Re: huge pfsync rewrite
On Sun, Jul 02, 2023 at 12:44:17PM +0200, Alexandr Nedvedicky wrote: > Hello, > > On Thu, Jun 29, 2023 at 01:48:27PM +1000, David Gwynne wrote: > > On Mon, Jun 26, 2023 at 01:16:40AM +0200, Alexandr Nedvedicky wrote: > > > > > net/if_pfsync.c > > > the diff currently uses two slices (PFSYNC_NSLICES). is there a plan to > > > scale it up? the slice can be simply viewed as a kind of task. IMO the > > > number of slices can be aligned with number of cpu cores. Or is this > > > too simplified? I'm just trying to get some hints on how to further > > > tune performance. > > > > that's part of a bigger discussion which involves how far we should > > scale the number of nettqs and how parallel pf can go. > > > > 2 slices demonstrates that pfsync can partition work and is safe doing > > so. there kstats ive added on those slices show there isnt a lot of > > contention in pfsync. yet. > > > > I was just wondering, because if I remember correct hrvoje@ has noticed > small performance degradation (compared with current). I think his test > was > using 4 net tasks to forward packets through firewall. now if there are > just 2 tasks for pfsync, then this might be a way how the degradation > sneaked in. just a thought. if i remember correctly that result was when i was using the high bits in the toeplitz hash on pf states to pick a pfsync slice. since i changed it to use the same bits as the hardware/stack/pf his numbers showed that old and new pfsync perform pretty much the same. im running 8 nettqs with 2 pfsync slices in production, and the pfsync slice mutexes were contended about 1.3% of the time on average over the last 7 days. i havent tried scaling the number of slices up to see what effect that has yet.
[PATCH] Support PS2 keyboard on chrromebook
On, at least, some Chromebook PS/2 protocol is implemented by EC rather
than a real PS/2 controller. It works fine except for 2 things:
* Unusual layout like multimedia keys instead of F*
* Reset command returns garbage (usually last key)
This patch attempts to handle later as it stops keyboard from being
recognized at all. It works by checking getid if reset fails. How other
OSes handle the situation:
* Windows: no idea, but keyboard works
* Linux. Check only getid results. Reset is done but it's results are
ignored.
* FreeBSD. Skips probing if firmware is determined to be coreboot and
assumes presence of PS/2 keyboard. This is wrong e.g. coreboot supports
some MacBooks and they use USB keyboard instead.
* NetBSD shares the same code as OpenBSD AFAICT. Probably broken.
* Haiku was broken and recently they accepted a similar path from me. Ref:
https://review.haiku-os.org/c/haiku/+/6610
commit f52874fe02379d27785a67817e40d3115b42e5f4
Author: phcoder
Date: Sun Jul 2 01:58:30 2023 +0200
Support chromebook ps2 keyboard
diff --git a/sys/dev/pckbc/pckbd.c b/sys/dev/pckbc/pckbd.c
index d81fd30f1..c9378ffa3 100644
--- a/sys/dev/pckbc/pckbd.c
+++ b/sys/dev/pckbc/pckbd.c
@@ -324,8 +324,29 @@ pckbd_is_console(pckbc_tag_t tag, pckbc_slot_t slot)
}
/*
- * these are both bad jokes
+ * these are three bad jokes
*/
+static int check_keyboard_by_id(struct pckbc_attach_args *pa) {
+ u_char cmd[1], resp[2];
+ int res;
+
+ cmd[0] = KBC_GETID;
+ res = pckbc_poll_cmd(pa->pa_tag, pa->pa_slot, cmd, 1, 2, resp, 0);
+ if (res) {
+ printf("getid failed with %d\n", res);
+ return (0);
+ }
+
+ if (resp[0] != 0xab && resp[0] != 0xac && /* Regular and NCD Sun
keyboards */
+ resp[0] != 0x2b && resp[0] != 0x5d && /* Trust keyboard, raw and
translated */
+ resp[0] != 0x60 && resp[0] != 0x47) { /* NMB SGI keyboard, raw and
translated */
+ printf("getid returned 0x%x\n", resp[0]);
+ return (0);
+ }
+
+ return (1);
+}
+
int
pckbdprobe(struct device *parent, void *match, void *aux)
{
@@ -360,6 +381,17 @@ pckbdprobe(struct device *parent, void *match, void *aux)
* as console input - it can be connected later.
*/
#if defined(__i386__) || defined(__amd64__)
+ /*
+* On Chromebooks reset fails but otherwise controller works
fine.
+* Check keyboard IDs similar to Linux and Haiku.
+* FreeBSD's approach here is to skip probing if
+* coreboot is detected which is suboptimal as coreboot
+* also supports some mac models which have no PC controller
+*/
+ if (check_keyboard_by_id(pa)) {
+ return (2);
+ }
+
/*
* However, on legacy-free PCs, there might really
* be no PS/2 connector at all; in that case, do not
@@ -376,6 +408,11 @@ pckbdprobe(struct device *parent, void *match, void *aux)
}
if (resp[0] != KBR_RSTDONE) {
printf("pckbdprobe: reset response 0x%x\n", resp[0]);
+
+ if (check_keyboard_by_id(pa)) {
+ return (2);
+ }
+
return (0);
}
diff --git a/sys/dev/pckbc/pckbdreg.h b/sys/dev/pckbc/pckbdreg.h
index 6848f48f8..9ab1eca98 100644
--- a/sys/dev/pckbc/pckbdreg.h
+++ b/sys/dev/pckbc/pckbdreg.h
@@ -12,6 +12,7 @@
#defineKBC_DISABLE 0xF5/* as per KBC_SETDEFAULT, but also
disable key scanning */
#defineKBC_ENABLE 0xF4/* enable key scanning */
#defineKBC_TYPEMATIC 0xF3/* set typematic rate and delay */
+#defineKBC_GETID 0xF2/* get keyboard ID */
#defineKBC_SETTABLE0xF0/* set scancode translation table */
#defineKBC_MODEIND 0xED/* set mode indicators (i.e. LEDs) */
#defineKBC_ECHO0xEE/* request an echo from the keyboard */
[PATCH] Implement ext2 incompat feature 64-bit
Hello, all attached patch implements feature 64-bit for ext2. This was
enabled implicitly on my Ubuntu and probably on many other systems. Since
it's an incompat feature lack of its support prevented the mount
altogether. With this patch I was able to load install sets from my Ubuntu
partition.
diff --git sys/ufs/ext2fs/ext2fs.h sys/ufs/ext2fs/ext2fs.h
index 647270d80..4f918a5cd 100644
--- sys/ufs/ext2fs/ext2fs.h
+++ sys/ufs/ext2fs/ext2fs.h
@@ -176,6 +176,7 @@ struct m_ext2fs {
int32_t e2fs_ngdb; /* number of group descriptor block */
int32_t e2fs_ipb; /* number of inodes per block */
int32_t e2fs_itpg; /* number of inode table per group */
+ u_int8_t e2fs_group_desc_shift; /* binary log group desc size */
off_t e2fs_maxfilesize; /* depends on LARGE/HUGE flags */
struct ext2_gd *e2fs_gd; /* group descriptors */
};
@@ -277,7 +278,8 @@ static const struct ext2_feature incompat[] = {
#define EXT4F_RO_INCOMPAT_SUPP (EXT2F_INCOMPAT_EXTENTS | \
EXT2F_INCOMPAT_FLEX_BG | \
EXT2F_INCOMPAT_META_BG | \
-EXT2F_INCOMPAT_RECOVER)
+EXT2F_INCOMPAT_RECOVER | \
+EXT2F_INCOMPAT_64BIT)
/*
* Definitions of behavior on errors
@@ -311,6 +313,14 @@ struct ext2_gd {
u_int16_t ext2bgd_ndirs;/* number of directories */
u_int16_t reserved;
u_int32_t reserved2[3];
+ u_int32_t ext2bgd_b_bitmap_hi; /* blocks bitmap block (high bits) */
+ u_int32_t ext2bgd_i_bitmap_hi; /* inodes bitmap block (high bits) */
+ u_int32_t ext2bgd_i_tables_hi; /* inodes table block (high bits) */
+ u_int16_t ext2bgd_nbfree_hi;/* number of free blocks (high bits) */
+ u_int16_t ext2bgd_nifree_hi;/* number of free inodes (high bits) */
+ u_int16_t ext2bgd_ndirs_hi; /* number of directories (high bits) */
+ u_int16_t reserved_hi;
+ u_int32_t reserved2_hi[3];
};
/*
@@ -339,18 +349,15 @@ cg_has_sb(int i)
* Ext2 metadata is stored in little-endian byte order.
* JBD2 journal used in ext3 and ext4 is big-endian!
*/
+void e2fs_cgload(const char *ondisk, struct ext2_gd *inmemory, int
shift_cg_entry_size, int cg_size);
+void e2fs_cgsave(const struct ext2_gd *inmemory, char *ondisk, int
shift_cg_entry_size, int cg_size);
#if BYTE_ORDER == LITTLE_ENDIAN
#define e2fs_sbload(old, new) memcpy((new), (old), SBSIZE);
-#define e2fs_cgload(old, new, size) memcpy((new), (old), (size));
#define e2fs_sbsave(old, new) memcpy((new), (old), SBSIZE);
-#define e2fs_cgsave(old, new, size) memcpy((new), (old), (size));
#else
void e2fs_sb_bswap(struct ext2fs *, struct ext2fs *);
-void e2fs_cg_bswap(struct ext2_gd *, struct ext2_gd *, int);
#define e2fs_sbload(old, new) e2fs_sb_bswap((old), (new))
-#define e2fs_cgload(old, new, size) e2fs_cg_bswap((old), (new), (size));
#define e2fs_sbsave(old, new) e2fs_sb_bswap((old), (new))
-#define e2fs_cgsave(old, new, size) e2fs_cg_bswap((old), (new), (size));
#endif
/*
@@ -358,6 +365,7 @@ void e2fs_cg_bswap(struct ext2_gd *, struct ext2_gd *, int);
* This maps file system blocks to device size blocks.
*/
#define fsbtodb(fs, b) ((b) << (fs)->e2fs_fsbtodb)
+#define fsbtodb64(fs, b, b_hi) (((b) | (((u_int64_t)(b_hi)) << 32)) <<
(fs)->e2fs_fsbtodb)
#define dbtofsb(fs, b) ((b) >> (fs)->e2fs_fsbtodb)
/*
@@ -369,6 +377,7 @@ void e2fs_cg_bswap(struct ext2_gd *, struct ext2_gd *, int);
#defineino_to_cg(fs, x)(((x) - 1) / (fs)->e2fs.e2fs_ipg)
#defineino_to_fsba(fs, x)
\
((fs)->e2fs_gd[ino_to_cg(fs, x)].ext2bgd_i_tables + \
+(((u_int64_t)((fs)->e2fs_gd[ino_to_cg(fs, x)].ext2bgd_i_tables_hi)) <<
32) + \
(((x)-1) % (fs)->e2fs.e2fs_ipg)/(fs)->e2fs_ipb)
#defineino_to_fsbo(fs, x) (((x)-1) % (fs)->e2fs_ipb)
diff --git sys/ufs/ext2fs/ext2fs_alloc.c sys/ufs/ext2fs/ext2fs_alloc.c
index ca71d8adf..1a66c4b21 100644
--- sys/ufs/ext2fs/ext2fs_alloc.c
+++ sys/ufs/ext2fs/ext2fs_alloc.c
@@ -195,13 +195,16 @@ ext2fs_dirpref(struct m_ext2fs *fs)
avgifree = fs->e2fs.e2fs_ficount / fs->e2fs_ncg;
maxspace = 0;
mincg = -1;
- for (cg = 0; cg < fs->e2fs_ncg; cg++)
- if ( fs->e2fs_gd[cg].ext2bgd_nifree >= avgifree) {
- if (mincg == -1 || fs->e2fs_gd[cg].ext2bgd_nbfree >
maxspace) {
+ for (cg = 0; cg < fs->e2fs_ncg; cg++) {
+ u_int32_t nifree = (fs->e2fs_gd[cg].ext2bgd_nifree_hi << 16) |
fs->e2fs_gd[cg].ext2bgd_nifree;
+ if (nifree >= avgifree) {
+ u_int32_t nbfree = (fs->e2fs_gd[cg].ext2bgd_nbfree_hi
<< 16) | fs->e2fs_gd[cg].ext2bgd_nbfree;
+ if (mincg == -1 || nbfree > maxspace) {
mincg =
Re: Fwd: [openbsd/src] https://redmine.pfsense.org/issues/14444 (PR #39)
Hi Jonathan,
Thank you for contributing! There are a few more steps you'll need to take.
Please refer to the last ("Preparing a Diff") section of the FAQ for
this: https://www.openbsd.org/faq/faq5.html#Diff
It explains how to use your local Git repo to make a diff. For emailing,
you'll want to send a plain-text email containing the diff (in body, not
attachment) to this list -- tech@openbsd.org. You will also want to put
"pf: " at the beginning of the subject line, so we know what your diff
relates to.
--Aaron
On 6/18/23 08:06, Jonathan Lee wrote:
Hello I was directed to email this mailing list.
Docker container OS fingerprints are missing from p0f database.
Please see following Redmine that helps showcase this. The closed pull
request also lists location in database file for os fingerprints.
Jonathan Lee
Adult Student
-- Forwarded message -
From: Stuart Henderson
Date: Sun, Jun 18, 2023, 6:53 AM
Subject: Re: [openbsd/src] https://redmine.pfsense.org/issues/1 (PR #39)
To: openbsd/src
Cc: Jonathan David Lee , Author <
aut...@noreply.github.com>
Closed #39 .
—
Reply to this email directly, view it on GitHub
, or unsubscribe
.
You are receiving this because you authored the thread.Message ID:
Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c
On Sat, Jul 01, 2023 at 11:09:32PM +0200, Илья Шипицин wrote: > I ran analyzer, it shows old findings. am I missing something? or patches > were not yet applied I have only just committed the diff for d1_pkt.c, thanks for the reminder. I will look into the bio_ndef.c soon. As already mentioned, the code in apps.c will need some rework to make this script happy, but that is really low priority.
Re: pkg_add optional behavior "like syspatch"
On Sun, Jul 02, 2023 at 06:06:28PM +0100, Stuart Henderson wrote: > On 2023/07/02 16:49, Solène Rapenne wrote: > > On Sun, 2023-07-02 at 15:51 +0200, Marc Espie wrote: > > > Use-case: some people want to branch automated installs based on > > > whether > > > pkg_add -u (or some other variation) actually did something. > > > > > > As usual we ignore quirks. This adds a flag (-DSYSPATCH_LIKE) > > > which governs the behavior. Code is fairly self-explanatory. > > > > > > I had no better idea for the flag name so far, suggestions welcome. > > > > if I read well, the exit code is 2 when something pkg_add changed > > something? > > > > syspatch exits with 0 when installing an update, 1 if it fails, 2 if > > didn't do anything > > > > Could it be possible to keep it consistent? pkg_add upgrading/installing > > a package should exit with 0, so it doesn't break current scripts, and > > this is what you would expect. > > I wonder whether there's actually a need to make this optional. > 0 for "updated successfully", non-zero values for failed or "no updates > available" makes a lot of sense to me (and makes it easier to check > the common "did this successfully update some package" case). Notice that it works on *every* invocation of pkg_add, so no, it has to be limited. I frequently use "pkg_add something" to make sure some code has been installed (or even pkg_add -u something to make sure it's uptodate) In a script with set -e, having it not return 0 would play havoc.
[PATCH] hide processes for fun and profit(1)
#
# To hide the processes, adjust the 'kern.seeotheruids' setting.
# echo 'kern.seeotheruids=0' >> /etc/sysctl.conf
#
# To apply this patch:
# doas git clone -b master --depth=1 https://github.com/openbsd/src.git /usr/src
# cd /usr/src && doas git apply /tmp/obsd_seeotheruids.diff
# cd /usr/src/include && doas make includes
# cd /usr/src/lib/libc && doas make -j8 && doas make install
# cd /usr/src/sbin/sysctl && doas make && doas make install
# cd /usr/src/sys/arch/amd64/compile/GENERIC.MP && doas make -j8 && doas make
install
# reboot the system.
#
diff --git a/lib/libc/sys/sysctl.2 b/lib/libc/sys/sysctl.2
index 4f78c121a..c7a324e5d 100644
--- a/lib/libc/sys/sysctl.2
+++ b/lib/libc/sys/sysctl.2
@@ -515,6 +515,10 @@ When running with a
.Xr securelevel 7
greater than 0,
this variable may not be changed.
+.It Dv KERN_SEEOTHERUIDS Pq Va kern.seeotheruids
+When set to zero, the list of current processes will
+be restricted to those owned by the current user, while
+only root will have visibility over all processes.
.It Dv KERN_ARGMAX Pq Va kern.argmax
The maximum number of bytes allowed among the arguments to
.Xr execve 2 .
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index a2d2f2e06..88e7fad15 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -129,6 +129,7 @@ extern int video_record_enable;
extern int autoconf_serial;
int allowkmem;
+int seeotheruids = 1;
int sysctl_diskinit(int, struct proc *);
int sysctl_proc_args(int *, u_int, void *, size_t *, struct proc *);
@@ -649,6 +650,13 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
return (timeout_sysctl(oldp, oldlenp, newp, newlen));
case KERN_UTC_OFFSET:
return (sysctl_utc_offset(oldp, oldlenp, newp, newlen));
+ case KERN_SEEOTHERUIDS: {
+ if (securelevel > 0)
+ return (sysctl_rdint(oldp, oldlenp, newp,
+ seeotheruids));
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ ));
+ }
default:
return (sysctl_bounded_arr(kern_vars, nitems(kern_vars), name,
namelen, oldp, oldlenp, newp, newlen));
@@ -1610,6 +1618,7 @@ sysctl_doproc(int *name, u_int namelen, char *where,
size_t *sizep)
int error, needed, op;
int dothreads = 0;
int show_pointers;
+ int euid, is_suser, show_otheruids;
dp = where;
buflen = where != NULL ? *sizep : 0;
@@ -1627,6 +1636,9 @@ sysctl_doproc(int *name, u_int namelen, char *where,
size_t *sizep)
op &= ~KERN_PROC_SHOW_THREADS;
show_pointers = suser(curproc) == 0;
+ is_suser = suser(curproc) == 0;
+ show_otheruids = seeotheruids || is_suser;
+ euid = curproc->p_ucred->cr_uid;
if (where != NULL)
kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK);
@@ -1638,6 +1650,9 @@ again:
/* XXX skip processes in the middle of being zapped */
if (pr->ps_pgrp == NULL)
continue;
+ /* XXX skip processes that does not belong to us */
+ if (!show_otheruids && pr->ps_ucred->cr_uid != euid)
+ continue;
/*
* Skip embryonic processes.
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index 083b2ae21..ae30516e8 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -193,7 +193,8 @@ struct ctlname {
#defineKERN_VIDEO 89 /* struct: video properties */
#defineKERN_CLOCKINTR 90 /* node: clockintr */
#defineKERN_AUTOCONF_SERIAL91 /* int: kernel device tree
state serial */
-#defineKERN_MAXID 92 /* number of valid kern ids */
+#defineKERN_SEEOTHERUIDS 92 /* view processes belonging to
other users */
+#defineKERN_MAXID 93 /* number of valid kern ids */
#defineCTL_KERN_NAMES { \
{ 0, 0 }, \
@@ -288,6 +289,7 @@ struct ctlname {
{ "video", CTLTYPE_STRUCT }, \
{ "clockintr", CTLTYPE_NODE }, \
{ "autoconf_serial", CTLTYPE_INT }, \
+ { "seeotheruids", CTLTYPE_INT }, \
}
/*
Re: pkg_add optional behavior "like syspatch"
On 2023/07/02 16:49, Solène Rapenne wrote: > On Sun, 2023-07-02 at 15:51 +0200, Marc Espie wrote: > > Use-case: some people want to branch automated installs based on > > whether > > pkg_add -u (or some other variation) actually did something. > > > > As usual we ignore quirks. This adds a flag (-DSYSPATCH_LIKE) > > which governs the behavior. Code is fairly self-explanatory. > > > > I had no better idea for the flag name so far, suggestions welcome. > > if I read well, the exit code is 2 when something pkg_add changed > something? > > syspatch exits with 0 when installing an update, 1 if it fails, 2 if > didn't do anything > > Could it be possible to keep it consistent? pkg_add upgrading/installing > a package should exit with 0, so it doesn't break current scripts, and > this is what you would expect. I wonder whether there's actually a need to make this optional. 0 for "updated successfully", non-zero values for failed or "no updates available" makes a lot of sense to me (and makes it easier to check the common "did this successfully update some package" case). I suppose the main existing things that are likely to care about the exit codes are automation tools. Not sure if Ansible cared about the code at all or just reads the output, I can try to figure that out in the week. No idea about others.
Re: pkg_add optional behavior "like syspatch"
On Sun, Jul 02, 2023 at 04:49:41PM +0200, Solène Rapenne wrote:
> On Sun, 2023-07-02 at 15:51 +0200, Marc Espie wrote:
> > Use-case: some people want to branch automated installs based on
> > whether
> > pkg_add -u (or some other variation) actually did something.
> >
> > As usual we ignore quirks. This adds a flag (-DSYSPATCH_LIKE)
> > which governs the behavior. Code is fairly self-explanatory.
> >
> > I had no better idea for the flag name so far, suggestions welcome.
> >
> >
> > +sub exit_code($self, $state)
> > +{
> > + my $rc = $self->SUPER::exit_code($state);
> > + if ($rc == 0 && $state->defines("SYSPATCH_LIKE")) {
> > + if (!$state->{did_something}) {
> > + $rc = 2;
> > + }
> > + }
> > + return $rc;
> > +}
> >
> > sub new_state($self, $cmd)
> > {
> >
>
> if I read well, the exit code is 2 when something pkg_add changed
> something?
>
> syspatch exits with 0 when installing an update, 1 if it fails, 2 if
> didn't do anything
>
> Could it be possible to keep it consistent? pkg_add upgrading/installing
> a package should exit with 0, so it doesn't break current scripts, and
> this is what you would expect.
>
> Although, it could exit with 2 if you asked to install a package that
> already exist. And 1 if pkg_add failed.
>
>
I think you missed a negation in the patch
Re: all platforms, kernel: remove __HAVE_CLOCKINTR symbol
On Sat, Jul 01, 2023 at 08:35:47PM -0500, Scott Cheloha wrote:
> Every platform made the clockintr switch six months ago or more. The
> __HAVE_CLOCKINTR symbol is now redundant and can be removed.
>
> ok?
>
makes sense if every platform defines it all the time.
> Index: ./ddb/db_command.c
> ===
> RCS file: /cvs/src/sys/ddb/db_command.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 db_command.c
> --- ./ddb/db_command.c8 Mar 2023 04:43:07 - 1.98
> +++ ./ddb/db_command.c2 Jul 2023 01:34:00 -
> @@ -579,9 +579,7 @@ db_bcstats_print_cmd(db_expr_t addr, int
> const struct db_command db_show_all_cmds[] = {
> { "procs", db_show_all_procs, 0, NULL },
> { "callout",db_show_callout,0, NULL },
> -#ifdef __HAVE_CLOCKINTR
> { "clockintr", db_show_all_clockintr, 0, NULL },
> -#endif
> { "pools", db_show_all_pools, 0, NULL },
> { "mounts", db_show_all_mounts, 0, NULL },
> { "vnodes", db_show_all_vnodes, 0, NULL },
> Index: ./ddb/db_interface.h
> ===
> RCS file: /cvs/src/sys/ddb/db_interface.h,v
> retrieving revision 1.25
> diff -u -p -r1.25 db_interface.h
> --- ./ddb/db_interface.h 5 Nov 2022 19:29:45 - 1.25
> +++ ./ddb/db_interface.h 2 Jul 2023 01:34:00 -
> @@ -44,9 +44,7 @@ void db_kill_cmd(db_expr_t, int, db_expr
> void db_show_all_procs(db_expr_t, int, db_expr_t, char *);
>
> /* kern/kern_clockintr.c */
> -#ifdef __HAVE_CLOCKINTR
> void db_show_all_clockintr(db_expr_t, int, db_expr_t, char *);
> -#endif
>
> /* kern/kern_timeout.c */
> void db_show_callout(db_expr_t, int, db_expr_t, char *);
> Index: ./kern/kern_clockintr.c
> ===
> RCS file: /cvs/src/sys/kern/kern_clockintr.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 kern_clockintr.c
> --- ./kern/kern_clockintr.c 2 Jul 2023 00:55:18 - 1.26
> +++ ./kern/kern_clockintr.c 2 Jul 2023 01:34:00 -
> @@ -29,8 +29,6 @@
> #include
> #include
>
> -#ifdef __HAVE_CLOCKINTR
> -
> /*
> * Protection for global variables in this file:
> *
> @@ -773,4 +771,3 @@ db_show_clockintr(const struct clockintr
> }
>
> #endif /* DDB */
> -#endif /*__HAVE_CLOCKINTR */
> Index: ./kern/kern_sysctl.c
> ===
> RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
> retrieving revision 1.415
> diff -u -p -r1.415 kern_sysctl.c
> --- ./kern/kern_sysctl.c 21 May 2023 12:47:54 - 1.415
> +++ ./kern/kern_sysctl.c 2 Jul 2023 01:34:00 -
> @@ -430,11 +430,9 @@ kern_sysctl_dirs(int top_name, int *name
> case KERN_CPUSTATS:
> return (sysctl_cpustats(name, namelen, oldp, oldlenp,
> newp, newlen));
> -#ifdef __HAVE_CLOCKINTR
> case KERN_CLOCKINTR:
> return sysctl_clockintr(name, namelen, oldp, oldlenp, newp,
> newlen);
> -#endif
> default:
> return (ENOTDIR); /* overloaded */
> }
> Index: ./kern/subr_suspend.c
> ===
> RCS file: /cvs/src/sys/kern/subr_suspend.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 subr_suspend.c
> --- ./kern/subr_suspend.c 10 Nov 2022 10:37:40 - 1.14
> +++ ./kern/subr_suspend.c 2 Jul 2023 01:34:00 -
> @@ -165,10 +165,9 @@ fail_suspend:
> splx(s);
>
> inittodr(gettime());
> -#ifdef __HAVE_CLOCKINTR
> clockintr_cpu_init(NULL);
> clockintr_trigger();
> -#endif
> +
> sleep_resume(v);
> resume_randomness(rndbuf, rndbuflen);
> #ifdef MULTIPROCESSOR
> Index: ./arch/alpha/include/_types.h
> ===
> RCS file: /cvs/src/sys/arch/alpha/include/_types.h,v
> retrieving revision 1.25
> diff -u -p -r1.25 _types.h
> --- ./arch/alpha/include/_types.h 10 Dec 2022 15:02:29 - 1.25
> +++ ./arch/alpha/include/_types.h 2 Jul 2023 01:34:00 -
> @@ -35,8 +35,6 @@
> #ifndef _MACHINE__TYPES_H_
> #define _MACHINE__TYPES_H_
>
> -#define __HAVE_CLOCKINTR
> -
> #if defined(_KERNEL)
> typedef struct label_t {
> long val[10];
> Index: ./arch/amd64/include/_types.h
> ===
> RCS file: /cvs/src/sys/arch/amd64/include/_types.h,v
> retrieving revision 1.18
> diff -u -p -r1.18 _types.h
> --- ./arch/amd64/include/_types.h 8 Nov 2022 17:34:13 - 1.18
> +++ ./arch/amd64/include/_types.h 2 Jul 2023 01:34:00 -
> @@ -35,8 +35,6 @@
> #ifndef _MACHINE__TYPES_H_
> #define _MACHINE__TYPES_H_
>
> -#define __HAVE_CLOCKINTR
> -
> /*
> * _ALIGN(p) rounds p (pointer or byte index) up to a correctly-aligned
> * value for all data types (int, long, ...). The result is an
>
Re: lo(4) loopback LRO and TSO
On July 2, 2023 2:33:41 PM GMT+02:00, Claudio Jeker
wrote:
>On Sun, Jul 02, 2023 at 02:28:17PM +0200, Alexander Bluhm wrote:
>> anyone?
>
>Was not able to test yet but I like the diff.
>Right now this is a noop since LRO is not on by default for lo(4).
>Because of that OK claudio@
The diff works fine in my sparc64 setup.
ok jan@
>> On Fri, Jun 23, 2023 at 06:06:16PM +0200, Alexander Bluhm wrote:
>> > Hi,
>> >
>> > Claudio@ mentioned the idea to use TSO and LRO on the loopback
>> > interface to transfer TCP faster.
>> >
>> > I see a performance effect with this diff, but more importantly it
>> > gives us more test coverage. Currently LRO on lo(4) is default
>> > off.
>> >
>> > Future plan is:
>> > - Fix some corner cases for LRO/TSO with TCP path-MTU discovery
>> > and IP forwarding when LRO is enabled.
>> > - Enable LRO/TSO for lo(4) and ix(4) per default.
>> > - Jan@ commits his ixl(4) TSO diff.
>> >
>> > ok for lo(4) LRO/TSO with default off?
>> >
>> > bluhm
>> >
>> > Index: sys/net/if.c
>> > ===
>> > RCS file: /data/mirror/openbsd/cvs/src/sys/net/if.c,v
>> > retrieving revision 1.700
>> > diff -u -p -r1.700 if.c
>> > --- sys/net/if.c 12 Jun 2023 21:19:54 - 1.700
>> > +++ sys/net/if.c 23 Jun 2023 15:48:27 -
>> > @@ -106,6 +106,9 @@
>> > #ifdef MROUTING
>> > #include
>> > #endif
>> > +#include
>> > +#include
>> > +#include
>> >
>> > #ifdef INET6
>> > #include
>> > @@ -802,12 +805,29 @@ if_input_local(struct ifnet *ifp, struct
>> > * is now incorrect, will be calculated before sending.
>> > */
>> >keepcksum = m->m_pkthdr.csum_flags & (M_IPV4_CSUM_OUT |
>> > - M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT);
>> > + M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT |
>> > + M_TCP_TSO);
>> >m_resethdr(m);
>> >m->m_flags |= M_LOOP | keepflags;
>> >m->m_pkthdr.csum_flags = keepcksum;
>> >m->m_pkthdr.ph_ifidx = ifp->if_index;
>> >m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
>> > +
>> > + if (ISSET(keepcksum, M_TCP_TSO) && m->m_pkthdr.len > ifp->if_mtu) {
>> > + if (ifp->if_mtu > 0 &&
>> > + ((af == AF_INET &&
>> > + ISSET(ifp->if_capabilities, IFCAP_TSOv4)) ||
>> > + (af == AF_INET6 &&
>> > + ISSET(ifp->if_capabilities, IFCAP_TSOv6 {
>> > + tcpstat_inc(tcps_inswlro);
>> > + tcpstat_add(tcps_inpktlro,
>> > + (m->m_pkthdr.len + ifp->if_mtu - 1) / ifp->if_mtu);
>> > + } else {
>> > + tcpstat_inc(tcps_inbadlro);
>> > + m_freem(m);
>> > + return (EPROTONOSUPPORT);
>> > + }
>> > + }
>> >
>> >if (ISSET(keepcksum, M_TCP_CSUM_OUT))
>> >m->m_pkthdr.csum_flags |= M_TCP_CSUM_IN_OK;
>> > Index: sys/net/if_loop.c
>> > ===
>> > RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v
>> > retrieving revision 1.94
>> > diff -u -p -r1.94 if_loop.c
>> > --- sys/net/if_loop.c 5 Jun 2023 11:35:46 - 1.94
>> > +++ sys/net/if_loop.c 23 Jun 2023 15:48:27 -
>> > @@ -175,7 +175,8 @@ loop_clone_create(struct if_clone *ifc,
>> >ifp->if_xflags = IFXF_CLONED;
>> >ifp->if_capabilities = IFCAP_CSUM_IPv4 |
>> >IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 |
>> > - IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6;
>> > + IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 |
>> > + IFCAP_LRO;
>> >ifp->if_rtrequest = lortrequest;
>> >ifp->if_ioctl = loioctl;
>> >ifp->if_input = loinput;
>> > @@ -281,6 +282,10 @@ loioctl(struct ifnet *ifp, u_long cmd, c
>> >
>> >switch (cmd) {
>> >case SIOCSIFFLAGS:
>> > + if (ISSET(ifp->if_xflags, IFXF_LRO))
>> > + SET(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
>> > + else
>> > + CLR(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
>> >break;
>> >
>> >case SIOCSIFADDR:
>> > Index: sys/netinet/tcp_usrreq.c
>> > ===
>> > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_usrreq.c,v
>> > retrieving revision 1.219
>> > diff -u -p -r1.219 tcp_usrreq.c
>> > --- sys/netinet/tcp_usrreq.c 23 May 2023 09:16:16 - 1.219
>> > +++ sys/netinet/tcp_usrreq.c 23 Jun 2023 15:48:27 -
>> > @@ -1340,6 +1340,7 @@ tcp_sysctl_tcpstat(void *oldp, size_t *o
>> >ASSIGN(tcps_outhwtso);
>> >ASSIGN(tcps_outpkttso);
>> >ASSIGN(tcps_outbadtso);
>> > + ASSIGN(tcps_inswlro);
>> >ASSIGN(tcps_inhwlro);
>> >ASSIGN(tcps_inpktlro);
>> >ASSIGN(tcps_inbadlro);
>> > Index: sys/netinet/tcp_var.h
>> > ===
>> > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
>> > retrieving revision 1.167
>> > diff -u -p -r1.167 tcp_var.h
>> >
Re: pkg_add optional behavior "like syspatch"
On Sun, 2023-07-02 at 15:51 +0200, Marc Espie wrote:
> Use-case: some people want to branch automated installs based on
> whether
> pkg_add -u (or some other variation) actually did something.
>
> As usual we ignore quirks. This adds a flag (-DSYSPATCH_LIKE)
> which governs the behavior. Code is fairly self-explanatory.
>
> I had no better idea for the flag name so far, suggestions welcome.
>
>
> +sub exit_code($self, $state)
> +{
> + my $rc = $self->SUPER::exit_code($state);
> + if ($rc == 0 && $state->defines("SYSPATCH_LIKE")) {
> + if (!$state->{did_something}) {
> + $rc = 2;
> + }
> + }
> + return $rc;
> +}
>
> sub new_state($self, $cmd)
> {
>
if I read well, the exit code is 2 when something pkg_add changed
something?
syspatch exits with 0 when installing an update, 1 if it fails, 2 if
didn't do anything
Could it be possible to keep it consistent? pkg_add upgrading/installing
a package should exit with 0, so it doesn't break current scripts, and
this is what you would expect.
Although, it could exit with 2 if you asked to install a package that
already exist. And 1 if pkg_add failed.
Re: vmctl: fixup id. name for termination
Jasper Lievisse Adriaanse writes:
> Hi,
>
> It seems there is an inconsistency when it comes to terminating a VM by
> id or name (4/web point to the same VM here):
>
> before:
> % vmctl stop 4
> stopping vm: requested to shutdown vm 4
> % vmctl stop web
> stopping vm web: failed: Invalid argument
>
> Here's a diff which moves the checks out of the block which is only
> entered when we pass it a name:
>
> after:
> % vmctl stop 4
> stopping vm: failed: Invalid argument
> % vmctl stop web
> stopping vm web: failed: Invalid argument
>
> If EINVAL is actually correct in this case I think is open for
> discussion.
> ENOTSUP might not be a bad candidate actually if the VM isn't running.
Maybe. Careful pulling that thread :)
>
> OK?
This looks good to me. ok dv@
>
> Index: vmd.c
> ===
> RCS file: /cvs/src/usr.sbin/vmd/vmd.c,v
> retrieving revision 1.150
> diff -u -p -r1.150 vmd.c
> --- vmd.c 18 Jun 2023 11:45:11 - 1.150
> +++ vmd.c 2 Jul 2023 12:30:33 -
> @@ -159,20 +159,22 @@ vmd_dispatch_control(int fd, struct priv
> if ((vm = vm_getbyname(vid.vid_name)) == NULL) {
> res = ENOENT;
> break;
> - } else if ((vm->vm_state & VM_STATE_SHUTDOWN) &&
> - (flags & VMOP_FORCE) == 0) {
> - res = EALREADY;
> - break;
> - } else if (!(vm->vm_state & VM_STATE_RUNNING)) {
> - res = EINVAL;
> - break;
> }
> id = vm->vm_vmid;
> } else if ((vm = vm_getbyvmid(id)) == NULL) {
> res = ENOENT;
> break;
> }
> - if (vm_checkperm(vm, >vm_params.vmc_owner, vid.vid_uid)) {
> +
> + /* Validate curent state of vm */
> + if ((vm->vm_state & VM_STATE_SHUTDOWN) &&
> + (flags & VMOP_FORCE) == 0) {
> + res = EALREADY;
> + break;
> + } else if (!(vm->vm_state & VM_STATE_RUNNING)) {
> + res = EINVAL;
> + break;
> + } else if (vm_checkperm(vm, >vm_params.vmc_owner,
> vid.vid_uid)) {
> res = EPERM;
> break;
> }
vmctl: fixup id. name for termination
Hi,
It seems there is an inconsistency when it comes to terminating a VM by
id or name (4/web point to the same VM here):
before:
% vmctl stop 4
stopping vm: requested to shutdown vm 4
% vmctl stop web
stopping vm web: failed: Invalid argument
Here's a diff which moves the checks out of the block which is only
entered when we pass it a name:
after:
% vmctl stop 4
stopping vm: failed: Invalid argument
% vmctl stop web
stopping vm web: failed: Invalid argument
If EINVAL is actually correct in this case I think is open for
discussion.
ENOTSUP might not be a bad candidate actually if the VM isn't running.
OK?
Index: vmd.c
===
RCS file: /cvs/src/usr.sbin/vmd/vmd.c,v
retrieving revision 1.150
diff -u -p -r1.150 vmd.c
--- vmd.c 18 Jun 2023 11:45:11 - 1.150
+++ vmd.c 2 Jul 2023 12:30:33 -
@@ -159,20 +159,22 @@ vmd_dispatch_control(int fd, struct priv
if ((vm = vm_getbyname(vid.vid_name)) == NULL) {
res = ENOENT;
break;
- } else if ((vm->vm_state & VM_STATE_SHUTDOWN) &&
- (flags & VMOP_FORCE) == 0) {
- res = EALREADY;
- break;
- } else if (!(vm->vm_state & VM_STATE_RUNNING)) {
- res = EINVAL;
- break;
}
id = vm->vm_vmid;
} else if ((vm = vm_getbyvmid(id)) == NULL) {
res = ENOENT;
break;
}
- if (vm_checkperm(vm, >vm_params.vmc_owner, vid.vid_uid)) {
+
+ /* Validate curent state of vm */
+ if ((vm->vm_state & VM_STATE_SHUTDOWN) &&
+ (flags & VMOP_FORCE) == 0) {
+ res = EALREADY;
+ break;
+ } else if (!(vm->vm_state & VM_STATE_RUNNING)) {
+ res = EINVAL;
+ break;
+ } else if (vm_checkperm(vm, >vm_params.vmc_owner,
vid.vid_uid)) {
res = EPERM;
break;
}
--
jasper
pkg_add optional behavior "like syspatch"
Use-case: some people want to branch automated installs based on whether
pkg_add -u (or some other variation) actually did something.
As usual we ignore quirks. This adds a flag (-DSYSPATCH_LIKE)
which governs the behavior. Code is fairly self-explanatory.
I had no better idea for the flag name so far, suggestions welcome.
Index: OpenBSD/PkgAdd.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm,v
retrieving revision 1.142
diff -u -p -r1.142 PkgAdd.pm
--- OpenBSD/PkgAdd.pm 27 Jun 2023 11:11:46 - 1.142
+++ OpenBSD/PkgAdd.pm 2 Jul 2023 13:49:03 -
@@ -861,6 +861,9 @@ sub really_add($set, $state)
if ($state->{received}) {
die "interrupted";
}
+ if (!$set->{quirks}) {
+ $state->{did_something} = 1;
+ }
}
sub newer_has_errors($set, $state)
@@ -1163,6 +1166,8 @@ sub process_parameters($self, $state)
{
my $add_hints = $state->{fuzzy} ? "add_hints" : "add_hints2";
+ $state->{did_something} = 0;
+
# match against a list
if ($state->{pkglist}) {
open my $f, '<', $state->{pkglist} or
@@ -1178,7 +1183,6 @@ sub process_parameters($self, $state)
# update existing stuff
if ($state->{update}) {
-
if (@ARGV == 0) {
@ARGV = sort(installed_packages());
}
@@ -1239,6 +1243,16 @@ sub main($self, $state)
$self->process_setlist($state);
}
+sub exit_code($self, $state)
+{
+ my $rc = $self->SUPER::exit_code($state);
+ if ($rc == 0 && $state->defines("SYSPATCH_LIKE")) {
+ if (!$state->{did_something}) {
+ $rc = 2;
+ }
+ }
+ return $rc;
+}
sub new_state($self, $cmd)
{
Re: lo(4) loopback LRO and TSO
On Sun, Jul 02, 2023 at 02:28:17PM +0200, Alexander Bluhm wrote:
> anyone?
Was not able to test yet but I like the diff.
Right now this is a noop since LRO is not on by default for lo(4).
Because of that OK claudio@
> On Fri, Jun 23, 2023 at 06:06:16PM +0200, Alexander Bluhm wrote:
> > Hi,
> >
> > Claudio@ mentioned the idea to use TSO and LRO on the loopback
> > interface to transfer TCP faster.
> >
> > I see a performance effect with this diff, but more importantly it
> > gives us more test coverage. Currently LRO on lo(4) is default
> > off.
> >
> > Future plan is:
> > - Fix some corner cases for LRO/TSO with TCP path-MTU discovery
> > and IP forwarding when LRO is enabled.
> > - Enable LRO/TSO for lo(4) and ix(4) per default.
> > - Jan@ commits his ixl(4) TSO diff.
> >
> > ok for lo(4) LRO/TSO with default off?
> >
> > bluhm
> >
> > Index: sys/net/if.c
> > ===
> > RCS file: /data/mirror/openbsd/cvs/src/sys/net/if.c,v
> > retrieving revision 1.700
> > diff -u -p -r1.700 if.c
> > --- sys/net/if.c12 Jun 2023 21:19:54 - 1.700
> > +++ sys/net/if.c23 Jun 2023 15:48:27 -
> > @@ -106,6 +106,9 @@
> > #ifdef MROUTING
> > #include
> > #endif
> > +#include
> > +#include
> > +#include
> >
> > #ifdef INET6
> > #include
> > @@ -802,12 +805,29 @@ if_input_local(struct ifnet *ifp, struct
> > * is now incorrect, will be calculated before sending.
> > */
> > keepcksum = m->m_pkthdr.csum_flags & (M_IPV4_CSUM_OUT |
> > - M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT);
> > + M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT |
> > + M_TCP_TSO);
> > m_resethdr(m);
> > m->m_flags |= M_LOOP | keepflags;
> > m->m_pkthdr.csum_flags = keepcksum;
> > m->m_pkthdr.ph_ifidx = ifp->if_index;
> > m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
> > +
> > + if (ISSET(keepcksum, M_TCP_TSO) && m->m_pkthdr.len > ifp->if_mtu) {
> > + if (ifp->if_mtu > 0 &&
> > + ((af == AF_INET &&
> > + ISSET(ifp->if_capabilities, IFCAP_TSOv4)) ||
> > + (af == AF_INET6 &&
> > + ISSET(ifp->if_capabilities, IFCAP_TSOv6 {
> > + tcpstat_inc(tcps_inswlro);
> > + tcpstat_add(tcps_inpktlro,
> > + (m->m_pkthdr.len + ifp->if_mtu - 1) / ifp->if_mtu);
> > + } else {
> > + tcpstat_inc(tcps_inbadlro);
> > + m_freem(m);
> > + return (EPROTONOSUPPORT);
> > + }
> > + }
> >
> > if (ISSET(keepcksum, M_TCP_CSUM_OUT))
> > m->m_pkthdr.csum_flags |= M_TCP_CSUM_IN_OK;
> > Index: sys/net/if_loop.c
> > ===
> > RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v
> > retrieving revision 1.94
> > diff -u -p -r1.94 if_loop.c
> > --- sys/net/if_loop.c 5 Jun 2023 11:35:46 - 1.94
> > +++ sys/net/if_loop.c 23 Jun 2023 15:48:27 -
> > @@ -175,7 +175,8 @@ loop_clone_create(struct if_clone *ifc,
> > ifp->if_xflags = IFXF_CLONED;
> > ifp->if_capabilities = IFCAP_CSUM_IPv4 |
> > IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 |
> > - IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6;
> > + IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 |
> > + IFCAP_LRO;
> > ifp->if_rtrequest = lortrequest;
> > ifp->if_ioctl = loioctl;
> > ifp->if_input = loinput;
> > @@ -281,6 +282,10 @@ loioctl(struct ifnet *ifp, u_long cmd, c
> >
> > switch (cmd) {
> > case SIOCSIFFLAGS:
> > + if (ISSET(ifp->if_xflags, IFXF_LRO))
> > + SET(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
> > + else
> > + CLR(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
> > break;
> >
> > case SIOCSIFADDR:
> > Index: sys/netinet/tcp_usrreq.c
> > ===
> > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_usrreq.c,v
> > retrieving revision 1.219
> > diff -u -p -r1.219 tcp_usrreq.c
> > --- sys/netinet/tcp_usrreq.c23 May 2023 09:16:16 - 1.219
> > +++ sys/netinet/tcp_usrreq.c23 Jun 2023 15:48:27 -
> > @@ -1340,6 +1340,7 @@ tcp_sysctl_tcpstat(void *oldp, size_t *o
> > ASSIGN(tcps_outhwtso);
> > ASSIGN(tcps_outpkttso);
> > ASSIGN(tcps_outbadtso);
> > + ASSIGN(tcps_inswlro);
> > ASSIGN(tcps_inhwlro);
> > ASSIGN(tcps_inpktlro);
> > ASSIGN(tcps_inbadlro);
> > Index: sys/netinet/tcp_var.h
> > ===
> > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
> > retrieving revision 1.167
> > diff -u -p -r1.167 tcp_var.h
> > --- sys/netinet/tcp_var.h 23 May 2023 09:16:16 - 1.167
> > +++ sys/netinet/tcp_var.h 23 Jun 2023 15:48:27 -
> > @@ -447,6 +447,7 @@ struct tcpstat {
> >
Re: lo(4) loopback LRO and TSO
anyone?
On Fri, Jun 23, 2023 at 06:06:16PM +0200, Alexander Bluhm wrote:
> Hi,
>
> Claudio@ mentioned the idea to use TSO and LRO on the loopback
> interface to transfer TCP faster.
>
> I see a performance effect with this diff, but more importantly it
> gives us more test coverage. Currently LRO on lo(4) is default
> off.
>
> Future plan is:
> - Fix some corner cases for LRO/TSO with TCP path-MTU discovery
> and IP forwarding when LRO is enabled.
> - Enable LRO/TSO for lo(4) and ix(4) per default.
> - Jan@ commits his ixl(4) TSO diff.
>
> ok for lo(4) LRO/TSO with default off?
>
> bluhm
>
> Index: sys/net/if.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/if.c,v
> retrieving revision 1.700
> diff -u -p -r1.700 if.c
> --- sys/net/if.c 12 Jun 2023 21:19:54 - 1.700
> +++ sys/net/if.c 23 Jun 2023 15:48:27 -
> @@ -106,6 +106,9 @@
> #ifdef MROUTING
> #include
> #endif
> +#include
> +#include
> +#include
>
> #ifdef INET6
> #include
> @@ -802,12 +805,29 @@ if_input_local(struct ifnet *ifp, struct
>* is now incorrect, will be calculated before sending.
>*/
> keepcksum = m->m_pkthdr.csum_flags & (M_IPV4_CSUM_OUT |
> - M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT);
> + M_TCP_CSUM_OUT | M_UDP_CSUM_OUT | M_ICMP_CSUM_OUT |
> + M_TCP_TSO);
> m_resethdr(m);
> m->m_flags |= M_LOOP | keepflags;
> m->m_pkthdr.csum_flags = keepcksum;
> m->m_pkthdr.ph_ifidx = ifp->if_index;
> m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
> +
> + if (ISSET(keepcksum, M_TCP_TSO) && m->m_pkthdr.len > ifp->if_mtu) {
> + if (ifp->if_mtu > 0 &&
> + ((af == AF_INET &&
> + ISSET(ifp->if_capabilities, IFCAP_TSOv4)) ||
> + (af == AF_INET6 &&
> + ISSET(ifp->if_capabilities, IFCAP_TSOv6 {
> + tcpstat_inc(tcps_inswlro);
> + tcpstat_add(tcps_inpktlro,
> + (m->m_pkthdr.len + ifp->if_mtu - 1) / ifp->if_mtu);
> + } else {
> + tcpstat_inc(tcps_inbadlro);
> + m_freem(m);
> + return (EPROTONOSUPPORT);
> + }
> + }
>
> if (ISSET(keepcksum, M_TCP_CSUM_OUT))
> m->m_pkthdr.csum_flags |= M_TCP_CSUM_IN_OK;
> Index: sys/net/if_loop.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v
> retrieving revision 1.94
> diff -u -p -r1.94 if_loop.c
> --- sys/net/if_loop.c 5 Jun 2023 11:35:46 - 1.94
> +++ sys/net/if_loop.c 23 Jun 2023 15:48:27 -
> @@ -175,7 +175,8 @@ loop_clone_create(struct if_clone *ifc,
> ifp->if_xflags = IFXF_CLONED;
> ifp->if_capabilities = IFCAP_CSUM_IPv4 |
> IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 |
> - IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6;
> + IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 |
> + IFCAP_LRO;
> ifp->if_rtrequest = lortrequest;
> ifp->if_ioctl = loioctl;
> ifp->if_input = loinput;
> @@ -281,6 +282,10 @@ loioctl(struct ifnet *ifp, u_long cmd, c
>
> switch (cmd) {
> case SIOCSIFFLAGS:
> + if (ISSET(ifp->if_xflags, IFXF_LRO))
> + SET(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
> + else
> + CLR(ifp->if_capabilities, IFCAP_TSOv4 | IFCAP_TSOv6);
> break;
>
> case SIOCSIFADDR:
> Index: sys/netinet/tcp_usrreq.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_usrreq.c,v
> retrieving revision 1.219
> diff -u -p -r1.219 tcp_usrreq.c
> --- sys/netinet/tcp_usrreq.c 23 May 2023 09:16:16 - 1.219
> +++ sys/netinet/tcp_usrreq.c 23 Jun 2023 15:48:27 -
> @@ -1340,6 +1340,7 @@ tcp_sysctl_tcpstat(void *oldp, size_t *o
> ASSIGN(tcps_outhwtso);
> ASSIGN(tcps_outpkttso);
> ASSIGN(tcps_outbadtso);
> + ASSIGN(tcps_inswlro);
> ASSIGN(tcps_inhwlro);
> ASSIGN(tcps_inpktlro);
> ASSIGN(tcps_inbadlro);
> Index: sys/netinet/tcp_var.h
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
> retrieving revision 1.167
> diff -u -p -r1.167 tcp_var.h
> --- sys/netinet/tcp_var.h 23 May 2023 09:16:16 - 1.167
> +++ sys/netinet/tcp_var.h 23 Jun 2023 15:48:27 -
> @@ -447,6 +447,7 @@ structtcpstat {
> u_int32_t tcps_outhwtso;/* output tso processed by hardware */
> u_int32_t tcps_outpkttso; /* packets generated by tso */
> u_int32_t tcps_outbadtso; /* output tso failed, packet dropped */
> + u_int32_t tcps_inswlro; /* input lro on pseudo device */
> u_int32_t tcps_inhwlro; /* input lro from
Re: huge pfsync rewrite
Hello, On Thu, Jun 29, 2023 at 01:48:27PM +1000, David Gwynne wrote: > On Mon, Jun 26, 2023 at 01:16:40AM +0200, Alexandr Nedvedicky wrote: > > > net/if_pfsync.c > > the diff currently uses two slices (PFSYNC_NSLICES). is there a plan to > > scale it up? the slice can be simply viewed as a kind of task. IMO the > > number of slices can be aligned with number of cpu cores. Or is this > > too simplified? I'm just trying to get some hints on how to further > > tune performance. > > that's part of a bigger discussion which involves how far we should > scale the number of nettqs and how parallel pf can go. > > 2 slices demonstrates that pfsync can partition work and is safe doing > so. there kstats ive added on those slices show there isnt a lot of > contention in pfsync. yet. > I was just wondering, because if I remember correct hrvoje@ has noticed small performance degradation (compared with current). I think his test was using 4 net tasks to forward packets through firewall. now if there are just 2 tasks for pfsync, then this might be a way how the degradation sneaked in. just a thought. thanks and regards sashan
LibreSSL: Use of hardware enclaves to protect TLS keys
Hello, I would like to keep the TLS server private key in a hardware enclave, such as Intel SGX. I found a solution - TaLoS (https://github.com/lsds/TaLoS), which is a fork of LibreSSL. Have you considered merging TaLoS or implementing something along these lines in LibreSSL? Thank you and regards, Julius Chrobak
