Re: pflow(4) percpu counters
Florian Obser writes: > On Sat, Feb 18, 2017 at 06:06:01PM +0100, Jeremie Courreges-Anglas wrote: >> >> This one is a bit weird, the driver doesn't just increment the stats but >> also uses them at runtime, hence the additional helper functions. > > I'm wondering if we should just drop the reading. > We have two cases, the init case and the packet sending case. > First the sending case: > Isn't this always true? > if (pflowstats.pflow_flows == sc->sc_gcounter) > If yes we can just skip that and do the inc. > > The init case tries to preserve the flow counter betwen ifdown/ifup > Maybe we should just init the global counter to 0, like on reboot. > Benno? revision 1.9 date: 2009/01/03 21:47:32; author: gollo; state: Exp; lines: +11 -7; sync flow sequence ids on all used pflow interfaces. Right now I can't tell whether this change makes little or a lot of sense, so I'd better not touch this. :) In any case, the use of the counters API in this first diff doesn't make sense, please disregard it. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: npppd: reload enables stripping NT domains on radius
On Tue, Feb 21, 2017 at 02:11:05PM +0900, YASUOKA Masahiko wrote: > Hi, > > On Mon, 20 Feb 2017 11:38:19 +0100 > Patrick Wildt wrote: > > when using RADIUS, the NT domains should not be stripped from the > > username. > > I suppose it depends on the use-case. > > npppd.conf(5) mentions "strip-nt-domain" is "yes" by default and > adding "strip-nt-domain no" in "authentication type radius" > section of npppd.conf should be able to change that behavior. > > authentication RADIUS type radius { > strip-nt-domain no > authentication-server { > : > > Doesn't this help? > > > When a base object is instantiated based on an auth object, > > the "strip_nt_domain" variable is always enforced to zero in case of > > using RADIUS. The auth object itself though has it set to one by > > default. > > > > Now on configuration reload in npppd_auth_reload(), the value is copied > > from the corresponding auth object to the base object. > > > > base->strip_nt_domain = auth->strip_nt_domain; > > > > Unfortunately in the case of RADIUS, this means that the RADIUS base > > object gets overridden. So in that case reset it to zero like it's > > done in npppd_auth_create(). > > Thank you for pointing this out. > > Code in npppd_auth.c seems to be misleading. I'd like to make it > clear that the default values always come from the configuration like > below. > > diff --git a/usr.sbin/npppd/npppd/npppd_auth.c > b/usr.sbin/npppd/npppd/npppd_auth.c > index 101f8cc..11943c2 100644 > --- a/usr.sbin/npppd/npppd/npppd_auth.c > +++ b/usr.sbin/npppd/npppd/npppd_auth.c > @@ -75,8 +75,6 @@ npppd_auth_create(int auth_type, const char *name, void > *_npppd) > case NPPPD_AUTH_TYPE_LOCAL: > if ((base = calloc(1, sizeof(npppd_auth_local))) != NULL) { > base->type = NPPPD_AUTH_TYPE_LOCAL; > - base->strip_nt_domain = 1; > - base->strip_atmark_realm = 0; > strlcpy(base->name, name, sizeof(base->name)); > base->npppd = _npppd; > > @@ -89,7 +87,6 @@ npppd_auth_create(int auth_type, const char *name, void > *_npppd) > if ((base = calloc(1, sizeof(npppd_auth_radius))) != NULL) { > npppd_auth_radius *_this = (npppd_auth_radius *)base; > base->type = NPPPD_AUTH_TYPE_RADIUS; > - base->strip_nt_domain = 0; > strlcpy(base->name, name, sizeof(base->name)); > base->npppd = _npppd; > if ((_this->rad_auth_setting = > > I like consistency, so this is better. While there, please adjust the manpage, since it is wrong about strip-nt-domain's default value. ok patrick@ diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 b/usr.sbin/npppd/npppd/npppd.conf.5 index aef090ea45b..cdfb8331a97 100644 --- a/usr.sbin/npppd/npppd/npppd.conf.5 +++ b/usr.sbin/npppd/npppd/npppd.conf.5 @@ -569,7 +569,7 @@ removes the NT domain prefix, such as '\e\eNTDOMAIN\e', from the username before contacting the authentication server. The default is -.Dq no . +.Dq yes . .It Ic strip-atmark-realm Ar yes | no Specify whether .Xr npppd 8
Re: [PATCH] bc(1) should write error messages to standard error
On Tue, Feb 21, 2017 at 07:00:34AM +0100, Otto Moerbeek wrote: > On Tue, Feb 21, 2017 at 04:08:57AM +0100, Martijn Dekker wrote: > > > Upon encountering a parsing error, bc(1) passes an error message on to > > dc(1), which writes the error message to standard output along with the > > normal output. > > > > That is a bug. Error messages should go to standard error instead, as > > POSIX specifies: > > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10 > > > > GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages > > to standard error. > > > > Bizarrely, the exit status of bc(1) is left unspecified: > > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18 > > And indeed, all versions of 'bc' exit with status 0 if there is an input > > error such as a parsing error, so the exit status cannot be used to > > catch it. That leaves examining standard error as the only method for a > > program calling bc(1), such as a shell script, to distinguish between an > > error state and normal operation. That is, with this bug, there is no > > way at all. > > > > The following example shell function transparently hardens bc(1) by > > intercepting standard error and exiting the program or subshell if an > > error was produced. > > > > bc() { > > _bc_err=$(command -p bc "$@" 1>&3 2>&1) > > [ -z "${_bc_err}" ] && return > > printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2 > > exit 125 > > } 3>&1 > > > > The patch below fixes bc(1) so error messages are written directly to > > standard error and the above shell function works as expected. As a side > > effect, yyerror() is simplified. > > > > Another side effect is that bc(1) error messages are no longer neatly > > included in the generated dc(1) source when debugging it using 'bc -c'. > > But I don't think that is actually a problem; they are just printed to > > standard error instead. In fact, the patch makes 'bc -c' act like > > Solaris. If others find this problematic, the patch could be extended to > > restore the old behaviour only if '-c' is given. > > > > The manual page does not document error message behaviour one way or > > another. Since the patch implements standard behaviour, no change seems > > necessary there. > > > > Thanks, > > > > - M. > > > > Thanks for the diff. I am now wondering why I wrote it this way > Likely beacuse the original bc had a similar approach. > Anyway, I'll try to look at this the coming days, Indeed, 4.4BSD bc does this: yyerror( s ) char *s; { if(ifile > sargc)ss="teletype"; printf("c[%s on line %d, %s]pc\n", s ,ln+1,ss); fflush(stdout); cp = cary; crs = rcrs; bindx = 0; lev = 0; b_sp_nxt = &b_space[0]; } My original goal was to make a bc that produced the same dc commands as the reference implementation I used. You can now see that your diff skips the 'c' commands an in that changes behaviour. Pondering if introducing a way to write to stderr in dc(1) would be better... -Otto > > > Index: bc.y > > === > > RCS file: /cvs/src/usr.bin/bc/bc.y,v > > retrieving revision 1.49 > > diff -u -p -r1.49 bc.y > > --- bc.y23 Nov 2015 09:58:55 - 1.49 > > +++ bc.y21 Feb 2017 02:09:08 - > > @@ -942,35 +942,25 @@ add_local(ssize_t n) > > void > > yyerror(char *s) > > { > > - char*str, *p; > > int n; > > > > if (yyin != NULL && feof(yyin)) > > - n = asprintf(&str, "%s: %s:%d: %s: unexpected EOF", > > + n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n", > > __progname, filename, lineno, s); > > else if (yytext[0] == '\n') > > - n = asprintf(&str, > > - "%s: %s:%d: %s: newline unexpected", > > + n = fprintf(stderr, > > + "%s: %s:%d: %s: newline unexpected\n", > > __progname, filename, lineno, s); > > else if (isspace((unsigned char)yytext[0]) || > > !isprint((unsigned char)yytext[0])) > > - n = asprintf(&str, > > - "%s: %s:%d: %s: ascii char 0x%02x unexpected", > > + n = fprintf(stderr, > > + "%s: %s:%d: %s: ascii char 0x%02x unexpected\n", > > __progname, filename, lineno, s, yytext[0] & 0xff); > > else > > - n = asprintf(&str, "%s: %s:%d: %s: %s unexpected", > > + n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n", > > __progname, filename, lineno, s, yytext); > > if (n == -1) > > err(1, NULL); > > - > > - fputs("c[", stdout); > > - for (p = str; *p != '\0'; p++) { > > - if (*p == '[' || *p == ']' || *p =='\\') > > - putchar('\\'); > > - putchar(*p); > > -
set sc_vendor in bcm2835_dwctwo
Maybe one day these drivers will attach to a non-Broadcom dwc2 but for now they only match the Broadcom compat strings. -uhub0 at usb0 configuration 1 interface 0 "vendor 0x DWC2 root hub" rev 2.00/1.00 addr 1 +uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev 2.00/1.00 addr 1 Index: armv7/broadcom/bcm2835_dwctwo.c === RCS file: /cvs/src/sys/arch/armv7/broadcom/bcm2835_dwctwo.c,v retrieving revision 1.1 diff -u -p -r1.1 bcm2835_dwctwo.c --- armv7/broadcom/bcm2835_dwctwo.c 7 Aug 2016 17:46:36 - 1.1 +++ armv7/broadcom/bcm2835_dwctwo.c 20 Feb 2017 11:04:28 - @@ -135,6 +135,9 @@ bcm_dwctwo_deferred(void *self) struct bcm_dwctwo_softc *sc = (struct bcm_dwctwo_softc *)self; int rc; + strlcpy(sc->sc_dwc2.sc_vendor, "Broadcom", + sizeof(sc->sc_dwc2.sc_vendor)); + rc = dwc2_init(&sc->sc_dwc2); if (rc != 0) return; Index: arm64/dev/bcm2835_dwctwo.c === RCS file: /cvs/src/sys/arch/arm64/dev/bcm2835_dwctwo.c,v retrieving revision 1.1 diff -u -p -r1.1 bcm2835_dwctwo.c --- arm64/dev/bcm2835_dwctwo.c 23 Jan 2017 08:05:47 - 1.1 +++ arm64/dev/bcm2835_dwctwo.c 20 Feb 2017 11:04:33 - @@ -124,6 +124,9 @@ bcm_dwctwo_deferred(void *self) struct bcm_dwctwo_softc *sc = (struct bcm_dwctwo_softc *)self; int rc; + strlcpy(sc->sc_dwc2.sc_vendor, "Broadcom", + sizeof(sc->sc_dwc2.sc_vendor)); + rc = dwc2_init(&sc->sc_dwc2); if (rc != 0) return;
Re: [PATCH] bc(1) should write error messages to standard error
On Tue, Feb 21, 2017 at 04:08:57AM +0100, Martijn Dekker wrote: > Upon encountering a parsing error, bc(1) passes an error message on to > dc(1), which writes the error message to standard output along with the > normal output. > > That is a bug. Error messages should go to standard error instead, as > POSIX specifies: > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10 > > GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages > to standard error. > > Bizarrely, the exit status of bc(1) is left unspecified: > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18 > And indeed, all versions of 'bc' exit with status 0 if there is an input > error such as a parsing error, so the exit status cannot be used to > catch it. That leaves examining standard error as the only method for a > program calling bc(1), such as a shell script, to distinguish between an > error state and normal operation. That is, with this bug, there is no > way at all. > > The following example shell function transparently hardens bc(1) by > intercepting standard error and exiting the program or subshell if an > error was produced. > > bc() { > _bc_err=$(command -p bc "$@" 1>&3 2>&1) > [ -z "${_bc_err}" ] && return > printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2 > exit 125 > } 3>&1 > > The patch below fixes bc(1) so error messages are written directly to > standard error and the above shell function works as expected. As a side > effect, yyerror() is simplified. > > Another side effect is that bc(1) error messages are no longer neatly > included in the generated dc(1) source when debugging it using 'bc -c'. > But I don't think that is actually a problem; they are just printed to > standard error instead. In fact, the patch makes 'bc -c' act like > Solaris. If others find this problematic, the patch could be extended to > restore the old behaviour only if '-c' is given. > > The manual page does not document error message behaviour one way or > another. Since the patch implements standard behaviour, no change seems > necessary there. > > Thanks, > > - M. > Thanks for the diff. I am now wondering why I wrote it this way Likely beacuse the original bc had a similar approach. Anyway, I'll try to look at this the coming days, -Otto > Index: bc.y > === > RCS file: /cvs/src/usr.bin/bc/bc.y,v > retrieving revision 1.49 > diff -u -p -r1.49 bc.y > --- bc.y23 Nov 2015 09:58:55 - 1.49 > +++ bc.y21 Feb 2017 02:09:08 - > @@ -942,35 +942,25 @@ add_local(ssize_t n) > void > yyerror(char *s) > { > - char*str, *p; > int n; > > if (yyin != NULL && feof(yyin)) > - n = asprintf(&str, "%s: %s:%d: %s: unexpected EOF", > + n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n", > __progname, filename, lineno, s); > else if (yytext[0] == '\n') > - n = asprintf(&str, > - "%s: %s:%d: %s: newline unexpected", > + n = fprintf(stderr, > + "%s: %s:%d: %s: newline unexpected\n", > __progname, filename, lineno, s); > else if (isspace((unsigned char)yytext[0]) || > !isprint((unsigned char)yytext[0])) > - n = asprintf(&str, > - "%s: %s:%d: %s: ascii char 0x%02x unexpected", > + n = fprintf(stderr, > + "%s: %s:%d: %s: ascii char 0x%02x unexpected\n", > __progname, filename, lineno, s, yytext[0] & 0xff); > else > - n = asprintf(&str, "%s: %s:%d: %s: %s unexpected", > + n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n", > __progname, filename, lineno, s, yytext); > if (n == -1) > err(1, NULL); > - > - fputs("c[", stdout); > - for (p = str; *p != '\0'; p++) { > - if (*p == '[' || *p == ']' || *p =='\\') > - putchar('\\'); > - putchar(*p); > - } > - fputs("]pc\n", stdout); > - free(str); > } > > void
Re: npppd: reload enables stripping NT domains on radius
Hi, On Mon, 20 Feb 2017 11:38:19 +0100 Patrick Wildt wrote: > when using RADIUS, the NT domains should not be stripped from the > username. I suppose it depends on the use-case. npppd.conf(5) mentions "strip-nt-domain" is "yes" by default and adding "strip-nt-domain no" in "authentication type radius" section of npppd.conf should be able to change that behavior. authentication RADIUS type radius { strip-nt-domain no authentication-server { : Doesn't this help? > When a base object is instantiated based on an auth object, > the "strip_nt_domain" variable is always enforced to zero in case of > using RADIUS. The auth object itself though has it set to one by > default. > > Now on configuration reload in npppd_auth_reload(), the value is copied > from the corresponding auth object to the base object. > > base->strip_nt_domain = auth->strip_nt_domain; > > Unfortunately in the case of RADIUS, this means that the RADIUS base > object gets overridden. So in that case reset it to zero like it's > done in npppd_auth_create(). Thank you for pointing this out. Code in npppd_auth.c seems to be misleading. I'd like to make it clear that the default values always come from the configuration like below. diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c index 101f8cc..11943c2 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.c +++ b/usr.sbin/npppd/npppd/npppd_auth.c @@ -75,8 +75,6 @@ npppd_auth_create(int auth_type, const char *name, void *_npppd) case NPPPD_AUTH_TYPE_LOCAL: if ((base = calloc(1, sizeof(npppd_auth_local))) != NULL) { base->type = NPPPD_AUTH_TYPE_LOCAL; - base->strip_nt_domain = 1; - base->strip_atmark_realm = 0; strlcpy(base->name, name, sizeof(base->name)); base->npppd = _npppd; @@ -89,7 +87,6 @@ npppd_auth_create(int auth_type, const char *name, void *_npppd) if ((base = calloc(1, sizeof(npppd_auth_radius))) != NULL) { npppd_auth_radius *_this = (npppd_auth_radius *)base; base->type = NPPPD_AUTH_TYPE_RADIUS; - base->strip_nt_domain = 0; strlcpy(base->name, name, sizeof(base->name)); base->npppd = _npppd; if ((_this->rad_auth_setting =
[PATCH] honor proxy setting in pkg.conf
I have a number of OpenBSD instances in an isolated lab environment with access to the internet solely through a squid proxy. I'd like them to be able to install packages but I don't want to globally configure proxy environment variables because they also communicate with other systems that should not go through the proxy. I propose the addition of the "proxy_url" configuration option in /etc/pkg.conf for this purpose. The patch below works for me. -- -Chad Index: pkg.conf.5 === RCS file: /cvs/src/usr.sbin/pkg_add/pkg.conf.5,v retrieving revision 1.10 diff -u -p -r1.10 pkg.conf.5 --- pkg.conf.5 5 Feb 2017 14:07:45 - 1.10 +++ pkg.conf.5 21 Feb 2017 02:18:24 - @@ -83,6 +83,14 @@ installpath += openbsd-mirror.example.or .Ed .Pp should work. +.It Ar proxy_url +URL to use to proxy ftp and http requests from the ftp client, e.g. +.Bd -literal -offset indent +proxy_url = http://proxy.example.org:3128/ +.Ed +.Pp +This setting does not override any existing http_proxy or ftp_proxy +environment variables. .It Ar nochecksum Set to .Ar yes cvs server: Diffing OpenBSD Index: OpenBSD/PackageRepository.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v retrieving revision 1.140 diff -u -p -r1.140 PackageRepository.pm --- OpenBSD/PackageRepository.pm6 Feb 2017 16:12:16 - 1.140 +++ OpenBSD/PackageRepository.pm21 Feb 2017 02:18:25 - @@ -729,6 +729,10 @@ sub drop_privileges_and_setup_env PATH => '/bin:/usr/bin' ); + if (my $p = $self->{state}->config->value("proxy_url")) { + $newenv{"http_proxy"} = $newenv{"ftp_proxy"} = $p; + } + # copy selected stuff; for my $k (qw( TERM
Re: [PATCH] bc(1) should write error messages to standard error
Op 21-02-17 om 04:08 schreef Martijn Dekker: > bc() { > _bc_err=$(command -p bc "$@" 1>&3 2>&1) Correction, the redirections should be the other way around: _bc_err=$(command -p bc "$@" 2>&1 1>&3) Sorry about that, - M.
[PATCH] bc(1) should write error messages to standard error
Upon encountering a parsing error, bc(1) passes an error message on to dc(1), which writes the error message to standard output along with the normal output. That is a bug. Error messages should go to standard error instead, as POSIX specifies: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_10 GNU 'bc' and Solaris 'bc' act like POSIX says and write error messages to standard error. Bizarrely, the exit status of bc(1) is left unspecified: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18 And indeed, all versions of 'bc' exit with status 0 if there is an input error such as a parsing error, so the exit status cannot be used to catch it. That leaves examining standard error as the only method for a program calling bc(1), such as a shell script, to distinguish between an error state and normal operation. That is, with this bug, there is no way at all. The following example shell function transparently hardens bc(1) by intercepting standard error and exiting the program or subshell if an error was produced. bc() { _bc_err=$(command -p bc "$@" 1>&3 2>&1) [ -z "${_bc_err}" ] && return printf '%s\n' "$0: bc(1) caught errors:" "${_bc_err}" 1>&2 exit 125 } 3>&1 The patch below fixes bc(1) so error messages are written directly to standard error and the above shell function works as expected. As a side effect, yyerror() is simplified. Another side effect is that bc(1) error messages are no longer neatly included in the generated dc(1) source when debugging it using 'bc -c'. But I don't think that is actually a problem; they are just printed to standard error instead. In fact, the patch makes 'bc -c' act like Solaris. If others find this problematic, the patch could be extended to restore the old behaviour only if '-c' is given. The manual page does not document error message behaviour one way or another. Since the patch implements standard behaviour, no change seems necessary there. Thanks, - M. Index: bc.y === RCS file: /cvs/src/usr.bin/bc/bc.y,v retrieving revision 1.49 diff -u -p -r1.49 bc.y --- bc.y23 Nov 2015 09:58:55 - 1.49 +++ bc.y21 Feb 2017 02:09:08 - @@ -942,35 +942,25 @@ add_local(ssize_t n) void yyerror(char *s) { - char*str, *p; int n; if (yyin != NULL && feof(yyin)) - n = asprintf(&str, "%s: %s:%d: %s: unexpected EOF", + n = fprintf(stderr, "%s: %s:%d: %s: unexpected EOF\n", __progname, filename, lineno, s); else if (yytext[0] == '\n') - n = asprintf(&str, - "%s: %s:%d: %s: newline unexpected", + n = fprintf(stderr, + "%s: %s:%d: %s: newline unexpected\n", __progname, filename, lineno, s); else if (isspace((unsigned char)yytext[0]) || !isprint((unsigned char)yytext[0])) - n = asprintf(&str, - "%s: %s:%d: %s: ascii char 0x%02x unexpected", + n = fprintf(stderr, + "%s: %s:%d: %s: ascii char 0x%02x unexpected\n", __progname, filename, lineno, s, yytext[0] & 0xff); else - n = asprintf(&str, "%s: %s:%d: %s: %s unexpected", + n = fprintf(stderr, "%s: %s:%d: %s: %s unexpected\n", __progname, filename, lineno, s, yytext); if (n == -1) err(1, NULL); - - fputs("c[", stdout); - for (p = str; *p != '\0'; p++) { - if (*p == '[' || *p == ']' || *p =='\\') - putchar('\\'); - putchar(*p); - } - fputs("]pc\n", stdout); - free(str); } void
Re: asr: slightly better error reporting for getnameinfo()
On Mon, Feb 20, 2017 at 09:37:28PM +0100, Eric Faurot wrote: > Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails, > rather than a non-informative EAI_FAIL. Compare to -1 for error detection > while here. > > Eric. ok gilles@ > Index: asr/getaddrinfo_async.c > === > RCS file: /cvs/src/lib/libc/asr/getaddrinfo_async.c,v > retrieving revision 1.50 > diff -u -p -r1.50 getaddrinfo_async.c > --- asr/getaddrinfo_async.c 16 Dec 2015 16:32:30 - 1.50 > +++ asr/getaddrinfo_async.c 20 Feb 2017 20:09:25 - > @@ -191,8 +191,9 @@ getaddrinfo_async_run(struct asr_query * > > /* Restrict result set to configured address families */ > if (ai->ai_flags & AI_ADDRCONFIG) { > - if (addrconfig_setup(as) != 0) { > - ar->ar_gai_errno = EAI_FAIL; > + if (addrconfig_setup(as) == -1) { > + ar->ar_errno = errno; > + ar->ar_gai_errno = EAI_SYSTEM; > async_set_state(as, ASR_STATE_HALT); > break; > } > @@ -679,7 +680,7 @@ addrconfig_setup(struct asr_query *as) > struct sockaddr_in *sinp; > struct sockaddr_in6 *sin6p; > > - if (getifaddrs(&ifa0) != 0) > + if (getifaddrs(&ifa0) == -1) > return (-1); > > as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6; > -- Gilles Chehade https://www.poolp.org @poolpOrg
ip6_ctloutput - check invalid level first
Hello - The *ctloutput functions all check for an invalid level first, except ip6_ctloutput. This diff makes ip6_ctloutput do the same. As a bonus, we save on indentation. No functional change. Index: netinet6/ip6_output.c === RCS file: /cvs/src/sys/netinet6/ip6_output.c,v retrieving revision 1.225 diff -u -p -r1.225 ip6_output.c --- netinet6/ip6_output.c 9 Feb 2017 15:19:32 - 1.225 +++ netinet6/ip6_output.c 20 Feb 2017 21:02:47 - @@ -1062,64 +1062,69 @@ ip6_ctloutput(int op, struct socket *so, privileged = (inp->inp_socket->so_state & SS_PRIV); uproto = (int)so->so_proto->pr_protocol; - if (level == IPPROTO_IPV6) { - switch (op) { - case PRCO_SETOPT: + if (level != IPPROTO_IPV6) { + if (op == PRCO_SETOPT) + m_free(m); + return (EINVAL); + } + + switch (op) { + case PRCO_SETOPT: + switch (optname) { + /* +* Use of some Hop-by-Hop options or some +* Destination options, might require special +* privilege. That is, normal applications +* (without special privilege) might be forbidden +* from setting certain options in outgoing packets, +* and might never see certain options in received +* packets. [RFC 2292 Section 6] +* KAME specific note: +* KAME prevents non-privileged users from sending or +* receiving ANY hbh/dst options in order to avoid +* overhead of parsing options in the kernel. +*/ + case IPV6_RECVHOPOPTS: + case IPV6_RECVDSTOPTS: + if (!privileged) { + error = EPERM; + break; + } + /* FALLTHROUGH */ + case IPV6_UNICAST_HOPS: + case IPV6_MINHOPCOUNT: + case IPV6_HOPLIMIT: + + case IPV6_RECVPKTINFO: + case IPV6_RECVHOPLIMIT: + case IPV6_RECVRTHDR: + case IPV6_RECVPATHMTU: + case IPV6_RECVTCLASS: + case IPV6_V6ONLY: + case IPV6_AUTOFLOWLABEL: + case IPV6_RECVDSTPORT: + if (m == NULL || m->m_len != sizeof(int)) { + error = EINVAL; + break; + } + optval = *mtod(m, int *); switch (optname) { - /* -* Use of some Hop-by-Hop options or some -* Destination options, might require special -* privilege. That is, normal applications -* (without special privilege) might be forbidden -* from setting certain options in outgoing packets, -* and might never see certain options in received -* packets. [RFC 2292 Section 6] -* KAME specific note: -* KAME prevents non-privileged users from sending or -* receiving ANY hbh/dst options in order to avoid -* overhead of parsing options in the kernel. -*/ - case IPV6_RECVHOPOPTS: - case IPV6_RECVDSTOPTS: - if (!privileged) { - error = EPERM; - break; - } - /* FALLTHROUGH */ - case IPV6_UNICAST_HOPS: - case IPV6_MINHOPCOUNT: - case IPV6_HOPLIMIT: - case IPV6_RECVPKTINFO: - case IPV6_RECVHOPLIMIT: - case IPV6_RECVRTHDR: - case IPV6_RECVPATHMTU: - case IPV6_RECVTCLASS: - case IPV6_V6ONLY: - case IPV6_AUTOFLOWLABEL: - case IPV6_RECVDSTPORT: - if (m == NULL || m->m_len != sizeof(int)) { + case IPV6_UNICAST_HOPS: + if (optval < -1 || optval >= 256) error = EINVAL; - break; + else { + /* -1 = kernel default */ + inp->inp_hops = optval; } - optval = *mtod(m, int *); - switch (optname) { - -
Re: don't attempt to build binutils 2.15 on arm64
Jonathan Gray schreef op 2017-02-19 03:16: binutils 2.15 is built for gdb. There is no support for arm64/aarch64 here and it doesn't build so don't try to. Manual pages depend on running configure which again doesn't know about aarch64. ok kettenis@ Index: Makefile.bsd-wrapper === RCS file: /cvs/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v retrieving revision 1.85 diff -u -p -r1.85 Makefile.bsd-wrapper --- Makefile.bsd-wrapper18 Sep 2016 08:58:13 - 1.85 +++ Makefile.bsd-wrapper17 Feb 2017 10:30:38 - @@ -2,6 +2,11 @@ .include +.if ${MACHINE} == "arm64" +NOPROG=yes +NOMAN=yes +.else + CFLAGS+= ${PIE_DEFAULT} # This allows moving the whole binutils installation around for # testing purposes @@ -104,6 +109,9 @@ tags: BEFOREMAN=config.status .PHONY: config + +# end MD portion +.endif .include .include
Re: c99 initialize struct protosw
David Hill schreef op 2017-02-19 03:22: Hello - This moves the 'struct protosw' declarations to use C99 initializers. Requested by mpi@ With C99 initializers it is no longer necessary to explicitly initialize zero-initialized members (such as null-pointers). That could reduce the diff considerably and perhaps make it more swallowable for folks. Index: kern/uipc_proto.c === RCS file: /cvs/src/sys/kern/uipc_proto.c,v retrieving revision 1.11 diff -u -p -r1.11 uipc_proto.c --- kern/uipc_proto.c 5 Feb 2017 07:57:08 - 1.11 +++ kern/uipc_proto.c 19 Feb 2017 02:15:00 - @@ -49,20 +49,53 @@ extern struct domain unixdomain; /* or at least forward */ struct protosw unixsw[] = { -{ SOCK_STREAM, &unixdomain, PF_LOCAL, PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS, - 0, 0, 0, 0, - uipc_usrreq, - 0, 0, 0, 0, +{ + .pr_type = SOCK_STREAM, + .pr_domain = &unixdomain, + .pr_protocol = PF_LOCAL, + .pr_flags= PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS, + .pr_input= NULL, + .pr_output = NULL, + .pr_ctlinput = NULL, + .pr_ctloutput= NULL, + .pr_usrreq = uipc_usrreq, + .pr_init = NULL, + .pr_fasttimo = NULL, + .pr_slowtimo = NULL, + .pr_drain= NULL, + .pr_sysctl = NULL }, -{ SOCK_SEQPACKET,&unixdomain, PF_LOCAL, PR_ATOMIC|PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS, - 0, 0, 0, 0, - uipc_usrreq, - 0, 0, 0, 0, +{ + .pr_type = SOCK_SEQPACKET, + .pr_domain = &unixdomain, + .pr_protocol = PF_LOCAL, + .pr_flags= PR_ATOMIC|PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS, + .pr_input= NULL, + .pr_output = NULL, + .pr_ctlinput = NULL, + .pr_ctloutput= NULL, + .pr_usrreq = uipc_usrreq, + .pr_init = NULL, + .pr_fasttimo = NULL, + .pr_slowtimo = NULL, + .pr_drain= NULL, + .pr_sysctl = NULL }, -{ SOCK_DGRAM, &unixdomain,PF_LOCAL, PR_ATOMIC|PR_ADDR|PR_RIGHTS, - 0, 0, 0, 0, - uipc_usrreq, - 0, 0, 0, 0, +{ + .pr_type = SOCK_DGRAM, + .pr_domain = &unixdomain, + .pr_protocol = PF_LOCAL, + .pr_flags= PR_ATOMIC|PR_ADDR|PR_RIGHTS, + .pr_input= NULL, + .pr_output = NULL, + .pr_ctlinput = NULL, + .pr_ctloutput= NULL, + .pr_usrreq = uipc_usrreq, + .pr_init = NULL, + .pr_fasttimo = NULL, + .pr_slowtimo = NULL, + .pr_drain= NULL, + .pr_sysctl = NULL } }; Index: net/pfkey.c === RCS file: /cvs/src/sys/net/pfkey.c,v retrieving revision 1.36 diff -u -p -r1.36 pfkey.c --- net/pfkey.c 24 Jan 2017 10:08:30 - 1.36 +++ net/pfkey.c 19 Feb 2017 02:15:00 - @@ -266,20 +266,20 @@ struct domain pfkeydomain = { }; static struct protosw pfkey_protosw_template = { - SOCK_RAW, - &pfkeydomain, - -1, /* protocol */ - PR_ATOMIC | PR_ADDR, - NULL, /* input */ - (void *) pfkey_output, - NULL, /* ctlinput */ - NULL, /* ctloutput */ - pfkey_usrreq, - NULL, /* init */ - NULL, /* fasttimo */ - NULL, /* slowtimo */ - NULL, /* drain */ - NULL/* sysctl */ + .pr_type = SOCK_RAW, + .pr_domain = &pfkeydomain, + .pr_protocol = -1, + .pr_flags= PR_ATOMIC | PR_ADDR, + .pr_input= NULL, + .pr_output = (void *) pfkey_output, + .pr_ctlinput = NULL, + .pr_ctloutput= NULL, + .pr_usrreq = pfkey_usrreq, + .pr_init = NULL, + .pr_fasttimo = NULL, + .pr_slowtimo = NULL, + .pr_drain= NULL, + .pr_sysctl = NULL }; int Index: net/rtsock.c === RCS file: /cvs/src/sys/net/rtsock.c,v retrieving revision 1.222 diff -u -p -r1.222 rtsock.c --- net/rtsock.c1 Feb 2017 20:59:47 - 1.222 +++ net/rtsock.c19 Feb 2017 02:15:00 - @@ -1654,13 +1654,23 @@ sysctl_rtable_rtstat(void *oldp, size_t extern struct domain routedomain; /* or at least forward */ struct protosw routesw[] = { -{ SOCK_RAW,&routedomain, 0, PR_ATOMIC|PR_ADDR|PR_WANTRCVD, - 0, route_output, 0, route_ctloutput, - route_usrreq, - raw_init,0, 0, 0, - sysctl_rtable, +{ + .pr_type = SOCK_RAW, + .pr_domain = &routedomain, + .pr_protocol = 0, + .pr_flags= PR_ATOMIC|PR_ADDR|PR_WANTRCVD, + .pr_input= NULL, + .pr_output = route_output, + .pr_ctlinput = NULL, + .pr_ctloutput= route_ctloutput, + .pr_usrreq = route_usrreq, + .pr_init = raw_init, + .pr_fasttimo = NULL, + .pr_slowtimo = NULL, + .pr_drain= NULL, + .pr_sysctl = sysctl_rtable } -}; +}; struct domain routedomain = { PF_ROUTE, "route", route_init, 0, 0, Index: netinet/in_
Re: asr: slightly better error reporting for getnameinfo()
Eric Faurot writes: > Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails, > rather than a non-informative EAI_FAIL. Compare to -1 for error detection > while here. ok jca@ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
asr: slightly better error reporting for getnameinfo()
Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails, rather than a non-informative EAI_FAIL. Compare to -1 for error detection while here. Eric. Index: asr/getaddrinfo_async.c === RCS file: /cvs/src/lib/libc/asr/getaddrinfo_async.c,v retrieving revision 1.50 diff -u -p -r1.50 getaddrinfo_async.c --- asr/getaddrinfo_async.c 16 Dec 2015 16:32:30 - 1.50 +++ asr/getaddrinfo_async.c 20 Feb 2017 20:09:25 - @@ -191,8 +191,9 @@ getaddrinfo_async_run(struct asr_query * /* Restrict result set to configured address families */ if (ai->ai_flags & AI_ADDRCONFIG) { - if (addrconfig_setup(as) != 0) { - ar->ar_gai_errno = EAI_FAIL; + if (addrconfig_setup(as) == -1) { + ar->ar_errno = errno; + ar->ar_gai_errno = EAI_SYSTEM; async_set_state(as, ASR_STATE_HALT); break; } @@ -679,7 +680,7 @@ addrconfig_setup(struct asr_query *as) struct sockaddr_in *sinp; struct sockaddr_in6 *sin6p; - if (getifaddrs(&ifa0) != 0) + if (getifaddrs(&ifa0) == -1) return (-1); as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6;
Re: pflow(4) percpu counters
On Sat, Feb 18, 2017 at 06:06:01PM +0100, Jeremie Courreges-Anglas wrote: > > This one is a bit weird, the driver doesn't just increment the stats but > also uses them at runtime, hence the additional helper functions. I'm wondering if we should just drop the reading. We have two cases, the init case and the packet sending case. First the sending case: Isn't this always true? if (pflowstats.pflow_flows == sc->sc_gcounter) If yes we can just skip that and do the inc. The init case tries to preserve the flow counter betwen ifdown/ifup Maybe we should just init the global counter to 0, like on reboot. Benno? > > ok? > > > Index: net/if_pflow.h > === > RCS file: /d/cvs/src/sys/net/if_pflow.h,v > retrieving revision 1.15 > diff -u -p -r1.15 if_pflow.h > --- net/if_pflow.h24 Jan 2017 10:08:30 - 1.15 > +++ net/if_pflow.h18 Feb 2017 13:41:35 - > @@ -263,6 +263,25 @@ struct pflowreq { > }; > > #ifdef _KERNEL > + > +#include > + > +enum pflowstat_counters { > + pflows_flows, > + pflows_packets, > + pflows_onomem, > + pflows_oerrors, > + pflows_ncounters, > +}; > + > +extern struct cpumem *pflowcounters; > + > +static inline void > +pflowstat_inc(enum pflowstat_counters c) > +{ > + counters_inc(pflowcounters, c); > +} > + > int export_pflow(struct pf_state *); > int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t); > #endif /* _KERNEL */ > Index: net/if_pflow.c > === > RCS file: /d/cvs/src/sys/net/if_pflow.c,v > retrieving revision 1.74 > diff -u -p -r1.74 if_pflow.c > --- net/if_pflow.c16 Feb 2017 10:15:12 - 1.74 > +++ net/if_pflow.c18 Feb 2017 13:41:35 - > @@ -62,7 +62,7 @@ > #endif > > SLIST_HEAD(, pflow_softc) pflowif_list; > -struct pflowstats pflowstats; > +struct cpumem *pflowcounters; > > void pflowattach(int); > int pflow_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, > @@ -73,6 +73,8 @@ int pflow_set(struct pflow_softc *, stru > void pflow_init_timeouts(struct pflow_softc *); > int pflow_calc_mtu(struct pflow_softc *, int, int); > void pflow_setmtu(struct pflow_softc *, int); > +uint64_t pflowstat_get_flows(void); > +void pflowstat_update_flows(uint64_t); > int pflowvalidsockaddr(const struct sockaddr *, int); > int pflowioctl(struct ifnet *, u_long, caddr_t); > > @@ -114,6 +116,7 @@ pflowattach(int npflow) > { > SLIST_INIT(&pflowif_list); > if_clone_attach(&pflow_cloner); > + pflowcounters = counters_alloc(pflows_ncounters); > } > > int > @@ -283,6 +286,30 @@ pflow_clone_destroy(struct ifnet *ifp) > return (error); > } > > +uint64_t > +pflowstat_get_flows(void) > +{ > + uint64_t*counters, flows; > + struct counters_ref ref; > + > + counters = counters_enter(&ref, pflowcounters); > + flows = counters[pflows_flows]; > + counters_leave(&ref, pflowcounters); > + return flows; > +} > + > +void > +pflowstat_update_flows(uint64_t gcounter) > +{ > + uint64_t*counters; > + struct counters_ref ref; > + > + counters = counters_enter(&ref, pflowcounters); > + if (counters[pflows_flows] == gcounter) > + counters[pflows_flows]++; > + counters_leave(&ref, pflowcounters); > +} > + > int > pflowvalidsockaddr(const struct sockaddr *sa, int ignore_port) > { > @@ -460,7 +487,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd > case SIOCSIFFLAGS: > if ((ifp->if_flags & IFF_UP) && sc->so != NULL) { > ifp->if_flags |= IFF_RUNNING; > - sc->sc_gcounter=pflowstats.pflow_flows; > + sc->sc_gcounter = pflowstat_get_flows(); > /* send templates on startup */ > if (sc->sc_version == PFLOW_PROTO_10) { > /* XXXSMP breaks atomicity */ > @@ -518,7 +545,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd > > if ((ifp->if_flags & IFF_UP) && sc->so != NULL) { > ifp->if_flags |= IFF_RUNNING; > - sc->sc_gcounter=pflowstats.pflow_flows; > + sc->sc_gcounter = pflowstat_get_flows(); > if (sc->sc_version == PFLOW_PROTO_10) { > s = splnet(); > pflow_sendout_ipfix_tmpl(sc); > @@ -619,14 +646,14 @@ pflow_get_mbuf(struct pflow_softc *sc, u > > MGETHDR(m, M_DONTWAIT, MT_DATA); > if (m == NULL) { > - pflowstats.pflow_onomem++; > + pflowstat_inc(pflows_onomem); > return (NULL); > } > > MCLGET(m, M_DONTWAIT); > if ((m->m_flags & M_EXT) == 0) { > m_free(m); > - pflowstats.pflow_onomem++; > + pflowstat_inc(pflows_onomem); > return (NULL); >
Re: struct ipipstat: use 64 bits counters
On Mon, Feb 20, 2017 at 04:30:31PM +0100, Jeremie Courreges-Anglas wrote: > Jeremie Courreges-Anglas writes: > > > Using a mix of 32 and 64 bits counters leads to an ugly conversion to > > percpu counters. Why not move to 64 bits counters? struct ipipstat is > > afaik only used by netstat and ports/shells/nsh (I can cook a fix for > > the latter). > > > > ok? > > ping OK bluhm@ > > > Index: sys/netinet/ip_ipip.h > > === > > RCS file: /d/cvs/src/sys/netinet/ip_ipip.h,v > > retrieving revision 1.6 > > diff -u -p -r1.6 ip_ipip.h > > --- sys/netinet/ip_ipip.h 14 Dec 2007 18:33:41 - 1.6 > > +++ sys/netinet/ip_ipip.h 10 Feb 2017 15:48:13 - > > @@ -43,18 +43,17 @@ > > * Not quite all the functionality of RFC-1853, but the main idea is there. > > */ > > > > -struct ipipstat > > -{ > > -u_int32_t ipips_ipackets; /* total input packets */ > > -u_int32_t ipips_opackets; /* total output packets */ > > -u_int32_t ipips_hdrops; /* packet shorter than header > > shows */ > > -u_int32_t ipips_qfull; > > -u_int64_t ipips_ibytes; > > -u_int64_t ipips_obytes; > > -u_int32_t ipips_pdrops; /* packet dropped due to policy > > */ > > -u_int32_t ipips_spoof;/* IP spoofing attempts */ > > -u_int32_t ipips_family; /* Protocol family mismatch */ > > -u_int32_t ipips_unspec;/* Missing tunnel endpoint > > address */ > > +struct ipipstat { > > +u_int64_t ipips_ipackets; /* total input packets */ > > +u_int64_t ipips_opackets; /* total output packets */ > > +u_int64_t ipips_hdrops; /* packet shorter than header > > shows */ > > +u_int64_t ipips_qfull; > > +u_int64_t ipips_ibytes; > > +u_int64_t ipips_obytes; > > +u_int64_t ipips_pdrops; /* packet dropped due to policy > > */ > > +u_int64_t ipips_spoof;/* IP spoofing attempts */ > > +u_int64_t ipips_family; /* Protocol family mismatch */ > > +u_int64_t ipips_unspec;/* Missing tunnel endpoint > > address */ > > }; > > > > #define IP4_DEFAULT_TTL0 > > Index: usr.bin/netstat/inet.c > > === > > RCS file: /d/cvs/src/usr.bin/netstat/inet.c,v > > retrieving revision 1.154 > > diff -u -p -r1.154 inet.c > > --- usr.bin/netstat/inet.c 7 Feb 2017 18:18:16 - 1.154 > > +++ usr.bin/netstat/inet.c 10 Feb 2017 15:39:13 - > > @@ -1065,16 +1065,16 @@ ipip_stats(char *name) > > #define p(f, m) if (ipipstat.f || sflag <= 1) \ > > printf(m, ipipstat.f, plural(ipipstat.f)) > > > > - p(ipips_ipackets, "\t%u total input packet%s\n"); > > - p(ipips_opackets, "\t%u total output packet%s\n"); > > - p(ipips_hdrops, "\t%u packet%s shorter than header shows\n"); > > - p(ipips_pdrops, "\t%u packet%s dropped due to policy\n"); > > - p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n"); > > - p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n"); > > + p(ipips_ipackets, "\t%llu total input packet%s\n"); > > + p(ipips_opackets, "\t%llu total output packet%s\n"); > > + p(ipips_hdrops, "\t%llu packet%s shorter than header shows\n"); > > + p(ipips_pdrops, "\t%llu packet%s dropped due to policy\n"); > > + p(ipips_spoof, "\t%llu packet%s with possibly spoofed local > > addresses\n"); > > + p(ipips_qfull, "\t%llu packet%s were dropped due to full output > > queue\n"); > > p(ipips_ibytes, "\t%llu input byte%s\n"); > > p(ipips_obytes, "\t%llu output byte%s\n"); > > - p(ipips_family, "\t%u protocol family mismatche%s\n"); > > - p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified > > endpoint(s)\n"); > > + p(ipips_family, "\t%llu protocol family mismatche%s\n"); > > + p(ipips_unspec, "\t%llu attempt%s to use tunnel with unspecified > > endpoint(s)\n"); > > #undef p > > } > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: inteldrm: setup backlight pwm alternate increment on backlight enable
On Fri, 10 Feb 2017 at 10:46:08 +0100, Peter Hessler wrote: > On 2017 Feb 10 (Fri) at 11:52:20 +1100 (+1100), Jonathan Gray wrote: > :On Thu, Feb 09, 2017 at 06:39:13PM -0600, joshua stein wrote: > :> I have no idea why there are chickens involved, but this fixes the > :> problem on at least the MacBookAir7,1 (Broadwell) where upon S3 > :> resume, the backlight value is treated as 0 or 100 despite reporting > :> intermediate values, so if the backlight value was anything other > :> than 100 at suspend time, the screen will stay off upon resume. > : > :Chicken bits are overrides for functions like clock gating, if it turns > :out there is a hardware bug in a particular feature these bits are used > :to disable them. > : > :This diff seems reasonable but it would be nice to get some tests > :on non-apple broadwell hardware. > : > > Tested on a broadwell Thinkpad x250, seems fine. Changed the brightness > to 40%, then did a few suspend-resumes. Anyone else have any reports testing this diff?
Re: umb: aggregate packets on tx
On Mon, 12 Dec 2016 14:50:50 +0100 Gerhard Roth wrote: > The current umb(4) implementation needs one USB transfer for every packet > that is sent. With the following patch, we can now aggregate several > packets from the ifq into one single USB transfer. > > This may speed up the tx path. And even if it doesn't, at least it > reduces the number of transfers required. > > > Gerhard > Ping. Anyone willing to ok this? (Patch below updated to match current). Gerhard Index: sys/dev/usb/if_umb.c === RCS file: /cvs/src/sys/dev/usb/if_umb.c,v retrieving revision 1.9 diff -u -p -u -p -r1.9 if_umb.c --- sys/dev/usb/if_umb.c22 Jan 2017 10:17:39 - 1.9 +++ sys/dev/usb/if_umb.c20 Feb 2017 07:44:40 - @@ -156,7 +156,7 @@ int umb_decode_connect_info(struct umb int umb_decode_ip_configuration(struct umb_softc *, void *, int); voidumb_rx(struct umb_softc *); voidumb_rxeof(struct usbd_xfer *, void *, usbd_status); -int umb_encap(struct umb_softc *, struct mbuf *); +int umb_encap(struct umb_softc *); voidumb_txeof(struct usbd_xfer *, void *, usbd_status); voidumb_decap(struct umb_softc *, struct usbd_xfer *); @@ -299,6 +299,7 @@ umb_attach(struct device *parent, struct sc->sc_udev = uaa->device; sc->sc_ctrl_ifaceno = uaa->ifaceno; + ml_init(&sc->sc_tx_ml); /* * Some MBIM hardware does not provide the mandatory CDC Union @@ -583,8 +584,25 @@ umb_ncm_setup(struct umb_softc *sc) UGETW(np.wLength) == sizeof (np)) { sc->sc_rx_bufsz = UGETDW(np.dwNtbInMaxSize); sc->sc_tx_bufsz = UGETDW(np.dwNtbOutMaxSize); - } else + sc->sc_maxdgram = UGETW(np.wNtbOutMaxDatagrams); + sc->sc_align = UGETW(np.wNdpOutAlignment); + sc->sc_ndp_div = UGETW(np.wNdpOutDivisor); + sc->sc_ndp_remainder = UGETW(np.wNdpOutPayloadRemainder); + /* Validate values */ + if (!powerof2(sc->sc_align) || sc->sc_align == 0 || + sc->sc_align >= sc->sc_tx_bufsz) + sc->sc_align = sizeof (uint32_t); + if (!powerof2(sc->sc_ndp_div) || sc->sc_ndp_div == 0 || + sc->sc_ndp_div >= sc->sc_tx_bufsz) + sc->sc_ndp_div = sizeof (uint32_t); + if (sc->sc_ndp_remainder >= sc->sc_ndp_div) + sc->sc_ndp_remainder = 0; + } else { sc->sc_rx_bufsz = sc->sc_tx_bufsz = 8 * 1024; + sc->sc_maxdgram = 0; + sc->sc_align = sc->sc_ndp_div = sizeof (uint32_t); + sc->sc_ndp_remainder = 0; + } } int @@ -593,12 +611,12 @@ umb_alloc_xfers(struct umb_softc *sc) if (!sc->sc_rx_xfer) { if ((sc->sc_rx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL) sc->sc_rx_buf = usbd_alloc_buffer(sc->sc_rx_xfer, - sc->sc_rx_bufsz + MBIM_HDR32_LEN); + sc->sc_rx_bufsz); } if (!sc->sc_tx_xfer) { if ((sc->sc_tx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL) sc->sc_tx_buf = usbd_alloc_buffer(sc->sc_tx_xfer, - sc->sc_tx_bufsz + MBIM_HDR16_LEN); + sc->sc_tx_bufsz); } return (sc->sc_rx_buf && sc->sc_tx_buf) ? 1 : 0; } @@ -617,10 +635,7 @@ umb_free_xfers(struct umb_softc *sc) sc->sc_tx_xfer = NULL; sc->sc_tx_buf = NULL; } - if (sc->sc_tx_m) { - m_freem(sc->sc_tx_m); - sc->sc_tx_m = NULL; - } + ml_purge(&sc->sc_tx_ml); } int @@ -792,35 +807,91 @@ umb_input(struct ifnet *ifp, struct mbuf return 1; } +static inline int +umb_align(size_t bufsz, int offs, int alignment, int remainder) +{ + size_t m = alignment - 1; + int align; + + align = (((size_t)offs + m) & ~m) - alignment + remainder; + if (align < offs) + align += alignment; + if (align > bufsz) + align = bufsz; + return align - offs; +} + +static inline int +umb_padding(void *buf, size_t bufsz, int offs, int alignment, int remainder) +{ + int nb; + + nb = umb_align(bufsz, offs, alignment, remainder); + if (nb > 0) + memset(buf + offs, 0, nb); + return nb; +} + void umb_start(struct ifnet *ifp) { struct umb_softc *sc = ifp->if_softc; - struct mbuf *m_head = NULL; + struct mbuf *m = NULL; + int ndgram = 0; + int offs, plen, len, mlen; + int maxalign; if (usbd_is_dying(sc->sc_udev) || !(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) return; - m_head = if
Re: struct ipipstat: use 64 bits counters
Jeremie Courreges-Anglas writes: > Using a mix of 32 and 64 bits counters leads to an ugly conversion to > percpu counters. Why not move to 64 bits counters? struct ipipstat is > afaik only used by netstat and ports/shells/nsh (I can cook a fix for > the latter). > > ok? ping > Index: sys/netinet/ip_ipip.h > === > RCS file: /d/cvs/src/sys/netinet/ip_ipip.h,v > retrieving revision 1.6 > diff -u -p -r1.6 ip_ipip.h > --- sys/netinet/ip_ipip.h 14 Dec 2007 18:33:41 - 1.6 > +++ sys/netinet/ip_ipip.h 10 Feb 2017 15:48:13 - > @@ -43,18 +43,17 @@ > * Not quite all the functionality of RFC-1853, but the main idea is there. > */ > > -struct ipipstat > -{ > -u_int32_tipips_ipackets; /* total input packets */ > -u_int32_tipips_opackets; /* total output packets */ > -u_int32_tipips_hdrops; /* packet shorter than header > shows */ > -u_int32_tipips_qfull; > -u_int64_t ipips_ibytes; > -u_int64_t ipips_obytes; > -u_int32_tipips_pdrops; /* packet dropped due to policy > */ > -u_int32_tipips_spoof;/* IP spoofing attempts */ > -u_int32_t ipips_family;/* Protocol family mismatch */ > -u_int32_t ipips_unspec;/* Missing tunnel endpoint address > */ > +struct ipipstat { > +u_int64_tipips_ipackets; /* total input packets */ > +u_int64_tipips_opackets; /* total output packets */ > +u_int64_tipips_hdrops; /* packet shorter than header > shows */ > +u_int64_tipips_qfull; > +u_int64_tipips_ibytes; > +u_int64_tipips_obytes; > +u_int64_tipips_pdrops; /* packet dropped due to policy > */ > +u_int64_tipips_spoof;/* IP spoofing attempts */ > +u_int64_tipips_family; /* Protocol family mismatch */ > +u_int64_tipips_unspec;/* Missing tunnel endpoint > address */ > }; > > #define IP4_DEFAULT_TTL0 > Index: usr.bin/netstat/inet.c > === > RCS file: /d/cvs/src/usr.bin/netstat/inet.c,v > retrieving revision 1.154 > diff -u -p -r1.154 inet.c > --- usr.bin/netstat/inet.c7 Feb 2017 18:18:16 - 1.154 > +++ usr.bin/netstat/inet.c10 Feb 2017 15:39:13 - > @@ -1065,16 +1065,16 @@ ipip_stats(char *name) > #define p(f, m) if (ipipstat.f || sflag <= 1) \ > printf(m, ipipstat.f, plural(ipipstat.f)) > > - p(ipips_ipackets, "\t%u total input packet%s\n"); > - p(ipips_opackets, "\t%u total output packet%s\n"); > - p(ipips_hdrops, "\t%u packet%s shorter than header shows\n"); > - p(ipips_pdrops, "\t%u packet%s dropped due to policy\n"); > - p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n"); > - p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n"); > + p(ipips_ipackets, "\t%llu total input packet%s\n"); > + p(ipips_opackets, "\t%llu total output packet%s\n"); > + p(ipips_hdrops, "\t%llu packet%s shorter than header shows\n"); > + p(ipips_pdrops, "\t%llu packet%s dropped due to policy\n"); > + p(ipips_spoof, "\t%llu packet%s with possibly spoofed local > addresses\n"); > + p(ipips_qfull, "\t%llu packet%s were dropped due to full output > queue\n"); > p(ipips_ibytes, "\t%llu input byte%s\n"); > p(ipips_obytes, "\t%llu output byte%s\n"); > - p(ipips_family, "\t%u protocol family mismatche%s\n"); > - p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified > endpoint(s)\n"); > + p(ipips_family, "\t%llu protocol family mismatche%s\n"); > + p(ipips_unspec, "\t%llu attempt%s to use tunnel with unspecified > endpoint(s)\n"); > #undef p > } -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
[PATCH 5/7] ldpd: implement RFC 5919 (LDP End-of-LIB)
--- init.c | 67 +- labelmapping.c | 72 ++ lde.c | 40 lde.h | 3 +++ lde_lib.c | 43 +++ ldp.h | 8 +++ ldpd.8 | 10 ldpe.h | 2 ++ logmsg.c | 2 ++ neighbor.c | 1 + notification.c | 40 ++-- 11 files changed, 245 insertions(+), 43 deletions(-) diff --git a/init.c b/init.c index 2cc89b8..b0dcc8e 100644 --- a/init.c +++ b/init.c @@ -27,6 +27,7 @@ static int gen_init_prms_tlv(struct ibuf *, struct nbr *); static int gen_cap_dynamic_tlv(struct ibuf *); static int gen_cap_twcard_tlv(struct ibuf *, int); +static int gen_cap_unotif_tlv(struct ibuf *, int); void send_init(struct nbr *nbr) @@ -38,7 +39,7 @@ send_init(struct nbr *nbr) log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE + - CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE; + CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE + CAP_TLV_UNOTIF_SIZE; if ((buf = ibuf_open(size)) == NULL) fatal(__func__); @@ -48,6 +49,7 @@ send_init(struct nbr *nbr) err |= gen_init_prms_tlv(buf, nbr); err |= gen_cap_dynamic_tlv(buf); err |= gen_cap_twcard_tlv(buf, 1); + err |= gen_cap_unotif_tlv(buf, 1); if (err) { ibuf_free(buf); return; @@ -168,6 +170,26 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) log_debug("%s: lsr-id %s announced the Typed Wildcard " "FEC capability", __func__, inet_ntoa(nbr->id)); break; + case TLV_TYPE_UNOTIF_CAP: + if (tlv_len != CAP_TLV_UNOTIF_LEN) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, + msg.type); + return (-1); + } + + if (caps_rcvd & F_CAP_TLV_RCVD_UNOTIF) { + session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, + msg.type); + return (-1); + } + caps_rcvd |= F_CAP_TLV_RCVD_UNOTIF; + + nbr->flags |= F_NBR_CAP_UNOTIF; + + log_debug("%s: lsr-id %s announced the Unrecognized " + "Notification capability", __func__, + inet_ntoa(nbr->id)); + break; default: if (!(ntohs(tlv.type) & UNKNOWN_FLAG)) send_notification_rtlvs(nbr, S_UNSSUPORTDCAP, @@ -218,6 +240,9 @@ send_capability(struct nbr *nbr, uint16_t capability, int enable) case TLV_TYPE_TWCARD_CAP: err |= gen_cap_twcard_tlv(buf, enable); break; + case TLV_TYPE_UNOTIF_CAP: + err |= gen_cap_unotif_tlv(buf, enable); + break; case TLV_TYPE_DYNAMIC_CAP: /* * RFC 5561 - Section 9: @@ -300,6 +325,32 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len) "capability", __func__, inet_ntoa(nbr->id), (enable) ? "announced" : "withdrew"); break; + case TLV_TYPE_UNOTIF_CAP: + if (tlv_len != CAP_TLV_UNOTIF_LEN) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, + msg.type); + return (-1); + } + + if (caps_rcvd & F_CAP_TLV_RCVD_UNOTIF) { + session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, + msg.type); + return (-1); + } + caps_rcvd |= F_CAP_TLV_RCVD_UNOTIF; + + memcpy(&reserved, buf, sizeof(reserved)); + enable = reserved & STATE_BIT; + if (enable) + nbr->flags |= F_NBR_CAP_UNOTIF; + else + nbr->flags &= ~F_NBR_CAP_UNOTIF; + + log_debug("%s: lsr-id %s %s the Unrecognized " + "Notification capability", __func__, + inet_ntoa(nbr->id), (enable) ? "announced" : + "withdrew"); + break; case TLV_TYPE_DYNAMIC_CAP: /* * RFC 5561 - Section 9: @@ -372,3 +423,17 @@ gen_cap_twcard_tlv(struct ibuf *buf, int enable) return (ibuf
[PATCH 7/7] ldpd: send VPLS MAC withdrawals
RFC 4762 says that MAC address withdrawal messages can be used to improve convergence time in VPLS networks. This patch makes ldpd send MAC withdrawals whenever a non-pseudowire interface pertaining to a VPLS goes down. The processing of received MAC withdrawals will be implemented later (need to figure out first a few things about RFC 4762 that are a bit unclear). --- address.c | 77 +-- kroute.c | 3 +++ l2vpn.c | 29 +++- lde.h | 1 + ldp.h | 1 + ldpd.h| 6 - ldpe.c| 24 +++- ldpe.h| 1 + 8 files changed, 127 insertions(+), 15 deletions(-) diff --git a/address.c b/address.c index e891173..9609876 100644 --- a/address.c +++ b/address.c @@ -28,12 +28,14 @@ static void send_address(struct nbr *, int, struct if_addr_head *, unsigned int, int); -static int gen_address_list_tlv(struct ibuf *, uint16_t, int, - struct if_addr_head *, unsigned int); +static int gen_address_list_tlv(struct ibuf *, int, struct if_addr_head *, + unsigned int); +static int gen_mac_list_tlv(struct ibuf *, uint8_t *); static void address_list_add(struct if_addr_head *, struct if_addr *); static void address_list_clr(struct if_addr_head *); static void log_msg_address(int, uint16_t, struct nbr *, int, union ldpd_addr *); +static void log_msg_mac_withdrawal(int, struct nbr *, uint8_t *); static void send_address(struct nbr *nbr, int af, struct if_addr_head *addr_list, @@ -87,8 +89,7 @@ send_address(struct nbr *nbr, int af, struct if_addr_head *addr_list, size -= LDP_HDR_SIZE; err |= gen_msg_hdr(buf, msg_type, size); size -= LDP_MSG_SIZE; - err |= gen_address_list_tlv(buf, size, af, addr_list, - tlv_addr_count); + err |= gen_address_list_tlv(buf, af, addr_list, tlv_addr_count); if (err) { address_list_clr(addr_list); ibuf_free(buf); @@ -139,6 +140,40 @@ send_address_all(struct nbr *nbr, int af) send_address(nbr, af, &addr_list, addr_count, 0); } +void +send_mac_withdrawal(struct nbr *nbr, struct map *fec, uint8_t *mac) +{ + struct ibuf *buf; + uint16_t size; + int err; + + size = LDP_HDR_SIZE + LDP_MSG_SIZE + ADDR_LIST_SIZE + len_fec_tlv(fec) + + TLV_HDR_SIZE; + if (mac) + size += ETHER_ADDR_LEN; + + if ((buf = ibuf_open(size)) == NULL) + fatal(__func__); + + err = gen_ldp_hdr(buf, size); + size -= LDP_HDR_SIZE; + err |= gen_msg_hdr(buf, MSG_TYPE_ADDRWITHDRAW, size); + size -= LDP_MSG_SIZE; + err |= gen_address_list_tlv(buf, AF_INET, NULL, 0); + err |= gen_fec_tlv(buf, fec); + err |= gen_mac_list_tlv(buf, mac); + if (err) { + ibuf_free(buf); + return; + } + + log_msg_mac_withdrawal(1, nbr, mac); + + evbuf_enqueue(&nbr->tcp->wbuf, buf); + + nbr_fsm(nbr, NBR_EVT_PDU_SENT); +} + int recv_address(struct nbr *nbr, char *buf, uint16_t len) { @@ -280,8 +315,8 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) } static int -gen_address_list_tlv(struct ibuf *buf, uint16_t size, int af, -struct if_addr_head *addr_list, unsigned int tlv_addr_count) +gen_address_list_tlv(struct ibuf *buf, int af, struct if_addr_head *addr_list, +unsigned int tlv_addr_count) { struct address_list_tlv alt; uint16_t addr_size; @@ -290,7 +325,6 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int af, memset(&alt, 0, sizeof(alt)); alt.type = htons(TLV_TYPE_ADDRLIST); - alt.length = htons(size - TLV_HDR_SIZE); switch (af) { case AF_INET: @@ -304,8 +338,12 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int af, default: fatalx("gen_address_list_tlv: unknown af"); } + alt.length = htons(sizeof(alt.family) + addr_size * tlv_addr_count); err |= ibuf_add(buf, &alt, sizeof(alt)); + if (addr_list == NULL) + return (err); + LIST_FOREACH(if_addr, addr_list, entry) { err |= ibuf_add(buf, &if_addr->addr, addr_size); if (--tlv_addr_count == 0) @@ -315,6 +353,23 @@ gen_address_list_tlv(struct ibuf *buf, uint16_t size, int af, return (err); } +static int +gen_mac_list_tlv(struct ibuf *buf, uint8_t *mac) +{ + struct tlv tlv; + int err; + + memset(&tlv, 0, sizeof(tlv)); + tlv.type = htons(TLV_TYPE_MAC_LIST); + if (mac) + tlv.length = htons(ETHER_ADDR_LEN); + err = ibuf_add(buf, &tlv, sizeof(tlv)); + if (mac) + err |= ibuf_add(buf, mac, ETHER_ADDR_LEN); + +
[PATCH 6/7] ldpd: fix parsing of optional tlvs in address messages
We were aborting the session upon receipt of MAC Address Withdrawal messages. Now make the parser aware that optional TLVs are possible in address messages. --- address.c | 73 +++ 1 file changed, 59 insertions(+), 14 deletions(-) diff --git a/address.c b/address.c index 9b65511..e891173 100644 --- a/address.c +++ b/address.c @@ -144,11 +144,24 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) { struct ldp_msg msg; uint16_tmsg_type; - struct address_list_tlv alt; enum imsg_type type; + struct address_list_tlv alt; + uint16_talt_len; + uint16_talt_family; struct lde_addr lde_addr; memcpy(&msg, buf, sizeof(msg)); + msg_type = ntohs(msg.type); + switch (msg_type) { + case MSG_TYPE_ADDR: + type = IMSG_ADDRESS_ADD; + break; + case MSG_TYPE_ADDRWITHDRAW: + type = IMSG_ADDRESS_DEL; + break; + default: + fatalx("recv_address: unexpected msg type"); + } buf += LDP_MSG_SIZE; len -= LDP_MSG_SIZE; @@ -157,9 +170,10 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) session_shutdown(nbr, S_BAD_MSG_LEN, msg.id, msg.type); return (-1); } - memcpy(&alt, buf, sizeof(alt)); - if (ntohs(alt.length) != len - TLV_HDR_SIZE) { + alt_len = ntohs(alt.length); + alt_family = ntohs(alt.family); + if (alt_len > len - TLV_HDR_SIZE) { session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); return (-1); } @@ -167,7 +181,7 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) send_notification(nbr->tcp, S_MISS_MSG, msg.id, msg.type); return (-1); } - switch (ntohs(alt.family)) { + switch (alt_family) { case AF_IPV4: if (!nbr->v4_enabled) /* just ignore the message */ @@ -182,19 +196,15 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) send_notification(nbr->tcp, S_UNSUP_ADDR, msg.id, msg.type); return (-1); } + alt_len -= sizeof(alt.family); buf += sizeof(alt); len -= sizeof(alt); - msg_type = ntohs(msg.type); - if (msg_type == MSG_TYPE_ADDR) - type = IMSG_ADDRESS_ADD; - else - type = IMSG_ADDRESS_DEL; - - while (len > 0) { - switch (ntohs(alt.family)) { + /* Process all received addresses */ + while (alt_len > 0) { + switch (alt_family) { case AF_IPV4: - if (len < sizeof(struct in_addr)) { + if (alt_len < sizeof(struct in_addr)) { session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); return (-1); @@ -206,9 +216,10 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) buf += sizeof(struct in_addr); len -= sizeof(struct in_addr); + alt_len -= sizeof(struct in_addr); break; case AF_IPV6: - if (len < sizeof(struct in6_addr)) { + if (alt_len < sizeof(struct in6_addr)) { session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); return (-1); @@ -220,6 +231,7 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) buf += sizeof(struct in6_addr); len -= sizeof(struct in6_addr); + alt_len -= sizeof(struct in6_addr); break; default: fatalx("recv_address: unknown af"); @@ -231,6 +243,39 @@ recv_address(struct nbr *nbr, char *buf, uint16_t len) sizeof(lde_addr)); } + /* Optional Parameters */ + while (len > 0) { + struct tlv tlv; + uint16_ttlv_type; + uint16_ttlv_len; + + if (len < sizeof(tlv)) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); + return (-1); + } + + memcpy(&tlv, buf, TLV_HDR_SIZE); + tlv_type = ntohs(tlv.type); + tlv_len = ntohs(tlv.length); + if (tlv_len + TLV_HDR_SIZE > len) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); + return (-1); + } + buf += TLV_HDR_SIZE; + len -= TLV_HDR_SIZE; + + switch (tlv_type) { + de
[PATCH 3/7] ldpd: implement RFC 5918 (Typed Wildcard FEC)
--- init.c | 68 +++- labelmapping.c | 120 - lde.c | 14 +++ lde.h | 3 ++ lde_lib.c | 56 +++ ldp.h | 8 ldpd.8 | 9 + ldpd.h | 6 +++ ldpe.h | 1 + logmsg.c | 17 10 files changed, 299 insertions(+), 3 deletions(-) diff --git a/init.c b/init.c index cc45443..2cc89b8 100644 --- a/init.c +++ b/init.c @@ -26,6 +26,7 @@ static int gen_init_prms_tlv(struct ibuf *, struct nbr *); static int gen_cap_dynamic_tlv(struct ibuf *); +static int gen_cap_twcard_tlv(struct ibuf *, int); void send_init(struct nbr *nbr) @@ -37,7 +38,7 @@ send_init(struct nbr *nbr) log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE + - CAP_TLV_DYNAMIC_SIZE; + CAP_TLV_DYNAMIC_SIZE + CAP_TLV_TWCARD_SIZE; if ((buf = ibuf_open(size)) == NULL) fatal(__func__); @@ -46,6 +47,7 @@ send_init(struct nbr *nbr) err |= gen_msg_hdr(buf, MSG_TYPE_INIT, size); err |= gen_init_prms_tlv(buf, nbr); err |= gen_cap_dynamic_tlv(buf); + err |= gen_cap_twcard_tlv(buf, 1); if (err) { ibuf_free(buf); return; @@ -147,6 +149,25 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) "Capability Announcement capability", __func__, inet_ntoa(nbr->id)); break; + case TLV_TYPE_TWCARD_CAP: + if (tlv_len != CAP_TLV_TWCARD_LEN) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, + msg.type); + return (-1); + } + + if (caps_rcvd & F_CAP_TLV_RCVD_TWCARD) { + session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, + msg.type); + return (-1); + } + caps_rcvd |= F_CAP_TLV_RCVD_TWCARD; + + nbr->flags |= F_NBR_CAP_TWCARD; + + log_debug("%s: lsr-id %s announced the Typed Wildcard " + "FEC capability", __func__, inet_ntoa(nbr->id)); + break; default: if (!(ntohs(tlv.type) & UNKNOWN_FLAG)) send_notification_rtlvs(nbr, S_UNSSUPORTDCAP, @@ -194,6 +215,9 @@ send_capability(struct nbr *nbr, uint16_t capability, int enable) err |= gen_msg_hdr(buf, MSG_TYPE_CAPABILITY, size); switch (capability) { + case TLV_TYPE_TWCARD_CAP: + err |= gen_cap_twcard_tlv(buf, enable); + break; case TLV_TYPE_DYNAMIC_CAP: /* * RFC 5561 - Section 9: @@ -219,6 +243,8 @@ int recv_capability(struct nbr *nbr, char *buf, uint16_t len) { struct ldp_msg msg; + int enable = 0; + int caps_rcvd = 0; log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); @@ -231,6 +257,7 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len) struct tlv tlv; uint16_t tlv_type; uint16_t tlv_len; + uint8_t reserved; if (len < sizeof(tlv)) { session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); @@ -248,6 +275,31 @@ recv_capability(struct nbr *nbr, char *buf, uint16_t len) len -= TLV_HDR_SIZE; switch (tlv_type) { + case TLV_TYPE_TWCARD_CAP: + if (tlv_len != CAP_TLV_TWCARD_LEN) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, + msg.type); + return (-1); + } + + if (caps_rcvd & F_CAP_TLV_RCVD_TWCARD) { + session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, + msg.type); + return (-1); + } + caps_rcvd |= F_CAP_TLV_RCVD_TWCARD; + + memcpy(&reserved, buf, sizeof(reserved)); + enable = reserved & STATE_BIT; + if (enable) + nbr->flags |= F_NBR_CAP_TWCARD; + else + nbr->flags &= ~F_NBR_CAP_TWCARD; + + log_debug("%s: lsr-id %s %s the Typed Wildcard FEC " + "capability", __func__, inet_ntoa(nbr->id), + (enable) ? "announced" : "withdrew"); +
[PATCH 4/7] ldpd: implement RFC 6667 (Typed Wildcard FEC for PWid)
--- l2vpn.c| 22 +- labelmapping.c | 23 +++ lde.c | 14 ++ lde.h | 2 ++ lde_lib.c | 7 +++ ldp.h | 3 +++ ldpd.8 | 9 + ldpd.h | 1 + logmsg.c | 8 9 files changed, 84 insertions(+), 5 deletions(-) diff --git a/l2vpn.c b/l2vpn.c index e79caa8..6da3560 100644 --- a/l2vpn.c +++ b/l2vpn.c @@ -347,7 +347,8 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg *nm) struct fec_nh *fnh; struct l2vpn_pw *pw; - if (!(nm->fec.flags & F_MAP_PW_ID)) { + if (nm->fec.type == MAP_TYPE_TYPED_WCARD || + !(nm->fec.flags & F_MAP_PW_ID)) { l2vpn_recv_pw_status_wcard(ln, nm); return; } @@ -385,19 +386,30 @@ l2vpn_recv_pw_status_wcard(struct lde_nbr *ln, struct notify_msg *nm) struct fec_node *fn; struct fec_nh *fnh; struct l2vpn_pw *pw; + struct map *wcard = &nm->fec; RB_FOREACH(f, fec_tree, &ft) { fn = (struct fec_node *)f; if (fn->fec.type != FEC_TYPE_PWID) continue; - if (fn->fec.u.pwid.type != nm->fec.fec.pwid.type) - continue; pw = (struct l2vpn_pw *) fn->data; if (pw == NULL) continue; - if (pw->remote_group != nm->fec.fec.pwid.group_id) - continue; + + switch (wcard->type) { + case MAP_TYPE_TYPED_WCARD: + if (wcard->fec.twcard.u.pw_type != PW_TYPE_WILDCARD && + wcard->fec.twcard.u.pw_type != fn->fec.u.pwid.type) + continue; + break; + case MAP_TYPE_PWID: + if (wcard->fec.pwid.type != fn->fec.u.pwid.type) + continue; + if (wcard->fec.pwid.group_id != pw->remote_group) + continue; + break; + } fnh = fec_nh_find(fn, AF_INET, (union ldpd_addr *)&ln->id, 0); if (fnh == NULL) diff --git a/labelmapping.c b/labelmapping.c index b0e7131..64c5a70 100644 --- a/labelmapping.c +++ b/labelmapping.c @@ -97,6 +97,7 @@ send_labelmessage(struct nbr *nbr, uint16_t type, struct mapping_head *mh) msg_size += FEC_ELM_TWCARD_MIN_LEN; switch (me->map.fec.twcard.type) { case MAP_TYPE_PREFIX: + case MAP_TYPE_PWID: msg_size += sizeof(uint16_t); break; default: @@ -629,6 +630,7 @@ gen_fec_tlv(struct ibuf *buf, struct map *map) len = FEC_ELM_TWCARD_MIN_LEN; switch (map->fec.twcard.type) { case MAP_TYPE_PREFIX: + case MAP_TYPE_PWID: len += sizeof(uint16_t); break; default: @@ -658,6 +660,12 @@ gen_fec_tlv(struct ibuf *buf, struct map *map) err |= ibuf_add(buf, &family, sizeof(uint16_t)); break; + case MAP_TYPE_PWID: + twcard_len = sizeof(uint16_t); + err |= ibuf_add(buf, &twcard_len, sizeof(uint8_t)); + pw_type = htons(map->fec.twcard.u.pw_type); + err |= ibuf_add(buf, &pw_type, sizeof(uint16_t)); + break; default: fatalx("gen_fec_tlv: unexpected fec type"); } @@ -863,6 +871,21 @@ tlv_decode_fec_elm(struct nbr *nbr, struct ldp_msg *msg, char *buf, return (-1); } break; + case MAP_TYPE_PWID: + if (twcard_len != sizeof(uint16_t)) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg->id, + msg->type); + return (-1); + } + + memcpy(&map->fec.twcard.u.pw_type, buf + off, + sizeof(uint16_t)); + map->fec.twcard.u.pw_type = + ntohs(map->fec.twcard.u.pw_type); + /* ignore the reserved bit as per RFC 6667 */ + map->fec.twcard.u.pw_type &= ~PW_TWCARD_RESERVED_BIT; + off += sizeof(uint16_t); + break; default: send_notification(nbr->tcp, S_UNKNOWN_FEC, msg->id, msg->type); diff --git a/lde.c b/lde.c index cc8459d..c43801e 100644 --- a/lde.c +++ b/l
[PATCH 2/7] ldpd: implement RFC 5561 (LDP Capabilities)
This patch per-se doesn't introduce any useful functionality, but prepares the ground for new enhancements to ldpd (i.e. implementation of new RFCs that make use of LDP capabilities). --- init.c | 152 +++-- labelmapping.c | 8 +-- ldp.h | 18 +++ ldpd.8 | 11 + ldpd.h | 6 +++ ldpe.h | 5 ++ logmsg.c | 4 ++ notification.c | 55 +++-- packet.c | 13 ++--- 9 files changed, 252 insertions(+), 20 deletions(-) diff --git a/init.c b/init.c index 2ba9b37..cc45443 100644 --- a/init.c +++ b/init.c @@ -25,6 +25,7 @@ #include "log.h" static int gen_init_prms_tlv(struct ibuf *, struct nbr *); +static int gen_cap_dynamic_tlv(struct ibuf *); void send_init(struct nbr *nbr) @@ -35,15 +36,16 @@ send_init(struct nbr *nbr) log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); - size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE; + size = LDP_HDR_SIZE + LDP_MSG_SIZE + SESS_PRMS_SIZE + + CAP_TLV_DYNAMIC_SIZE; if ((buf = ibuf_open(size)) == NULL) fatal(__func__); err |= gen_ldp_hdr(buf, size); size -= LDP_HDR_SIZE; err |= gen_msg_hdr(buf, MSG_TYPE_INIT, size); - size -= LDP_MSG_SIZE; err |= gen_init_prms_tlv(buf, nbr); + err |= gen_cap_dynamic_tlv(buf); if (err) { ibuf_free(buf); return; @@ -58,6 +60,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) struct ldp_msg msg; struct sess_prms_tlvsess; uint16_tmax_pdu_len; + int caps_rcvd = 0; log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); @@ -94,6 +97,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) /* Optional Parameters */ while (len > 0) { struct tlv tlv; + uint16_ttlv_type; uint16_ttlv_len; if (len < sizeof(tlv)) { @@ -102,6 +106,7 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) } memcpy(&tlv, buf, TLV_HDR_SIZE); + tlv_type = ntohs(tlv.type); tlv_len = ntohs(tlv.length); if (tlv_len + TLV_HDR_SIZE > len) { session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, msg.type); @@ -110,17 +115,42 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) buf += TLV_HDR_SIZE; len -= TLV_HDR_SIZE; - switch (ntohs(tlv.type)) { + /* +* RFC 5561 - Section 6: +* "The S-bit of a Capability Parameter in an Initialization +* message MUST be 1 and SHOULD be ignored on receipt". +*/ + switch (tlv_type) { case TLV_TYPE_ATMSESSIONPAR: session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, msg.type); return (-1); case TLV_TYPE_FRSESSION: session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, msg.type); return (-1); + case TLV_TYPE_DYNAMIC_CAP: + if (tlv_len != CAP_TLV_DYNAMIC_LEN) { + session_shutdown(nbr, S_BAD_TLV_LEN, msg.id, + msg.type); + return (-1); + } + + if (caps_rcvd & F_CAP_TLV_RCVD_DYNAMIC) { + session_shutdown(nbr, S_BAD_TLV_VAL, msg.id, + msg.type); + return (-1); + } + caps_rcvd |= F_CAP_TLV_RCVD_DYNAMIC; + + nbr->flags |= F_NBR_CAP_DYNAMIC; + + log_debug("%s: lsr-id %s announced the Dynamic " + "Capability Announcement capability", __func__, + inet_ntoa(nbr->id)); + break; default: if (!(ntohs(tlv.type) & UNKNOWN_FLAG)) - send_notification(nbr->tcp, S_UNKNOWN_TLV, - msg.id, msg.type); + send_notification_rtlvs(nbr, S_UNSSUPORTDCAP, + msg.id, msg.type, tlv_type, tlv_len, buf); /* ignore unknown tlv */ break; } @@ -146,6 +176,104 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) return (0); } +void +send_capability(struct nbr *nbr, uint16_t capability, int enable) +{ + struct ibuf *buf; + uint16_t size; + int err = 0; + + log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); + + size
[PATCH 1/7] ldpd: implement support for PWid group wildcards
This was missing from our original RFC 4447 VPLS implementation. Now ldpd understands group wildcards as mandated by the RFC, but we still don't send them ourselves. I can't see any case in which sending a group wildcard would be useful, but nonetheless this patch provides a function called lde_send_labelwithdraw_pwid_wcard() which is ready to be used in the future anytime we feel like it might be useful. --- l2vpn.c | 71 --- lde.c | 71 --- lde.h | 16 ++ lde_lib.c | 57 +- logmsg.c | 6 +++--- 5 files changed, 167 insertions(+), 54 deletions(-) diff --git a/l2vpn.c b/l2vpn.c index 22c9874..e79caa8 100644 --- a/l2vpn.c +++ b/l2vpn.c @@ -282,7 +282,7 @@ l2vpn_pw_negotiate(struct lde_nbr *ln, struct fec_node *fn, struct map *map) st.status_code = S_WRONG_CBIT; st.msg_id = map->msg_id; st.msg_type = htons(MSG_TYPE_LABELMAPPING); - lde_send_labelwithdraw(ln, fn, NO_LABEL, &st); + lde_send_labelwithdraw(ln, fn, NULL, &st); pw->flags &= ~F_PW_CWORD; lde_send_labelmapping(ln, fn, 1); @@ -305,7 +305,7 @@ l2vpn_pw_negotiate(struct lde_nbr *ln, struct fec_node *fn, struct map *map) } void -l2vpn_send_pw_status(uint32_t peerid, uint32_t status, struct fec *fec) +l2vpn_send_pw_status(struct lde_nbr *ln, uint32_t status, struct fec *fec) { struct notify_msgnm; @@ -316,8 +316,27 @@ l2vpn_send_pw_status(uint32_t peerid, uint32_t status, struct fec *fec) lde_fec2map(fec, &nm.fec); nm.flags |= F_NOTIF_FEC; - lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, peerid, 0, - &nm, sizeof(nm)); + lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, ln->peerid, 0, &nm, + sizeof(nm)); +} + +void +l2vpn_send_pw_status_wcard(struct lde_nbr *ln, uint32_t status, +uint16_t pw_type, uint32_t group_id) +{ + struct notify_msgnm; + + memset(&nm, 0, sizeof(nm)); + nm.status_code = S_PW_STATUS; + nm.pw_status = status; + nm.flags |= F_NOTIF_PW_STATUS; + nm.fec.type = MAP_TYPE_PWID; + nm.fec.fec.pwid.type = pw_type; + nm.fec.fec.pwid.group_id = group_id; + nm.flags |= F_NOTIF_FEC; + + lde_imsg_compose_ldpe(IMSG_NOTIFICATION_SEND, ln->peerid, 0, &nm, + sizeof(nm)); } void @@ -328,9 +347,10 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg *nm) struct fec_nh *fnh; struct l2vpn_pw *pw; - /* TODO group wildcard */ - if (!(nm->fec.flags & F_MAP_PW_ID)) + if (!(nm->fec.flags & F_MAP_PW_ID)) { + l2vpn_recv_pw_status_wcard(ln, nm); return; + } lde_map2fec(&nm->fec, ln->id, &fec); fn = (struct fec_node *)fec_find(&ft, &fec); @@ -349,7 +369,6 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg *nm) /* remote status didn't change */ if (pw->remote_status == nm->pw_status) return; - pw->remote_status = nm->pw_status; if (l2vpn_pw_ok(pw, fnh)) @@ -358,6 +377,44 @@ l2vpn_recv_pw_status(struct lde_nbr *ln, struct notify_msg *nm) lde_send_delete_klabel(fn, fnh); } +/* RFC4447 PWid group wildcard */ +void +l2vpn_recv_pw_status_wcard(struct lde_nbr *ln, struct notify_msg *nm) +{ + struct fec *f; + struct fec_node *fn; + struct fec_nh *fnh; + struct l2vpn_pw *pw; + + RB_FOREACH(f, fec_tree, &ft) { + fn = (struct fec_node *)f; + if (fn->fec.type != FEC_TYPE_PWID) + continue; + if (fn->fec.u.pwid.type != nm->fec.fec.pwid.type) + continue; + + pw = (struct l2vpn_pw *) fn->data; + if (pw == NULL) + continue; + if (pw->remote_group != nm->fec.fec.pwid.group_id) + continue; + + fnh = fec_nh_find(fn, AF_INET, (union ldpd_addr *)&ln->id, 0); + if (fnh == NULL) + continue; + + /* remote status didn't change */ + if (pw->remote_status == nm->pw_status) + continue; + pw->remote_status = nm->pw_status; + + if (l2vpn_pw_ok(pw, fnh)) + lde_send_change_klabel(fn, fnh); + else + lde_send_delete_klabel(fn, fnh); + } +} + void l2vpn_sync_pws(int af, union ldpd_addr *addr) { diff --git a/lde.c b/lde.c index 8e82523..fe44aa6 100644 --- a/lde.c +++ b/lde.c @@ -253,16 +253,10 @@ lde_dispatch_imsg(int fd, short event, void *bula)
npppd: reload enables stripping NT domains on radius
Hi, when using RADIUS, the NT domains should not be stripped from the username. When a base object is instantiated based on an auth object, the "strip_nt_domain" variable is always enforced to zero in case of using RADIUS. The auth object itself though has it set to one by default. Now on configuration reload in npppd_auth_reload(), the value is copied from the corresponding auth object to the base object. base->strip_nt_domain = auth->strip_nt_domain; Unfortunately in the case of RADIUS, this means that the RADIUS base object gets overridden. So in that case reset it to zero like it's done in npppd_auth_create(). ok? Patrick diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c index 101f8cc9a7f..4db88f05e25 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.c +++ b/usr.sbin/npppd/npppd/npppd_auth.c @@ -212,6 +212,7 @@ npppd_auth_reload(npppd_auth_base *base) switch (base->type) { #ifdef USE_NPPPD_RADIUS case NPPPD_AUTH_TYPE_RADIUS: + base->strip_nt_domain = 0; if (npppd_auth_radius_reload(base, auth) != 0) goto fail; break;
Re: ksh(1): fix $RANDOM documentation
Thanks for the feedback. The transcript of my reasoning in my previous email was too brief, sorry about that. After reading the man-page, I was surprised that grepping the ksh source for arc4random yielded nothing. But after reading the rand man-page its behavior and relation to arc4random became clear, which is also documented in the commit messages of the revisions mentioned in my previous email. I therefore thought the explicit reference to arc4random was redundant by now when it's used indirectly via rand, whose man-page describes this behavior. Anyway, thanks for applying the useful parts of the patch! On Sun, Feb 19, 2017 at 06:33:59PM +0100, Ingo Schwarze wrote: > Hi Anton, > > Anton Lindqvist wrote on Sun, Feb 19, 2017 at 08:29:31AM +0100: > > > Usage of rand was replaced with arc4random (var.c, r1.17) and later > > documented (ksh.1, r1.70). The change was later on reverted (var.c, > > r1.39) back to using rand and srand_deterministic. The patch below > > removes the explicit mention of arc4random and documents the current > > behavior. > > I think both the current text and your patch are wrong. > > The current text says that srand(3) is used. > That, indeed, is not true, so thanks for the heads-up. > > Your patch deletes a sentence that is actually true: > "By default, arc4random(3) is used to produce values." > That is true because rand(3) uses arc4random(3) by default. > I think we should keep that information. It tells people that > on OpenBSD, ksh(1) RANDOM is of decent quality by default. > > So, here is my suggestion. I don't think we need to say that ksh(1) > calls arc4random(3) indirectly via rand(3). From the perspective > of ksh(1) users, that's an implementation detail. > > OK? > Ingo > > > Index: ksh.1 > === > RCS file: /cvs/src/bin/ksh/ksh.1,v > retrieving revision 1.186 > diff -u -r1.186 ksh.1 > --- ksh.1 14 Nov 2016 06:59:42 - 1.186 > +++ ksh.1 19 Feb 2017 17:20:31 - > @@ -1704,12 +1704,10 @@ > If the variable > .Ev RANDOM > is assigned a value, the value is used as the seed to > -.Xr srand 3 > +.Xr srand_deterministic 3 > and subsequent references of > .Ev RANDOM > -will use > -.Xr rand 3 > -to produce values, resulting in a predictable sequence. > +produce a predictable sequence. > .It Ev REPLY > Default parameter for the > .Ic read