Re: struct ifnet locking [was Re: IFEF_MPSAFE]
On 19/12/2017 03:43, Ryota Ozaki wrote: BTW I committed a change that disables IFEF_MPSAFE by default on all interfaces because it seems that IFEF_MPSAFE requires additional changes to work safely with it. We should enable it by default if an interface is guaranteed to be safe. What additional changes? Thanks, Nick
Re: RFC: ipsec(4) pseudo interface
In article <20171218184400.ga27...@britannica.bec.de>, Joerg Sonnenbergerwrote: >On Mon, Dec 18, 2017 at 06:49:44PM +0900, Kengo NAKAHARA wrote: >> (a) Add if_ipsec.4 >> (b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then >> add ipsec.4(for ipsec pseudo interface) >> (c) any other > >I'd call it either ifipsec(4) or ipsecif(4). Traditionally the names of devices drivers and protocols go to section 4. So we have a conflict here, use one of the names Joerg suggested and cross reference it on the top of the ipsec.4 page: .Pp This manual pages describes the IPSEC. For the network device driver please see .Xr ifipsec 4 . christos
Re: getsockopt(2)
David Hollandwrote: >On Mon, Dec 18, 2017 at 07:21:33PM +, David Holland wrote: > > On Thu, Dec 07, 2017 at 03:04:32PM +, Robert Swindells wrote: > > > I wrote: > > >> Does anyone know why we don't use the input 'optlen' parameter to the > > >> getsockopt(2) syscall, we do write back to it on return. > > >> [...] > > >> > > >> There are also lots of places in sctp_usrreq that want to use it. > > >> > > >> I can set it with the following patch (line numbers will be slightly > > >> out), but wondered if there was a reason for the current behaviour. > > >> [...] > > > > > > Has anyone had any other thoughts on this ? > > > > > > I still think that the one line change shown here is correct, it will > > > allocate a buffer that gets filled by the stuff to be copied back to > > > userspace. > > > > The man page for getsockopt says [irrelevant stuff] > >Oops, I guess I am missing something. The current code isn't wrong. In the "get" path, sockopt_set() or sockopt_setmbuf() will allocate a buffer if needed, most other values are ints and can go in the 4 byte buffer in the sockopt. I guess it avoids needing to free the buffer if there is an error while building up the data to return.
Re: getsockopt(2)
On Mon, Dec 18, 2017 at 07:21:33PM +, David Holland wrote: > On Thu, Dec 07, 2017 at 03:04:32PM +, Robert Swindells wrote: > > I wrote: > >> Does anyone know why we don't use the input 'optlen' parameter to the > >> getsockopt(2) syscall, we do write back to it on return. > >> [...] > >> > >> There are also lots of places in sctp_usrreq that want to use it. > >> > >> I can set it with the following patch (line numbers will be slightly > >> out), but wondered if there was a reason for the current behaviour. > >> [...] > > > > Has anyone had any other thoughts on this ? > > > > I still think that the one line change shown here is correct, it will > > allocate a buffer that gets filled by the stuff to be copied back to > > userspace. > > The man page for getsockopt says [irrelevant stuff] Oops, I guess I am missing something. -- David A. Holland dholl...@netbsd.org
Re: getsockopt(2)
On Thu, Dec 07, 2017 at 03:04:32PM +, Robert Swindells wrote: > I wrote: >> Does anyone know why we don't use the input 'optlen' parameter to the >> getsockopt(2) syscall, we do write back to it on return. >> [...] >> >> There are also lots of places in sctp_usrreq that want to use it. >> >> I can set it with the following patch (line numbers will be slightly >> out), but wondered if there was a reason for the current behaviour. >> [...] > > Has anyone had any other thoughts on this ? > > I still think that the one line change shown here is correct, it will > allocate a buffer that gets filled by the stuff to be copied back to > userspace. The man page for getsockopt says that the optlen argument should be initialized with the size before calling getsockopt: The parameters optval and optlen are used to access option values for setsockopt(). For getsockopt() they identify a buffer in which the value for the requested option(s) are to be returned. For getsockopt(), optlen is a value-result parameter, initially containing the size of the buffer pointed to by optval, and modified on return to indicate the actual size of the value returned. This is also the traditional behavior of this type of call (compare e.g. getpeername) and there's no particular reason getsockopt should be different. So I think (a) any code we have that doesn't initialize the value is wrong and should be fixed; (b) any existing kernel code that blats values out to the buffer without checking the user's length is wrong and should be fixed; and (c) if this is an endemic problem we should fix all the wrong user code and then version the syscall before changing the kernel to behave as documented. (but hopefully that isn't necessary) Am I missing something? I'm not sure how the subsequent discussion morphed into ways to hack setsockopt to serve as getsockopt... -- David A. Holland dholl...@netbsd.org
Re: sstk(2) removal proposal
On Sat, Dec 16, 2017 at 06:40:04AM +0100, Kamil Rytarowski wrote: > I propose to remove the sstk syscall. > > It has been added in day0 by with the initial NetBSD commit and > never implemented. It has been purged from OpenBSD and is still around > in FreeBSD as never implemented and commented for removal (in capabilities). > > It used to mean "change stack section size", and it's from the same > family of functions as sbrk(2) and brk(2). > > It does not look like a candidate for being relevant again in the age of > UVM, mmap(2) and 32/64-bit address space. That really is obsolete trash; please nuke it... -- David A. Holland dholl...@netbsd.org
Re: RFC: ipsec(4) pseudo interface
On Mon, Dec 18, 2017 at 06:49:44PM +0900, Kengo NAKAHARA wrote: > (a) Add if_ipsec.4 > (b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then > add ipsec.4(for ipsec pseudo interface) > (c) any other I'd call it either ifipsec(4) or ipsecif(4). Joerg
Re: RFC: ipsec(4) pseudo interface
In article <02c36311-2fcd-08cf-cc71-b472e7c01...@iij.ad.jp>, Kengo NAKAHARAwrote: >Hi, > >We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo >interface manages its security policy(SP) by itself, in particular, we do ># ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2 >the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are >generated automatically and atomically. And then, when we do ># ifconfig ipsec0 deletetunnel >the SPs are destroyed automatically and atomically, too. > >Here is the patches and an unified patch. >http://netbsd.org/~knakahara/if_ipsec/if_ipsec.tgz >http://netbsd.org/~knakahara/if_ipsec/if_ipsec-unified.patch > >By the way, I have one question. In the above patch(s), I temporarily add >manual for ipsecX pseudo interface as if_ipsec.4, because there is already >ipsec.4 for general ipsec protocol. How should I add the man of ipsec(4) >pseudo interface? >(a) Add if_ipsec.4 >(b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then >add ipsec.4(for ipsec pseudo interface) >(c) any other > >Could you comment the patch or the question? I've wanted this feature for a long time! Looks ok to me, but the sockaddr_copy()/port setting code, should be abstracted to a single function since it is repeated in ioctl(). christos
Re: Merging ugen into the usb stack
Hi Martin, - add a variation of uftdi that attaches on single interfaces (Wolfgang, can you share your code, even if it does not work with -current?), and either always use this variant, or use this variant on chips matched by above mentioned quirks table. See attached. The only other change required is in files.usb, where I had to change the "attach uftdi at usbdevif" to "attach uftdi at usbifif". With these changes I was able to attach uftdi by specifying an interface. - make ugen be able to attach to single/specific interfaces as well (off hand I'm not sure this would need code changes, but again, Wolfgang, could you make your patches available?) Sorry, looks like I lost any changes I made to ugen.c :-( Ciao, Wolfgang -- wolfg...@solfrank.net Wolfgang Solfrank /* $NetBSD: uftdi.c,v 1.60 2015/02/20 14:50:53 nonaka Exp $ */ /* * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Lennart Augustsson (lenn...@augustsson.net). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include __KERNEL_RCSID(0, "$NetBSD: uftdi.c,v 1.60 2015/02/20 14:50:53 nonaka Exp $"); #include #include #include #include #include #include #include #include #include #include #include #include #ifdef UFTDI_DEBUG #define DPRINTF(x) if (uftdidebug) printf x #define DPRINTFN(n,x) if (uftdidebug>(n)) printf x int uftdidebug = 0; #else #define DPRINTF(x) #define DPRINTFN(n,x) #endif #define UFTDI_CONFIG_NO 1 /* * These are the default number of bytes transferred per frame if the * endpoint doesn't tell us. The output buffer size is a hard limit * for devices that use a 6-bit size encoding. */ #define UFTDIIBUFSIZE 64 #define UFTDIOBUFSIZE 64 /* * Magic constants! Where do these come from? They're what Linux uses... */ #define UFTDI_MAX_IBUFSIZE 512 #define UFTDI_MAX_OBUFSIZE 256 struct uftdi_softc { device_t sc_dev; /* base device */ usbd_device_handle sc_udev; /* device */ int sc_iface_no; usbd_interface_handle sc_iface; /* interface */ enum uftdi_type sc_type; u_int sc_hdrlen; u_int sc_chiptype; u_char sc_msr; u_char sc_lsr; device_t sc_subdev; u_char sc_dying; u_int last_lcr; }; Static void uftdi_get_status(void *, int portno, u_char *lsr, u_char *msr); Static void uftdi_set(void *, int, int, int); Static int uftdi_param(void *, int, struct termios *); Static int uftdi_open(void *sc, int portno); Static void uftdi_read(void *sc, int portno, u_char **ptr,u_int32_t *count); Static void uftdi_write(void *sc, int portno, u_char *to, u_char *from, u_int32_t *count); Static void uftdi_break(void *sc, int portno, int onoff); struct ucom_methods uftdi_methods = { uftdi_get_status, uftdi_set, uftdi_param, NULL, uftdi_open, NULL, uftdi_read, uftdi_write, }; /* * The devices default to UFTDI_TYPE_8U232AM. * Remember to update uftdi_attach() if it should be UFTDI_TYPE_SIO instead */ static const struct usb_devno uftdi_devs[] = { { USB_VENDOR_BBELECTRONICS, USB_PRODUCT_BBELECTRONICS_USOTL4 }, { USB_VENDOR_FALCOM, USB_PRODUCT_FALCOM_TWIST }, { USB_VENDOR_FALCOM, USB_PRODUCT_FALCOM_SAMBA }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_230X }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_232H }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_232RL }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_2232C }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_4232H }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_8U100AX }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_SERIAL_8U232AM }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_MHAM_KW }, { USB_VENDOR_FTDI, USB_PRODUCT_FTDI_MHAM_YS }, {
RFC: ipsec(4) pseudo interface
Hi, We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo interface manages its security policy(SP) by itself, in particular, we do # ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2 the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are generated automatically and atomically. And then, when we do # ifconfig ipsec0 deletetunnel the SPs are destroyed automatically and atomically, too. Here is the patches and an unified patch. http://netbsd.org/~knakahara/if_ipsec/if_ipsec.tgz http://netbsd.org/~knakahara/if_ipsec/if_ipsec-unified.patch By the way, I have one question. In the above patch(s), I temporarily add manual for ipsecX pseudo interface as if_ipsec.4, because there is already ipsec.4 for general ipsec protocol. How should I add the man of ipsec(4) pseudo interface? (a) Add if_ipsec.4 (b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then add ipsec.4(for ipsec pseudo interface) (c) any other Could you comment the patch or the question? Thanks, -- // Internet Initiative Japan Inc. Device Engineering Section, IoT Platform Development Department, Network Division, Technology Unit Kengo NAKAHARA