the neighbor. The
+.Ar reason
+cannot exceed 128 octets.
 .Ar peer
 may be the neighbor's address or description.
 .It Cm neighbor Ar peer Cm refresh
Index: bgpctl/bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving revision 1.190
diff -u -p -r1.190 bgpctl.c
--- bgpctl/bgpctl.c 14 Oct 2016 16:05:35 -  1.190
+++ bgpctl/bgpctl.c 9 Jan 2017 21:52:31 -
@@ -162,6 +162,7 @@ main(int argc, char *argv[])
 
memcpy(, >peeraddr, sizeof(neighbor.addr));
strlcpy(neighbor.descr, res->peerdesc, sizeof(neighbor.descr));
+   strlcpy(neighbor.shutcomm, res->shutcomm, sizeof(neighbor.shutcomm));
 
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "control_init: socket");
@@ -722,6 +723,13 @@ show_neighbor_msg(struct imsg *imsg, enu
inet_ntoa(ina));
printf("%s\n", print_auth_method(p->auth.method));
printf("  BGP state = %s", statenames[p->state]);
+   if (p->conf.down) {
+   printf(", marked down");
+   if (*(p->conf.shutcomm)) {
+   printf(" with shutdown reason \"%s\"",
+   log_shutcomm(p->conf.shutcomm));
+   }
+   }
if (p->stats.last_updown != 0)
printf(", %s for %s",
p->state == STATE_ESTABLISHED ? "up" : "down",
@@ -756,6 +764,10 @@ show_neighbor_msg(struct imsg *imsg, enu
break;
print_neighbor_msgstats(p);
printf("\n");
+   if (*(p->stats.last_shutcomm)) {
+   printf("  Last received shutdown reason: \"%s\"\n",
+   log_shutcomm(p->stats.last_shutcomm));
+   }
if (p->state == STATE_IDLE) {
static const char   *errstr;
 
Index: bgpctl/parser.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/parser.c,v
retrieving revision 1.74
diff -u -p -r1.74 parser.c
--- bgpctl/parser.c 14 Oct 2016 16:05:35 -  1.74
+++ bgpctl/parser.c 9 Jan 2017 21:52:31 -
@@ -45,6 +45,7 @@ enum token_type {
PREFIX,
PEERDESC,
RIBNAME,
+   SHUTDOWN_COMMUNICATION,
COMMUNITY,
LARGE_COMMUNITY,
LOCALPREF,
@@ -245,9 +246,15 @@ static const struct token t_neighbor[] =
{ ENDTOKEN, "", NONE,   NULL}
 };
 
+static const struct token t_nei_mod_shutc[] = {
+   { NOTOKEN,  "", NONE,   NULL},
+   { SHUTDOWN_COMMUNICATION,   "", NONE,   NULL},
+   { ENDTOKEN, "", NONE,   NULL}
+};
+
 static const struct token t_neighbor_modifiers[] = {
{ KEYWORD,  "up",   NEIGHBOR_UP,NULL},
-   { KEYWORD,  "down", NEIGHBOR_DOWN,  NULL},
+   { KEYWORD,  "down", NEIGHBOR_DOWN,  
t_nei_mod_shutc},
{ KEYWORD,  "clear",NEIGHBOR_CLEAR, NULL},
{ KEYWORD,  "refresh",  NEIGHBOR_RREFRESH,  NULL},
{ KEYWORD,  "destroy",  NEIGHBOR_DESTROY,   NULL},
@@ -571,6 +578,16 @@ match_token(int *argc, char **argv[], co
t = [i];
}
break;
+   case SHUTDOWN_COMMUNICATION:
+   if (!match && word != NULL && wordlen > 0) {
+   if (strlcpy(res.shutcomm, word,
+   

Pointless use of 'struct route_in6'

[Martin Pieuchot]

Simply use a 'struct rtentry' instead, ok?

Index: netinet6/ip6_output.c
===
RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.218
diff -u -p -r1.218 ip6_output.c
--- netinet6/ip6_output.c   18 Nov 2016 02:53:47 -  1.218
+++ netinet6/ip6_output.c   9 Jan 2017 20:09:10 -
@@ -1917,8 +1917,6 @@ ip6_setmoptions(int optname, struct ip6_
struct ipv6_mreq *mreq;
struct ifnet *ifp;
struct ip6_moptions *im6o = *im6op;
-   struct route_in6 ro;
-   struct sockaddr_in6 *dst;
struct in6_multi_mship *imm;
struct proc *p = curproc;   /* XXX */
 
@@ -2034,25 +2032,21 @@ ip6_setmoptions(int optname, struct ip6_
 * appropriate one according to the given multicast address.
 */
if (mreq->ipv6mr_interface == 0) {
-   /*
-* Look up the routing table for the
-* address, and choose the outgoing interface.
-*   XXX: is it a good approach?
-*/
-   bzero(, sizeof(ro));
-   ro.ro_tableid = m->m_pkthdr.ph_rtableid;
-   dst = _dst;
-   dst->sin6_len = sizeof(struct sockaddr_in6);
-   dst->sin6_family = AF_INET6;
-   dst->sin6_addr = mreq->ipv6mr_multiaddr;
-   ro.ro_rt = rtalloc(sin6tosa(_dst),
-   RT_RESOLVE, ro.ro_tableid);
-   if (ro.ro_rt == NULL) {
+   struct rtentry *rt;
+   struct sockaddr_in6 dst;
+
+   memset(, 0, sizeof(dst));
+   dst.sin6_len = sizeof(dst);
+   dst.sin6_family = AF_INET6;
+   dst.sin6_addr = mreq->ipv6mr_multiaddr;
+   rt = rtalloc(sin6tosa(), RT_RESOLVE,
+   m->m_pkthdr.ph_rtableid);
+   if (rt == NULL) {
error = EADDRNOTAVAIL;
break;
}
-   ifp = if_get(ro.ro_rt->rt_ifidx);
-   rtfree(ro.ro_rt);
+   ifp = if_get(rt->rt_ifidx);
+   rtfree(rt);
} else {
/*
 * If the interface is specified, validate it.

Re: if() before m_free(9)

[Mark Kettenis]

> Date: Mon, 9 Jan 2017 20:12:32 +0100
> From: Martin Pieuchot 
> 
> m_free(9) handles NULL, no need to check for it beforehand.
> 
> Seems that we missed these because of the (void) cast!
> 
> ok?

ok kettenis@

> Index: netinet/ip_output.c
> ===
> RCS file: /cvs/src/sys/netinet/ip_output.c,v
> retrieving revision 1.333
> diff -u -p -r1.333 ip_output.c
> --- netinet/ip_output.c   19 Dec 2016 09:22:24 -  1.333
> +++ netinet/ip_output.c   9 Jan 2017 17:51:52 -
> @@ -1074,8 +1074,7 @@ ip_ctloutput(int op, struct socket *so, 
>   error = ENOPROTOOPT;
>   break;
>   }
> - if (m)
> - (void)m_free(m);
> + m_free(m);
>   break;
>  
>   case PRCO_GETOPT:
> @@ -1242,15 +1241,13 @@ ip_pcbopts(struct mbuf **pcbopt, struct 
>   u_char opt;
>  
>   /* turn off any old options */
> - if (*pcbopt)
> - (void)m_free(*pcbopt);
> + m_free(*pcbopt);
>   *pcbopt = 0;
>   if (m == NULL || m->m_len == 0) {
>   /*
>* Only turning off any previous options.
>*/
> - if (m)
> - (void)m_free(m);
> + m_free(m);
>   return (0);
>   }
>  
> Index: netinet/raw_ip.c
> ===
> RCS file: /cvs/src/sys/netinet/raw_ip.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 raw_ip.c
> --- netinet/raw_ip.c  19 Dec 2016 09:22:24 -  1.90
> +++ netinet/raw_ip.c  9 Jan 2017 17:52:13 -
> @@ -325,8 +325,7 @@ rip_ctloutput(int op, struct socket *so,
>   inp->inp_flags |= INP_HDRINCL;
>   else
>   inp->inp_flags &= ~INP_HDRINCL;
> - if (*mp)
> - (void)m_free(*mp);
> + m_free(*mp);
>   } else {
>   *mp = m_get(M_WAIT, M_SOOPTS);
>   (*mp)->m_len = sizeof(int);
> Index: netinet/tcp_input.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_input.c,v
> retrieving revision 1.334
> diff -u -p -r1.334 tcp_input.c
> --- netinet/tcp_input.c   19 Dec 2016 08:36:49 -  1.334
> +++ netinet/tcp_input.c   9 Jan 2017 17:53:03 -
> @@ -3340,8 +3340,7 @@ syn_cache_rm(struct syn_cache *sc)
>  void
>  syn_cache_put(struct syn_cache *sc)
>  {
> - if (sc->sc_ipopts)
> - (void) m_free(sc->sc_ipopts);
> + m_free(sc->sc_ipopts);
>   if (sc->sc_route4.ro_rt != NULL) {
>   rtfree(sc->sc_route4.ro_rt);
>   sc->sc_route4.ro_rt = NULL;
> @@ -4035,8 +4034,7 @@ syn_cache_add(struct sockaddr *src, stru
>* If we were remembering a previous source route,
>* forget it and use the new one we've been given.
>*/
> - if (sc->sc_ipopts)
> - (void) m_free(sc->sc_ipopts);
> + m_free(sc->sc_ipopts);
>   sc->sc_ipopts = ipopts;
>   }
>   sc->sc_timestamp = tb.ts_recent;
> @@ -4049,8 +4047,7 @@ syn_cache_add(struct sockaddr *src, stru
>  
>   sc = pool_get(_cache_pool, PR_NOWAIT|PR_ZERO);
>   if (sc == NULL) {
> - if (ipopts)
> - (void) m_free(ipopts);
> + m_free(ipopts);
>   return (-1);
>   }
>  
> Index: netinet/tcp_subr.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
> retrieving revision 1.157
> diff -u -p -r1.157 tcp_subr.c
> --- netinet/tcp_subr.c20 Dec 2016 09:57:10 -  1.157
> +++ netinet/tcp_subr.c9 Jan 2017 17:52:39 -
> @@ -534,8 +534,7 @@ tcp_close(struct tcpcb *tp)
>   p = q;
>   }
>  #endif
> - if (tp->t_template)
> - (void) m_free(tp->t_template);
> + m_free(tp->t_template);
>  
>   tp->t_flags |= TF_DEAD;
>   timeout_add(>t_reap_to, 0);
> Index: netinet/tcp_usrreq.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_usrreq.c,v
> retrieving revision 1.141
> diff -u -p -r1.141 tcp_usrreq.c
> --- netinet/tcp_usrreq.c  3 Jan 2017 10:52:21 -   1.141
> +++ netinet/tcp_usrreq.c  9 Jan 2017 17:52:28 -
> @@ -569,8 +569,7 @@ tcp_ctloutput(int op, struct socket *so,
>   error = ENOPROTOOPT;
>   break;
>   }
> - if (m)
> - (void) m_free(m);
> + m_free(m);
>   break;
>  
>   case PRCO_GETOPT:
> Index: netinet6/ip6_output.c
> ===
> RCS 

clear cached HT capabilities on reassociation

[Stefan Sperling]

When a HT node leaves or reassociates as a non-HT node,
clear HT capabilities stored in its node cache object.

A node may switch from 11n mode to 11a/b/g mode.
If we don't clear HT capabilities from the cache the node will
be mistaken as 11n-capable after reassociation.

Index: ieee80211_input.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.181
diff -u -p -r1.181 ieee80211_input.c
--- ieee80211_input.c   9 Jan 2017 12:40:00 -   1.181
+++ ieee80211_input.c   9 Jan 2017 19:13:00 -
@@ -1802,6 +1802,8 @@ ieee80211_recv_probe_req(struct ieee8021
}
if (htcaps)
ieee80211_setup_htcaps(ni, htcaps + 2, htcaps[1]);
+   else
+   ieee80211_clear_htcaps(ni);
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_PROBE_RESP, 0);
 }
 #endif /* IEEE80211_STA_ONLY */
@@ -2141,6 +2143,8 @@ ieee80211_recv_assoc_req(struct ieee8021
ni->ni_chan = ic->ic_bss->ni_chan;
if (htcaps)
ieee80211_setup_htcaps(ni, htcaps + 2, htcaps[1]);
+   else
+   ieee80211_clear_htcaps(ni);
  end:
if (status != 0) {
IEEE80211_SEND_MGMT(ic, ni, resp, status);
Index: ieee80211_node.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.110
diff -u -p -r1.110 ieee80211_node.c
--- ieee80211_node.c9 Jan 2017 16:24:20 -   1.110
+++ ieee80211_node.c9 Jan 2017 19:16:17 -
@@ -1350,6 +1350,27 @@ ieee80211_setup_htcaps(struct ieee80211_
ni->ni_aselcaps = data[25];
 }
 
+#ifndef IEEE80211_STA_ONLY
+/* 
+ * Handle nodes switching from 11n into legacy modes.
+ */
+void
+ieee80211_clear_htcaps(struct ieee80211_node *ni)
+{
+   ni->ni_htcaps = 0;
+   ni->ni_ampdu_param = 0;
+   memset(ni->ni_rxmcs, 0, sizeof(ni->ni_rxmcs));
+   ni->ni_max_rxrate = 0;
+   ni->ni_tx_mcs_set = 0;
+   ni->ni_htxcaps = 0;
+   ni->ni_txbfcaps = 0;
+   ni->ni_aselcaps = 0;
+
+   ni->ni_flags &= ~IEEE80211_NODE_HT;
+
+}
+#endif
+
 /*
  * Install received HT op information in the node's state block.
  */
@@ -1626,6 +1647,8 @@ ieee80211_node_leave_ht(struct ieee80211
ba->ba_buf = NULL;
}
}
+
+   ieee80211_clear_htcaps(ni);
 }
 
 /*
Index: ieee80211_node.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.63
diff -u -p -r1.63 ieee80211_node.h
--- ieee80211_node.h21 Sep 2016 12:21:27 -  1.63
+++ ieee80211_node.h9 Jan 2017 19:12:50 -
@@ -363,6 +363,7 @@ extern  void ieee80211_clean_cached(struc
 extern void ieee80211_clean_nodes(struct ieee80211com *, int);
 void ieee80211_setup_htcaps(struct ieee80211_node *, const uint8_t *,
 uint8_t);
+void ieee80211_clear_htcaps(struct ieee80211_node *);
 int ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
 uint8_t);
 extern int ieee80211_setup_rates(struct ieee80211com *,

Re: if() before m_free(9)

[Alexander Bluhm]

On Mon, Jan 09, 2017 at 08:12:32PM +0100, Martin Pieuchot wrote:
> m_free(9) handles NULL, no need to check for it beforehand.
> 
> Seems that we missed these because of the (void) cast!
> 
> ok?

OK bluhm@

> 
> Index: netinet/ip_output.c
> ===
> RCS file: /cvs/src/sys/netinet/ip_output.c,v
> retrieving revision 1.333
> diff -u -p -r1.333 ip_output.c
> --- netinet/ip_output.c   19 Dec 2016 09:22:24 -  1.333
> +++ netinet/ip_output.c   9 Jan 2017 17:51:52 -
> @@ -1074,8 +1074,7 @@ ip_ctloutput(int op, struct socket *so, 
>   error = ENOPROTOOPT;
>   break;
>   }
> - if (m)
> - (void)m_free(m);
> + m_free(m);
>   break;
>  
>   case PRCO_GETOPT:
> @@ -1242,15 +1241,13 @@ ip_pcbopts(struct mbuf **pcbopt, struct 
>   u_char opt;
>  
>   /* turn off any old options */
> - if (*pcbopt)
> - (void)m_free(*pcbopt);
> + m_free(*pcbopt);
>   *pcbopt = 0;
>   if (m == NULL || m->m_len == 0) {
>   /*
>* Only turning off any previous options.
>*/
> - if (m)
> - (void)m_free(m);
> + m_free(m);
>   return (0);
>   }
>  
> Index: netinet/raw_ip.c
> ===
> RCS file: /cvs/src/sys/netinet/raw_ip.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 raw_ip.c
> --- netinet/raw_ip.c  19 Dec 2016 09:22:24 -  1.90
> +++ netinet/raw_ip.c  9 Jan 2017 17:52:13 -
> @@ -325,8 +325,7 @@ rip_ctloutput(int op, struct socket *so,
>   inp->inp_flags |= INP_HDRINCL;
>   else
>   inp->inp_flags &= ~INP_HDRINCL;
> - if (*mp)
> - (void)m_free(*mp);
> + m_free(*mp);
>   } else {
>   *mp = m_get(M_WAIT, M_SOOPTS);
>   (*mp)->m_len = sizeof(int);
> Index: netinet/tcp_input.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_input.c,v
> retrieving revision 1.334
> diff -u -p -r1.334 tcp_input.c
> --- netinet/tcp_input.c   19 Dec 2016 08:36:49 -  1.334
> +++ netinet/tcp_input.c   9 Jan 2017 17:53:03 -
> @@ -3340,8 +3340,7 @@ syn_cache_rm(struct syn_cache *sc)
>  void
>  syn_cache_put(struct syn_cache *sc)
>  {
> - if (sc->sc_ipopts)
> - (void) m_free(sc->sc_ipopts);
> + m_free(sc->sc_ipopts);
>   if (sc->sc_route4.ro_rt != NULL) {
>   rtfree(sc->sc_route4.ro_rt);
>   sc->sc_route4.ro_rt = NULL;
> @@ -4035,8 +4034,7 @@ syn_cache_add(struct sockaddr *src, stru
>* If we were remembering a previous source route,
>* forget it and use the new one we've been given.
>*/
> - if (sc->sc_ipopts)
> - (void) m_free(sc->sc_ipopts);
> + m_free(sc->sc_ipopts);
>   sc->sc_ipopts = ipopts;
>   }
>   sc->sc_timestamp = tb.ts_recent;
> @@ -4049,8 +4047,7 @@ syn_cache_add(struct sockaddr *src, stru
>  
>   sc = pool_get(_cache_pool, PR_NOWAIT|PR_ZERO);
>   if (sc == NULL) {
> - if (ipopts)
> - (void) m_free(ipopts);
> + m_free(ipopts);
>   return (-1);
>   }
>  
> Index: netinet/tcp_subr.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
> retrieving revision 1.157
> diff -u -p -r1.157 tcp_subr.c
> --- netinet/tcp_subr.c20 Dec 2016 09:57:10 -  1.157
> +++ netinet/tcp_subr.c9 Jan 2017 17:52:39 -
> @@ -534,8 +534,7 @@ tcp_close(struct tcpcb *tp)
>   p = q;
>   }
>  #endif
> - if (tp->t_template)
> - (void) m_free(tp->t_template);
> + m_free(tp->t_template);
>  
>   tp->t_flags |= TF_DEAD;
>   timeout_add(>t_reap_to, 0);
> Index: netinet/tcp_usrreq.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_usrreq.c,v
> retrieving revision 1.141
> diff -u -p -r1.141 tcp_usrreq.c
> --- netinet/tcp_usrreq.c  3 Jan 2017 10:52:21 -   1.141
> +++ netinet/tcp_usrreq.c  9 Jan 2017 17:52:28 -
> @@ -569,8 +569,7 @@ tcp_ctloutput(int op, struct socket *so,
>   error = ENOPROTOOPT;
>   break;
>   }
> - if (m)
> - (void) m_free(m);
> + m_free(m);
>   break;
>  
>   case PRCO_GETOPT:
> Index: netinet6/ip6_output.c
> ===
> RCS file: 

ldpad(8): fix LDAP_MOD_DELETE operation

[Robert Klein]

Hi,

ZHANG Huangbin reported a misbehavior in ldapd(8)'s MOD_DELETE
operation when connecting to ldapd(8) with the python-ldap library.  The
MOD_DELETE operation always deletes all values of an attribute and not
only those specified to be deleted in the request.  (Mails from Zhang
Huangbin to bugs@ on May 18, 2016 and December 30, 2016).

I could reproduce this connecting to ldapd(8) with the openLDAP client
tools.


Looking at the source, I found these issues (suggested fixes in
parentheses, tentative patch attached):

- in modify.c:ldap_modify(), in case LDAP_MOD_DELETE there was a check
  for BER_TYPE_SET, however

  1. AttributeValues are always in a set, even if it is empty
 (PartialAttribute, see RFC4511, Section 4.1.7), so that check
 couldn't have worked, even if the right variable had been checked.

  2. The `vals' variable has a value of SET, however the variable
 checked, `vals->be_sup' is already an element of the set, that is,
 either it has a type of EOC (when there are no attribute values),
 or it has a type of OCTETSTRING and contains the first attribute
 value. (Look for a type of BER_TYPE_OCTETSTRING instead).


- in attributes.c:ldap_del_values()

  1. the elements inspected (variables `vk' and `xk') are not those
 containing the attribute values; the attribute values are in `v'
 and `x', `xk' and `vk' are (probably) uninitialized.  (Use `v' and
 `x' instead.)

  2. When freeing the element found, current `v' is freed, and
 `v->be_next' has no meaning anymore. (Use `next' variable to save
 the pointer.)

  3. Always setting `prev' to `v' is wrong when an element has been
 removed. (Set a flag if element is removed and re-set `prev' only
 if the flag isn't set.)


- in ber.c:ber_free_elements() the current and all following elements
  are freed.  (Add ber_free_element() which only frees only the current
  element and use this in attributes.c:ldap_del_values().)


The patch works for 6.0 plus patches; those three files haven't been
touched since before 6.0, though. (I don't have a -current installation
at the moment.  Will make up asap.)


Best Regards
Robert

Index: attributes.c
===
RCS file: /cvs/src/usr.sbin/ldapd/attributes.c,v
retrieving revision 1.3
diff -u -p -r1.3 attributes.c
--- attributes.c	19 Oct 2010 09:34:41 -	1.3
+++ attributes.c	9 Jan 2017 18:47:39 -
@@ -206,9 +206,9 @@ int
 ldap_del_values(struct ber_element *elm, struct ber_element *vals)
 {
 	char			*attr;
-	struct ber_element	*old_vals, *v, *x, *vk, *xk, *prev;
+	struct ber_element	*old_vals, *v, *x, *prev, *next;
 	struct ber_element	*removed;
-
+	int removed_p;
 	assert(elm);
 	assert(vals);
 	assert(vals->be_sub);
@@ -219,19 +219,25 @@ ldap_del_values(struct ber_element *elm,
 	}
 
 	prev = old_vals;
-	for (v = old_vals->be_sub; v; v = v->be_next) {
-		vk = v->be_sub;
+	removed_p = 0;
+	for (v = old_vals->be_sub; v; v = next) {
+next = v->be_next;
+
 		for (x = vals->be_sub; x; x = x->be_next) {
-			xk = x->be_sub;
-			if (xk && vk->be_len == xk->be_len &&
-			memcmp(vk->be_val, xk->be_val, xk->be_len) == 0) {
+			if (x && v->be_len == x->be_len &&
+			memcmp(v->be_val, x->be_val, x->be_len) == 0) {
 removed = ber_unlink_elements(prev);
 ber_link_elements(prev, removed->be_next);
-ber_free_elements(removed);
+ber_free_element(removed);
+removed_p = 1;
 break;
 			}
 		}
-		prev = v;
+		if (removed_p) {
+			removed_p = 0;
+		} else {
+			prev = v;
+		}
 	}
 
 	return 0;
Index: ber.c
===
RCS file: /cvs/src/usr.sbin/ldapd/ber.c,v
retrieving revision 1.11
diff -u -p -r1.11 ber.c
--- ber.c	24 Dec 2015 17:47:57 -	1.11
+++ ber.c	9 Jan 2017 18:47:39 -
@@ -826,6 +826,19 @@ ber_read_elements(struct ber *ber, struc
 }
 
 void
+ber_free_element(struct ber_element *root)
+{
+	if (root->be_sub && (root->be_encoding == BER_TYPE_SEQUENCE ||
+	root->be_encoding == BER_TYPE_SET))
+		ber_free_elements(root->be_sub);
+	if (root->be_free && (root->be_encoding == BER_TYPE_OCTETSTRING ||
+	root->be_encoding == BER_TYPE_BITSTRING ||
+	root->be_encoding == BER_TYPE_OBJECT))
+		free(root->be_val);
+	free(root);
+}
+
+void
 ber_free_elements(struct ber_element *root)
 {
 	if (root->be_sub && (root->be_encoding == BER_TYPE_SEQUENCE ||
Index: ber.h
===
RCS file: /cvs/src/usr.sbin/ldapd/ber.h,v
retrieving revision 1.1
diff -u -p -r1.1 ber.h
--- ber.h	31 May 2010 17:36:31 -	1.1
+++ ber.h	9 Jan 2017 18:47:39 -
@@ -120,6 +120,7 @@ ssize_t			 ber_get_writebuf(struct ber *
 int			 ber_write_elements(struct ber *, struct ber_element *);
 void			 ber_set_readbuf(struct ber *, void *, size_t);
 struct ber_element	*ber_read_elements(struct ber *, struct ber_element *);
+void			 

if() before m_free(9)

[Martin Pieuchot]

m_free(9) handles NULL, no need to check for it beforehand.

Seems that we missed these because of the (void) cast!

ok?

Index: netinet/ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.333
diff -u -p -r1.333 ip_output.c
--- netinet/ip_output.c 19 Dec 2016 09:22:24 -  1.333
+++ netinet/ip_output.c 9 Jan 2017 17:51:52 -
@@ -1074,8 +1074,7 @@ ip_ctloutput(int op, struct socket *so, 
error = ENOPROTOOPT;
break;
}
-   if (m)
-   (void)m_free(m);
+   m_free(m);
break;
 
case PRCO_GETOPT:
@@ -1242,15 +1241,13 @@ ip_pcbopts(struct mbuf **pcbopt, struct 
u_char opt;
 
/* turn off any old options */
-   if (*pcbopt)
-   (void)m_free(*pcbopt);
+   m_free(*pcbopt);
*pcbopt = 0;
if (m == NULL || m->m_len == 0) {
/*
 * Only turning off any previous options.
 */
-   if (m)
-   (void)m_free(m);
+   m_free(m);
return (0);
}
 
Index: netinet/raw_ip.c
===
RCS file: /cvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.90
diff -u -p -r1.90 raw_ip.c
--- netinet/raw_ip.c19 Dec 2016 09:22:24 -  1.90
+++ netinet/raw_ip.c9 Jan 2017 17:52:13 -
@@ -325,8 +325,7 @@ rip_ctloutput(int op, struct socket *so,
inp->inp_flags |= INP_HDRINCL;
else
inp->inp_flags &= ~INP_HDRINCL;
-   if (*mp)
-   (void)m_free(*mp);
+   m_free(*mp);
} else {
*mp = m_get(M_WAIT, M_SOOPTS);
(*mp)->m_len = sizeof(int);
Index: netinet/tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.334
diff -u -p -r1.334 tcp_input.c
--- netinet/tcp_input.c 19 Dec 2016 08:36:49 -  1.334
+++ netinet/tcp_input.c 9 Jan 2017 17:53:03 -
@@ -3340,8 +3340,7 @@ syn_cache_rm(struct syn_cache *sc)
 void
 syn_cache_put(struct syn_cache *sc)
 {
-   if (sc->sc_ipopts)
-   (void) m_free(sc->sc_ipopts);
+   m_free(sc->sc_ipopts);
if (sc->sc_route4.ro_rt != NULL) {
rtfree(sc->sc_route4.ro_rt);
sc->sc_route4.ro_rt = NULL;
@@ -4035,8 +4034,7 @@ syn_cache_add(struct sockaddr *src, stru
 * If we were remembering a previous source route,
 * forget it and use the new one we've been given.
 */
-   if (sc->sc_ipopts)
-   (void) m_free(sc->sc_ipopts);
+   m_free(sc->sc_ipopts);
sc->sc_ipopts = ipopts;
}
sc->sc_timestamp = tb.ts_recent;
@@ -4049,8 +4047,7 @@ syn_cache_add(struct sockaddr *src, stru
 
sc = pool_get(_cache_pool, PR_NOWAIT|PR_ZERO);
if (sc == NULL) {
-   if (ipopts)
-   (void) m_free(ipopts);
+   m_free(ipopts);
return (-1);
}
 
Index: netinet/tcp_subr.c
===
RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.157
diff -u -p -r1.157 tcp_subr.c
--- netinet/tcp_subr.c  20 Dec 2016 09:57:10 -  1.157
+++ netinet/tcp_subr.c  9 Jan 2017 17:52:39 -
@@ -534,8 +534,7 @@ tcp_close(struct tcpcb *tp)
p = q;
}
 #endif
-   if (tp->t_template)
-   (void) m_free(tp->t_template);
+   m_free(tp->t_template);
 
tp->t_flags |= TF_DEAD;
timeout_add(>t_reap_to, 0);
Index: netinet/tcp_usrreq.c
===
RCS file: /cvs/src/sys/netinet/tcp_usrreq.c,v
retrieving revision 1.141
diff -u -p -r1.141 tcp_usrreq.c
--- netinet/tcp_usrreq.c3 Jan 2017 10:52:21 -   1.141
+++ netinet/tcp_usrreq.c9 Jan 2017 17:52:28 -
@@ -569,8 +569,7 @@ tcp_ctloutput(int op, struct socket *so,
error = ENOPROTOOPT;
break;
}
-   if (m)
-   (void) m_free(m);
+   m_free(m);
break;
 
case PRCO_GETOPT:
Index: netinet6/ip6_output.c
===
RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.218
diff -u -p -r1.218 ip6_output.c
--- netinet6/ip6_output.c   18 Nov 2016 02:53:47 -  1.218
+++ netinet6/ip6_output.c   9 Jan 2017 17:53:14 -
@@ -1414,8 +1414,7 @@ 

improve realloc(3)

[Otto Moerbeek]

Hi,

this diff implements some improvements to realloc and some cleanup of
the MALLOC_MOVE code.

1. When shrinking a chunk allocation, compare the size of the current
allocation to the size of the new allocation (instead of the requested size).
Current code does a malloc-free-copy dance in too many cases.

2. Current code takes the easy way and always reallocates if C is
active. This diff fixes by carefully updating the recorded requested
size in all cases, and writing the canary bytes in the proper location
after reallocating.

3. Introduce defines to test if MALLOC_MOVE should be done and to
compute the new value.

Please review and test with you favorite (and other) combination of
malloc flags.

-Otto

Index: malloc.c
===
RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.211
diff -u -p -r1.211 malloc.c
--- malloc.c4 Nov 2016 09:11:20 -   1.211
+++ malloc.c9 Jan 2017 13:35:29 -
@@ -73,6 +73,12 @@
  * Set to zero to be the most strict.
  */
 #define MALLOC_LEEWAY  0
+#define MALLOC_MOVE_COND(sz)   ((sz) - mopts.malloc_guard <\
+   MALLOC_PAGESIZE - MALLOC_LEEWAY)
+#define MALLOC_MOVE(p, sz) (((char *)(p)) +\
+   ((MALLOC_PAGESIZE - MALLOC_LEEWAY - \
+   ((sz) - mopts.malloc_guard)) &  \
+   ~(MALLOC_MINSIZE - 1)))
 
 #define PAGEROUND(x)  (((x) + (MALLOC_PAGEMASK)) & ~MALLOC_PAGEMASK)
 
@@ -199,6 +205,7 @@ char*malloc_options;/* compile-time 
o
 static u_char getrbyte(struct dir_info *d);
 static __dead void wrterror(struct dir_info *d, char *msg, ...)
 __attribute__((__format__ (printf, 2, 3)));
+static void fill_canary(char *ptr, size_t sz, size_t allocated);
 
 #ifdef MALLOC_STATS
 void malloc_dump(int, int, struct dir_info *);
@@ -209,8 +216,8 @@ static void malloc_exit(void);
 #define CALLER NULL
 #endif
 
-/* low bits of r->p determine size: 0 means >= page size and p->size holding
- *  real size, otherwise r->size is a shift count, or 1 for malloc(0)
+/* low bits of r->p determine size: 0 means >= page size and r->size holding
+ * real size, otherwise low bits are a shift count, or 1 for malloc(0)
  */
 #define REALSIZE(sz, r)\
(sz) = (uintptr_t)(r)->p & MALLOC_PAGEMASK, \
@@ -905,23 +912,10 @@ omalloc_make_chunks(struct dir_info *d, 
return bp;
 }
 
-
-/*
- * Allocate a chunk
- */
-static void *
-malloc_bytes(struct dir_info *d, size_t argsize, void *f)
+static int
+find_chunksize(size_t size)
 {
-   int i, j, listnum;
-   size_t  k, size;
-   u_short u, *lp;
-   struct chunk_info *bp;
-
-   if (mopts.malloc_canary != (d->canary1 ^ (u_int32_t)(uintptr_t)d) ||
-   d->canary1 != ~d->canary2)
-   wrterror(d, "internal struct corrupt");
-
-   size = argsize;
+   int i, j;
 
/* Don't bother with anything less than this */
/* unless we have a malloc(0) requests */
@@ -937,6 +931,25 @@ malloc_bytes(struct dir_info *d, size_t 
while (i >>= 1)
j++;
}
+   return j;
+}
+
+/*
+ * Allocate a chunk
+ */
+static void *
+malloc_bytes(struct dir_info *d, size_t size, void *f)
+{
+   int i, j, listnum;
+   size_t  k;
+   u_short u, *lp;
+   struct chunk_info *bp;
+
+   if (mopts.malloc_canary != (d->canary1 ^ (u_int32_t)(uintptr_t)d) ||
+   d->canary1 != ~d->canary2)
+   wrterror(d, "internal struct corrupt");
+
+   j = find_chunksize(size);
 
listnum = getrbyte(d) % MALLOC_CHUNK_LISTS;
/* If it's empty, make a page more of that size chunks */
@@ -990,25 +1003,30 @@ malloc_bytes(struct dir_info *d, size_t 
k += (lp - bp->bits) * MALLOC_BITS;

if (mopts.chunk_canaries)
-   bp->bits[bp->offset + k] = argsize;
+   bp->bits[bp->offset + k] = size;
 
k <<= bp->shift;
 
if (bp->size > 0) {
if (mopts.malloc_junk == 2)
memset((char *)bp->page + k, SOME_JUNK, bp->size);
-   else if (mopts.chunk_canaries) {
-   size_t sz = bp->size - argsize;
-
-   if (sz > CHUNK_CHECK_LENGTH)
-   sz = CHUNK_CHECK_LENGTH;
-   memset((char *)bp->page + k + argsize, SOME_JUNK, sz);
-   }
+   else if (mopts.chunk_canaries)
+   fill_canary((char *)bp->page + k, size, bp->size);
}
return ((char *)bp->page + k);
 }
 
 static void
+fill_canary(char *ptr, size_t sz, size_t allocated)
+{
+   size_t check_sz = allocated - sz;
+
+   if (check_sz > 

Re: Some tweaks for smfb(4)

[Mark Kettenis]

> Date: Mon, 9 Jan 2017 17:54:53 +0100
> From: Frederic Cambus 
> 
> On Tue, Dec 27, 2016 at 11:39:26PM +0100, Frederic Cambus wrote:
> > 
> > > > Here is a diff with some tweaks for smfb(4):
> > > > 
> > > > - Display resolution and color depth when attaching
> > > 
> > > We should try to do so in a uniform way though.  None of our drivers
> > > print the words "frame buffer".  Most of them only print the
> > > resolution, but I can see the additional value of printing the depth
> > > as well.  Perhaps we should do that for the other framebuffers as well.
> > 
> > All other frame buffer drivers on Loongson (radeonfb and sisfb) print
> > it this way, that's why I used the same scheme here. It seems sgi
> > drivers also do it this way.
> > 
> > I'm all for trying to do things in an uniform way though, and find the
> > formatting used by efifb(4) possibly better: ": %dx%d, %dbpp\n". Any
> > thoughts on this?
> 
> Following up on this, here is a revised version of the diff, which only
> keeps the part adding resolution and color depth display when attaching.
> 
> The output has been updated to follow the efifb(4) scheme.
> 
> Comments? OK?

Not sure introducing the 'fb' local variable makes much sense, but
either way, ok kettenis@

> 
> Index: sys/arch/loongson/dev/smfb.c
> ===
> RCS file: /cvs/src/sys/arch/loongson/dev/smfb.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 smfb.c
> --- sys/arch/loongson/dev/smfb.c  21 Oct 2013 10:36:14 -  1.16
> +++ sys/arch/loongson/dev/smfb.c  9 Jan 2017 15:29:54 -
> @@ -202,6 +202,7 @@ void
>  smfb_attach_common(struct smfb_softc *sc, int is5xx, bus_space_tag_t memt,
>  bus_space_handle_t memh, bus_space_tag_t mmiot, bus_space_handle_t mmioh)
>  {
> + struct smfb *fb;
>   struct wsemuldisplaydev_attach_args waa;
>   int console;
>  
> @@ -219,8 +220,9 @@ smfb_attach_common(struct smfb_softc *sc
>   }
>   }
>  
> - /* XXX print resolution */
> - printf("\n");
> + fb = sc->sc_fb;
> + printf(": %dx%d, %dbpp\n",
> + fb->ri.ri_width, fb->ri.ri_height, fb->ri.ri_depth);
>  
>   sc->sc_scrlist[0] = >sc_fb->wsd;
>   sc->sc_wsl.nscreens = 1;
> 

Re: openssl.pc version

[Sebastien Marie]

On Sun, Jan 08, 2017 at 12:29:50PM +0100, Sebastien Marie wrote:
> Hi,
> 
> The "OpenSSL bindings for Rust" checks, using pkg-config, the version of
> openssl installed, and target 1.0.1 as minimal version.
> 
> Under OpenBSD, /usr/lib/pkgconfig/openssl.pc is generated by
> src/lib/libcrypto/generate_pkgconfig.sh, and the "version" is taken from
> SHLIB_VERSION_NUMBER in src/lib/libcrypto/opensslv.h , which is "1.0.0"
> from ages (Oct-2010).
> 
> Does the file should be updated in some way ? I saw LibreSSL -portable
> ship a openssl.pc file with different content (Name: LibreSSL / Version:
> 2.5.0) instead of "Name: OpenSSL" and "Version: 1.0.0" as on OpenBSD.
> 

As LibreSSL forked from 1.0.1g OpenSSL version, I think it makes sens to
report it as 1.0.1 instead of 1.0.0.

Thanks for your comments.
-- 
Sebastien Marie


Index: opensslv.h
===
RCS file: /cvs/src/lib/libcrypto/opensslv.h,v
retrieving revision 1.38
diff -u -p -r1.38 opensslv.h
--- opensslv.h  31 Oct 2016 04:17:17 -  1.38
+++ opensslv.h  9 Jan 2017 17:55:10 -
@@ -12,6 +12,6 @@
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
+#define SHLIB_VERSION_NUMBER "1.0.1"
 
 #endif /* HEADER_OPENSSLV_H */

Re: bpf without KERNEL_LOCK()

[Alexander Bluhm]

On Mon, Jan 09, 2017 at 05:48:17PM +0100, Martin Pieuchot wrote:
>  bpf_detachd(struct bpf_d *d)
>  {
> - struct bpf_if *bp;
> + struct bpf_if *bp = d->bd_bif;
> +
> + MUTEX_ASSERT_LOCKED(>bd_mtx);
>  
> - bp = d->bd_bif;
>   /* Not attached. */
>   if (bp == NULL)
>   return;

Why do you reorder the code and assign bp = d->bd_bif before the
mutex assert?  Why not just put the assert in?

OK bluhm@

Re: {ah,esp}_input_cb() & NET_LOCK()

[Mike Belopuhov]

On 9 January 2017 at 17:44, Visa Hankala  wrote:
> On Mon, Jan 09, 2017 at 04:10:48PM +0100, Martin Pieuchot wrote:
>> As reported by Hrvoje Popovski, these two callbacks also need the
>> NET_LOCK():
>>
>>   splassert: ip_output: want 1 have 0
>>   Starting stack trace...
>>   ip_output() at ip_output+0x7d
>>   pfsync_sendout() at pfsync_sendout+0x499
>>   pfsync_update_tdb() at pfsync_update_tdb+0x13a
>>   esp_input_cb() at esp_input_cb+0x234
>>   taskq_thread() at taskq_thread+0x6c
>>   end trace frame: 0x0, count: 252
>>   End of stack trace.
>>
>> ok?
>
> ok visa@
>
> I guess ipcomp needs similar treatment:
>

Go for it.

Re: Some tweaks for smfb(4)

[Frederic Cambus]

On Tue, Dec 27, 2016 at 11:39:26PM +0100, Frederic Cambus wrote:
> 
> > > Here is a diff with some tweaks for smfb(4):
> > > 
> > > - Display resolution and color depth when attaching
> > 
> > We should try to do so in a uniform way though.  None of our drivers
> > print the words "frame buffer".  Most of them only print the
> > resolution, but I can see the additional value of printing the depth
> > as well.  Perhaps we should do that for the other framebuffers as well.
> 
> All other frame buffer drivers on Loongson (radeonfb and sisfb) print
> it this way, that's why I used the same scheme here. It seems sgi
> drivers also do it this way.
> 
> I'm all for trying to do things in an uniform way though, and find the
> formatting used by efifb(4) possibly better: ": %dx%d, %dbpp\n". Any
> thoughts on this?

Following up on this, here is a revised version of the diff, which only
keeps the part adding resolution and color depth display when attaching.

The output has been updated to follow the efifb(4) scheme.

Comments? OK?

Index: sys/arch/loongson/dev/smfb.c
===
RCS file: /cvs/src/sys/arch/loongson/dev/smfb.c,v
retrieving revision 1.16
diff -u -p -r1.16 smfb.c
--- sys/arch/loongson/dev/smfb.c21 Oct 2013 10:36:14 -  1.16
+++ sys/arch/loongson/dev/smfb.c9 Jan 2017 15:29:54 -
@@ -202,6 +202,7 @@ void
 smfb_attach_common(struct smfb_softc *sc, int is5xx, bus_space_tag_t memt,
 bus_space_handle_t memh, bus_space_tag_t mmiot, bus_space_handle_t mmioh)
 {
+   struct smfb *fb;
struct wsemuldisplaydev_attach_args waa;
int console;
 
@@ -219,8 +220,9 @@ smfb_attach_common(struct smfb_softc *sc
}
}
 
-   /* XXX print resolution */
-   printf("\n");
+   fb = sc->sc_fb;
+   printf(": %dx%d, %dbpp\n",
+   fb->ri.ri_width, fb->ri.ri_height, fb->ri.ri_depth);
 
sc->sc_scrlist[0] = >sc_fb->wsd;
sc->sc_wsl.nscreens = 1;

bpf without KERNEL_LOCK()

[Martin Pieuchot]

I reverted the previous version because Hrvoje Popovski reported the
following recursion:

panic: mtx_enter: locking against myself
mtx_enter()
bpf_mtap_ether()
bnx_start()
ifq_serialize()
if_enqueue()
ether_output()
bpfwrite()

Turns out that bpfwrite() doesn't need to grab the mutex which is here
to protect *read* buffers.  Updated diff below, Hrvoje confirmed it
works for him.

ok?

Index: net/bpf.c
===
RCS file: /cvs/src/sys/net/bpf.c,v
retrieving revision 1.157
diff -u -p -r1.157 bpf.c
--- net/bpf.c   3 Jan 2017 19:28:50 -   1.157
+++ net/bpf.c   9 Jan 2017 15:01:30 -
@@ -116,6 +116,9 @@ int bpf_sysctl_locked(int *, u_int, void
 
 struct bpf_d *bpfilter_lookup(int);
 
+/*
+ * Called holding ``bd_mtx''.
+ */
 void   bpf_attachd(struct bpf_d *, struct bpf_if *);
 void   bpf_detachd(struct bpf_d *);
 void   bpf_resetd(struct bpf_d *);
@@ -260,11 +263,12 @@ bpf_movein(struct uio *uio, u_int linkty
 
 /*
  * Attach file to the bpf interface, i.e. make d listen on bp.
- * Must be called at splnet.
  */
 void
 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
 {
+   MUTEX_ASSERT_LOCKED(>bd_mtx);
+
/*
 * Point d at bp, and add d to the interface's list of listeners.
 * Finally, point the driver's bpf cookie at the interface so
@@ -285,9 +289,10 @@ bpf_attachd(struct bpf_d *d, struct bpf_
 void
 bpf_detachd(struct bpf_d *d)
 {
-   struct bpf_if *bp;
+   struct bpf_if *bp = d->bd_bif;
+
+   MUTEX_ASSERT_LOCKED(>bd_mtx);
 
-   bp = d->bd_bif;
/* Not attached. */
if (bp == NULL)
return;
@@ -313,7 +318,13 @@ bpf_detachd(struct bpf_d *d)
int error;
 
d->bd_promisc = 0;
+
+   bpf_get(d);
+   mtx_leave(>bd_mtx);
error = ifpromisc(bp->bif_ifp, 0);
+   mtx_enter(>bd_mtx);
+   bpf_put(d);
+
if (error && !(error == EINVAL || error == ENODEV))
/*
 * Something is really wrong if we were able to put
@@ -353,6 +364,7 @@ bpfopen(dev_t dev, int flag, int mode, s
bd->bd_unit = unit;
bd->bd_bufsize = bpf_bufsize;
bd->bd_sig = SIGIO;
+   mtx_init(>bd_mtx, IPL_NET);
task_set(>bd_wake_task, bpf_wakeup_cb, bd);
 
if (flag & FNONBLOCK)
@@ -372,15 +384,14 @@ int
 bpfclose(dev_t dev, int flag, int mode, struct proc *p)
 {
struct bpf_d *d;
-   int s;
 
d = bpfilter_lookup(minor(dev));
-   s = splnet();
+   mtx_enter(>bd_mtx);
bpf_detachd(d);
bpf_wakeup(d);
LIST_REMOVE(d, bd_list);
+   mtx_leave(>bd_mtx);
bpf_put(d);
-   splx(s);
 
return (0);
 }
@@ -391,11 +402,13 @@ bpfclose(dev_t dev, int flag, int mode, 
  * Zero the length of the new store buffer.
  */
 #define ROTATE_BUFFERS(d) \
+   KASSERT(d->bd_in_uiomove == 0); \
+   MUTEX_ASSERT_LOCKED(>bd_mtx); \
(d)->bd_hbuf = (d)->bd_sbuf; \
(d)->bd_hlen = (d)->bd_slen; \
(d)->bd_sbuf = (d)->bd_fbuf; \
(d)->bd_slen = 0; \
-   (d)->bd_fbuf = 0;
+   (d)->bd_fbuf = NULL;
 /*
  *  bpfread - read next chunk of packets from buffers
  */
@@ -403,15 +416,17 @@ int
 bpfread(dev_t dev, struct uio *uio, int ioflag)
 {
struct bpf_d *d;
-   int error;
-   int s;
+   caddr_t hbuf;
+   int hlen, error;
+
+   KERNEL_ASSERT_LOCKED();
 
d = bpfilter_lookup(minor(dev));
if (d->bd_bif == NULL)
return (ENXIO);
 
-   s = splnet();
bpf_get(d);
+   mtx_enter(>bd_mtx);
 
/*
 * Restrict application to use a buffer the same size as
@@ -460,8 +475,8 @@ bpfread(dev_t dev, struct uio *uio, int 
error = EWOULDBLOCK;
} else {
if ((d->bd_rdStart + d->bd_rtout) < ticks) {
-   error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf",
-   d->bd_rtout);
+   error = msleep(d, >bd_mtx, PRINET|PCATCH,
+   "bpf", d->bd_rtout);
} else
error = EWOULDBLOCK;
}
@@ -492,22 +507,30 @@ bpfread(dev_t dev, struct uio *uio, int 
/*
 * At this point, we know we have something in the hold slot.
 */
-   splx(s);
+   hbuf = d->bd_hbuf;
+   hlen = d->bd_hlen;
+   d->bd_hbuf = NULL;
+   d->bd_hlen = 0;
+   d->bd_fbuf = NULL;
+   d->bd_in_uiomove = 1;
 
/*
 * Move data from hold buffer into user space.
 * We know the entire buffer is transferred since
 * we checked above that the read buffer is bpf_bufsize bytes.
 */
-   error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
-
-   s = splnet();

Re: {ah,esp}_input_cb() & NET_LOCK()

[Visa Hankala]

On Mon, Jan 09, 2017 at 04:10:48PM +0100, Martin Pieuchot wrote:
> As reported by Hrvoje Popovski, these two callbacks also need the
> NET_LOCK():
> 
>   splassert: ip_output: want 1 have 0
>   Starting stack trace...
>   ip_output() at ip_output+0x7d
>   pfsync_sendout() at pfsync_sendout+0x499
>   pfsync_update_tdb() at pfsync_update_tdb+0x13a
>   esp_input_cb() at esp_input_cb+0x234
>   taskq_thread() at taskq_thread+0x6c
>   end trace frame: 0x0, count: 252
>   End of stack trace.
> 
> ok?

ok visa@

I guess ipcomp needs similar treatment:

Index: netinet/ip_ipcomp.c
===
RCS file: src/sys/netinet/ip_ipcomp.c,v
retrieving revision 1.49
diff -u -p -r1.49 ip_ipcomp.c
--- netinet/ip_ipcomp.c 24 Dec 2016 11:17:35 -  1.49
+++ netinet/ip_ipcomp.c 9 Jan 2017 16:39:16 -
@@ -217,7 +217,7 @@ ipcomp_input_cb(struct cryptop *crp)
return (EINVAL);
}
 
-   s = splsoftnet();
+   NET_LOCK(s);
 
tdb = gettdb(tc->tc_rdomain, tc->tc_spi, >tc_dst, tc->tc_proto);
if (tdb == NULL) {
@@ -254,7 +254,7 @@ ipcomp_input_cb(struct cryptop *crp)
/* Reset the session ID */
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
-   splx(s);
+   NET_UNLOCK(s);
return crypto_dispatch(crp);
}
free(tc, M_XDATA, 0);
@@ -336,11 +336,11 @@ ipcomp_input_cb(struct cryptop *crp)
 
/* Back to generic IPsec input processing */
error = ipsec_common_input_cb(m, tdb, skip, protoff);
-   splx(s);
+   NET_UNLOCK(s);
return error;
 
 baddone:
-   splx(s);
+   NET_UNLOCK(s);
 
m_freem(m);

Re: {ah,esp}_input_cb() & NET_LOCK()

[Mike Belopuhov]

On 9 January 2017 at 16:10, Martin Pieuchot  wrote:
> As reported by Hrvoje Popovski, these two callbacks also need the
> NET_LOCK():
>
> splassert: ip_output: want 1 have 0
> Starting stack trace...
> ip_output() at ip_output+0x7d
> pfsync_sendout() at pfsync_sendout+0x499
> pfsync_update_tdb() at pfsync_update_tdb+0x13a
> esp_input_cb() at esp_input_cb+0x234
> taskq_thread() at taskq_thread+0x6c
> end trace frame: 0x0, count: 252
> End of stack trace.
>
> ok?
>

Yes, IPsec callbacks need the NET_LOCK.

Re: Fix memory leak in LibreSSL/tls_conninfo_free()

[Joel Sing]

On Sunday 08 January 2017 07:59:34 Shuo Chen wrote:
> Valgrind finds out that conninfo->servername is not free()d by
> tls_conninfo_free().
> 
> == HEAP SUMMARY:
> == in use at exit: 83,069 bytes in 2,690 blocks
> ==   total heap usage: 4,107 allocs, 1,417 frees,
> == 339,660 bytes allocated
> ==
> == 17 bytes in 1 blocks are definitely lost in loss record 1 of 266
> ==at 0x4C28C20: malloc (vg_replace_malloc.c:296)
> ==by 0x58F5989: strdup (strdup.c:42)
> ==by 0x40B2C4: tls_conninfo_populate
> ==by 0x408C4F: tls_handshake
> ==by 0x403691: TlsContext::handshake()
> ==by 0x403343: TlsStream::connect(TlsConfig*, char const*,
> ==by 0x407781: main (in /home/schen/recipes/ssl/client)
> ==
> == LEAK SUMMARY:
> ==definitely lost: 17 bytes in 1 blocks
> ==indirectly lost: 0 bytes in 0 blocks
> ==  possibly lost: 0 bytes in 0 blocks
> ==still reachable: 83,052 bytes in 2,689 blocks
> == suppressed: 0 bytes in 0 blocks
> 
> Here's a quick fix.

Committed, thanks!
 
> 
> diff --git a/tls/tls_conninfo.c b/tls/tls_conninfo.c
> --- a/tls/tls_conninfo.c
> +++ b/tls/tls_conninfo.c
> @@ -248,6 +248,8 @@ tls_conninfo_free(struct tls_conninfo *conninfo)
>   conninfo->alpn = NULL;
>   free(conninfo->cipher);
>   conninfo->cipher = NULL;
> + free(conninfo->servername);
> + conninfo->servername = NULL;
>   free(conninfo->version);
>   conninfo->version = NULL;

{ah,esp}_input_cb() & NET_LOCK()

[Martin Pieuchot]

As reported by Hrvoje Popovski, these two callbacks also need the
NET_LOCK():

splassert: ip_output: want 1 have 0
Starting stack trace...
ip_output() at ip_output+0x7d
pfsync_sendout() at pfsync_sendout+0x499
pfsync_update_tdb() at pfsync_update_tdb+0x13a
esp_input_cb() at esp_input_cb+0x234
taskq_thread() at taskq_thread+0x6c
end trace frame: 0x0, count: 252
End of stack trace.

ok?

Index: netinet/ip_ah.c
===
RCS file: /cvs/src/sys/netinet/ip_ah.c,v
retrieving revision 1.124
diff -u -p -r1.124 ip_ah.c
--- netinet/ip_ah.c 24 Dec 2016 11:17:35 -  1.124
+++ netinet/ip_ah.c 9 Jan 2017 15:08:56 -
@@ -727,7 +727,7 @@ ah_input_cb(struct cryptop *crp)
return (EINVAL);
}
 
-   s = splsoftnet();
+   NET_LOCK(s);
 
tdb = gettdb(tc->tc_rdomain, tc->tc_spi, >tc_dst, tc->tc_proto);
if (tdb == NULL) {
@@ -746,7 +746,7 @@ ah_input_cb(struct cryptop *crp)
/* Reset the session ID */
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
-   splx(s);
+   NET_UNLOCK(s);
return crypto_dispatch(crp);
}
free(tc, M_XDATA, 0);
@@ -836,7 +836,7 @@ ah_input_cb(struct cryptop *crp)
m1 = m_getptr(m, skip, );
if (m1 == NULL) {
ahstat.ahs_hdrops++;
-   splx(s);
+   NET_UNLOCK(s);
m_freem(m);
 
DPRINTF(("ah_input(): bad mbuf chain for packet in SA "
@@ -905,11 +905,11 @@ ah_input_cb(struct cryptop *crp)
}
 
error = ipsec_common_input_cb(m, tdb, skip, protoff);
-   splx(s);
+   NET_UNLOCK(s);
return (error);
 
  baddone:
-   splx(s);
+   NET_UNLOCK(s);
 
m_freem(m);
 
Index: netinet/ip_esp.c
===
RCS file: /cvs/src/sys/netinet/ip_esp.c,v
retrieving revision 1.142
diff -u -p -r1.142 ip_esp.c
--- netinet/ip_esp.c24 Dec 2016 11:17:35 -  1.142
+++ netinet/ip_esp.c9 Jan 2017 15:08:56 -
@@ -556,7 +556,7 @@ esp_input_cb(struct cryptop *crp)
return (EINVAL);
}
 
-   s = splsoftnet();
+   NET_LOCK(s);
 
tdb = gettdb(tc->tc_rdomain, tc->tc_spi, >tc_dst, tc->tc_proto);
if (tdb == NULL) {
@@ -575,7 +575,7 @@ esp_input_cb(struct cryptop *crp)
/* Reset the session ID */
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
-   splx(s);
+   NET_UNLOCK(s);
return crypto_dispatch(crp);
}
free(tc, M_XDATA, 0);
@@ -668,7 +668,7 @@ esp_input_cb(struct cryptop *crp)
m1 = m_getptr(m, skip, );
if (m1 == NULL) {
espstat.esps_hdrops++;
-   splx(s);
+   NET_UNLOCK(s);
DPRINTF(("esp_input_cb(): bad mbuf chain, SA %s/%08x\n",
ipsp_address(>tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
@@ -725,7 +725,7 @@ esp_input_cb(struct cryptop *crp)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
espstat.esps_badilen++;
-   splx(s);
+   NET_UNLOCK(s);
DPRINTF(("esp_input_cb(): invalid padding length %d for "
"packet in SA %s/%08x\n", lastthree[1],
ipsp_address(>tdb_dst, buf, sizeof(buf)),
@@ -737,7 +737,7 @@ esp_input_cb(struct cryptop *crp)
/* Verify correct decryption by checking the last padding bytes */
if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0)) {
espstat.esps_badenc++;
-   splx(s);
+   NET_UNLOCK(s);
DPRINTF(("esp_input(): decryption failed for packet in "
"SA %s/%08x\n", ipsp_address(>tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
@@ -753,11 +753,11 @@ esp_input_cb(struct cryptop *crp)
 
/* Back to generic IPsec input processing */
error = ipsec_common_input_cb(m, tdb, skip, protoff);
-   splx(s);
+   NET_UNLOCK(s);
return (error);
 
  baddone:
-   splx(s);
+   NET_UNLOCK(s);
 
m_freem(m);
 

fix EDCA problems in hostap

[Stefan Sperling]

Currently, an athn(4) hostap in 11n mode sending data a fame
looks something like this:

  AP: RTS
  client: CTS
  AP: RTS
  client: CTS
  AP: RTS
  client: CTS
  AP: RTS
  client: CTS
  AP: RTS
  client: CTS
  AP: data
  client: ACK

The problem seems to be that while we're sending EDCA parameters in beacons
which clients will use, these parameters are not programmed into the athn
hardware. We never call the driver's ic_updateedca function in hostap mode.

With the diff below, frame traces are looking better:

  AP: RTS
  client: CTS
  AP: data
  client: ACK
  AP: RTS
  client: CTS
  AP: data
  client: ACK
 
Index: ieee80211_node.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.109
diff -u -p -r1.109 ieee80211_node.c
--- ieee80211_node.c9 Jan 2017 12:40:00 -   1.109
+++ ieee80211_node.c9 Jan 2017 14:36:25 -
@@ -354,6 +354,10 @@ ieee80211_create_ibss(struct ieee80211co
if (ic->ic_flags & IEEE80211_F_WEPON)
ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
if (ic->ic_flags & IEEE80211_F_HTON) {
+   const struct ieee80211_edca_ac_params *ac_qap;
+   struct ieee80211_edca_ac_params *ac;
+   int aci;
+
/* 
 * Default to non-member HT protection until we have a way
 * of picking up information from the environment (such as
@@ -362,6 +366,19 @@ ieee80211_create_ibss(struct ieee80211co
 */
ni->ni_htop1 = IEEE80211_HTPROT_NONMEMBER;
ic->ic_protmode = IEEE80211_PROT_RTSCTS;
+
+   /* Configure QoS EDCA parameters. */
+   for (aci = 0; aci < EDCA_NUM_AC; aci++) {
+   ac = >ic_edca_ac[aci];
+   ac_qap = _qap_edca_table[ic->ic_curmode][aci];
+   ac->ac_acm   = ac_qap->ac_acm;
+   ac->ac_aifsn = ac_qap->ac_aifsn;
+   ac->ac_ecwmin= ac_qap->ac_ecwmin;
+   ac->ac_ecwmax= ac_qap->ac_ecwmax;
+   ac->ac_txoplimit = ac_qap->ac_txoplimit;
+   }
+   if (ic->ic_updateedca)
+   (*ic->ic_updateedca)(ic);
}
if (ic->ic_flags & IEEE80211_F_RSNON) {
struct ieee80211_key *k;
Index: ieee80211_output.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_output.c,v
retrieving revision 1.113
diff -u -p -r1.113 ieee80211_output.c
--- ieee80211_output.c  9 Jan 2017 13:01:37 -   1.113
+++ ieee80211_output.c  9 Jan 2017 13:43:41 -
@@ -306,7 +306,7 @@ static const struct ieee80211_edca_ac_pa
 #endif
 
 #ifndef IEEE80211_STA_ONLY
-static const struct ieee80211_edca_ac_params
+const struct ieee80211_edca_ac_params
 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = {
[IEEE80211_MODE_11B] = {
[EDCA_AC_BK] = { 5, 10, 7,   0 },
Index: ieee80211_var.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
retrieving revision 1.74
diff -u -p -r1.74 ieee80211_var.h
--- ieee80211_var.h 9 Jan 2017 12:40:00 -   1.74
+++ ieee80211_var.h 9 Jan 2017 13:54:07 -
@@ -160,6 +160,9 @@ struct ieee80211_edca_ac_params {
u_int8_tac_acm;
 };
 
+extern const struct ieee80211_edca_ac_params
+   ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC];
+
 #define IEEE80211_DEFRAG_SIZE  3   /* must be >= 3 according to spec */
 /*
  * Entry in the fragment cache.

Re: openbgpd: support for bgp administrative shutdown communication

[Peter van Dijk]

Hello Sebastian,

On 8 Jan 2017, at 22:10, Sebastian Benoit wrote:


Job Snijders(j...@instituut.net) on 2017.01.08 20:24:19 +0100:

Dear OpenBSD developers,

This patch adds support for the "BGP Administrative Shutdown
Communication" to bgpd(8) and bgpctl(8).


Hi Job and Peter,

thanks, this is nice!


Thank you :)


 .Re
 .Pp
 .Rs
+.%A J. Snijders
+.%A J. Heitz
+.%A K. Patel
+.%A I. Bagdonas
+.%A A. Simpson
+.%D January 2017
+.%R draft-ietf-idr-large-community
+.%T Large BGP Communities Attribute


this duplicates this entry

also newer stuff sould go to the bottom of the list i believe.


While there is some overlap in authors, these are different entries. If 
it should go to the bottom then both of them are in the wrong place - 
maybe we should fix this afterwards in a separate commit?



+.%D January 2017
+.%R draft-ietf-idr-shutdown
+.%T BGP Administrative Shutdown Communication
+   p+=shutcomm_len;


please add spaces around +=


Fixed locally + next three.


+   p = communication;
+   for (q = buf; *p && q < [sizeof(buf) - 1]; p++) {
+   if (*p == '\n')
+   *q++ = ' ';
+   else
+   q = vis(q, *p, 0, 0);
+   }
+   *q = '\0';
+
+   return buf;


while i think this is correct, would it not be easier to encode \n as
control char with VIS_NL?

then you could just use strnvis()


Ah! I just stole this code from syslogd.c without checking if we could 
do better. Have changed it to a single strnvis call locally, with 
VIS_NL, and also added VIS_OCTAL while at it because it will be more 
familiar to admins and because the tcpdump patch for shutcomm also uses 
octal.


Thanks for the review, Sebastian. I’ll wait for some more feedback 
before resubmitting.


Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

Re: 11n support for athn(4)

[Stefan Sperling]

On Mon, Jan 09, 2017 at 01:54:55PM +0100, Stefan Sperling wrote:
> For Linux clients a fix for WME params is needed which I also posted to tech@.

That fix is now committed.

Re: SHA1(3): remove usage of No macro

[Ingo Schwarze]

Hi,

Ingo Schwarze wrote on Mon, Jan 09, 2017 at 01:35:59PM +0100:
>  Anton Lindqvist wrote on Mon, Jan 09, 2017 at 09:02:37AM +0100:

>> The following paragraph from the SHA1(3) man-page looks odd in its HTML
>> representation:
>> 
>> $ sed -n 214p /usr/src/lib/libcrypto/man/SHA1.3
>> .Pq Fa len No bytes at Fa data .
>> 
>> The No macro causes "bytes at" to be wrapped inside a code-tag and not
>> be rendered as unformatted text.

> Wait, that's an outright bug in the mandoc(1) HTML formatter: [...]

Fixed in OpenBSD-current, on bsd.lv, and on man.openbsd.org
with the commit below.

Thanks for the report,
  Ingo


Log Message:
---
The .No macro is not supposed to produce fixed-width font, it is not
the same as .Li, so don't use .
Bug reported by  on tech@.

Modified Files:
--
mdocml:
mdoc_html.c

Revision Data
-
Index: mdoc_html.c
===
RCS file: /home/cvs/mdocml/mdocml/mdoc_html.c,v
retrieving revision 1.241
retrieving revision 1.242
diff -Lmdoc_html.c -Lmdoc_html.c -u -p -r1.241 -r1.242
--- mdoc_html.c
+++ mdoc_html.c
@@ -1849,7 +1849,7 @@ mdoc_no_pre(MDOC_ARGS)
struct htmlpair tag;
 
PAIR_CLASS_INIT(, "none");
-   print_otag(h, TAG_CODE, 1, );
+   print_otag(h, TAG_SPAN, 1, );
return 1;
 }
 

Re: ports build failure, max_align_t

[Mark Kettenis]

> Date: Mon, 9 Jan 2017 12:14:21 +0100
> From: Marc Espie 
> 
> On Sun, Jan 08, 2017 at 09:53:50PM +, Stuart Henderson wrote:
> > graphics/ttfautohint
> > 
> > c++ -std=gnu++11 -DHAVE_CONFIG_H -I. -I..   -I../lib  -I../gnulib/src  
> > -I../gnulib/src  -I/usr/X11R6/include/freetype2   -O2 -pipe -MT info.o -MD 
> > -MP -MF .deps/info.Tpo -c -o info.o info.cpp
> > In file included from ../gnulib/src/stdio.h:53:0,
> >  from info.cpp:15:
> > ../gnulib/src/stddef.h:106:3: error: conflicting declaration 'typedef union 
> > max_align_t max_align_t'
> >  } max_align_t;
> >^
> > In file included from ../gnulib/src/stddef.h:55:0,
> >  from ../gnulib/src/stdio.h:53,
> >  from info.cpp:15:
> > /usr/include/stddef.h:80:3: note: previous declaration as 'typedef struct 
> > max_align_t max_align_t'
> >  } max_align_t;
> >^
> Well, gnu/stddef.h has no business redefining max_align_t
> 
> That said, I don't see any way that our definition can be right. It should be
> an union.

The definition is carefully chosen to match what both gcc and clang
provide.  There are apparently a lot of subtleties involved, and
possibly compiler bugs that this works around.

11n support for athn(4)

[Stefan Sperling]

This diff adds 11n support to the athn(4) driver.
Requires -current net80211 code from today.

Tested in hostap mode and client mode with:
athn0 at pci1 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 2 int 16
athn0: AR9280 rev 2 (2T2R), ROM rev 22, adddress xx:xx:xx:xx:xx:xx

And in client mode with:
athn0 at uhub1 port 2 configuration 1 interface 0 "ATHEROS USB2.0 WLAN" rev 
2.00/1.08 addr 2
athn0: AR9271 rev 1 (1T1R), ROM rev 13, address xx:xx:xx:xx:xx:xx

Hostap performance is not perfect yet but should be no worse than
11a/b/g modes in the same environment.

For Linux clients a fix for WME params is needed which I also posted to tech@.

This diff does not modify the known-broken and disabled ar9003 code,
apart from making sure it still builds.

I'm looking for both tests and OKs.

Index: dev/cardbus/if_athn_cardbus.c
===
RCS file: /cvs/src/sys/dev/cardbus/if_athn_cardbus.c,v
retrieving revision 1.14
diff -u -p -r1.14 if_athn_cardbus.c
--- dev/cardbus/if_athn_cardbus.c   24 Nov 2015 17:11:39 -  1.14
+++ dev/cardbus/if_athn_cardbus.c   8 Jan 2017 09:31:28 -
@@ -43,6 +43,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 #include 
Index: dev/ic/ar5008.c
===
RCS file: /cvs/src/sys/dev/ic/ar5008.c,v
retrieving revision 1.37
diff -u -p -r1.37 ar5008.c
--- dev/ic/ar5008.c 29 Nov 2016 10:22:30 -  1.37
+++ dev/ic/ar5008.c 9 Jan 2017 10:14:41 -
@@ -51,6 +51,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 #include 
@@ -217,7 +218,7 @@ ar5008_attach(struct athn_softc *sc)
sc->flags |= ATHN_FLAG_11A;
if (base->opCapFlags & AR_OPFLAGS_11G)
sc->flags |= ATHN_FLAG_11G;
-   if (base->opCapFlags & AR_OPFLAGS_11N)
+   if ((base->opCapFlags & AR_OPFLAGS_11N_DISABLED) == 0)
sc->flags |= ATHN_FLAG_11N;
 
IEEE80211_ADDR_COPY(ic->ic_myaddr, base->macAddr);
@@ -952,9 +953,11 @@ ar5008_tx_process(struct athn_softc *sc,
struct ifnet *ifp = >ic_if;
struct athn_txq *txq = >txq[qid];
struct athn_node *an;
+   struct ieee80211_node *ni;
struct athn_tx_buf *bf;
struct ar_tx_desc *ds;
uint8_t failcnt;
+   int txfail;
 
bf = SIMPLEQ_FIRST(>head);
if (bf == NULL)
@@ -970,13 +973,16 @@ ar5008_tx_process(struct athn_softc *sc,
 
sc->sc_tx_timer = 0;
 
-   if (ds->ds_status1 & AR_TXS1_EXCESSIVE_RETRIES)
+   txfail = (ds->ds_status1 & AR_TXS1_EXCESSIVE_RETRIES);
+   if (txfail)
ifp->if_oerrors++;
 
if (ds->ds_status1 & AR_TXS1_UNDERRUN)
athn_inc_tx_trigger_level(sc);
 
an = (struct athn_node *)bf->bf_ni;
+   ni = (struct ieee80211_node *)bf->bf_ni;
+
/*
 * NB: the data fail count contains the number of un-acked tries
 * for the final series used.  We must add the number of tries for
@@ -987,10 +993,27 @@ ar5008_tx_process(struct athn_softc *sc,
failcnt += MS(ds->ds_status9, AR_TXS9_FINAL_IDX) * 2;
 
/* Update rate control statistics. */
-   an->amn.amn_txcnt++;
-   if (failcnt > 0)
-   an->amn.amn_retrycnt++;
-
+   if (ni->ni_flags & IEEE80211_NODE_HT) {
+   an->mn.frames++;
+   an->mn.ampdu_size = bf->bf_m->m_pkthdr.len + IEEE80211_CRC_LEN;
+   an->mn.agglen = 1; /* XXX We do not yet support Tx agg. */
+   if (failcnt > 0)
+   an->mn.retries++;
+   if (txfail)
+   an->mn.txfail++;
+   if ((ic->ic_opmode == IEEE80211_M_STA &&
+   ic->ic_state == IEEE80211_S_RUN)
+#ifndef IEEE80211_STA_ONLY
+   || (ic->ic_opmode == IEEE80211_M_HOSTAP &&
+   ni->ni_state == IEEE80211_STA_ASSOC)
+#endif
+   )
+   ieee80211_mira_choose(>mn, ic, ni);
+   } else {
+   an->amn.amn_txcnt++;
+   if (failcnt > 0)
+   an->amn.amn_retrycnt++;
+   }
DPRINTFN(5, ("Tx done qid=%d status1=%d fail count=%d\n",
qid, ds->ds_status1, failcnt));
 
@@ -1110,7 +1133,7 @@ ar5008_swba_intr(struct athn_softc *sc)
ds->ds_ctl2 = SM(AR_TXC2_XMIT_DATA_TRIES0, 1);
 
/* Write Tx rate. */
-   ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
+   ridx = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ?
ATHN_RIDX_OFDM6 : ATHN_RIDX_CCK1;
hwrate = athn_rates[ridx].hwrate;
ds->ds_ctl3 = SM(AR_TXC3_XMIT_RATE0, hwrate);
@@ -1315,15 +1338,25 @@ ar5008_tx(struct athn_softc *sc, struct 
IEEE80211_FC0_TYPE_DATA) {
/* Use lowest rate for all tries. */
ridx[0] = ridx[1] = ridx[2] = ridx[3] =
-   (ic->ic_curmode == IEEE80211_MODE_11A) ?
-   ATHN_RIDX_OFDM6 : ATHN_RIDX_CCK1;

Re: SHA1(3): remove usage of No macro

[Ingo Schwarze]

Hi,

 Anton Lindqvist wrote on Mon, Jan 09, 2017 at 09:02:37AM +0100:

> The following paragraph from the SHA1(3) man-page looks odd in its HTML
> representation:
> 
> $ sed -n 214p /usr/src/lib/libcrypto/man/SHA1.3
> .Pq Fa len No bytes at Fa data .
> 
> The No macro causes "bytes at" to be wrapped inside a code-tag and not
> be rendered as unformatted text.

Wait, that's an outright bug in the mandoc(1) HTML formatter:

schwarze@isnote $ echo .Em italic , Sy bold , No and roman | \
> mandoc -mdoc -Thtml -Ofragment
[...]
italic, bold,
and roman

Whereas the mdoc manual very clearly says:

   No
 Normal text.  Closes the scope of any preceding in-line macro.
 When used after physical formatting macros like Em or Sy,
 switches back to the standard font face and weight.
 Can also be used to embed plain text strings in macro lines
 using semantic annotation macros.

 Examples:
   .Em italic , Sy bold , No and roman

> Splitting the line solves the problem:

It seems a matter of taste whether you prefer the more compact
form or the more verbose five-line form, but it shouldn't make
a difference for the markup produced.

Yours,
  Ingo

> Index: SHA1.3
> ===
> RCS file: /cvs/src/lib/libcrypto/man/SHA1.3,v
> retrieving revision 1.4
> diff -u -p -r1.4 SHA1.3
> --- SHA1.32 Dec 2016 19:28:41 -   1.4
> +++ SHA1.38 Jan 2017 19:31:13 -
> @@ -211,7 +211,11 @@ structure.
>  .Pp
>  .Fn SHA1_Update
>  can be called repeatedly with chunks of the message to be hashed
> -.Pq Fa len No bytes at Fa data .
> +.Po
> +.Fa len
> +bytes at
> +.Fa data
> +.Pc
>  .Pp
>  .Fn SHA1_Final
>  places the message digest in

Re: ports build failure, max_align_t

[Mark Kettenis]

> Date: Sun, 8 Jan 2017 21:53:50 +
> From: Stuart Henderson 
> 
> graphics/ttfautohint
> 
> c++ -std=gnu++11 -DHAVE_CONFIG_H -I. -I..   -I../lib  -I../gnulib/src  
> -I../gnulib/src  -I/usr/X11R6/include/freetype2   -O2 -pipe -MT info.o -MD 
> -MP -MF .deps/info.Tpo -c -o info.o info.cpp
> In file included from ../gnulib/src/stdio.h:53:0,
>  from info.cpp:15:
> ../gnulib/src/stddef.h:106:3: error: conflicting declaration 'typedef union 
> max_align_t max_align_t'
>  } max_align_t;
>^
> In file included from ../gnulib/src/stddef.h:55:0,
>  from ../gnulib/src/stdio.h:53,
>  from info.cpp:15:
> /usr/include/stddef.h:80:3: note: previous declaration as 'typedef struct 
> max_align_t max_align_t'
>  } max_align_t;
>^

See the mail I sent to hackers.  Nobody replied to that yet...

provide wme params if acting as 11n hostap

[Stefan Sperling]

Linux clients won't use 11n with an AP unless the AP provides WME parameters.

This is the reverse of the problem we had when Linux APs did not want
to use 11n with OpenBSD clients who did not send a wme info element in
association requests.

Tested with 11n-enabled athn(4) OpenBSD hostap and an Ubuntu client.

ok?

Index: ieee80211_output.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_output.c,v
retrieving revision 1.112
diff -u -p -r1.112 ieee80211_output.c
--- ieee80211_output.c  9 Jan 2017 09:30:02 -   1.112
+++ ieee80211_output.c  9 Jan 2017 11:54:41 -
@@ -1207,7 +1207,7 @@ ieee80211_get_probe_resp(struct ieee8021
(((ic->ic_flags & IEEE80211_F_RSNON) &&
  (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ?
2 + IEEE80211_WPAIE_MAXLEN : 0) +
-   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0));
+   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0));
if (m == NULL)
return NULL;
 
@@ -1236,6 +1236,7 @@ ieee80211_get_probe_resp(struct ieee8021
if (ic->ic_flags & IEEE80211_F_HTON) {
frm = ieee80211_add_htcaps(frm, ic);
frm = ieee80211_add_htop(frm, ic);
+   frm = ieee80211_add_wme_param(frm, ic);
}
 
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
@@ -1397,7 +1398,7 @@ ieee80211_get_assoc_resp(struct ieee8021
2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) +
((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) +
((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) +
-   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0));
+   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0));
if (m == NULL)
return NULL;
 
@@ -1422,6 +1423,7 @@ ieee80211_get_assoc_resp(struct ieee8021
if (ic->ic_flags & IEEE80211_F_HTON) {
frm = ieee80211_add_htcaps(frm, ic);
frm = ieee80211_add_htop(frm, ic);
+   frm = ieee80211_add_wme_param(frm, ic);
}
 
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
@@ -1825,7 +1827,7 @@ ieee80211_beacon_alloc(struct ieee80211c
(((ic->ic_flags & IEEE80211_F_RSNON) &&
  (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ?
2 + IEEE80211_WPAIE_MAXLEN : 0) +
-   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0));
+   ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0));
if (m == NULL)
return NULL;
 
@@ -1871,6 +1873,7 @@ ieee80211_beacon_alloc(struct ieee80211c
if (ic->ic_flags & IEEE80211_F_HTON) {
frm = ieee80211_add_htcaps(frm, ic);
frm = ieee80211_add_htop(frm, ic);
+   frm = ieee80211_add_wme_param(frm, ic);
}
 
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);

Re: ftp(1): anonymous login and .netrc

[Vadim Zhukov]

2017-01-04 11:51 GMT+03:00 Anton Lindqvist :
> I'm running a script as root which drops privileges while fetching files
> using ftp(1) with anonymous login enabled:
>
> # doas -u unpriv ftp -a URL
>
> ... and was surprised to see the following error:
>
> ftp: /root/.netrc: Permission denied
>
> I'm not sure if the .netrc file should be considered when anonymous
> login is enabled. If not, here's a patch:
>
> Index: util.c
> ===
> RCS file: /cvs/src/usr.bin/ftp/util.c,v
> retrieving revision 1.81
> diff -u -p -r1.81 util.c
> --- util.c  20 Aug 2016 20:18:42 -  1.81
> +++ util.c  3 Jan 2017 20:19:16 -
> @@ -221,7 +221,7 @@ ftp_login(const char *host, char *user,
> struct passwd *pw;
>
>  #ifndef SMALL
> -   if (user == NULL) {
> +   if (user == NULL && !anonftp) {
> if (ruserpass(host, , , ) < 0) {
> code = -1;
> return (0);
>

The diff looks like correct to me, okay@ for anyone willing to commit.

--
  WBR,
  Vadim Zhukov

Re: ports build failure, max_align_t

[Marc Espie]

On Sun, Jan 08, 2017 at 09:53:50PM +, Stuart Henderson wrote:
> graphics/ttfautohint
> 
> c++ -std=gnu++11 -DHAVE_CONFIG_H -I. -I..   -I../lib  -I../gnulib/src  
> -I../gnulib/src  -I/usr/X11R6/include/freetype2   -O2 -pipe -MT info.o -MD 
> -MP -MF .deps/info.Tpo -c -o info.o info.cpp
> In file included from ../gnulib/src/stdio.h:53:0,
>  from info.cpp:15:
> ../gnulib/src/stddef.h:106:3: error: conflicting declaration 'typedef union 
> max_align_t max_align_t'
>  } max_align_t;
>^
> In file included from ../gnulib/src/stddef.h:55:0,
>  from ../gnulib/src/stdio.h:53,
>  from info.cpp:15:
> /usr/include/stddef.h:80:3: note: previous declaration as 'typedef struct 
> max_align_t max_align_t'
>  } max_align_t;
>^
Well, gnu/stddef.h has no business redefining max_align_t

That said, I don't see any way that our definition can be right. It should be
an union.

manage HT protection when acting as hostap

[Stefan Sperling]

This diff cannot be tested yet -- I'm looking for OKs only :-)

Manage the HT protection setting if acting as hostap with 11n enabled.

For now we flip-flop only between non-member protection and non-HT protection.
Running a HT network without protection would require monitoring environmental
conditions (e.g. foreign beacons) which make HT protection necessary.

The ic_update_htprot driver function becomes optional because it won't be
needed by all drivers. Only call it if the driver has set a function pointer.

Index: ieee80211_input.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.180
diff -u -p -r1.180 ieee80211_input.c
--- ieee80211_input.c   21 Sep 2016 12:21:27 -  1.180
+++ ieee80211_input.c   9 Jan 2017 10:07:34 -
@@ -1612,7 +1612,8 @@ ieee80211_recv_probe_resp(struct ieee802
htprot_last, htprot));
ic->ic_stats.is_ht_prot_change++;
ic->ic_bss->ni_htop1 = ni->ni_htop1;
-   ic->ic_update_htprot(ic, ic->ic_bss);
+   if (ic->ic_update_htprot)
+   ic->ic_update_htprot(ic, ic->ic_bss);
}
}
 
Index: ieee80211_node.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.108
diff -u -p -r1.108 ieee80211_node.c
--- ieee80211_node.c9 Jan 2017 09:31:18 -   1.108
+++ ieee80211_node.c9 Jan 2017 10:07:57 -
@@ -353,6 +353,16 @@ ieee80211_create_ibss(struct ieee80211co
ni->ni_capinfo = IEEE80211_CAPINFO_IBSS;
if (ic->ic_flags & IEEE80211_F_WEPON)
ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
+   if (ic->ic_flags & IEEE80211_F_HTON) {
+   /* 
+* Default to non-member HT protection until we have a way
+* of picking up information from the environment (such as
+* beacons from other networks) which proves that only HT
+* STAs are on the air.
+*/
+   ni->ni_htop1 = IEEE80211_HTPROT_NONMEMBER;
+   ic->ic_protmode = IEEE80211_PROT_RTSCTS;
+   }
if (ic->ic_flags & IEEE80211_F_RSNON) {
struct ieee80211_key *k;
 
@@ -1423,7 +1433,15 @@ ieee80211_needs_auth(struct ieee80211com
 void
 ieee80211_node_join_ht(struct ieee80211com *ic, struct ieee80211_node *ni)
 {
-   /* TBD */
+   enum ieee80211_htprot;
+
+   /* Update HT protection setting. */
+   if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) {
+   ic->ic_nonhtsta++;
+   ic->ic_bss->ni_htop1 = IEEE80211_HTPROT_NONHT_MIXED;
+   if (ic->ic_update_htprot)
+   ic->ic_update_htprot(ic, ic->ic_bss);
+   }
 }
 
 /*
@@ -1712,6 +1730,16 @@ ieee80211_node_leave(struct ieee80211com
 
if (ni->ni_flags & IEEE80211_NODE_HT)
ieee80211_node_leave_ht(ic, ni);
+   else if (ic->ic_flags & IEEE80211_F_HTON) {
+   if (ic->ic_nonhtsta == 0)
+   panic("bogus non-HT station count %d", ic->ic_nonhtsta);
+   if (--ic->ic_nonhtsta == 0) {
+   /* All associated stations now support HT. */
+   ic->ic_bss->ni_htop1 = IEEE80211_HTPROT_NONMEMBER;
+   if (ic->ic_update_htprot)
+   ic->ic_update_htprot(ic, ic->ic_bss);
+   }
+   }
 
if (ic->ic_node_leave != NULL)
(*ic->ic_node_leave)(ic, ni);
Index: ieee80211_var.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_var.h,v
retrieving revision 1.73
diff -u -p -r1.73 ieee80211_var.h
--- ieee80211_var.h 17 Dec 2016 18:35:54 -  1.73
+++ ieee80211_var.h 8 Jan 2017 21:11:30 -
@@ -310,6 +310,9 @@ struct ieee80211com {
u_int   ic_dtim_period;
u_int   ic_dtim_count;
 
+#ifndef IEEE80211_STA_ONLY
+   u_int16_t   ic_nonhtsta;/* # non-HT stations */
+#endif
u_int32_t   ic_txbfcaps;
u_int16_t   ic_htcaps;
u_int8_tic_ampdu_params;

syslogd fd_tls variable

[Alexander Bluhm]

Hi,

To implement multiple tls listen sockets in syslogd, I have to get
rid of the global variable fd_tls first.

ok?

bluhm

Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.227
diff -u -p -r1.227 syslogd.c
--- usr.sbin/syslogd/syslogd.c  2 Jan 2017 15:58:02 -   1.227
+++ usr.sbin/syslogd/syslogd.c  9 Jan 2017 09:30:25 -
@@ -272,7 +272,7 @@ size_t  ctl_reply_offset = 0;   /* Number o
 char   *linebuf;
 int linesize;
 
-int fd_ctlconn, fd_udp, fd_udp6, fd_tls;
+int fd_ctlconn, fd_udp, fd_udp6;
 struct event   *ev_ctlaccept, *ev_ctlread, *ev_ctlwrite;
 
 struct peer {
@@ -291,6 +291,8 @@ void unix_readcb(int, short, void *);
 int reserve_accept4(int, int, struct event *,
 void (*)(int, short, void *), struct sockaddr *, socklen_t *, int);
 voidtcp_acceptcb(int, short, void *);
+voidtls_acceptcb(int, short, void *);
+voidacceptcb(int, short, void *, int);
 int octet_counting(struct evbuffer *, char **, int);
 int non_transparent_framing(struct evbuffer *, char **);
 voidtcp_readcb(struct bufferevent *, void *);
@@ -354,7 +356,7 @@ main(int argc, char *argv[])
int  ch, i;
int  lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
int  fd_ctlsock, fd_klog, fd_sendsys, *fd_bind, *fd_listen;
-   int *fd_unix, nbind, nlisten;
+   int  fd_tls, *fd_unix, nbind, nlisten;
char**bind_host, **bind_port, **listen_host, **listen_port;
char*tls_hostport, *tls_host, *tls_port;
 
@@ -772,7 +774,7 @@ main(int argc, char *argv[])
for (i = 0; i < nlisten; i++)
event_set(_listen[i], fd_listen[i], EV_READ|EV_PERSIST,
tcp_acceptcb, _listen[i]);
-   event_set(ev_tls, fd_tls, EV_READ|EV_PERSIST, tcp_acceptcb, ev_tls);
+   event_set(ev_tls, fd_tls, EV_READ|EV_PERSIST, tls_acceptcb, ev_tls);
for (i = 0; i < nunix; i++)
event_set(_unix[i], fd_unix[i], EV_READ|EV_PERSIST,
unix_readcb, _unix[i]);
@@ -1088,6 +1090,18 @@ reserve_accept4(int lfd, int event, stru
 void
 tcp_acceptcb(int lfd, short event, void *arg)
 {
+   acceptcb(lfd, event, arg, 0);
+}
+
+void
+tls_acceptcb(int lfd, short event, void *arg)
+{
+   acceptcb(lfd, event, arg, 1);
+}
+
+void
+acceptcb(int lfd, short event, void *arg, int usetls)
+{
struct event*ev = arg;
struct peer *p;
struct sockaddr_storage  ss;
@@ -1132,7 +1146,7 @@ tcp_acceptcb(int lfd, short event, void 
return;
}
p->p_ctx = NULL;
-   if (lfd == fd_tls) {
+   if (usetls) {
if (tls_accept_socket(server_ctx, >p_ctx, fd) < 0) {
snprintf(ebuf, sizeof(ebuf), "tls_accept_socket \"%s\"",
peername);

SHA1(3): remove usage of No macro

[Anton Lindqvist]

The following paragraph from the SHA1(3) man-page looks odd in its HTML
representation:

$ sed -n 214p /usr/src/lib/libcrypto/man/SHA1.3
.Pq Fa len No bytes at Fa data .

The No macro causes "bytes at" to be wrapped inside a code-tag and not
be rendered as unformatted text. Splitting the line solves the problem:

Index: SHA1.3
===
RCS file: /cvs/src/lib/libcrypto/man/SHA1.3,v
retrieving revision 1.4
diff -u -p -r1.4 SHA1.3
--- SHA1.3  2 Dec 2016 19:28:41 -   1.4
+++ SHA1.3  8 Jan 2017 19:31:13 -
@@ -211,7 +211,11 @@ structure.
 .Pp
 .Fn SHA1_Update
 can be called repeatedly with chunks of the message to be hashed
-.Pq Fa len No bytes at Fa data .
+.Po
+.Fa len
+bytes at
+.Fa data
+.Pc
 .Pp
 .Fn SHA1_Final
 places the message digest in