jsg [Sun, 7 Mar 2021 06:20:09 +0000 (06:20 +0000)]
ansi
jsg [Sun, 7 Mar 2021 06:18:48 +0000 (06:18 +0000)]
ansi
jsg [Sun, 7 Mar 2021 06:17:03 +0000 (06:17 +0000)]
ansi
dlg [Sun, 7 Mar 2021 06:02:32 +0000 (06:02 +0000)]
use uint64_t ethernet addresses for compares in carp.
pass the uint64_t that ether_input has already converted from a
real ethernet address into carp_input so it can use it without
having to do its own conversion.
tested by hrvoje popovski
tested by me on amd64 and sparc64
ok patrick@ jmatthew@
tobhe [Sat, 6 Mar 2021 22:27:39 +0000 (22:27 +0000)]
whitespace
millert [Sat, 6 Mar 2021 20:36:31 +0000 (20:36 +0000)]
Fix PRINT macro, the suffix param to sshlog() was missing.
Also remove redundant __func__ prefix from PRINT calls as the macro
already adds __FILE__, __func__ and __LINE__. From Christos Zoulas.
OK dtucker@
patrick [Sat, 6 Mar 2021 19:30:07 +0000 (19:30 +0000)]
Since with the current design there's one device per domain, and one
domain per pagetable, there's no need for a backpointer to the domain
in the pagetable entry descriptor. There can't be any other domain.
Also since there's no list, no list entry member is needed either.
This reduces early allocation to half of the previous size. I think
it's possible to reduce it even further and not need a pagetable entry
descriptor at all, but I need to think about that a bit more.
patrick [Sat, 6 Mar 2021 19:25:27 +0000 (19:25 +0000)]
One major issue talked about in research papers is reducing the overhead
of the IOVA allocation. As far as I can see the current "best solution"
is to cache IOVA ranges in percpu magazines. I don't think we have this
issue at all thanks to bus_dmamap_create(9). The map is created ahead
of time, and we know the maximum size of the DMA transfer. Since with
smmu(4) we have IOVA per domain, allocating IOVA 'early' is essentially
free. But pagetable mapping also incurs a performance penalty, since we
allocate pagetable entry descriptors through pools. Since we have the
IOVA early, we can allocate those early as well. This allocation is a
bit more expensive though, but can be optimized further.
All this means that there is no allocation overhead in hot code paths.
The "only" thing remaining is assigning IOVA to the segments, adjusting
the pagetable mappings, and flushing the IOTLB on unload. Maybe there's
a way to do a combined flush for NICs, because we give a list of mbufs
to the network stack and we could do the IOTLB invalidation only once
right before we hand over the mbuf list to the upper layers.
florian [Sat, 6 Mar 2021 19:02:53 +0000 (19:02 +0000)]
Implement last remaining bits to update from RFC 4941 to RFC 8981.
The desync factor is now tracked per temporary IP and the max value
has been increased to about 9 hours.
While here fix a bug where the minimum acceptable pltime in a router
advertisement should be bigger than PRIV_REGEN_ADVANCE not the desync
factor (which didn't make any sense at all).
From Fernando Gont, thanks!
OK sthen
florian [Sat, 6 Mar 2021 18:33:44 +0000 (18:33 +0000)]
Turns out there are dhcp servers that ignore DHCPREQUEST messages when
they don't like them instead of sending a DHCPNAK. Found the hard way
by benno who didn't want to wait 127 seconds.
Due to another bug dhcpleased would have exit through a fatal() in the
frontend process if he had waited long enough for a Rebooting -> Init
transition because we didn't deconfigure our IP address and thus
didn't close our UDP socket. Upon configuring a new IP address we would
open a new UDP socket send it to the frontend which would then fatal()
due to an unexpected fd passed in.
Aproporiate timings are rather underspecified in RFC 2131. Instead of
doing an exponential backoff up to 64 in the "Rebooting" and
"Requesting" state only go up to 2 for a total of 3 packets and total
timeout of 3 seconds before going into "Init" state and sending a
DHCPDISCOVER.
To prevent the fatal() in the frontend process we reshuffle the state
transition into the "Init" state and deconfigure the IP when
appropriate.
deraadt [Sat, 6 Mar 2021 16:09:50 +0000 (16:09 +0000)]
sync
jsg [Sat, 6 Mar 2021 09:20:49 +0000 (09:20 +0000)]
ansi
espie [Sat, 6 Mar 2021 08:31:42 +0000 (08:31 +0000)]
put back Lst_Destroy(paths) where it belongs
noticed by jsg@
tobhe [Fri, 5 Mar 2021 22:26:04 +0000 (22:26 +0000)]
Print PFS group for rekeyed Child SAs.
ok patrick@
tobhe [Fri, 5 Mar 2021 22:08:25 +0000 (22:08 +0000)]
Log transforms of established IKE and Child SAs.
ok patrick@
tobhe [Fri, 5 Mar 2021 22:03:51 +0000 (22:03 +0000)]
Move policy printing code from parse.y to new print.c
ok patrick@
jan [Fri, 5 Mar 2021 20:06:39 +0000 (20:06 +0000)]
Avoid print for NULL pointer
The subclass arrays have to be empty.
OK deraadt@
claudio [Fri, 5 Mar 2021 17:28:09 +0000 (17:28 +0000)]
Fix regress tests after changes to tal.c, mft.c, and cert.c.
claudio [Fri, 5 Mar 2021 17:15:19 +0000 (17:15 +0000)]
Factor out the URI check we do in various places into valid_uri().
RRDP will add a bunch more checks so this makes even more sense.
With and OK tb@
lum [Fri, 5 Mar 2021 16:16:53 +0000 (16:16 +0000)]
If there is a problem with opening a directory via M-x dired, let the
user know. EACCESS is currently accounted for, but nothing else.
claudio [Fri, 5 Mar 2021 16:00:00 +0000 (16:00 +0000)]
Factor out the SHA256 hash checks into valid_filehash() so that it can
be used by the RRDP code as well.
OK tb@
zhuk [Fri, 5 Mar 2021 15:24:37 +0000 (15:24 +0000)]
Test case for read-only array being not that read-only in ksh.
okay tb@
zhuk [Fri, 5 Mar 2021 15:22:03 +0000 (15:22 +0000)]
Fix old ksh bug: wrong variable being looked up when value is provided.
This results, e.g., in allowing the first item of a read-only array to
be overwritten, as found by Jordan Geoghegan.
okay tb@
jsg [Fri, 5 Mar 2021 13:20:19 +0000 (13:20 +0000)]
ansi
jan [Fri, 5 Mar 2021 12:57:20 +0000 (12:57 +0000)]
add missing PCI classes
OK dlg@
jsg [Fri, 5 Mar 2021 12:40:13 +0000 (12:40 +0000)]
ansi
eric [Fri, 5 Mar 2021 12:37:32 +0000 (12:37 +0000)]
Start porting smtpd to libtls.
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.
ok tb@
claudio [Fri, 5 Mar 2021 12:33:19 +0000 (12:33 +0000)]
Remove space at end of line
jsg [Fri, 5 Mar 2021 09:37:20 +0000 (09:37 +0000)]
ansi
jsg [Fri, 5 Mar 2021 09:21:08 +0000 (09:21 +0000)]
ansi
yasuoka [Fri, 5 Mar 2021 08:41:26 +0000 (08:41 +0000)]
Fix some heap over-read in logging in PPTP protocol handler.
anton [Fri, 5 Mar 2021 07:34:46 +0000 (07:34 +0000)]
Stop abusing display blocks under the authors section in order to
respect literal line breaks. This has the unwanted side effect of
rendering the authors section using a monospace font over at
man.openbsd.org. Instead use br macros to force line breaks.
With help from and ok jmc@
jsg [Fri, 5 Mar 2021 07:10:06 +0000 (07:10 +0000)]
deregister
jsg [Fri, 5 Mar 2021 07:01:36 +0000 (07:01 +0000)]
ansi
dlg [Fri, 5 Mar 2021 06:44:09 +0000 (06:44 +0000)]
pass the uint64_t dst ethernet address from ether_input to bridges.
tested on amd64 and sparc64.
jsg [Fri, 5 Mar 2021 06:01:13 +0000 (06:01 +0000)]
ansi
jsg [Fri, 5 Mar 2021 05:30:44 +0000 (05:30 +0000)]
ansi
dlg [Fri, 5 Mar 2021 03:51:41 +0000 (03:51 +0000)]
work with 64bit ethernet addresses in ether_input().
this applies the tricks with addresses from veb and etherbridge
code to the normal ethernet input processing. it basically loads
the destination address from the packet and the interface ethernet
address into uint64_ts for comparison.
tested by hrvoje popovski and chris cappuccio
tested here on amd64, arm64, and sparc64
ok claudio@ jmatthew@
patrick [Fri, 5 Mar 2021 01:16:55 +0000 (01:16 +0000)]
Improve readability of softc accesses.
patrick [Fri, 5 Mar 2021 00:55:45 +0000 (00:55 +0000)]
Introduce an IOVA allocator instead of mapping pages 1:1. Mapping pages 1:1
obviously reduces the overhead of IOVA allocation, but instead you have the
problem of doubly mapped pages, and making sure a page is only unmapped once
the last user is gone. My initial attempt, modeled after apldart(4), calls
the allocator for each segment. Unfortunately this introduces a performance
penalty which reduces performance from around 700 Mbit/s to about 20 Mbit/s,
or even less, in a simple single stream tcpbench scenario. Most mbufs from
userland seem to have at least 3 segments. Calculating the needed IOVA space
upfront reduces this penalty. IOVA allocation overhead could be reduced once
and for all if it is possible to reserve IOVA during bus_dmamap_create(9), as
it is only called upon creation and basically never for each DMA cycle. This
needs some more thought.
With this we now put the pressure on the PTED pools instead. Additionally, but
not part of this diff, percpu pools for the PTEDs seem to reduce the overhead
for that single stream tcpbench scenario to 0.3%. Right now this means we're
hitting a different bottleneck, not related to the IOMMU. The next bottleneck
will be discovered once forwarding is unlocked. Though it should be possible
to benchmark the current implementation, and different designs, using a cycles
counter.
With IOVA allocation it's not easily possible to correlate memory passed to
bus_dmamem_map(9) with memory passed to bus_dmamap_load(9). So far my code
try to use the same cachability attributes as the kenrel uses for its userland
mappings. For the devices we support, there seems to be no need so far. If
this ever gives us any trouble in the feature, I'll have a look and fix it.
While drivers should call bus_dmamap_unload(9) before bus_dmamap_destroy(9),
the API explicitly states that bus_dmamap_destroy(9) should unload the map
if it is still loaded. Hence we need to do exactly that. I actually have
found one network driver which behaves that way, and the developer intends
to change the network driver's behaviour.
patrick [Fri, 5 Mar 2021 00:18:26 +0000 (00:18 +0000)]
Extend the commented code that shows which additional mappings are needed,
or which regions need to be reserved. As it turns out, a region we should
not map is the PCIe address space. Making a PCIe device try to do DMA to
an address in PCIe address space will obviously not make its way to SMMU
and host memory. We'll probably have to add an API for that.
tobhe [Thu, 4 Mar 2021 22:27:13 +0000 (22:27 +0000)]
Remove -g from CFLAGS. This was accidentally added with the last commit.
tobhe [Thu, 4 Mar 2021 22:20:24 +0000 (22:20 +0000)]
Derive config netmask from address pool if not explicitly configured.
ok markus@
kettenis [Thu, 4 Mar 2021 18:36:52 +0000 (18:36 +0000)]
Turns out the cores on Apple's M1 SoC only support 8-bit ASIDs.
Thank you Apple (not)!
Add an initial attempt to support such systems. This isn't good enough
since the kernel will hang once you create more than 127 processes.
But it makes things work reasonably well until you reach that limit
which is good enough to build things on the machine itself.
ok patrick@
kettenis [Thu, 4 Mar 2021 18:32:52 +0000 (18:32 +0000)]
Print feature that indicates a CPU core supports 16-bit ASIDs.
ok patrick@
jmc [Thu, 4 Mar 2021 17:03:42 +0000 (17:03 +0000)]
new sentence, new line;
visa [Thu, 4 Mar 2021 16:44:07 +0000 (16:44 +0000)]
Tweak whitespace and adjust prototypes.
visa [Thu, 4 Mar 2021 16:34:47 +0000 (16:34 +0000)]
Combine octeon_pcibusvar.h into octeon_pcibus.c to reduce scatter.
tb [Thu, 4 Mar 2021 15:44:13 +0000 (15:44 +0000)]
Add two error checks for strdup for consistency.
ok claudio
tb [Thu, 4 Mar 2021 15:43:18 +0000 (15:43 +0000)]
typo in comment
visa [Thu, 4 Mar 2021 15:38:06 +0000 (15:38 +0000)]
Update clock interrupt count atomically.
This avoids errors that can arise when multiple cores update the
variable at the same time.
claudio [Thu, 4 Mar 2021 15:35:39 +0000 (15:35 +0000)]
Last commit was done from a non-clean tree. Revert one line that broke
everything. Oups.
claudio [Thu, 4 Mar 2021 14:29:02 +0000 (14:29 +0000)]
Update TAL files to offical versions that include a https:// URL for the
trust anchor. rpki-client will then use the https:// URL first and fall
back to rsync if the https request failed.
OK job@ tb@
claudio [Thu, 4 Mar 2021 14:24:54 +0000 (14:24 +0000)]
Unify the out of memory errors here as well.
claudio [Thu, 4 Mar 2021 14:24:17 +0000 (14:24 +0000)]
Use the same way to error out in out of memory situation.
Just use 'err(1, NULL);' there is no need to include the type of function
that failed since it is still impossible to locate the right call.
Just use a debugger in that case.
OK tb@ deraadt@
tb [Thu, 4 Mar 2021 14:16:21 +0000 (14:16 +0000)]
an -> and
tb [Thu, 4 Mar 2021 14:15:47 +0000 (14:15 +0000)]
zap whitespace on three lines
claudio [Thu, 4 Mar 2021 14:04:47 +0000 (14:04 +0000)]
Replace NOTREACHED with actuall errx() calls. I managed to return from
the proc_xyz() function at least in two occastions and it is not that
trivial to realize what goes wrong.
claudio [Thu, 4 Mar 2021 14:02:34 +0000 (14:02 +0000)]
Remove NOTREACHED marker, it should be obvious when the code is:
exit(rc);
/* NOTREACHED */
claudio [Thu, 4 Mar 2021 14:00:26 +0000 (14:00 +0000)]
Simply ignore errors from tls_close(). ftp(1) does the same and it seems
too many servers out there fail to properly close the TLS session which
results in unneccessary warnings like
TLS close: EOF without close notify
Result of a discussion with job@ and tb@
claudio [Thu, 4 Mar 2021 13:01:41 +0000 (13:01 +0000)]
Implement a https client as a sub-process for rpki-client. This code will
be used to fetch TA certs and later on for RRDP. Kind of unreached for now
since the default TAL files don't include https URI.
The http client is fully asynchronous and can handle multiple downloads at
the same time. This code was based on the http client in ftp(1).
OK tb@, job@
claudio [Thu, 4 Mar 2021 10:56:47 +0000 (10:56 +0000)]
Add sys/queue.h to the include list since imsg.h needs it. Currently
net/route.h pulls this is as a side-effect.
OK krw@
espie [Thu, 4 Mar 2021 09:45:31 +0000 (09:45 +0000)]
warn about proper usage of Lst_Destroy.
as noticed by jsg@
espie [Thu, 4 Mar 2021 09:34:30 +0000 (09:34 +0000)]
better if I commit the version which actually includes the header ;)
espie [Thu, 4 Mar 2021 09:32:49 +0000 (09:32 +0000)]
somehow I forgot to add copyright and to include the right prototypes.
No actual code change (checked with cmp)
mpi [Thu, 4 Mar 2021 09:02:37 +0000 (09:02 +0000)]
Merge issignal() and CURSIG() in preparation for turning it mp-safe.
This makes appear some redundant & racy checks.
ok semarie@
mpi [Thu, 4 Mar 2021 09:00:03 +0000 (09:00 +0000)]
Modify `uvmexp.swpgonly' atomically, required for uvm_fault() w/o KERNEL_LOCK()
ok kettenis@
mpi [Thu, 4 Mar 2021 08:38:48 +0000 (08:38 +0000)]
Bring back previous fix for UVM vnode deadlock.
tb@ reports that refaulting when there's contention on the vnode makes
firefox start very slowly on his machine. To revisit when the fault
handler will be unlocked.
ok anton@
Original commit message:
Fix a deadlock between uvn_io() and uvn_flush(). While faulting on a
page backed by a vnode, uvn_io() will end up being called in order to
populate newly allocated pages using I/O on the backing vnode. Before
performing the I/O, newly allocated pages are flagged as busy by
uvn_get(), that is before uvn_io() tries to lock the vnode. Such pages
could then end up being flushed by uvn_flush() which already has
acquired the vnode lock. Since such pages are flagged as busy,
uvn_flush() will wait for them to be flagged as not busy. This will
never happens as uvn_io() cannot make progress until the vnode lock is
released.
Instead, grab the vnode lock before allocating and flagging pages as
busy in uvn_get(). This does extend the scope in uvn_get() in which the
vnode is locked but resolves the deadlock.
ok mpi@
Reported-by: syzbot+e63407b35dff08dbee02@syzkaller.appspotmail.com
jsg [Thu, 4 Mar 2021 07:46:26 +0000 (07:46 +0000)]
remove extra argument to printf
krw [Thu, 4 Mar 2021 02:00:42 +0000 (02:00 +0000)]
Notice when link-timeout expires even if istty(STDERR) hints that dhclient has
already gone daemon. Sometimes it's just that 2>/dev/null or something has
been done.
Should fix problem with sysupgrade when an interface (e.g. a wired interface that
has no cable plugged in) never comes up.
Problem reported and debug info from kettenis@, Jean-Philippe Luigi, Thomas L. and
Markus Lude. Thanks!
afresh1 [Thu, 4 Mar 2021 01:13:11 +0000 (01:13 +0000)]
Never automatically rewrite perl/dist/Devel-PPPort/t/01_test.t
We are never going to update the files that generate this test and
the interaction with "cvs up" means we can accidentally hit it when
they hange between releases but permissions when building the system
prevent us from writing the update and breaks the build.
Found by naddy@, krw@, and deraadt@
jsg [Wed, 3 Mar 2021 23:58:28 +0000 (23:58 +0000)]
off by one
ok claudio@ deraadt@
djm [Wed, 3 Mar 2021 22:41:49 +0000 (22:41 +0000)]
don't sshbuf_get_u32() into an enum; reported by goetze AT
dovetail.com via bz3269
tobhe [Wed, 3 Mar 2021 22:18:00 +0000 (22:18 +0000)]
Free sc_vroute on shutdown.
kettenis [Wed, 3 Mar 2021 21:47:27 +0000 (21:47 +0000)]
Remove bogus (and pointless) pmap_activate(9) call.
ok drahn@
sthen [Wed, 3 Mar 2021 21:40:16 +0000 (21:40 +0000)]
typo in other_hostkeys_message() display output, ok djm
martijn [Wed, 3 Mar 2021 20:15:54 +0000 (20:15 +0000)]
s/byte/character
Discussed with claudio@
Feedback jmc@
bru [Wed, 3 Mar 2021 19:44:37 +0000 (19:44 +0000)]
Add a configurable button mapping for tap gestures on touchpads.
Thanks to RJ Johnson for this work!
ok mpi@
ratchov [Wed, 3 Mar 2021 10:19:06 +0000 (10:19 +0000)]
sndiod: Move MTC/MMC state to its own global structure
ratchov [Wed, 3 Mar 2021 10:13:06 +0000 (10:13 +0000)]
sndiod: Move MIDI control endpoint to opt structure
No behavior change.
ratchov [Wed, 3 Mar 2021 10:00:27 +0000 (10:00 +0000)]
sndiod: Move controls out of the device structure
Moving to a global server-wide controls list is necessary to expose
controls that are not associated to a particular device (ex. a device
selector).
The current hack to use the device-side sioctl_desc->addr variable as
client-side key can't work anymore. So, we use a unique dynamically
allocated ctl->addr key; this is much cleaner. A new "scope" enum
(with two "void *" arguments) is used to determine what the control
does control. This adds flexibility and allows to easily add new
control types that are not associated to devices.
No behavior change.
ratchov [Wed, 3 Mar 2021 09:40:43 +0000 (09:40 +0000)]
sndioctl: Flush stdout before polling
If stdout is not flushed, output is not seen by programs using
sndioctl through a pipe (ex. "sndioctl -m | cat" displays nothing).
Patch from Erico Nogueira <ericonr@disroot.org>, idea
from Duncan Overbruck <mail@duncano.de>
kn [Wed, 3 Mar 2021 09:32:11 +0000 (09:32 +0000)]
Unveil only /etc/resolv.conf and /etc/resolv.conf.new not /etc/
Unveiling the entire directory stems from earlier development cycles
and is by no means required now, only the two files are created,
read from and written to.
OK deraadt florian semarie
jsg [Wed, 3 Mar 2021 09:06:20 +0000 (09:06 +0000)]
remove unreachable and unneeded code
ok martijn@
djm [Wed, 3 Mar 2021 08:42:52 +0000 (08:42 +0000)]
needs FILE*; from Mike Frysinger
jsg [Wed, 3 Mar 2021 01:27:54 +0000 (01:27 +0000)]
off by one in array bounds tests
ok mlarkin@
dlg [Wed, 3 Mar 2021 00:00:03 +0000 (00:00 +0000)]
clean up span ports as span ports, not bridge ports.
the visible result of this is that span ports aren't made promisc
like bridge ports. when cleaning up a span port, trying to take
promisc off it screwed up the refs, and it makes the underlying
interface not able to be promisc when it should be promisc.
found by dave voutila
dlg [Tue, 2 Mar 2021 23:40:06 +0000 (23:40 +0000)]
fix an assert in veb_p_ioctl() that failed when called by a span port.
veb_p_ioctl() is used by both veb bridge and veb span ports, but
it had an assert to check that it was being called by a veb bridge
port. this extends the check so using it on a span port doesnt cause
a panic.
found by dave voutila
bru [Tue, 2 Mar 2021 22:35:19 +0000 (22:35 +0000)]
Read general and touchpad-specific wsmouse settings separately.
Correct the identification of the device type when reading the
touchpad parameters fails.
ok jcs@
millert [Tue, 2 Mar 2021 20:41:42 +0000 (20:41 +0000)]
Fix size computation in replace_repeat() for special_case REPEAT_WITH_Q.
This resulted in the NUL terminator being written to the end of the
buffer which was not the same as the end of the string. That in
turn caused garbage bytes from malloc() to be processed. Also
change the NUL termination to be less error prone by writing the
NUL immediately after the last byte copied. OK sthen@
lum [Tue, 2 Mar 2021 19:50:52 +0000 (19:50 +0000)]
It is now possible to define single value variables in the startup file:
(define myfile d.txt)
And use them like:
(find-file myfile)
florian [Tue, 2 Mar 2021 19:20:13 +0000 (19:20 +0000)]
Only attach a fully configured bpf filter to a network interface.
I'm worried we could see packets we shouldn't during a small time window.
deraadt [Tue, 2 Mar 2021 17:50:41 +0000 (17:50 +0000)]
include of netinet/in.h here is incorrect, because net/route.h will pull
excessive types into scope.
ok claudio
deraadt [Tue, 2 Mar 2021 17:43:04 +0000 (17:43 +0000)]
document ENOTSUP wxallowed/wxneeded behaviour more clearly; ok kurt
claudio [Tue, 2 Mar 2021 17:39:26 +0000 (17:39 +0000)]
Must include netinet/in.h before netinet/ip.h or bad things happen.
jsing [Tue, 2 Mar 2021 17:26:25 +0000 (17:26 +0000)]
Separate variable declaration and assignment.
Requested by tb@
jsing [Tue, 2 Mar 2021 17:24:37 +0000 (17:24 +0000)]
Replace two handrolled tls12_record_protection_engaged().
Noted by tb@
jsing [Tue, 2 Mar 2021 17:18:59 +0000 (17:18 +0000)]
Move key/IV length checks closer to usage sites.
Also add explicit checks against EVP_CIPHER_iv_length() and
EVP_CIPHER_key_length().
Requested by tb@ during review.
ok tb@
florian [Tue, 2 Mar 2021 17:17:15 +0000 (17:17 +0000)]
Fix indentation of switch / case. No binary change.
jsing [Tue, 2 Mar 2021 17:16:44 +0000 (17:16 +0000)]
Add tls12_record_protection_unused() and call from CCS functions.
This moves the check closer to where a leak could occur and checks all
pointers in the struct.
Suggested by tb@ during review.
ok tb@