Re: tcpdump: etherip fix
> On 8 Mar 2017, at 16:29, Jeremie Courreges-Anglaswrote: > > > https://tools.ietf.org/html/draft-housley-etherip-01 > > still proposes a 1 byte header, the first nibble is the version (2). > The published RFC specifies version 3 and a two bytes header. > > https://tools.ietf.org/html/rfc3378 > > print-etherip.c almost gets it right when trying to interpret the > version. Here's a diff to fix it. > > Using tcpdump -envvvttt, before: > > Mar 08 04:21:03.258703 fe:e1:ba:d1:94:57 fe:e1:ba:d1:94:56 0800 134: etherip > 10.64.20.2 > 10.64.20.1 ver unknown len 100 [tos 0x10] (ttl 64, id 33731, len > 120) > Mar 08 04:21:03.259136 fe:e1:ba:d1:94:56 fe:e1:ba:d1:94:57 0800 134: etherip > 10.64.20.1 > 10.64.20.2 ver unknown len 100 [tos 0x10] (ttl 64, id 56533, len > 120) > > After: > > Mar 08 04:21:56.786890 fe:e1:ba:d1:94:57 fe:e1:ba:d1:94:56 0800 134: etherip > 10.64.20.2 > 10.64.20.1 ver 3 len 100: fe:e1:ba:d1:94:58 fe:e1:ba:d0:18:c3 > 0800 98: 10.64.64.3 > 10.64.64.1: icmp: echo request (id:9d1b seq:8359) (ttl > 255, id 7825, len 84) [tos 0x10] (ttl 64, id 61952, len 120) > Mar 08 04:21:56.787106 fe:e1:ba:d1:94:56 fe:e1:ba:d1:94:57 0800 134: etherip > 10.64.20.1 > 10.64.20.2 ver 3 len 100: fe:e1:ba:d0:18:c3 fe:e1:ba:d1:94:58 > 0800 98: 10.64.64.1 > 10.64.64.3: icmp: echo reply (id:9d1b seq:8359) (ttl > 255, id 31193, len 84) [tos 0x10] (ttl 64, id 35562, len 120) > > ok? ok. > > > Index: print-etherip.c > === > RCS file: /d/cvs/src/usr.sbin/tcpdump/print-etherip.c,v > retrieving revision 1.8 > diff -u -p -p -u -r1.8 print-etherip.c > --- print-etherip.c 16 Jan 2015 06:40:21 - 1.8 > +++ print-etherip.c 8 Mar 2017 06:21:22 - > @@ -72,7 +72,7 @@ etherip_print(const u_char *bp, u_int ca > printf("etherip %s > %s ver ", ipaddr_string(>ip_src), > ipaddr_string(>ip_dst)); > > - switch ((*pbuf) & 0xf) { > + switch (*pbuf >> 4) { > case 2: > hlen = 1; > printf("%d", 2); > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >
Re: acme-client -t switch?
On 2017/03/07 13:24, Devin Reade wrote: > Expanding on my previous email, it looks like the git version of > acme-client has a different implementation than what was implemented > in the version first committed (and later removed) from the OpenBSD > CVS sources. The latter (CVS) version was calling "doas sh ..." > whereas the former (git) version writes challenges to stdout which > can then be processed by the invoking program. Looking at the logs, > it appears the git version is a reworking of the functionality. > > For the record, I was asking about introducing the mechanism (stdout) > currently used by the git version. > > Devin > Both OpenBSD's version and the original have seen independent changes after import, they have now diverged quite a lot. Since this came up.. what does anyone think about adding the original version back to ports? (personally, I could do with moving things away from the python version, but I need dns-01..)
Re: xenocara: honor CC, CXX, CXXFLAGS
On Tue, Mar 07, 2017 at 09:26:01PM +0100, Christian Weisgerber wrote: > I noticed that the xenocara build uses "gcc" and "g++" everywhere > if those exist at build time. It's the result of an omission: > CC, CXX, and CXXFLAGS simply aren't passed into the build and the > GNU configure defaults are used. > > Straightforward fix. OK? yes ok matthieu@ > > PS: Does anybody remember why we need to delete spaces at the end of > CFLAGS? That's a very odd requirement. I copied it from bsd.port.mk... And there the commit message was Author: Marc EspieDate: Tue Sep 14 23:07:21 2004 + remove trailing spaces from CFLAGS/CXXFLAGS, to please autoconf... > > Index: app/xlockmore/Makefile.bsd-wrapper > === > RCS file: /cvs/xenocara/app/xlockmore/Makefile.bsd-wrapper,v > retrieving revision 1.12 > diff -u -p -r1.12 Makefile.bsd-wrapper > --- app/xlockmore/Makefile.bsd-wrapper13 Aug 2014 21:02:16 - > 1.12 > +++ app/xlockmore/Makefile.bsd-wrapper7 Mar 2017 17:52:27 - > @@ -6,7 +6,10 @@ config.status: > AUTOMAKE_VERSION="$(AUTOMAKE_VERSION)" \ > AUTOCONF_VERSION="$(AUTOCONF_VERSION)" \ > ACLOCAL="aclocal -I ${X11BASE}/share/aclocal" \ > + CC="${CC}" \ > CFLAGS="${CFLAGS}" \ > + CXX="${CXX}" \ > + CXXFLAGS="${CXXFLAGS}" \ > PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \ > CONFIG_SITE=$(CONFIG_SITE) \ > sh ${.CURDIR}/configure --prefix=${X11BASE} \ > Index: share/mk/bsd.xorg.mk > === > RCS file: /cvs/xenocara/share/mk/bsd.xorg.mk,v > retrieving revision 1.58 > diff -u -p -r1.58 bsd.xorg.mk > --- share/mk/bsd.xorg.mk 12 Feb 2017 18:19:54 - 1.58 > +++ share/mk/bsd.xorg.mk 7 Mar 2017 02:16:07 - > @@ -56,7 +56,10 @@ XENOCARA_PATH?=/bin:/sbin:/usr/bin:/usr > > CONFIGURE_ENV= PKG_CONFIG_LIBDIR="$(PKG_CONFIG_LIBDIR)" \ > CONFIG_SITE=$(CONFIG_SITE) \ > + CC="$(CC)" \ > CFLAGS="$(CFLAGS:C/ *$//)" \ > + CXX="$(CXX)" \ > + CXXFLAGS="$(CXXFLAGS:C/ *$//)" \ > MAKE="${MAKE}" > > CONFIGURE_ARGS+= --disable-silent-rules > -- > Christian "naddy" Weisgerber na...@mips.inka.de -- Matthieu Herrb
xenocara: honor CC, CXX, CXXFLAGS
I noticed that the xenocara build uses "gcc" and "g++" everywhere if those exist at build time. It's the result of an omission: CC, CXX, and CXXFLAGS simply aren't passed into the build and the GNU configure defaults are used. Straightforward fix. OK? PS: Does anybody remember why we need to delete spaces at the end of CFLAGS? That's a very odd requirement. Index: app/xlockmore/Makefile.bsd-wrapper === RCS file: /cvs/xenocara/app/xlockmore/Makefile.bsd-wrapper,v retrieving revision 1.12 diff -u -p -r1.12 Makefile.bsd-wrapper --- app/xlockmore/Makefile.bsd-wrapper 13 Aug 2014 21:02:16 - 1.12 +++ app/xlockmore/Makefile.bsd-wrapper 7 Mar 2017 17:52:27 - @@ -6,7 +6,10 @@ config.status: AUTOMAKE_VERSION="$(AUTOMAKE_VERSION)" \ AUTOCONF_VERSION="$(AUTOCONF_VERSION)" \ ACLOCAL="aclocal -I ${X11BASE}/share/aclocal" \ + CC="${CC}" \ CFLAGS="${CFLAGS}" \ + CXX="${CXX}" \ + CXXFLAGS="${CXXFLAGS}" \ PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \ CONFIG_SITE=$(CONFIG_SITE) \ sh ${.CURDIR}/configure --prefix=${X11BASE} \ Index: share/mk/bsd.xorg.mk === RCS file: /cvs/xenocara/share/mk/bsd.xorg.mk,v retrieving revision 1.58 diff -u -p -r1.58 bsd.xorg.mk --- share/mk/bsd.xorg.mk12 Feb 2017 18:19:54 - 1.58 +++ share/mk/bsd.xorg.mk7 Mar 2017 02:16:07 - @@ -56,7 +56,10 @@ XENOCARA_PATH?= /bin:/sbin:/usr/bin:/usr CONFIGURE_ENV= PKG_CONFIG_LIBDIR="$(PKG_CONFIG_LIBDIR)" \ CONFIG_SITE=$(CONFIG_SITE) \ + CC="$(CC)" \ CFLAGS="$(CFLAGS:C/ *$//)" \ + CXX="$(CXX)" \ + CXXFLAGS="$(CXXFLAGS:C/ *$//)" \ MAKE="${MAKE}" CONFIGURE_ARGS+= --disable-silent-rules -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: acme-client -t switch?
Expanding on my previous email, it looks like the git version of acme-client has a different implementation than what was implemented in the version first committed (and later removed) from the OpenBSD CVS sources. The latter (CVS) version was calling "doas sh ..." whereas the former (git) version writes challenges to stdout which can then be processed by the invoking program. Looking at the logs, it appears the git version is a reworking of the functionality. For the record, I was asking about introducing the mechanism (stdout) currently used by the git version. Devin
acme-client -t switch?
So I was looking to use acme-client's "-t" switch to orchestrate the creation of certificates for non-HTTPS use and off-machine use. However I see that it was removed in main.c version 1.15 in the OpenBSD source tree. (I'm currently testing acme-client via git on OpenBSD 6.0.) Would folks be amenable to patches that would allow re-introducing this switch? Although I'm open to suggestions/comments on the approach, my intent was to create a perl program / modules for CPAN that would use acme-client to support both the dns-01 challenge and shipping certificates to other machines (think of the IMAPS use case, as an example). Devin
acme-client missing man-page bug item?
I'm testing a git-based version of acme-client on OpenBSD 6.0 at the moment and visually comparing source with that in CVS, but this is relevant to OpenBSD 6.1 so bear with me here. In the git version in revokeproc.c about line 237 we see the following comment following the "Parse the SAN line" text: we don't allowing removing domains from certificates This behavior matches what I saw empirically, which is why I went looking at the source. Inspection of the OpenBSD CVS source, although it doesn't have that comment, appears to follow the same logic. I'm still wading through the ACME protocol spec, but so far I've not seen anything that would prohibit removal of the domain. So my question is: Is this behavior something that should be mentioned in the BUGS section of the man page? Or am I missing something in the protocol spec? To be clear, this would exhibit itself if you took a running configuration of: domain example.com { alternative names { secure.example.com www.example.com } ... } and changed it to: domain example.com { alternative names { www.example.com } ... } Devin
tcsetpgrp(3) can set errno to EINTR
If tcsetpgrp() is called by a background process and there is a SIGTTOU handler installed without SA_RESTART set, tcsetpgrp() will return -1 and set errno to EINTR. Index: lib/libc/termios/tcsetpgrp.3 === RCS file: /cvs/src/lib/libc/termios/tcsetpgrp.3,v retrieving revision 1.13 diff -u -p -u -r1.13 tcsetpgrp.3 --- lib/libc/termios/tcsetpgrp.310 Jul 2016 00:48:21 - 1.13 +++ lib/libc/termios/tcsetpgrp.37 Mar 2017 18:47:51 - @@ -77,6 +77,10 @@ is set to indicate the error, as follows The .Fa fd argument is not a valid file descriptor. +.It Bq Er EINTR +The +.Fn tcsetpgrp +function was interrupted by a signal. .It Bq Er EINVAL An invalid value of .Fa pgrp_id
Re: etherip(4) counters tweak
On Tue, Mar 07, 2017 at 06:53:56PM +0100, Jeremie Courreges-Anglas wrote: > > The diff below renames the members of struct etheripstat to match other > *stat counters: "etherip_foo" -> "etherips_foo". It also moves them all > to u_int64_t to mkae the conversion to percpu counters cleaner. > > https://codesearch.debian.net/search?q=etheripstat returns no match and > shells/nsh doesn't use this, so I think it's safe ports-wise - I can > handle the fallout anyway. > > ok? I like consistency. OK bluhm@ But remember to convert src/usr.bin/netstat/inet.c. > Index: net/if_etherip.c > === > RCS file: /d/cvs/src/sys/net/if_etherip.c,v > retrieving revision 1.14 > diff -u -p -r1.14 if_etherip.c > --- net/if_etherip.c 29 Jan 2017 19:58:47 - 1.14 > +++ net/if_etherip.c 7 Mar 2017 17:28:35 - > @@ -366,7 +366,7 @@ ip_etherip_output(struct ifnet *ifp, str > > M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return ENOBUFS; > } > eip = mtod(m, struct etherip_header *); > @@ -376,7 +376,7 @@ ip_etherip_output(struct ifnet *ifp, str > > M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return ENOBUFS; > } > ip = mtod(m, struct ip *); > @@ -397,8 +397,8 @@ ip_etherip_output(struct ifnet *ifp, str > #if NPF > 0 > pf_pkt_addr_changed(m); > #endif > - etheripstat.etherip_opackets++; > - etheripstat.etherip_obytes += (m->m_pkthdr.len - > + etheripstat.etherips_opackets++; > + etheripstat.etherips_obytes += (m->m_pkthdr.len - > (sizeof(struct ip) + sizeof(struct etherip_header))); > > return ip_output(m, NULL, NULL, IP_RAWOUTPUT, NULL, NULL, 0); > @@ -425,7 +425,7 @@ ip_etherip_input(struct mbuf **mp, int * > > if (!etherip_allow) { > m_freem(m); > - etheripstat.etherip_pdrops++; > + etheripstat.etherips_pdrops++; > return IPPROTO_DONE; > } > > @@ -455,7 +455,7 @@ ip_etherip_input(struct mbuf **mp, int * >*/ > return etherip_input(mp, offp, proto); > #else > - etheripstat.etherip_noifdrops++; > + etheripstat.etherips_noifdrops++; > m_freem(m); > return IPPROTO_DONE; > #endif /* NGIF */ > @@ -464,25 +464,25 @@ ip_etherip_input(struct mbuf **mp, int * > m_adj(m, *offp); > m = m_pullup(m, sizeof(struct etherip_header)); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return IPPROTO_DONE; > } > > eip = mtod(m, struct etherip_header *); > if (eip->eip_ver != ETHERIP_VERSION || eip->eip_pad) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > m_freem(m); > return IPPROTO_DONE; > } > > - etheripstat.etherip_ipackets++; > - etheripstat.etherip_ibytes += (m->m_pkthdr.len - > + etheripstat.etherips_ipackets++; > + etheripstat.etherips_ibytes += (m->m_pkthdr.len - > sizeof(struct etherip_header)); > > m_adj(m, sizeof(struct etherip_header)); > m = m_pullup(m, sizeof(struct ether_header)); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return IPPROTO_DONE; > } > m->m_flags &= ~(M_BCAST|M_MCAST); > @@ -523,7 +523,7 @@ ip6_etherip_output(struct ifnet *ifp, st > > M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return ENOBUFS; > } > eip = mtod(m, struct etherip_header *); > @@ -533,7 +533,7 @@ ip6_etherip_output(struct ifnet *ifp, st > > M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); > if (m == NULL) { > - etheripstat.etherip_adrops++; > + etheripstat.etherips_adrops++; > return ENOBUFS; > } > ip6 = mtod(m, struct ip6_hdr *); > @@ -555,8 +555,8 @@ ip6_etherip_output(struct ifnet *ifp, st > #if NPF > 0 > pf_pkt_addr_changed(m); > #endif > - etheripstat.etherip_opackets++; > - etheripstat.etherip_obytes += (m->m_pkthdr.len - > + etheripstat.etherips_opackets++; > + etheripstat.etherips_obytes += (m->m_pkthdr.len - > (sizeof(struct ip6_hdr) + sizeof(struct etherip_header))); > > return ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL); > @@ -581,7 +581,7 @@ ip6_etherip_input(struct mbuf **mp, int > > if (!etherip_allow) { > m_freem(m); > -
Re: ip_ipip.c / gif(4) percpu counters
On Tue, Mar 07, 2017 at 06:16:30PM +0100, Jeremie Courreges-Anglas wrote: > > I failed to find a nice place where to initialize the counters. The > code that uses counters is reachable even if gif(4) isn't compiled in. > > I can think of 3 obvious ways to call the init function. > > 1. call ipip_init() through .pr_init. The idea would be to call >ipip_init() once per protosw entry that needs it, so the function >should return early if it was already run. > > 2. call ipip_init() from ip_init(), after all ip_init() is always >compiled in. > > 3. call ipip_init() from init_main.c. > > The diff implements option 3, but what do you folks prefer? > Thoughts / ok? I would use option 2 as ip_ipip.c is always comiled in. Then you don't need the "if (ipipcounters == NULL)" check. OK bluhm@ > > > Index: kern/init_main.c > === > RCS file: /d/cvs/src/sys/kern/init_main.c,v > retrieving revision 1.267 > diff -u -p -r1.267 init_main.c > --- kern/init_main.c 6 Mar 2017 10:48:16 - 1.267 > +++ kern/init_main.c 7 Mar 2017 14:20:17 - > @@ -147,6 +147,7 @@ void taskq_init(void); > void timeout_proc_init(void); > void pool_gc_pages(void *); > void percpu_init(void); > +void ipip_init(void); > > extern char sigcode[], esigcode[], sigcoderet[]; > #ifdef SYSCALL_DEBUG > @@ -364,6 +365,9 @@ main(void *framep) > > /* Per CPU memory allocation */ > percpu_init(); > + > + /* IP-in-IP memory allocation */ > + ipip_init(); > > /* Initialize the file systems. */ > #if defined(NFSSERVER) || defined(NFSCLIENT) > Index: netinet/ip_ipip.c > === > RCS file: /d/cvs/src/sys/netinet/ip_ipip.c,v > retrieving revision 1.71 > diff -u -p -r1.71 ip_ipip.c > --- netinet/ip_ipip.c 29 Jan 2017 19:58:47 - 1.71 > +++ netinet/ip_ipip.c 7 Mar 2017 14:20:17 - > @@ -84,7 +84,14 @@ > */ > int ipip_allow = 0; > > -struct ipipstat ipipstat; > +struct cpumem *ipipcounters; > + > +void > +ipip_init(void) > +{ > + if (ipipcounters == NULL) > + ipipcounters = counters_alloc(ipips_ncounters); > +} > > /* > * Really only a wrapper for ipip_input(), for use with pr_input. > @@ -95,7 +102,7 @@ ip4_input(struct mbuf **mp, int *offp, i > /* If we do not accept IP-in-IP explicitly, drop. */ > if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { > DPRINTF(("ip4_input(): dropped due to policy\n")); > - ipipstat.ipips_pdrops++; > + ipipstat_inc(ipips_pdrops); > m_freem(*mp); > return IPPROTO_DONE; > } > @@ -129,7 +136,7 @@ ipip_input(struct mbuf **mp, int *offp, > u_int8_t v; > sa_family_t af; > > - ipipstat.ipips_ipackets++; > + ipipstat_inc(ipips_ipackets); > > m_copydata(m, 0, 1, ); > > @@ -143,7 +150,7 @@ ipip_input(struct mbuf **mp, int *offp, > break; > #endif > default: > - ipipstat.ipips_family++; > + ipipstat_inc(ipips_family); > m_freem(m); > return IPPROTO_DONE; > } > @@ -152,7 +159,7 @@ ipip_input(struct mbuf **mp, int *offp, > if (m->m_len < hlen) { > if ((m = m_pullup(m, hlen)) == NULL) { > DPRINTF(("ipip_input(): m_pullup() failed\n")); > - ipipstat.ipips_hdrops++; > + ipipstat_inc(ipips_hdrops); > return IPPROTO_DONE; > } > } > @@ -179,7 +186,7 @@ ipip_input(struct mbuf **mp, int *offp, > > /* Sanity check */ > if (m->m_pkthdr.len < sizeof(struct ip)) { > - ipipstat.ipips_hdrops++; > + ipipstat_inc(ipips_hdrops); > m_freem(m); > return IPPROTO_DONE; > } > @@ -195,7 +202,7 @@ ipip_input(struct mbuf **mp, int *offp, > break; > #endif > default: > - ipipstat.ipips_family++; > + ipipstat_inc(ipips_family); > m_freem(m); > return IPPROTO_DONE; > } > @@ -206,7 +213,7 @@ ipip_input(struct mbuf **mp, int *offp, > if (m->m_len < hlen) { > if ((m = m_pullup(m, hlen)) == NULL) { > DPRINTF(("ipip_input(): m_pullup() failed\n")); > - ipipstat.ipips_hdrops++; > + ipipstat_inc(ipips_hdrops); > return IPPROTO_DONE; > } > } > @@ -229,7 +236,7 @@ ipip_input(struct mbuf **mp, int *offp, > ECN_ALLOWED_IPSEC : ECN_ALLOWED; > if (!ip_ecn_egress(mode, , >ip_tos)) { > DPRINTF(("ipip_input(): ip_ecn_egress() failed")); > - ipipstat.ipips_pdrops++; > + ipipstat_inc(ipips_pdrops); > m_freem(m); > return
etherip(4) counters tweak
The diff below renames the members of struct etheripstat to match other *stat counters: "etherip_foo" -> "etherips_foo". It also moves them all to u_int64_t to mkae the conversion to percpu counters cleaner. https://codesearch.debian.net/search?q=etheripstat returns no match and shells/nsh doesn't use this, so I think it's safe ports-wise - I can handle the fallout anyway. ok? Index: net/if_etherip.c === RCS file: /d/cvs/src/sys/net/if_etherip.c,v retrieving revision 1.14 diff -u -p -r1.14 if_etherip.c --- net/if_etherip.c29 Jan 2017 19:58:47 - 1.14 +++ net/if_etherip.c7 Mar 2017 17:28:35 - @@ -366,7 +366,7 @@ ip_etherip_output(struct ifnet *ifp, str M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return ENOBUFS; } eip = mtod(m, struct etherip_header *); @@ -376,7 +376,7 @@ ip_etherip_output(struct ifnet *ifp, str M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return ENOBUFS; } ip = mtod(m, struct ip *); @@ -397,8 +397,8 @@ ip_etherip_output(struct ifnet *ifp, str #if NPF > 0 pf_pkt_addr_changed(m); #endif - etheripstat.etherip_opackets++; - etheripstat.etherip_obytes += (m->m_pkthdr.len - + etheripstat.etherips_opackets++; + etheripstat.etherips_obytes += (m->m_pkthdr.len - (sizeof(struct ip) + sizeof(struct etherip_header))); return ip_output(m, NULL, NULL, IP_RAWOUTPUT, NULL, NULL, 0); @@ -425,7 +425,7 @@ ip_etherip_input(struct mbuf **mp, int * if (!etherip_allow) { m_freem(m); - etheripstat.etherip_pdrops++; + etheripstat.etherips_pdrops++; return IPPROTO_DONE; } @@ -455,7 +455,7 @@ ip_etherip_input(struct mbuf **mp, int * */ return etherip_input(mp, offp, proto); #else - etheripstat.etherip_noifdrops++; + etheripstat.etherips_noifdrops++; m_freem(m); return IPPROTO_DONE; #endif /* NGIF */ @@ -464,25 +464,25 @@ ip_etherip_input(struct mbuf **mp, int * m_adj(m, *offp); m = m_pullup(m, sizeof(struct etherip_header)); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return IPPROTO_DONE; } eip = mtod(m, struct etherip_header *); if (eip->eip_ver != ETHERIP_VERSION || eip->eip_pad) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; m_freem(m); return IPPROTO_DONE; } - etheripstat.etherip_ipackets++; - etheripstat.etherip_ibytes += (m->m_pkthdr.len - + etheripstat.etherips_ipackets++; + etheripstat.etherips_ibytes += (m->m_pkthdr.len - sizeof(struct etherip_header)); m_adj(m, sizeof(struct etherip_header)); m = m_pullup(m, sizeof(struct ether_header)); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return IPPROTO_DONE; } m->m_flags &= ~(M_BCAST|M_MCAST); @@ -523,7 +523,7 @@ ip6_etherip_output(struct ifnet *ifp, st M_PREPEND(m, sizeof(struct etherip_header), M_DONTWAIT); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return ENOBUFS; } eip = mtod(m, struct etherip_header *); @@ -533,7 +533,7 @@ ip6_etherip_output(struct ifnet *ifp, st M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == NULL) { - etheripstat.etherip_adrops++; + etheripstat.etherips_adrops++; return ENOBUFS; } ip6 = mtod(m, struct ip6_hdr *); @@ -555,8 +555,8 @@ ip6_etherip_output(struct ifnet *ifp, st #if NPF > 0 pf_pkt_addr_changed(m); #endif - etheripstat.etherip_opackets++; - etheripstat.etherip_obytes += (m->m_pkthdr.len - + etheripstat.etherips_opackets++; + etheripstat.etherips_obytes += (m->m_pkthdr.len - (sizeof(struct ip6_hdr) + sizeof(struct etherip_header))); return ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL); @@ -581,7 +581,7 @@ ip6_etherip_input(struct mbuf **mp, int if (!etherip_allow) { m_freem(m); - etheripstat.etherip_pdrops++; + etheripstat.etherips_pdrops++; return IPPROTO_NONE; } @@ -615,7 +615,7 @@ ip6_etherip_input(struct mbuf **mp, int */ return
ip_ipip.c / gif(4) percpu counters
I failed to find a nice place where to initialize the counters. The code that uses counters is reachable even if gif(4) isn't compiled in. I can think of 3 obvious ways to call the init function. 1. call ipip_init() through .pr_init. The idea would be to call ipip_init() once per protosw entry that needs it, so the function should return early if it was already run. 2. call ipip_init() from ip_init(), after all ip_init() is always compiled in. 3. call ipip_init() from init_main.c. The diff implements option 3, but what do you folks prefer? Thoughts / ok? Index: kern/init_main.c === RCS file: /d/cvs/src/sys/kern/init_main.c,v retrieving revision 1.267 diff -u -p -r1.267 init_main.c --- kern/init_main.c6 Mar 2017 10:48:16 - 1.267 +++ kern/init_main.c7 Mar 2017 14:20:17 - @@ -147,6 +147,7 @@ voidtaskq_init(void); void timeout_proc_init(void); void pool_gc_pages(void *); void percpu_init(void); +void ipip_init(void); extern char sigcode[], esigcode[], sigcoderet[]; #ifdef SYSCALL_DEBUG @@ -364,6 +365,9 @@ main(void *framep) /* Per CPU memory allocation */ percpu_init(); + + /* IP-in-IP memory allocation */ + ipip_init(); /* Initialize the file systems. */ #if defined(NFSSERVER) || defined(NFSCLIENT) Index: netinet/ip_ipip.c === RCS file: /d/cvs/src/sys/netinet/ip_ipip.c,v retrieving revision 1.71 diff -u -p -r1.71 ip_ipip.c --- netinet/ip_ipip.c 29 Jan 2017 19:58:47 - 1.71 +++ netinet/ip_ipip.c 7 Mar 2017 14:20:17 - @@ -84,7 +84,14 @@ */ int ipip_allow = 0; -struct ipipstat ipipstat; +struct cpumem *ipipcounters; + +void +ipip_init(void) +{ + if (ipipcounters == NULL) + ipipcounters = counters_alloc(ipips_ncounters); +} /* * Really only a wrapper for ipip_input(), for use with pr_input. @@ -95,7 +102,7 @@ ip4_input(struct mbuf **mp, int *offp, i /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { DPRINTF(("ip4_input(): dropped due to policy\n")); - ipipstat.ipips_pdrops++; + ipipstat_inc(ipips_pdrops); m_freem(*mp); return IPPROTO_DONE; } @@ -129,7 +136,7 @@ ipip_input(struct mbuf **mp, int *offp, u_int8_t v; sa_family_t af; - ipipstat.ipips_ipackets++; + ipipstat_inc(ipips_ipackets); m_copydata(m, 0, 1, ); @@ -143,7 +150,7 @@ ipip_input(struct mbuf **mp, int *offp, break; #endif default: - ipipstat.ipips_family++; + ipipstat_inc(ipips_family); m_freem(m); return IPPROTO_DONE; } @@ -152,7 +159,7 @@ ipip_input(struct mbuf **mp, int *offp, if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { DPRINTF(("ipip_input(): m_pullup() failed\n")); - ipipstat.ipips_hdrops++; + ipipstat_inc(ipips_hdrops); return IPPROTO_DONE; } } @@ -179,7 +186,7 @@ ipip_input(struct mbuf **mp, int *offp, /* Sanity check */ if (m->m_pkthdr.len < sizeof(struct ip)) { - ipipstat.ipips_hdrops++; + ipipstat_inc(ipips_hdrops); m_freem(m); return IPPROTO_DONE; } @@ -195,7 +202,7 @@ ipip_input(struct mbuf **mp, int *offp, break; #endif default: - ipipstat.ipips_family++; + ipipstat_inc(ipips_family); m_freem(m); return IPPROTO_DONE; } @@ -206,7 +213,7 @@ ipip_input(struct mbuf **mp, int *offp, if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { DPRINTF(("ipip_input(): m_pullup() failed\n")); - ipipstat.ipips_hdrops++; + ipipstat_inc(ipips_hdrops); return IPPROTO_DONE; } } @@ -229,7 +236,7 @@ ipip_input(struct mbuf **mp, int *offp, ECN_ALLOWED_IPSEC : ECN_ALLOWED; if (!ip_ecn_egress(mode, , >ip_tos)) { DPRINTF(("ipip_input(): ip_ecn_egress() failed")); - ipipstat.ipips_pdrops++; + ipipstat_inc(ipips_pdrops); m_freem(m); return IPPROTO_DONE; } @@ -249,7 +256,7 @@ ipip_input(struct mbuf **mp, int *offp, itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; if (!ip_ecn_egress(ECN_ALLOWED, , )) { DPRINTF(("ipip_input(): ip_ecn_egress() failed")); - ipipstat.ipips_pdrops++; +
USB use-after-fruit
ehrhardt@ reported to me a use-after-free in USB polling mode, turns out it's a design problem. That means there's a lot of them. That's scary. Diff below is a small piece of a huge fix. It concerns root hub codes. To keep it short, it is not safe to dereference ``xfer'' after having called usb_transfer_complete(). Internally usb_transfer_complete() calls a callback that in some situations free the ``xfer''. So in this case we should not return USBD_IN_PROGRESS, because doing so will make usb_transfer() do the following check: 341:s = splusb(); 342:while (!xfer->done) { ... ...and that's a user-after-free. Instead return USBD_NORMAL_COMPLETION or the corresponding error code. Index: ehci.c === RCS file: /cvs/src/sys/dev/usb/ehci.c,v retrieving revision 1.195 diff -u -p -r1.195 ehci.c --- ehci.c 8 Nov 2016 10:31:30 - 1.195 +++ ehci.c 7 Mar 2017 14:58:12 - @@ -2170,7 +2170,7 @@ ehci_root_ctrl_start(struct usbd_xfer *x s = splusb(); usb_transfer_complete(xfer); splx(s); - return (USBD_IN_PROGRESS); + return (err); } void Index: ohci.c === RCS file: /cvs/src/sys/dev/usb/ohci.c,v retrieving revision 1.147 diff -u -p -r1.147 ohci.c --- ohci.c 15 Sep 2016 02:00:17 - 1.147 +++ ohci.c 7 Mar 2017 14:58:33 - @@ -2587,7 +2587,7 @@ ohci_root_ctrl_start(struct usbd_xfer *x s = splusb(); usb_transfer_complete(xfer); splx(s); - return (USBD_IN_PROGRESS); + return (err); } /* Abort a root control request. */ Index: uhci.c === RCS file: /cvs/src/sys/dev/usb/uhci.c,v retrieving revision 1.140 diff -u -p -r1.140 uhci.c --- uhci.c 2 Feb 2017 22:31:05 - 1.140 +++ uhci.c 7 Mar 2017 14:59:26 - @@ -3231,7 +3231,7 @@ uhci_root_ctrl_start(struct usbd_xfer *x s = splusb(); usb_transfer_complete(xfer); splx(s); - return (USBD_IN_PROGRESS); + return (err); } /* Abort a root control request. */ Index: usbdi.c === RCS file: /cvs/src/sys/dev/usb/usbdi.c,v retrieving revision 1.87 diff -u -p -r1.87 usbdi.c --- usbdi.c 6 Mar 2017 12:13:58 - 1.87 +++ usbdi.c 7 Mar 2017 14:59:25 - @@ -322,7 +322,7 @@ usbd_transfer(struct usbd_xfer *xfer) err = pipe->methods->transfer(xfer); - if (err != USBD_IN_PROGRESS && err) { + if (err != USBD_IN_PROGRESS && err != USBD_NORMAL_COMPLETION) { /* The transfer has not been queued, so free buffer. */ if (xfer->rqflags & URQ_AUTO_DMABUF) { struct usbd_bus *bus = pipe->device->bus; Index: xhci.c === RCS file: /cvs/src/sys/dev/usb/xhci.c,v retrieving revision 1.70 diff -u -p -r1.70 xhci.c --- xhci.c 8 Nov 2016 10:31:30 - 1.70 +++ xhci.c 7 Mar 2017 14:58:23 - @@ -2366,7 +2366,7 @@ ret: s = splusb(); usb_transfer_complete(xfer); splx(s); - return (USBD_IN_PROGRESS); + return (err); } Index: dwc2/dwc2.c === RCS file: /cvs/src/sys/dev/usb/dwc2/dwc2.c,v retrieving revision 1.41 diff -u -p -r1.41 dwc2.c --- dwc2/dwc2.c 16 Feb 2017 14:09:00 - 1.41 +++ dwc2/dwc2.c 7 Mar 2017 14:59:26 - @@ -874,7 +874,7 @@ fail: usb_transfer_complete(xfer); splx(s); - return USBD_IN_PROGRESS; + return err; } STATIC void
Re: priq: convert to mbuf lists
On 7 March 2017 at 02:32, David Gwynnewrote: > >> On 2 Mar 2017, at 21:19, Mike Belopuhov wrote: >> >> On Thu, Mar 02, 2017 at 10:11 +0100, Martin Pieuchot wrote: >>> On 02/03/17(Thu) 01:16, Mike Belopuhov wrote: On 2 March 2017 at 00:56, David Gwynne wrote: > >> On 2 Mar 2017, at 06:43, Mike Belopuhov wrote: >> >> This convers hand rolled lists into exactly the same mbuf_lists. >> I need this because of the next diff that uses the ml_len packet >> counter that mbuf_lists have. Otherwise there's no functional >> change. > > i didnt use mbuf lists here because they have an extra counter > that isnt, or wasnt, needed. > > im not sure you need to know how long a list is in your later > diff, you just need to know if it is not empty. you can do that > by checking if the head is NULL. > true, i was thinking about clarifying this, but i like the "declarativeness" of the length check. i don't think that an extra counter is a big deal. also mbuf lists make this code look simpler which is a good thing, imo. >>> >>> I agree. I find the code much easier to understand with mikeb@'s diff. >>> >>> IMHO we should avoid hand-rolled lists. >>> >>> ok mpi@ >>> >> >> Here's an updated diff with suggestions from bluhm@ and it's >> even slimmer now but I don't mind either way. If David isn't >> comfortable with this change, we don't have to do it. > > im really not keen, but i guess i will submit to populism if > everyone else feels strongly about this. > I've pondered it a bit more and while I didn't think I care too much, while rebasing I've realised that I'd be doing a disservice for everyone coming later to this code. What tipped the scales was how you used priq_deq_commit in the last diff for the lack of better API and I thought hell, there is a better API: mbuf_lists. It's just much more fitting. You've even invented it yourself! And besides I'm of opinion that priq_deq_begin and priq_deq_commit existence is purely accidental and they should be merged and drivers using them are doing it wrong from the QoS point of view (albeit not so much from the priq PoV).
Re: priq: proposed change in the behavior
On 7 March 2017 at 10:13, Martin Pieuchotwrote: > On 06/03/17(Mon) 23:13, Mike Belopuhov wrote: >> On Thu, Mar 02, 2017 at 14:23 +0100, Mike Belopuhov wrote: >> > On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote: >> > > the current code has been very careful not to free an mbuf while >> > > holding the ifq mutex. i would prefer to keep it that way. >> > > >> > > the least worst way to do that would be to return the mbuf to be >> > > dropped for ifq_enqueue to free. this is complicated because of the >> > > semantics that ifq_enqueue_try provides, but nothing uses that so >> > > we can get rid of it to support this. >> > > >> > > the diff below makes the ifq enq op return an mbuf to be freed, and >> > > gets rid of ifq_enqueue_try. that in turn should let you return >> > > this mbuf here rather than free it directly. >> > > >> > >> > The diff is OK by me provided that a fix like the one below is >> > included. We only need to return ENOBUFS when we've dropped >> > the very packet we were trying to enqueue since the error is >> > propagated up the stack to the userland. >> > >> >> >> Correction: we should do the "ifq->ifq_len++" block when we've >> successfully enqueued the packet we had. dm can refer to some >> other one, so technically queue stats need to be adjusted. > > I'm puzzled, if dm is not NULL we dropped a packet, no? In that > case the length of the queue did not change. So ``ifq_len'' > shouldn't be updated, right? > dlg has committed a cleaner version, but you're correct. the queue length shouldn't be updated. that was an oversight.
Re: 11n support for athn(4)
On 2017/03/07 10:40, Stefan Sperling wrote: > On Tue, Mar 07, 2017 at 07:12:43AM +0200, Timo Myyrä wrote: > > Can OpenBSD AP work on both frequencies at the same time or is that > > something > > not yet supported? > > No, that won't work. The hardware can do 'multi-BSS' which we don't > yet support but I believe that just means running separate SSIDs in > parallel on the same channel. That's correct. The hardware can also do client + hostap simultaenously, but again only on the same channel. APs which support simultaneous dual-band have two radios.
newfs_ext2fs: lost+found ifdefs
lost+found is always created and always has been, do the ifdefs need to stick around? -- Carlin Index: sbin/newfs_ext2fs/mke2fs.c === RCS file: /cvs/src/sbin/newfs_ext2fs/mke2fs.c,v retrieving revision 1.16 diff -u -p -u -r1.16 mke2fs.c --- sbin/newfs_ext2fs/mke2fs.c 14 Mar 2016 20:30:34 - 1.16 +++ sbin/newfs_ext2fs/mke2fs.c 7 Mar 2017 12:20:26 - @@ -853,39 +853,26 @@ cgoverhead(uint c) * Initialize the file system */ -#define LOSTDIR/* e2fsck complains if there is no lost+found */ - #definePREDEFDIR 2 - -#ifdef LOSTDIR #definePREDEFROOTDIR (PREDEFDIR + 1) -#else -#definePREDEFROOTDIR PREDEFDIR -#endif struct ext2fs_direct root_dir[] = { { EXT2_ROOTINO, 0, 1, 0, "." }, { EXT2_ROOTINO, 0, 2, 0, ".." }, -#ifdef LOSTDIR { EXT2_LOSTFOUNDINO, 0, 10, 0, "lost+found" }, -#endif }; -#ifdef LOSTDIR struct ext2fs_direct lost_found_dir[] = { { EXT2_LOSTFOUNDINO, 0, 1, 0, "." }, { EXT2_ROOTINO, 0, 2, 0, ".." }, }; struct ext2fs_direct pad_dir = { 0, sizeof(struct ext2fs_direct), 0, 0, "" }; -#endif int fsinit(const struct timeval *tv) { struct ext2fs_dinode node; -#ifdef LOSTDIR uint i, nblks_lostfound, blk; -#endif /* * Initialize the inode for the resizefs feature @@ -898,7 +885,6 @@ fsinit(const struct timeval *tv) * Initialize the node */ -#ifdef LOSTDIR /* * Create the lost+found directory */ @@ -949,7 +935,7 @@ fsinit(const struct timeval *tv) buf); } iput(, EXT2_LOSTFOUNDINO); -#endif + /* * create the root directory */ @@ -958,9 +944,7 @@ fsinit(const struct timeval *tv) sblock.e2fs.e2fs_features_incompat & EXT2F_INCOMPAT_FTYPE) { root_dir[0].e2d_type = EXT2_FT_DIR; root_dir[1].e2d_type = EXT2_FT_DIR; -#ifdef LOSTDIR root_dir[2].e2d_type = EXT2_FT_DIR; -#endif } node.e2di_mode = EXT2_IFDIR | EXT2_UMASK; node.e2di_uid_low = geteuid();
Mention maximum number of allowed fonts in wsfontload.8
Hi tech@, WSDISPLAY_MAXFONTCOUNT macro was introduced in sys/dev/wscons/wsconsio.h (revision 1.75) to limit the number of fonts that can be loaded. Reflect that in the man page as well. Comments? OK? Index: usr.sbin/wsfontload/wsfontload.8 === RCS file: /cvs/src/usr.sbin/wsfontload/wsfontload.8,v retrieving revision 1.19 diff -u -p -r1.19 wsfontload.8 --- usr.sbin/wsfontload/wsfontload.820 Oct 2013 13:22:44 - 1.19 +++ usr.sbin/wsfontload/wsfontload.87 Mar 2017 11:25:57 - @@ -112,6 +112,8 @@ and 12 for raster displays. No font files are provided with the wscons framework. The fonts installed by PCVT can be used instead, as can raw font files from other operating system distributions. +.Pp +A maximum of 8 fonts can be loaded. .Sh FILES .Bl -tag -width "/usr/share/misc/pcvtfonts/XX" -compact .\" .It Pa /etc/wscons.conf
Re: Fix style.9 offenders in includes
Frederic Cambuswrites: > Hi tech@, > > Here is a diff to fix style.9 offenders in includes. > > Prototypes should not have variable names associated with the types. IIRC some people just disagree with this rule. Variable names can help the developer, but can also clash with macro definitions. I believe this is why thrkill(2) uses names prefixed with '_'. Maybe we should amend the wording used in style(9) instead. > Comments? OK? ok for auth_setpwd(3), getpwnam_r(3), getpwuid_r(3) and pledge(2). I would leave others as is, or convert them to use prefixed names. > Index: bsd_auth.h > === > RCS file: /cvs/src/include/bsd_auth.h,v > retrieving revision 1.10 > diff -u -p -r1.10 bsd_auth.h > --- bsd_auth.h21 Apr 2014 11:27:34 - 1.10 > +++ bsd_auth.h26 Feb 2017 23:08:15 - > @@ -85,7 +85,7 @@ int auth_call(auth_session_t *, char *, > > int auth_setdata(auth_session_t *, void *, size_t); > int auth_setoption(auth_session_t *, char *, char *); > -int auth_setpwd(auth_session_t *, struct passwd *pwd); > +int auth_setpwd(auth_session_t *, struct passwd *); > void auth_set_va_list(auth_session_t *, __va_list); > > struct passwd *auth_getpwd(auth_session_t *); > Index: icdb.h > === > RCS file: /cvs/src/include/icdb.h,v > retrieving revision 1.4 > diff -u -p -r1.4 icdb.h > --- icdb.h4 Sep 2016 14:51:39 - 1.4 > +++ icdb.h26 Feb 2017 23:08:15 - > @@ -24,20 +24,19 @@ __BEGIN_DECLS > > struct icdb; > > -struct icdb *icdb_new(uint32_t version, uint32_t nentries, uint32_t > entrysize, > -uint32_t nkeys, const uint32_t *keysizes, const uint32_t *keyoffsets); > +struct icdb *icdb_new(uint32_t, uint32_t, uint32_t, uint32_t, > +const uint32_t *, const uint32_t *); > > -struct icdb *icdb_open(const char *name, int flags, uint32_t version); > -int icdb_get(struct icdb *db, void *entry, uint32_t idx); > -int icdb_lookup(struct icdb *db, int keynum, const void *key, void *entry, > -uint32_t *idxp); > -int icdb_nentries(struct icdb *db); > -const void *icdb_entries(struct icdb *db); > -int icdb_update(struct icdb *db, const void *entry, int offset); > -int icdb_add(struct icdb *db, const void *entry); > -int icdb_rehash(struct icdb *db); > -int icdb_save(struct icdb *db, int fd); > -int icdb_close(struct icdb *db); > +struct icdb *icdb_open(const char *, int, uint32_t); > +int icdb_get(struct icdb *, void *, uint32_t); > +int icdb_lookup(struct icdb *, int, const void *, void *, uint32_t *); > +int icdb_nentries(struct icdb *); > +const void *icdb_entries(struct icdb *); > +int icdb_update(struct icdb *, const void *, int); > +int icdb_add(struct icdb *, const void *); > +int icdb_rehash(struct icdb *); > +int icdb_save(struct icdb *, int); > +int icdb_close(struct icdb *); > > __END_DECLS > > Index: pwd.h > === > RCS file: /cvs/src/include/pwd.h,v > retrieving revision 1.24 > diff -u -p -r1.24 pwd.h > --- pwd.h 18 Nov 2015 16:44:46 - 1.24 > +++ pwd.h 26 Feb 2017 23:08:15 - > @@ -96,9 +96,9 @@ struct passwd *getpwnam(const char *); > struct passwd*getpwuid_shadow(uid_t); > struct passwd*getpwnam_shadow(const char *); > int getpwnam_r(const char *, struct passwd *, char *, size_t, > - struct passwd **result); > -int getpwuid_r(uid_t uid, struct passwd *, char *buf, size_t buflen, > - struct passwd **result); > + struct passwd **); > +int getpwuid_r(uid_t, struct passwd *, char *, size_t, > + struct passwd **); > #if __BSD_VISIBLE || __XPG_VISIBLE > struct passwd*getpwent(void); > void setpwent(void); > Index: signal.h > === > RCS file: /cvs/src/include/signal.h,v > retrieving revision 1.25 > diff -u -p -r1.25 signal.h > --- signal.h 9 May 2016 23:55:52 - 1.25 > +++ signal.h 26 Feb 2017 23:08:15 - > @@ -124,7 +124,7 @@ int sigaltstack(const struct sigaltstack > int sigblock(int); > int sigsetmask(int); > int sigvec(int, struct sigvec *, struct sigvec *); > -int thrkill(pid_t _tid, int _signum, void *_tcb); > +int thrkill(pid_t, int, void *); > #endif > #endif /* __BSD_VISIBLE || __XPG_VISIBLE >= 420 */ > #if __BSD_VISIBLE || __POSIX_VISIBLE >= 199309 || __XPG_VISIBLE >= 500 > Index: unistd.h > === > RCS file: /cvs/src/include/unistd.h,v > retrieving revision 1.103 > diff -u -p -r1.103 unistd.h > --- unistd.h 12 Sep 2016 19:36:26 - 1.103 > +++ unistd.h 26 Feb 2017 23:08:15 - > @@ -519,10 +519,10 @@ int setresgid(gid_t, gid_t, gid_t); > int setresuid(uid_t, uid_t, uid_t); > void
Unneeded splnet()/splx() in carp(4)
carp(4), as a pseudo-interface, is always executed in the 'softnet' thread. Using splnet()/splx() might have been relevant when link-state handlers where directly executed from hardware interrupt handlers. But nowadays everything is run under the NET_LOCK() in a thread context, so let's get rid of these superfluous splnet()/splx() dances. ok? Index: netinet/ip_carp.c === RCS file: /cvs/src/sys/netinet/ip_carp.c,v retrieving revision 1.302 diff -u -p -r1.302 ip_carp.c --- netinet/ip_carp.c 20 Feb 2017 06:29:42 - 1.302 +++ netinet/ip_carp.c 7 Mar 2017 10:05:08 - @@ -898,7 +898,6 @@ carpdetach(struct carp_softc *sc) { struct ifnet *ifp0; struct carp_if *cif; - int s; carp_del_all_timeouts(sc); @@ -926,7 +925,6 @@ carpdetach(struct carp_softc *sc) /* Restore previous input handler. */ if_ih_remove(ifp0, carp_input, cif); - s = splnet(); if (sc->lh_cookie != NULL) hook_disestablish(ifp0->if_linkstatehooks, sc->lh_cookie); @@ -938,7 +936,6 @@ carpdetach(struct carp_softc *sc) free(cif, M_IFADDR, sizeof(*cif)); } sc->sc_carpdev = NULL; - splx(s); } /* Detach an interface from the carp. */ @@ -1680,7 +1677,6 @@ carp_set_ifp(struct carp_softc *sc, stru struct carp_if *cif, *ncif = NULL; struct carp_softc *vr, *last = NULL, *after = NULL; int myself = 0, error = 0; - int s; KASSERT(ifp0 != sc->sc_carpdev); KERNEL_ASSERT_LOCKED(); /* touching vhif_vrs */ @@ -1754,9 +1750,7 @@ carp_set_ifp(struct carp_softc *sc, stru /* Change input handler of the physical interface. */ if_ih_insert(ifp0, carp_input, cif); - s = splnet(); carp_carpdev_state(ifp0); - splx(s); return (0); }
Sync nfs_connect w/ sys_connect
This code is mostly a copy of what's done in sys_connect(), so sync it to use solock()/sosleep()/sounlock() instead of splsoftnet()/splx(). ok? Index: nfs/nfs_socket.c === RCS file: /cvs/src/sys/nfs/nfs_socket.c,v retrieving revision 1.114 diff -u -p -r1.114 nfs_socket.c --- nfs/nfs_socket.c3 Mar 2017 09:41:20 - 1.114 +++ nfs/nfs_socket.c7 Mar 2017 09:53:02 - @@ -306,25 +306,24 @@ nfs_connect(struct nfsmount *nmp, struct * connect system call but with the wait timing out so * that interruptible mounts don't hang here for a long time. */ - s = splsoftnet(); + s = solock(so); while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) { - (void) tsleep((caddr_t)>so_timeo, PSOCK, - "nfscon", 2 * hz); + sosleep(so, >so_timeo, PSOCK, "nfscon", 2 * hz); if ((so->so_state & SS_ISCONNECTING) && so->so_error == 0 && rep && (error = nfs_sigintr(nmp, rep, rep->r_procp)) != 0){ so->so_state &= ~SS_ISCONNECTING; - splx(s); + sounlock(s); goto bad; } } if (so->so_error) { error = so->so_error; so->so_error = 0; - splx(s); + sounlock(s); goto bad; } - splx(s); + sounlock(s); } /* * Always set receive timeout to detect server crash and reconnect.
Fix style.9 offenders in includes
Hi tech@, Here is a diff to fix style.9 offenders in includes. Prototypes should not have variable names associated with the types. Comments? OK? Index: bsd_auth.h === RCS file: /cvs/src/include/bsd_auth.h,v retrieving revision 1.10 diff -u -p -r1.10 bsd_auth.h --- bsd_auth.h 21 Apr 2014 11:27:34 - 1.10 +++ bsd_auth.h 26 Feb 2017 23:08:15 - @@ -85,7 +85,7 @@ intauth_call(auth_session_t *, char *, int auth_setdata(auth_session_t *, void *, size_t); int auth_setoption(auth_session_t *, char *, char *); -int auth_setpwd(auth_session_t *, struct passwd *pwd); +int auth_setpwd(auth_session_t *, struct passwd *); voidauth_set_va_list(auth_session_t *, __va_list); struct passwd *auth_getpwd(auth_session_t *); Index: icdb.h === RCS file: /cvs/src/include/icdb.h,v retrieving revision 1.4 diff -u -p -r1.4 icdb.h --- icdb.h 4 Sep 2016 14:51:39 - 1.4 +++ icdb.h 26 Feb 2017 23:08:15 - @@ -24,20 +24,19 @@ __BEGIN_DECLS struct icdb; -struct icdb *icdb_new(uint32_t version, uint32_t nentries, uint32_t entrysize, -uint32_t nkeys, const uint32_t *keysizes, const uint32_t *keyoffsets); +struct icdb *icdb_new(uint32_t, uint32_t, uint32_t, uint32_t, +const uint32_t *, const uint32_t *); -struct icdb *icdb_open(const char *name, int flags, uint32_t version); -int icdb_get(struct icdb *db, void *entry, uint32_t idx); -int icdb_lookup(struct icdb *db, int keynum, const void *key, void *entry, -uint32_t *idxp); -int icdb_nentries(struct icdb *db); -const void *icdb_entries(struct icdb *db); -int icdb_update(struct icdb *db, const void *entry, int offset); -int icdb_add(struct icdb *db, const void *entry); -int icdb_rehash(struct icdb *db); -int icdb_save(struct icdb *db, int fd); -int icdb_close(struct icdb *db); +struct icdb *icdb_open(const char *, int, uint32_t); +int icdb_get(struct icdb *, void *, uint32_t); +int icdb_lookup(struct icdb *, int, const void *, void *, uint32_t *); +int icdb_nentries(struct icdb *); +const void *icdb_entries(struct icdb *); +int icdb_update(struct icdb *, const void *, int); +int icdb_add(struct icdb *, const void *); +int icdb_rehash(struct icdb *); +int icdb_save(struct icdb *, int); +int icdb_close(struct icdb *); __END_DECLS Index: pwd.h === RCS file: /cvs/src/include/pwd.h,v retrieving revision 1.24 diff -u -p -r1.24 pwd.h --- pwd.h 18 Nov 2015 16:44:46 - 1.24 +++ pwd.h 26 Feb 2017 23:08:15 - @@ -96,9 +96,9 @@ struct passwd *getpwnam(const char *); struct passwd *getpwuid_shadow(uid_t); struct passwd *getpwnam_shadow(const char *); intgetpwnam_r(const char *, struct passwd *, char *, size_t, - struct passwd **result); -intgetpwuid_r(uid_t uid, struct passwd *, char *buf, size_t buflen, - struct passwd **result); + struct passwd **); +intgetpwuid_r(uid_t, struct passwd *, char *, size_t, + struct passwd **); #if __BSD_VISIBLE || __XPG_VISIBLE struct passwd *getpwent(void); voidsetpwent(void); Index: signal.h === RCS file: /cvs/src/include/signal.h,v retrieving revision 1.25 diff -u -p -r1.25 signal.h --- signal.h9 May 2016 23:55:52 - 1.25 +++ signal.h26 Feb 2017 23:08:15 - @@ -124,7 +124,7 @@ int sigaltstack(const struct sigaltstack intsigblock(int); intsigsetmask(int); intsigvec(int, struct sigvec *, struct sigvec *); -intthrkill(pid_t _tid, int _signum, void *_tcb); +intthrkill(pid_t, int, void *); #endif #endif /* __BSD_VISIBLE || __XPG_VISIBLE >= 420 */ #if __BSD_VISIBLE || __POSIX_VISIBLE >= 199309 || __XPG_VISIBLE >= 500 Index: unistd.h === RCS file: /cvs/src/include/unistd.h,v retrieving revision 1.103 diff -u -p -r1.103 unistd.h --- unistd.h12 Sep 2016 19:36:26 - 1.103 +++ unistd.h26 Feb 2017 23:08:15 - @@ -519,10 +519,10 @@ intsetresgid(gid_t, gid_t, gid_t); int setresuid(uid_t, uid_t, uid_t); voidsetusershell(void); int strtofflags(char **, u_int32_t *, u_int32_t *); -int swapctl(int cmd, const void *arg, int misc); +int swapctl(int, const void *, int); int syscall(int, ...); int getentropy(void *, size_t); -int pledge(const char *, const char **paths); +int pledge(const char *, const char **); pid_t __tfork_thread(const struct __tfork *, size_t, void (*)(void *), void *); #endif /* __BSD_VISIBLE */
routing sockets & splsoftnet()
Remove unnecessary splsoftnet()/splx() dances. Routing sockets do not need the NET_LOCK() and in the code below the SPL has been raised to shut up an assert, so they are no longer needed. ok? Index: net/rtsock.c === RCS file: /cvs/src/sys/net/rtsock.c,v retrieving revision 1.232 diff -u -p -r1.232 rtsock.c --- net/rtsock.c7 Mar 2017 09:23:27 - 1.232 +++ net/rtsock.c7 Mar 2017 09:43:05 - @@ -306,7 +306,6 @@ route_senddesync(void *data) struct rawcb*rp; struct routecb *rop; struct mbuf *desync_mbuf; - int s; rp = (struct rawcb *)data; rop = (struct routecb *)rp; @@ -321,15 +320,12 @@ route_senddesync(void *data) */ desync_mbuf = rtm_msg1(RTM_DESYNC, NULL); if (desync_mbuf != NULL) { - s = splsoftnet(); if (sbappendaddr(>rcb_socket->so_rcv, _src, desync_mbuf, NULL) != 0) { rop->flags &= ~ROUTECB_FLAG_DESYNC; sorwakeup(rp->rcb_socket); - splx(s); return; } - splx(s); m_freem(desync_mbuf); } /* Re-add timeout to try sending msg again */ @@ -343,7 +339,7 @@ route_input(struct mbuf *m0, struct sock struct routecb *rop; struct rt_msghdr *rtm; struct mbuf *m = m0; - int s, sockets = 0; + int sockets = 0; struct socket *last = NULL; struct sockaddr *sosrc, *sodst; @@ -430,7 +426,6 @@ route_input(struct mbuf *m0, struct sock if (last) { struct mbuf *n; if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) != NULL) { - s = splsoftnet(); if (sbspace(>so_rcv) < (2 * MSIZE) || sbappendaddr(>so_rcv, sosrc, n, (struct mbuf *)NULL) == 0) { @@ -447,13 +442,11 @@ route_input(struct mbuf *m0, struct sock sorwakeup(last); sockets++; } - splx(s); } } last = rp->rcb_socket; } if (last) { - s = splsoftnet(); if (sbspace(>so_rcv) < (2 * MSIZE) || sbappendaddr(>so_rcv, sosrc, m, (struct mbuf *)NULL) == 0) { @@ -466,7 +459,6 @@ route_input(struct mbuf *m0, struct sock sorwakeup(last); sockets++; } - splx(s); } else m_freem(m); }
Re: 11n support for athn(4)
On Tue, Mar 07, 2017 at 07:12:43AM +0200, Timo Myyrä wrote: > I didn't think it would improve things yet but I had the antenna so I'd figure > I'd stick it in the AP while I'm tweaking it anyway. > > Speaking of 5Ghz, my AP uses athn chipset AR9280 which seems to support 2.4Ghz > and 5Ghz. Can I use 5Ghz with my AP to see which devices would break after > such > transition. I guess I would need to get 5Ghz antenna and just stick that to my > AP? Don't worry about antennas. Just pick any channel >= 36 in the list shown by 'ifconfig athn0 chan'. You can run a scan to see which of these channels are already occupied. On my 9280 I have 24 5GHz channels to choose from. Some 5GHz client devices may be limited to a subset of these, but all devices should support channels 36-48. See https://en.wikipedia.org/wiki/List_of_WLAN_channels#5.C2.A0GHz_.28802.11a.2Fh.2Fj.2Fn.2Fac.29.5B18.5D for regulatory aspects. Channels marked "DFS" should be avoided because OpenBSD has no support for DFS yet. There is nothing technical preventing their use, it may just not be perfectly legal to operate such an AP. The driver sticks to TX power limits configured in hardware so indoor use of DFS channels should be reasonably safe if it can't be avoided. My impression is that, in practice, these rules are taken very seriously only when running long-haul wifi links across public space. > Can OpenBSD AP work on both frequencies at the same time or is that something > not yet supported? No, that won't work. The hardware can do 'multi-BSS' which we don't yet support but I believe that just means running separate SSIDs in parallel on the same channel. I have two firewalls in a carp setup and run a 5GHz AP on one and a 2GHz on the other.
pf: time since uptime instead of wall clock?
Hi, currently the pf status struct contains the time since pf was enabled as seen on the wall clock. This means when time drifts, or is set to some earlier value, the time will be off. If we use time since uptime it always increments and shows how long pf has been running compared to its uptime. Does this make sense? Opinions? Patrick diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index e241b11f6fc..3cb321a33e0 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -520,15 +520,17 @@ void print_status(struct pf_status *s, int opts) { charstatline[80], *running, *debug; - time_t runtime; + time_t runtime = 0; + struct timespec uptime; int i; charbuf[PF_MD5_DIGEST_LENGTH * 2 + 1]; static const char hex[] = "0123456789abcdef"; - runtime = time(NULL) - s->since; + if (!clock_gettime(CLOCK_UPTIME, )) + runtime = uptime.tv_sec - s->since; running = s->running ? "Enabled" : "Disabled"; - if (s->since) { + if (runtime) { unsigned intsec, min, hrs; time_t day = runtime; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 56a43a55ab8..fc409a1a7d8 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -994,7 +994,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EEXIST; else { pf_status.running = 1; - pf_status.since = time_second; + pf_status.since = time_uptime; if (pf_status.stateid == 0) { pf_status.stateid = time_second; pf_status.stateid = pf_status.stateid << 32; @@ -1009,7 +1009,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = ENOENT; else { pf_status.running = 0; - pf_status.since = time_second; + pf_status.since = time_uptime; pf_remove_queues(); DPFPRINTF(LOG_NOTICE, "pf: stopped"); } @@ -1605,7 +1605,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) bzero(pf_status.counters, sizeof(pf_status.counters)); bzero(pf_status.fcounters, sizeof(pf_status.fcounters)); bzero(pf_status.scounters, sizeof(pf_status.scounters)); - pf_status.since = time_second; + pf_status.since = time_uptime; break; } diff --git a/usr.bin/systat/pf.c b/usr.bin/systat/pf.c index 6e282bb7359..4df9ba11b0e 100644 --- a/usr.bin/systat/pf.c +++ b/usr.bin/systat/pf.c @@ -220,7 +220,8 @@ void print_pf(void) { char*debug; - time_t tm; + time_t tm = 0; + struct timespec uptime; int i; struct pf_status *s = @@ -229,7 +230,8 @@ print_pf(void) if (end > num_disp) end = num_disp; - tm = time(NULL) - s->since; + if (!clock_gettime(CLOCK_UPTIME, )) + tm = uptime.tv_sec - s->since; ADD_LINE_S("pf", "Status", s->running ? "Enabled" : "Disabled"); ADD_LINE_A("pf", "Since", tm); diff --git a/usr.sbin/snmpd/mib.c b/usr.sbin/snmpd/mib.c index f53d9379b07..acd3b751563 100644 --- a/usr.sbin/snmpd/mib.c +++ b/usr.sbin/snmpd/mib.c @@ -1650,7 +1650,8 @@ int mib_pfinfo(struct oid *oid, struct ber_oid *o, struct ber_element **elm) { struct pf_status s; - time_t runtime; + time_t runtime = 0; + struct timespec uptime; char str[11]; if (pf_get_stats()) @@ -1661,10 +1662,8 @@ mib_pfinfo(struct oid *oid, struct ber_oid *o, struct ber_element **elm) *elm = ber_add_integer(*elm, s.running); break; case 2: - if (s.since > 0) - runtime = time(NULL) - s.since; - else - runtime = 0; + if (!clock_gettime(CLOCK_UPTIME, )) + runtime = uptime.tv_sec - s.since; runtime *= 100; *elm = ber_add_integer(*elm, runtime); ber_set_header(*elm, BER_CLASS_APPLICATION, SNMP_T_TIMETICKS);
Re: arm64 SMP support, diff #3/5
On Tue, Mar 07, 2017 at 02:28:06AM -0500, Dale Rahn wrote: > > Updated diff, this has changed a bit since the psci driver has changed. > > diff --git a/sys/dev/fdt/psci.c b/sys/dev/fdt/psci.c > index b24613a275c..2ba500ea718 100644 > --- a/sys/dev/fdt/psci.c > +++ b/sys/dev/fdt/psci.c > @@ -29,14 +29,18 @@ > extern void (*cpuresetfn)(void); > extern void (*powerdownfn)(void); > > +extern int (*cpu_on_fn)(uint64_t, uint64_t) __attribute__((weak)) ; > + > #define SYSTEM_OFF 0x8408 > #define SYSTEM_RESET 0x8409 > +#define SYSTEM_CPU_ON64 0xC403 > > struct psci_softc { > struct devicesc_dev; > - void (*callfn)(uint32_t, uint32_t, uint32_t, > uint32_t); > + int (*callfn)(uint32_t, uint32_t, uint32_t, > uint32_t); > int sc_system_off; > int sc_system_reset; > + int sc_system_on; This should be sc_cpu_on > }; > > struct psci_softc *psci_sc; > @@ -45,9 +49,10 @@ intpsci_match(struct device *, void *, void *); > void psci_attach(struct device *, struct device *, void *); > void psci_reset(void); > void psci_powerdown(void); > +int psci_cpu_on(uint64_t, uint64_t); > > -extern void hvc_call(uint32_t, uint32_t, uint32_t, uint32_t); > -extern void smc_call(uint32_t, uint32_t, uint32_t, uint32_t); > +extern int hvc_call(uint32_t, uint32_t, uint32_t, uint32_t); > +extern int smc_call(uint32_t, uint32_t, uint32_t, uint32_t); > > struct cfattach psci_ca = { > sizeof(struct psci_softc), psci_match, psci_attach > @@ -90,11 +95,13 @@ psci_attach(struct device *parent, struct device *self, > void *aux) > OF_is_compatible(faa->fa_node, "arm,psci-1.0")) { > sc->sc_system_off = SYSTEM_OFF; > sc->sc_system_reset = SYSTEM_RESET; > + sc->sc_system_on = OF_getpropint(faa->fa_node, "cpu_on", 0); If psci-0.2 or psci-1.0 is claimed the properties are supposed to be ignored according to the device tree binding documentation. "Function IDs are not required and should be ignored by an OS with PSCI 0.2 support, but are permitted to be present for compatibility with existing software when "arm,psci" is later in the compatible list" It is clear this extends to cpu_on when looking at examples like arm64/boot/dts/broadcom/ns2.dtsi cpus { #address-cells = <2>; #size-cells = <0>; A57_0: cpu@0 { device_type = "cpu"; compatible = "arm,cortex-a57", "arm,armv8"; reg = <0 0>; enable-method = "psci"; next-level-cache = <_L2>; }; ... psci { compatible = "arm,psci-1.0"; method = "smc"; }; > } else if (OF_is_compatible(faa->fa_node, "arm,psci")) { > sc->sc_system_off = OF_getpropint(faa->fa_node, > "system_off", 0); > sc->sc_system_reset = OF_getpropint(faa->fa_node, > "system_reset", 0); > + sc->sc_system_on = OF_getpropint(faa->fa_node, "cpu_on", 0); > } > > printf("\n"); > @@ -104,6 +111,10 @@ psci_attach(struct device *parent, struct device *self, > void *aux) > powerdownfn = psci_powerdown; > if (sc->sc_system_reset != 0) > cpuresetfn = psci_reset; > + > + if ((_on_fn != NULL) && (sc->sc_system_on == SYSTEM_CPU_ON64)) { Isn't the address of a global going to always be non-NULL? > + cpu_on_fn = psci_cpu_on; > + } > } > > void > @@ -121,3 +132,12 @@ psci_powerdown(void) > if (sc->callfn) > (*sc->callfn)(sc->sc_system_off, 0, 0, 0); > } > + > +int > +psci_cpu_on(uint64_t mpidr, uint64_t pc) > +{ > + struct psci_softc *sc = psci_sc; > + if (sc->callfn) > + return (*sc->callfn)(sc->sc_system_on, mpidr, pc, 0); > + return -1; > +} > > > Dale Rahn dr...@dalerahn.com >