claudio [Tue, 22 Jun 2021 17:57:07 +0000 (17:57 +0000)]
Adjust expected output after the change to show more proper info in Adj-RIB-Out
patrick [Tue, 22 Jun 2021 16:36:59 +0000 (16:36 +0000)]
bwfm(4) on PCI isn't really MPSAFE, and I'm not sure how this flag
even got there in the first place. I've been wondering why I have
seen a bit of mbuf corruption here and there since I put the bwfm(4)
M.2 PCIe card into my arm64 machine. Well, duh.
jmc [Tue, 22 Jun 2021 15:01:55 +0000 (15:01 +0000)]
Pp not required before list items;
jmc [Tue, 22 Jun 2021 14:52:33 +0000 (14:52 +0000)]
reduce verbosity of usage(), making it match SYNOPSIS;
ok kettenis
jmc [Tue, 22 Jun 2021 14:51:29 +0000 (14:51 +0000)]
reduce verbosity of usage(); keep it the same as SYNOPSIS, wrapped at 80w.
lowercase for "usage", and add -e, which was missing;
ok kettenis
krw [Tue, 22 Jun 2021 14:01:58 +0000 (14:01 +0000)]
The values for blocks and offset in -b should be treated as 512-byte block
counts.
Tweak man page accordingly.
Requested by deraadt@ and kettenis@.
jca [Mon, 21 Jun 2021 22:09:14 +0000 (22:09 +0000)]
Fix uninitialized variables introduced in rev 1.361
Thankfully clang elided the code in an almost harmless way (at least on
amd64 GENERIC.MP). Spotted by chance when building kernels
with -Wno-error=uninitialized.
ok dlg@ sashan@ bluhm@
kettenis [Mon, 21 Jun 2021 15:19:39 +0000 (15:19 +0000)]
Change tb_freq to uint64_t. This prevents an overflow in the riscv64
implementation of delay(9).
ok deraadt@
espie [Mon, 21 Jun 2021 15:17:32 +0000 (15:17 +0000)]
bye bye -o
kettenis [Mon, 21 Jun 2021 15:05:51 +0000 (15:05 +0000)]
Change tb_freq to uint64_t. This prevents an overflow in the riscv64
implementation of delay(9).
ok deraadt@
deraadt [Mon, 21 Jun 2021 14:39:30 +0000 (14:39 +0000)]
code is obvious, comments not required
deraadt [Mon, 21 Jun 2021 14:39:05 +0000 (14:39 +0000)]
delete old debugging code
espie [Mon, 21 Jun 2021 14:36:48 +0000 (14:36 +0000)]
under some circumstances, we end up with libexecinfo -> BaseSystem being
recorded as a new dependency. Even though ForwardDependencies normally
takes care of that, with tags, this is not enough.
(this happens only because libexecinfo was a "tight" dependency, thus
resulting in a large UpdateSet, and when some of the objects did require
tags in the new package, and when the order of things meant that BaseSystem
was considered a bit early).
Since there's no handle at this point, a dirty but efficient test vs
BaseSystem will do (which is not a valid normal package name anyhow)
tested to fix the obnoxious warning landry@ saw, which I was able to
reproduce on a box...
deraadt [Mon, 21 Jun 2021 14:20:20 +0000 (14:20 +0000)]
correct riscv64 blocks
discussion with espie kettenis jsg
inoguchi [Mon, 21 Jun 2021 13:29:05 +0000 (13:29 +0000)]
Add GnuTLS interoperability test in appstest.sh
krw [Mon, 21 Jun 2021 13:17:20 +0000 (13:17 +0000)]
Wrap #define nitems in #ifndef nitems/#endif.
While here fix a misplaced '(' to make this nitems the same as
all its friends.
Pointed out by okan@
stsp [Mon, 21 Jun 2021 10:19:21 +0000 (10:19 +0000)]
Fix ieee80211_node leak in iwm(4) and iwx(4).
CVS commit mPRyhYmlmonmI11J which added support for Rx aggregation offload
contains a node leak in the rx_reorder() function. Node leaks will cause
the driver to get stuck when roaming between access points.
Add missing calls to ieee80211_release_node() to fix this.
ok mpi@
deraadt [Mon, 21 Jun 2021 06:10:20 +0000 (06:10 +0000)]
sync
dv [Mon, 21 Jun 2021 02:38:18 +0000 (02:38 +0000)]
vmd(8): support variable length vionet rx descriptor chains
The original implementation of the virtio network device assumed a
driver would only provide a 2-descriptor chain for receiving packets.
The virtio spec allows for variable length chains and drivers, in
practice, construct them when they use a sufficiently large MTU.
This change lets the device use variable length chains provided by
the driver, thus allowing for drivers to set an MTU up to the
underlying host-side tap(4)'s limit of TUNMRU (16384).
Size limitations are now enforced on both tx and rx-side dropping
anything violating the underlying tap(4) min and max limits.
More work is needed to increase the read(2) buffer in use by vmd
to prevent packet truncation.
OK mlarkin@
krw [Mon, 21 Jun 2021 02:05:30 +0000 (02:05 +0000)]
Add -A option to "safely" initialize a GPT without removing
special boot partitions needed by some hardware. Make it
difficult to add, delete or modify those partitions with 'fdisk
-e'.
Trim back and correct syntax in usage(). Whack at man page
verbiage.
Suggestions and ok deraadt@
kettenis [Sun, 20 Jun 2021 20:43:50 +0000 (20:43 +0000)]
We need to store the flagged passed to sigsetjmp(3) and use it in
siglongjmp(3) to decide wehther we need to restore the signal mask.
ok deraadt@, drahn@
martijn [Sun, 20 Jun 2021 20:08:19 +0000 (20:08 +0000)]
Adjust snmp regress to recent changes
OK sthen@
martijn [Sun, 20 Jun 2021 20:06:43 +0000 (20:06 +0000)]
Adjust snmpd regress to recent changes
OK sthen@
martijn [Sun, 20 Jun 2021 20:02:14 +0000 (20:02 +0000)]
Change the authentication protocol (-a) default to SHA-256 and the privacy
protocol (-x) default to AES. The old defaults are just not sane anymore.
OK sthen@
martijn [Sun, 20 Jun 2021 19:59:42 +0000 (19:59 +0000)]
Change default user auth to hmac-sha256 and enc to aes.
The old defaults are just not sane anymore.
OK sthen@
martijn [Sun, 20 Jun 2021 19:55:48 +0000 (19:55 +0000)]
Tighten default security for snmpd(8). This is done by doing several
things:
- Only allow SNMPv3 by default. SNMPv1 and SNMPv2c can be enabled by
setting the new snmpv* flags on the "liston on" statements.
- Remove the default community names. They're not secure to use.
- Change the default seclevel to enc.
Initial idea, help from and OK sthen@
jmc [Sun, 20 Jun 2021 19:40:06 +0000 (19:40 +0000)]
replace the Oo/Oc block of -chs in SYNOPSIS with a simple Op: the block
would have been written this way because of the old args limit, but the
extensions to -b expose a nasty line wrap when written that way;
deraadt [Sun, 20 Jun 2021 18:47:37 +0000 (18:47 +0000)]
few more Ns in the -b option description
krw [Sun, 20 Jun 2021 18:44:19 +0000 (18:44 +0000)]
Make -b available to architectures other than amd64 and i386.
Extend the syntax to allow the boot partition offset and boot
partition type to be specified if needed.
ok deraadt@ kettenis@
deraadt [Sun, 20 Jun 2021 17:57:10 +0000 (17:57 +0000)]
Mystery bag of cleanups -- mostly removing old debug code, or moving
local variables to just before they are needed.
ok kettenis
kettenis [Sun, 20 Jun 2021 17:55:37 +0000 (17:55 +0000)]
Make sure we program the baud rate divisor register. Without this,
opening the tty corresponding to a non-console device will hang the
machine.
ok deraadt@
deraadt [Sun, 20 Jun 2021 16:51:37 +0000 (16:51 +0000)]
Skip disabled cpus (usually service cpus without full functionality).
cpumatch will also ignore them, but skipping them here avoids increment
of hw.cpusfound
ok jsg
deraadt [Sun, 20 Jun 2021 16:48:50 +0000 (16:48 +0000)]
use __riscv instead of __riscv64
tb [Sun, 20 Jun 2021 14:09:59 +0000 (14:09 +0000)]
Add a test case for fmt_scaled.c r1.20
tb [Sun, 20 Jun 2021 14:08:42 +0000 (14:08 +0000)]
scan_scaled: fix rescaling for negative numbers
As found by djm by fuzzing ssh, scan_scaled can overflow for negative
numbers when rescaling is needed. This is because the rescaled fractional
part is added without taking the sign into account.
ok ian jca
sthen [Sun, 20 Jun 2021 10:58:36 +0000 (10:58 +0000)]
Reinstate locks around uvm_fault calls from upageflttrap and kpageflttrap
on i386. This is a backout of revision 1.152.
Kernel crash with messages printed concurrently from multiple CPUs
occasionally seen during ports build:
"WARNING: SPL NOT LOWERED ON TRAP EXIT"
and these panics
ddb{1}> sh panic
cpu1: uvm_fault(0xd470a0a0, 0xcf9b7000, 0, 1) -> e
cpu3: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/usr/src/sys/uvm/uvm_map.c", line 2707
florian [Sun, 20 Jun 2021 08:31:45 +0000 (08:31 +0000)]
Put (boot) filename, next-server, host-name and domain-name into lease
file for the installer.
florian [Sun, 20 Jun 2021 08:31:03 +0000 (08:31 +0000)]
Don't try to install a default route with route(8) later on if we are
using inet autoconf, like we do with "dhcp" and "inet6 autoconf".
OK kn
claudio [Sun, 20 Jun 2021 08:05:47 +0000 (08:05 +0000)]
Move towards a 7.1 OpenBGPD release
jsg [Sun, 20 Jun 2021 06:40:52 +0000 (06:40 +0000)]
regen
jsg [Sun, 20 Jun 2021 06:40:12 +0000 (06:40 +0000)]
add some devices found on the intel nuc10i7fnh
For the thunderbolt controller, while a public datasheet with product
ids and marketing names can't be found we know these ids are for the two
channel version of the thunderbolt 3 controller codenamed titan ridge
from public patches by Intel employees. There are two channels per port
and the only single port titan ridge described on ark.intel.com is the
JHL7340. The ids included with lspci refer to these devices as JHL7540
but that is a four channel / two port controller.
initial patch from fkr
kettenis [Sat, 19 Jun 2021 22:11:08 +0000 (22:11 +0000)]
Assert that fpu_load() only gets called with the FPU "off".
ok drahn@
deraadt [Sat, 19 Jun 2021 18:43:28 +0000 (18:43 +0000)]
C version of fabs(), for now
turns out same as a diff drahn didn't commit
ok kettenis
tb [Sat, 19 Jun 2021 18:28:51 +0000 (18:28 +0000)]
zap trailing whitespace
jsing [Sat, 19 Jun 2021 17:21:39 +0000 (17:21 +0000)]
Correctly handle epoch wrapping in dtls1_get_bitmap().
Due to a type bug that has been present in DTLS since the code was first
committed in 2005, dtls1_get_bitmap() fails to handle next epoch correctly
when the epoch is currently 0xffff (and wraps to zero).
For various reasons unknown, the epoch field in the SSL3_RECORD_INTERNAL
(formerly SSL3_RECORD) was added as unsigned long (even though the value
is an unsigned 16 bit value on the wire, hence cannot exceed 0xffff),
however was added to other code as unsigned short.
Due to integer promotion, the r_epoch value is incremented by one to
become 0x10000, before being cast to an unsigned long and compared to
the value pulled from the DTLS record header (which is zero). Strangely
0x10000 != 0, meaning that we drop the DTLS record, instead of queueing
it for the next epoch.
Fix this issue by using more appropriate types and pulling up the
calculation of the next epoch value for improved readability.
ok inoguchi@ tb@
jsing [Sat, 19 Jun 2021 17:11:34 +0000 (17:11 +0000)]
Add DTLS test cases that use non-zero initial epochs.
In particular, test handling of 0xfffe and 0xffff - the latter results in
wrapping to zero for the next epoch. One of these tests triggers a known
bug in libssl, which will be fixed following this commit.
jsing [Sat, 19 Jun 2021 16:52:47 +0000 (16:52 +0000)]
Provide the ability to set the initial DTLS epoch value.
This allows for regress to test edge cases for epoch handling.
ok tb@
jsing [Sat, 19 Jun 2021 16:38:27 +0000 (16:38 +0000)]
Initialise the epoch for the DTLS processed and unprocessed queues.
Currently these only get correctly initialised when
dtls1_process_buffered_records() is called - while this works it is more
accidental than intentional.
ok tb@
jsing [Sat, 19 Jun 2021 16:29:51 +0000 (16:29 +0000)]
Add more complex DTLS tests for delay/reordering.
These tests exercise the various queues and delayed processing that exists
in the DTLS code.
jsing [Sat, 19 Jun 2021 15:52:41 +0000 (15:52 +0000)]
Expand comment that details why two DTLS tests currently fail.
Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0
specification - this flaw was addressed in DTLSv1.2, however our DTLS
server code still needs to support the fix.
Quoting RFC 6347 section 4.2.4:
"This requirement applies to DTLS 1.0 as well, and though not explicit in
[DTLS1], it was always required for the state machine to function
correctly."
In otherwords, both the original DTLS implementation and the DTLSv1.0
specification have a broken state machine, resulting in possible dead lock.
jsing [Sat, 19 Jun 2021 15:33:37 +0000 (15:33 +0000)]
Provide the ability to delay/reorder DTLS packets.
Add a test that delays the client CCS, resulting in it arriving after the
client Finished message.
jsg [Sat, 19 Jun 2021 14:34:19 +0000 (14:34 +0000)]
sync with riscv64.html
cheloha [Sat, 19 Jun 2021 13:49:39 +0000 (13:49 +0000)]
timecounting: add FRAC_TO_NSEC(), BINTIME_TO_NSEC()
Refactor the fraction-to-nanosecond conversion from BINTIME_TO_TIMESPEC()
into a dedicated routine, FRAC_TO_NSEC(), so we can reuse it elsewhere.
Then add a new BINTIME_TO_NSEC() function to sys/time.h to deduplicate
conversion code in nsecuptime(), getnsecuptime(), and tc_setclock().
Thread: https://marc.info/?l=openbsd-tech&m=
162376993926751&w=2
ok dlg@
deraadt [Sat, 19 Jun 2021 05:36:30 +0000 (05:36 +0000)]
sync
jsg [Sat, 19 Jun 2021 03:10:17 +0000 (03:10 +0000)]
arm64 -> riscv64
jsg [Sat, 19 Jun 2021 03:08:16 +0000 (03:08 +0000)]
bootaa64.efi -> bootriscv64.efi
jsg [Sat, 19 Jun 2021 03:06:36 +0000 (03:06 +0000)]
add riscv64 to allarchs
cheloha [Sat, 19 Jun 2021 02:05:33 +0000 (02:05 +0000)]
timeout(9): change argument order for timeout_set_kclock()
Move the kclock argument before the flags argument. XORing a bunch of
flags together may "sprawl", and I'd rather have any sprawl at the end
of the parameter list.
timeout_set_kclock() is undocumented and there is only one caller, so
no big refactor required.
Best to do this argument order shuffle before any bigger refactors of
e.g. timeout_set(9).
mlarkin [Sat, 19 Jun 2021 01:17:34 +0000 (01:17 +0000)]
oce(4) in RAMDISK for riscv64
mlarkin [Fri, 18 Jun 2021 22:44:21 +0000 (22:44 +0000)]
Enable oce(4) for riscv64
"free commit" kettenis@
deraadt [Fri, 18 Jun 2021 22:30:35 +0000 (22:30 +0000)]
sync
cheloha [Fri, 18 Jun 2021 22:21:29 +0000 (22:21 +0000)]
alarm.3: miscellaneous improvements to alarm(3) documentation
Improve the alarm(3) manpage:
- Better one-line description of the interface.
- Carefully describe what alarm(3) actually does. In particular, the
first paragraph of the current DESCRIPTION is misleading in several
ways.
- Remove mention of the 100 million second limit. As of kern_time.c v1.154,
setitimer(2) no longer has this limit on OpenBSD.
- An alarm is "pending" if it has been scheduled but has not yet
"expired".
- Rewrite RETURN VALUES. Remind the reader that calling alarm(3)
cancels any pending alarm. Enumerate all the cases where alarm(3)
could return zero.
- Remove all descriptions of errors and errno. With the removal of
the 100 million second limit, alarm(3) basically cannot fail on
OpenBSD unless the stack is corrupted.
Unfortunately, the standard does not prescribe a portable return
value to report an error to the caller.
- Add a CAVEATS section. Discourage use of alarm(3) and setitimer(2)'s
ITIMER_REAL timer in the same program.
With input from millert@, deraadt@, and jmc@.
Thread: https://marc.info/?l=openbsd-tech&m=
162403868814857&w=2
ok millert@, jmc@
kettenis [Fri, 18 Jun 2021 21:52:47 +0000 (21:52 +0000)]
When we do a context switch, always set the FPU to "off" for the old proc.
Disable the optimization to mark the new proc "clean" since it causes
random failures in regress. Hopefully we can revisit this soon.
ok drahn@
drahn [Fri, 18 Jun 2021 21:32:06 +0000 (21:32 +0000)]
Provide directions on how to install Unmatched
ok jsg@(with suggested improvements) mlarkin@
kettenis [Fri, 18 Jun 2021 21:05:16 +0000 (21:05 +0000)]
Need to enable interrupts while processing supervisor traps as well.
yikes deraadt@, ok mlarkin@
deraadt [Fri, 18 Jun 2021 20:58:16 +0000 (20:58 +0000)]
do not guess at MP support yet.
jsing [Fri, 18 Jun 2021 18:26:38 +0000 (18:26 +0000)]
Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.
cheloha [Fri, 18 Jun 2021 15:59:14 +0000 (15:59 +0000)]
setitimer(2): increase timer limit to UINT_MAX seconds
Currently setitimer(2) rejects timers larger than 100 million seconds
and sets EINVAL.
With the change to kclock timeouts there is no longer any reason to
use this arbitrary value. Kclock timeouts support the full range of a
timespec, so we can increase the upper bound without practical risk of
arithmetic overflow.
If we push the limit to UINT_MAX we can support the full input range
of alarm(3). We can then simplify the alarm.3 manpage in a separate
patch.
We can push the limit even higher in the future if we find software
that doesn't like the UINT_MAX limit. Until then, UINT_MAX seconds
(over 68 years) is plenty for all practical timers.
ok claudio@
bluhm [Fri, 18 Jun 2021 15:34:21 +0000 (15:34 +0000)]
The crypto(9) framework used by IPsec runs on a kernel task that
is protected by kernel lock. There were crashes in swcr_authenc()
when it was accessing swcr_sessions. As a quick fix, protect all
calls from network stack to crypto with kernel lock. This also
covers the rekeying case that is called from pfkey via tdb_init().
OK mvs@
dv [Fri, 18 Jun 2021 14:35:59 +0000 (14:35 +0000)]
vmd diskfmt regress: don't copy source files, cleanup disk images
Previous version of the diskfmt regress tests for vmd(8) would copy
source files from the tree in order to compile them. Using some of
the ssh regress tests as inspiration, use the .PATH to allow building
object files from other parts of the tree in place.
Since 4G disk images are made as part of the test, clean those up
when done by adding in a proper REGRESS_CLEANUP target.
"go for it" mlarkin@
mortimer [Fri, 18 Jun 2021 14:09:31 +0000 (14:09 +0000)]
Limit regress libexecinfo to amd64 or llvm >=12.
Only amd64 has unwind info by default, so this regress test only works
on amd64. In llvm12, more architectures have unwind info by default, so
this test should work on those architectures.
Found by bluhm. OK bluhm@
kettenis [Fri, 18 Jun 2021 12:12:22 +0000 (12:12 +0000)]
Enable 32-bit I/O addressing. This gets rid of the io address conflict
messages on the HiFive Unmatched.
ok patrick@
florian [Fri, 18 Jun 2021 11:46:06 +0000 (11:46 +0000)]
special is SMALL
florian [Fri, 18 Jun 2021 11:44:48 +0000 (11:44 +0000)]
fix SMALL build
florian [Fri, 18 Jun 2021 11:43:38 +0000 (11:43 +0000)]
special is SMALL
nicm [Fri, 18 Jun 2021 07:46:54 +0000 (07:46 +0000)]
Mention %1 under choose-tree also.
jsg [Fri, 18 Jun 2021 06:53:42 +0000 (06:53 +0000)]
recognise BCM5762 B0
from Brad
guenther [Fri, 18 Jun 2021 06:17:28 +0000 (06:17 +0000)]
The pmap needs to know which CPUs to send IPIs when TLB entries
need to be invalidated. Instead of keeping a bitset of CPUs in
each pmap, have each cpu_info track which pmap it has loaded: replace
pmap->pm_cpus with cpu_info->ci_proc_pmap. This reduces the atomic
operations (and cache thrashing) and simplifies cpu_switchto()
Also, fix a defect in cpu_switchto()'s "am I loading the same cr3?"
test: ignore the CR3_REUSE_PCID bit when checking that. This makes
switching between kernel threads slightly less costly.
over a week in snaps with no complaints
looks ok to mlarkin@ kettenis@ mpi@
jsg [Fri, 18 Jun 2021 04:29:09 +0000 (04:29 +0000)]
initial plic(4) sfcc(4) sfclock(4)
dv [Thu, 17 Jun 2021 22:03:33 +0000 (22:03 +0000)]
vmd(8): handle VIRTIO_BLK_T_GET_ID, check descriptor r/w flags
Linux guests like to issue VIRTIO_BLK_T_GET_ID commands in attempts
to read the device serial number. It's not part of the virtio spec,
but has been part of QEMU and Bhyve for multiple years. It will be
landing in the next version of virtio (1.2), so this stubs out
handling for the request type. The added benefit is it helps squelch
log noise from Linux guests.
For now, no serial number is set and the request status is set to
VIRTIO_BLK_S_UNSUPP to tell the driver we don't support it.
While here, swap the response to VIRTIO_BLK_T_FLUSH{,_OUT} to be
also returning VIRTIO_BLK_S_UNSUPP. It's not negotiated nor
implemented. Lastly, add checks for validating the vioblk device
is only reading/writing descriptors with approrpriate read/write-only
flags per the virtio spec.
With input from claudio@, OK mlarkin@
sthen [Thu, 17 Jun 2021 18:33:15 +0000 (18:33 +0000)]
sync
jmc [Thu, 17 Jun 2021 18:18:15 +0000 (18:18 +0000)]
compar is a function arg (Fa) not function name (Fn);
kettenis [Thu, 17 Jun 2021 16:10:50 +0000 (16:10 +0000)]
Add sfclock(4), a driver for the PRCI (Power Reset Clocking Interrupt) block
of the SiFive FU740 SoC.
ok deraadt@
mpi [Thu, 17 Jun 2021 16:10:39 +0000 (16:10 +0000)]
Revert previous: unref of amap outside of the KERNEL_LOCK().
This change introduced or exposed a leak of anons which result in system
freezes.
anton@ observed a high number of INUSE for anonpl and semarie@ saw multiple
processes waiting in the fault handler on "flt_noramX" probably the one
related to allocating an anon.
kettenis [Thu, 17 Jun 2021 16:09:08 +0000 (16:09 +0000)]
On OpenBSD _JBLEN is the number of slots (of type long) in jmp_buf.
We don't need 256 slots, so change it to 32 which leaves us with a few
spare slots and is probably what was intended.
This fixes building emacs which does some insane setjmp(3)/longjmp(3)
stuff and gets upset when jmp_buf is 2048 bytes.
ok deraadt@
claudio [Thu, 17 Jun 2021 16:05:25 +0000 (16:05 +0000)]
Implement RFC 7313 enhanced route refresh. It is off by default and
can be enabled with 'announce enhanced refresh yes'
Similar to graceful restart this allows to mark routes as stale, refresh
them and the flush out routes that are still stale. Enhanced route refresh
uses a begin of rr and a end of rr message to signal the various stages.
A future enhancement would be the addition of a timeout in case the EoRR
message is not sent in reasonable time.
OK denis@ job@
job [Thu, 17 Jun 2021 15:59:23 +0000 (15:59 +0000)]
Add simple BGP Enhanced Route Refresh Message decoding
seems OK claudio@
tobhe [Thu, 17 Jun 2021 13:28:20 +0000 (13:28 +0000)]
Skip flows in ikev2_cp_addr() if they don't contain a dynamic (0.0.0.0)
address before checking sa_addrpool. Fixes a bug where no flows are added
if a single address instead of a pool is configured in config address.
Reported by Sebastien Leclerc
ok patrick@
kettenis [Thu, 17 Jun 2021 12:55:38 +0000 (12:55 +0000)]
Like ARM, RISC-V does not implement floating point exceptions.
claudio [Thu, 17 Jun 2021 10:28:36 +0000 (10:28 +0000)]
Refactor common code for peer filtering out into rde_skip_peer()
and use it in the two places that need to keep in sync.
OK sthen@
kettenis [Thu, 17 Jun 2021 09:30:32 +0000 (09:30 +0000)]
Add BCM5725 support. Based on a diff from Brad Smith.
ok jsg@
kettenis [Thu, 17 Jun 2021 09:29:36 +0000 (09:29 +0000)]
regen
kettenis [Thu, 17 Jun 2021 09:29:01 +0000 (09:29 +0000)]
Add Broadcom BCM5725. Based on a diff from Brad Smith.
ok jsg@
claudio [Thu, 17 Jun 2021 08:45:37 +0000 (08:45 +0000)]
Add a bit of extra paranoia befor the up_generate_updates() call in
rde_up_dump_upcall(). This is the 4th place up_generate_updates() is
called.
claudio [Thu, 17 Jun 2021 08:43:06 +0000 (08:43 +0000)]
In Rev 1.511 I moved peer related checks from inside up_generate_updates()
to rde_generate_updates() but forgot to add the same checks to
rde_softreconfig_out(). As a result a config reload could result in
prefixes for a not-negotiated address family to leak into the Adj-RIB-Out.
Adjust both rde_generate_updates() and rde_softreconfig_out() to use the
same filter logic.
Also adjust rde_up_flush_upcall() to pass the peer as argument instead of
using prefix_peer(). The up_generate_updates() call there does not need
any filtering since the walker runs on the Adj-RIB-Out and just withdraws
everything.
OK job@ on a previous diff
claudio [Thu, 17 Jun 2021 08:16:04 +0000 (08:16 +0000)]
Better error message when a bad nexthop is passed to nexthop_hash().
OK job@
claudio [Thu, 17 Jun 2021 08:14:50 +0000 (08:14 +0000)]
Before adding a prefix to the Adj-RIB-Out modify the attributes to the
ones being sent out. Mainly prepend the ASPATH if needed and also change
the nexthop to the one being sent.
This should make the `bgpctl show rib out` output show the values the
peer receives.
OK job@
dlg [Thu, 17 Jun 2021 00:18:09 +0000 (00:18 +0000)]
more consistently use pfsync_free_deferral to free the mbuf.
pfsync_free_deferral doesnt need to check pd_m for NULL before
calling m_freem because m_freem does that anyway.
if pf_setup_pdesc in pfsync_undefer_notify failed, the mbuf was
freed but the pd_m pointer was not cleared, which would have led
to a double free when pfsync_free_deferral tried to do the same
thing for it.
if pfsync_undefer is supposed to drop the mbuf, let pfsync_free_deferral
do it for us.
ok jmatthew@
dv [Wed, 16 Jun 2021 16:55:02 +0000 (16:55 +0000)]
cleanup vmd(8) includes and header files
Lots of organic growth other the years lead to unnecessary includes
(proc.h everywhere) and odd dependencies between header files. This
cleans things up a bit to help with upcoming cleanup around dhcp
code.
No functional change.
"go for it" mlarkin@
kettenis [Wed, 16 Jun 2021 16:48:07 +0000 (16:48 +0000)]
ociic(4) and dapmic(4)