openbsd
8 years agoPlug potential leak of device list.
krw [Wed, 20 Jul 2016 20:45:13 +0000 (20:45 +0000)]
Plug potential leak of device list.

Problem found by  Michael McConville.

Tested & ok stsp@

8 years agos/sudo/doas/
benno [Wed, 20 Jul 2016 20:39:49 +0000 (20:39 +0000)]
s/sudo/doas/

8 years agoHandle ports as uint32_t instead of in_port_t: OpenFlow 1.0 used 16bit
reyk [Wed, 20 Jul 2016 20:07:02 +0000 (20:07 +0000)]
Handle ports as uint32_t instead of in_port_t: OpenFlow 1.0 used 16bit
ports, but later versions switched to 32bit ports (for the case that a
virtual switch has more than 65535 switch ports, of course).

8 years agoParse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match) -
reyk [Wed, 20 Jul 2016 19:57:54 +0000 (19:57 +0000)]
Parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match) -
no action yet.

8 years agoTo tune the TCP SYN cache we need more information. Print the
bluhm [Wed, 20 Jul 2016 19:57:53 +0000 (19:57 +0000)]
To tune the TCP SYN cache we need more information.  Print the
relevant counters with netstat -s -p tcp.
OK henning@

8 years agoUse more compact idiom to select architecture dependent files to compile. No
krw [Wed, 20 Jul 2016 19:56:24 +0000 (19:56 +0000)]
Use more compact idiom to select architecture dependent files to compile. No
intentional functional change.

Diff from Miod.

ok millert@ deraadt@

8 years agoShrink priv_write_file() API so that it does less, and the callers ask
deraadt [Wed, 20 Jul 2016 19:40:04 +0000 (19:40 +0000)]
Shrink priv_write_file() API so that it does less, and the callers ask
it to do less.  Discussion with guenther.
ok krw

8 years agoAs a general rule, fchown before fchmod is a safer order (because many
deraadt [Wed, 20 Jul 2016 19:25:39 +0000 (19:25 +0000)]
As a general rule, fchown before fchmod is a safer order (because many
systems throw away bits upon chown).  Not in this case, but code gets
copied..
ok krw

8 years agoSplit in6_selectsrc() into a low-level part and a pcb-level part, and
vgross [Wed, 20 Jul 2016 18:51:50 +0000 (18:51 +0000)]
Split in6_selectsrc() into a low-level part and a pcb-level part, and
convert in_selectsrc() prototype to match.

Ok bluhm@ mpi@.

8 years agoDisable the beacon filter in iwm(4). This allows beacons to pass through to
stsp [Wed, 20 Jul 2016 18:24:38 +0000 (18:24 +0000)]
Disable the beacon filter in iwm(4). This allows beacons to pass through to
the stack while associated, which in turn makes it possible to keep track of
HT protection changes.
ok mpi@

8 years agoMake the iwn(4) LED flash 10 times slower in monitor mode.
stsp [Wed, 20 Jul 2016 16:24:37 +0000 (16:24 +0000)]
Make the iwn(4) LED flash 10 times slower in monitor mode.
Makes running monitor mode over extended periods of time much less annoying.
ok benno@

8 years agoIn net80211, enable RTS for frames above a particular size (currently 512
stsp [Wed, 20 Jul 2016 15:40:27 +0000 (15:40 +0000)]
In net80211, enable RTS for frames above a particular size (currently 512
bytes). This is what other OS have been doing for years. In our stack this
feature was present but disabled at compile-time by an #ifdef.

This is a low risk change because drivers were already required to use RTS
whenever the AP set the USE_PROTECTION flag in ERP elements of its beacons.

This change allows for reasonable throughput on loaded 11g networks
whereas before they were practically unusable.

tests and ok phessler@

8 years agostrip back openssl ciphers:
jmc [Wed, 20 Jul 2016 14:42:03 +0000 (14:42 +0000)]
strip back openssl ciphers:
- rearrange the descriptions of -V and -v to read more logically
- move the cipherlist text into the cipherlist description
- zap examples

8 years agoUpdate OpenFlow 1.3 stub based on the 1.0 code.
reyk [Wed, 20 Jul 2016 14:15:08 +0000 (14:15 +0000)]
Update OpenFlow 1.3 stub based on the 1.0 code.

8 years agoFix dependencies of generated map files.
reyk [Wed, 20 Jul 2016 14:04:51 +0000 (14:04 +0000)]
Fix dependencies of generated map files.

8 years agotag_signal() is dead; from LLVM via Christos Zoulas
schwarze [Wed, 20 Jul 2016 13:02:44 +0000 (13:02 +0000)]
tag_signal() is dead; from LLVM via Christos Zoulas

8 years agoWhen parsing the configuration. initialize the auth structure
reyk [Wed, 20 Jul 2016 12:31:00 +0000 (12:31 +0000)]
When parsing the configuration. initialize the auth structure
correctly, as parse.y's $$ is not zero-initialized.

Found by Rene Ammerlaan

OK markus@ florian@

8 years agoAdd a -n flag to check the configuration and exit. Matches what almost
jsg [Wed, 20 Jul 2016 11:43:31 +0000 (11:43 +0000)]
Add a -n flag to check the configuration and exit.  Matches what almost
all the other daemons do.

ok reyk@

8 years agoDo not clobber the global jump_host variables when parsing an inactive
naddy [Wed, 20 Jul 2016 10:45:27 +0000 (10:45 +0000)]
Do not clobber the global jump_host variables when parsing an inactive
configuration.  ok djm@

8 years agoBring iwn_update_htprot() back, so iwn(4) will properly keep track
stsp [Wed, 20 Jul 2016 10:26:42 +0000 (10:26 +0000)]
Bring iwn_update_htprot() back, so iwn(4) will properly keep track
of HT protection changes while associated.

HT protection affects behaviour on Tx but is configured along with Rx settings
(because Intel likes it that way). And our previous iwn_update_htprot()
implementation had a bug where it would accidentally clear bits which enable
CCK rates for Rx. The Intel Wireless-N 2200 chip accordingly stopped receiving
some frames (most notably broadcast frames) and the link broke down.

Also, restore the power-saving level after updating the Rx config (like
Linux does), and add some DELAYs for good measure to ensure the firmware
has time to process asynchronous commands we send.

tested by myself and mlarkin@
ok mlarkin@

8 years agoUnbreak ural(4), which had been dropping frames on Tx while
stsp [Wed, 20 Jul 2016 10:24:43 +0000 (10:24 +0000)]
Unbreak ural(4), which had been dropping frames on Tx while
the IFF_RUNNING flag was set since last November (r1.138).
Apparently nobody is using this driver, except for martijn@.
Fix tested by martijn@ and myself.
ok dlg@

8 years agoATI controllers seem to need the same workaround as VIA controllers.
mpi [Wed, 20 Jul 2016 09:48:06 +0000 (09:48 +0000)]
ATI controllers seem to need the same workaround as VIA controllers.

This should hopefully help people reporting errors with SB700.

From FreeBSD, ok kettenis@, krw@

8 years agoMake the size for the syn cache hash array tunable. As we are
bluhm [Wed, 20 Jul 2016 09:15:28 +0000 (09:15 +0000)]
Make the size for the syn cache hash array tunable.  As we are
swapping between two syn caches for random reseeding anyway, this
feature can be added easily.  When the cache is empty, there is an
opportunity to change the hash size.  This allows an admin under
SYN flood attack to defend his machine.
Suggested by claudio@; OK jung@ claudio@ jmc@

8 years agoFix typo
yasuoka [Wed, 20 Jul 2016 07:21:24 +0000 (07:21 +0000)]
Fix typo

from Atzm Watanabe

8 years agoPlug an mbuf leak in the error path of tcp signature in tcp_output().
bluhm [Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)]
Plug an mbuf leak in the error path of tcp signature in tcp_output().
OK claudio@ henning@

8 years agostrip back openssl ca: in particular remove some excessively wordy sections,
jmc [Tue, 19 Jul 2016 20:02:47 +0000 (20:02 +0000)]
strip back openssl ca: in particular remove some excessively wordy sections,
move some other sections into more relevant places, and remove the example
ca file;

8 years agoThe -DNAME=switch flag is an artifact from the PoC when I couldn't
reyk [Tue, 19 Jul 2016 18:14:08 +0000 (18:14 +0000)]
The -DNAME=switch flag is an artifact from the PoC when I couldn't
decide on a name.  Remove it and fix the name to switchd now.

8 years agoCorrectly use ssize_t instead of size_t for read/write return values.
reyk [Tue, 19 Jul 2016 18:11:08 +0000 (18:11 +0000)]
Correctly use ssize_t instead of size_t for read/write return values.
Pointed out by David Hill and clang.

8 years agoRemove unused variable
reyk [Tue, 19 Jul 2016 18:09:39 +0000 (18:09 +0000)]
Remove unused variable

8 years agoA bit of cleanup and style changes. ofcconn needs more work.
reyk [Tue, 19 Jul 2016 18:04:04 +0000 (18:04 +0000)]
A bit of cleanup and style changes. ofcconn needs more work.

8 years agoL2 tun is tap now
reyk [Tue, 19 Jul 2016 17:34:13 +0000 (17:34 +0000)]
L2 tun is tap now

8 years agoDon't use .p_shutdown in the proc struct
reyk [Tue, 19 Jul 2016 17:31:22 +0000 (17:31 +0000)]
Don't use .p_shutdown in the proc struct

8 years agoComment out device/switch(4) for now
reyk [Tue, 19 Jul 2016 17:30:30 +0000 (17:30 +0000)]
Comment out device/switch(4) for now

8 years agoNarrow the BPF read filter rules so only packets sent to the
krw [Tue, 19 Jul 2016 17:23:20 +0000 (17:23 +0000)]
Narrow the BPF read filter rules so only packets sent to the
interface's LLADDR pass. Rely on dhclient's existing ability to
detect and react to LLADDR changes.

This limits the number of packets that get dropped as a result of
dhclient setting BIOCSFILDROP on the bpf descriptor.

Problem with bridges and multiple dhclients noted by stsp@.

ok mpi@ stsp@ deraadt@ henning@

8 years agoAdd two more tests that use traffic that was captured with tcpdump.
reyk [Tue, 19 Jul 2016 17:19:58 +0000 (17:19 +0000)]
Add two more tests that use traffic that was captured with tcpdump.
These files serve as an example, no more .pcap files should be added here
(especially not large ones).

8 years agoAdd simple OpenFlow tests for switchd.
reyk [Tue, 19 Jul 2016 17:04:19 +0000 (17:04 +0000)]
Add simple OpenFlow tests for switchd.

8 years agoImport switchd(8), a basic WIP OpenFlow implementation for OpenBSD.
reyk [Tue, 19 Jul 2016 16:54:26 +0000 (16:54 +0000)]
Import switchd(8), a basic WIP OpenFlow implementation for OpenBSD.

switchd consists of two parts:
1. switchd(8) and switchctl(8), an OpenFlow controller or "vswitch".
2. switch(4), an OpenFlow-aware kernel "bridge".

This the 1st part, the driver will be imported later.  The code will
remain disabled for a while, but it helps development to have it in
the tree.  switchd currently supports partial OpenFlow 1.0, but the
goal is to use OpenFlow 1.3.5 instead (switch(4) already does 1.3.5).

For more background information see:
http://www.openbsd.org/papers/bsdcan2016-switchd.pdf
https://youtu.be/Cuo0qT-lqig

With help from yasuoka@ goda@
Import discussed with deraadt@

8 years agoSince the mdoc/man parser unification, the parser is always allocated
schwarze [Tue, 19 Jul 2016 16:22:34 +0000 (16:22 +0000)]
Since the mdoc/man parser unification, the parser is always allocated
in mparse_alloc(), so delete all the curp->man == NULL checks.
Triggered by a patch from Christos Zoulas suggesting to add
yet another such check.

8 years agoFix the check supposed to prevent 'ip' and 'ip-stealth' balancing modes
mpi [Tue, 19 Jul 2016 16:08:46 +0000 (16:08 +0000)]
Fix the check supposed to prevent 'ip' and 'ip-stealth' balancing modes
from leaking the multicast address.

beck@ found the hard way that this made his second CARP master use a
wrong MAC address.

This is part of a bigger diff from Florian Riehm who is currently
working on a proper solution to fix balancing modes.

ok beck@, bluhm@

8 years agoprotect a pf specific function with the correct #if. Fixes ramdisk building.
phessler [Tue, 19 Jul 2016 15:57:13 +0000 (15:57 +0000)]
protect a pf specific function with the correct #if.  Fixes ramdisk building.
(we got lucky before, because the variable that used to be checked was
always available)

OK bluhm@

8 years agoNULLify a route pointer after calling rtfree(9).
mpi [Tue, 19 Jul 2016 14:49:46 +0000 (14:49 +0000)]
NULLify a route pointer after calling rtfree(9).

This should theoretically be a no-op because we're freeing the PCB
right after, but it helps us debug a reference count problem found
by otto@.

ok mikeb@

8 years agostyle: no spaces after # for define/include, ok phessler benno
henning [Tue, 19 Jul 2016 13:34:12 +0000 (13:34 +0000)]
style: no spaces after # for define/include, ok phessler benno

8 years agodon't hide globals between function prototypes; ok phessler benno
henning [Tue, 19 Jul 2016 13:30:51 +0000 (13:30 +0000)]
don't hide globals between function prototypes; ok phessler benno

8 years agoUse __attribute__((__format__ throughout.
schwarze [Tue, 19 Jul 2016 13:30:16 +0000 (13:30 +0000)]
Use __attribute__((__format__ throughout.
Triggered by a smaller patch from Christos Zoulas.

8 years agotweak previous;
jmc [Tue, 19 Jul 2016 12:59:16 +0000 (12:59 +0000)]
tweak previous;

8 years agoremove wrong and misleading comment, ok phessler
henning [Tue, 19 Jul 2016 12:51:19 +0000 (12:51 +0000)]
remove wrong and misleading comment, ok phessler

8 years agoAllow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from
dtucker [Tue, 19 Jul 2016 11:38:53 +0000 (11:38 +0000)]
Allow wildcard for PermitOpen hosts as well as ports.  bz#2582, patch from
openssh at mzpqnxow.com and jjelen at redhat.com.  ok markus@

8 years agoAdapt test to the srp_swap() area.
mpi [Tue, 19 Jul 2016 10:52:56 +0000 (10:52 +0000)]
Adapt test to the srp_swap() area.

8 years agoRevert use of the _SAFE version of SRPL_FOREACH() now that the offending
mpi [Tue, 19 Jul 2016 10:51:44 +0000 (10:51 +0000)]
Revert use of the _SAFE version of SRPL_FOREACH() now that the offending
function has been fixed.

Functions passed to rtable_walk() must return EAGAIN if they delete an
entry from the tree, no matter if it is a leaf or not.

8 years agoUpdate counters & unbreak now that rtrequest(RTM_ADD, ...) caches the
mpi [Tue, 19 Jul 2016 10:47:39 +0000 (10:47 +0000)]
Update counters & unbreak now that rtrequest(RTM_ADD, ...) caches the
gateway.

8 years agoReturn EAGAIN for every deleted route when detaching an interface.
mpi [Tue, 19 Jul 2016 10:26:41 +0000 (10:26 +0000)]
Return EAGAIN for every deleted route when detaching an interface.

Previously the code was "too clever" and returned EAGAIN only for
cloning route assuming that other deletion did not modify the tree.

Analysed by and ok dlg@

8 years agoReplace malloc() + memset() with calloc().
natano [Tue, 19 Jul 2016 09:52:34 +0000 (09:52 +0000)]
Replace malloc() + memset() with calloc().
ok mlarkin

8 years agoIn ip6_input() use a shortcut to detect our own address if the pf
bluhm [Tue, 19 Jul 2016 09:23:51 +0000 (09:23 +0000)]
In ip6_input() use a shortcut to detect our own address if the pf
state key is linked to a socket inp.
OK mpi@ henning@

8 years agoIn rcctl ls, skip all files with a '.' in the name, not just rc.subr;
sthen [Tue, 19 Jul 2016 08:28:03 +0000 (08:28 +0000)]
In rcctl ls, skip all files with a '.' in the name, not just rc.subr;
pkg_add renames files in this way when the checksums don't match at update
or removal time. [[ ]] suggestion from guenther@ to avoid the messy "case"
that I had in my first diff. Other feedback/suggestions from halex aja
millert, ok halex@ aja@.

8 years agoUse a flag to indicate that a packet has been received on an IPv6
mpi [Tue, 19 Jul 2016 08:13:45 +0000 (08:13 +0000)]
Use a flag to indicate that a packet has been received on an IPv6
anycast address.

This will allow us to split ip6_input() in two parts using a queue
in the middle.

ok jca@, florian@, bluhm@

8 years agoremove bogus attributes from ifstated, spooted by guenther@
benno [Tue, 19 Jul 2016 08:04:53 +0000 (08:04 +0000)]
remove bogus attributes from ifstated, spooted by guenther@

8 years agoDo not consider tap(4) a special interface and start if before other
mpi [Tue, 19 Jul 2016 08:03:01 +0000 (08:03 +0000)]
Do not consider tap(4) a special interface and start if before other
pseudo-interfaces.

This unbreak vlan(4) on top of tap(4) since the refactoring to turn it
MP-safe.

ok claudio@, deraadt@

8 years agoremove bogus attributes on fatal* spotted by guenther@
benno [Tue, 19 Jul 2016 07:58:51 +0000 (07:58 +0000)]
remove bogus attributes on fatal* spotted by guenther@

8 years agoCleanup close(open idioms.
deraadt [Tue, 19 Jul 2016 06:43:27 +0000 (06:43 +0000)]
Cleanup close(open idioms.
ok krw

8 years agoinstead of messing about with pointer arithmetic, add an empty array
tedu [Tue, 19 Jul 2016 05:30:48 +0000 (05:30 +0000)]
instead of messing about with pointer arithmetic, add an empty array
to the end of the defer structure. solves sizing and alignment concerns.

8 years agovirtio_pci: Always allow MSI/MSI-X
sf [Tue, 19 Jul 2016 02:51:09 +0000 (02:51 +0000)]
virtio_pci: Always allow MSI/MSI-X

For virtio devices, ignore the black/white-listing depending on the PCI
bridge.  This enables MSI-X with qemu's old "82441FX" pci-bridge.

Suggested by kettenis@

8 years agoRemove what appears to be a copy-paste error setting cur_ttb
tom [Tue, 19 Jul 2016 02:26:15 +0000 (02:26 +0000)]
Remove what appears to be a copy-paste error setting cur_ttb
in pmap_free_l1().

from aalm@ - thanks

ok patrick@

8 years agoadd format attributes to log functions and fix some errors
benno [Mon, 18 Jul 2016 21:22:09 +0000 (21:22 +0000)]
add format attributes to log functions and fix some errors

ok claudio@ florian@

8 years agoadd format attributes to log functions
benno [Mon, 18 Jul 2016 21:20:31 +0000 (21:20 +0000)]
add format attributes to log functions

ok   florian@ claudio@

8 years agoadd format attributes to log functions
benno [Mon, 18 Jul 2016 21:18:48 +0000 (21:18 +0000)]
add format attributes to log functions
ok claudio@

8 years agoadd format attributes to log functions
benno [Mon, 18 Jul 2016 21:17:32 +0000 (21:17 +0000)]
add format attributes to log functions
ok stsp@ claudio@ florian@

8 years agoadd format attributes to log functions and fix two errors
benno [Mon, 18 Jul 2016 21:14:30 +0000 (21:14 +0000)]
add format attributes to log functions and fix two errors

ok renato@

8 years agoadd format attributes to log functions and fix am error when using
benno [Mon, 18 Jul 2016 21:10:37 +0000 (21:10 +0000)]
add format attributes to log functions and fix am error when using
log_warnx()

ok renato@ claudio@

8 years agoKill the rtableid variable in ip6_input(). It does not make sense
bluhm [Mon, 18 Jul 2016 19:50:49 +0000 (19:50 +0000)]
Kill the rtableid variable in ip6_input().  It does not make sense
to store a field in an extra variable that is only accessed twice.
OK mpi@

8 years agoApparently we need to explicitly stop the timers before reloading them. At
kettenis [Mon, 18 Jul 2016 19:22:45 +0000 (19:22 +0000)]
Apparently we need to explicitly stop the timers before reloading them.  At
least this is what Linux does and it fixes a hang on the Olimex A10s boards.
While there, also preserve the clock selection when reloading the timer.

ok patrick@, jsg@, tom@

8 years agono more cbq_opts - CBQ is gone, ok mpi phessler benno
henning [Mon, 18 Jul 2016 19:11:18 +0000 (19:11 +0000)]
no more cbq_opts - CBQ is gone, ok mpi phessler benno

8 years agoWe have __weak_alias() everywhere; remove obsolete #ifdef's
guenther [Mon, 18 Jul 2016 19:05:22 +0000 (19:05 +0000)]
We have __weak_alias() everywhere; remove obsolete #ifdef's

ok deraadt@

8 years agorework the first sentence of this page;
jmc [Mon, 18 Jul 2016 18:24:21 +0000 (18:24 +0000)]
rework the first sentence of this page;
with help from otto

8 years agoThe string with path to shell could be taken directly from struct passwd.
zhuk [Mon, 18 Jul 2016 16:46:30 +0000 (16:46 +0000)]
The string with path to shell could be taken directly from struct passwd.
At some point later the data it points to is overridden by getpwuid() call,
resulting in garbage. The problem could be easily demonstreated by double
doas call:

  $ doas doas -su _sndio
  doas: mpty: command not found

The fix is easy: just strdup() the pw_shell field value.

okay tedu@, tweaks from & okay natano@

8 years agog/c unused (global!) var: oqueues isn't used any more. ALTQ leftover; not
henning [Mon, 18 Jul 2016 15:21:33 +0000 (15:21 +0000)]
g/c unused (global!) var: oqueues isn't used any more. ALTQ leftover; not
noticed since struct node_queue stayed. ok claudio benno gcc

8 years agoAdd additional i2c and mmc prcm module enum values for devices that
jsg [Mon, 18 Jul 2016 15:03:01 +0000 (15:03 +0000)]
Add additional i2c and mmc prcm module enum values for devices that
didn't attach previously on OMAP4 with the static device configuration
and now do with the fdt.  Like most of the other OMAP4 prcm cases
these don't do anything, hopefully we'll properly configure clocks with
data from the fdt at some point in the future.

Tested by abieber@ on PandaBoard-ES.

8 years agoDon't need a separate flags variable in armv7 pmap_clean_page() -
tom [Mon, 18 Jul 2016 13:38:11 +0000 (13:38 +0000)]
Don't need a separate flags variable in armv7 pmap_clean_page() -
just use the pv_flags.  ('Twas a copy-paste from arm's pmap_clean_page(),
which did need it.)

Also remove even less used flags variable from pmap_page_remove().

First part from a diff from aalm@ - thanks

ok kettenis@ "looks good" patrick@

8 years agoHide pf internals by moving code from in_ouraddr() to pf_ouraddr().
bluhm [Mon, 18 Jul 2016 13:17:44 +0000 (13:17 +0000)]
Hide pf internals by moving code from in_ouraddr() to pf_ouraddr().
OK mpi@ sashan@

8 years agoExplicitly set iwm(4) firmware Tx aggregation limit to one (which disables
stsp [Mon, 18 Jul 2016 13:10:35 +0000 (13:10 +0000)]
Explicitly set iwm(4) firmware Tx aggregation limit to one (which disables
Tx aggregation), instead of the maximum (63 frames). Tx aggregation should
already be disabled, so this change should be a no-op. It just avoids any
side effects in case the firmware happens to interpret the limit we set here.
ok mpi@

8 years agoFix inverted logic in iwm_tx(). The PROT_REQUIRE flag in should be set for
stsp [Mon, 18 Jul 2016 13:09:58 +0000 (13:09 +0000)]
Fix inverted logic in iwm_tx(). The PROT_REQUIRE flag in should be set for
data frames above a certain length, but we were setting it for !data frames
above a certain length, which makes no sense at all. Found while comparing
our driver's Tx code to iwlwifi.
ok mpi@

8 years agoMake iwm(4) retry Tx of management frames less often. We now retry management
stsp [Mon, 18 Jul 2016 13:09:08 +0000 (13:09 +0000)]
Make iwm(4) retry Tx of management frames less often. We now retry management
frames the same number of times as Linux iwlwifi does.

8 years agoSome SoCs have a ranges property set in their device trees. This can
patrick [Mon, 18 Jul 2016 11:53:32 +0000 (11:53 +0000)]
Some SoCs have a ranges property set in their device trees.  This can
be used to translate one memory address to another.  Currently we just
pass the child's memory address to bus space map.  If one of the parent
busses implements a ranges property, the child's address property is
not the real address.  This change hooks up a bus space map function
that is aware of the ranges property and translates the addresses if
needed.

ok kettenis@
looks fine jsg@

8 years agoFix VFLAG formatting
guenther [Mon, 18 Jul 2016 11:48:55 +0000 (11:48 +0000)]
Fix VFLAG formatting

ok bluhm@

8 years agoReduce timing attack against obsolete CBC modes by always computing
markus [Mon, 18 Jul 2016 11:35:33 +0000 (11:35 +0000)]
Reduce timing attack against obsolete CBC modes by always computing
the MAC over a fixed size of data.
Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
Martin Albrecht. ok djm@

8 years agoLinking against libkvm is unnecessary here
guenther [Mon, 18 Jul 2016 09:37:49 +0000 (09:37 +0000)]
Linking against libkvm is unnecessary here

ok mlarkin@

8 years agoAdd 'p' trace point for KTRFAC_PLEDGE, as noted by
guenther [Mon, 18 Jul 2016 09:36:50 +0000 (09:36 +0000)]
Add 'p' trace point for KTRFAC_PLEDGE, as noted by
Michal Mazurek <akfaew@jasminek.net>

While here, fix handling of -t+ in ltrace.

8 years agoRemote regression tests should not run ssh with -t all the time.
bluhm [Mon, 18 Jul 2016 09:09:24 +0000 (09:09 +0000)]
Remote regression tests should not run ssh with -t all the time.
This will make it easier to automate them.

8 years agoPolish:
guenther [Mon, 18 Jul 2016 08:43:16 +0000 (08:43 +0000)]
Polish:
 - copy #define workaround from mips64 to avoid dangling __CERROR symbol
 - remove trap DL_SYSCALL2_NOERR() macro with comment explanation
 - make DL_SYSCALL2() self-contained
 - add END() and ENTRY() macros to make the symbol table shine

ok miod@

8 years agoAdd some unsigned overflow checks for extra_pad. None of these
djm [Mon, 18 Jul 2016 06:08:01 +0000 (06:08 +0000)]
Add some unsigned overflow checks for extra_pad. None of these
are reachable with the amount of padding that we use internally.
bz#2566, pointed out by Torben Hansen. ok markus@

8 years agoUpdated advice^Wcode from miod@ for passing &_DYNAMIC to _dl_boot_bind
guenther [Mon, 18 Jul 2016 04:35:57 +0000 (04:35 +0000)]
Updated advice^Wcode from miod@ for passing &_DYNAMIC to _dl_boot_bind

ok aoyama@

8 years agodon't mix code and decls, ok tedu@
bcook [Mon, 18 Jul 2016 01:04:52 +0000 (01:04 +0000)]
don't mix code and decls, ok tedu@

8 years agouse memset to initialize the union
bcook [Sun, 17 Jul 2016 22:01:01 +0000 (22:01 +0000)]
use memset to initialize the union

8 years agoremove unused OPENSSL_NO_OBJECT case
bcook [Sun, 17 Jul 2016 21:23:50 +0000 (21:23 +0000)]
remove unused OPENSSL_NO_OBJECT case

ok tedu@

8 years agoInitialize buffers before use, noted by Kinichiro Inoguchi.
bcook [Sun, 17 Jul 2016 21:21:40 +0000 (21:21 +0000)]
Initialize buffers before use, noted by Kinichiro Inoguchi.

ok beck@

8 years agoAttach sunxi(4) based on the compatible property of the root node of the
kettenis [Sun, 17 Jul 2016 17:45:14 +0000 (17:45 +0000)]
Attach sunxi(4) based on the compatible property of the root node of the
device tree like we do on omap.  Add preliminary support for the sun5i
variant which corresponds to the A13 and A10s SoCs.

ok patrick@

8 years agogetopt(3) can be called twice (once for bc and once for dc), so reinit getopt
otto [Sun, 17 Jul 2016 17:30:47 +0000 (17:30 +0000)]
getopt(3) can be called twice (once for bc and once for dc), so reinit getopt
ok deraadt@

8 years agostrip back asn1parse; ok beck jsing
jmc [Sun, 17 Jul 2016 16:33:17 +0000 (16:33 +0000)]
strip back asn1parse; ok beck jsing
description of -out altered on jsing's advice

8 years agoTalk about event API instead of libevent
stefan [Sun, 17 Jul 2016 11:21:07 +0000 (11:21 +0000)]
Talk about event API instead of libevent

Avoids inconsistent capitalization of libevent at start of sentence
suggested by and ok jmc@, ok bluhm@

8 years agosupport UTF-8 characters in ssh(1) banners using schwarze@'s
djm [Sun, 17 Jul 2016 04:20:16 +0000 (04:20 +0000)]
support UTF-8 characters in ssh(1) banners using schwarze@'s
safe fmprintf printer; bz#2058

feedback schwarze@ ok dtucker@

8 years agoRemove now obsolete parenthetical explanation (should have been part of
tb [Sun, 17 Jul 2016 04:15:25 +0000 (04:15 +0000)]
Remove now obsolete parenthetical explanation (should have been part of
previous commit).