Re: HAMMER2 filesystem for OpenBSD
Le Tue, Oct 17, 2023 at 10:14:25PM +0100, Chris Narkiewicz a écrit : > Hi, > > Tomohiro Kusumi is currently working on HAMMER2 implementation > for OpenBSD, FreeBSD and NetBSD. > > The repository is here: > https://github.com/kusumi/openbsd_hammer2 > > > He maintains repositories for NetBSD, FreeBSD and OpenBSD, which > suggests that the implementation is portable. He also > provides a patch for OpenBSD 7.3: > > https://github.com/kusumi/openbsd_hammer2/blob/master/patch/openbsd73.patch > > The patch looks very minimal to me, with no deeper changes to the > kernel. > > I haven't found any discussion about HAMMER2 in list archives, so I'd > like to bring it to devs attention, kindly asking for your opinion. https://marc.info/?l=openbsd-misc&m=169272174500676&w=2 > Does it look like it's worth bringing in? Does it require more work? > > I'd appreciate any opinions from more knowledgable crowd. > > Cheers, > Chris >
AMD EPYC Embedded 3000 10Gig NIC
Allow detection of AMD EPYC Embedded 3000 10Gig NIC. OK ? Index: dev/pci/pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.2036 diff -u -p -r1.2036 pcidevs --- dev/pci/pcidevs 12 May 2023 11:42:22 - 1.2036 +++ dev/pci/pcidevs 13 May 2023 15:59:12 - @@ -757,6 +757,7 @@ product AMD 17_PCIE_2 0x1453 17h PCIE product AMD 17_PCIE_3 0x1454 17h PCIE product AMD 17_CCP_1 0x1456 17h Crypto product AMD 17_HDA 0x1457 17h HD Audio +product AMD EPYC_TENGB 0x1458 EPYC Embedded 3000 10Gig NIC product AMD 17_XHCI_1 0x145c 17h xHCI product AMD 17_XHCI_2 0x145f 17h xHCI product AMD 17_DF_10x1460 17h Data Fabric
Re: pfctl + bgpd for loop ugliness
Le Tue, Apr 18, 2023 at 02:43:26PM +0200, Theo Buehler a écrit : > On Tue, Apr 18, 2023 at 02:06:46PM +0200, Claudio Jeker wrote: > > This and the others are IIRC streight from pfctl. So if someone wants a > > free commit :) > > How about this. pfctl and bgpd are the same, except that the bgpd one > has a bsearch() nitems on top. pfctl regress is happy. > Looks good to me. OK denis@ > Index: sbin/pfctl/pfctl_parser.c > === > RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v > retrieving revision 1.347 > diff -u -p -r1.347 pfctl_parser.c > --- sbin/pfctl/pfctl_parser.c 9 Nov 2022 23:00:00 - 1.347 > +++ sbin/pfctl/pfctl_parser.c 18 Apr 2023 12:37:19 - > @@ -62,6 +62,10 @@ > #include "pfctl_parser.h" > #include "pfctl.h" > > +#ifndef nitems > +#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) > +#endif > + > void print_op (u_int8_t, const char *, const char *); > void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int); > void print_ugid (u_int8_t, id_t, id_t, const char *); > @@ -224,17 +228,15 @@ copy_satopfaddr(struct pf_addr *pfa, str > const struct icmptypeent * > geticmptypebynumber(u_int8_t type, sa_family_t af) > { > - unsigned inti; > + size_t i; > > if (af != AF_INET6) { > - for (i=0; i < (sizeof (icmp_type) / sizeof(icmp_type[0])); > - i++) { > + for (i = 0; i < nitems(icmp_type); i++) { > if (type == icmp_type[i].type) > return (&icmp_type[i]); > } > } else { > - for (i=0; i < (sizeof (icmp6_type) / > - sizeof(icmp6_type[0])); i++) { > + for (i = 0; i < nitems(icmp6_type); i++) { > if (type == icmp6_type[i].type) >return (&icmp6_type[i]); > } > @@ -245,17 +247,15 @@ geticmptypebynumber(u_int8_t type, sa_fa > const struct icmptypeent * > geticmptypebyname(char *w, sa_family_t af) > { > - unsigned inti; > + size_t i; > > if (af != AF_INET6) { > - for (i=0; i < (sizeof (icmp_type) / sizeof(icmp_type[0])); > - i++) { > + for (i = 0; i < nitems(icmp_type); i++) { > if (!strcmp(w, icmp_type[i].name)) > return (&icmp_type[i]); > } > } else { > - for (i=0; i < (sizeof (icmp6_type) / > - sizeof(icmp6_type[0])); i++) { > + for (i = 0; i < nitems(icmp6_type); i++) { > if (!strcmp(w, icmp6_type[i].name)) > return (&icmp6_type[i]); > } > @@ -266,18 +266,16 @@ geticmptypebyname(char *w, sa_family_t a > const struct icmpcodeent * > geticmpcodebynumber(u_int8_t type, u_int8_t code, sa_family_t af) > { > - unsigned inti; > + size_t i; > > if (af != AF_INET6) { > - for (i=0; i < (sizeof (icmp_code) / sizeof(icmp_code[0])); > - i++) { > + for (i = 0; i < nitems(icmp_code); i++) { > if (type == icmp_code[i].type && > code == icmp_code[i].code) > return (&icmp_code[i]); > } > } else { > - for (i=0; i < (sizeof (icmp6_code) / > - sizeof(icmp6_code[0])); i++) { > + for (i = 0; i < nitems(icmp6_code); i++) { > if (type == icmp6_code[i].type && > code == icmp6_code[i].code) > return (&icmp6_code[i]); > @@ -289,18 +287,16 @@ geticmpcodebynumber(u_int8_t type, u_int > const struct icmpcodeent * > geticmpcodebyname(u_long type, char *w, sa_family_t af) > { > - unsigned inti; > + size_t i; > > if (af != AF_INET6) { > - for (i=0; i < (sizeof (icmp_code) / sizeof(icmp_code[0])); > - i++) { > + for (i = 0; i < nitems(icmp_code); i++) { > if (type == icmp_code[i].type && > !strcmp(w, icmp_code[i].name)) > return (&icmp_code[i]); > } > } else { > - for (i=0; i < (sizeof (icmp6_code) / > - sizeof(icmp6_code[0])); i++) { > + for (i = 0; i < nitems(icmp6_code); i++) { > if (type == icmp6_code[i].type && > !strcmp(w, icmp6_code[i].name)) > return (&icmp6_code[i]); > Index: usr.sbin/bgpd/parse.y > === > RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v > retrieving revision 1.447 > diff -u -p -r1.447 parse.y > --- usr.sbin/bgpd/parse.y 18 Apr 2023 12:11:27 - 1.447 > +++ usr.sbin/bgpd/parse.y 18 Apr 2023 12:37:
bnxt(4): reverse bus_space_unmap(9) order
Hello, It looks to me that unmap_1 and unmap_2 in bnxt_attach() are reversed. When pci_mapreg_map() is called for sc_db_* and fails we unmap sc_db_* when we should unmap previous pci_mapreg_map() call for sc_hwrm_*. Index: if_bnxt.c === RCS file: /cvs/src/sys/dev/pci/if_bnxt.c,v retrieving revision 1.37 diff -u -p -r1.37 if_bnxt.c --- if_bnxt.c 27 Jun 2022 10:02:20 - 1.37 +++ if_bnxt.c 18 Mar 2023 14:01:59 - @@ -725,11 +725,11 @@ deintr: free_resp: bnxt_dmamem_free(sc, sc->sc_cmd_resp); unmap_2: - bus_space_unmap(sc->sc_hwrm_t, sc->sc_hwrm_h, sc->sc_hwrm_s); - sc->sc_hwrm_s = 0; -unmap_1: bus_space_unmap(sc->sc_db_t, sc->sc_db_h, sc->sc_db_s); sc->sc_db_s = 0; +unmap_1: + bus_space_unmap(sc->sc_hwrm_t, sc->sc_hwrm_h, sc->sc_hwrm_s); + sc->sc_hwrm_s = 0; } void
Re: Fix description in OPENBSD-PF-MIB
Le Wed, Oct 19, 2022 at 08:36:46AM +0200, Martijn van Duren a écrit : > As pointed out by Alec on misc@, there's a discrepancy between the > name and description of several objects inside the pfIfTable. > > Looks like a simple copy-paste error. > > OK? > OK denis@ > martijn@ > > Index: OPENBSD-PF-MIB.txt > === > RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v > retrieving revision 1.7 > diff -u -p -r1.7 OPENBSD-PF-MIB.txt > --- OPENBSD-PF-MIB.txt23 Mar 2021 19:37:51 - 1.7 > +++ OPENBSD-PF-MIB.txt19 Oct 2022 06:36:22 - > @@ -36,7 +36,7 @@ IMPORTS > FROM SNMPv2-CONF; > > pfMIBObjects MODULE-IDENTITY > -LAST-UPDATED "202103231933Z" > +LAST-UPDATED "202210190830Z" > ORGANIZATION "OpenBSD" > CONTACT-INFO " >Author: Joel Knight > @@ -46,6 +46,8 @@ pfMIBObjects MODULE-IDENTITY > DESCRIPTION "The MIB module for gathering information from > OpenBSD's packet filter. > " > +REVISION "202210190830Z" > +DESCRIPTION "Fix description of several objects from bytes to the > obviously intended packets" > REVISION "202103231933Z" > DESCRIPTION "Use DisplayString/SnmpAdminString not OCTET STRING where > appropriate" > REVISION "201506091728Z" > @@ -794,7 +796,7 @@ pfIfOut4PassPkts OBJECT-TYPE > MAX-ACCESS read-only > STATUS current > DESCRIPTION > - "The number of IPv4 bytes passed out." > + "The number of IPv4 packets passed out." > ::= { pfIfEntry 10 } > > pfIfOut4PassBytes OBJECT-TYPE > @@ -810,7 +812,7 @@ pfIfOut4BlockPkts OBJECT-TYPE > MAX-ACCESS read-only > STATUS current > DESCRIPTION > - "The number of outgoing IPv4 bytes blocked." > + "The number of outgoing IPv4 packets blocked." > ::= { pfIfEntry 12 } > > pfIfOut4BlockBytes OBJECT-TYPE > @@ -858,7 +860,7 @@ pfIfOut6PassPkts OBJECT-TYPE > MAX-ACCESS read-only > STATUS current > DESCRIPTION > - "The number of IPv6 bytes passed out." > + "The number of IPv6 packets passed out." > ::= { pfIfEntry 18 } > > pfIfOut6PassBytes OBJECT-TYPE > @@ -874,7 +876,7 @@ pfIfOut6BlockPkts OBJECT-TYPE > MAX-ACCESS read-only > STATUS current > DESCRIPTION > - "The number of outgoing IPv6 bytes blocked." > + "The number of outgoing IPv6 packets blocked." > ::= { pfIfEntry 20 } > > pfIfOut6BlockBytes OBJECT-TYPE >
Re: bgpctl openmetric/prometheus output
Le Mon, Oct 17, 2022 at 01:02:01PM +0200, Claudio Jeker a écrit : > > Also I'm not sure if bgpd_peer_up_seconds and bgpd_peer_down_seconds are > sensible metrics. Having metric depend on some state seems like a bad idea. > I agree. My current tool presents only one metric for uptime and I get an alert when delta(peerTime) < 0.
Re: bgpctl openmetric/prometheus output
Le Mon, Oct 17, 2022 at 11:49:31AM +0200, Claudio Jeker a écrit : > On Wed, Oct 12, 2022 at 12:12:25PM +0200, Theo Buehler wrote: > > On Fri, Oct 07, 2022 at 12:37:10PM +0200, Claudio Jeker wrote: > > > > +void > > > +ometric_set_state(struct ometric *om, const char *state, struct olabels > > > *ol) > > > +{ > > > + struct olabels *extra; > > > + size_t i; > > > + int val; > > > + > > > + if (om->type != OMT_STATESET) > > > + errx(1, "%s incorrect ometric type", __func__); > > > + > > > + for (i = 0; i < om->setsize; i++) { > > > + if (strcasecmp(state, om->stateset[i]) == 0) > > > + val = 1; > > > + else > > > + val = 0; > > > > could simplify this to > > > > val = strcasecmp(state, om->stateset[i]) == 0; > > > > but I'm not sure if this is more readable > > Not sure either. I prefer the explicit version. So I left the code as is. > I agree, let the code be easy to read. The compiler will optimise accordingly. BTW, thank you for working on this Claudio.
Re: bgpd silence "connection from non-peer" unless verbose
Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit : > I noticed that the "connection from non-peer" message can fill the log and > be so chatty that it is hard to see the other messages. The system I see > this on is a bit special since it gets hammered by incorrectly configured > systems. Maybe other people find this message helpful. If so please > speak up now because I think the message does not add much info and should > be skipped unless verbose logging is used. > I agree with this change (I also have a log full of this message). > -- > :wq Claudio > > Index: logmsg.c > === > RCS file: /cvs/src/usr.sbin/bgpd/logmsg.c,v > retrieving revision 1.8 > diff -u -p -r1.8 logmsg.c > --- logmsg.c 28 Jul 2022 13:11:48 - 1.8 > +++ logmsg.c 23 Aug 2022 14:38:42 - > @@ -213,11 +213,11 @@ void > log_conn_attempt(const struct peer *peer, struct sockaddr *sa, socklen_t len) > { > char*p; > - const char *b; > > if (peer == NULL) { /* connection from non-peer, drop */ > - b = log_sockaddr(sa, len); > - logit(LOG_INFO, "connection from non-peer %s refused", b); > + if (log_getverbose()) > + logit(LOG_INFO, "connection from non-peer %s refused", > + log_sockaddr(sa, len)); > } else { > /* only log if there is a chance that the session may come up */ > if (peer->conf.down && peer->state == STATE_IDLE) >
Re: amd64 serial console changes, part 2
Le Wed, Jul 06, 2022 at 10:45:39PM +0200, Mark Kettenis a écrit : > Now that the kernel supports the extended BOOTARG_CONSDEV struct and > snaps with that change are out there, here is the diff that changes > the amd64 bootloaders to switch to the extended struct and provide the > parameters necessary for using the non-standard UART on the AMD Ryzen > Embedded V1000 SoCs. > > It would be good if someone can confirm this works on something like > an APU. > I don't have any other EFI appliance to test but it reads fine, applies and builds OK. Anyway, I could not make it work on the AMD Ryzen Embedded V1000. I might be missing a step here. I built a kernel with the diff applied, built the ramdrive and tried to boot it but it still reboots when in ELFNAME(). > ok? > > > Index: stand/boot/conf.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/boot/conf.c,v > retrieving revision 1.53 > diff -u -p -r1.53 conf.c > --- stand/boot/conf.c 9 Dec 2020 18:10:17 - 1.53 > +++ stand/boot/conf.c 6 Jul 2022 20:02:13 - > @@ -41,7 +41,7 @@ > #include > #include > > -const char version[] = "3.53"; > +const char version[] = "3.54"; > int debug = 1; > > > Index: stand/cdboot/conf.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/cdboot/conf.c,v > retrieving revision 1.47 > diff -u -p -r1.47 conf.c > --- stand/cdboot/conf.c 9 Dec 2020 18:10:18 - 1.47 > +++ stand/cdboot/conf.c 6 Jul 2022 20:02:13 - > @@ -42,7 +42,7 @@ > #include > #include > > -const char version[] = "3.53"; > +const char version[] = "3.54"; > int debug = 1; > > > Index: stand/efiboot/conf.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/conf.c,v > retrieving revision 1.37 > diff -u -p -r1.37 conf.c > --- stand/efiboot/conf.c 20 Jun 2022 02:22:05 - 1.37 > +++ stand/efiboot/conf.c 6 Jul 2022 20:02:13 - > @@ -40,7 +40,7 @@ > #include "efidev.h" > #include "efipxe.h" > > -const char version[] = "3.60"; > +const char version[] = "3.61"; > > #ifdef EFI_DEBUG > int debug = 0; > Index: stand/efiboot/efiboot.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efiboot.c,v > retrieving revision 1.39 > diff -u -p -r1.39 efiboot.c > --- stand/efiboot/efiboot.c 20 Jun 2022 02:22:05 - 1.39 > +++ stand/efiboot/efiboot.c 6 Jul 2022 20:02:13 - > @@ -938,6 +938,70 @@ efi_makebootargs(void) > addbootarg(BOOTARG_EFIINFO, sizeof(bios_efiinfo), &bios_efiinfo); > } > > +/* Vendor device path used to indicate the mmio UART on AMD SoCs. */ > +#define AMDSOC_DEVPATH \ > + { 0xe76fd4e9, 0x0a30, 0x4ca9, \ > + { 0x95, 0x40, 0xd7, 0x99, 0x53, 0x4c, 0xc4, 0xff } } > + > +void > +efi_setconsdev(void) > +{ > + bios_consdev_t cd; > + EFI_STATUS status; > + UINT8 data[128]; > + UINTN size = sizeof(data); > + EFI_DEVICE_PATH *dp = (void *)data; > + VENDOR_DEVICE_PATH *vdp; > + UART_DEVICE_PATH *udp; > + EFI_GUID global = EFI_GLOBAL_VARIABLE; > + EFI_GUID amdsoc = AMDSOC_DEVPATH; > + > + memset(&cd, 0, sizeof(cd)); > + cd.consdev = cn_tab->cn_dev; > + cd.conspeed = com_speed; > + cd.consaddr = com_addr; > + > + /* > + * If the ConOut variable indicates we're using a serial > + * console, use it to determine the baud rate. > + */ > + status = RS->GetVariable(L"ConOut", &global, NULL, &size, &data); > + if (status == EFI_SUCCESS) { > + for (dp = (void *)data; !IsDevicePathEnd(dp); > + dp = NextDevicePathNode(dp)) { > + /* > + * AMD Ryzen Embedded V1000 SoCs integrate a > + * Synopsys DesignWare UART that is not > + * compatible with the traditional 8250 UART > + * found on the IBM PC. Pass the magic > + * parameters to the kernel to make this UART > + * work. > + */ > + if (DevicePathType(dp) == HARDWARE_DEVICE_PATH && > + DevicePathSubType(dp) == HW_VENDOR_DP) { > + vdp = (VENDOR_DEVICE_PATH *)dp; > + if (efi_guidcmp(&vdp->Guid, &amdsoc) == 0) { > + cd.consdev = makedev(8, 4); > + cd.consaddr = *(uint64_t *)(vdp + 1); > + cd.consfreq = 4800; > + cd.flags = BCD_MMIO; > + cd.reg_width = 4; > + cd.reg_shift = 2; > + } > + } > + > + if (DevicePathT
Re: vxlan(4) in endpoint mode
Le Mon, May 02, 2022 at 01:40:37PM +0100, Jason McIntyre a écrit : > On Mon, May 02, 2022 at 11:48:49AM +0200, Denis Fondras wrote: > > Le Mon, Apr 04, 2022 at 01:02:53PM +0200, Denis Fondras a ?crit : > > > Le Mon, Apr 04, 2022 at 08:23:35PM +1000, David Gwynne a ?crit : > > > > > > > > > > > > > On 3 Apr 2022, at 21:46, Denis Fondras wrote: > > > > > > > > > > Hi, > > > > > > > > > > In vxlan(4) manual, we have : > > > > > > > > > > endpoint mode > > > > > When configured without a tunnel destination address, vxlan > > > > > operates as > > > > > a bridge, but with learning disabled. > > > > > > > > > > > > > > > The question is : is it possible to set tunnel source address without > > > > > a > > > > > destination ? > > > > > > > > ifconfig vxlan0 tunneladdr 10.20.30.1 > > > > > > > > that should work. > > > > > > Thank you David. I will prepare a patch to the manual :) > > > > Here is a tentative to document the tunneladdr option. > > > > these options are sorted manually, so you want tunneladdr before > tunnelttl. > Thank you Jason. Here is an updated diff. Index: ifconfig.8 === RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.381 diff -u -p -r1.381 ifconfig.8 --- ifconfig.8 29 Dec 2021 21:41:28 - 1.381 +++ ifconfig.8 2 May 2022 15:30:35 - @@ -1806,6 +1806,7 @@ for a complete list of the available pro .Op Oo Fl Oc Ns Cm keepalive Ar period count .Op Cm rxprio Ar prio .Op Oo Fl Oc Ns Cm tunnel Ar src_address dest_address +.Op Cm tunneladdr Ar src_address .Op Oo Fl Oc Ns Cm tunneldf .Op Oo Fl Oc Ns Cm tunneldomain Ar rtable .Op Cm tunnelttl Ar ttl @@ -1864,8 +1865,20 @@ Both addresses must be of the same famil The optional destination port can be specified for interfaces such as .Xr vxlan 4 , which further encapsulate the packets in UDP datagrams. +This directive is incompatible with +.Cm tunneladdr . .It Cm -tunnel Remove the source and destination tunnel addresses. +.It Cm tunneladdr Ar src_address +Set the outer IP address of the tunnel. +This is useful for point-to-multipoint tunnels where peers are in different +subnets like +.Xr vxlan 4 +endpoint mode or +.Xr mgre 4 . +It is incompatible with the +.Cm tunnel +directive. .It Cm tunneldf Do not allow fragmentation of encapsulated packets. .It Cm -tunneldf
Re: vxlan(4) in endpoint mode
Le Mon, Apr 04, 2022 at 01:02:53PM +0200, Denis Fondras a écrit : > Le Mon, Apr 04, 2022 at 08:23:35PM +1000, David Gwynne a écrit : > > > > > > > On 3 Apr 2022, at 21:46, Denis Fondras wrote: > > > > > > Hi, > > > > > > In vxlan(4) manual, we have : > > > > > > endpoint mode > > > When configured without a tunnel destination address, vxlan operates as > > > a bridge, but with learning disabled. > > > > > > > > > The question is : is it possible to set tunnel source address without a > > > destination ? > > > > ifconfig vxlan0 tunneladdr 10.20.30.1 > > > > that should work. > > Thank you David. I will prepare a patch to the manual :) Here is a tentative to document the tunneladdr option. Index: ifconfig.8 === RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.381 diff -u -p -r1.381 ifconfig.8 --- ifconfig.8 29 Dec 2021 21:41:28 - 1.381 +++ ifconfig.8 2 May 2022 09:46:10 - @@ -1809,6 +1809,7 @@ for a complete list of the available pro .Op Oo Fl Oc Ns Cm tunneldf .Op Oo Fl Oc Ns Cm tunneldomain Ar rtable .Op Cm tunnelttl Ar ttl +.Op Cm tunneladdr Ar src_address .Op Cm txprio Ar prio .Op Oo Fl Oc Ns Cm vnetflowid .Op Oo Fl Oc Ns Cm vnetid Ar network-id @@ -1864,6 +1865,8 @@ Both addresses must be of the same famil The optional destination port can be specified for interfaces such as .Xr vxlan 4 , which further encapsulate the packets in UDP datagrams. +This directive is incompatible with +.Cm tunneladdr . .It Cm -tunnel Remove the source and destination tunnel addresses. .It Cm tunneldf @@ -1888,6 +1891,16 @@ the value can also be set to .Ar copy to have the TTL copied between the encapsulated protocol headers and the tunnel protocol headers. +.It Cm tunneladdr Ar src_address +Set the outer IP address of the tunnel. +This is useful for point-to-multipoint tunnels where peers are in different +subnets like +.Xr vxlan 4 +endpoint mode or +.Xr mgre 4 . +It is incompatible with the +.Cm tunnel +directive. .It Cm txprio Ar prio Configure the value used for the priority field in the tunnel protocol headers.
remove unused definition in if_vxlan.c
VXLANMTU appears nowhere else in the codebase. OK to remove it ? Index: if_vxlan.c === RCS file: /cvs/src/sys/net/if_vxlan.c,v retrieving revision 1.90 diff -u -p -r1.90 if_vxlan.c --- if_vxlan.c 26 Feb 2022 04:46:34 - 1.90 +++ if_vxlan.c 2 Apr 2022 15:17:49 - @@ -67,8 +67,6 @@ /* * The protocol. */ - -#define VXLANMTU 1492 #define VXLAN_PORT 4789 struct vxlan_header {
Re: if_get NULL race arp, nd6, igmp
Le Tue, Mar 22, 2022 at 02:57:31PM +0100, Alexander Bluhm a écrit : > anyone? > It looks OK denis@ > On Fri, Mar 04, 2022 at 12:09:03PM +0100, Alexander Bluhm wrote: > > Hi, > > > > syzkaller has found this race in arp. > > > > https://syzkaller.appspot.com/bug?id=e3dc94533ddee95b6d69c2e7049360022f4190d3 > > > > The assumption of the code is that either the arp entry or the > > interface is removed. > > > > But in if_detach() if_remove() is called without net lock and all > > arp entries are removed later in in_ifdetach() -> in_purgeaddr() > > -> rt_ifa_purge() -> rtdeletemsg(). > > > > When the arp timeout fires while if_detach() is between if_remove() > > and NET_LOCK() then arptfree() has do deal with partially destroyed > > interfaces. We can skip rtdeletemsg() as if_detach() will take > > care of it. > > > > > > While syzkaller has not found it, nd6 has to deal with the same > > problem. Make nd6_free() simmilar to arptfree(). > > > > > > This crash may have the same source of problem. > > > > https://syzkaller.appspot.com/bug?id=9649f7319437a49298a38572b83f38f0b7d37fbe > > > > if_detach() does if_remove(ifp); NET_LOCK(); rti_delete(). So new > > igmp groups may appear during interface destruction. igmp_joingroup() > > does not call rti_fill() as if_get() fails. Then inm->inm_rti may > > be NULL. This is the condition when syzkaller crashes in > > igmp_leavegroup(). > > > > When we pass the ifp this CPU is already holding, we avoid half > > constructed igmp groups. Calling if_get() multiple times in caller > > and callee makes no sense anyway. > > > > ok? partial ok for one of the fixes also welcome. > > > > bluhm > > > > > > Index: netinet/if_ether.c > > === > > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/if_ether.c,v > > retrieving revision 1.248 > > diff -u -p -r1.248 if_ether.c > > --- netinet/if_ether.c 28 Apr 2021 21:21:44 - 1.248 > > +++ netinet/if_ether.c 3 Mar 2022 23:31:55 - > > @@ -722,7 +722,9 @@ arptfree(struct rtentry *rt) > > arpinvalidate(rt); > > > > ifp = if_get(rt->rt_ifidx); > > - KASSERT(ifp != NULL); > > + if (ifp == NULL) > > + return; > > + > > if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) > > rtdeletemsg(rt, ifp, ifp->if_rdomain); > > if_put(ifp); > > Index: netinet/igmp.c > > === > > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/igmp.c,v > > retrieving revision 1.77 > > diff -u -p -r1.77 igmp.c > > --- netinet/igmp.c 15 Dec 2021 15:58:01 - 1.77 > > +++ netinet/igmp.c 3 Mar 2022 23:58:32 - > > @@ -483,17 +483,14 @@ igmp_input_if(struct ifnet *ifp, struct > > } > > > > void > > -igmp_joingroup(struct in_multi *inm) > > +igmp_joingroup(struct in_multi *inm, struct ifnet *ifp) > > { > > - struct ifnet* ifp; > > int i; > > > > - ifp = if_get(inm->inm_ifidx); > > - > > inm->inm_state = IGMP_IDLE_MEMBER; > > > > if (!IN_LOCAL_GROUP(inm->inm_addr.s_addr) && > > - ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) { > > + (ifp->if_flags & IFF_LOOPBACK) == 0) { > > i = rti_fill(inm); > > igmp_sendpkt(ifp, inm, i, 0); > > inm->inm_state = IGMP_DELAYING_MEMBER; > > @@ -502,22 +499,16 @@ igmp_joingroup(struct in_multi *inm) > > igmp_timers_are_running = 1; > > } else > > inm->inm_timer = 0; > > - > > - if_put(ifp); > > } > > > > void > > -igmp_leavegroup(struct in_multi *inm) > > +igmp_leavegroup(struct in_multi *inm, struct ifnet *ifp) > > { > > - struct ifnet* ifp; > > - > > - ifp = if_get(inm->inm_ifidx); > > - > > switch (inm->inm_state) { > > case IGMP_DELAYING_MEMBER: > > case IGMP_IDLE_MEMBER: > > if (!IN_LOCAL_GROUP(inm->inm_addr.s_addr) && > > - ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) > > + (ifp->if_flags & IFF_LOOPBACK) == 0) > > if (inm->inm_rti->rti_type != IGMP_v1_ROUTER) > > igmp_sendpkt(ifp, inm, > > IGMP_HOST_LEAVE_MESSAGE, > > @@ -528,7 +519,6 @@ igmp_leavegroup(struct in_multi *inm) > > case IGMP_SLEEPING_MEMBER: > > break; > > } > > - if_put(ifp); > > } > > > > void > > Index: netinet/igmp_var.h > > === > > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/igmp_var.h,v > > retrieving revision 1.14 > > diff -u -p -r1.14 igmp_var.h > > --- netinet/igmp_var.h 17 Aug 2020 16:25:34 - 1.14 > > +++ netinet/igmp_var.h 4 Mar 2022 00:02:45 - > > @@ -107,8 +107,8 @@ igmpstat_inc(enum igmpstat_counters c) > > > > void igmp_init(void); > > intigmp_input(struct mbuf **, int *, int, int); > > -void igmp_joingroup(struct in_multi *); > > -void igmp_leavegroup(
document route sourceaddr limits with raw sockets
This is a recurring complaint so better document it. Denis Index: route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.102 diff -u -p -r1.102 route.8 --- route.8 26 Oct 2021 15:48:25 - 1.102 +++ route.8 17 Mar 2022 22:42:37 - @@ -262,6 +262,9 @@ destination is on-link .It source address is assigned to a disabled interface .El +.Pp +Note that the preferred source address is not set when raw +sockets are used. .El .Pp .Tg destination
Re: bgpd mark EoR prefix with a flag field
Le Tue, Mar 15, 2022 at 04:03:20PM +0100, Claudio Jeker a écrit : > Currently EoR markers use a full byte in struct prefix what can be done in > a bit. Use the last flags field so that that 1 byte is available again. > I already have a need for that byte this is why I came up with this > change. > OK denis@ > -- > :wq Claudio > > ? obj > Index: rde.h > === > RCS file: /cvs/src/usr.sbin/bgpd/rde.h,v > retrieving revision 1.247 > diff -u -p -r1.247 rde.h > --- rde.h 2 Mar 2022 16:51:43 - 1.247 > +++ rde.h 15 Mar 2022 14:59:27 - > @@ -333,7 +333,7 @@ struct prefix { > uint32_t path_id_tx; > uint8_t validation_state; > uint8_t nhflags; > - uint8_t eor; > + uint8_t unused; > uint8_t flags; > #define PREFIX_FLAG_WITHDRAW0x01/* enqueued on withdraw queue */ > #define PREFIX_FLAG_UPDATE 0x02/* enqueued on update queue */ > @@ -341,6 +341,7 @@ struct prefix { > #define PREFIX_FLAG_STALE 0x08/* stale entry (graceful > reload) */ > #define PREFIX_FLAG_MASK0x0f/* mask for the prefix types */ > #define PREFIX_FLAG_ADJOUT 0x10/* prefix is in the adj-out rib > */ > +#define PREFIX_FLAG_EOR 0x20/* prefix is EoR */ > #define PREFIX_NEXTHOP_LINKED 0x40/* prefix is linked onto > nexthop list */ > #define PREFIX_FLAG_LOCKED 0x80/* locked by rib walker */ > }; > Index: rde_rib.c > === > RCS file: /cvs/src/usr.sbin/bgpd/rde_rib.c,v > retrieving revision 1.233 > diff -u -p -r1.233 rde_rib.c > --- rde_rib.c 15 Mar 2022 14:39:34 - 1.233 > +++ rde_rib.c 15 Mar 2022 14:59:28 - > @@ -875,10 +875,10 @@ prefix_index_cmp(struct prefix *a, struc > static inline int > prefix_cmp(struct prefix *a, struct prefix *b) > { > - if (a->eor != b->eor) > - return a->eor - b->eor; > - /* if EOR marker no need to check the rest also a->eor == b->eor */ > - if (a->eor) > + if ((a->flags & PREFIX_FLAG_EOR) != (b->flags & PREFIX_FLAG_EOR)) > + return (a->flags & PREFIX_FLAG_EOR) ? 1 : -1; > + /* if EOR marker no need to check the rest */ > + if (a->flags & PREFIX_FLAG_EOR) > return 0; > > if (a->aspath != b->aspath) > @@ -1152,8 +1152,7 @@ prefix_add_eor(struct rde_peer *peer, ui > struct prefix *p; > > p = prefix_alloc(); > - p->flags = PREFIX_FLAG_ADJOUT | PREFIX_FLAG_UPDATE; > - p->eor = 1; > + p->flags = PREFIX_FLAG_ADJOUT | PREFIX_FLAG_UPDATE | PREFIX_FLAG_EOR; > if (RB_INSERT(prefix_tree, &peer->updates[aid], p) != NULL) > /* no need to add if EoR marker already present */ > prefix_free(p); > @@ -1290,7 +1289,7 @@ prefix_adjout_destroy(struct prefix *p) > if ((p->flags & PREFIX_FLAG_ADJOUT) == 0) > fatalx("%s: prefix without PREFIX_FLAG_ADJOUT hit", __func__); > > - if (p->eor) { > + if (p->flags & PREFIX_FLAG_EOR) { > /* EOR marker is not linked in the index */ > prefix_free(p); > return; > Index: rde_update.c > === > RCS file: /cvs/src/usr.sbin/bgpd/rde_update.c,v > retrieving revision 1.136 > diff -u -p -r1.136 rde_update.c > --- rde_update.c 2 Mar 2022 16:51:43 - 1.136 > +++ rde_update.c 15 Mar 2022 14:59:28 - > @@ -586,7 +586,7 @@ up_is_eor(struct rde_peer *peer, uint8_t > struct prefix *p; > > p = RB_MIN(prefix_tree, &peer->updates[aid]); > - if (p != NULL && p->eor) { > + if (p != NULL && (p->flags & PREFIX_FLAG_EOR)) { > /* >* Need to remove eor from update tree because >* prefix_adjout_destroy() can't handle that. > @@ -635,7 +635,7 @@ up_dump_prefix(u_char *buf, int len, str > np->communities != p->communities || > np->nexthop != p->nexthop || > np->nhflags != p->nhflags || > - np->eor) > + (np->flags & PREFIX_FLAG_EOR)) > done = 1; > > >
Re: usr.sbin/ospf6d: fix -Wunused-but-set-variable warnings
Le Mon, Jan 17, 2022 at 02:25:27PM +, Stuart Henderson a écrit : > On 2022/01/17 14:54, Christian Weisgerber wrote: > > usr.sbin/ospf6d: fix -Wunused-but-set-variable warnings > > > > merge_config() sets "rchange", but doesn't use it. Comparing the > > code to osfpd/ospfd.c makes me think that's an omission. Either > > way it seems odd that the two code bases differ here. > > This is probably something to do with reload being disabled in ospf6d. > It indeed is. OK denis@
bgpd and interface destroy
Hi When static routes are redistributed with bgpd(8), they are not removed when the interface used by the static is destroyed. When an interface is destroyed the routes using this interface are flagged with RTP_DOWN, this means kroute(6)_find() is not able to find them (inserted with RTP_STATIC and searched with RTP_STATIC|RTP_DOWN on removal) Here is a diff to remove the RTP_DOWN flag before searching. Thoughts ? Denis Index: kroute.c === RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v retrieving revision 1.241 diff -u -p -r1.241 kroute.c --- kroute.c18 Jan 2021 12:15:36 - 1.241 +++ kroute.c2 Jan 2022 13:52:53 - @@ -1799,6 +1799,8 @@ kroute_find(struct ktable *kt, in_addr_t s.r.prefix.s_addr = prefix; s.r.prefixlen = prefixlen; s.r.priority = prio; + /* RTP_DOWN prevents route to be found */ + s.r.priority &= ~RTP_DOWN; kn = RB_FIND(kroute_tree, &kt->krt, &s); if (kn && prio == RTP_ANY) { @@ -1949,6 +1951,8 @@ kroute6_find(struct ktable *kt, const st memcpy(&s.r.prefix, prefix, sizeof(struct in6_addr)); s.r.prefixlen = prefixlen; s.r.priority = prio; + /* RTP_DOWN prevents route to be found */ + s.r.priority &= ~RTP_DOWN; kn6 = RB_FIND(kroute6_tree, &kt->krt6, &s); if (kn6 && prio == RTP_ANY) {
Re: slaacd(8): router lifetime zero vs. prefixes
Le Sat, Jan 01, 2022 at 11:38:14AM +0100, Florian Obser a écrit : > ping > On 2021-12-27 17:01 +01, Florian Obser wrote: > > Prefix life time is independent from router life time. > > Form an IPv6 address even if the router announcing the prefix isn't a > > default router. > > Problem reported by mgraves AT brainfat.net on misc > > > > OK? It feels counter intuitive to have a *router* advertisement without a router. Otherwise OK denis@
Re: fix ping(8) and traceroute(8) source selection
Le Sat, Dec 18, 2021 at 10:02:32AM +0100, Florian Obser a écrit : > On 2021-12-17 22:12 +01, Denis Fondras wrote: > > Here is an attempt to fix ping(8) and traceroute(8) source selection. > > > > Currently these tools do not obey route sourceaddr set by the operator. This > > leads to frustration at best and erroneous diagnosis at worse on multi-homed > > systems. > > I did not closely follow route(8)'s sourceaddr feature. Is this only an > issue with IPv4 or would ping6 / traceroute6 need a similar fix (which > is going to be difficult). > IPv6 is immune because it is the responsability of the caller to set a valid source address (unless it is DAD packet).
fix ping(8) and traceroute(8) source selection
Here is an attempt to fix ping(8) and traceroute(8) source selection. Currently these tools do not obey route sourceaddr set by the operator. This leads to frustration at best and erroneous diagnosis at worse on multi-homed systems. The "real" fix would be to rework source selection in the kernel stack but this is a huge work which not happen overnight nor in the coming days. In the mean time, I propose the following diff. I removed -R (route recording) in ping(8) because it is not compatible with sending a full IP header to the rip_output(). It should not impact anyone as RR is most of the time ignored by routers. Denis Index: sbin/ping/ping.c === RCS file: /cvs/src/sbin/ping/ping.c,v retrieving revision 1.245 diff -u -p -r1.245 ping.c --- sbin/ping/ping.c12 Jul 2021 15:09:19 - 1.245 +++ sbin/ping/ping.c17 Dec 2021 20:27:31 - @@ -143,16 +143,14 @@ int options; #defineF_HOSTNAME 0x0004 #defineF_PINGFILLED0x0008 #defineF_QUIET 0x0010 -#defineF_RROUTE0x0020 -#defineF_SO_DEBUG 0x0040 -#defineF_SHOWCHAR 0x0080 -#defineF_VERBOSE 0x0100 +#defineF_SO_DEBUG 0x0020 +#defineF_SHOWCHAR 0x0040 +#defineF_VERBOSE 0x0080 /* 0x0200 */ -#defineF_HDRINCL 0x0400 -#defineF_TTL 0x0800 -#defineF_TOS 0x1000 -#defineF_AUD_RECV 0x2000 -#defineF_AUD_MISS 0x4000 +#defineF_TTL 0x0100 +#defineF_TOS 0x0200 +#defineF_AUD_RECV 0x0400 +#defineF_AUD_MISS 0x0800 /* multicast options */ int moptions; @@ -256,7 +254,6 @@ main(int argc, char *argv[]) u_char *datap, *packet; u_char ttl = MAXTTL; char *e, *target, hbuf[NI_MAXHOST], *source = NULL; - char rspace[3 + 4 * NROUTES + 1]; /* record route space */ const char *errstr; double fraction, integral, seconds; uid_t ouid, uid; @@ -308,7 +305,6 @@ main(int argc, char *argv[]) errstr, optarg); break; case 'D': - options |= F_HDRINCL; df = 1; break; case 'd': @@ -383,7 +379,7 @@ main(int argc, char *argv[]) options |= F_QUIET; break; case 'R': - options |= F_RROUTE; + printf("-R option is not supported anymore\n"); break; case 's': /* size of packet to send */ datalen = strtonum(optarg, 0, maxpayload, &errstr); @@ -393,7 +389,6 @@ main(int argc, char *argv[]) break; #ifndef SMALL case 'T': - options |= F_HDRINCL; options |= F_TOS; errno = 0; errstr = NULL; @@ -509,7 +504,7 @@ main(int argc, char *argv[]) if (bind(s, from, from->sa_len) == -1) err(1, "bind"); } - } else if (options & F_VERBOSE) { + } else { /* * get the source address. XXX since we revoked the root * privilege, we cannot use a raw socket for this. @@ -711,51 +706,26 @@ main(int argc, char *argv[]) err(1, "setsockopt(IPV6_RECVHOPLIMIT)"); } else { u_char loop = 0; + struct ip *ip = (struct ip *)outpackhdr; if (options & F_TTL) { if (IN_MULTICAST(ntohl(dst4.sin_addr.s_addr))) moptions |= MULTICAST_TTL; - else - options |= F_HDRINCL; } - if ((options & F_RROUTE) && (options & F_HDRINCL)) - errx(1, "-R option and -D or -T, or -t to unicast" - " destinations are incompatible"); - - if (options & F_HDRINCL) { - struct ip *ip = (struct ip *)outpackhdr; - - if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, - &optval, sizeof(optval)) == -1) - err(1, "setsockopt(IP_HDRINCL)"); - ip->ip_v = IPVERSION; - ip->ip_hl = sizeof(struct ip) >> 2; - ip->ip_tos = tos; - ip->ip_id = 0; - ip->ip_off = htons(df ? IP_DF : 0); - ip->ip_ttl = ttl; - ip->ip_p = IPPROTO_ICMP; - if (source) - ip->ip_src = from4.sin_addr; -
Raw socket should comply with selected source address
Raw sockets do not comply with route sourceaddr. Use set address if source is not set by the caller. Index: netinet/ip_output.c === RCS file: /cvs/src/sys/netinet/ip_output.c,v retrieving revision 1.377 diff -u -p -r1.377 ip_output.c --- netinet/ip_output.c 3 Dec 2021 17:18:34 - 1.377 +++ netinet/ip_output.c 16 Dec 2021 18:12:44 - @@ -110,6 +110,7 @@ ip_output(struct mbuf *m, struct mbuf *o struct route iproute; struct sockaddr_in *dst; struct tdb *tdb = NULL; + struct sockaddr *ip4_source = NULL; u_long mtu; #if NPF > 0 u_int orig_rtableid; @@ -237,8 +238,18 @@ reroute: dst = satosin(ro->ro_rt->rt_gateway); /* Set the source IP address */ - if (ip->ip_src.s_addr == INADDR_ANY && ia) - ip->ip_src = ia->ia_addr.sin_addr; + if (ip->ip_src.s_addr == INADDR_ANY && ia) { + ip4_source = rtable_getsource(ro->ro_tableid, AF_INET); + if (ip4_source != NULL) { + struct ifaddr *ifa; + if ((ifa = ifa_ifwithaddr(ip4_source, + ro->ro_tableid)) != NULL && + ISSET(ifa->ifa_ifp->if_flags, IFF_UP)) { + ip->ip_src = satosin(ip4_source)->sin_addr; + } + } else + ip->ip_src = ia->ia_addr.sin_addr; + } } #ifdef IPSEC
Re: add number of prefixed received to bgpctl -j sh
Le Sun, Dec 12, 2021 at 04:05:39PM +0100, Claudio Jeker a écrit : > I did not do this because it is not supposed to be the same as the human > ouutput. > Oh, that's fine then :)
Re: add number of prefixed received to bgpctl -j sh
Le Sun, Dec 12, 2021 at 01:43:06PM +, Stuart Henderson a écrit : > On 2021/12/12 14:13, Denis Fondras wrote: > > Number of received prefixes appear in `bgpctl sh` but not in `bgpctl -j sh`. > > > > Here is a diff to add this piece of information. > > > > OK ? > > Makes sense, but if prefix_cnt is added, max_prefix probably should be too > If order of appearance is not important, there is no need to check for state == ESTABLISHED twice. Index: output_json.c === RCS file: /cvs/src/usr.sbin/bgpctl/output_json.c,v retrieving revision 1.12 diff -u -p -r1.12 output_json.c --- output_json.c 27 Jul 2021 07:42:37 - 1.12 +++ output_json.c 12 Dec 2021 14:16:58 - @@ -311,10 +311,13 @@ json_neighbor(struct peer *p, struct par struct in_addr ina; ina.s_addr = p->remote_bgpid; json_do_printf("bgpid", "%s", inet_ntoa(ina)); + json_do_uint("received_prefixes", p->stats.prefix_cnt); } json_do_printf("state", "%s", statenames[p->state]); json_do_printf("last_updown", "%s", fmt_monotime(p->stats.last_updown)); json_do_int("last_updown_sec", get_monotime(p->stats.last_updown)); + if (p->conf.max_prefix != 0) + json_do_uint("max_prefix", p->conf.max_prefix); switch (res->action) { case SHOW:
add number of prefixed received to bgpctl -j sh
Number of received prefixes appear in `bgpctl sh` but not in `bgpctl -j sh`. Here is a diff to add this piece of information. OK ? Index: output_json.c === RCS file: /cvs/src/usr.sbin/bgpctl/output_json.c,v retrieving revision 1.12 diff -u -p -r1.12 output_json.c --- output_json.c 27 Jul 2021 07:42:37 - 1.12 +++ output_json.c 12 Dec 2021 13:10:18 - @@ -315,6 +315,8 @@ json_neighbor(struct peer *p, struct par json_do_printf("state", "%s", statenames[p->state]); json_do_printf("last_updown", "%s", fmt_monotime(p->stats.last_updown)); json_do_int("last_updown_sec", get_monotime(p->stats.last_updown)); + if (p->state == STATE_ESTABLISHED) + json_do_uint("received_prefixes", p->stats.prefix_cnt); switch (res->action) { case SHOW:
Re: rpki-client ip_addr_print cleanup
Le Tue, Nov 09, 2021 at 07:44:41PM +0100, Claudio Jeker a écrit : > ip_addr_print() can be simplified. ip4_addr2str() and ip6_addr2str() are > the same apart from the different AF argument to inet_ntop(). Just collaps > all into ip_addr_print(). > OK denis@ > -- > :wq Claudio > > Index: ip.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/ip.c,v > retrieving revision 1.19 > diff -u -p -r1.19 ip.c > --- ip.c 5 Nov 2021 10:50:41 - 1.19 > +++ ip.c 9 Nov 2021 15:16:57 - > @@ -234,41 +234,6 @@ ip_addr_parse(const ASN1_BIT_STRING *p, > } > > /* > - * Convert the IPv4 address into CIDR notation conforming to RFC 4632. > - * Buffer should be able to hold xxx.yyy.zzz.www/nn. > - */ > -static void > -ip4_addr2str(const struct ip_addr *addr, char *b, size_t bsz) > -{ > - char buf[16]; > - int ret; > - > - if (inet_ntop(AF_INET, addr->addr, buf, sizeof(buf)) == NULL) > - err(1, "inet_ntop"); > - ret = snprintf(b, bsz, "%s/%hhu", buf, addr->prefixlen); > - if (ret < 0 || (size_t)ret >= bsz) > - err(1, "malformed IPV4 address"); > -} > - > -/* > - * Convert the IPv6 address into CIDR notation conforming to RFC 4291. > - * See also RFC 5952. > - * Must hold :::::::/nn. > - */ > -static void > -ip6_addr2str(const struct ip_addr *addr, char *b, size_t bsz) > -{ > - char buf[44]; > - int ret; > - > - if (inet_ntop(AF_INET6, addr->addr, buf, sizeof(buf)) == NULL) > - err(1, "inet_ntop"); > - ret = snprintf(b, bsz, "%s/%hhu", buf, addr->prefixlen); > - if (ret < 0 || (size_t)ret >= bsz) > - err(1, "malformed IPV6 address"); > -} > - > -/* > * Convert a ip_addr into a NUL-terminated CIDR notation string > * conforming to RFC 4632 or 4291. > * The size of the buffer must be at least 64 (inclusive). > @@ -277,11 +242,17 @@ void > ip_addr_print(const struct ip_addr *addr, > enum afi afi, char *buf, size_t bufsz) > { > + char ipbuf[44]; > + int ret, af = AF_INET; > + > + if (afi == AFI_IPV6) > + af = AF_INET6; > > - if (afi == AFI_IPV4) > - ip4_addr2str(addr, buf, bufsz); > - else > - ip6_addr2str(addr, buf, bufsz); > + if (inet_ntop(af, addr->addr, ipbuf, sizeof(ipbuf)) == NULL) > + err(1, "inet_ntop"); > + ret = snprintf(buf, bufsz, "%s/%hhu", ipbuf, addr->prefixlen); > + if (ret < 0 || (size_t)ret >= bufsz) > + err(1, "malformed IP address"); > } > > /* >
xen.4: document how to inform Xen host of IP in VM
Document commands used to send VM IP to Xen host. Index: xen.4 === RCS file: /cvs/src/share/man/man4/xen.4,v retrieving revision 1.2 diff -u -p -r1.2 xen.4 --- xen.4 21 Jul 2017 18:27:32 - 1.2 +++ xen.4 21 Oct 2021 11:23:14 - @@ -51,6 +51,10 @@ hostctl data/os_name "$ostype $osrelease hostctl data/os_uname $osrelease hostctl data/os_distro $ostype +# Inform Xen of IPs bound to the VM +hostctl attr/vif/0/ipv4/0 192.0.2.1 +hostctl attr/vif/0/ipv6/0 2001:db8::1 + # Update XenStore hostctl data/updated 1 .Ed
a
While testing OpenBSD with XCP-ng (https://xcp-ng.org/), I noticed changing the virtual interface state (connecting/disconnecting) was leading to a panic. The following diff fixes the problem on my test host. (this is kind of "backported" from OpenBSD 6.1...) If you are using OpenBSD on a Xen-based hypervisor, can you try and check if this do not introduce a problem ? Thank you. Denis Index: dev/pv/xen.c === RCS file: /cvs/src/sys/dev/pv/xen.c,v retrieving revision 1.97 diff -u -p -r1.97 xen.c --- dev/pv/xen.c29 Jun 2020 06:50:52 - 1.97 +++ dev/pv/xen.c15 Oct 2021 16:30:38 - @@ -1203,7 +1205,7 @@ xen_grant_table_remove(struct xen_softc (ge->ge_table[ref].domid << 16); loop = 0; while (atomic_cas_uint(ptr, flags, GTF_invalid) != flags) { - if (loop++ > 10) { + if (loop++ > 1000) { panic("grant table reference %u is held " "by domain %d: frame %#x flags %#x", ref + ge->ge_start, ge->ge_table[ref].domid,
Update to pcap-filter.5/tcpdump.8 (was: update to tcpdump(8))
Le Sat, Sep 04, 2021 at 09:57:10PM +0100, Jason McIntyre a écrit : > the diff looks ok to me. but run any doc changes through "mandoc > -Tlint", and look at any issues your diff may have introduced. in this > case it's just trailing whitespace, but it's super helpful to check your > work. > Thank you Jason. There is still a warning in tcpdump.8. Here is a new version including changes to pcap-filter.5 and tcpdump.8 I did not change the examples though as tcpdump examples are broader than filters. Index: lib/libpcap/pcap-filter.5 === RCS file: /cvs/src/lib/libpcap/pcap-filter.5,v retrieving revision 1.9 diff -u -p -r1.9 pcap-filter.5 --- lib/libpcap/pcap-filter.5 2 Sep 2021 10:59:13 - 1.9 +++ lib/libpcap/pcap-filter.5 5 Sep 2021 13:35:41 - @@ -40,27 +40,31 @@ or .Pp The filter expression consists of one or more .Em primitives . -Primitives usually consist of an ID (name or number) +Primitives usually consist of an +.Ar id +.Pq name or number preceded by one or more qualifiers. There are three different kinds of qualifier: .Bl -tag -width "proto" -.It type -Type qualifiers say what kind of thing the ID name or number refers to. +.It Ar type +Specify which kind of address component the +.Ar id +name or number refers to. Possible types are .Cm host , -.Cm net , +.Cm net and .Cm port . -For example, +E.g., .Dq host foo , .Dq net 128.3 , -and .Dq port 20 . If there is no type qualifier, .Cm host is assumed. -.It dir -Dir qualifiers specify a particular transfer direction to and/or from an ID. +.It Ar dir +Specify a particular transfer direction to and/or from +.Ar id . Possible directions are .Cm src , .Cm dst , @@ -73,11 +77,13 @@ Possible directions are .Cm addr3 , and .Cm addr4 . -For example, -.Cm src foo , -.Cm dst net 128.3 , -.Cm src or dst port ftp-data . -If there is no dir qualifier, +E.g., +.Dq src foo , +.Dq dst net 128.3 , +.Dq src or dst port ftp-data . +If there is no +.Ar dir +qualifier, .Cm src or dst is assumed. The @@ -89,57 +95,85 @@ The and .Cm addr4 qualifiers are only valid for IEEE 802.11 Wireless LAN link layers. -For some link layers, such as SLIP and the "cooked" Linux capture mode -used for the "any" device and for some other device types, the +For null link layers (i.e., point-to-point protocols such as SLIP +.Pq Serial Line Internet Protocol +or the +.Xr pflog 4 +header), the .Cm inbound and .Cm outbound qualifiers can be used to specify a desired direction. -.It proto -Proto qualifiers restrict the match to a particular protocol. -Possible -protos are: +.It Ar proto +Restrict the match to a particular protocol. +Possible protocols are: +.Cm ah , +.Cm arp , +.Cm atalk , +.Cm decnet , +.Cm esp , .Cm ether , .Cm fddi , -.Cm tr , -.Cm wlan , +.Cm icmp , +.Cm icmp6 , +.Cm igmp , +.Cm igrp , .Cm ip , .Cm ip6 , -.Cm arp , +.Cm lat , +.Cm mopdl , +.Cm moprc , +.Cm pim , .Cm rarp , -.Cm decnet , +.Cm sca , +.Cm stp , .Cm tcp , +.Cm udp , and -.Cm udp . -For example, +.Cm wlan . +E.g., .Dq ether src foo , .Dq arp net 128.3 , .Dq tcp port 21 , and .Dq wlan addr2 0:2:3:4:5:6 . -If there is no proto qualifier, +If there is no protocol qualifier, all protocols consistent with the type are assumed. -For example, +E.g., .Dq src foo means -.Dq (ip or arp or rarp) src foo -(except the latter is not legal syntax); +.Do +.Pq ip or arp or rarp +src foo +.Dc +.Pq except the latter is not legal syntax ; .Dq net bar means -.Dq (ip or arp or rarp) net bar ; +.Do +.Pq ip or arp or rarp +net bar +.Dc ; and .Dq port 53 means -.Dq (tcp or udp) port 53 . +.Do +.Pq TCP or UDP +port 53 +.Dc . .Pp .Cm fddi is actually an alias for .Cm ether ; the parser treats them identically as meaning -"the data link level used on the specified network interface". -FDDI headers contain Ethernet-like source and destination addresses, +.Qo +the data link level used on the specified network interface +.Qc . +FDDI +.Pq Fiber Distributed Data Interface +headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, -so it's possible to filter these FDDI fields just as with the analogous Ethernet fields. +so it's possible to filter these FDDI fields just as with the analogous +Ethernet fields. FDDI headers also contain other fields, but they cannot be named explicitly in a filter expression. .Pp @@ -156,8 +190,8 @@ and the source address is the SA field; the BSSID, RA, and TA fields aren't tested. .El .Pp -In addition to the above, -there are some special primitives that don't follow the pattern: +In addition to the above, there are some special primitive +keywords that don't follow the pattern: .Cm gateway , .Cm broadcast , .Cm less , @@ -170,14 +204,18 @@ More complex filter expressions are buil .Cm or , and .Cm not -to combine primitives. -For example, -.Dq host foo and not port ftp and not port ftp-data . -To save typing, identic
Re: update to tcpdump(8)
Le Thu, Sep 02, 2021 at 08:36:06AM -0600, Theo de Raadt a écrit : > I think the following approach will work. > > 1. changes from tcpdump.8 -r1.00 to -rHEAD need merging into pcap-filter.5 > Here is a diff for this step. I have one question though. tcpdump.8 has : " tcpdump does not currently know how to parse lat, moprc, or mopdl. " while pcap-filter.5 has : " Note that not all applications using pcap_open_live(3) currently know how to parse these protocols. " Should I mention explicitely tcpdump(8) in pcap-filter.5 ? It seems implicit in the current version. Index: pcap-filter.5 === RCS file: /cvs/src/lib/libpcap/pcap-filter.5,v retrieving revision 1.9 diff -u -p -r1.9 pcap-filter.5 --- pcap-filter.5 2 Sep 2021 10:59:13 - 1.9 +++ pcap-filter.5 4 Sep 2021 17:04:36 - @@ -40,27 +40,31 @@ or .Pp The filter expression consists of one or more .Em primitives . -Primitives usually consist of an ID (name or number) +Primitives usually consist of an +.Ar id +.Pq name or number preceded by one or more qualifiers. There are three different kinds of qualifier: .Bl -tag -width "proto" -.It type -Type qualifiers say what kind of thing the ID name or number refers to. +.It Ar type +Specify which kind of address component the +.Ar id +name or number refers to. Possible types are .Cm host , -.Cm net , +.Cm net and .Cm port . -For example, +E.g., .Dq host foo , .Dq net 128.3 , -and .Dq port 20 . If there is no type qualifier, .Cm host is assumed. -.It dir -Dir qualifiers specify a particular transfer direction to and/or from an ID. +.It Ar dir +Specify a particular transfer direction to and/or from +.Ar id . Possible directions are .Cm src , .Cm dst , @@ -73,11 +77,13 @@ Possible directions are .Cm addr3 , and .Cm addr4 . -For example, -.Cm src foo , -.Cm dst net 128.3 , -.Cm src or dst port ftp-data . -If there is no dir qualifier, +E.g., +.Dq src foo , +.Dq dst net 128.3 , +.Dq src or dst port ftp-data . +If there is no +.Ar dir +qualifier, .Cm src or dst is assumed. The @@ -89,55 +95,83 @@ The and .Cm addr4 qualifiers are only valid for IEEE 802.11 Wireless LAN link layers. -For some link layers, such as SLIP and the "cooked" Linux capture mode -used for the "any" device and for some other device types, the +For null link layers (i.e., point-to-point protocols such as SLIP +.Pq Serial Line Internet Protocol +or the +.Xr pflog 4 +header), the .Cm inbound and .Cm outbound qualifiers can be used to specify a desired direction. -.It proto +.It Ar proto Proto qualifiers restrict the match to a particular protocol. Possible -protos are: +protocols are: +.Cm ah , +.Cm arp , +.Cm atalk , +.Cm decnet , +.Cm esp , .Cm ether , .Cm fddi , -.Cm tr , -.Cm wlan , +.Cm icmp , +.Cm icmp6 , +.Cm igmp , +.Cm igrp , .Cm ip , .Cm ip6 , -.Cm arp , +.Cm lat , +.Cm mopdl , +.Cm moprc , +.Cm pim , .Cm rarp , -.Cm decnet , +.Cm sca , +.Cm stp , .Cm tcp , +.Cm udp , and -.Cm udp . -For example, +.Cm wlan . +E.g., .Dq ether src foo , .Dq arp net 128.3 , .Dq tcp port 21 , and .Dq wlan addr2 0:2:3:4:5:6 . -If there is no proto qualifier, +If there is no protocol qualifier, all protocols consistent with the type are assumed. -For example, +E.g., .Dq src foo means -.Dq (ip or arp or rarp) src foo -(except the latter is not legal syntax); +.Do +.Pq ip or arp or rarp +src foo +.Dc +.Pq except the latter is not legal syntax ; .Dq net bar means -.Dq (ip or arp or rarp) net bar ; +.Do +.Pq ip or arp or rarp +net bar +.Dc ; and .Dq port 53 means -.Dq (tcp or udp) port 53 . +.Do +.Pq TCP or UDP +port 53 +.Dc . .Pp .Cm fddi is actually an alias for .Cm ether ; the parser treats them identically as meaning -"the data link level used on the specified network interface". -FDDI headers contain Ethernet-like source and destination addresses, +.Qo +the data link level used on the specified network interface +.Qc . +FDDI +.Pq Fiber Distributed Data Interface +headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so it's possible to filter these FDDI fields just as with the analogous Ethernet fields. FDDI headers also contain other fields, @@ -156,8 +190,8 @@ and the source address is the SA field; the BSSID, RA, and TA fields aren't tested. .El .Pp -In addition to the above, -there are some special primitives that don't follow the pattern: +In addition to the above, there are some special primitive +keywords that don't follow the pattern: .Cm gateway , .Cm broadcast , .Cm less , @@ -171,13 +205,17 @@ More complex filter expressions are buil and .Cm not to combine primitives. -For example, -.Dq host foo and not port ftp and not port ftp-data . -To save typing, identical qualifier lists can be omitted, -so that +e.g., +.Do +host foo and not port ftp and not port ftp-data +.Dc . +To save typing, identical qualifier lists can be omitted +e.g., .D
Re: update to tcpdump(8)
Le Thu, Sep 02, 2021 at 07:49:25AM +0100, Jason McIntyre a écrit : > why not just paste in the body of pcap-filter in then and we can try and > keep them in sync thereafter? > OK, I will do that. I am not confident it will stay in sync over time :D
Re: update to tcpdump(8)
Le Wed, Sep 01, 2021 at 06:42:54PM +0100, Jason McIntyre a écrit : > On Wed, Sep 01, 2021 at 06:15:04PM +0200, Denis Fondras wrote: > > I was searching for the sampling command of tcpdump but could not find it > > in the > > manual. In fact it is missing some primitives compared to pcap-filter > > manual. > > > > hi. > > it looks like there's a whole heap of duplication going on here. does > tcpdump support just a subset of the syntax in pcap-filter(3), or are > they exactly the same? > > i wonder if we can whack all the tcpdump text, or just inline the exact > text of pcap-filter.3 if it really needs to be there (or vice-versa if > tcpdump.8 is more authorative). > > or do they differ? > tcpdump uses libpcap to decode the filter so as far as I can tell, they are the same. I would find it good to have only a pointer to pcap-filter manual in tcpdump manual instead of the full list of primitives.
update to tcpdump(8)
I was searching for the sampling command of tcpdump but could not find it in the manual. In fact it is missing some primitives compared to pcap-filter manual. Index: tcpdump.8 === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v retrieving revision 1.111 diff -u -p -r1.111 tcpdump.8 --- tcpdump.8 17 Aug 2020 06:29:29 - 1.111 +++ tcpdump.8 1 Sep 2021 16:05:20 - @@ -583,10 +583,26 @@ for details). .It Cm src net Ar net True if the IP source address of the packet has a network number of .Ar net . -.It Cm net Ar net -True if either the IP source or destination address of the packet -has a network number of -.Ar net . +.It Cm net Ar net Ns / Ns Ar len +True if the IPv4/v6 address matches +.Ar net +with a netmask +.Ar len +bits wide. +May be qualified with +.Cm src +or +.Cm dst . +.It Cm net Ar net Cm mask Ar netmask +True if the IPv4 address matches +.Ar net +with the specific +.Ar netmask . +May be qualified with +.Cm src +or +.Cm dst . +Note that this syntax is not valid for IPv6 networks. .It Cm dst port Ar port True if the packet is IP/TCP or IP/UDP and has a destination port value of .Ar port . @@ -634,12 +650,15 @@ True if the packet has a length greater This is equivalent to: .Pp .D1 Cm len >= Ar length -.It Cm ip proto Ar proto -True if the packet is an IP packet (see +.It Cm sample Ar samplerate +True if the packet has been randomly selected or sampled at a rate of 1 per +.Ar samplerate . +.It Cm ip proto Ar protocol +True if the packet is an IPv4 packet (see .Xr ip 4 ) of protocol type -.Ar proto . -.Ar proto +.Ar protocol . +.Ar protocol can be a number or name from .Xr protocols 5 , such as @@ -650,13 +669,18 @@ or These identifiers are also keywords and must be escaped using a backslash character .Pq Sq \e . +Note that this primitive does not chase the protocol header chain. +.It Cm ip6 proto Ar protocol +True if the packet is an IPv6 packet of protocol type +.Ar protocol . +Note that this primitive does not chase the protocol header chain. .It Cm ether broadcast True if the packet is an Ethernet broadcast packet. The .Cm ether keyword is optional. .It Cm ip broadcast -True if the packet is an IP broadcast packet. +True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions and looks up the local subnet mask. .It Cm ether multicast @@ -670,10 +694,12 @@ This is shorthand for .Dc . .It Cm ip multicast True if the packet is an IP multicast packet. -.It Cm ether proto Ar proto +.It Cm ip6 multicast +True if the packet is an IPv6 multicast packet. +.It Cm ether proto Ar protocol True if the packet is of ether type -.Ar proto . -.Ar proto +.Ar protocol . +.Ar protocol can be a number or one of the names .Cm ip , .Cm ip6 , @@ -835,6 +861,53 @@ Valid directions are: .Ar fromds , .Ar dstods , or a numeric value. +.It Cm vlan Op Ar vlan_id +True if the packet is an IEEE 802.1Q VLAN packet. +If +.Ar vlan_id +is specified, only true if the packet has the specified ID. +Note that the first +.Cm vlan +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is a VLAN packet. +This expression may be used more than once, to filter on VLAN hierarchies. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on VLAN 200 encapsulated within VLAN 100: +.Pp +.Dl vlan 100 && vlan 200 +.Pp +To filter IPv4 protocols encapsulated in VLAN 300 encapsulated within any +higher order VLAN: +.Pp +.Dl vlan && vlan 300 && ip +.It mpls Op Ar label +True if the packet is an MPLS (Multi-Protocol Label Switching) packet. +If +.Ar label +is specified, only true if the packet has the specified label. +Note that the first +.Cm mpls +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is an MPLS packet. +This expression may be used more than once, to filter on MPLS labels. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on MPLS label 42 first and requires the next label to be 12: +.Pp +.Dl mpls 42 && mpls 12 +.Pp +To filter on network 192.0.2.0/24 transported inside packets with label 42: +.Pp +.Dl mpls 42 && net 192.0.2.0/24 .It Xo .Cm atalk , .Cm ip ,
Re: bgpd, fix RTR connect
Le Mon, May 03, 2021 at 03:01:13PM +0200, Claudio Jeker a écrit : > The RTR connect code calls addr2sa() as an argument to connect() but also > uses the len argument in both calls. It seems in some cases this is > optimised the wrong way. I think it is better to write this code using two > steps like it is done in other places. > > OK? OK denis@ > -- > :wq Claudio > > Index: bgpd.c > === > RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v > retrieving revision 1.234 > diff -u -p -r1.234 bgpd.c > --- bgpd.c16 Feb 2021 08:29:16 - 1.234 > +++ bgpd.c2 May 2021 14:57:58 - > @@ -1261,6 +1261,7 @@ imsg_send_sockets(struct imsgbuf *se, st > void > bgpd_rtr_connect(struct rtr_config *r) > { > + struct sockaddr *sa; > socklen_t len; > int fd; > > @@ -1270,8 +1271,8 @@ bgpd_rtr_connect(struct rtr_config *r) > log_warn("rtr %s", r->descr); > return; > } > - if (r->local_addr.aid != AID_UNSPEC) { > - if (bind(fd, addr2sa(&r->local_addr, 0, &len), len) == -1) { > + if ((sa = addr2sa(&r->local_addr, 0, &len)) != NULL) { > + if (bind(fd, sa, len) == -1) { > log_warn("rtr %s: bind to %s", r->descr, > log_addr(&r->local_addr)); > close(fd); > @@ -1279,8 +1280,8 @@ bgpd_rtr_connect(struct rtr_config *r) > } > } > > - if (connect(fd, addr2sa(&r->remote_addr, r->remote_port, &len), len) == > - -1) { > + sa = addr2sa(&r->remote_addr, r->remote_port, &len); > + if (connect(fd, sa, len) == -1) { > log_warn("rtr %s: connect to %s:%u", r->descr, > log_addr(&r->remote_addr), r->remote_port); > close(fd); >
newfs_msdos(8): fix FAT32 partitions formatting
The 16-bit total count of sectors is set by newfs_msdos(8) when the number of sectors is less than MAXU16 even if asked to format in FAT32. This diff fixes that according to the FAT32 spec : "For FAT32 volumes, this field [BPB_TotSec16] must be 0" OK ? Index: newfs_msdos.c === RCS file: /cvs/src/sbin/newfs_msdos/newfs_msdos.c,v retrieving revision 1.27 diff -u -p -r1.27 newfs_msdos.c --- newfs_msdos.c 23 Nov 2015 19:19:30 - 1.27 +++ newfs_msdos.c 26 Apr 2021 16:40:34 - @@ -536,9 +536,10 @@ main(int argc, char *argv[]) cls == 1 ? "" : "s", bpb.bps * bpb.spc); if (!bpb.mid) bpb.mid = !bpb.hid ? 0xf0 : 0xf8; -if (fat == 32) +if (fat == 32) { bpb.rdcl = RESFTE; -if (bpb.hid + bpb.bsec <= MAXU16) { + bpb.sec = 0; +} else if (bpb.hid + bpb.bsec <= MAXU16) { bpb.sec = bpb.bsec; bpb.bsec = 0; }
Re: show negotiated capabilities in bgpctl show neighbor output
Le Mon, Apr 26, 2021 at 04:21:16PM +0200, Claudio Jeker a écrit : > The bgpctl show neighbor output is a bit missleading for capabilities. > It currently shows the capabilities sent by the neighbor and not the ones > that then got selected for the session. This matters especially for the > multiprotocol capability. > > I added the negotiated capability in the output (which makes the output > longer but hopefully less confusing). e.g. > OK denis@ If you want to reduce the length, an alternative display could be to add '*' next to the enabled capability. > bgpctl show neighbor 2001:XXX > BGP neighbor is 2001:XXX, remote AS 65195, Passive > Max-prefix: 604 (restart 15) > BGP version 4, remote router-id 0.0.0.1 > BGP state = Established, up for 05w3d21h > Last read 00:00:15, holdtime 90s, keepalive interval 30s > Last write 00:00:14 > Neighbor capabilities: > Multiprotocol extensions: IPv4 unicast, IPv6 unicast, IPv4 vpn, IPv6 vpn > 4-byte AS numbers > Negotiated capabilities: > Multiprotocol extensions: IPv6 unicast > 4-byte AS numbers > > The neighbor here is exabgp and by default it just adds everything in the > capabilities. Still the negotiated capabilites do not include anything but > the IPv6 unicast AFI. > > The JSON output already includes all 3 capabilities in its output so there > no change is needed. > -- > :wq Claudio > > Index: output.c > === > RCS file: /cvs/src/usr.sbin/bgpctl/output.c,v > retrieving revision 1.15 > diff -u -p -r1.15 output.c > --- output.c 15 Apr 2021 14:12:05 - 1.15 > +++ output.c 25 Apr 2021 08:39:45 - > @@ -132,14 +132,14 @@ show_summary(struct peer *p) > } > > static void > -show_neighbor_capa_mp(struct peer *p) > +show_neighbor_capa_mp(struct capabilities *capa) > { > int comma; > u_int8_ti; > > printf("Multiprotocol extensions: "); > for (i = 0, comma = 0; i < AID_MAX; i++) > - if (p->capa.peer.mp[i]) { > + if (capa->mp[i]) { > printf("%s%s", comma ? ", " : "", aid2str(i)); > comma = 1; > } > @@ -147,23 +147,23 @@ show_neighbor_capa_mp(struct peer *p) > } > > static void > -show_neighbor_capa_restart(struct peer *p) > +show_neighbor_capa_restart(struct capabilities *capa) > { > int comma; > u_int8_ti; > > printf("Graceful Restart"); > - if (p->capa.peer.grestart.timeout) > - printf(": Timeout: %d, ", p->capa.peer.grestart.timeout); > + if (capa->grestart.timeout) > + printf(": Timeout: %d, ", capa->grestart.timeout); > for (i = 0, comma = 0; i < AID_MAX; i++) > - if (p->capa.peer.grestart.flags[i] & CAPA_GR_PRESENT) { > + if (capa->grestart.flags[i] & CAPA_GR_PRESENT) { > if (!comma && > - p->capa.peer.grestart.flags[i] & CAPA_GR_RESTART) > + capa->grestart.flags[i] & CAPA_GR_RESTART) > printf("restarted, "); > if (comma) > printf(", "); > printf("%s", aid2str(i)); > - if (p->capa.peer.grestart.flags[i] & CAPA_GR_FORWARD) > + if (capa->grestart.flags[i] & CAPA_GR_FORWARD) > printf(" (preserved)"); > comma = 1; > } > @@ -286,12 +286,27 @@ show_neighbor_full(struct peer *p, struc > p->capa.peer.grestart.restart || p->capa.peer.as4byte) { > printf(" Neighbor capabilities:\n"); > if (hascapamp) > - show_neighbor_capa_mp(p); > + show_neighbor_capa_mp(&p->capa.peer); > if (p->capa.peer.refresh) > printf("Route Refresh\n"); > if (p->capa.peer.grestart.restart) > - show_neighbor_capa_restart(p); > + show_neighbor_capa_restart(&p->capa.peer); > if (p->capa.peer.as4byte) > + printf("4-byte AS numbers\n"); > + } > + for (i = 0; i < AID_MAX; i++) > + if (p->capa.neg.mp[i]) > + hascapamp = 1; > + if (hascapamp || p->capa.neg.refresh || > + p->capa.neg.grestart.restart || p->capa.neg.as4byte) { > + printf(" Negotiated capabilities:\n"); > + if (hascapamp) > + show_neighbor_capa_mp(&p->capa.neg); > + if (p->capa.neg.refresh) > + printf("Route Refresh\n"); > + if (p->capa.neg.grestart.restart) > + show_neighbor_capa_restart(&p->capa.neg); > + if (p->capa.neg.as4byte) > printf("4-byte AS numbers\n"); > } > printf("\n"); >
Allow mounting small FAT32 partitions
If partition is smaller than 32MB, mount_msdos(8) will yield "not an MSDOS filesystem". pmp->pm_Sectors is set by newfs_msdos(8) when the number of sectors is less than MAXU16 even if asked to format in FAT32. I choosed to fix mounting instead of formatting (newfs_msdos.c frightens me...) FreeBSD fixed this in 2013. Index: msdosfs_vfsops.c === RCS file: /cvs/src/sys/msdosfs/msdosfs_vfsops.c,v retrieving revision 1.94 diff -u -p -r1.94 msdosfs_vfsops.c --- msdosfs_vfsops.c10 Aug 2020 05:18:46 - 1.94 +++ msdosfs_vfsops.c22 Apr 2021 19:35:40 - @@ -334,8 +334,7 @@ msdosfs_mountfs(struct vnode *devvp, str } if (pmp->pm_RootDirEnts == 0) { - if (pmp->pm_Sectors || pmp->pm_FATsecs || - getushort(b710->bpbFSVers)) { + if (pmp->pm_FATsecs || getushort(b710->bpbFSVers)) { error = EINVAL; goto error_exit; }
Re: [External] : Re: XCP-ng, OpenBSD and network interface changes
Le Mon, Feb 01, 2021 at 01:49:09PM +0100, Alexandr Nedvedicky a écrit : > Hello Denis, > > I think we need to refresh expected value in 'flags' > with every loop iteration. does diff below help? > Thank you but it does not help. Same panic and also same panic if I test with loop++ > 10. If loop++ > 100, no more panic but I get : xnf0 detached xen0: failed to attach "device/vif/" > regards > sashan > > 8<---8<---8<--8< > diff --git a/sys/dev/pv/xen.c b/sys/dev/pv/xen.c > index 11ce4ca99cd..c93e68614b4 100644 > --- a/sys/dev/pv/xen.c > +++ b/sys/dev/pv/xen.c > @@ -1202,20 +1202,22 @@ xen_grant_table_remove(struct xen_softc *sc, > grant_ref_t ref) > flags = (ge->ge_table[ref].flags & ~(GTF_reading|GTF_writing)) | > (ge->ge_table[ref].domid << 16); > loop = 0; > while (atomic_cas_uint(ptr, flags, GTF_invalid) != flags) { > if (loop++ > 10) { > panic("grant table reference %u is held " > "by domain %d: frame %#x flags %#x", > ref + ge->ge_start, ge->ge_table[ref].domid, > ge->ge_table[ref].frame, ge->ge_table[ref].flags); > } > + flags = (ge->ge_table[ref].flags & ~(GTF_reading|GTF_writing)) | > + (ge->ge_table[ref].domid << 16); > #if (defined(__amd64__) || defined(__i386__)) > __asm volatile("pause": : : "memory"); > #endif > } > ge->ge_table[ref].frame = 0x; > } > > int > xen_bus_dmamap_create(bus_dma_tag_t t, bus_size_t size, int nsegments, > bus_size_t maxsegsz, bus_size_t boundary, int flags, bus_dmamap_t *dmamp)
XCP-ng, OpenBSD and network interface changes
I am using XCP-ng with the latest OpenBSD snapshot. Whenever I make an hardware change in networking on the VM (connect or disconnect an interface, change associated network), the VM panics : openbsd# panic: grant table reference 5912 is held by domain 0: frame 0x1f1a4 flags 0x19 Stopped at db_enter+0x10: popq %rbp TID PID UIDPRFLAGS PFLAGS CPU COMMAND *349758 6557900x14000 0x200 0 xenwatch db_enter() at db_enter+0x10 panic(81da7541) at panic+0x12a xen_bus_dmamap_unload(820ede50,800e9380) at xen_bus_dmamap_unload+0x138 xnf_tx_ring_destroy(80162000) at xnf_tx_ring_destroy+0x104 xnf_detach(80162000,0) at xnf_detach+0x55 config_detach(80162000,0) at config_detach+0x140 xen_hotplug(8012e200) at xen_hotplug+0x181 taskq_thread(800dde00) at taskq_thread+0x66 end trace frame: 0x0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> If I apply the following patch, it obviously does not panic and seems to work correctly : Index: xen.c === RCS file: /cvs/src/sys/dev/pv/xen.c,v retrieving revision 1.97 diff -u -p -r1.97 xen.c --- xen.c 29 Jun 2020 06:50:52 - 1.97 +++ xen.c 31 Jan 2021 13:13:07 - @@ -1204,7 +1204,7 @@ xen_grant_table_remove(struct xen_softc loop = 0; while (atomic_cas_uint(ptr, flags, GTF_invalid) != flags) { if (loop++ > 10) { - panic("grant table reference %u is held " + printf("grant table reference %u is held " "by domain %d: frame %#x flags %#x", ref + ge->ge_start, ge->ge_table[ref].domid, ge->ge_table[ref].frame, ge->ge_table[ref].flags); Can someone give me a clue on what _atomic_cas_uint() is ? Thank you in advance. Denis OpenBSD 6.8-current (GENERIC) #9: Sun Jan 31 14:08:42 CET 2021 r...@openbsd.lab.ledeuns.net:/sys/arch/amd64/compile/GENERIC real mem = 1052770304 (1004MB) avail mem = 1005694976 (959MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xeb01f (11 entries) bios0: vendor Xen version "4.13" date 01/21/2021 bios0: Xen HVM domU acpi0 at bios0: ACPI 4.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET WAET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 48 pins, remapped cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz, 2394.83 MHz, 06-3e-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz acpihpet0 at acpi0: 6250 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 "ACPI0007" at acpi0 not configured acpicpu0 at acpi0: C1(@1 halt!) cpu0: using VERW MDS workaround (except on vmm entry) pvbus0 at mainbus0: Hyper-V 0.0, Xen 4.13 xen0 at pvbus0: features 0x2705, 64 grant table frames, event channel 2 xbf0 at xen0 backend 0 channel 6: disk scsibus1 at xbf0: 1 targets sd0 at scsibus1 targ 0 lun 0: sd0: 10240MB, 512 bytes/sector, 20971520 sectors xbf1 at xen0 backend 0 channel 7: cdrom xbf1: timed out waiting for backend to connect xnf0 at xen0 backend 0 channel 7: address 76:88:23:28:25:f4 xnf1 at xen0 backend 0 channel 8: address 62:36:ed:68:46:3c xnf2 at xen0 backend 0 channel 9: address be:04:e2:f3:7d:75 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 1 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: removable cd0(pciide0:1:1): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 1 int 23 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x01: SMBus disabled vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) xspd0 at pci0 dev 3 function 0 "XenSource Platform Device" rev 0x01 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at i
Re: route sourceaddr: simplify code & get out of ART
Le Sat, Jan 09, 2021 at 06:50:50PM +0100, Denis Fondras a écrit : > This diff place the user-set source address outside of struct art_root and > make > the code more readable (to me). > > Based on a concept by mpi@ > ping. > Index: net/art.h > === > RCS file: /cvs/src/sys/net/art.h,v > retrieving revision 1.20 > diff -u -p -r1.20 art.h > --- net/art.h 12 Nov 2020 15:25:28 - 1.20 > +++ net/art.h 9 Jan 2021 16:04:02 - > @@ -42,7 +42,6 @@ struct art_root { > uint8_t ar_nlvl; /* [I] Number of levels */ > uint8_t ar_alen; /* [I] Address length in bits */ > uint8_t ar_off;/* [I] Offset of key in bytes */ > - struct sockaddr *source;/* [K] optional src addr to use > */ > }; > > #define ISLEAF(e)(((unsigned long)(e) & 1) == 0) > Index: net/route.c > === > RCS file: /cvs/src/sys/net/route.c,v > retrieving revision 1.397 > diff -u -p -r1.397 route.c > --- net/route.c 29 Oct 2020 21:15:27 - 1.397 > +++ net/route.c 9 Jan 2021 16:04:02 - > @@ -1192,9 +1192,9 @@ rt_ifa_del(struct ifaddr *ifa, int flags > if (flags & RTF_CONNECTED) > prio = ifp->if_priority + RTP_CONNECTED; > > - rtable_clearsource(rdomain, ifa->ifa_addr); > error = rtrequest_delete(&info, prio, ifp, &rt, rdomain); > if (error == 0) { > + rt_sourceclear(rt, rdomain); > rtm_send(rt, RTM_DELETE, 0, rdomain); > if (flags & RTF_LOCAL) > rtm_addr(RTM_DELADDR, ifa); > Index: net/route.h > === > RCS file: /cvs/src/sys/net/route.h,v > retrieving revision 1.183 > diff -u -p -r1.183 route.h > --- net/route.h 29 Oct 2020 21:15:27 - 1.183 > +++ net/route.h 9 Jan 2021 16:04:02 - > @@ -478,6 +478,9 @@ intrtrequest_delete(struct rt_addrinfo > int rt_if_track(struct ifnet *); > int rt_if_linkstate_change(struct rtentry *, void *, u_int); > int rtdeletemsg(struct rtentry *, struct ifnet *, u_int); > + > +struct ifaddr*rt_get_ifa(struct rtentry *, unsigned int); > +void rt_sourceclear(struct rtentry *, unsigned int); > #endif /* _KERNEL */ > > #endif /* _NET_ROUTE_H_ */ > Index: net/rtable.c > === > RCS file: /cvs/src/sys/net/rtable.c,v > retrieving revision 1.72 > diff -u -p -r1.72 rtable.c > --- net/rtable.c 7 Nov 2020 09:51:40 - 1.72 > +++ net/rtable.c 9 Jan 2021 16:04:02 - > @@ -365,44 +365,6 @@ rtable_alloc(unsigned int rtableid, unsi > return (art_alloc(rtableid, alen, off)); > } > > -int > -rtable_setsource(unsigned int rtableid, int af, struct sockaddr *src) > -{ > - struct art_root *ar; > - > - if ((ar = rtable_get(rtableid, af)) == NULL) > - return (EAFNOSUPPORT); > - > - ar->source = src; > - > - return (0); > -} > - > -struct sockaddr * > -rtable_getsource(unsigned int rtableid, int af) > -{ > - struct art_root *ar; > - > - ar = rtable_get(rtableid, af); > - if (ar == NULL) > - return (NULL); > - > - return (ar->source); > -} > - > -void > -rtable_clearsource(unsigned int rtableid, struct sockaddr *src) > -{ > - struct sockaddr *addr; > - > - addr = rtable_getsource(rtableid, src->sa_family); > - if (addr && (addr->sa_len == src->sa_len)) { > - if (memcmp(src, addr, addr->sa_len) == 0) { > - rtable_setsource(rtableid, src->sa_family, NULL); > - } > - } > -} > - > struct rtentry * > rtable_lookup(unsigned int rtableid, struct sockaddr *dst, > struct sockaddr *mask, struct sockaddr *gateway, uint8_t prio) > Index: net/rtable.h > === > RCS file: /cvs/src/sys/net/rtable.h,v > retrieving revision 1.26 > diff -u -p -r1.26 rtable.h > --- net/rtable.h 7 Nov 2020 09:51:40 - 1.26 > +++ net/rtable.h 9 Jan 2021 16:04:02 - > @@ -39,9 +39,6 @@ unsigned int rtable_l2(unsigned int); > unsigned int rtable_loindex(unsigned int); > void rtable_l2set(unsigned int, unsigned int, unsigned int); > > -int rtable_setsource(unsigned int, int, struct sockaddr *); > -struct sockaddr *rtable_getsource(unsigned int, int
Re: bgpd adjust aspath_neighbor to follow RFC more closely
Le Thu, Jan 14, 2021 at 02:20:26PM +0100, Claudio Jeker a écrit : > The aspath_neighbor function returns the first AS of a path. Now if the > first element is an AS_SET then this does not really make sense. > RFC4271 has this bit in section 9.1.2.2 > > Similarly, neighborAS(n) is a function that returns the > neighbor AS from which the route was received. If the route is > learned via IBGP, and the other IBGP speaker didn't originate > the route, it is the neighbor AS from which the other IBGP > speaker learned the route. If the route is learned via IBGP, > and the other IBGP speaker either (a) originated the route, or > (b) created the route by aggregation and the AS_PATH attribute > of the aggregate route is either empty or begins with an > AS_SET, it is the local AS. > > bgpd uses aspath_neighbor() in a few spots: > - in the decision process to decide if MED should be compared or not > - in filters using 'peer-as' > - in the enforce neighbor-as check > > I think the above mentioned behaviour is valid for all these cases and so > here is a diff that adjust aspath_neighbor(). > OK denis@ > -- > :wq Claudio > > Index: rde_attr.c > === > RCS file: /cvs/src/usr.sbin/bgpd/rde_attr.c,v > retrieving revision 1.123 > diff -u -p -r1.123 rde_attr.c > --- rde_attr.c24 Jun 2019 06:39:49 - 1.123 > +++ rde_attr.c14 Jan 2021 13:13:15 - > @@ -673,8 +673,13 @@ aspath_length(struct aspath *aspath) > u_int32_t > aspath_neighbor(struct aspath *aspath) > { > - /* Empty aspath is OK -- internal AS route. */ > - if (aspath->len == 0) > + /* > + * Empty aspath is OK -- internal AS route. > + * Additionally the RFC specifies that if the path starts with an > + * AS_SET the neighbor AS is also the local AS. > + */ > + if (aspath->len == 0 || > + aspath->data[0] != AS_SEQUENCE) > return (rde_local_as()); > return (aspath_extract(aspath->data, 0)); > } >
Re: Change bgpd_addr encoding of VPN v4 and v6 addresses
Le Tue, Jan 12, 2021 at 10:06:46AM +0100, Claudio Jeker a écrit : > On Tue, Jan 05, 2021 at 11:17:22AM +0100, Claudio Jeker wrote: > > While changing log_addr() I noticed that struct bgpd_addr could benefit > > from changing the encoding of AID_VPN_IPv4 and AID_VPN_IPv6 addrs. > > Instead of having independent route distinguishers and labelstacks use > > common fields for those and use the v4 and v6 addresses for the prefix. > > This is a bit more compact but also simplifies some code since the > > handling of AID_VPN_IPv4 and AID_VPN_IPv6 can be handled in the same > > switch case. > > > > I reduced the labelstack size from 21 to 18 (6 instead of 7 labels). Now > > in theory you could pack 7 labels into an IPv4 VPN NLRI (8bit prefixlen + > > 64bit RD + 16bit prefix + 21 * 8bit label = 256) but that is quite silly. > > Even 6 labels is more than enough. bgpd itself only allows a single MPLS > > label when announcing such networks. > > Ping > > Index: bgpd/util.c > === > RCS file: /cvs/src/usr.sbin/bgpd/util.c,v > retrieving revision 1.58 > diff -u -p -r1.58 util.c > --- bgpd/util.c 5 Jan 2021 10:00:28 - 1.58 > +++ bgpd/util.c 5 Jan 2021 10:05:15 - > @@ -666,9 +669,17 @@ prefix_compare(const struct bgpd_addr *a > mask = htonl(prefixlen2mask(prefixlen)); > aa = ntohl(a->v4.s_addr & mask); > ba = ntohl(b->v4.s_addr & mask); > - if (aa != ba) > - return (aa - ba); > - return (0); > + if (aa > ba) > + return (1); > + if (aa < ba) > + return (1); I guess it is -1 here. Otherwise OK denis@
Re: bgpd refactor route decision process
Le Tue, Jan 12, 2021 at 05:39:02PM +0100, Claudio Jeker a écrit : > This diff changes two things: > - First, it move the kroute update into rde_generate_updates() simplifying > prefix_evaluate a little bit. > > - Second, it changes prefix_evaluate to take an additional argument for the > old prefix (to be removed). Instead of doing this outside of > prefix_evaluate() with some drawbacks in case the same prefix is removed > and readded, the code is now in prefix_evaluate() and does all the magic > itself. > > Index: rde_decide.c > === > RCS file: /cvs/src/usr.sbin/bgpd/rde_decide.c,v > retrieving revision 1.78 > diff -u -p -r1.78 rde_decide.c > --- rde_decide.c 9 Aug 2019 13:44:27 - 1.78 > +++ rde_decide.c 12 Jan 2021 16:24:36 - > @@ -238,14 +238,16 @@ prefix_cmp(struct prefix *p1, struct pre > * The to evaluate prefix must not be in the prefix list. > */ > void > -prefix_evaluate(struct prefix *p, struct rib_entry *re) > +prefix_evaluate(struct rib_entry *re, struct prefix *new, struct prefix *old) > { > struct prefix *xp; > > if (re_rib(re)->flags & F_RIB_NOEVALUATE) { > /* decision process is turned off */ > - if (p != NULL) > - LIST_INSERT_HEAD(&re->prefix_h, p, entry.list.rib); > + if (old != NULL) > + LIST_REMOVE(old, entry.list.rib); > + if (new != NULL) > + LIST_INSERT_HEAD(&re->prefix_h, new, entry.list.rib); Would it be beneficial to have a p == new test ? Otherwise OK denis@
route sourceaddr: simplify code & get out of ART
This diff place the user-set source address outside of struct art_root and make the code more readable (to me). Based on a concept by mpi@ Index: net/art.h === RCS file: /cvs/src/sys/net/art.h,v retrieving revision 1.20 diff -u -p -r1.20 art.h --- net/art.h 12 Nov 2020 15:25:28 - 1.20 +++ net/art.h 9 Jan 2021 16:04:02 - @@ -42,7 +42,6 @@ struct art_root { uint8_t ar_nlvl; /* [I] Number of levels */ uint8_t ar_alen; /* [I] Address length in bits */ uint8_t ar_off;/* [I] Offset of key in bytes */ - struct sockaddr *source;/* [K] optional src addr to use */ }; #define ISLEAF(e) (((unsigned long)(e) & 1) == 0) Index: net/route.c === RCS file: /cvs/src/sys/net/route.c,v retrieving revision 1.397 diff -u -p -r1.397 route.c --- net/route.c 29 Oct 2020 21:15:27 - 1.397 +++ net/route.c 9 Jan 2021 16:04:02 - @@ -1192,9 +1192,9 @@ rt_ifa_del(struct ifaddr *ifa, int flags if (flags & RTF_CONNECTED) prio = ifp->if_priority + RTP_CONNECTED; - rtable_clearsource(rdomain, ifa->ifa_addr); error = rtrequest_delete(&info, prio, ifp, &rt, rdomain); if (error == 0) { + rt_sourceclear(rt, rdomain); rtm_send(rt, RTM_DELETE, 0, rdomain); if (flags & RTF_LOCAL) rtm_addr(RTM_DELADDR, ifa); Index: net/route.h === RCS file: /cvs/src/sys/net/route.h,v retrieving revision 1.183 diff -u -p -r1.183 route.h --- net/route.h 29 Oct 2020 21:15:27 - 1.183 +++ net/route.h 9 Jan 2021 16:04:02 - @@ -478,6 +478,9 @@ int rtrequest_delete(struct rt_addrinfo int rt_if_track(struct ifnet *); int rt_if_linkstate_change(struct rtentry *, void *, u_int); int rtdeletemsg(struct rtentry *, struct ifnet *, u_int); + +struct ifaddr *rt_get_ifa(struct rtentry *, unsigned int); +voidrt_sourceclear(struct rtentry *, unsigned int); #endif /* _KERNEL */ #endif /* _NET_ROUTE_H_ */ Index: net/rtable.c === RCS file: /cvs/src/sys/net/rtable.c,v retrieving revision 1.72 diff -u -p -r1.72 rtable.c --- net/rtable.c7 Nov 2020 09:51:40 - 1.72 +++ net/rtable.c9 Jan 2021 16:04:02 - @@ -365,44 +365,6 @@ rtable_alloc(unsigned int rtableid, unsi return (art_alloc(rtableid, alen, off)); } -int -rtable_setsource(unsigned int rtableid, int af, struct sockaddr *src) -{ - struct art_root *ar; - - if ((ar = rtable_get(rtableid, af)) == NULL) - return (EAFNOSUPPORT); - - ar->source = src; - - return (0); -} - -struct sockaddr * -rtable_getsource(unsigned int rtableid, int af) -{ - struct art_root *ar; - - ar = rtable_get(rtableid, af); - if (ar == NULL) - return (NULL); - - return (ar->source); -} - -void -rtable_clearsource(unsigned int rtableid, struct sockaddr *src) -{ - struct sockaddr *addr; - - addr = rtable_getsource(rtableid, src->sa_family); - if (addr && (addr->sa_len == src->sa_len)) { - if (memcmp(src, addr, addr->sa_len) == 0) { - rtable_setsource(rtableid, src->sa_family, NULL); - } - } -} - struct rtentry * rtable_lookup(unsigned int rtableid, struct sockaddr *dst, struct sockaddr *mask, struct sockaddr *gateway, uint8_t prio) Index: net/rtable.h === RCS file: /cvs/src/sys/net/rtable.h,v retrieving revision 1.26 diff -u -p -r1.26 rtable.h --- net/rtable.h7 Nov 2020 09:51:40 - 1.26 +++ net/rtable.h9 Jan 2021 16:04:02 - @@ -39,9 +39,6 @@ unsigned int rtable_l2(unsigned int); unsigned intrtable_loindex(unsigned int); voidrtable_l2set(unsigned int, unsigned int, unsigned int); -int rtable_setsource(unsigned int, int, struct sockaddr *); -struct sockaddr *rtable_getsource(unsigned int, int); -voidrtable_clearsource(unsigned int, struct sockaddr *); struct rtentry *rtable_lookup(unsigned int, struct sockaddr *, struct sockaddr *, struct sockaddr *, uint8_t); struct rtentry *rtable_match(unsigned int, struct sockaddr *, uint32_t *); Index: net/rtsock.c === RCS file: /cvs/src/sys/net/rtsock.c,v retrieving revision 1.304 diff -u -p -r1.304 rtsock.c --- net/rtsock.c7 Nov 2020 09:51:40 - 1.304 +++ net/rtsock.c9 Jan 2021 16:04:02 - @@ -138,7 +138,8 @@ int sysctl_iflist(int, struct walkarg int sysctl_ifnames(struct walkarg *);
Re: Port httpd(8) 'strip' directive to relayd(8)
Le Thu, Jan 07, 2021 at 12:03:54PM +0100, Hiltjo Posthuma a écrit : > Hi Denis, > > I like this feature. For example it would be useful for using relayd as a > reverse-proxy to forward it to an internal network running a httpd with some > service. Then the path can be stripped without having to touch this service > configuration. > > Like: https://example.com/myservice/ -> http://192.168.0.2/ . > > I've noticed a small thing while testing the patch. When the path is "/" and > "strip 1" is used it becomes "", the request becomes: "GET HTTP/1.0". Maybe > this should be instead: "/". The same thing happens with a "strip number" > higher than the amount of sub paths. > > It could be worked-around by prefiltering with a match rule, but maybe it is > more obvious to make the root "/" ? The way the function server_root_strip() > is > used by OpenBSD httpd is that it first does a filesystem path check/open(2). > > Thank you for testing. Here is an update: Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.250 diff -u -p -r1.250 parse.y --- parse.y 29 Dec 2020 19:48:06 - 1.250 +++ parse.y 7 Jan 2021 15:08:28 - @@ -175,7 +175,7 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED TCP %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char*strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if (asprintf(&strip, "%lld", $3) <= 0) + fatal("can't parse strip"); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2481,6 +2495,7 @@ lookup(char *s) { "ssl",SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag",TAG }, Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 - 1.251 +++ relay.c 7 Jan 2021 15:08:28 - @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || +kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c4 Sep 2020 13:09
Re: minor cleanup in bgpd's process startup
Le Mon, Jan 04, 2021 at 05:04:51PM +0100, Claudio Jeker a écrit : > bgpd will get a new process for RTR handling. Because of this it makes > sense to cleanup the startup code a bit and not use flags to indicate > which process to run but instead use the enum bgpd_process. > Additionally change the PFD_PIPE_ROUTE to PFD_PIPE_RDE. The latter is less > confusing since there is also PFD_SOCK_ROUTE. > > OK? Better readability, OK denis@ > -- > :wq Claudio > > Index: bgpd.c > === > RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v > retrieving revision 1.232 > diff -u -p -r1.232 bgpd.c > --- bgpd.c30 Dec 2020 07:00:54 - 1.232 > +++ bgpd.c4 Jan 2021 16:00:30 - > @@ -90,7 +90,7 @@ usage(void) > } > > #define PFD_PIPE_SESSION 0 > -#define PFD_PIPE_ROUTE 1 > +#define PFD_PIPE_RDE 1 > #define PFD_SOCK_ROUTE 2 > #define PFD_SOCK_PFKEY 3 > #define POLL_MAX 4 > @@ -102,6 +102,7 @@ int > main(int argc, char *argv[]) > { > struct bgpd_config *conf; > + enum bgpd_processproc = PROC_MAIN; > struct rde_rib *rr; > struct peer *p; > struct pollfdpfd[POLL_MAX]; > @@ -110,7 +111,6 @@ main(int argc, char *argv[]) > char*conffile; > char*saved_argv0; > int debug = 0; > - int rflag = 0, sflag = 0; > int rfd, keyfd; > int ch, status; > int pipe_m2s[2]; > @@ -151,10 +151,10 @@ main(int argc, char *argv[]) > cmd_opts |= BGPD_OPT_VERBOSE; > break; > case 'R': > - rflag = 1; > + proc = PROC_RDE; > break; > case 'S': > - sflag = 1; > + proc = PROC_SE; > break; > default: > usage(); > @@ -164,7 +164,7 @@ main(int argc, char *argv[]) > > argc -= optind; > argv += optind; > - if (argc > 0 || (sflag && rflag)) > + if (argc > 0) > usage(); > > if (cmd_opts & BGPD_OPT_NOACTION) { > @@ -184,10 +184,16 @@ main(int argc, char *argv[]) > exit(0); > } > > - if (rflag) > + switch (proc) { > + case PROC_MAIN: > + break; > + case PROC_RDE: > rde_main(debug, cmd_opts & BGPD_OPT_VERBOSE); > - else if (sflag) > + /* NOTREACHED */ > + case PROC_SE: > session_main(debug, cmd_opts & BGPD_OPT_VERBOSE); > + /* NOTREACHED */ > + } > > if (geteuid()) > errx(1, "need root privileges"); > @@ -278,7 +284,7 @@ BROKENif (pledge("stdio rpath wpath cpa > pfd[PFD_SOCK_PFKEY].events = POLLIN; > > set_pollfd(&pfd[PFD_PIPE_SESSION], ibuf_se); > - set_pollfd(&pfd[PFD_PIPE_ROUTE], ibuf_rde); > + set_pollfd(&pfd[PFD_PIPE_RDE], ibuf_rde); > > if (timeout < 0 || timeout > MAX_TIMEOUT) > timeout = MAX_TIMEOUT; > @@ -300,14 +306,14 @@ BROKEN if (pledge("stdio rpath wpath cpa > quit = 1; > } > > - if (handle_pollfd(&pfd[PFD_PIPE_ROUTE], ibuf_rde) == -1) { > + if (handle_pollfd(&pfd[PFD_PIPE_RDE], ibuf_rde) == -1) { > log_warnx("main: Lost connection to RDE"); > msgbuf_clear(&ibuf_rde->w); > free(ibuf_rde); > ibuf_rde = NULL; > quit = 1; > } else { > - if (dispatch_imsg(ibuf_rde, PFD_PIPE_ROUTE, conf) == > + if (dispatch_imsg(ibuf_rde, PFD_PIPE_RDE, conf) == > -1) > quit = 1; > } > @@ -713,7 +719,7 @@ dispatch_imsg(struct imsgbuf *ibuf, int > > switch (imsg.hdr.type) { > case IMSG_KROUTE_CHANGE: > - if (idx != PFD_PIPE_ROUTE) > + if (idx != PFD_PIPE_RDE) > log_warnx("route request not from RDE"); > else if (imsg.hdr.len != IMSG_HEADER_SIZE + > sizeof(struct kroute_full)) > @@ -723,7 +729,7 @@ dispatch_imsg(struct imsgbuf *ibuf, int > rv = -1; > break; > case IMSG_KROUTE_DELETE: > - if (idx != PFD_PIPE_ROUTE) > + if (idx != PFD_PIPE_RDE) > log_warnx("route request not from RDE"); > else if (imsg.hdr.len != IMSG_HEADER_SIZE + > sizeof(struct kroute_f
Re: Port httpd(8) 'strip' directive to relayd(8)
Le Fri, Dec 11, 2020 at 10:53:56AM +, Olivier Cherrier a écrit : > > Hello tech@, > > Is there any interest for this feature to be commited? > I find it very useful. Thank you Denis! > Here is an up to date diff, looking for OKs. Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.250 diff -u -p -r1.250 parse.y --- parse.y 29 Dec 2020 19:48:06 - 1.250 +++ parse.y 3 Jan 2021 10:38:26 - @@ -175,7 +175,7 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED TCP %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char*strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if (asprintf(&strip, "%lld", $3) <= 0) + fatal("can't parse strip"); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2481,6 +2495,7 @@ lookup(char *s) { "ssl",SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag",TAG }, Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 - 1.251 +++ relay.c 3 Jan 2021 10:38:27 - @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || +kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c4 Sep 2020 13:09:14 - 1.79 +++ relay_http.c3 Jan 2021 10:38:27 - @@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel struct relay_rule *, struct kvlist *, struct kvlist *, struct relay_table **); voidrelay_httpdesc_free(struct http_descriptor *); +char * server_root_strip(char *, int); static struct relayd *env = NULL; @@ -1421,14 +1422,16 @@ relay_httppath_test(struct ctl_relay_eve if (cre->dir == RELAY_DIR_RESPONSE || kv->kv_type != KEY_TYPE_PATH) return (0); - else if (kv->kv_key == NULL) - return (0); - else if (fnmatch(kv->kv_key, desc->http_path, 0) == FNM_NOMATCH) -
Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7
Le Tue, Dec 29, 2020 at 12:36:22PM -0700, Todd C. Miller a écrit : > On Sat, 26 Dec 2020 15:07:36 -0700, "Theo de Raadt" wrote: > > > Well in that case this should still be a multistep process. > > > > Add STAILQ > > > > Convert things, including everything in ports > > > > No diff should change a line of code before it's time > > That looks something like this. I used the FreeBSD macros which > incorporate STAILQ_NEXT and STAILQ_FIRST but I can inline things > if someone has a strong opinion on this. > > If this is OK I will send an update to the man page. > Sometime STAILQ_FIRST is used, sometime it is (head)->stqh_first. Apart from that, OK denis@ > - todd > > Index: sys/sys/queue.h > === > RCS file: /cvs/src/sys/sys/queue.h,v > retrieving revision 1.45 > diff -u -p -u -r1.45 queue.h > --- sys/sys/queue.h 12 Jul 2018 14:22:54 - 1.45 > +++ sys/sys/queue.h 29 Dec 2020 17:32:31 - > @@ -533,4 +533,101 @@ struct { > \ > } \ > } while (0) > > +/* > + * Singly-linked Tail queue declarations. > + */ > +#define STAILQ_HEAD(name, type) > \ > +struct name { > \ > + struct type *stqh_first;/* first element */ \ > + struct type **stqh_last;/* addr of last next element */ \ > +} > + > +#define STAILQ_HEAD_INITIALIZER(head) > \ > + { NULL, &(head).stqh_first } > + > +#define STAILQ_ENTRY(type) > \ > +struct { \ > + struct type *stqe_next; /* next element */ \ > +} > + > +/* > + * Singly-linked Tail queue access methods. > + */ > +#define STAILQ_FIRST(head) ((head)->stqh_first) > +#define STAILQ_END(head)NULL > +#define STAILQ_EMPTY(head) (STAILQ_FIRST(head) == STAILQ_END(head)) > +#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) > + > +#define STAILQ_FOREACH(var, head, field) \ > + for ((var) = STAILQ_FIRST(head);\ > + (var) != STAILQ_END(head); \ > + (var) = STAILQ_NEXT(var, field)) > + > +#define STAILQ_FOREACH_SAFE(var, head, field, tvar) > \ > + for ((var) = STAILQ_FIRST(head);\ > + (var) && ((tvar) = STAILQ_NEXT(var, field), 1); \ > + (var) = (tvar)) > + > +/* > + * Singly-linked Tail queue functions. > + */ > +#define STAILQ_INIT(head) do { > \ > + (head)->stqh_first = NULL; \ > + (head)->stqh_last = &(head)->stqh_first;\ > +} while (0) > + > +#define STAILQ_INSERT_HEAD(head, elm, field) do { > \ > + if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ > + (head)->stqh_last = &STAILQ_NEXT((elm), field); \ > + STAILQ_FIRST((head)) = (elm); \ > +} while (0) > + > +#define STAILQ_INSERT_TAIL(head, elm, field) do { > \ > + STAILQ_NEXT((elm), field) = NULL; \ > + *(head)->stqh_last = (elm); \ > + (head)->stqh_last = &STAILQ_NEXT((elm), field); \ > +} while (0) > + > +#define STAILQ_INSERT_AFTER(head, listelm, elm, field) do { > \ > + if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((elm), field)) == NULL)\ > + (head)->stqh_last = &STAILQ_NEXT((elm), field); \ > + STAILQ_NEXT((elm), field) = (elm); \ > +} while (0) > + > +#define STAILQ_REMOVE_HEAD(head, field) do {\ > + if ((STAILQ_FIRST((head)) = \ > + STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ > + (head)->stqh_last = &STAILQ_FIRST((head)); \ > +} while (0) > + > +#define STAILQ_REMOVE_AFTER(head, elm, field) do { \ > + if ((STAILQ_NEXT(elm, field) = \ > + STAILQ_NEXT(STAILQ_NEXT(elm, field), field)) == NULL) \ > + (head)->stqh_last = &STAILQ_NEXT((elm), field); \ > +} while (0) > + > +#define STAILQ_REMOVE(head, elm, type, field) do { > \ > + if ((head)->stqh_first == (elm)) { \ > + STAILQ_REMOVE_HEAD((head), field); \ > + } else {
Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7
Le Sat, Dec 26, 2020 at 06:55:09PM +0100, Mark Kettenis a écrit : > > Date: Sat, 26 Dec 2020 18:39:36 +0100 > > From: Denis Fondras > > > > Le Sat, Dec 26, 2020 at 06:23:41PM +0100, Mark Kettenis a écrit : > > > > > This diff renames SIMPLEQ_* to STAILQ_* in /usr/src/sys/sys to unify > > > > > with FreeBSD and Linux. > > > > > > > > > > I added aliases at the end of queue.h to avoid breaking base too > > > > > much. they will > > > > > be removed as soon as diff 2,3,4,5,6,7 are commited. > > > > > > > > We'll need to run a ports bulk build without the aliases. (I can > > > > do that.) There will be some breakage. > > > > > > NetBSD and Solaris both provide SIMPLEQ_* and STAILQ_*. I'm not sure > > > removing one in favour of the other is helpful. > > > > > > > The "problem" is OpenBSD does not provide STAILQ_*. This difference forces > > OpenBSD porters to patch linux/freebsd-centered programs. > > NetBSD added STAILQ_* following FreeBSD. > > Right. But ports written for OpenBSD/NetBSD/Solaris might use > SIMPLEQ_*. My point is that removing one in favour of the other is > going to break stuff. So maybe we should provide both like NetBSD and > Solaris do? > > Which raises the question why STAILQ_* is better than SIMPLEQ_*? And > at which point I'd argue against the churn of doing > s/SIMPLEQ_*/STAILQ_*/ in base. >From the discussion that happened in april (https://marc.info/?l=openbsd-tech&m=158765582816198&w=2) with Todd C. Miller, I understood we had some kind of consensus to s/SIMPLEQ_*/STAILQ_*/. I might have gone too far with the numerous diffs and embedding unrelated changes.
Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7
Le Sat, Dec 26, 2020 at 06:23:41PM +0100, Mark Kettenis a écrit : > > > This diff renames SIMPLEQ_* to STAILQ_* in /usr/src/sys/sys to unify with > > > FreeBSD and Linux. > > > > > > I added aliases at the end of queue.h to avoid breaking base too much. > > > they will > > > be removed as soon as diff 2,3,4,5,6,7 are commited. > > > > We'll need to run a ports bulk build without the aliases. (I can > > do that.) There will be some breakage. > > NetBSD and Solaris both provide SIMPLEQ_* and STAILQ_*. I'm not sure > removing one in favour of the other is helpful. > The "problem" is OpenBSD does not provide STAILQ_*. This difference forces OpenBSD porters to patch linux/freebsd-centered programs. NetBSD added STAILQ_* following FreeBSD.
Rename SIMPLEQ_ to STAILQ_, diff 6/7 (usr.bin)
Rename SIMPLEQ_* to STAILQ_* in /usr/src/usr.bin Index: ctfconv/dw.c === RCS file: /cvs/src/usr.bin/ctfconv/dw.c,v retrieving revision 1.4 diff -u -p -r1.4 dw.c --- ctfconv/dw.c27 Sep 2017 08:59:38 - 1.4 +++ ctfconv/dw.c25 Dec 2020 16:23:20 - @@ -372,7 +372,7 @@ dw_attr_parse(struct dwbuf *dwbuf, struc return error; } - SIMPLEQ_INSERT_TAIL(davq, dav, dav_next); + STAILQ_INSERT_TAIL(davq, dav, dav_next); return 0; } @@ -381,12 +381,12 @@ dw_attr_purge(struct dwaval_queue *davq) { struct dwaval *dav; - while ((dav = SIMPLEQ_FIRST(davq)) != NULL) { - SIMPLEQ_REMOVE_HEAD(davq, dav_next); + while ((dav = STAILQ_FIRST(davq)) != NULL) { + STAILQ_REMOVE_HEAD(davq, dav_next); pfree(&dav_pool, dav); } - SIMPLEQ_INIT(davq); + STAILQ_INIT(davq); } static int @@ -412,7 +412,7 @@ dw_die_parse(struct dwbuf *dwbuf, size_t continue; } - SIMPLEQ_FOREACH(dab, dabq, dab_next) { + STAILQ_FOREACH(dab, dabq, dab_next) { if (dab->dab_code == code) break; } @@ -426,9 +426,9 @@ dw_die_parse(struct dwbuf *dwbuf, size_t die->die_lvl = lvl; die->die_dab = dab; die->die_offset = doff; - SIMPLEQ_INIT(&die->die_avals); + STAILQ_INIT(&die->die_avals); - SIMPLEQ_FOREACH(dat, &dab->dab_attrs, dat_next) { + STAILQ_FOREACH(dat, &dab->dab_attrs, dat_next) { error = dw_attr_parse(dwbuf, dat, psz, &die->die_avals); if (error != 0) { dw_attr_purge(&die->die_avals); @@ -439,7 +439,7 @@ dw_die_parse(struct dwbuf *dwbuf, size_t if (dab->dab_children == DW_CHILDREN_yes) lvl++; - SIMPLEQ_INSERT_TAIL(dieq, die, die_next); + STAILQ_INSERT_TAIL(dieq, die, die_next); } return 0; @@ -450,13 +450,13 @@ dw_die_purge(struct dwdie_queue *dieq) { struct dwdie*die; - while ((die = SIMPLEQ_FIRST(dieq)) != NULL) { - SIMPLEQ_REMOVE_HEAD(dieq, die_next); + while ((die = STAILQ_FIRST(dieq)) != NULL) { + STAILQ_REMOVE_HEAD(dieq, die_next); dw_attr_purge(&die->die_avals); pfree(&die_pool, die); } - SIMPLEQ_INIT(dieq); + STAILQ_INIT(dieq); } int @@ -484,9 +484,9 @@ dw_ab_parse(struct dwbuf *abseg, struct dab->dab_code = code; dab->dab_tag = tag; dab->dab_children = children; - SIMPLEQ_INIT(&dab->dab_attrs); + STAILQ_INIT(&dab->dab_attrs); - SIMPLEQ_INSERT_TAIL(dabq, dab, dab_next); + STAILQ_INSERT_TAIL(dabq, dab, dab_next); for (;;) { struct dwattr *dat; @@ -506,7 +506,7 @@ dw_ab_parse(struct dwbuf *abseg, struct dat->dat_attr = attr; dat->dat_form = form; - SIMPLEQ_INSERT_TAIL(&dab->dab_attrs, dat, dat_next); + STAILQ_INSERT_TAIL(&dab->dab_attrs, dat, dat_next); } } @@ -518,19 +518,19 @@ dw_dabq_purge(struct dwabbrev_queue *dab { struct dwabbrev *dab; - while ((dab = SIMPLEQ_FIRST(dabq)) != NULL) { + while ((dab = STAILQ_FIRST(dabq)) != NULL) { struct dwattr *dat; - SIMPLEQ_REMOVE_HEAD(dabq, dab_next); - while ((dat = SIMPLEQ_FIRST(&dab->dab_attrs)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&dab->dab_attrs, dat_next); + STAILQ_REMOVE_HEAD(dabq, dab_next); + while ((dat = STAILQ_FIRST(&dab->dab_attrs)) != NULL) { + STAILQ_REMOVE_HEAD(&dab->dab_attrs, dat_next); pfree(&dat_pool, dat); } pfree(&dab_pool, dab); } - SIMPLEQ_INIT(dabq); + STAILQ_INIT(dabq); } int @@ -599,8 +599,8 @@ dw_cu_parse(struct dwbuf *info, struct d dcu->dcu_version = version; dcu->dcu_abbroff = abbroff; dcu->dcu_psize = psz; - SIMPLEQ_INIT(&dcu->dcu_abbrevs); - SIMPLEQ_INIT(&dcu->dcu_dies); + STAILQ_INIT(&dcu->dcu_abbrevs); + STAILQ_INIT(&dcu->dcu_dies); error = dw_ab_parse(&abseg, &dcu->dcu_abbrevs); if (error != 0) { Index: ctfconv/dw.h === RCS file: /cvs/src/usr.bin/ctfconv/dw.h,v retrieving revision 1.2 diff -u -p -r1.2 dw.h --- ctfconv/dw.h11 Aug 2017 14:58:56 - 1.2 +++ ctfconv/dw.h25 Dec 2020 16:23:20 - @@ -25
Rename SIMPLEQ_ to STAILQ_, diff 5/7 (usr.sbin)
Rename SIMPLEQ_* to STAILQ_* in /usr/src/usr.sbin Index: bgpd/bgpd.c === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v retrieving revision 1.230 diff -u -p -r1.230 bgpd.c --- bgpd/bgpd.c 5 Nov 2020 11:52:59 - 1.230 +++ bgpd/bgpd.c 25 Dec 2020 16:21:29 - @@ -57,7 +57,7 @@ pid_t reconfpid; int reconfpending; struct imsgbuf *ibuf_se; struct imsgbuf *ibuf_rde; -struct rib_namesribnames = SIMPLEQ_HEAD_INITIALIZER(ribnames); +struct rib_namesribnames = STAILQ_HEAD_INITIALIZER(ribnames); char *cname; char *rcname; @@ -176,8 +176,8 @@ main(int argc, char *argv[]) else fprintf(stderr, "configuration OK\n"); - while ((rr = SIMPLEQ_FIRST(&ribnames)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&ribnames, entry); + while ((rr = STAILQ_FIRST(&ribnames)) != NULL) { + STAILQ_REMOVE_HEAD(&ribnames, entry); free(rr); } free_config(conf); @@ -380,8 +380,8 @@ BROKEN if (pledge("stdio rpath wpath cpa RB_FOREACH(p, peer_head, &conf->peers) pfkey_remove(p); - while ((rr = SIMPLEQ_FIRST(&ribnames)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&ribnames, entry); + while ((rr = STAILQ_FIRST(&ribnames)) != NULL) { + STAILQ_REMOVE_HEAD(&ribnames, entry); free(rr); } free_config(conf); @@ -528,8 +528,8 @@ send_config(struct bgpd_config *conf) ktable_preload(); /* RIBs for the RDE */ - while ((rr = SIMPLEQ_FIRST(&ribnames))) { - SIMPLEQ_REMOVE_HEAD(&ribnames, entry); + while ((rr = STAILQ_FIRST(&ribnames))) { + STAILQ_REMOVE_HEAD(&ribnames, entry); if (ktable_update(rr->rtableid, rr->name, rr->flags, conf->fib_priority) == -1) { log_warnx("failed to load rdomain %d", @@ -557,8 +557,8 @@ send_config(struct bgpd_config *conf) kr_net_reload(conf->default_tableid, 0, &conf->networks); /* prefixsets for filters in the RDE */ - while ((ps = SIMPLEQ_FIRST(&conf->prefixsets)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&conf->prefixsets, entry); + while ((ps = STAILQ_FIRST(&conf->prefixsets)) != NULL) { + STAILQ_REMOVE_HEAD(&conf->prefixsets, entry); if (imsg_compose(ibuf_rde, IMSG_RECONF_PREFIX_SET, 0, 0, -1, ps->name, sizeof(ps->name)) == -1) return (-1); @@ -574,8 +574,8 @@ send_config(struct bgpd_config *conf) } /* originsets for filters in the RDE */ - while ((ps = SIMPLEQ_FIRST(&conf->originsets)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&conf->originsets, entry); + while ((ps = STAILQ_FIRST(&conf->originsets)) != NULL) { + STAILQ_REMOVE_HEAD(&conf->originsets, entry); if (imsg_compose(ibuf_rde, IMSG_RECONF_ORIGIN_SET, 0, 0, -1, ps->name, sizeof(ps->name)) == -1) return (-1); @@ -625,12 +625,12 @@ send_config(struct bgpd_config *conf) } /* as-sets for filters in the RDE */ - while ((aset = SIMPLEQ_FIRST(&conf->as_sets)) != NULL) { + while ((aset = STAILQ_FIRST(&conf->as_sets)) != NULL) { struct ibuf *wbuf; u_int32_t *as; size_t i, l, n; - SIMPLEQ_REMOVE_HEAD(&conf->as_sets, entry); + STAILQ_REMOVE_HEAD(&conf->as_sets, entry); as = set_get(aset->set, &n); if ((wbuf = imsg_create(ibuf_rde, IMSG_RECONF_AS_SET, 0, 0, @@ -668,8 +668,8 @@ send_config(struct bgpd_config *conf) free(r); } - while ((vpn = SIMPLEQ_FIRST(&conf->l3vpns)) != NULL) { - SIMPLEQ_REMOVE_HEAD(&conf->l3vpns, entry); + while ((vpn = STAILQ_FIRST(&conf->l3vpns)) != NULL) { + STAILQ_REMOVE_HEAD(&conf->l3vpns, entry); if (ktable_update(vpn->rtableid, vpn->descr, vpn->flags, conf->fib_priority) == -1) { log_warnx("failed to load rdomain %d", Index: bgpd/bgpd.h === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v retrieving revision 1.406 diff -u -p -r1.406 bgpd.h --- bgpd/bgpd.h 23 Dec 2020 13:20:47 - 1.406 +++ bgpd/bgpd.h 25 Dec 2020 16:21:30 - @@ -237,13 +237,13 @@ struct peer; RB_HEAD(peer_head, peer); struct l3vpn; -SIMPLEQ_HEAD(l3vpn_head, l3vpn); +STAILQ_HEAD(l3vpn_head, l3vpn); struct network; TAILQ_HEAD(network_head, network); struct prefixset; -SIMPLEQ_HEAD(prefixset_head, prefixset); +STAILQ_HEAD(prefixset_head, prefixset); struct prefixset_item; RB_HEAD(prefixset_tr
Rename SIMPLEQ_ to STAILQ_, diff 7/7 (man+regress)
Rename SIMPLEQ_* to STAILQ_* in /usr/src/share and /usr/src/regress Index: regress/usr.sbin/bgpd/unittests/rde_sets_test.c === RCS file: /cvs/src/regress/usr.sbin/bgpd/unittests/rde_sets_test.c,v retrieving revision 1.7 diff -u -p -r1.7 rde_sets_test.c --- regress/usr.sbin/bgpd/unittests/rde_sets_test.c 17 Dec 2019 11:57:16 - 1.7 +++ regress/usr.sbin/bgpd/unittests/rde_sets_test.c 25 Dec 2020 16:40:36 - @@ -54,7 +54,7 @@ main(int argc, char **argv) struct as_set *a, *aa, *b, *c, *empty; size_t i; - SIMPLEQ_INIT(&as_sets); + STAILQ_INIT(&as_sets); a = build_set("a", va, sizeof(va) / sizeof(va[0]), sizeof(va) / sizeof(va[0])); Index: share/man/man3/queue.3 === RCS file: /cvs/src/share/man/man3/queue.3,v retrieving revision 1.67 diff -u -p -r1.67 queue.3 --- share/man/man3/queue.3 13 Jul 2020 01:28:10 - 1.67 +++ share/man/man3/queue.3 25 Dec 2020 16:40:36 - @@ -62,21 +62,21 @@ .Nm LIST_INSERT_HEAD , .Nm LIST_REMOVE , .Nm LIST_REPLACE , -.Nm SIMPLEQ_ENTRY , -.Nm SIMPLEQ_HEAD , -.Nm SIMPLEQ_HEAD_INITIALIZER , -.Nm SIMPLEQ_FIRST , -.Nm SIMPLEQ_NEXT , -.Nm SIMPLEQ_EMPTY , -.Nm SIMPLEQ_FOREACH , -.Nm SIMPLEQ_FOREACH_SAFE , -.Nm SIMPLEQ_INIT , -.Nm SIMPLEQ_INSERT_AFTER , -.Nm SIMPLEQ_INSERT_HEAD , -.Nm SIMPLEQ_INSERT_TAIL , -.Nm SIMPLEQ_REMOVE_AFTER , -.Nm SIMPLEQ_REMOVE_HEAD , -.Nm SIMPLEQ_CONCAT , +.Nm STAILQ_ENTRY , +.Nm STAILQ_HEAD , +.Nm STAILQ_HEAD_INITIALIZER , +.Nm STAILQ_FIRST , +.Nm STAILQ_NEXT , +.Nm STAILQ_EMPTY , +.Nm STAILQ_FOREACH , +.Nm STAILQ_FOREACH_SAFE , +.Nm STAILQ_INIT , +.Nm STAILQ_INSERT_AFTER , +.Nm STAILQ_INSERT_HEAD , +.Nm STAILQ_INSERT_TAIL , +.Nm STAILQ_REMOVE_AFTER , +.Nm STAILQ_REMOVE_HEAD , +.Nm STAILQ_CONCAT , .Nm TAILQ_ENTRY , .Nm TAILQ_HEAD , .Nm TAILQ_HEAD_INITIALIZER , @@ -97,7 +97,7 @@ .Nm TAILQ_REMOVE , .Nm TAILQ_REPLACE , .Nm TAILQ_CONCAT -.Nd intrusive singly-linked and doubly-linked lists, simple queues, and tail queues +.Nd intrusive singly-linked and doubly-linked lists, singly-linked tail queues, and tail queues .Sh SYNOPSIS .In sys/queue.h .Pp @@ -149,30 +149,30 @@ .Ft void .Fn LIST_REPLACE "struct TYPE *elm" "struct TYPE *elm2" "FIELDNAME" .Pp -.Fn SIMPLEQ_ENTRY "TYPE" -.Fn SIMPLEQ_HEAD "HEADNAME" "TYPE" -.Fn SIMPLEQ_HEAD_INITIALIZER "SIMPLEQ_HEAD head" +.Fn STAILQ_ENTRY "TYPE" +.Fn STAILQ_HEAD "HEADNAME" "TYPE" +.Fn STAILQ_HEAD_INITIALIZER "STAILQ_HEAD head" .Ft "struct TYPE *" -.Fn SIMPLEQ_FIRST "SIMPLEQ_HEAD *head" +.Fn STAILQ_FIRST "STAILQ_HEAD *head" .Ft "struct TYPE *" -.Fn SIMPLEQ_NEXT "struct TYPE *listelm" "FIELDNAME" +.Fn STAILQ_NEXT "struct TYPE *listelm" "FIELDNAME" .Ft int -.Fn SIMPLEQ_EMPTY "SIMPLEQ_HEAD *head" -.Fn SIMPLEQ_FOREACH "VARNAME" "SIMPLEQ_HEAD *head" "FIELDNAME" -.Fn SIMPLEQ_FOREACH_SAFE "VARNAME" "SIMPLEQ_HEAD *head" "FIELDNAME" "TEMP_VARNAME" +.Fn STAILQ_EMPTY "STAILQ_HEAD *head" +.Fn STAILQ_FOREACH "VARNAME" "STAILQ_HEAD *head" "FIELDNAME" +.Fn STAILQ_FOREACH_SAFE "VARNAME" "STAILQ_HEAD *head" "FIELDNAME" "TEMP_VARNAME" .Ft void -.Fn SIMPLEQ_INIT "SIMPLEQ_HEAD *head" +.Fn STAILQ_INIT "STAILQ_HEAD *head" .Ft void -.Fn SIMPLEQ_INSERT_AFTER "SIMPLEQ_HEAD *head" "struct TYPE *listelm" "struct TYPE *elm" "FIELDNAME" +.Fn STAILQ_INSERT_AFTER "STAILQ_HEAD *head" "struct TYPE *listelm" "struct TYPE *elm" "FIELDNAME" .Ft void -.Fn SIMPLEQ_INSERT_HEAD "SIMPLEQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" +.Fn STAILQ_INSERT_HEAD "STAILQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" .Ft void -.Fn SIMPLEQ_INSERT_TAIL "SIMPLEQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" +.Fn STAILQ_INSERT_TAIL "STAILQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" .Ft void -.Fn SIMPLEQ_REMOVE_AFTER "SIMPLEQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" +.Fn STAILQ_REMOVE_AFTER "STAILQ_HEAD *head" "struct TYPE *elm" "FIELDNAME" .Ft void -.Fn SIMPLEQ_REMOVE_HEAD "SIMPLEQ_HEAD *head" "FIELDNAME" -.Fn SIMPLEQ_CONCAT "SIMPLEQ_HEAD *head1" "SIMPLEQ_HEAD *head2" +.Fn STAILQ_REMOVE_HEAD "STAILQ_HEAD *head" "FIELDNAME" +.Fn STAILQ_CONCAT "STAILQ_HEAD *head1" "STAILQ_HEAD *head2" .Pp .Fn TAILQ_ENTRY "TYPE" .Fn TAILQ_HEAD "HEADNAME" "TYPE" @@ -208,7 +208,7 @@ .Fn TAILQ_CONCAT "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "FIELDNAME" .Sh DESCRIPTION These macros define and operate on four types of data structures: -singly-linked lists, simple queues, lists, and tail queues. +singly-linked lists, singly-linked tail queues, lists, and tail queues. All four structures support the following functionality: .Pp .Bl -enum -compact -offset indent @@ -237,7 +237,7 @@ and support only the above functionality Singly-linked lists are ideal for applications with large datasets and few or no removals, or for implementing a LIFO queue. .Pp -Simple queues add the following functionality: +Singly-linked tail queues add the following functionality: .Pp
Rename SIMPLEQ_ to STAILQ_, diff 4/7 (sbin)
Rename SIMPLEQ_* to STAILQ_* in /usr/src/sbin Index: iked/iked.h === RCS file: /cvs/src/sbin/iked/iked.h,v retrieving revision 1.179 diff -u -p -r1.179 iked.h --- iked/iked.h 21 Dec 2020 22:49:36 - 1.179 +++ iked/iked.h 25 Dec 2020 16:19:24 - @@ -531,9 +531,9 @@ RB_HEAD(iked_addrpool6, iked_sa); struct iked_certreq { struct ibuf *cr_data; uint8_t cr_type; - SIMPLEQ_ENTRY(iked_certreq) cr_entry; + STAILQ_ENTRY(iked_certreq) cr_entry; }; -SIMPLEQ_HEAD(iked_certreqs, iked_certreq); +STAILQ_HEAD(iked_certreqs, iked_certreq); #define EAP_STATE_IDENTITY (1) #define EAP_STATE_MSCHAPV2_CHALLENGE (2) Index: iked/ikev2.c === RCS file: /cvs/src/sbin/iked/ikev2.c,v retrieving revision 1.292 diff -u -p -r1.292 ikev2.c --- iked/ikev2.c21 Dec 2020 22:49:36 - 1.292 +++ iked/ikev2.c25 Dec 2020 16:19:24 - @@ -3404,7 +3404,7 @@ ikev2_handle_certreq(struct iked* env, s * We could alternatively extract the CA from the peer certificate * to find a matching local one. */ - if (SIMPLEQ_EMPTY(&msg->msg_certreqs)) { + if (STAILQ_EMPTY(&msg->msg_certreqs)) { if (sa->sa_policy->pol_certreqtype) crtype = sa->sa_policy->pol_certreqtype; else @@ -3413,8 +3413,8 @@ ikev2_handle_certreq(struct iked* env, s crtype, 0, ibuf_data(env->sc_certreq), ibuf_size(env->sc_certreq), PROC_CERT); } else { - while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) { - if (SIMPLEQ_NEXT(cr, cr_entry) != NULL) + while ((cr = STAILQ_FIRST(&msg->msg_certreqs))) { + if (STAILQ_NEXT(cr, cr_entry) != NULL) more = 1; else more = 0; @@ -3425,7 +3425,7 @@ ikev2_handle_certreq(struct iked* env, s PROC_CERT); ibuf_release(cr->cr_data); - SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); + STAILQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); free(cr); } } Index: iked/ikev2_msg.c === RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v retrieving revision 1.77 diff -u -p -r1.77 ikev2_msg.c --- iked/ikev2_msg.c29 Oct 2020 21:49:58 - 1.77 +++ iked/ikev2_msg.c25 Dec 2020 16:19:24 - @@ -95,7 +95,7 @@ ikev2_msg_cb(int fd, short event, void * return; TAILQ_INIT(&msg.msg_proposals); - SIMPLEQ_INIT(&msg.msg_certreqs); + STAILQ_INIT(&msg.msg_certreqs); msg.msg_fd = fd; if (hdr.ike_version == IKEV1_VERSION) @@ -211,9 +211,9 @@ ikev2_msg_cleanup(struct iked *env, stru msg->msg_cp_addr6 = NULL; config_free_proposals(&msg->msg_proposals, 0); - while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) { + while ((cr = STAILQ_FIRST(&msg->msg_certreqs))) { ibuf_release(cr->cr_data); - SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); + STAILQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); free(cr); } } Index: iked/ikev2_pld.c === RCS file: /cvs/src/sbin/iked/ikev2_pld.c,v retrieving revision 1.114 diff -u -p -r1.114 ikev2_pld.c --- iked/ikev2_pld.c25 Nov 2020 22:17:14 - 1.114 +++ iked/ikev2_pld.c25 Dec 2020 16:19:24 - @@ -899,7 +899,7 @@ ikev2_pld_certreq(struct iked *env, stru return (-1); } cr->cr_type = cert.cert_type; - SIMPLEQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry); + STAILQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry); return (0); } Index: iked/pfkey.c === RCS file: /cvs/src/sbin/iked/pfkey.c,v retrieving revision 1.74 diff -u -p -r1.74 pfkey.c --- iked/pfkey.c4 Dec 2020 16:18:14 - 1.74 +++ iked/pfkey.c25 Dec 2020 16:19:24 - @@ -57,13 +57,13 @@ static struct event pfkey_timer_ev; static struct timeval pfkey_timer_tv; struct pfkey_message { - SIMPLEQ_ENTRY(pfkey_message) + STAILQ_ENTRY(pfkey_message) pm_entry; uint8_t *pm_data; ssize_t pm_length; }; -SIMPLEQ_HEAD(, pfkey_message) pfkey_retry, pfkey_postponed = -SIMPLEQ_HEAD_INITIALIZER(pfkey_postponed); +STAILQ_HEAD(, pfkey_message) pfkey_retry, pfkey_postponed = +STAILQ_HEAD_INITIALIZER(pfkey_
Rename SIMPLEQ_ to STAILQ_, diff 3/7 (lib)
Rename SIMPLEQ_ to STAILQ_ in /usr/src/lib Index: libc/gen/posix_spawn.c === RCS file: /cvs/src/lib/libc/gen/posix_spawn.c,v retrieving revision 1.10 diff -u -p -r1.10 posix_spawn.c --- libc/gen/posix_spawn.c 28 Jun 2019 13:32:41 - 1.10 +++ libc/gen/posix_spawn.c 25 Dec 2020 16:17:01 - @@ -46,11 +46,11 @@ struct __posix_spawnattr { }; struct __posix_spawn_file_actions { - SIMPLEQ_HEAD(, __posix_spawn_file_actions_entry) fa_list; + STAILQ_HEAD(, __posix_spawn_file_actions_entry) fa_list; }; typedef struct __posix_spawn_file_actions_entry { - SIMPLEQ_ENTRY(__posix_spawn_file_actions_entry) fae_list; + STAILQ_ENTRY(__posix_spawn_file_actions_entry) fae_list; enum { FAE_OPEN, FAE_DUP2, FAE_CLOSE } fae_action; int fae_fildes; @@ -182,7 +182,7 @@ process_file_actions(const posix_spawn_f int error; /* Replay all file descriptor modifications */ - SIMPLEQ_FOREACH(fae, &fa->fa_list, fae_list) { + STAILQ_FOREACH(fae, &fa->fa_list, fae_list) { error = process_file_actions_entry(fae); if (error) return (error); @@ -258,7 +258,7 @@ posix_spawn_file_actions_init(posix_spaw if (fa == NULL) return (errno); - SIMPLEQ_INIT(&fa->fa_list); + STAILQ_INIT(&fa->fa_list); *ret = fa; return (0); } @@ -268,9 +268,9 @@ posix_spawn_file_actions_destroy(posix_s { posix_spawn_file_actions_entry_t *fae; - while ((fae = SIMPLEQ_FIRST(&(*fa)->fa_list)) != NULL) { + while ((fae = STAILQ_FIRST(&(*fa)->fa_list)) != NULL) { /* Remove file action entry from the queue */ - SIMPLEQ_REMOVE_HEAD(&(*fa)->fa_list, fae_list); + STAILQ_REMOVE_HEAD(&(*fa)->fa_list, fae_list); /* Deallocate file action entry */ if (fae->fae_action == FAE_OPEN) @@ -309,7 +309,7 @@ posix_spawn_file_actions_addopen(posix_s fae->fae_oflag = oflag; fae->fae_mode = mode; - SIMPLEQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); + STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); return (0); } @@ -332,7 +332,7 @@ posix_spawn_file_actions_adddup2(posix_s fae->fae_fildes = fildes; fae->fae_newfildes = newfildes; - SIMPLEQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); + STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); return (0); } @@ -354,7 +354,7 @@ posix_spawn_file_actions_addclose(posix_ fae->fae_action = FAE_CLOSE; fae->fae_fildes = fildes; - SIMPLEQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); + STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); return (0); } Index: libfuse/fuse_private.h === RCS file: /cvs/src/lib/libfuse/fuse_private.h,v retrieving revision 1.22 diff -u -p -r1.22 fuse_private.h --- libfuse/fuse_private.h 16 Nov 2018 02:16:17 - 1.22 +++ libfuse/fuse_private.h 25 Dec 2020 16:17:01 - @@ -38,7 +38,7 @@ struct fuse_vnode { char path[NAME_MAX + 1]; - SIMPLEQ_ENTRY(fuse_vnode) node; /* for dict */ + STAILQ_ENTRY(fuse_vnode) node; /* for dict */ }; struct fuse_dirhandle { @@ -52,7 +52,7 @@ struct fuse_dirhandle { off_t off; }; -SIMPLEQ_HEAD(fuse_vn_head, fuse_vnode); +STAILQ_HEAD(fuse_vn_head, fuse_vnode); SPLAY_HEAD(dict, dictentry); SPLAY_HEAD(tree, treeentry); Index: libfuse/fuse_subr.c === RCS file: /cvs/src/lib/libfuse/fuse_subr.c,v retrieving revision 1.12 diff -u -p -r1.12 fuse_subr.c --- libfuse/fuse_subr.c 21 May 2018 11:47:46 - 1.12 +++ libfuse/fuse_subr.c 25 Dec 2020 16:17:01 - @@ -94,19 +94,19 @@ set_vn(struct fuse *f, struct fuse_vnode vn_head = malloc(sizeof(*vn_head)); if (vn_head == NULL) return (0); - SIMPLEQ_INIT(vn_head); + STAILQ_INIT(vn_head); } else { vn_head = dict_get(&f->name_tree, v->path); if (vn_head == NULL) return (0); } - SIMPLEQ_FOREACH(vn, vn_head, node) { + STAILQ_FOREACH(vn, vn_head, node) { if (v->parent == vn->parent && v->ino == vn->ino) return (1); } - SIMPLEQ_INSERT_TAIL(vn_head, v, node); + STAILQ_INSERT_TAIL(vn_head, v, node); dict_set(&f->name_tree, v->path, vn_head); return (1); @@ -124,7 +124,7 @@ remove_vnode_from_name_tree(struct fuse return; lastv = NULL; - SIMPLEQ_FOREACH(v, vn_head, node) { + STAILQ_FOREACH(v, vn_head, node) { if (v->parent == vn->parent) break; @@ -134,13 +134,13 @@ remove_
Rename SIMPLEQ_ to STAILQ_, diff 1/7
mpi@ reminded me I had this diff cooking. This diff renames SIMPLEQ_* to STAILQ_* in /usr/src/sys/sys to unify with FreeBSD and Linux. I added aliases at the end of queue.h to avoid breaking base too much. they will be removed as soon as diff 2,3,4,5,6,7 are commited. net/sniproxy has a patch to define STAILQ_*, it may be removed later. Index: buf.h === RCS file: /cvs/src/sys/sys/buf.h,v retrieving revision 1.112 diff -u -p -r1.112 buf.h --- buf.h 29 Nov 2019 01:04:08 - 1.112 +++ buf.h 25 Dec 2020 14:24:08 - @@ -105,15 +105,15 @@ void bufq_quiesce(void); voidbufq_restart(void); /* fifo */ -SIMPLEQ_HEAD(bufq_fifo_head, buf); +STAILQ_HEAD(bufq_fifo_head, buf); struct bufq_fifo { - SIMPLEQ_ENTRY(buf) bqf_entries; + STAILQ_ENTRY(buf) bqf_entries; }; /* nscan */ -SIMPLEQ_HEAD(bufq_nscan_head, buf); +STAILQ_HEAD(bufq_nscan_head, buf); struct bufq_nscan { - SIMPLEQ_ENTRY(buf) bqf_entries; + STAILQ_ENTRY(buf) bqf_entries; }; /* bufq link in struct buf */ Index: fusebuf.h === RCS file: /cvs/src/sys/sys/fusebuf.h,v retrieving revision 1.13 diff -u -p -r1.13 fusebuf.h --- fusebuf.h 19 Jun 2018 11:27:54 - 1.13 +++ fusebuf.h 25 Dec 2020 14:24:08 - @@ -27,7 +27,7 @@ /* header at beginning of each fusebuf: */ struct fb_hdr { - SIMPLEQ_ENTRY(fusebuf) fh_next;/* next buffer in chain */ + STAILQ_ENTRY(fusebuf) fh_next;/* next buffer in chain */ size_t fh_len; /* Amount of data */ int fh_err; /* errno to pass back */ int fh_type;/* type of data */ Index: pool.h === RCS file: /cvs/src/sys/sys/pool.h,v retrieving revision 1.77 diff -u -p -r1.77 pool.h --- pool.h 19 Jul 2019 09:03:03 - 1.77 +++ pool.h 25 Dec 2020 14:24:08 - @@ -152,7 +152,7 @@ struct pool { union pool_lock pr_lock; const struct pool_lock_ops * pr_lock_ops; - SIMPLEQ_ENTRY(pool) + STAILQ_ENTRY(pool) pr_poollist; struct pool_pagelist pr_emptypages; /* Empty pages */ Index: queue.h === RCS file: /cvs/src/sys/sys/queue.h,v retrieving revision 1.45 diff -u -p -r1.45 queue.h --- queue.h 12 Jul 2018 14:22:54 - 1.45 +++ queue.h 25 Dec 2020 14:24:08 - @@ -96,7 +96,7 @@ struct name { \ struct type *slh_first; /* first element */ \ } -#defineSLIST_HEAD_INITIALIZER(head) \ +#define SLIST_HEAD_INITIALIZER(head) \ { NULL } #define SLIST_ENTRY(type) \ @@ -107,43 +107,43 @@ struct { \ /* * Singly-linked List access methods. */ -#defineSLIST_FIRST(head) ((head)->slh_first) -#defineSLIST_END(head) NULL -#defineSLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) -#defineSLIST_NEXT(elm, field) ((elm)->field.sle_next) +#define SLIST_FIRST(head) ((head)->slh_first) +#define SLIST_END(head)NULL +#define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) +#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) -#defineSLIST_FOREACH(var, head, field) \ +#define SLIST_FOREACH(var, head, field) \ for((var) = SLIST_FIRST(head); \ (var) != SLIST_END(head); \ (var) = SLIST_NEXT(var, field)) -#defineSLIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = SLIST_FIRST(head); \ +#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SLIST_FIRST(head); \ (var) && ((tvar) = SLIST_NEXT(var, field), 1); \ (var) = (tvar)) /* * Singly-linked List functions. */ -#defineSLIST_INIT(head) { \ +#define SLIST_INIT(head) { \ SLIST_FIRST(head) = SLIST_END(head);\ } -#defineSLIST_INSERT_AFTER(slistelm, elm, field) do { \ +#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ (elm)->field.sle_next = (slistelm)->field.sle_next;
Re: Document art locking fields
On Wed, Nov 11, 2020 at 05:25:25AM -0300, Martin Pieuchot wrote: > While discussing the new source address mechanism with denis@, I figured > those ought to be documented. > > Note that `ar_rtableid' is unused and can die. The ART code is actually > free from any network knowledge. > > ok? > it seems sound. OK denis@ > Index: net/art.c > === > RCS file: /cvs/src/sys/net/art.c,v > retrieving revision 1.28 > diff -u -p -r1.28 art.c > --- net/art.c 31 Mar 2019 19:29:27 - 1.28 > +++ net/art.c 9 Nov 2020 19:52:48 - > @@ -115,7 +115,6 @@ art_alloc(unsigned int rtableid, unsigne > } > > ar->ar_off = off; > - ar->ar_rtableid = rtableid; > rw_init(&ar->ar_lock, "art"); > > return (ar); > Index: net/art.h > === > RCS file: /cvs/src/sys/net/art.h,v > retrieving revision 1.19 > diff -u -p -r1.19 art.h > --- net/art.h 29 Oct 2020 21:15:27 - 1.19 > +++ net/art.h 9 Nov 2020 19:52:42 - > @@ -27,16 +27,22 @@ > > /* > * Root of the ART tables, equivalent to the radix head. > + * > + * Locks used to protect struct members in this file: > + * I immutable after creation > + * l root's `ar_lock' > + * K kernel lock > + * For SRP related structures that allow lock-free reads, the write lock > + * is indicated below. > */ > struct art_root { > - struct srp ar_root; /* First table */ > - struct rwlockar_lock; /* Serialise modifications */ > - uint8_t ar_bits[ART_MAXLVL]; /* Per level stride */ > - uint8_t ar_nlvl; /* Number of levels */ > - uint8_t ar_alen; /* Address length in bits */ > - uint8_t ar_off;/* Offset of the key in bytes */ > - unsigned int ar_rtableid; /* ID of this routing table */ > - struct sockaddr *source;/* optional src addr to use */ > + struct srp ar_root; /* [l] First table */ > + struct rwlockar_lock; /* [] Serialise modifications */ > + uint8_t ar_bits[ART_MAXLVL]; /* [I] Per level stride */ > + uint8_t ar_nlvl; /* [I] Number of levels */ > + uint8_t ar_alen; /* [I] Address length in bits */ > + uint8_t ar_off;/* [I] Offset of key in bytes */ > + struct sockaddr *source;/* [K] optional src addr to use > */ > }; > > #define ISLEAF(e)(((unsigned long)(e) & 1) == 0) >
Use selected source IP when replying to reflecting ICMP
ICMP error replies are sent from the IP of the interface the packet came in even when the source IP was forced with route(8). Index: netinet/ip_icmp.c === RCS file: /cvs/src/sys/netinet/ip_icmp.c,v retrieving revision 1.183 diff -u -p -r1.183 ip_icmp.c --- netinet/ip_icmp.c 22 Aug 2020 17:55:54 - 1.183 +++ netinet/ip_icmp.c 8 Nov 2020 16:48:15 - @@ -689,6 +689,8 @@ icmp_reflect(struct mbuf *m, struct mbuf struct mbuf *opts = NULL; struct sockaddr_in sin; struct rtentry *rt = NULL; + struct sockaddr *ip4_source = NULL; + struct in_addr src; int optlen = (ip->ip_hl << 2) - sizeof(struct ip); u_int rtableid; @@ -707,6 +709,7 @@ icmp_reflect(struct mbuf *m, struct mbuf m_resethdr(m); m->m_pkthdr.ph_rtableid = rtableid; + memset(&src, 0, sizeof(struct in_addr)); /* * If the incoming packet was addressed directly to us, * use dst as the src for the reply. For broadcast, use @@ -721,7 +724,7 @@ icmp_reflect(struct mbuf *m, struct mbuf rt = rtalloc(sintosa(&sin), 0, rtableid); if (rtisvalid(rt) && ISSET(rt->rt_flags, RTF_LOCAL|RTF_BROADCAST)) - ia = ifatoia(rt->rt_ifa); + src = ifatoia(rt->rt_ifa)->ia_addr.sin_addr; } /* @@ -729,7 +732,7 @@ icmp_reflect(struct mbuf *m, struct mbuf * Use the new source address and do a route lookup. If it fails * drop the packet as there is no path to the host. */ - if (ia == NULL) { + if (src.s_addr == 0) { rtfree(rt); memset(&sin, 0, sizeof(sin)); @@ -745,14 +748,23 @@ icmp_reflect(struct mbuf *m, struct mbuf return (EHOSTUNREACH); } - ia = ifatoia(rt->rt_ifa); + ip4_source = rtable_getsource(rtableid, AF_INET); + if (ip4_source != NULL) { + struct ifaddr *ifa; + if ((ifa = ifa_ifwithaddr(ip4_source, rtableid)) != + NULL && ISSET(ifa->ifa_ifp->if_flags, IFF_UP)) { + src = satosin(ip4_source)->sin_addr; + } + } + if (src.s_addr == 0) + src = ifatoia(rt->rt_ifa)->ia_addr.sin_addr; } ip->ip_dst = ip->ip_src; ip->ip_ttl = MAXTTL; /* It is safe to dereference ``ia'' iff ``rt'' is valid. */ - ip->ip_src = ia->ia_addr.sin_addr; + ip->ip_src = src; rtfree(rt); if (optlen > 0) { Index: netinet6/icmp6.c === RCS file: /cvs/src/sys/netinet6/icmp6.c,v retrieving revision 1.233 diff -u -p -r1.233 icmp6.c --- netinet6/icmp6.c28 Oct 2020 17:27:35 - 1.233 +++ netinet6/icmp6.c8 Nov 2020 16:48:15 - @@ -1146,6 +1146,7 @@ icmp6_reflect(struct mbuf **mp, size_t o if (src == NULL) { struct in6_ifaddr *ia6; + struct sockaddr *ip6_source = NULL; /* * This case matches to multicasts, our anycast, or unicasts @@ -1164,7 +1165,15 @@ icmp6_reflect(struct mbuf **mp, size_t o goto bad; } ia6 = in6_ifawithscope(rt->rt_ifa->ifa_ifp, &t, rtableid); - if (ia6 != NULL) + ip6_source = rtable_getsource(rtableid, AF_INET6); + if (ip6_source != NULL) { + struct ifaddr *ifa; + if ((ifa = ifa_ifwithaddr(ip6_source, rtableid)) != + NULL && ISSET(ifa->ifa_ifp->if_flags, IFF_UP)) { + src = &satosin6(ip6_source)->sin6_addr; + } + } + if (src == NULL && ia6 != NULL) src = &ia6->ia_addr.sin6_addr; if (src == NULL) src = &ifatoia6(rt->rt_ifa)->ia_addr.sin6_addr;
route sourceaddr works with p2p interfaces
Hi, route(8) sourceaddr is not used with p2p interfaces. My initial fear was about tunnel interfaces but after some more testing, there is no need to be so. Here is the diff: Index: sbin/route/route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.93 diff -u -p -r1.93 route.8 --- sbin/route/route.8 30 Oct 2020 14:30:51 - 1.93 +++ sbin/route/route.8 2 Nov 2020 19:53:34 - @@ -234,8 +234,6 @@ The preferred source will not be used wh .It destination is on-link .It -output interface is point-to-point -.It source address is assigned to a disabled interface .El .El Index: sys/netinet/in_pcb.c === RCS file: /cvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.250 diff -u -p -r1.250 in_pcb.c --- sys/netinet/in_pcb.c29 Oct 2020 21:15:27 - 1.250 +++ sys/netinet/in_pcb.c2 Nov 2020 19:53:36 - @@ -960,12 +960,10 @@ in_pcbselsrc(struct in_addr **insrc, str /* * Use preferred source address if : * - destination is not onlink -* - output interface is not PtoP * - preferred source addresss is set * - output interface is UP */ - if ((ro->ro_rt && !(ro->ro_rt->rt_flags & RTF_LLINFO)) && - (ia && !(ia->ia_ifp->if_flags & IFF_POINTOPOINT))) { + if (ro->ro_rt && !(ro->ro_rt->rt_flags & RTF_LLINFO)) { ip4_source = rtable_getsource(rtableid, AF_INET); if (ip4_source != NULL) { struct ifaddr *ifa; Index: sys/netinet6/in6_src.c === RCS file: /cvs/src/sys/netinet6/in6_src.c,v retrieving revision 1.82 diff -u -p -r1.82 in6_src.c --- sys/netinet6/in6_src.c 29 Oct 2020 21:15:27 - 1.82 +++ sys/netinet6/in6_src.c 2 Nov 2020 19:53:36 - @@ -220,12 +220,10 @@ in6_pcbselsrc(struct in6_addr **in6src, /* * Use preferred source address if : * - destination is not onlink -* - output interface is not PtoP * - preferred source addresss is set * - output interface is UP */ - if ((ro->ro_rt && !(ro->ro_rt->rt_flags & RTF_LLINFO)) && - (ia6 && !(ia6->ia_ifp->if_flags & IFF_POINTOPOINT))) { + if (ro->ro_rt && !(ro->ro_rt->rt_flags & RTF_LLINFO)) { ip6_source = rtable_getsource(rtableid, AF_INET6); if (ip6_source != NULL) { struct ifaddr *ifa;
Re: Minor tweak relayd agentx manpage
On Fri, Oct 30, 2020 at 09:53:08AM +0100, Martijn van Duren wrote: > I think metrics is a better word than statistics and it might help > people if they knew where to query for these metrics. > > OK? I also find it more accurate. OK denis@ > martijn@ > > Index: relayd.conf.5 > === > RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v > retrieving revision 1.201 > diff -u -p -r1.201 relayd.conf.5 > --- relayd.conf.5 22 Oct 2020 08:00:24 - 1.201 > +++ relayd.conf.5 30 Oct 2020 08:48:23 - > @@ -121,10 +121,12 @@ Here are the settings that can be set gl > .It Ic agentx Oo Ic context Ar context Oc Oo Ic path Ar path Oc > Export > .Xr relayd 8 > -statistics via an agentx compatible > +metrics via an agentx compatible > .Pq snmp > daemon by connecting to > .Ar path . > +Metrics can be found under the relaydMIBObjects subtree > +.Pq enterprises.30155.3 . > If > .Ar path > is omitted it will default to >
Re: relayd(8) remove snmp keyword
On Thu, Oct 29, 2020 at 03:51:24PM +0100, Martijn van Duren wrote: > 6.8 is out in the wild. I guess this is as good a time as any to remove > the old snmp keyword. > > OK? > OK denis@ And while it is fresh, is this the right time to update plus.html and current.html ?
Re: httpd(8): add location access tests
On Tue, Oct 27, 2020 at 12:02:18PM +0100, Matthias Pressfreund wrote: > True. Updated patch below. > Thanks, I have been using the diff (from your GH account) since a few weeks. OK denis@ I will commit tonight if nobody stands against. > > > Index: usr.sbin/httpd/httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.113 > diff -u -p -u -p -r1.113 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 5 Sep 2020 11:49:38 - 1.113 > +++ usr.sbin/httpd/httpd.conf.5 27 Oct 2020 10:59:35 - > @@ -1,5 +1,6 @@ > .\" $OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $ > .\" > +.\" Copyright (c) 2020 Matthias Pressfreund > .\" Copyright (c) 2014, 2015 Reyk Floeter > .\" > .\" Permission to use, copy, modify, and distribute this software for any > @@ -14,7 +15,7 @@ > .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > .\" > -.Dd $Mdocdate: September 5 2020 $ > +.Dd $Mdocdate: October 27 2020 $ > .Dt HTTPD.CONF 5 > .Os > .Sh NAME > @@ -399,11 +400,16 @@ of the host's domain should be considere > .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number > Set the listen address and port. > This statement can be specified multiple times. > -.It Ic location Ar path Brq ... > +.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ... > Specify server configuration rules for a specific location. > The > .Ar path > argument will be matched against the request path with shell globbing rules. > +Optionally, it is also possible to match for > +.Ic found > +(i.e. accessible) or > +.Ic not found > +request paths only. > In case of multiple location statements in the same context, the > first matching location statement will be put into effect, while all > later ones will be ignored. > @@ -419,7 +425,7 @@ except > .Ic tcp > and > .Ic tls . > -.It Ic location match Ar path Brq ... > +.It Ic location Oo Oo Ic not Oc Ic found Oc Ic match Ar path Brq ... > Like the > .Ic location > option, > Index: usr.sbin/httpd/httpd.h > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v > retrieving revision 1.152 > diff -u -p -u -p -r1.152 httpd.h > --- usr.sbin/httpd/httpd.h29 Aug 2020 07:53:48 - 1.152 > +++ usr.sbin/httpd/httpd.h27 Oct 2020 05:59:05 - > @@ -1,6 +1,7 @@ > /* $OpenBSD: httpd.h,v 1.152 2020/08/29 07:53:48 florian Exp $ */ > > /* > + * Copyright (c) 2020 Matthias Pressfreund > * Copyright (c) 2006 - 2015 Reyk Floeter > * Copyright (c) 2006, 2007 Pierre-Yves Ritschard > * Copyright (c) 2003, 2004 Henning Brauer > @@ -391,13 +392,16 @@ SPLAY_HEAD(client_tree, client); > #define SRVFLAG_DEFAULT_TYPE 0x0080 > #define SRVFLAG_PATH_REWRITE 0x0100 > #define SRVFLAG_NO_PATH_REWRITE 0x0200 > +#define SRVFLAG_LOCATION_FOUND 0x4000 > +#define SRVFLAG_LOCATION_NOT_FOUND 0x8000 > > #define SRVFLAG_BITS \ > "\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \ > "\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG"\ > "\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \ > "\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \ > - "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" > + "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \ > + "\37LOCATION_FOUND\40LOCATION_NOT_FOUND" > > #define TCPFLAG_NODELAY 0x01 > #define TCPFLAG_NNODELAY 0x02 > @@ -690,6 +694,7 @@ const char * >server_root_strip(const char *, int); > struct server_config * >server_getlocation(struct client *, const char *); > +int server_locationaccesstest(struct server_config *, const char *); > const char * >server_http_host(struct sockaddr_storage *, char *, size_t); > char *server_http_parsehost(char *, char *, size_t, int *); > Index: usr.sbin/httpd/parse.y > === > RCS file: /cvs/src/usr.sbin/httpd/parse.y,v > retrieving revision 1.119 > diff -u -p -u -p -r1.119 parse.y > --- usr.sbin/httpd/parse.y26 Oct 2020 19:31:22 - 1.119 > +++ usr.sbin/httpd/parse.y27 Oct 2020 05:59:05 - > @@ -143,12 +143,12 @@ typedef struct { > %token PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG > TCP TICKET > %token TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS DEFAULT PRELOAD > REQUEST > %token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS REWRITE > -%token CA CLIENT CRL OPTIONAL PARAM FORWARDED > +%token CA CLIENT CRL OPTIONAL PARAM FORWARDED FOUND NOT > %token STRING > %token NUMBER > %typeport > %type
Re: httpd(8): add location access tests
Thanks Matthias, comment below. On Tue, Oct 27, 2020 at 08:37:39AM +0100, Matthias Pressfreund wrote: > Index: usr.sbin/httpd/httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.113 > diff -u -p -u -p -r1.113 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 5 Sep 2020 11:49:38 - 1.113 > +++ usr.sbin/httpd/httpd.conf.5 27 Oct 2020 05:59:05 - > @@ -1,5 +1,6 @@ > .\" $OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $ > .\" > +.\" Copyright (c) 2020 Matthias Pressfreund > .\" Copyright (c) 2014, 2015 Reyk Floeter > .\" > .\" Permission to use, copy, modify, and distribute this software for any > @@ -14,7 +15,7 @@ > .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > .\" > -.Dd $Mdocdate: September 5 2020 $ > +.Dd $Mdocdate: October 27 2020 $ > .Dt HTTPD.CONF 5 > .Os > .Sh NAME > @@ -399,11 +400,16 @@ of the host's domain should be considere > .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number > Set the listen address and port. > This statement can be specified multiple times. > -.It Ic location Ar path Brq ... > +.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ... > Specify server configuration rules for a specific location. > The > .Ar path > argument will be matched against the request path with shell globbing rules. > +Optionally, it is also possible to match for > +.Ar found > +(i.e. accessible) or > +.Ar not found .Ic seems best suited here.
relayd: allow mix of TLS and non-TLS backend
With this config : --- relay "proxy" { listen on {{publicip}} port 443 tls protocol "httpproxy" forward with tls to port 443 forward to port 10100 } --- relayd(8) will currently use TLS for all backends. This diff will use TLS only if 'with tls' is used. In the example above, relayd will forward to web with HTTPS and to app with HTTP. While at it, add a field in "relayctl sh" to display TLS state : --- # relayctl sh su Id TypeNameAvlblty Status TLS 1 relay proxy active yes 1 table psono_web:443 empty yes 1 host127.0.0.1 unknown 2 table psono_server:10100 empty no 2 host127.0.0.1 unknown --- Regress still pass. Comments ? Index: relayctl/relayctl.c === RCS file: /cvs/src/usr.sbin/relayctl/relayctl.c,v retrieving revision 1.58 diff -u -p -r1.58 relayctl.c --- relayctl/relayctl.c 29 Nov 2017 15:24:50 - 1.58 +++ relayctl/relayctl.c 26 Oct 2020 17:03:55 - @@ -47,6 +47,7 @@ intshow_session_msg(struct imsg *); int show_command_output(struct imsg *); char *print_rdr_status(int); char *print_host_status(int, int); +char *print_tls_status(int); char *print_table_status(int, int); char *print_relay_status(int); voidprint_statistics(struct ctl_stats[PROC_MAX_INSTANCES + 1]); @@ -162,8 +163,8 @@ main(int argc, char *argv[]) case SHOW_RELAYS: case SHOW_ROUTERS: imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0); - printf("%-4s\t%-8s\t%-24s\t%-7s\tStatus\n", - "Id", "Type", "Name", "Avlblty"); + printf("%-4s\t%-8s\t%-24s\t%-7s\t%s\t%s\n", + "Id", "Type", "Name", "Avlblty", "Status", "TLS"); break; case SHOW_SESSIONS: imsg_compose(ibuf, IMSG_CTL_SESSION, 0, 0, -1, NULL, 0); @@ -365,9 +366,10 @@ show_summary_msg(struct imsg *imsg, int if (!(type == SHOW_SUM || type == SHOW_HOSTS)) break; table = imsg->data; - printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", + printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\t%s\n", table->conf.id, "table", table->conf.name, "", - print_table_status(table->up, table->conf.flags)); + print_table_status(table->up, table->conf.flags), + print_tls_status(table->conf.flags)); break; case IMSG_CTL_HOST: if (!(type == SHOW_SUM || type == SHOW_HOSTS)) @@ -378,7 +380,7 @@ show_summary_msg(struct imsg *imsg, int host->conf.name, host->conf.parentid); else strlcpy(name, host->conf.name, sizeof(name)); - printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", + printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\t\n", host->conf.id, "host", name, print_availability(host->check_cnt, host->up_cnt), print_host_status(host->up, host->flags)); @@ -396,9 +398,10 @@ show_summary_msg(struct imsg *imsg, int if (!(type == SHOW_SUM || type == SHOW_RELAYS)) break; rlay = imsg->data; - printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", + printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\t%s\n", rlay->rl_conf.id, "relay", rlay->rl_conf.name, "", - print_relay_status(rlay->rl_conf.flags)); + print_relay_status(rlay->rl_conf.flags), + print_tls_status(rlay->rl_conf.flags)); break; case IMSG_CTL_RDR_STATS: if (type != SHOW_RDRS) @@ -543,6 +546,15 @@ print_host_status(int status, int fl) default: errx(1, "invalid status: %d", status); } +} + +char * +print_tls_status(int flags) +{ + if (flags & F_TLSCLIENT) + return ("yes"); + else + return ("no"); } char * Index: relayd/parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.247 diff -u -p -r1.247 parse.y --- relayd/parse.y 25 Oct 2020 10:17:49 - 1.247 +++ relayd/parse.y 26 Oct 2020 17:03:55 - @@ -109,6 +109,7 @@ objid_t last_nr_id = 0; static struct rdr *rdr = NULL; static struct table*table = NULL; +static struct relay_table *rlayt = NULL; static struct relay*rlay = NULL; static struct host *hst = NULL; struct relaylistrelays; @@ -1953,6 +1954,16 @@ relayoptsl : LI
Re: httpd(8): fix location duplicate detection
On Mon, Oct 26, 2020 at 09:28:54AM +0100, m...@fn.de wrote: > Ping. Latest diff below. > OK denis@ I will commit tonight if nobody stands against. Thank you. > Index: usr.sbin/httpd/parse.y > === > RCS file: /cvs/src/usr.sbin/httpd/parse.y,v > retrieving revision 1.118 > diff -u -p -u -p -r1.118 parse.y > --- usr.sbin/httpd/parse.y11 Oct 2020 03:21:44 - 1.118 > +++ usr.sbin/httpd/parse.y26 Oct 2020 08:26:48 - > @@ -587,8 +587,10 @@ serveroptsl : LISTEN ON STRING opttls po > struct server *s = NULL; > > TAILQ_FOREACH(s, conf->sc_servers, srv_entry) { > + /* Compare locations of same parent server */ > if ((s->srv_conf.flags & SRVFLAG_LOCATION) && > - s->srv_conf.id == srv_conf->id && > + s->srv_conf.parent_id == > + srv_conf->parent_id && > strcmp(s->srv_conf.location, > srv_conf->location) == 0) > break; > > > On 2020-10-11 12:00, m...@fn.de wrote: > > Ping. Updated diff below. > > > > --- > > Index: usr.sbin/httpd/parse.y > > === > > RCS file: /cvs/src/usr.sbin/httpd/parse.y,v > > retrieving revision 1.118 > > diff -u -p -u -p -r1.118 parse.y > > --- usr.sbin/httpd/parse.y 11 Oct 2020 03:21:44 - 1.118 > > +++ usr.sbin/httpd/parse.y 11 Oct 2020 09:52:34 - > > @@ -588,7 +588,8 @@ serveroptsl : LISTEN ON STRING opttls po > > > > TAILQ_FOREACH(s, conf->sc_servers, srv_entry) { > > if ((s->srv_conf.flags & SRVFLAG_LOCATION) && > > - s->srv_conf.id == srv_conf->id && > > + s->srv_conf.parent_id == > > + srv_conf->parent_id && > > strcmp(s->srv_conf.location, > > srv_conf->location) == 0) > > break; > > --- > > > > On 2020-09-26 08:57, m...@fn.de wrote: > >> During httpd setup I realized that duplicate location names are not > >> being detected even though I remembered having seen a corresponding > >> piece of code in 'usr.sbin/httpd/parse.y' the other day. As far > >> as I understand, the comparison 's->srv_conf.id == srv_conf->id' > >> can never be true as a newly created location ID would never match > >> the ID of any existing location. > >> > >> To check whether or not I was right, I recompiled httpd with DEBUG > >> enabled and tried to start the server with the following (actually > >> invalid) httpd.conf: > >> > >> > >> server "testserver" { > >> listen on 127.0.0.1 port www > >> location "/foo" { block } > >> location "/foo" { block } > >> } > >> > >> > >> # httpd -vvd > >> startup > >> adding location "/foo" for "testserver[2]" > >> adding location "/foo" for "testserver[3]" > >> adding server "testserver[1]" > >> > >> (httpd running) > >> > >> I guess the intention was to compare the new location name with all > >> other location names available under the same parent server. I > >> accomplished this by applying the patch at the bottom of this > >> message. After recompiling, httpd startup terminates as expected. > >> > >> # httpd -vvd > >> startup > >> adding location "/foo" for "testserver[2]" > >> /etc/httpd.conf:4: location "/foo" defined twice > >> . > >> logger exiting, pid 98967 > >> server exiting, pid 27723 > >> server exiting, pid 78507 > >> server exiting, pid 25743 > >> > >> > >> comments? OK? > >> > >> --- > >> > >> Index: usr.sbin/httpd/parse.y > >> === > >> RCS file: /cvs/src/usr.sbin/httpd/parse.y,v > >> retrieving revision 1.117 > >> diff -u -p -u -p -r1.117 parse.y > >> --- usr.sbin/httpd/parse.y 26 Aug 2020 06:50:20 - 1.117 > >> +++ usr.sbin/httpd/parse.y 26 Sep 2020 06:03:52 - > >> @@ -581,7 +581,8 @@ serveroptsl: LISTEN ON STRING opttls po > >> > >>TAILQ_FOREACH(s, conf->sc_servers, srv_entry) { > >>if ((s->srv_conf.flags & SRVFLAG_LOCATION) && > >> - s->srv_conf.id == srv_conf->id && > >> + s->srv_conf.parent_id == > >> + srv_conf->parent_id && > >>strcmp(s->srv_conf.location, > >>sr
Re: Port httpd(8) 'strip' directive to relayd(8)
Previous one had a typo... :/ On Sat, Oct 24, 2020 at 08:01:36PM +0200, Hiltjo Posthuma wrote: > Thanks for working on this. I haven't tested the patch yet except compiling, > but this feature would be very nice to have imho. > > I find the current "path replace" syntax confusing and it doesn't work for > this > use-case. > > Some comments below: > Thank you for the comments Hiltjo. Here is an updated diff : Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.246 diff -u -p -r1.246 parse.y --- parse.y 14 Sep 2020 11:30:25 - 1.246 +++ parse.y 25 Oct 2020 09:20:53 - @@ -175,8 +175,8 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP -%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE +%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED +%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS %token WEBSOCKETS @@ -1569,6 +1569,20 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char*strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if (asprintf(&strip, "%lld", $3) <= 0) + fatal("can't parse strip"); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2506,6 +2520,7 @@ lookup(char *s) { "ssl",SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag",TAG }, Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 - 1.251 +++ relay.c 25 Oct 2020 09:20:53 - @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || +kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c4 Sep 2020 13:09:14 - 1.79 +++ relay_http.c25 Oct 2020 09:20:53 - @@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel struct relay_rule *, struct kvlist *, struct kvlist *, struct relay_table **); voidrelay_httpdesc_free(struct http_descriptor *); +char * server_root_strip(char *, int); static struct relayd *env = NULL; @@ -1421,14 +1422,16 @@ rel
Re: Port httpd(8) 'strip' directive to relayd(8)
On Sat, Oct 24, 2020 at 08:01:36PM +0200, Hiltjo Posthuma wrote: > Thanks for working on this. I haven't tested the patch yet except compiling, > but this feature would be very nice to have imho. > > I find the current "path replace" syntax confusing and it doesn't work for > this > use-case. > > Some comments below: > Thank you for the comments Hiltjo. Here is an updated diff : Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.246 diff -u -p -r1.246 parse.y --- parse.y 14 Sep 2020 11:30:25 - 1.246 +++ parse.y 25 Oct 2020 09:20:53 - @@ -175,8 +175,8 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP -%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE +%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED +%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS %token WEBSOCKETS @@ -1569,6 +1569,20 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char*strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if (asprintf(&strip, "%lld", $3) <= 1) + fatal("can't parse strip"); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2506,6 +2520,7 @@ lookup(char *s) { "ssl",SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag",TAG }, Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 - 1.251 +++ relay.c 25 Oct 2020 09:20:53 - @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || +kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c4 Sep 2020 13:09:14 - 1.79 +++ relay_http.c25 Oct 2020 09:20:53 - @@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel struct relay_rule *, struct kvlist *, struct kvlist *, struct relay_table **); voidrelay_httpdesc_free(struct http_descriptor *); +char * server_root_strip(char *, int); static struct relayd *env = NULL; @@ -1421,14 +1422,16 @@ relay_httppath_test(struct ctl_rel
Port httpd(8) 'strip' directive to relayd(8)
The 'strip' directive from httpd(8) is useful when forwarding to another server. This diff adds the feature to relayd(8). With : match request path "/server/*" tag psonoserver match request tagged psonoserver path strip 1 match request tagged psonoserver forward to https://psono.pw/server/info/ is forwarded as /info Comments ? OK ? Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.246 diff -u -p -r1.246 parse.y --- parse.y 14 Sep 2020 11:30:25 - 1.246 +++ parse.y 24 Oct 2020 14:52:36 - @@ -175,8 +175,8 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP -%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE +%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED +%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS %token WEBSOCKETS @@ -1569,6 +1569,23 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char*strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if ((strip = calloc(11, sizeof(char))) == NULL) { + yyerror("calloc() failed"); + YYERROR; + } + sprintf(strip, "%lld", $3); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2506,6 +2523,7 @@ lookup(char *s) { "ssl",SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag",TAG }, Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 - 1.251 +++ relay.c 24 Oct 2020 14:52:36 - @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || +kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c4 Sep 2020 13:09:14 - 1.79 +++ relay_http.c24 Oct 2020 14:52:36 - @@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel struct relay_rule *, struct kvlist *, struct kvlist *, struct relay_table **); voidrelay_httpdesc_free(struct http_descriptor *); +char * server_root_strip(char *, int);
Re: net.inet.ip.forwarding=0 vs lo(4)
On Sun, Oct 18, 2020 at 02:04:31PM +1000, David Gwynne wrote: > or is there a way i can do this without a diff already? > I am also curious... > thoughts? > The diff works as advertise.
Diff to allow selection of source IP address
Is anyone interested in this ? This diff allows to select the default source IP address (for TCP/UDP connections) on multi-homed & "multi-addressed" machines. Looking for feedbacks on what I broke. Do not test with ping(8) as it uses another source address selection codepath. `curl ifconfig.co` is a good candidate to check if source is set correctly. Example usage : Set 2001:db8::1 as source : route source 2001:db8::1 Unset previously set IPv6 address on rdomain 10 : route -T10 source -inet6 default Show set address : route source Comments ? OK ? Denis Index: sbin/route/keywords.h === RCS file: /cvs/src/sbin/route/keywords.h,v retrieving revision 1.34 diff -u -p -r1.34 keywords.h --- sbin/route/keywords.h 10 Aug 2017 13:44:48 - 1.34 +++ sbin/route/keywords.h 17 Sep 2020 09:59:25 - @@ -1,4 +1,4 @@ -/* $OpenBSD: keywords.h,v 1.34 2017/08/10 13:44:48 benno Exp $ */ +/* $OpenBSD$ */ /* WARNING! This file was generated by keywords.sh */ @@ -66,6 +66,7 @@ enum { K_SA, K_SENDPIPE, K_SHOW, + K_SOURCE, K_SSTHRESH, K_STATIC, K_SWAP, @@ -129,6 +130,7 @@ struct keytab keywords[] = { { "sa", K_SA }, { "sendpipe", K_SENDPIPE }, { "show", K_SHOW }, + { "source", K_SOURCE }, { "ssthresh", K_SSTHRESH }, { "static", K_STATIC }, { "swap", K_SWAP }, Index: sbin/route/keywords.sh === RCS file: /cvs/src/sbin/route/keywords.sh,v retrieving revision 1.32 diff -u -p -r1.32 keywords.sh --- sbin/route/keywords.sh 10 Aug 2017 13:44:48 - 1.32 +++ sbin/route/keywords.sh 17 Sep 2020 09:59:25 - @@ -67,6 +67,7 @@ rttvar sa sendpipe show +source ssthresh static swap Index: sbin/route/route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.91 diff -u -p -r1.91 route.8 --- sbin/route/route.8 19 Jan 2020 18:22:31 - 1.91 +++ sbin/route/route.8 17 Sep 2020 09:59:25 - @@ -195,6 +195,17 @@ or .Cm bgp . If the priority is negative, then routes that do not match the numeric priority are shown. +.It Xo +.Nm route +.Op Fl T Ar rtable +.Tg +.Cm source +.Ar address +.Xc +Set the preferred source address. If +.Ar address +is the word "default", 0.0.0.0 or ::, source address will be chosen by +the kernel for the matching address family. .El .Pp .Tg destination Index: sbin/route/route.c === RCS file: /cvs/src/sbin/route/route.c,v retrieving revision 1.248 diff -u -p -r1.248 route.c --- sbin/route/route.c 7 Jul 2020 14:53:36 - 1.248 +++ sbin/route/route.c 17 Sep 2020 09:59:25 - @@ -68,7 +68,8 @@ const struct if_status_description if_status_descriptions[] = LINK_STATE_DESCRIPTIONS; -union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label; +union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label, +so_source; typedef union sockunion *sup; pid_t pid; @@ -85,6 +86,7 @@ struct rt_metrics rt_metrics; int flushroutes(int, char **); int newroute(int, char **); +int setsource(int, char **); int show(int, char *[]); int keycmp(const void *, const void *); int keyword(char *); @@ -132,7 +134,8 @@ usage(char *cp) "usage: %s [-dnqtv] [-T rtable] command [[modifiers] args]\n", __progname); fprintf(stderr, - "commands: add, change, delete, exec, flush, get, monitor, show\n"); + "commands: add, change, delete, exec, flush, get, monitor, show, " + "source\n"); exit(1); } @@ -258,6 +261,10 @@ main(int argc, char **argv) case K_FLUSH: exit(flushroutes(argc, argv)); break; + case K_SOURCE: + nflag = 1; + exit(setsource(argc, argv)); + break; } if (pledge("stdio dns", NULL) == -1) @@ -450,6 +457,52 @@ set_metric(char *value, int key) locking = 0; } + +int +setsource(int argc, char **argv) +{ + char *cmd, *srcaddr = ""; + int af = AF_UNSPEC, ret = 0; + struct hostent *hp = NULL; + int key; + + if (uid) + errx(1, "must be root to alter source address"); + cmd = argv[0]; + while (--argc > 0) { + if (**(++argv)== '-') { + switch (key = keyword(1 + *argv)) { + case K_INET: + af = AF_INET; + aflen = sizeof(struct sockaddr_in); + break; + case K_INET6: + af = AF_INET6; + aflen = sizeof(struct sockaddr
Re: /etc/daily: use find -delete
On Thu, Oct 08, 2020 at 05:32:15AM -0600, Todd C. Miller wrote: > We can use find's built-in -delete primary to remove old /tmp files > and directories. This is somewhat less error-prone than execing > rm or rmdir. > OK denis@ > - todd > > Index: etc/daily > === > RCS file: /cvs/src/etc/daily,v > retrieving revision 1.93 > diff -u -p -u -r1.93 daily > --- etc/daily 9 Sep 2019 20:02:26 - 1.93 > +++ etc/daily 22 Aug 2020 01:21:16 - > @@ -50,17 +50,17 @@ if [ -d /tmp -a ! -L /tmp ]; then > find -x . \ > \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ > -o -path './tmux-*' \) \ > - -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null > + -prune -o -type f -atime +7 -delete 2>/dev/null > find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ > ! -path ./.ICE-unix ! -name . \ > - -execdir rmdir -- {} \; >/dev/null 2>&1; } > + -delete >/dev/null 2>&1; } > fi > > # Additional junk directory cleanup would go like this: > #if [ -d /scratch -a ! -L /scratch ]; then > #cd /scratch && { > -#find . ! -name . -atime +1 -execdir rm -f -- {} \; > -#find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ > +#find . ! -name . -atime +1 -delete > +#find . ! -name . -type d -mtime +1 -delete \ > #>/dev/null 2>&1; } > #fi > >
Re: ifconfig: consistent display of P2P link
On Wed, Oct 07, 2020 at 01:01:29PM +0200, Claudio Jeker wrote: > On Wed, Oct 07, 2020 at 12:27:04PM +0200, Denis Fondras wrote: > > All tunnels & point-to-point addresses are separated by "->" but inet. > > > > Before : > > gre0: flags=8051 mtu 1476 > > index 6 priority 0 llprio 6 > > encap: vnetid none txprio payload rxprio packet > > groups: gre > > tunnel: inet 192.0.2.1 -> 198.51.100.1 ttl 64 nodf ecn > > inet 172.16.0.1 --> 172.16.0.2 netmask 0x > > inet6 fe80::c23f:d5ff:fe63:ffe3%gre0 -> prefixlen 64 scopeid 0x6 > > inet6 2001:db8::1 -> 2001:db8::2 prefixlen 128 > > > > After : > > gre0: flags=8051 mtu 1476 > > index 6 priority 0 llprio 6 > > encap: vnetid none txprio payload rxprio packet > > groups: gre > > tunnel: inet 192.0.2.1 -> 198.51.100.1 ttl 64 nodf ecn > > inet 172.16.0.1 -> 172.16.0.2 netmask 0x > > inet6 fe80::c23f:d5ff:fe63:ffe3%gre0 -> prefixlen 64 scopeid 0x6 > > inet6 2001:db8::1 -> 2001:db8::2 prefixlen 128 > > > > OK ? > > Isn't it the other way around, that originally --> was used but then IPv6 > came and introduced -> which was copied around? > > I like --> a bit better since it stands a bit more out. > I am totally fine with going for "-->" Index: ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.426 diff -u -p -r1.426 ifconfig.c --- ifconfig.c 15 Sep 2020 15:23:11 - 1.426 +++ ifconfig.c 7 Oct 2020 11:54:12 - @@ -3219,7 +3219,7 @@ print_tunnel(const struct if_laddrreq *r 0, 0, niflag) != 0) strlcpy(pdstaddr, "", sizeof(pdstaddr)); - printf(" -> %s", pdstaddr); + printf(" --> %s", pdstaddr); switch (req->dstaddr.ss_family) { case AF_INET: @@ -3635,7 +3635,7 @@ in6_alias(struct in6_ifreq *creq) if (getnameinfo((struct sockaddr *)sin6, sin6->sin6_len, hbuf, sizeof(hbuf), NULL, 0, niflag) != 0) strlcpy(hbuf, "", sizeof hbuf); - printf(" -> %s", hbuf); + printf(" --> %s", hbuf); } (void) memset(&ifr6, 0, sizeof(ifr6));
ifconfig: consistent display of P2P link
All tunnels & point-to-point addresses are separated by "->" but inet. Before : gre0: flags=8051 mtu 1476 index 6 priority 0 llprio 6 encap: vnetid none txprio payload rxprio packet groups: gre tunnel: inet 192.0.2.1 -> 198.51.100.1 ttl 64 nodf ecn inet 172.16.0.1 --> 172.16.0.2 netmask 0x inet6 fe80::c23f:d5ff:fe63:ffe3%gre0 -> prefixlen 64 scopeid 0x6 inet6 2001:db8::1 -> 2001:db8::2 prefixlen 128 After : gre0: flags=8051 mtu 1476 index 6 priority 0 llprio 6 encap: vnetid none txprio payload rxprio packet groups: gre tunnel: inet 192.0.2.1 -> 198.51.100.1 ttl 64 nodf ecn inet 172.16.0.1 -> 172.16.0.2 netmask 0x inet6 fe80::c23f:d5ff:fe63:ffe3%gre0 -> prefixlen 64 scopeid 0x6 inet6 2001:db8::1 -> 2001:db8::2 prefixlen 128 OK ? Denis Index: ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.426 diff -u -p -r1.426 ifconfig.c --- ifconfig.c 15 Sep 2020 15:23:11 - 1.426 +++ ifconfig.c 17 Sep 2020 14:41:34 - @@ -3552,7 +3552,7 @@ in_status(int force) } (void) strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); sin = (struct sockaddr_in *)&ifr.ifr_dstaddr; - printf(" --> %s", inet_ntoa(sin->sin_addr)); + printf(" -> %s", inet_ntoa(sin->sin_addr)); } printf(" netmask 0x%x", ntohl(netmask.sin_addr.s_addr)); if (flags & IFF_BROADCAST) {
Re: fix: ospf6d(8): wrong intra area announcement
On Fri, Oct 02, 2020 at 02:01:09AM +0200, Jan Klemkow wrote: > Hi, > > The new intra area db entry has to be saved into the tree before > orig_intra_area_prefix_lsas() is called. If not, the ospf6d will not > announce the new intra area db for a newly learned link from another > ospf router of the broadcast domain. > > This bug is triggered, if you add new addresses an ospf interface while > the ospf6d is already running as a backup designated router. The > opposite designated ospf6d will get your new link announcement and > return an old intra area db without the new address. > > Beside of the fix, the diff removes redundant code. I made the same > diff for the ospfd to keep code in sync and remove redundant code there, > too. ospfd does not have the bug explained above, as far as I know. > > Both regression tests passes with this diff. > > OK? > OK denis@ for ospf6d (it reverses a change a made). > Bye, > Jan > > Index: ospf6d/rde_lsdb.c > === > RCS file: /cvs//src/usr.sbin/ospf6d/rde_lsdb.c,v > retrieving revision 1.45 > diff -u -p -r1.45 rde_lsdb.c > --- ospf6d/rde_lsdb.c 21 Aug 2020 10:17:35 - 1.45 > +++ ospf6d/rde_lsdb.c 1 Oct 2020 23:09:38 - > @@ -467,6 +467,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa > struct lsa_tree *tree; > struct vertex *new, *old; > struct timeval tv, now, res; > + int update = 1; > > if (LSA_IS_SCOPE_AS(ntohs(lsa->hdr.type))) > tree = &asext_tree; > @@ -495,16 +496,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa > fatal("lsa_add"); > return (1); > } > - if (!lsa_equal(new->lsa, old->lsa)) { > - if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK) > - orig_intra_area_prefix_lsas(nbr->area); > - if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL) > - nbr->area->dirty = 1; > - start_spf_timer(); > - } > + if (lsa_equal(new->lsa, old->lsa)) > + update = 0; > vertex_free(old); > RB_INSERT(lsa_tree, tree, new); > - } else { > + } > + > + if (update) { > if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK) > orig_intra_area_prefix_lsas(nbr->area); > if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL) > Index: ospfd/rde_lsdb.c > === > RCS file: /cvs//src/usr.sbin/ospfd/rde_lsdb.c,v > retrieving revision 1.50 > diff -u -p -r1.50 rde_lsdb.c > --- ospfd/rde_lsdb.c 22 Nov 2015 13:09:10 - 1.50 > +++ ospfd/rde_lsdb.c 1 Oct 2020 23:06:57 - > @@ -383,6 +383,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa > struct lsa_tree *tree; > struct vertex *new, *old; > struct timeval tv, now, res; > + int update = 1; > > if (lsa->hdr.type == LSA_TYPE_EXTERNAL || > lsa->hdr.type == LSA_TYPE_AS_OPAQ) > @@ -410,15 +411,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa > fatal("lsa_add"); > return (1); > } > - if (!lsa_equal(new->lsa, old->lsa)) { > - if (lsa->hdr.type != LSA_TYPE_EXTERNAL && > - lsa->hdr.type != LSA_TYPE_AS_OPAQ) > - nbr->area->dirty = 1; > - start_spf_timer(); > - } > + if (lsa_equal(new->lsa, old->lsa)) > + update = 0; > vertex_free(old); > RB_INSERT(lsa_tree, tree, new); > - } else { > + } > + > + if (update) { > if (lsa->hdr.type != LSA_TYPE_EXTERNAL && > lsa->hdr.type != LSA_TYPE_AS_OPAQ) > nbr->area->dirty = 1; >
[diff] Allow preferred source IP selection
This updated diff unbreak P2P links where local address was not the same as preferred source address. Sending to tech@ may help get more feedback on what I broke. Example usage : Set 2001:db8::1 as source : route source 2001:db8::1 Unset previously set IPv6 address on rdomain 10 : route -T10 source -inet6 default Show set address : route source Comments ? OK ? Denis Index: sbin/route/keywords.h === RCS file: /cvs/src/sbin/route/keywords.h,v retrieving revision 1.34 diff -u -p -r1.34 keywords.h --- sbin/route/keywords.h 10 Aug 2017 13:44:48 - 1.34 +++ sbin/route/keywords.h 17 Sep 2020 09:59:25 - @@ -1,4 +1,4 @@ -/* $OpenBSD: keywords.h,v 1.34 2017/08/10 13:44:48 benno Exp $ */ +/* $OpenBSD$ */ /* WARNING! This file was generated by keywords.sh */ @@ -66,6 +66,7 @@ enum { K_SA, K_SENDPIPE, K_SHOW, + K_SOURCE, K_SSTHRESH, K_STATIC, K_SWAP, @@ -129,6 +130,7 @@ struct keytab keywords[] = { { "sa", K_SA }, { "sendpipe", K_SENDPIPE }, { "show", K_SHOW }, + { "source", K_SOURCE }, { "ssthresh", K_SSTHRESH }, { "static", K_STATIC }, { "swap", K_SWAP }, Index: sbin/route/keywords.sh === RCS file: /cvs/src/sbin/route/keywords.sh,v retrieving revision 1.32 diff -u -p -r1.32 keywords.sh --- sbin/route/keywords.sh 10 Aug 2017 13:44:48 - 1.32 +++ sbin/route/keywords.sh 17 Sep 2020 09:59:25 - @@ -67,6 +67,7 @@ rttvar sa sendpipe show +source ssthresh static swap Index: sbin/route/route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.91 diff -u -p -r1.91 route.8 --- sbin/route/route.8 19 Jan 2020 18:22:31 - 1.91 +++ sbin/route/route.8 17 Sep 2020 09:59:25 - @@ -195,6 +195,17 @@ or .Cm bgp . If the priority is negative, then routes that do not match the numeric priority are shown. +.It Xo +.Nm route +.Op Fl T Ar rtable +.Tg +.Cm source +.Ar address +.Xc +Set the preferred source address. If +.Ar address +is the word "default", 0.0.0.0 or ::, source address will be chosen by +the kernel for the matching address family. .El .Pp .Tg destination Index: sbin/route/route.c === RCS file: /cvs/src/sbin/route/route.c,v retrieving revision 1.248 diff -u -p -r1.248 route.c --- sbin/route/route.c 7 Jul 2020 14:53:36 - 1.248 +++ sbin/route/route.c 17 Sep 2020 09:59:25 - @@ -68,7 +68,8 @@ const struct if_status_description if_status_descriptions[] = LINK_STATE_DESCRIPTIONS; -union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label; +union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label, +so_source; typedef union sockunion *sup; pid_t pid; @@ -85,6 +86,7 @@ struct rt_metrics rt_metrics; int flushroutes(int, char **); int newroute(int, char **); +int setsource(int, char **); int show(int, char *[]); int keycmp(const void *, const void *); int keyword(char *); @@ -132,7 +134,8 @@ usage(char *cp) "usage: %s [-dnqtv] [-T rtable] command [[modifiers] args]\n", __progname); fprintf(stderr, - "commands: add, change, delete, exec, flush, get, monitor, show\n"); + "commands: add, change, delete, exec, flush, get, monitor, show, " + "source\n"); exit(1); } @@ -258,6 +261,10 @@ main(int argc, char **argv) case K_FLUSH: exit(flushroutes(argc, argv)); break; + case K_SOURCE: + nflag = 1; + exit(setsource(argc, argv)); + break; } if (pledge("stdio dns", NULL) == -1) @@ -450,6 +457,52 @@ set_metric(char *value, int key) locking = 0; } + +int +setsource(int argc, char **argv) +{ + char *cmd, *srcaddr = ""; + int af = AF_UNSPEC, ret = 0; + struct hostent *hp = NULL; + int key; + + if (uid) + errx(1, "must be root to alter source address"); + cmd = argv[0]; + while (--argc > 0) { + if (**(++argv)== '-') { + switch (key = keyword(1 + *argv)) { + case K_INET: + af = AF_INET; + aflen = sizeof(struct sockaddr_in); + break; + case K_INET6: + af = AF_INET6; + aflen = sizeof(struct sockaddr_in6); + break; + } + } else if ((rtm_addrs & RTA_IFA) == 0) { + srcaddr = *argv; +
ifconfig: consistent display of P2P link
All tunnels & point-to-point addresses are separated by "->" but inet. Denis Index: ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.426 diff -u -p -r1.426 ifconfig.c --- ifconfig.c 15 Sep 2020 15:23:11 - 1.426 +++ ifconfig.c 17 Sep 2020 14:41:34 - @@ -3552,7 +3552,7 @@ in_status(int force) } (void) strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); sin = (struct sockaddr_in *)&ifr.ifr_dstaddr; - printf(" --> %s", inet_ntoa(sin->sin_addr)); + printf(" -> %s", inet_ntoa(sin->sin_addr)); } printf(" netmask 0x%x", ntohl(netmask.sin_addr.s_addr)); if (flags & IFF_BROADCAST) {
ifconfig: consistent display of P2P link
All tunnels & point-to-point addresses are separated by "->" but inet. Denis Index: ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.426 diff -u -p -r1.426 ifconfig.c --- ifconfig.c 15 Sep 2020 15:23:11 - 1.426 +++ ifconfig.c 17 Sep 2020 14:41:34 - @@ -3552,7 +3552,7 @@ in_status(int force) } (void) strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); sin = (struct sockaddr_in *)&ifr.ifr_dstaddr; - printf(" --> %s", inet_ntoa(sin->sin_addr)); + printf(" -> %s", inet_ntoa(sin->sin_addr)); } printf(" netmask 0x%x", ntohl(netmask.sin_addr.s_addr)); if (flags & IFF_BROADCAST) {
[diff] Allow preferred source IP selection
This updated diff unbreak P2P links where local address was not the same as preferred source address. Sending to tech@ may help get more feedback on what I broke. Example usage : Set 2001:db8::1 as source : route source 2001:db8::1 Unset previously set IPv6 address on rdomain 10 : route -T10 source -inet6 default Show set address : route source Denis Index: sbin/route/keywords.h === RCS file: /cvs/src/sbin/route/keywords.h,v retrieving revision 1.34 diff -u -p -r1.34 keywords.h --- sbin/route/keywords.h 10 Aug 2017 13:44:48 - 1.34 +++ sbin/route/keywords.h 17 Sep 2020 09:59:25 - @@ -1,4 +1,4 @@ -/* $OpenBSD: keywords.h,v 1.34 2017/08/10 13:44:48 benno Exp $ */ +/* $OpenBSD$ */ /* WARNING! This file was generated by keywords.sh */ @@ -66,6 +66,7 @@ enum { K_SA, K_SENDPIPE, K_SHOW, + K_SOURCE, K_SSTHRESH, K_STATIC, K_SWAP, @@ -129,6 +130,7 @@ struct keytab keywords[] = { { "sa", K_SA }, { "sendpipe", K_SENDPIPE }, { "show", K_SHOW }, + { "source", K_SOURCE }, { "ssthresh", K_SSTHRESH }, { "static", K_STATIC }, { "swap", K_SWAP }, Index: sbin/route/keywords.sh === RCS file: /cvs/src/sbin/route/keywords.sh,v retrieving revision 1.32 diff -u -p -r1.32 keywords.sh --- sbin/route/keywords.sh 10 Aug 2017 13:44:48 - 1.32 +++ sbin/route/keywords.sh 17 Sep 2020 09:59:25 - @@ -67,6 +67,7 @@ rttvar sa sendpipe show +source ssthresh static swap Index: sbin/route/route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.91 diff -u -p -r1.91 route.8 --- sbin/route/route.8 19 Jan 2020 18:22:31 - 1.91 +++ sbin/route/route.8 17 Sep 2020 09:59:25 - @@ -195,6 +195,17 @@ or .Cm bgp . If the priority is negative, then routes that do not match the numeric priority are shown. +.It Xo +.Nm route +.Op Fl T Ar rtable +.Tg +.Cm source +.Ar address +.Xc +Set the preferred source address. If +.Ar address +is the word "default", 0.0.0.0 or ::, source address will be chosen by +the kernel for the matching address family. .El .Pp .Tg destination Index: sbin/route/route.c === RCS file: /cvs/src/sbin/route/route.c,v retrieving revision 1.248 diff -u -p -r1.248 route.c --- sbin/route/route.c 7 Jul 2020 14:53:36 - 1.248 +++ sbin/route/route.c 17 Sep 2020 09:59:25 - @@ -68,7 +68,8 @@ const struct if_status_description if_status_descriptions[] = LINK_STATE_DESCRIPTIONS; -union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label; +union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_src, so_label, +so_source; typedef union sockunion *sup; pid_t pid; @@ -85,6 +86,7 @@ struct rt_metrics rt_metrics; int flushroutes(int, char **); int newroute(int, char **); +int setsource(int, char **); int show(int, char *[]); int keycmp(const void *, const void *); int keyword(char *); @@ -132,7 +134,8 @@ usage(char *cp) "usage: %s [-dnqtv] [-T rtable] command [[modifiers] args]\n", __progname); fprintf(stderr, - "commands: add, change, delete, exec, flush, get, monitor, show\n"); + "commands: add, change, delete, exec, flush, get, monitor, show, " + "source\n"); exit(1); } @@ -258,6 +261,10 @@ main(int argc, char **argv) case K_FLUSH: exit(flushroutes(argc, argv)); break; + case K_SOURCE: + nflag = 1; + exit(setsource(argc, argv)); + break; } if (pledge("stdio dns", NULL) == -1) @@ -450,6 +457,52 @@ set_metric(char *value, int key) locking = 0; } + +int +setsource(int argc, char **argv) +{ + char *cmd, *srcaddr = ""; + int af = AF_UNSPEC, ret = 0; + struct hostent *hp = NULL; + int key; + + if (uid) + errx(1, "must be root to alter source address"); + cmd = argv[0]; + while (--argc > 0) { + if (**(++argv)== '-') { + switch (key = keyword(1 + *argv)) { + case K_INET: + af = AF_INET; + aflen = sizeof(struct sockaddr_in); + break; + case K_INET6: + af = AF_INET6; + aflen = sizeof(struct sockaddr_in6); + break; + } + } else if ((rtm_addrs & RTA_IFA) == 0) { + srcaddr = *argv; + getaddr(RTA_IF
route.8, remove unprinted text
I can't see where these two lines are printed. Index: route.8 === RCS file: /cvs/src/sbin/route/route.8,v retrieving revision 1.91 diff -u -p -r1.91 route.8 --- route.8 19 Jan 2020 18:22:31 - 1.91 +++ route.8 10 Sep 2020 20:06:52 - @@ -197,8 +197,6 @@ If the priority is negative, then routes priority are shown. .El .Pp -.Tg destination -.Tg gateway The other commands relating to adding, changing, or deleting routes have the syntax: .Pp
Re: snmpd refactor listen on grammar
On Wed, Sep 09, 2020 at 07:45:32AM +0200, Martijn van Duren wrote: > On Tue, 2020-09-08 at 19:33 +0200, Denis Fondras wrote: > > On Sun, Sep 06, 2020 at 10:11:02PM +0200, Martijn van Duren wrote: > > > Moving towards individual transport mappings, it's becoming more > > > convenient to have the protocol directly after the listen on statement. > > > This gives me more flexibility in using mapping-specific APIs, also > > > when other transport mappings might become available in the future it > > > allows for easier mapping-specific features. > > > > > > While here I decided to also add port support for snmpe, which at this > > > point is rather trivial. Traphandler is not my point of focus at this > > > time. > > > > > > having udp|tcp at the last position is still supported, but generates a > > > pretty deprecated warning. Probably to be removed after release. > > > > > > OK? > > > > > > > OK denis@ > > > > Can you check that port > 0 ? Because it prints "snmpd.conf:7: invalid > > address: ::1" which is not correct (though using 0 or -1 for port is a weird > > idea). > > > > > martijn@ > > > > Sure > Thanks Martijn. OK denis@ > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/snmpd/parse.y,v > retrieving revision 1.60 > diff -u -p -r1.60 parse.y > --- parse.y 6 Sep 2020 15:51:28 - 1.60 > +++ parse.y 9 Sep 2020 05:45:10 - > @@ -40,9 +40,11 @@ > #include > #include > #include > +#include > #include > #include > #include > +#include > #include > #include > #include > @@ -92,6 +94,7 @@ char*symget(const char *); > struct snmpd *conf = NULL; > static interrors = 0; > static struct usmuser*user = NULL; > +static char *snmpd_port = SNMPD_PORT; > > int host(const char *, const char *, int, > struct sockaddr_storage *, int); > @@ -122,11 +125,11 @@ typedef struct { > %token SYSTEM CONTACT DESCR LOCATION NAME OBJECTID SERVICES RTFILTER > %token READONLY READWRITE OCTETSTRING INTEGER COMMUNITY TRAP RECEIVER > %token SECLEVEL NONE AUTH ENC USER AUTHKEY ENCKEY ERROR DISABLED > -%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER > +%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER PORT > %token STRING > %token NUMBER > %type hostcmn > -%type srcaddr > +%type srcaddr port > %type optwrite yesno seclevel proto > %typeobjtype cmd > %type oid hostoid trapoid > @@ -193,28 +196,7 @@ yesno: STRING { > } > ; > > -main : LISTEN ON STRING proto{ > - struct sockaddr_storage ss[16]; > - int nhosts, i; > - > - nhosts = host($3, SNMPD_PORT, $4, ss, nitems(ss)); > - if (nhosts < 1) { > - yyerror("invalid address: %s", $3); > - free($3); > - YYERROR; > - } > - if (nhosts > (int)nitems(ss)) > - log_warn("%s resolves to more than %zu hosts", > - $3, nitems(ss)); > - free($3); > - > - for (i = 0; i < nhosts; i++) { > - if (listen_add(&(ss[i]), $4) == -1) { > - yyerror("calloc"); > - YYERROR; > - } > - } > - } > +main : LISTEN ON listenproto > | READONLY COMMUNITY STRING { > if (strlcpy(conf->sc_rdcommunity, $3, > sizeof(conf->sc_rdcommunity)) >= > @@ -295,6 +277,132 @@ main: LISTEN ON STRING proto{ > } > ; > > +listenproto : UDP listen_udp > + | TCP listen_tcp > + | listen_empty > + > +listen_udp : STRING port { > + struct sockaddr_storage ss[16]; > + int nhosts, i; > + > + nhosts = host($1, $2, SOCK_DGRAM, ss, nitems(ss)); > + if (nhosts < 1) { > +
Re: snmpd refactor listen on grammar
On Sun, Sep 06, 2020 at 10:11:02PM +0200, Martijn van Duren wrote: > Moving towards individual transport mappings, it's becoming more > convenient to have the protocol directly after the listen on statement. > This gives me more flexibility in using mapping-specific APIs, also > when other transport mappings might become available in the future it > allows for easier mapping-specific features. > > While here I decided to also add port support for snmpe, which at this > point is rather trivial. Traphandler is not my point of focus at this > time. > > having udp|tcp at the last position is still supported, but generates a > pretty deprecated warning. Probably to be removed after release. > > OK? > OK denis@ Can you check that port > 0 ? Because it prints "snmpd.conf:7: invalid address: ::1" which is not correct (though using 0 or -1 for port is a weird idea). > martijn@ > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/snmpd/parse.y,v > retrieving revision 1.60 > diff -u -p -r1.60 parse.y > --- parse.y 6 Sep 2020 15:51:28 - 1.60 > +++ parse.y 6 Sep 2020 20:08:08 - > @@ -40,6 +40,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -92,6 +93,7 @@ char*symget(const char *); > struct snmpd *conf = NULL; > static interrors = 0; > static struct usmuser*user = NULL; > +static char *snmpd_port = SNMPD_PORT; > > int host(const char *, const char *, int, > struct sockaddr_storage *, int); > @@ -122,11 +124,11 @@ typedef struct { > %token SYSTEM CONTACT DESCR LOCATION NAME OBJECTID SERVICES RTFILTER > %token READONLY READWRITE OCTETSTRING INTEGER COMMUNITY TRAP RECEIVER > %token SECLEVEL NONE AUTH ENC USER AUTHKEY ENCKEY ERROR DISABLED > -%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER > +%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER PORT > %token STRING > %token NUMBER > %type hostcmn > -%type srcaddr > +%type srcaddr port > %type optwrite yesno seclevel proto > %typeobjtype cmd > %type oid hostoid trapoid > @@ -193,28 +195,7 @@ yesno: STRING { > } > ; > > -main : LISTEN ON STRING proto{ > - struct sockaddr_storage ss[16]; > - int nhosts, i; > - > - nhosts = host($3, SNMPD_PORT, $4, ss, nitems(ss)); > - if (nhosts < 1) { > - yyerror("invalid address: %s", $3); > - free($3); > - YYERROR; > - } > - if (nhosts > (int)nitems(ss)) > - log_warn("%s resolves to more than %zu hosts", > - $3, nitems(ss)); > - free($3); > - > - for (i = 0; i < nhosts; i++) { > - if (listen_add(&(ss[i]), $4) == -1) { > - yyerror("calloc"); > - YYERROR; > - } > - } > - } > +main : LISTEN ON listenproto > | READONLY COMMUNITY STRING { > if (strlcpy(conf->sc_rdcommunity, $3, > sizeof(conf->sc_rdcommunity)) >= > @@ -295,6 +276,128 @@ main: LISTEN ON STRING proto{ > } > ; > > +listenproto : UDP listen_udp > + | TCP listen_tcp > + | listen_empty > + > +listen_udp : STRING port { > + struct sockaddr_storage ss[16]; > + int nhosts, i; > + > + nhosts = host($1, $2, SOCK_DGRAM, ss, nitems(ss)); > + if (nhosts < 1) { > + yyerror("invalid address: %s", $1); > + free($1); > + if ($2 != snmpd_port) > + free($2); > + YYERROR; > + } > + if (nhosts > (int)nitems(ss)) > + log_warn("%s:%s resolves to more than %zu > hosts", > + $1, $2, nitems(ss)); > + > + free($1); > + if ($2 != snmpd_port) > + free($2); > + for (i = 0; i < nhosts; i++) { > + if (listen_add(&(ss[i]), SOCK_DGRAM) == -1) { > + yyerror("calloc"); > + YYERROR; > +
Re: snmpd remove snmpe_dispatch_parent
On Sun, Sep 06, 2020 at 06:37:17PM +0200, Martijn van Duren wrote: > going for another easy picking: snmpe_dispatch_parent is just an empty > stub. proc.c assigns proc_dispatch_null to p_cb if it's null, which > effectively does the same thing. > > OK? > OK denis@ > martijn@ > > Index: snmpe.c > === > RCS file: /cvs/src/usr.sbin/snmpd/snmpe.c,v > retrieving revision 1.66 > diff -u -p -r1.66 snmpe.c > --- snmpe.c 6 Sep 2020 15:51:28 - 1.66 > +++ snmpe.c 6 Sep 2020 16:37:10 - > @@ -46,7 +46,6 @@ void snmpe_tryparse(int, struct snmp_me > int snmpe_parsevarbinds(struct snmp_message *); > void snmpe_response(struct snmp_message *); > void snmpe_sig_handler(int sig, short, void *); > -int snmpe_dispatch_parent(int, struct privsep_proc *, struct imsg *); > int snmpe_bind(struct address *); > void snmpe_recvmsg(int fd, short, void *); > void snmpe_readcb(int fd, short, void *); > @@ -60,7 +59,7 @@ struct imsgev *iev_parent; > static const struct timeval snmpe_tcp_timeout = { 10, 0 }; /* 10s */ > > static struct privsep_proc procs[] = { > - { "parent", PROC_PARENT,snmpe_dispatch_parent } > + { "parent", PROC_PARENT } > }; > > void > @@ -133,17 +132,6 @@ snmpe_shutdown(void) > close(h->fd); > } > kr_shutdown(); > -} > - > -int > -snmpe_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) > -{ > - switch (imsg->hdr.type) { > - default: > - break; > - } > - > - return (-1); > } > > int >
Re: Refine IPv6 source address selection
On Mon, Aug 24, 2020 at 06:42:02PM +0200, Florian Obser wrote: > To clarify, this is independent of my recent work in > in6_ifawithscope(), -ifa did not work with the old code, either. > Of course ! Sorry if my message led to think you were responsible for it.
Refine IPv6 source address selection
While working on source selection, I noticed the IPv6 source was not honored when set from route(8) with -ifa. After discussing with florian@, here is a proposed change. It chooses the source address associated with the route (hence honoring -ifa) instead of the first address of the output interface which becomes the source address of last resort. Index: netinet6/in6_src.c === RCS file: /cvs/src/sys/netinet6/in6_src.c,v retrieving revision 1.81 diff -u -p -r1.81 in6_src.c --- netinet6/in6_src.c 2 Dec 2016 11:16:04 - 1.81 +++ netinet6/in6_src.c 24 Aug 2020 15:14:53 - @@ -207,13 +207,14 @@ in6_pcbselsrc(struct in6_addr **in6src, */ if (ro->ro_rt) { - ifp = if_get(ro->ro_rt->rt_ifidx); - if (ifp != NULL) { - ia6 = in6_ifawithscope(ifp, dst, rtableid); - if_put(ifp); + ia6 = ifatoia6(ro->ro_rt->rt_ifa); + if (ia6 == NULL) { + ifp = if_get(ro->ro_rt->rt_ifidx); + if (ifp != NULL) { + ia6 = in6_ifawithscope(ifp, dst, rtableid); + if_put(ifp); + } } - if (ia6 == NULL) /* xxx scope error ?*/ - ia6 = ifatoia6(ro->ro_rt->rt_ifa); } if (ia6 == NULL) return (EHOSTUNREACH); /* no route */
Re: empty rc.firsttime when installing
On Tue, Jul 14, 2020 at 02:14:55PM +0100, Stuart Henderson wrote: > On 2020/07/14 15:03, Denis Fondras wrote: > > I was upgrading an EdgeRouter and it restarted multiple times instead of > > booting > > /bsd > > > > When I had a chance to boot it correctly, I noticed that sysmerge and > > fw_update > > were run multiple times. > > > > This diff avoids filling rc.firsttime and rc.sysmerge. > > hmm, that will cause problems for some things I do (the main one being: > sysupgrade -n, add a pkg_add -u line to rc.firsttime, reboot). > Thank you all for raising the problem.
empty rc.firsttime when installing
I was upgrading an EdgeRouter and it restarted multiple times instead of booting /bsd When I had a chance to boot it correctly, I noticed that sysmerge and fw_update were run multiple times. This diff avoids filling rc.firsttime and rc.sysmerge. Index: distrib/miniroot/install.sub === RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.1154 diff -u -p -r1.1154 install.sub --- distrib/miniroot/install.sub26 May 2020 16:21:00 - 1.1154 +++ distrib/miniroot/install.sub14 Jul 2020 12:54:27 - @@ -2734,6 +2734,9 @@ finish_up() { local _kernel_dir=/mnt/usr/share/relink/kernel local _kernel=${MDKERNEL:-GENERIC} _syspatch_archs="amd64 arm64 i386" + # Empty rc.firsttime + echo "" >/mnt/etc/rc.firsttime + # Mount all known swap partitions. This gives systems with little # memory a better chance at running 'MAKEDEV all'. if [[ -x /mnt/sbin/swapctl ]]; then @@ -2812,7 +2815,7 @@ finish_up() { # Ensure that sysmerge in batch mode is run on reboot. [[ $MODE == upgrade ]] && - echo "/usr/sbin/sysmerge -b" >>/mnt/etc/rc.sysmerge + echo "/usr/sbin/sysmerge -b" >/mnt/etc/rc.sysmerge # If a proxy was needed to fetch the sets, use it for fw_update and syspatch [[ -n $http_proxy ]] &&
Re: 11n Tx aggregation for iwm(4)
On Fri, Jun 26, 2020 at 02:45:53PM +0200, Stefan Sperling wrote: > This patch adds support for 11n Tx aggregation to iwm(4). iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x73, msi AP is Zyxel USG40W Before : bandwidth min/avg/max/std-dev = 9.800/14.000/14.214/0.606 Mbps After : bandwidth min/avg/max/std-dev = 8.124/47.270/57.076/8.906 Mbps
update vxlan(4) man
vxlan(4) actually supports IPv6 tunnel endpoints. Only multicast endpoints are unsupported. Index: vxlan.4 === RCS file: /cvs/src/share/man/man4/vxlan.4,v retrieving revision 1.8 diff -u -p -r1.8 vxlan.4 --- vxlan.4 22 Nov 2018 17:31:11 - 1.8 +++ vxlan.4 26 Jun 2020 11:52:32 - @@ -176,4 +176,5 @@ decreased MTU of 1450 bytes. In any other case, it is commonly recommended to set the MTU of the transport interfaces to at least 1600 bytes. .Pp -The implementation does not support IPv6 tunnel endpoints at present. +The implementation does not support IPv6 multicast tunnel endpoints at +present.
Re: Some redundant code lines in sys
On Fri, Jun 05, 2020 at 12:56:21PM +0200, Prof. Dr. Steffen Wendzel wrote: > Dear all: > > just in case this appears useful to you: I found some redundant code > lines in the following files. > > sys/net/pipex.h: >struct pipex_session *pipex_pppoe_lookup_session (struct mbuf *); >struct pipex_session *pipex_pppoe_lookup_session (struct mbuf *); > > usr.sbin/relayd/agentx.c >snmp_agentx_oid(pdu, oid) == -1 || >snmp_agentx_oid(pdu, oid) == -1 || > > usr.sbin/snmpd/agentx.c: > snmp_agentx_oid(pdu, oid) == -1 || > snmp_agentx_oid(pdu, oid) == -1 || > > usr.sbin/bgpd/rde.h: > void path_init(u_int32_t); > void path_init(u_int32_t); > > lib/libcurses/nc_tparm.h: > #define TPARM_1(a,b) TPARM_2(a,b,0) > #define TPARM_1(a,b) TPARM_2(a,b,0) > Nice catch, thank you. Index: lib/libcurses/nc_tparm.h === RCS file: /cvs/src/lib/libcurses/nc_tparm.h,v retrieving revision 1.1 diff -u -p -r1.1 nc_tparm.h --- lib/libcurses/nc_tparm.h12 Jan 2010 23:21:59 - 1.1 +++ lib/libcurses/nc_tparm.h5 Jun 2020 11:45:41 - @@ -62,6 +62,5 @@ #define TPARM_3(a,b,c,d) TPARM_4(a,b,c,d,0) #define TPARM_2(a,b,c) TPARM_3(a,b,c,0) #define TPARM_1(a,b) TPARM_2(a,b,0) -#define TPARM_1(a,b) TPARM_2(a,b,0) #define TPARM_0(a) TPARM_1(a,0) #endif Index: sys/net/pipex.h === RCS file: /cvs/src/sys/net/pipex.h,v retrieving revision 1.22 diff -u -p -r1.22 pipex.h --- sys/net/pipex.h 26 May 2020 07:06:37 - 1.22 +++ sys/net/pipex.h 5 Jun 2020 11:45:44 - @@ -206,7 +206,6 @@ int pipex_notify_close struct mbuf *pipex_output (struct mbuf *, int, int, struct pipex_iface_context *); struct pipex_session *pipex_pppoe_lookup_session (struct mbuf *); -struct pipex_session *pipex_pppoe_lookup_session (struct mbuf *); struct mbuf *pipex_pppoe_input (struct mbuf *, struct pipex_session *); struct pipex_session *pipex_pptp_lookup_session (struct mbuf *); struct mbuf *pipex_pptp_input (struct mbuf *, struct pipex_session *); Index: usr.sbin/bgpd/rde.h === RCS file: /cvs/src/usr.sbin/bgpd/rde.h,v retrieving revision 1.233 diff -u -p -r1.233 rde.h --- usr.sbin/bgpd/rde.h 24 Jan 2020 05:44:05 - 1.233 +++ usr.sbin/bgpd/rde.h 5 Jun 2020 11:45:45 - @@ -557,7 +557,6 @@ re_rib(struct rib_entry *re) } voidpath_init(u_int32_t); -voidpath_init(u_int32_t); voidpath_shutdown(void); voidpath_hash_stats(struct rde_hashstats *); int path_compare(struct rde_aspath *, struct rde_aspath *); Index: usr.sbin/relayd/agentx.c === RCS file: /cvs/src/usr.sbin/relayd/agentx.c,v retrieving revision 1.14 diff -u -p -r1.14 agentx.c --- usr.sbin/relayd/agentx.c28 May 2017 10:39:15 - 1.14 +++ usr.sbin/relayd/agentx.c5 Jun 2020 11:45:45 - @@ -654,7 +654,6 @@ snmp_agentx_unregister_pdu(struct snmp_o if (snmp_agentx_raw(pdu, &uhdr, sizeof(uhdr)) == -1 || snmp_agentx_oid(pdu, oid) == -1 || - snmp_agentx_oid(pdu, oid) == -1 || (range_index && snmp_agentx_int(pdu, &range_bound) == -1)) { snmp_agentx_pdu_free(pdu); return (NULL); Index: usr.sbin/snmpd/agentx.c === RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v retrieving revision 1.13 diff -u -p -r1.13 agentx.c --- usr.sbin/snmpd/agentx.c 17 Jun 2018 18:19:59 - 1.13 +++ usr.sbin/snmpd/agentx.c 5 Jun 2020 11:45:45 - @@ -658,7 +658,6 @@ snmp_agentx_unregister_pdu(struct snmp_o if (snmp_agentx_raw(pdu, &uhdr, sizeof(uhdr)) == -1 || snmp_agentx_oid(pdu, oid) == -1 || - snmp_agentx_oid(pdu, oid) == -1 || (range_index && snmp_agentx_int(pdu, &range_bound) == -1)) { snmp_agentx_pdu_free(pdu); return (NULL);
ospf6d: enable reload
This diff provides a working 'ospf6ctl reload'. Must be applied after https://marc.info/?l=openbsd-tech&m=159084971620177&w=2 Index: ospf6ctl/ospf6ctl.c === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v retrieving revision 1.51 diff -u -p -r1.51 ospf6ctl.c --- ospf6ctl/ospf6ctl.c 5 Apr 2020 18:19:04 - 1.51 +++ ospf6ctl/ospf6ctl.c 30 May 2020 18:02:41 - @@ -235,14 +235,10 @@ main(int argc, char *argv[]) done = 1; break; case RELOAD: -#ifdef notyet imsg_compose(ibuf, IMSG_CTL_RELOAD, 0, 0, -1, NULL, 0); printf("reload request sent.\n"); done = 1; break; -#else - errx(1, "reload not supported"); -#endif } while (ibuf->w.queued) Index: ospf6d/ospf6d.c === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospf6d.c,v retrieving revision 1.47 diff -u -p -r1.47 ospf6d.c --- ospf6d/ospf6d.c 30 May 2020 18:02:13 - 1.47 +++ ospf6d/ospf6d.c 30 May 2020 18:02:41 - @@ -277,6 +277,8 @@ main(int argc, char *argv[]) fatalx("control socket setup failed"); main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); + if (unveil("/", "r") == -1) + fatal("unveil"); if (unveil(ospfd_conf->csock, "c") == -1) fatal("unveil"); if (unveil(NULL, NULL) == -1) @@ -611,23 +613,37 @@ ospf_redistribute(struct kroute *kr, u_i int ospf_reload(void) { -#ifdef notyet struct area *area; + struct iface*iface; struct ospfd_conf *xconf; if ((xconf = parse_config(conffile, ospfd_conf->opts)) == NULL) return (-1); - /* XXX bail out if router-id changed */ + /* No router-id was specified, keep existing value */ + if (xconf->rtr_id.s_addr == 0) + xconf->rtr_id.s_addr = ospfd_conf->rtr_id.s_addr; + + /* Abort the reload if rtr_id changed */ + if (ospfd_conf->rtr_id.s_addr != xconf->rtr_id.s_addr) { + log_warnx("router-id changed: restart required"); + return (-1); + } /* send config to childs */ if (ospf_sendboth(IMSG_RECONF_CONF, xconf, sizeof(*xconf)) == -1) return (-1); - /* send areas, interfaces happen out of band */ + /* send areas & interfaces */ LIST_FOREACH(area, &xconf->area_list, entry) { if (ospf_sendboth(IMSG_RECONF_AREA, area, sizeof(*area)) == -1) return (-1); + + LIST_FOREACH(iface, &area->iface_list, entry) { + if (ospf_sendboth(IMSG_RECONF_IFACE, iface, + sizeof(*iface)) == -1) + return (-1); + } } if (ospf_sendboth(IMSG_RECONF_END, NULL, 0) == -1) @@ -639,9 +655,6 @@ ospf_reload(void) /* update redistribute lists */ kr_reload(ospfd_conf->redist_label_or_prefix); return (0); -#else - return (-1); -#endif } int @@ -725,6 +738,22 @@ merge_config(struct ospfd_conf *conf, st * stub is not yet used but switching between stub and normal * will be another painful job. */ + if (a->stub != xa->stub && ospfd_process == PROC_OSPF_ENGINE) + a->dirty = 1; /* force rtr LSA update */ +#if 0 + if (xa->stub && ospfd_process == PROC_RDE_ENGINE) { + while ((r = SIMPLEQ_FIRST(&a->redist_list)) != NULL) { + SIMPLEQ_REMOVE_HEAD(&a->redist_list, entry); + free(r); + } + + while ((r = SIMPLEQ_FIRST(&xa->redist_list)) != NULL) { + SIMPLEQ_REMOVE_HEAD(&xa->redist_list, entry); + SIMPLEQ_INSERT_TAIL(&a->redist_list, r, entry); + } + } +#endif + a->stub = xa->stub; a->stub_default_cost = xa->stub_default_cost; if (ospfd_process == PROC_RDE_ENGINE) @@ -746,7 +775,15 @@ merge_config(struct ospfd_conf *conf, st } if (a->dirty) { a->dirty = 0; - orig_rtr_lsa(LIST_FIRST(&a->iface_list)->area); + orig_rtr_lsa(a); + } + } + } + if (ospfd_process == PROC_RDE_ENGINE) { + LIST_FOREACH(a, &conf->area_list, entry) { + if (a->dirty) { + start_spf_timer(); + break; } } } @@ -767,7 +804,7
ospf6d: change the way interfaces are handled
This diff updates how ospf6d(8) handles interfaces. It is now in line with what ospfd(8) does. Last step before enabling reload. Tested against Mikrotik and Zebra implementations. Warning: it changes the default behaviour. No prefix is announced if no "redistribute" statement is present in config file. Is this a showstopper ? Index: hello.c === RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v retrieving revision 1.22 diff -u -p -r1.22 hello.c --- hello.c 3 Jan 2020 17:25:48 - 1.22 +++ hello.c 30 May 2020 14:19:09 - @@ -175,12 +175,16 @@ recv_hello(struct iface *iface, struct i nbr->priority = LSA_24_GETHI(ntohl(hello.opts)); /* XXX neighbor address shouldn't be stored on virtual links */ nbr->addr = *src; + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0, + src, sizeof(struct in6_addr)); } if (!IN6_ARE_ADDR_EQUAL(&nbr->addr, src)) { log_warnx("%s: neighbor ID %s changed its address to %s", __func__, inet_ntoa(nbr->id), log_in6addr(src)); nbr->addr = *src; + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0, + src, sizeof(struct in6_addr)); } nbr->options = opts; Index: interface.c === RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v retrieving revision 1.29 diff -u -p -r1.29 interface.c --- interface.c 27 May 2020 09:03:56 - 1.29 +++ interface.c 30 May 2020 14:19:09 - @@ -72,8 +72,6 @@ struct { static int vlink_cnt = 0; #endif -TAILQ_HEAD(, iface)iflist; - const char * const if_event_names[] = { "NOTHING", "UP", @@ -145,10 +143,6 @@ if_fsm(struct iface *iface, enum iface_e area_track(iface->area); orig_rtr_lsa(iface->area); orig_link_lsa(iface); - - /* state change inform RDE */ - ospfe_imsg_compose_rde(IMSG_IFINFO, iface->self->peerid, 0, - &iface->state, sizeof(iface->state)); } if (old_state & (IF_STA_MULTI | IF_STA_POINTTOPOINT) && @@ -166,41 +160,8 @@ if_fsm(struct iface *iface, enum iface_e return (ret); } -int -if_init(void) -{ - TAILQ_INIT(&iflist); - - return (fetchifs(0)); -} - -/* XXX using a linked list should be OK for now */ struct iface * -if_find(unsigned int ifindex) -{ - struct iface*iface; - - TAILQ_FOREACH(iface, &iflist, list) { - if (ifindex == iface->ifindex) - return (iface); - } - return (NULL); -} - -struct iface * -if_findname(char *name) -{ - struct iface*iface; - - TAILQ_FOREACH(iface, &iflist, list) { - if (!strcmp(name, iface->name)) - return (iface); - } - return (NULL); -} - -struct iface * -if_new(u_short ifindex, char *ifname) +if_new(struct kif *kif, struct kif_addr *ka) { struct iface*iface; @@ -210,7 +171,6 @@ if_new(u_short ifindex, char *ifname) iface->state = IF_STA_DOWN; LIST_INIT(&iface->nbr_list); - TAILQ_INIT(&iface->ifa_list); TAILQ_INIT(&iface->ls_ack_list); RB_INIT(&iface->lsa_tree); @@ -225,34 +185,36 @@ if_new(u_short ifindex, char *ifname) return (iface); } #endif - strlcpy(iface->name, ifname, sizeof(iface->name)); - iface->ifindex = ifindex; - - TAILQ_INSERT_TAIL(&iflist, iface, list); - - return (iface); -} -void -if_update(struct iface *iface, int mtu, int flags, u_int8_t type, -u_int8_t state, u_int64_t rate, u_int32_t rdomain) -{ - iface->mtu = mtu; - iface->flags = flags; - iface->if_type = type; - iface->linkstate = state; - iface->baudrate = rate; - iface->rdomain = rdomain; + strlcpy(iface->name, kif->ifname, sizeof(iface->name)); - /* set type */ - if (flags & IFF_POINTOPOINT) + /* get type */ + if (kif->flags & IFF_POINTOPOINT) iface->type = IF_TYPE_POINTOPOINT; - if (flags & IFF_BROADCAST && flags & IFF_MULTICAST) + if (kif->flags & IFF_BROADCAST && kif->flags & IFF_MULTICAST) iface->type = IF_TYPE_BROADCAST; - if (flags & IFF_LOOPBACK) { + if (kif->flags & IFF_LOOPBACK) { iface->type = IF_TYPE_POINTOPOINT; - iface->cflags |= F_IFACE_PASSIVE; + iface->passive = 1; } + + /* get mtu, index and flags */ + iface->mtu = kif->mtu; + iface->ifindex = kif->ifindex; + iface->rdomain = kif->rdomain; + iface->flags = kif->flags; + iface->linkstate = kif->link_state; + iface->if_type = kif->if_type; + iface->baudrate = kif->baudrate; + + /* set address, m
Re: snmp(1) cleanup snmpd legacy
On Mon, May 18, 2020 at 12:18:47PM +0200, Martijn van Duren wrote: > Anyone feeling like trimming a little fat? > OK denis@ > On Fri, 2020-05-08 at 11:41 +0200, Martijn van Duren wrote: > > Diff below removes fields from struct oid used by snmpd but not useful > > for snmp(1). Minus 503LoC and -200kb on installed binary. > > No functional change intended. > > > > OK? > > > > martijn@ > > > > Index: mib.c > > === > > RCS file: /cvs/src/usr.bin/snmp/mib.c,v > > retrieving revision 1.1 > > diff -u -p -r1.1 mib.c > > --- mib.c 9 Aug 2019 06:17:59 - 1.1 > > +++ mib.c 8 May 2020 09:40:59 - > > @@ -27,466 +27,9 @@ > > #include "smi.h" > > > > static struct oid mib_tree[] = MIB_TREE; > > -static struct oid base_mib[] = { > > - { MIB(mib_2), OID_MIB }, > > - { MIB(sysDescr),OID_RD }, > > - { MIB(sysOID), OID_RD }, > > - { MIB(sysUpTime), OID_RD }, > > - { MIB(sysContact), OID_RW }, > > - { MIB(sysName), OID_RW }, > > - { MIB(sysLocation), OID_RW }, > > - { MIB(sysServices), OID_RS }, > > - { MIB(sysORLastChange), OID_RD }, > > - { MIB(sysORIndex), OID_TRD }, > > - { MIB(sysORID), OID_TRD }, > > - { MIB(sysORDescr), OID_TRD }, > > - { MIB(sysORUpTime), OID_TRD }, > > - { MIB(snmp),OID_MIB }, > > - { MIB(snmpInPkts), OID_RD }, > > - { MIB(snmpOutPkts), OID_RD }, > > - { MIB(snmpInBadVersions), OID_RD }, > > - { MIB(snmpInBadCommunityNames), OID_RD }, > > - { MIB(snmpInBadCommunityUses), OID_RD }, > > - { MIB(snmpInASNParseErrs), OID_RD }, > > - { MIB(snmpInTooBigs), OID_RD }, > > - { MIB(snmpInNoSuchNames), OID_RD }, > > - { MIB(snmpInBadValues), OID_RD }, > > - { MIB(snmpInReadOnlys), OID_RD }, > > - { MIB(snmpInGenErrs), OID_RD }, > > - { MIB(snmpInTotalReqVars), OID_RD }, > > - { MIB(snmpInTotalSetVars), OID_RD }, > > - { MIB(snmpInGetRequests), OID_RD }, > > - { MIB(snmpInGetNexts), OID_RD }, > > - { MIB(snmpInSetRequests), OID_RD }, > > - { MIB(snmpInGetResponses), OID_RD }, > > - { MIB(snmpInTraps), OID_RD }, > > - { MIB(snmpOutTooBigs), OID_RD }, > > - { MIB(snmpOutNoSuchNames), OID_RD }, > > - { MIB(snmpOutBadValues),OID_RD }, > > - { MIB(snmpOutGenErrs), OID_RD }, > > - { MIB(snmpOutGetRequests), OID_RD }, > > - { MIB(snmpOutGetNexts), OID_RD }, > > - { MIB(snmpOutSetRequests), OID_RD }, > > - { MIB(snmpOutGetResponses), OID_RD }, > > - { MIB(snmpOutTraps),OID_RD }, > > - { MIB(snmpEnableAuthenTraps), OID_RW }, > > - { MIB(snmpSilentDrops), OID_RD }, > > - { MIB(snmpProxyDrops), OID_RD }, > > - { MIBEND } > > -}; > > - > > -static struct oid usm_mib[] = { > > - { MIB(snmpEngine), OID_MIB }, > > - { MIB(snmpEngineID),OID_RD }, > > - { MIB(snmpEngineBoots), OID_RD }, > > - { MIB(snmpEngineTime), OID_RD }, > > - { MIB(snmpEngineMaxMsgSize),OID_RD }, > > - { MIB(usmStats),OID_MIB }, > > - { MIB(usmStatsUnsupportedSecLevels),OID_RD }, > > - { MIB(usmStatsNotInTimeWindow), OID_RD }, > > - { MIB(usmStatsUnknownUserNames),OID_RD }, > > - { MIB(usmStatsUnknownEngineId), OID_RD }, > > - { MIB(usmStatsWrongDigests),OID_RD }, > > - { MIB(usmStatsDecryptionErrors),OID_RD }, > > - { MIBEND } > > -}; > > - > > -static struct oid hr_mib[] = { > > - { MIB(host),OID_MIB }, > > - { MIB(hrSystemUptime), OID_RD }, > > - { MIB(hrSystemDate),OID_RD }, > > - { MIB(hrSystemProcesses), OID_RD }, > > - { MIB(hrSystemMaxProcesses),OID_RD }, > > - { MIB(hrMemorySize),OID_RD }, > > - { MIB(hrStorageIndex), OID_TRD }, > > - { MIB(hrStorageType), OID_TRD }, > > - { MIB(hrStorageDescr), OID_TRD }, > > - { MIB(hrStorageAllocationUnits),OID_TRD }, > > - { MIB(hrStorageSize), OID_TRD }, > > - { MIB(hrStorageUsed), OID_TRD }, > > - { MIB(hrStorageAllocationFailures), OID_TRD }, > > - { MIB(hrDeviceIndex), OID_TRD }, > > - { MIB(hrDeviceType),OID_TRD }, > > - { MIB(hrDeviceDescr), OID_TRD }, > > - { MIB(hrDeviceID), OID_TRD }, > > - { MIB(hrDeviceStatus), OID_TRD }, > > - { MIB(hrDeviceErrors), OID_TRD }, > > - { MIB(hrProcessor
Re: ospfctl json support
On Mon, May 18, 2020 at 09:04:06AM +0200, Claudio Jeker wrote: > There is a file missing in the diff. > > One thing I have seen in the original diff from Richard was that the > copyright in the new file should be copied from ospfctl.c since this is > mostly a copy paste action and not new work. > Stupid me... Here is an update. Thank you Claudio. Index: Makefile === RCS file: /cvs/src/usr.sbin/ospfctl/Makefile,v retrieving revision 1.5 diff -u -p -r1.5 Makefile --- Makefile2 Sep 2016 14:02:48 - 1.5 +++ Makefile17 May 2020 10:51:28 - @@ -3,7 +3,7 @@ .PATH: ${.CURDIR}/../ospfd PROG= ospfctl -SRCS= logmsg.c ospfctl.c parser.c +SRCS= logmsg.c ospfctl.c output.c parser.c CFLAGS+= -Wall CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual Index: ospfctl.c === RCS file: /cvs/src/usr.sbin/ospfctl/ospfctl.c,v retrieving revision 1.66 diff -u -p -r1.66 ospfctl.c --- ospfctl.c 1 Nov 2019 18:15:28 - 1.66 +++ ospfctl.c 17 May 2020 11:11:50 - @@ -35,42 +35,16 @@ #include "ospf.h" #include "ospfd.h" +#include "ospfctl.h" #include "ospfe.h" #include "parser.h" __dead void usage(void); -int show_summary_msg(struct imsg *); -uint64_tget_ifms_type(uint8_t); -int show_interface_msg(struct imsg *); -int show_interface_detail_msg(struct imsg *); -const char *print_link(int); -const char *fmt_timeframe(time_t t); -const char *fmt_timeframe_core(time_t t); -const char *log_id(u_int32_t ); -const char *log_adv_rtr(u_int32_t); -voidshow_database_head(struct in_addr, char *, u_int8_t); -int show_database_msg(struct imsg *); -char *print_ls_type(u_int8_t); -voidshow_db_hdr_msg_detail(struct lsa_hdr *); -char *print_rtr_link_type(u_int8_t); -const char *print_ospf_flags(u_int8_t); -int show_db_msg_detail(struct imsg *imsg); -int show_nbr_msg(struct imsg *); -const char *print_ospf_options(u_int8_t); -int show_nbr_detail_msg(struct imsg *); -int show_rib_msg(struct imsg *); -voidshow_rib_head(struct in_addr, u_int8_t, u_int8_t); -const char *print_ospf_rtr_flags(u_int8_t); -int show_rib_detail_msg(struct imsg *); -voidshow_fib_head(void); -int show_fib_msg(struct imsg *); -voidshow_interface_head(void); -const char *get_media_descr(uint64_t); -const char *get_linkstate(uint8_t, int); -voidprint_baudrate(u_int64_t); -int show_fib_interface_msg(struct imsg *); + +int show(struct imsg *, struct parse_result *); struct imsgbuf *ibuf; +const struct output*output = &show_output; __dead void usage(void) @@ -145,10 +119,6 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0); break; case SHOW_IFACE: - printf("%-11s %-18s %-6s %-10s %-10s %-8s %3s %3s\n", - "Interface", "Address", "State", "HelloTimer", "Linkstate", - "Uptime", "nc", "ac"); - /*FALLTHROUGH*/ case SHOW_IFACE_DTAIL: if (*res->ifname) { ifidx = if_nametoindex(res->ifname); @@ -159,9 +129,6 @@ main(int argc, char *argv[]) &ifidx, sizeof(ifidx)); break; case SHOW_NBR: - printf("%-15s %-3s %-12s %-8s %-15s %-9s %s\n", "ID", "Pri", - "State", "DeadTime", "Address", "Iface","Uptime"); - /*FALLTHROUGH*/ case SHOW_NBR_DTAIL: imsg_compose(ibuf, IMSG_CTL_SHOW_NBR, 0, 0, -1, NULL, 0); break; @@ -194,9 +161,6 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_SHOW_DB_OPAQ, 0, 0, -1, NULL, 0); break; case SHOW_RIB: - printf("%-20s %-17s %-12s %-9s %-7s %-8s\n", "Destination", - "Nexthop", "Path Type", "Type", "Cost", "Uptime"); - /*FALLTHROUGH*/ case SHOW_RIB_DTAIL: imsg_compose(ibuf, IMSG_CTL_SHOW_RIB, 0, 0, -1, NULL, 0); break; @@ -207,7 +171,6 @@ main(int argc, char *argv[]) else imsg_compose(ibuf, IMSG_CTL_KROUTE_ADDR, 0, 0, -1, &res->addr, sizeof(res->addr)); - show_fib_head(); break; case SHOW_FIB_IFACE: if (*res->ifname) @@ -215,7 +178,6 @@ main(int argc, char *argv[]) res->ifname, sizeof(res->ifname)); else imsg_compose(ibuf, IMSG_CTL_IFINFO, 0, 0, -1, NULL, 0); - show_interface_head(); break; case
Re: ospfctl json support
On Fri, May 15, 2020 at 11:34:58AM +0100, Richard Chivers wrote: > Hi, > > I have now resolved the spacing/tabbing issues I think correctly > following style(9), along with a couple of other indent issues. > > Would appreciate a cursory look at this stage to spot any further common > issues. > I fixed some indent and break long lines. It reads OK for me. A quick test shows it works for basic commands. OK denis@ Anyone else for a OK ? Index: Makefile === RCS file: /cvs/src/usr.sbin/ospfctl/Makefile,v retrieving revision 1.5 diff -u -p -r1.5 Makefile --- Makefile2 Sep 2016 14:02:48 - 1.5 +++ Makefile17 May 2020 10:51:28 - @@ -3,7 +3,7 @@ .PATH: ${.CURDIR}/../ospfd PROG= ospfctl -SRCS= logmsg.c ospfctl.c parser.c +SRCS= logmsg.c ospfctl.c output.c parser.c CFLAGS+= -Wall CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual Index: ospfctl.c === RCS file: /cvs/src/usr.sbin/ospfctl/ospfctl.c,v retrieving revision 1.66 diff -u -p -r1.66 ospfctl.c --- ospfctl.c 1 Nov 2019 18:15:28 - 1.66 +++ ospfctl.c 17 May 2020 11:11:50 - @@ -35,42 +35,16 @@ #include "ospf.h" #include "ospfd.h" +#include "ospfctl.h" #include "ospfe.h" #include "parser.h" __dead void usage(void); -int show_summary_msg(struct imsg *); -uint64_tget_ifms_type(uint8_t); -int show_interface_msg(struct imsg *); -int show_interface_detail_msg(struct imsg *); -const char *print_link(int); -const char *fmt_timeframe(time_t t); -const char *fmt_timeframe_core(time_t t); -const char *log_id(u_int32_t ); -const char *log_adv_rtr(u_int32_t); -voidshow_database_head(struct in_addr, char *, u_int8_t); -int show_database_msg(struct imsg *); -char *print_ls_type(u_int8_t); -voidshow_db_hdr_msg_detail(struct lsa_hdr *); -char *print_rtr_link_type(u_int8_t); -const char *print_ospf_flags(u_int8_t); -int show_db_msg_detail(struct imsg *imsg); -int show_nbr_msg(struct imsg *); -const char *print_ospf_options(u_int8_t); -int show_nbr_detail_msg(struct imsg *); -int show_rib_msg(struct imsg *); -voidshow_rib_head(struct in_addr, u_int8_t, u_int8_t); -const char *print_ospf_rtr_flags(u_int8_t); -int show_rib_detail_msg(struct imsg *); -voidshow_fib_head(void); -int show_fib_msg(struct imsg *); -voidshow_interface_head(void); -const char *get_media_descr(uint64_t); -const char *get_linkstate(uint8_t, int); -voidprint_baudrate(u_int64_t); -int show_fib_interface_msg(struct imsg *); + +int show(struct imsg *, struct parse_result *); struct imsgbuf *ibuf; +const struct output*output = &show_output; __dead void usage(void) @@ -145,10 +119,6 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0); break; case SHOW_IFACE: - printf("%-11s %-18s %-6s %-10s %-10s %-8s %3s %3s\n", - "Interface", "Address", "State", "HelloTimer", "Linkstate", - "Uptime", "nc", "ac"); - /*FALLTHROUGH*/ case SHOW_IFACE_DTAIL: if (*res->ifname) { ifidx = if_nametoindex(res->ifname); @@ -159,9 +129,6 @@ main(int argc, char *argv[]) &ifidx, sizeof(ifidx)); break; case SHOW_NBR: - printf("%-15s %-3s %-12s %-8s %-15s %-9s %s\n", "ID", "Pri", - "State", "DeadTime", "Address", "Iface","Uptime"); - /*FALLTHROUGH*/ case SHOW_NBR_DTAIL: imsg_compose(ibuf, IMSG_CTL_SHOW_NBR, 0, 0, -1, NULL, 0); break; @@ -194,9 +161,6 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_SHOW_DB_OPAQ, 0, 0, -1, NULL, 0); break; case SHOW_RIB: - printf("%-20s %-17s %-12s %-9s %-7s %-8s\n", "Destination", - "Nexthop", "Path Type", "Type", "Cost", "Uptime"); - /*FALLTHROUGH*/ case SHOW_RIB_DTAIL: imsg_compose(ibuf, IMSG_CTL_SHOW_RIB, 0, 0, -1, NULL, 0); break; @@ -207,7 +171,6 @@ main(int argc, char *argv[]) else imsg_compose(ibuf, IMSG_CTL_KROUTE_ADDR, 0, 0, -1, &res->addr, sizeof(res->addr)); - show_fib_head(); break; case SHOW_FIB_IFACE: if (*res->ifname) @@ -215,7 +178,6 @@ main(int argc, char *argv[]) res->ifname, sizeof(res->ifname)); else imsg_compose(ibuf, IMSG_CTL_IFINFO, 0
Re: bgpctl paged output for show rib
> This implements a way to add a limit for bgpctl show rib output. > When a limit is set then the output will include a token (at the end) > that can be used to get the next batch of output. These two things allow > to build a frontend that puts the output onto multiple pages. > Both regular output and JSON output include the token. > I am not comfortable with this. It seems out of the scope of bgpctl. I would prefer to keep it simple / follow the unix way, aka pipe the output to another tool to paginate the output. In your example you use a temp file, why not work on this file to manage the limit / page display ?
ospf6d: remove F_IFACE_AVAIL
This information is never used/checked. Index: kroute.c === RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v retrieving revision 1.63 diff -u -p -r1.63 kroute.c --- kroute.c16 May 2020 15:54:12 - 1.63 +++ kroute.c16 May 2020 18:11:51 - @@ -761,7 +761,6 @@ kif_update(u_short ifindex, int flags, s return (NULL); if ((iface = if_new(ifindex, ifname)) == NULL) return (NULL); - iface->cflags |= F_IFACE_AVAIL; } if_update(iface, ifd->ifi_mtu, flags, ifd->ifi_type, @@ -1019,7 +1018,6 @@ if_announce(void *msg) case IFAN_ARRIVAL: if ((iface = if_new(ifan->ifan_index, ifan->ifan_name)) == NULL) fatal("if_announce failed"); - iface->cflags |= F_IFACE_AVAIL; break; case IFAN_DEPARTURE: iface = if_find(ifan->ifan_index); Index: ospf6d.h === RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v retrieving revision 1.48 diff -u -p -r1.48 ospf6d.h --- ospf6d.h16 May 2020 15:54:12 - 1.48 +++ ospf6d.h16 May 2020 18:11:51 - @@ -330,7 +330,6 @@ struct iface { u_int8_t cflags; #define F_IFACE_PASSIVE0x01 #define F_IFACE_CONFIGURED 0x02 -#define F_IFACE_AVAIL 0x04 }; struct ifaddrchange {
scan_ffs prints negative size
Small diff to fix size printing. Before : $ doas scan_ffs -v sd0 block 55167 id 758d4818,f2894c98 size -859043093 After: $ doas ./obj/scan_ffs -v sd0 block 55167 id 758d4818,f2894c98 size 3435924203 Index: scan_ffs.c === RCS file: /cvs/src/sbin/scan_ffs/scan_ffs.c,v retrieving revision 1.23 diff -u -p -r1.23 scan_ffs.c --- scan_ffs.c 28 Jun 2019 13:32:46 - 1.23 +++ scan_ffs.c 16 May 2020 12:19:18 - @@ -70,7 +70,7 @@ ufsscan(int fd, daddr_t beg, daddr_t end sb = (struct fs*)(&buf[n]); if (sb->fs_magic == FS_MAGIC) { if (flags & FLAG_VERBOSE) - printf("block %lld id %x,%x size %d\n", + printf("block %lld id %x,%x size %u\n", (long long)(blk + (n/512)), sb->fs_id[0], sb->fs_id[1], sb->fs_ffs1_size);
Re: ospfctl json support
On Thu, May 14, 2020 at 07:15:41PM +0100, Richard Chivers wrote: > Shall I effectively fix issues in the original code at this stage, or only > where I have moved and refactored? > Thanks. Limit the changes to what is relative to json support. The diff is already big enough :)
ospf6d: remove IMSG_IFDELETE
Following https://marc.info/?l=openbsd-tech&m=158946552515632&w=2, when IMSG_IFADD is removed, IMSG_IFDELETE becomes useless... Index: kroute.c === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/kroute.c,v retrieving revision 1.62 diff -u -p -r1.62 kroute.c --- kroute.c16 Dec 2019 08:28:33 - 1.62 +++ kroute.c14 May 2020 18:06:16 - @@ -1023,12 +1023,6 @@ if_announce(void *msg) break; case IFAN_DEPARTURE: iface = if_find(ifan->ifan_index); - if (iface->cflags & F_IFACE_CONFIGURED) { - main_imsg_compose_rde(IMSG_IFDELETE, 0, - &iface->ifindex, sizeof(iface->ifindex)); - main_imsg_compose_ospfe(IMSG_IFDELETE, 0, - &iface->ifindex, sizeof(iface->ifindex)); - } if_del(iface); break; } Index: ospf6d.h === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospf6d.h,v retrieving revision 1.47 diff -u -p -r1.47 ospf6d.h --- ospf6d.h14 May 2020 18:05:50 - 1.47 +++ ospf6d.h14 May 2020 18:06:30 - @@ -103,7 +103,6 @@ enum imsg_type { IMSG_KROUTE_CHANGE, IMSG_KROUTE_DELETE, IMSG_IFINFO, - IMSG_IFDELETE, IMSG_IFADDRNEW, IMSG_IFADDRDEL, IMSG_NEIGHBOR_UP, Index: ospfe.c === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospfe.c,v retrieving revision 1.62 diff -u -p -r1.62 ospfe.c --- ospfe.c 14 May 2020 18:05:50 - 1.62 +++ ospfe.c 14 May 2020 18:07:26 - @@ -257,7 +257,6 @@ ospfe_dispatch_main(int fd, short event, struct imsgev *iev = bula; struct imsgbuf *ibuf = &iev->ibuf; int n, stub_changed, shut = 0, isvalid, wasvalid; - unsigned int ifindex; if (event & EV_READ) { if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) @@ -326,19 +325,6 @@ ospfe_dispatch_main(int fd, short event, if_fsm(iface, IF_EVT_DOWN); log_warnx("interface %s down", iface->name); } - break; - case IMSG_IFDELETE: - if (imsg.hdr.len != IMSG_HEADER_SIZE + - sizeof(ifindex)) - fatalx("IFDELETE imsg with wrong len"); - - memcpy(&ifindex, imsg.data, sizeof(ifindex)); - iface = if_find(ifindex); - if (iface == NULL) - fatalx("interface lost in ospfe"); - - LIST_REMOVE(iface, entry); - if_del(iface); break; case IMSG_IFADDRNEW: if (imsg.hdr.len != IMSG_HEADER_SIZE + Index: rde.c === RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/rde.c,v retrieving revision 1.87 diff -u -p -r1.87 rde.c --- rde.c 14 May 2020 18:05:50 - 1.87 +++ rde.c 14 May 2020 18:07:18 - @@ -651,7 +651,6 @@ rde_dispatch_parent(int fd, short event, struct imsgbuf *ibuf = &iev->ibuf; ssize_t n; int shut = 0, link_ok, prev_link_ok, orig_lsa; - unsigned int ifindex; if (event & EV_READ) { if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) @@ -733,19 +732,6 @@ rde_dispatch_parent(int fd, short event, orig_intra_area_prefix_lsas(iface->area); - break; - case IMSG_IFDELETE: - if (imsg.hdr.len != IMSG_HEADER_SIZE + - sizeof(ifindex)) - fatalx("IFDELETE imsg with wrong len"); - - memcpy(&ifindex, imsg.data, sizeof(ifindex)); - iface = if_find(ifindex); - if (iface == NULL) - fatalx("interface lost in rde"); - - LIST_REMOVE(iface, entry); - if_del(iface); break; case IMSG_IFADDRNEW: if (imsg.hdr.len != IMSG_HEADER_SIZE +
Re: ospfctl json support
On Thu, May 14, 2020 at 05:51:58PM +0100, Richard Chivers wrote: > Let me know if this now works for you. > This is better, I can apply it :) However, there are many style(9) issues. Can you fix them please before I review the changes ? Thank you.
ospf6d: remove IMSG_IFADD
IMSG_IFADD is never used, wipe it. Index: ospf6d.h === RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v retrieving revision 1.46 diff -u -p -r1.46 ospf6d.h --- ospf6d.h5 Apr 2020 18:19:04 - 1.46 +++ ospf6d.h14 May 2020 13:52:08 - @@ -103,7 +103,6 @@ enum imsg_type { IMSG_KROUTE_CHANGE, IMSG_KROUTE_DELETE, IMSG_IFINFO, - IMSG_IFADD, IMSG_IFDELETE, IMSG_IFADDRNEW, IMSG_IFADDRDEL, Index: ospfe.c === RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v retrieving revision 1.61 diff -u -p -r1.61 ospfe.c --- ospfe.c 2 Jan 2020 10:16:46 - 1.61 +++ ospfe.c 14 May 2020 13:52:08 - @@ -327,18 +327,6 @@ ospfe_dispatch_main(int fd, short event, log_warnx("interface %s down", iface->name); } break; - case IMSG_IFADD: - if ((iface = malloc(sizeof(struct iface))) == NULL) - fatal(NULL); - memcpy(iface, imsg.data, sizeof(struct iface)); - - LIST_INIT(&iface->nbr_list); - TAILQ_INIT(&iface->ls_ack_list); - RB_INIT(&iface->lsa_tree); - - LIST_INSERT_HEAD(&iface->area->iface_list, iface, - entry); - break; case IMSG_IFDELETE: if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(ifindex)) Index: rde.c === RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v retrieving revision 1.86 diff -u -p -r1.86 rde.c --- rde.c 5 Apr 2020 18:19:04 - 1.86 +++ rde.c 14 May 2020 13:52:09 - @@ -734,17 +734,6 @@ rde_dispatch_parent(int fd, short event, orig_intra_area_prefix_lsas(iface->area); break; - case IMSG_IFADD: - if ((iface = malloc(sizeof(struct iface))) == NULL) - fatal(NULL); - memcpy(iface, imsg.data, sizeof(struct iface)); - - LIST_INIT(&iface->nbr_list); - TAILQ_INIT(&iface->ls_ack_list); - RB_INIT(&iface->lsa_tree); - - LIST_INSERT_HEAD(&iface->area->iface_list, iface, entry); - break; case IMSG_IFDELETE: if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(ifindex))