Re: Dumb arplookup()

On Wed, Dec 02, 2015 at 09:26:35AM +, Stuart Henderson wrote: > On 2015/12/02 09:44, Martin Pieuchot wrote: > > If the kernel tries to create (cloned) an ARP entry and found an > > existing conflicting route, do not try to be clever and just bail. > > > > I'm fine with rtalloc(9) taking the

Re: bridge(4) never outputs packets

On Wed, Dec 02, 2015 at 09:57:59AM +0100, Martin Pieuchot wrote: > Make sure if_output() and if_start() will never be called for the > bridge(4). > > Concerns? Why not use if_detached_start()? There is no if_detached_output() but we could add that as well. I would prefer that over NULL pointers

Re: bridge(4) never outputs packets

On Wed, Dec 02, 2015 at 11:07:40AM +0100, Martin Pieuchot wrote: > On 02/12/15(Wed) 10:25, Claudio Jeker wrote: > > On Wed, Dec 02, 2015 at 09:57:59AM +0100, Martin Pieuchot wrote: > > > Make sure if_output() and if_start() will never be called for the > > > bridg

kill RT_REPORT since it is useless

The time where route miss messages on rtalloc() where useful are long gone. In modern times this just produces a lot of noise with no benefit. Nothing in userland is using this information anyway. Because of this reti^Wtedu RT_REPORT. OK? -- :wq Claudio Index: net/if_mpe.c

use m_defrag in fxp

Use m_defrag in fxp to make it nicer and simpler. works for me with fxp0 at pci6 dev 6 function 0 "Intel 8255x" rev 0x08, i82559: apic 6 int 21, address 00:d0:b7:4c:36:c4 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 It would be possible to drop the mbuf on error and then the ifq_deq_begin

Re: [patch] dvmrpd: strings header cleanup

On Mon, Dec 07, 2015 at 02:04:18PM -0500, Michael McConville wrote: > Serguey Parkhomovsky wrote: > > Fixes implicit memcpy declarations by using string.h instead of > > strings.h, and removes strings.h from files that don't need it. Also, > > change bzero(3) to memset(3). > > Thanks for this. >

Re: Checking MAC address of incoming unicast packets

On Sat, Jan 02, 2016 at 04:04:33PM +0100, Mark Kettenis wrote: > > Date: Sat, 2 Jan 2016 10:57:41 +0100 > > From: Martin Pieuchot > > > > If it's acceptable performance-wise to do the check unconditionally I > > believe that's the way to go. If not I'm a bit afraid of

bgpd fix MPLS VPN (rdomain) config

Just realized that I forgot to properly merge the rdomain config from the new config into the active config and so that config was just lost. Following diff fixes this. Also refactored the free functions a bit so I did not have to use the same functions multiple times. OK? -- :wq Claudio Index:

Re: vi: default to tab for filename completion

On Mon, Nov 23, 2015 at 11:34:42AM +0100, Theo Buehler wrote: > On Mon, Nov 23, 2015 at 01:36:00AM -0700, Anthony J. Bentley wrote: > > Hi, > > > > A simple change (comes from FreeBSD nvi). > > > > ok? > > yes, please One of the things I have in my exrc file. So yes please. > > > > Index:

Re: vi: don't escape backspace with backslash

On Mon, Nov 23, 2015 at 01:31:11AM -0700, Anthony J. Bentley wrote: > When I hit backspace after a backslash, usually I just want to delete > the backslash. I don't think I've ever intended to input a literal ^?. > If I ever did want to insert ^H, ^?, or ^U, I would just type ^V first. > > I've

Re: netstat -P - no namelist

On Mon, Nov 23, 2015 at 04:24:39PM +, Stuart Henderson wrote: > On 2015/11/23 10:53, David Hill wrote: > > On Fri, Nov 20, 2015 at 12:07:36PM -0500, David Hill wrote: > > > Hello - > > > > > > I used to use netstat -P to view PCB information. Running -current, I > > > get 'no namelist' now.

Re: ospfd: add format attributes

On Sat, Jun 04, 2016 at 06:45:53PM +0200, Sebastian Benoit wrote: > In ospfd, add format attributes to the proper functions and then fix the > warning in rde.c. > > ok? OK claudio@ if ospfctl also compiles > diff --git log.h log.h > index e0034e8..a682f67 100644 > --- log.h > +++ log.h > @@

Re: ospf6d: add format attributes

On Sat, Jun 04, 2016 at 06:51:37PM +0200, Sebastian Benoit wrote: > In ospf6d, add format attributes to the proper functions and then fix the > warning in rde.c > > ok? OK claudio@ if ospf6ctl compiles > diff --git log.h log.h > index 0cc7403..8cccd8f 100644 > --- log.h > +++ log.h > @@ -23,14

Re: bgpd: add format attributes

On Sat, Jun 04, 2016 at 06:33:57PM +0200, Sebastian Benoit wrote: > Add format attributes to the proper functions and then fix the warning in > session.c. > > ok? OK claudio Make sure that bgpctl still compiles in all its version (bgplg) > diff --git bgpd.h bgpd.h > index 5fa046e..eaf93e6

Re: bridge, carp and HW-vlan

On Mon, May 23, 2016 at 03:23:52PM +0200, Martin Pieuchot wrote: > HW-vlan breaks our if_input() design because vlan packets are > decapsulated before calling if_input(). > > So it doesn't matter in which order you configured your pseudo-driver, > they all have to deal with this layer violation.

Re: bgpd: filter as path with operators

On Mon, May 30, 2016 at 10:43:49PM +0200, Sebastian Benoit wrote: > Hi, > > this allows to have > > allow from any AS 64512 - 65534 ... > allow from any AS > 100 > > etc in bgpd.conf. > > Ignore the example file for now, i will commit that seperatly anyway. > > One obvious improvment

Re: [PATCH] let the mbufs use more then 4gb of memory

On Wed, Jun 22, 2016 at 01:58:25PM +0200, Simon Mages wrote: > On a System where you use the maximum socketbuffer size of 256kbyte you > can run out of memory after less then 9k open sockets. > > My patch adds a new uvm_constraint for the mbufs with a bigger memory area. > I choose this area

Re: [PATCH] let the mbufs use more then 4gb of memory

On Thu, Jun 23, 2016 at 02:41:53PM +0200, Mark Kettenis wrote: > > Date: Thu, 23 Jun 2016 13:09:28 +0200 > > From: Alexander Bluhm > > > > On Wed, Jun 22, 2016 at 10:54:27PM +1000, David Gwynne wrote: > > > secondly, allocating more than 4g at a time to socket buffers is

Re: bgplg: use SERVER_NAME CGI variable instead of gethostname?

On Tue, Apr 05, 2016 at 10:39:15PM +0100, Stuart Henderson wrote: > I've just been reorganising some machines and have a hostname that I don't > really want on the looking glass page, this diff uses the CGI variable > instead to take the hostname as given by the webserver instead, which is >

Re: Print ifindex in ifconfig(8)

On Tue, Apr 12, 2016 at 01:47:53PM +0200, Stefan Sperling wrote: > On Tue, Apr 12, 2016 at 12:27:10PM +0100, Stuart Henderson wrote: > > On 2016/04/12 13:00, Martin Pieuchot wrote: > > > Relying on the "scopeid" field is not a viable long-term solution. I'm > > > spending too much time these days

Re: tcp syn cache random reseed

On Sun, Mar 20, 2016 at 07:28:45PM +0100, Alexander Bluhm wrote: > On Sat, Mar 19, 2016 at 10:41:06PM +0100, Alexander Bluhm wrote: > > Perhaps the tcps_sc_seedrandom counter with a netstat -s line should > > be commited anyway to show the problem. > > ok? OK claudio@ > bluhm > > Index:

Re: bgpd: fix adding a new interface and network inet connected

On Mon, Mar 21, 2016 at 03:54:38PM +0100, Peter Hessler wrote: > We ran into a situation where we accidentally blackholed traffic going to > a new Internet Exchange. When we added the new vlans and new peers, the > nexthop address on that vlan was *not* our neighbor's address, but > instead used

Re: bgpd: fix adding a new interface and network inet connected

On Mon, Mar 21, 2016 at 05:11:04PM +0100, Peter Hessler wrote: > On 2016 Mar 21 (Mon) at 16:22:53 +0100 (+0100), Claudio Jeker wrote: > :On Mon, Mar 21, 2016 at 03:54:38PM +0100, Peter Hessler wrote: > :> We ran into a situation where we accidentally blackholed traffic going to > :&

Re: ie(4) and ie(4/sparc) vs bpf_tap

On Tue, Mar 29, 2016 at 08:58:35PM +1000, David Gwynne wrote: > i think bpf_tap is broken, so id like to get rid of it. > > the only thing(s) using it is ie, but they dont require bpf_tap. > > the typical idiom with doing bpf on outgoing packets is to pass the > mbuf in between dequeueing the

Re: vlan(4) doesnt have to filter its own mac address

On Tue, Mar 29, 2016 at 02:37:44PM +1000, David Gwynne wrote: > because the network stack does it for it on the way in. > > the following chunk in src/sys/net/if_ethersubr.c does the same job > later on: > > int > ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie) > { > ... >

Re: failure to send a udp packet is not a fatal error

On Tue, Apr 26, 2016 at 01:43:31PM +1000, David Gwynne wrote: > the tftp proxy on the firewall is dying these days. i managed to > track the failure down to an error sending the udp packet on. > > rather than err, i think it more appropriate to warn and let the > client retry in this situation. >

Re: Kill sysctl net.inet6.ip6.v6only

On Thu, May 19, 2016 at 01:15:57AM +0200, Jeremie Courreges-Anglas wrote: > > As noticed by djm it doesn't make much sense to expose this in sysctl(8) > output. > > ok? OK, especially since it makes the setsockopt code path actually understandable. > Index: sbin/sysctl/sysctl.8 >

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

On Tue, May 17, 2016 at 09:26:58AM -0600, Theo de Raadt wrote: > > Does it need the ifdef? It's standard ipv6 api.. > > It is risk, all gigantic risk. > > Anyone who enables that will (not..) discover that their pf rulesets > are wrong. > IPV6_V6ONLY and net.inet6.ip6.v6only have no effect in

Re: Fewer ip{_6,}forwart_rt

On Mon, Apr 18, 2016 at 08:36:58AM +0200, Martin Pieuchot wrote: > On 11/04/16(Mon) 15:29, Martin Pieuchot wrote: > > Instead of rtfree(9)ing the cached route after using it, if it is a > > multipath one, free it before. > > > > Ok? > > Anyone? > Make stuff simpler. OK claudio@ > > Index:

Re: Kill ipforward_rt

On Tue, Apr 19, 2016 at 11:06:31AM +0200, Martin Pieuchot wrote: > This single cached route is a nice trick for having higher forwarding > numbers w/ benchmarks. But as soon as you start forwarding packets to > different end addresses, even using a single next hop, it becomes > useless. > >

Re: Auto tunnel - RFC4213

On Tue, Jul 12, 2016 at 11:28:47AM +0200, Martin Pieuchot wrote: > By default we have a route to reject compatible addresses: > > ::/96 ::1UGRS 0 0 32768 8 lo0 > > But the corresponding check in ip6_input() is still commented because it > is

Re: Use m_devget(9) in smsc(4)

On Sat, Jul 30, 2016 at 10:03:33PM +0200, Mark Kettenis wrote: > Removes a couple of lines of code from the driver. > > ok? This is the right use of m_devget. OK claudio@ PS: realized that the manpage for m_devget still has the old prototype with the ifp in it... -- :wq Claudio > > Index:

Re: Alternative control socket location in ripd

On Tue, Aug 02, 2016 at 01:48:11PM +0200, Jeremie Courreges-Anglas wrote: > Nima GHOTBI writes: > > > please try the attachments > > > > On Sun, Jul 31, 2016 at 7:27 PM, Jeremie Courreges-Anglas > > wrote: > > > >> Nima GHOTBI writes: > >>

Re: Correct order of route removal

On Mon, Aug 15, 2016 at 08:42:06AM +0200, Martin Pieuchot wrote: > On 08/08/16(Mon) 11:48, Martin Pieuchot wrote: > > The rtable_walk() & prio bug I just sent a fix for should theoretically > > not cause any trouble. Sadly it is piled on top of another bug for > > which a fix is attached. > > >

Re: rtable_walk() hand and route prio

On Mon, Aug 15, 2016 at 08:41:52AM +0200, Martin Pieuchot wrote: > On 08/08/16(Mon) 11:42, Martin Pieuchot wrote: > > On the train back from n2k16 I found the real cause of the hang reported > > by Dimitris Papastamos [0] and exposed by our recent > > changes to the routing table. > > > > When an

Re: [PATCH] let the mbufs use more then 4gb of memory

On Fri, Aug 12, 2016 at 04:38:45PM +1000, David Gwynne wrote: > > > On 1 Aug 2016, at 21:07, Simon Mages wrote: > > > > I sent this message to dlg@ directly to discuss my modification of his > > diff to make the > > bigger mbuf clusters work. i got no response so

bigger mbuf clusters for sosend()

This diff refactors the uio to mbuf code to make use of bigger buffers (up to 64k) and also switches the MCLGET to use M_WAIT like the MGET calls in the same function. I see no point in not waiting for a cluster and instead chain lots of mbufs together as a consequence. This makes in my opinion

Re: Auto tunnel - RFC4213

On Tue, Jul 12, 2016 at 11:46:43AM +0200, Martin Pieuchot wrote: > On 12/07/16(Tue) 11:33, Claudio Jeker wrote: > > On Tue, Jul 12, 2016 at 11:28:47AM +0200, Martin Pieuchot wrote: > > > By default we have a route to reject compatible addresses: > > > > >

Re: vlan(4), tap(4) and netstart(8)

On Mon, Jul 18, 2016 at 03:01:48PM +0200, Martin Pieuchot wrote: > I use a vlan(4) on top of a tap(4). Since the rewrite that made vlan(4) > MP-safe I got errors during boot because my tap0 is not UP when I try > to bring my vlan up. > > Now that tap(4) has been separated from tun(4) is there

relayd TLS session caching

relayd *); + +/* tlsc.c */ +pid_t tlsc(struct privsep *, struct privsep_proc *); +voidtlsc_engine_init(struct relayd *); +voidtlsc_modify(struct relayd *, u_int, const void *, size_t, + void *, size_t, long); +voidtlsc_create_ticket(struct tls_ticket_ctx *); /* relay

Re: syn cache hash size sysctl

On Tue, Jul 19, 2016 at 10:40:14PM +0200, Alexander Bluhm wrote: > On Tue, Jul 19, 2016 at 09:19:25PM +0100, Jason McIntyre wrote: > > On Tue, Jul 19, 2016 at 10:09:47PM +0200, Alexander Bluhm wrote: > > > On Tue, Jul 19, 2016 at 08:55:58PM +0200, Joerg Jung wrote: > > > > Please, also document

Re: tcp output mbuf leak

On Tue, Jul 19, 2016 at 11:00:04PM +0200, Alexander Bluhm wrote: > Hi, > > When looking at the error paths in tcp_output() I have found these > returns that look like mbuf leaks. > > ok? Indeed. OK claudio@ Looking at tcp_signature() I actually think it can not fail but better safe than sorry.

tcpbench(4) support for AF_UNIX

For testing I want to abuse tcpbench to work over AF_UNIX sockets. This diff does exactly that with minimal extras. Especially the unix socket is not removed from the filesystem when closed. I don't want to add pledge cpath to tcpbench just for that. -- :wq Claudio Index: tcpbench.1

Re: tcpbench(4) support for AF_UNIX

On Wed, Jul 20, 2016 at 04:09:48PM +0200, Claudio Jeker wrote: > For testing I want to abuse tcpbench to work over AF_UNIX sockets. > This diff does exactly that with minimal extras. Especially the unix > socket is not removed from the filesystem when closed. I don't want to > add

Re: [PATCH] dont increase the size of socket buffers in low memory situations

On Tue, Jul 05, 2016 at 07:22:27AM -0600, Bob Beck wrote: > Makes sense to me. Others? > > > On Tue, Jul 5, 2016 at 4:08 AM, Simon Mages > wrote: > > At the moment the buffersize will be set to the default even if the > > current value > > is smaller. > > > > The

Re: [Bug 63] Any user can panic the kernel with the sysctl call.

On Fri, Jul 22, 2016 at 11:26:57AM +0200, Mark Kettenis wrote: > > From: Tim Newsham > > Date: Fri, 22 Jul 2016 08:32:04 + > > > > Here's a new one we just found: > > > > /* > > * sysctl_tmpfs_panic.c > > *Demonstrate a panic in UFS through the getdents

Re: rtsock refactoring

On Sat, Jan 21, 2017 at 07:31:20AM +0100, Claudio Jeker wrote: > On Sat, Jan 21, 2017 at 01:28:02AM +0100, Claudio Jeker wrote: > > On Fri, Jan 20, 2017 at 02:51:52AM +0100, Claudio Jeker wrote: > > > I sent this diff out some time ago and would really like to get this in. >

Re: rtsock refactoring

On Mon, Jan 23, 2017 at 04:56:02PM +0100, Alexander Bluhm wrote: > On Mon, Jan 23, 2017 at 01:18:05AM +0100, Claudio Jeker wrote: > > Last bit for now. This is changing the reporting madness. It moves it in > > its own function which is called after the big switch statement. >

Re: rtsock refactoring

On Tue, Jan 24, 2017 at 08:54:23AM +1000, Martin Pieuchot wrote: > On 23/01/17(Mon) 01:18, Claudio Jeker wrote: > > [...] > > Last bit for now. This is changing the reporting madness. It moves it in > > its own function which is called after the big switch statement. >

httpd TLS ticket support

Since I just added ticket support to libtls here is a diff to enable it in httpd. Cheers -- :wq Claudio Index: config.c === RCS file: /cvs/src/usr.sbin/httpd/config.c,v retrieving revision 1.50 diff -u -p -r1.50 config.c ---

Re: httpd TLS ticket support

On Tue, Jan 24, 2017 at 07:52:07AM +0100, Reyk Floeter wrote: > > > Am 24.01.2017 um 02:54 schrieb Claudio Jeker <cje...@diehard.n-r-g.com>: > > > > Since I just added ticket support to libtls here is a diff to enable it > > in httpd. > > >

Re: rtsock refactoring

On Fri, Jan 20, 2017 at 02:51:52AM +0100, Claudio Jeker wrote: > I sent this diff out some time ago and would really like to get this in. > This is one step on makeing rtsock.c less of a hornets nest. > This reduces the side effects in route_output and simplifies some other >

Re: rtsock refactoring

On Sat, Jan 21, 2017 at 01:28:02AM +0100, Claudio Jeker wrote: > On Fri, Jan 20, 2017 at 02:51:52AM +0100, Claudio Jeker wrote: > > I sent this diff out some time ago and would really like to get this in. > > This is one step on makeing rtsock.c less of a hornets nest. > >

Re: global mbuf memory limit

On Tue, Jan 24, 2017 at 03:26:42PM +0100, Alexander Bluhm wrote: > On Tue, Jan 24, 2017 at 05:46:31PM +1000, David Gwynne wrote: > > > Apart from the problem that I don't know wether the mutex kills > > > performance, the diff looks good. > > > > the tests ive done and simon mages has done show a

Re: BFD: route get and route monitor

On Thu, Jan 19, 2017 at 06:26:25AM +0100, Peter Hessler wrote: > On 2016 Dec 17 (Sat) at 14:05:40 +0100 (+0100), Peter Hessler wrote: > :On 2016 Sep 30 (Fri) at 10:16:19 +0200 (+0200), Peter Hessler wrote: > ::This diff makes route get and route monitor work. sockaddr_bfd is so we > ::can play

rtsock refactoring

I sent this diff out some time ago and would really like to get this in. This is one step on makeing rtsock.c less of a hornets nest. This reduces the side effects in route_output and simplifies some other bits as well. For example route_input is less variadic and simpler. Anyone couragous enough

Kill pfsockaddr_union

pfsockaddr_union needs to die. This fixes two of the uses of it and the pf_table code will follow later. For bridge we just move the definition and in pfsync we can actually use the one from ip_ipsp.h since it is used for that. OK? -- :wq Claudio Index: net/if_bridge.h

make art independent of struct sockaddr

I want to use art routing tables with pf addrs and not sockaddrs. Art itself does not care but the API requires sockaddr pointers in some places. This changes those to void *. OK? This is step 2 to a new pf_table backend. -- :wq Claudio Index: net/art.c

Re: make art independent of struct sockaddr

On Fri, Jan 20, 2017 at 01:26:11PM +1000, Martin Pieuchot wrote: > On 20/01/17(Fri) 03:04, Claudio Jeker wrote: > > I want to use art routing tables with pf addrs and not sockaddrs. > > Art itself does not care but the API requires sockaddr pointers in some > > places. This

Re: add option for disabling TLS session tickets to libttls

On Sun, Aug 21, 2016 at 02:25:15PM -0400, Ted Unangst wrote: > Andreas Bartelt wrote: > > Since the use of TLS session tickets potentially interferes with forward > > secrecy on a per-session basis, I'd personally prefer an opt-in in > > libtls as well as in httpd with regard to its usage.

Re: ip_icmp reference fix

On Mon, Aug 22, 2016 at 01:21:47PM +0200, Martin Pieuchot wrote: > When it comes to reference counting in the receiving path, route entries > act as proxy for interface addresses. In other words you CANNOT > dereference ``rt->rt_ifa'' after calling rtfree(9). > > Diff below fixes that in

Re: Do not use 'struct route_in6'

On Mon, Aug 22, 2016 at 12:58:31PM +0200, Martin Pieuchot wrote: > I'd like to implement a route caching mechanism that works with PF state > keys and always pick newest more specific route when available. > > In order to do so I need to get rid of the 'struct route'. The problem > of the

Re: bigger mbuf clusters for sosend()

On Wed, Aug 17, 2016 at 02:29:49PM +0200, Alexander Bluhm wrote: > On Wed, Aug 17, 2016 at 10:18:26PM +1000, David Gwynne wrote: > > the reason is that pools now keep track of things that are sleeping > > for memory and will give them an item BEFORE waking them up. > > previously i believe they

Re: pid for RTM_ADD

On Wed, Aug 17, 2016 at 10:39:51AM +0100, Stuart Henderson wrote: > On 2016/08/17 10:11, Peter Hessler wrote: > > It sure would be nice if we could see the PID of the process that added > > routes. Heck, route(8) even tries to print them already. > > > > Add the fields to the appropriate struct,

Re: take PRU_ATTACH out of usrreq

On Mon, Feb 27, 2017 at 10:22:03PM +0100, Alexander Bluhm wrote: > On Sun, Feb 26, 2017 at 10:56:16AM +0100, Claudio Jeker wrote: > > This diff works for me but I did not test each and every protocol (TCP, > > UDP, ICMP, AF_UNIX work). > > I am currently running it with

Re: take PRU_ATTACH out of usrreq

On Sun, Feb 26, 2017 at 07:51:14AM -0700, Todd C. Miller wrote: > On Sun, 26 Feb 2017 10:56:16 +0100, Claudio Jeker wrote: > > > Attaching a PCB to a socket is currently done via PRU_ATTACH but in most > > cases this does not need the network / socket lock since no packets c

Re: Route lookup accounting

On Tue, Feb 28, 2017 at 10:59:39AM +0100, Martin Pieuchot wrote: > On 22/02/17(Wed) 13:12, Martin Pieuchot wrote: > > I'd like to keep rtalloc(9) for the hot path since it increments the use > > counter. This will become more important when routes entries will be > > cached in PF states. This

Re: take PRU_ATTACH out of usrreq

On Tue, Feb 28, 2017 at 10:33:53AM +0100, Martin Pieuchot wrote: > On 28/02/17(Tue) 07:15, Claudio Jeker wrote: > > On Mon, Feb 27, 2017 at 10:22:03PM +0100, Alexander Bluhm wrote: > > [...] > > > > +int > > > > +pfkey_attach(struct socket *so, int pro

take PRU_ATTACH out of usrreq

Attaching a PCB to a socket is currently done via PRU_ATTACH but in most cases this does not need the network / socket lock since no packets can be received or sent over this socket (needs a bind or connect first) It also cleans up a few other ugly things like how the proto is passed. This diff

Re: Say no to stale (cached) ifas

I really like this. It will allow us to move forward. While I was for a long time holding the opinion that static routes should not disapear from the routing table because the interface address changes I came to the conclusion that this is causing more harm and so it is better to remove all routes

Re: relayd TLS ticket and session support accross processes

On Tue, Aug 30, 2016 at 03:51:04PM +0200, Claudio Jeker wrote: > On Tue, Aug 30, 2016 at 02:44:17PM +0200, Reyk Floeter wrote: > > On Tue, Aug 30, 2016 at 01:22:49PM +0200, Claudio Jeker wrote: > > > Here is the latest version of the ticket and tls session cache support.

Re: replace microtime with getmicrouptime in ip_mroute.c

On Thu, Sep 08, 2016 at 11:54:01AM +1000, David Gwynne wrote: > it uses the time to rate limit the sending of assertion messages. > > there are two reasons for this change. > > firstly, using uptime instead of wall time means the intervals will > be measured against a a monotonic clock that isnt

Re: Watchdog and ifp detach races

On Sun, Sep 04, 2016 at 05:43:20PM +0200, Martin Pieuchot wrote: > Thanks to awolk@ hacking on USB wireless we found a lot of new races in > the network stack. > > Passing and ``ifp'' pointer to a task is *not* safe. If the task > sleeps, then another thread my start executing if_detach()

Re: relayd TLS ticket and session support accross processes

On Tue, Aug 30, 2016 at 02:44:17PM +0200, Reyk Floeter wrote: > On Tue, Aug 30, 2016 at 01:22:49PM +0200, Claudio Jeker wrote: > > Here is the latest version of the ticket and tls session cache support. > > Tickets can be disabled and also the session timeout is configurable

relayd TLS ticket and session support accross processes

LS_TICKET_RENEW_TIME 600 +#defineTLS_CACHE_GC_INTERVAL 60 + #defineFSNMP_TRAPONLY 0x01 #define RELAYD_OPT_VERBOSE 0x01 @@ -1239,6 +1261,11 @@ int ssl_ctx_fake_private_key(SSL_CTX *, /* ca.c */ pid_t ca(struct privsep *, struct privsep_proc

Re: Heads up to Xen users following -current

On Tue, Aug 30, 2016 at 10:48:53AM +0200, Mike Belopuhov wrote: > On Tue, Aug 30, 2016 at 08:31 +0200, Mark Kettenis wrote: > > > Date: Tue, 30 Aug 2016 07:48:09 +0200 > > > From: Mike Belopuhov > > > > > > On Tue, Aug 30, 2016 at 09:58 +1000, David Gwynne wrote: > > > > On

Re: pool_setipl for rt bits

On Tue, Aug 30, 2016 at 07:36:09PM +1000, David Gwynne wrote: > ok? Needs to be OK or we have a serious issue. > Index: radix.c > === > RCS file: /cvs/src/sys/net/radix.c,v > retrieving revision 1.52 > diff -u -p -r1.52 radix.c >

Re: ifconfig setinstance -> setrdomain

On Wed, Aug 31, 2016 at 02:23:00PM +0200, Stefan Sperling wrote: > 'instance' is the name of an ifconfig subcommand related to ifmedia > so the name of the setinstance() function is slightly confusing. OK > Index: ifconfig.c > ===

Re: soaccept() and spl

On Mon, Sep 12, 2016 at 11:15:21AM +0200, Martin Pieuchot wrote: > soaccept() is always called at IPL_SOFTNET, so assert it instead of > raising the SPL level recursively. This is not a problem currently > but will be one as soon as we use a non-recursive rwlock. > > ok? OK claudio (I bet there

Re: gif(4) remove bridge(4) support

On Mon, Sep 12, 2016 at 01:34:25PM +0200, Martin Pieuchot wrote: > bridge(4) no longer accept gif(4) interfaces, so kill no dead code, ok? Sure! Long live etherip(4). > Index: net/if_gif.c > === > RCS file:

Re: m_copym2 is unused, let's remove it

On Wed, Sep 14, 2016 at 02:46:27PM +1000, David Gwynne wrote: > Yes, this is just a conservative first step to that. OK on the first step. I hope more follow :) > On 14 Sep 2016 12:00 p.m., "Todd C. Miller" > wrote: > > > Looks OK. Do you intend to change m_copym0

less goto in raw_usrreq.c

Same same but one line of code less and no more goto. OK? -- :wq Claudio Index: net/raw_usrreq.c === RCS file: /cvs/src/sys/net/raw_usrreq.c,v retrieving revision 1.24 diff -u -p -r1.24 raw_usrreq.c --- net/raw_usrreq.c5 Sep

refactor rtsock.c a bit

I want to make route_output and route_input and a few other things in rtsock.c less hostile so here is a refactoring of the code. Main goal is to make it clearer how the return packet is generated. -- :wq Claudio Index: net/rtsock.c

Re: OSPFD

On Wed, Sep 21, 2016 at 08:32:01AM +0530, S.Gopinath SundaraRajan wrote: > Hi, > > I just started using OpenBSD's ospfd. > > 1. I would like to have a direct Ethernet link > between OpenBSD box and Cisco/Juniper router. > > I would like to specify the link type as point to point. > > Which

Re: bigger mbuf clusters for sosend()

On Thu, Aug 18, 2016 at 12:49:07AM +0200, Alexander Bluhm wrote: > On Wed, Aug 17, 2016 at 09:21:21PM +0200, Claudio Jeker wrote: > > On Wed, Aug 17, 2016 at 02:29:49PM +0200, Alexander Bluhm wrote: > > > As I understand, we are hitting the global mbuf cluster limit. I &

Do not use rn_refines in if.c

So rn_refines() is a function from the deep underbelly of radix code. In my opinion if.c should not use this function especially now that we use art for routing table lookups. Instead I implemented a simple ifa_netmask_cmp() function that does what the code expects and compares the two netmasks.

Re: Problems with rdomain and net/if.c v1.455

On Tue, Nov 08, 2016 at 03:36:22PM +0100, Martin Pieuchot wrote: > On 04/11/16(Fri) 10:45, Claudio Jeker wrote: > > On Wed, Nov 02, 2016 at 05:44:14PM +0100, Martin Pieuchot wrote: > > > [..] > > > Diff below should fix that by automagically creating a loopback > &g

Re: Problems with rdomain and net/if.c v1.455

On Wed, Nov 09, 2016 at 11:55:19AM +0100, Martin Pieuchot wrote: > On 08/11/16(Tue) 17:23, Claudio Jeker wrote: > > On Tue, Nov 08, 2016 at 03:36:22PM +0100, Martin Pieuchot wrote: > > > [...] > > > To add 127.0.0.1 properly it's another story as currently netstart(8

Re: pf_route pf_pdesc

On Wed, Oct 19, 2016 at 11:49:56PM +0200, Alexander Bluhm wrote: > Hi, > > I would like to pass a struct pf_pdesc to pf_route() like it is > done in the other pf functions. That means less parameters, more > consistency and later I can call functions that need an pd from > pf_route(). > >

Re: show bgp unknown attributes in bgpctl and tcpdump

On Fri, Oct 14, 2016 at 10:44:33AM +0200, Peter Hessler wrote: > While working on Large Communities, I realized that I would really like > to easily see and know when I am receiving "unknown" attributes. > > Patch for tcpdump is easy, if it doesn't have a decoder, just print the > type and

Re: tun(4)/tap(4): fix mbuf header space check

On Mon, Oct 24, 2016 at 09:56:13AM +0200, Rafael Zalamena wrote: > tun(4)/tap(4) function tun_dev_write() is checking for the wrong size for > the mbuf packet header. We must check against MHLEN (the mbuf header data > storage size) and not MINCLSIZE (smallest amount of data of a cluster). > >

Re: Unnecessary goto in ip_output()

On Tue, Nov 22, 2016 at 04:55:17PM +0100, Martin Pieuchot wrote: > After the last IPSEC-related refactoring this goto no longer make sense. > > ok? Are you shure? I'm not convinced that for an INADDR_BROADCAST destination the code would do the same. I think it is fine but I can't prove it. >

Re: Unnecessary goto in ip_output()

On Wed, Nov 23, 2016 at 11:02:49AM +0100, Martin Pieuchot wrote: > On 23/11/16(Wed) 06:00, Claudio Jeker wrote: > > On Tue, Nov 22, 2016 at 04:55:17PM +0100, Martin Pieuchot wrote: > > > After the last IPSEC-related refactoring this goto no longer make sense. > > >

Re: pr_usrreq and splsoftnet

On Wed, Nov 16, 2016 at 11:38:06AM +0100, Martin Pieuchot wrote: > I'd like to enforce that pr_usrreq functions are always called at > IPL_SOFTNET. This will allow us to keep locking simple as soon as > we trade splsoftnet() for a rwlock. > > Most of the PRU_* actions are already called under

Re: Kill mpls_control()

On Tue, Nov 15, 2016 at 02:23:33PM +0100, Martin Pieuchot wrote: > Simply return EOPNOTSUPP like in raw_userreq() rather than defining an > empty function. This will help reducing reducing recursive splsotnet() > in pr_usrreq() functions. > > ok? OK claudio > Index: netmpls/mpls_raw.c >

Re: ospfd - add metric and type to print_redistribute

On Sat, Nov 19, 2016 at 11:38:56AM +, Stuart Henderson wrote: > On 2016/11/19 10:06, Remi Locherer wrote: > > Hi, > > > > In the output of ospfd -nv I miss metric and type for the redistribute > > statement. The below patch adds this. > > OK with me. This prints the values when they're at

Re: Problems with rdomain and net/if.c v1.455

On Fri, Oct 28, 2016 at 04:19:35PM +0200, Nils Frohberg wrote: > I currently cannot access the local IP of an interface on rdomain 1: > > Script started on Fri Oct 28 15:02:20 2016 > $ doas pfctl -d > pfctl: pf not enabled > $ doas ifconfig vether0 > vether0: no such interface > $

Re: mcl2k2 mbuf clusters

It is time to put the nasty comment from rl(4) into em(4) and ix(4). Everybody knew how bad realtek was but thinks Intel nics are good. The truth is that modern Intel nic are as bad as the cheepest and crapiest 10/100 Mbps Ethernet chips from the last millenium. -- :wq Claudio On Fri, Oct 14,

Re: make tcpdump show 11n mode correctly

On Sun, Dec 18, 2016 at 08:57:23AM +0100, Stefan Sperling wrote: > Anybody? > > Did I write too much of a wall of text to explain the diff? > In that case, just read the diff. It should make sense. > > On Sun, Dec 11, 2016 at 04:38:44PM +0100, Stefan Sperling wrote: > > This diff makes 'tcpdump

Re: ripd(8) use after free

On Fri, Dec 23, 2016 at 04:16:11PM +0100, Jeremie Courreges-Anglas wrote: > > In the neighbor fsm, NBR_ACT_DEL frees the neighbor structure. But > fields of this structure are later accessed, this is mostly visible with > debug output: > > nbr_del: neighbor ID 10.64.55.33, peerid 3 > nbr_fsm:

<    1   2   3   4   5   6   7   8   9   10   >