2 network threads & IPsec

2017-11-08 Thread Martin Pieuchot
We're experimenting with 2 threads processing input packets. That's good enough to improve forwarding performance and finally run pf_test() in parallel. However IPsec is not ready for that. Until somebody takes care of IPsec here's the solution: stay with a single thread. Diff below implements

Re: Introduce NET_RLOCK()

2017-11-08 Thread Saša Nedvědický
Hello, I think the recent diff should go in so I can pick it up to my tree. It's the same what I have in my net/systm.h What I also found that in some cases, we are going to grab KERNEL_LOCK(), while running in in_input_process(). this typically happens when we deal with multicast forwarding in

Re: 2 network threads & IPsec

2017-11-08 Thread Saša Nedvědický
Hello, I'm all-in your diff gets me un-stuck. O.K. sashan 2017-11-08 11:02 GMT+01:00 Martin Pieuchot : > We're experimenting with 2 threads processing input packets. That's > good enough to improve forwarding performance and finally run pf_test() > in parallel. However IPsec

Re: Introduce NET_RLOCK()

2017-11-08 Thread Martin Pieuchot
On 08/11/17(Wed) 12:22, Saša Nedvědický wrote: > Hello, > > I think the recent diff should go in so I can pick it up to my tree. > It's the same what I have in my net/systm.h > > What I also found that in some cases, we are going to > grab KERNEL_LOCK(), while running in in_input_process(). >

Re: Introduce NET_RLOCK()

2017-11-08 Thread Martin Pieuchot
On 08/11/17(Wed) 10:37, Martin Pieuchot wrote: > We're at the stage where we want to run multiple parts of the Network > Stack in parallel. sashan@ is trying to get multiple network threads > running to exercise parallelism in pf_test() and tb@ is trying to push > the NET_LOCK() further down in

Re: Introduce NET_RLOCK()

2017-11-08 Thread Mark Kettenis
> Date: Wed, 8 Nov 2017 10:37:02 +0100 > From: Martin Pieuchot > > We're at the stage where we want to run multiple parts of the Network > Stack in parallel. sashan@ is trying to get multiple network threads > running to exercise parallelism in pf_test() and tb@ is trying to

un-KERNEL_LOCK() TCP/UDP input & co

2017-11-08 Thread Martin Pieuchot
After auditing all the pr_input() functions, the only missing bits for taking them out of the KERNEL_LOCK() are: ``etheripstat''. I leave such counter conversions for somebody else (8 In the meantime I annotated globals used in these functions. Most of the pseudo-interfaces have a global list

fuse: vfs create does not map 1:1 to fuse create

2017-11-08 Thread Helg Bredow
There is a bug when creating a file in fuse-exfat and then deleting it again without first unmounting the file system. The reason for this is that fuse-exfat maintains strict reference counts and fuse currently calls the file system create and open functions when it should only call create. The

Re: fuse: vfs create does not map 1:1 to fuse create

2017-11-08 Thread Martin Pieuchot
On 08/11/17(Wed) 14:12, Helg Bredow wrote: > There is a bug when creating a file in fuse-exfat and then deleting it > again without first unmounting the file system. The reason for this is > that fuse-exfat maintains strict reference counts and fuse currently > calls the file system create and

Re: iked: Do not accept superfluous arguments

2017-11-08 Thread Klemens Nanni
On Wed, Aug 23, 2017 at 10:42:36PM +0200, Klemens Nanni wrote: > Calling `iked reload' when I meant `ikectl reload' showed that iked > happily returned 0 and and fired up another daemon. > > Feedback? Second bump after two months with the diff reattached. Anyone? diff --git a/sbin/iked/iked.c

Re: iked: Do not accept superfluous arguments

2017-11-08 Thread Patrick Wildt
On Wed, Nov 08, 2017 at 05:18:29PM +0100, Klemens Nanni wrote: > On Wed, Aug 23, 2017 at 10:42:36PM +0200, Klemens Nanni wrote: > > Calling `iked reload' when I meant `ikectl reload' showed that iked > > happily returned 0 and and fired up another daemon. > > > > Feedback? > Second bump after two

Re: [PATCH 1/2 v2] VMD: remove add from switch configuration

2017-11-08 Thread Reyk Floeter
On Thu, Nov 02, 2017 at 05:55:32PM -0700, Carlos Cardenas wrote: > Remove configuration items on switches for: > * adding static interfaces > > Adding static interfaces are to be set in hostname.if. > > Changed rule on rdomain: > * vm->interface->rdomain takes precedence over sw->rdomain > >

Re: [PATCH] amd64/bsd.rd: add growfs(8)

2017-11-08 Thread Florian Obser
On Tue, Nov 07, 2017 at 06:15:09PM +, Job Snijders wrote: > On Mon, Nov 06, 2017 at 04:14:48PM -0700, Theo de Raadt wrote: > > I agree on that. So please put it into the correct lists files for > > all the unlimited ramdisks. > > > > Job, the situation is a little nit-picky but try to do it

Re: iked: load explicit flows for ipip/ipcomp

2017-11-08 Thread Markus Friedl
ok On Sun, Nov 05, 2017 at 10:39:18PM +0100, Patrick Wildt wrote: > Hi, > > for IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP > tunneled packets, otherwise every packet between the gateways will > be sent into the tunnel (e.g. ICMP, too). > > ok? > > Patrick > > diff --git

Introduce NET_RLOCK()

2017-11-08 Thread Martin Pieuchot
We're at the stage where we want to run multiple parts of the Network Stack in parallel. sashan@ is trying to get multiple network threads running to exercise parallelism in pf_test() and tb@ is trying to push the NET_LOCK() further down in ioctl(2) path. However we want to be able to gradually

Re: TLS with static non-PIE binaries

2017-11-08 Thread Charles Collicutt
On Sun, Nov 05, 2017 at 01:02:36PM -0800, Philip Guenther wrote: > Well, ld.so and libc _should_ currently support startup-time TLS using the > initial-exec and local-exec modules. I can't see support for R_x_TPOFF64 relocations in ld.so(1) so I don't think initial-exec will work. But local-exec

[PATCH 0/2 v3] VMD: switch configuration changes

2017-11-08 Thread Carlos Cardenas
This patch series makes the following changes to switch configuration: * Removes adding static interfaces (done in /etc/hostname.if) * vm->interface->rdomain take precedence over sw->rdomain Updated regression tests to match vm.conf changes. Updated examples/vm.conf to match vm.conf changes.

Re: fuse: vfs create does not map 1:1 to fuse create

2017-11-08 Thread Helg Bredow
On Wed, 8 Nov 2017 16:50:07 +0100 Martin Pieuchot wrote: > On 08/11/17(Wed) 14:12, Helg Bredow wrote: > > There is a bug when creating a file in fuse-exfat and then deleting it > > again without first unmounting the file system. The reason for this is > > that fuse-exfat

README patch

2017-11-08 Thread Edgar Pettijohn
EADME.orig 2017-11-08 20:11:47.091955000 -0600 +++ README 2017-11-08 20:12:19.787639000 -0600 @@ -49,8 +49,8 @@ No major funding or cost-sharing of the project comes from any company or educational institution. Theo works full-time on improving OpenBSD -and paying bills, many other

[PATCH 1/2 v3] VMD: remove add from switch configuration

2017-11-08 Thread Carlos Cardenas
Remove configuration items on switches for: * adding static interfaces Adding static interfaces are to be set in hostname.if. Changed rule on rdomain: * vm->interface->rdomain takes precedence over sw->rdomain Update examples/vm.conf and vm.conf manpage to reflect changes. Comments? Ok? Ok by

/etc/netstart diff

2017-11-08 Thread Holger Mikolon
The veriable $HN_DIR is set in /etc/netstart on line 166 but used only once (line 78). The diff below makes use of $HN_DIR in the other cases where netstart cares of ip address configuration. With below change I can maintain different sets (think "profiles") of hostname.if(5) files in separate

[PATCH 2/2 v3] VMD: regress tests update for switch configuration

2017-11-08 Thread Carlos Cardenas
Update regression tests to match new switch configuration diff --git regress/usr.sbin/vmd/config/Makefile regress/usr.sbin/vmd/config/Makefile index 2adc69ae491..3bf124aff56 100644 --- regress/usr.sbin/vmd/config/Makefile +++ regress/usr.sbin/vmd/config/Makefile @@ -5,7 +5,7 @@ VMD ?=

Re: TLS with static non-PIE binaries

2017-11-08 Thread Philip Guenther
On Wed, Nov 8, 2017 at 10:43 PM, Charles Collicutt wrote: > On Sun, Nov 05, 2017 at 01:02:36PM -0800, Philip Guenther wrote: > > Well, ld.so and libc _should_ currently support startup-time TLS using > the > > initial-exec and local-exec modules. > > I can't see support