openbsd
3 years agoRemove unveil() from the rsync_sender() and flist_gen(). The sender is
claudio [Mon, 22 Mar 2021 11:49:15 +0000 (11:49 +0000)]
Remove unveil() from the rsync_sender() and flist_gen(). The sender is
not able to properly unveil itself because you can request many files
as arguments. At the same time the sender is read-only and uses rpath
pledge() so the gain from unveil() is less of an issue.
On the receiver side all files land in one directory and this part still
uses unveil() to protect rsync to somehow walk out of the destination
directory.
From kristaps@

3 years agoAdjust function name in error strings.
claudio [Mon, 22 Mar 2021 11:26:44 +0000 (11:26 +0000)]
Adjust function name in error strings.
From kristaps@

3 years agoAdjust a type to unsigned since the io function works on unsigned ints.
claudio [Mon, 22 Mar 2021 11:25:29 +0000 (11:25 +0000)]
Adjust a type to unsigned since the io function works on unsigned ints.
Also the id is a strictly positve integer so this make sense.
Cleanup comments and a spacing while there.
From kristaps@

3 years agoPut comment where it belongs also remove an assert() that checks for an
claudio [Mon, 22 Mar 2021 11:20:04 +0000 (11:20 +0000)]
Put comment where it belongs also remove an assert() that checks for an
impossible condition. The map argument is from a pread() call and can never
be MAP_FAILED.
From kristaps@

3 years agoCompare explicitly against NULL.
claudio [Mon, 22 Mar 2021 11:16:05 +0000 (11:16 +0000)]
Compare explicitly against NULL.
From kristaps@

3 years agoMake fmt argument const. Format local vars a bit.
claudio [Mon, 22 Mar 2021 11:14:42 +0000 (11:14 +0000)]
Make fmt argument const. Format local vars a bit.
From kristaps@

3 years agoLet iwn(4) simply clear frames before the firmware's BA window, instead
stsp [Mon, 22 Mar 2021 09:52:49 +0000 (09:52 +0000)]
Let iwn(4) simply clear frames before the firmware's BA window, instead
of trying to be smart and clearing already acknowledged frames which are
still within the firmware's BA window.

This matches what the Linux driver does and makes our driver code simpler.

Also, Tx rate control code relies on sequence numbers falling into the
BA window so let's skip Tx rate control for frames before this window.

Tested by:
myself on 6205 and 6300
afresh1, bluhm, and paco on 6300
jmatthew on 5100
Balder Oddson on 6205

3 years agoStart the move to TAILQ for expressions instead of an SLIST.
lum [Mon, 22 Mar 2021 09:26:23 +0000 (09:26 +0000)]
Start the move to TAILQ for expressions instead of an SLIST.

3 years agodocument NEVER_CLEAN
espie [Mon, 22 Mar 2021 07:34:34 +0000 (07:34 +0000)]
document NEVER_CLEAN

3 years agoThe tag comes after iface in iked.conf(5).
tobhe [Sun, 21 Mar 2021 22:18:00 +0000 (22:18 +0000)]
The tag comes after iface in iked.conf(5).

3 years agoFully initialize rrec in tls12_record_layer_open_record_protected
tb [Sun, 21 Mar 2021 19:08:22 +0000 (19:08 +0000)]
Fully initialize rrec in tls12_record_layer_open_record_protected

The CBC code path initializes rrec.padding_length in an indirect fashion
and later makes use of it for copying the MAC. This is confusing some
static analyzers as well as people investigating the whining. Avoid this
confusion and add a bit of robustness by clearing the stack variable up
front.

ok jsing

3 years agoRevise regress to match handshake struct changes.
jsing [Sun, 21 Mar 2021 18:37:26 +0000 (18:37 +0000)]
Revise regress to match handshake struct changes.

3 years agoMove the TLSv1.3 handshake struct inside the shared handshake struct.
jsing [Sun, 21 Mar 2021 18:36:34 +0000 (18:36 +0000)]
Move the TLSv1.3 handshake struct inside the shared handshake struct.

There are currently three different handshake structs that are in use -
the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct
(as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous
'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)).

This is the first step towards cleaning up the handshake structs so that
shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2
and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside
SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct
instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code
to access the shared handshake data without needing the SSL struct.

ok inoguchi@ tb@

3 years agoUse new terminology of RFC 8981 and (mechanically) replace "privacy"
florian [Sun, 21 Mar 2021 18:25:24 +0000 (18:25 +0000)]
Use new terminology of RFC 8981 and (mechanically) replace "privacy"
with "temporary".

3 years agowg(4): fix race between tx/rx handshakes, from Matt Dunwoodie, ok mpi@
sthen [Sun, 21 Mar 2021 18:13:59 +0000 (18:13 +0000)]
wg(4): fix race between tx/rx handshakes, from Matt Dunwoodie, ok mpi@

"There is a race between sending/receiving handshake packets. This
occurs if we consume an initiation, then send an initiation prior to
replying to the consumed initiation.

In particular, when consuming an initiation, we don't generate the
index until creating the response (which is incorrect). If we attempt
to create an initiation between these processes, we drop any
outstanding handshake which in this case has index 0 as set when
consuming the initiation.

The fix attached is to generate the index when consuming the initiation
so that any spurious initiation creation can drop a valid index. The
patch also consolidates setting fields on the handshake."

3 years agoSplit TLSv1.3 record protection from record layer.
jsing [Sun, 21 Mar 2021 17:25:17 +0000 (17:25 +0000)]
Split TLSv1.3 record protection from record layer.

This makes the TLSv1.2 and TLSv1.3 record layers more consistent and while
it is not currently necessary from a functionality perspective, it makes
for more readable and simpler code.

ok inoguchi@ tb@

3 years agoBuild options regress with -DLIBRESSL_INTERNAL.
jsing [Sun, 21 Mar 2021 17:22:37 +0000 (17:22 +0000)]
Build options regress with -DLIBRESSL_INTERNAL.

This is currently needed for DTLS1_2_VERSION, however it should be used
here regardless.

3 years agoAvoid a use-after-scope in tls13_cert_add().
jsing [Sun, 21 Mar 2021 16:56:42 +0000 (16:56 +0000)]
Avoid a use-after-scope in tls13_cert_add().

A parent CBB retains a reference to a child CBB until CBB_flush() or
CBB_cleanup() is called. As such, the cert_exts CBB must be at function
scope.

Reported by Ilya Shipitsin.

ok tb@

3 years agoInclude wstpad allocations when cleaning up wsmouse resources.
bru [Sun, 21 Mar 2021 16:20:49 +0000 (16:20 +0000)]
Include wstpad allocations when cleaning up wsmouse resources.

ok gnezdo@

3 years agoDisambiguate expressions.
visa [Sun, 21 Mar 2021 14:18:37 +0000 (14:18 +0000)]
Disambiguate expressions.

3 years agoPlug memory leak reported by Ilya Shipitsin
tb [Sun, 21 Mar 2021 14:06:29 +0000 (14:06 +0000)]
Plug memory leak reported by Ilya Shipitsin

Since r1.7, input in base64_decoding_test() is allocated unconditionally,
so free it unconditionally.

3 years agoDon't warn that we can't form a temporary address when a router
florian [Sun, 21 Mar 2021 13:59:22 +0000 (13:59 +0000)]
Don't warn that we can't form a temporary address when a router
deprecates a prefix by sending a pltime of 0, this is normal.
Continue warning when the pltime is smaller than 5 as this is almost
certainly a configuration error.
Found the hard way by & OK otto.

3 years agoAdd quoted strings capability in list values, no special chars
lum [Sun, 21 Mar 2021 12:56:16 +0000 (12:56 +0000)]
Add quoted strings capability in list values, no special chars
detection in between them though.  Add limitation to characters
allowed in symbol names, equivalent to mg function names (A-Za-z-),
quite restrictive but can grow of course. If value is not quoted and
is not a variable, give an error.

3 years agomakes `struct execsw' to:
semarie [Sun, 21 Mar 2021 11:29:38 +0000 (11:29 +0000)]
makes `struct execsw' to:

- use C99-style initialization (grep works better with that)
- use const as execsw is not modified during runtime

ok mpi@

3 years agoUse uppercases for defines.
mpi [Sun, 21 Mar 2021 10:24:36 +0000 (10:24 +0000)]
Use uppercases for defines.

No functional change.

ok semarie@

3 years agoadd -n to SYNOPSIS;
jmc [Sun, 21 Mar 2021 06:44:24 +0000 (06:44 +0000)]
add -n to SYNOPSIS;

3 years agoAdd -n (no action) mode, which just parses the program and exits.
jmatthew [Sun, 21 Mar 2021 01:24:35 +0000 (01:24 +0000)]
Add -n (no action) mode, which just parses the program and exits.

ok mpi@ kn@

3 years agos/struft/struct/; thanks James Hastings
sthen [Sat, 20 Mar 2021 21:02:56 +0000 (21:02 +0000)]
s/struft/struct/; thanks James Hastings

3 years agoSync with apm(4/macppc) to document which ioctls are not supported
kn [Sat, 20 Mar 2021 19:41:44 +0000 (19:41 +0000)]
Sync with apm(4/macppc) to document which ioctls are not supported

Suspend/resume and other power events are NOT YET SUPPORTED.

3 years agoLooking at loading all expressions initially, working towards multi
lum [Sat, 20 Mar 2021 19:39:30 +0000 (19:39 +0000)]
Looking at loading all expressions initially, working towards multi
line. Next to look at "values" (quotes around values).

Current regress tests pass.

3 years agoEnd sentence and add .Pp after (all) "NOT SUPPORTED" lines
kn [Sat, 20 Mar 2021 19:36:29 +0000 (19:36 +0000)]
End sentence and add .Pp after (all) "NOT SUPPORTED" lines

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:11:49 +0000 (17:11 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Keep "temporary" the default when setting inet6 autoconf but make it
possible to disable the "autoconf" flag but keep "temporary" enabled.
The normal usecase to only have temporary autoconf addresses would be
"inet6 temporary" in hostname.if
OK kn

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:08:57 +0000 (17:08 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Make the interface come up when the IFXF_AUTOCONF6TEMP is set.
OK kn

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:07:49 +0000 (17:07 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Track autoconf and temporary flag individually to be able to support
this.
OK kn

3 years agoFix SMALL build when done from sbin/slaacd
kn [Sat, 20 Mar 2021 16:46:03 +0000 (16:46 +0000)]
Fix SMALL build when done from sbin/slaacd

distrib/special/slaccd is the actual SMALL user but having it build from here
is useful, too;  in fact, it showed some more unused variables under SMALL.

OK florian

3 years agoSKIP_PROPOSAL has been ripped out in 2019
kn [Sat, 20 Mar 2021 16:36:52 +0000 (16:36 +0000)]
SKIP_PROPOSAL has been ripped out in 2019

3 years agotypo
tb [Sat, 20 Mar 2021 12:17:45 +0000 (12:17 +0000)]
typo

3 years agonamei: reorganize a bit the error path for simples cases
semarie [Sat, 20 Mar 2021 11:26:07 +0000 (11:26 +0000)]
namei: reorganize a bit the error path for simples cases

- move 'fail' label to end of function (instead of using the first
  if-condition)

- merge the most simples error code paths idioms from 'cleanup+return'
  to 'goto-fail'

ok mpi@

3 years agoSync some comments in order to reduce the difference with NetBSD.
mpi [Sat, 20 Mar 2021 10:24:21 +0000 (10:24 +0000)]
Sync some comments in order to reduce the difference with NetBSD.

No functionnal change.

ok kettenis@

3 years agoAdd a 'batch' mode to mg via the '-b' command line option which will
lum [Sat, 20 Mar 2021 09:00:49 +0000 (09:00 +0000)]
Add a 'batch' mode to mg via the '-b' command line option which will
initialise a pty, run the specified file of mg commands and then exit.

This is to facilitate mg fitting into the OpenBSD regress test
framework and be able to run via a cron job.

3 years agoAdd new test-tls13-multiple-ccs-messages.py
tb [Sat, 20 Mar 2021 08:12:53 +0000 (08:12 +0000)]
Add new test-tls13-multiple-ccs-messages.py

This is a test that checks for NSS's CCS flood DoS CVE-2020-25648.
The test script currently fails on LibreSSL and OpenSSL 1.1.1j because
it sends invalid records with version 0x0300 instead of 0x0303.
We have the ccs_seen logic corresponding to NSS's fix:
https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
but we do allow up to two CCS due to an interop issue with Fizz, so
at least one of the tests will likey be broken once the record version
is fixed.

3 years agouse m_dup_pkthdr in ip_fragment to copy pkthdr info to fragments.
dlg [Sat, 20 Mar 2021 01:15:28 +0000 (01:15 +0000)]
use m_dup_pkthdr in ip_fragment to copy pkthdr info to fragments.

this ensures more stuff is copied, in particular the flowid
information. this is also how v6 does it, which makes things more
consistent.

ok bluhm@

3 years agoRemove libLLVM.so.2.0 on upgrade
kn [Fri, 19 Mar 2021 23:52:55 +0000 (23:52 +0000)]
Remove libLLVM.so.2.0 on upgrade

It is over a year old and corresponds to LLVM 8.0.0 after the
"-msvr4-struct-return" ABI change;  saves 47M (on amd64).

OK deraadt

3 years agoPrepare documenting SSL_use_certificate_chain_file
tb [Fri, 19 Mar 2021 20:31:49 +0000 (20:31 +0000)]
Prepare documenting SSL_use_certificate_chain_file

3 years agoUndo previous. As pointed out by jsing I clearly wasn't fully awake...
tb [Fri, 19 Mar 2021 19:52:55 +0000 (19:52 +0000)]
Undo previous. As pointed out by jsing I clearly wasn't fully awake...

3 years agoPrepare to provide SSL_use_certificate_chain_file()
tb [Fri, 19 Mar 2021 19:51:07 +0000 (19:51 +0000)]
Prepare to provide SSL_use_certificate_chain_file()

This is the same as SSL_CTX_use_certificate_chain_file() but for an
SSL object instead of an SSL_CTX object. remi found this in a recent
librelp update, so we need to provide it. The function will be exposed
in an upcoming library bump.

ok inoguchi on an earlier version, input/ok jsing

3 years agoEdit wireguard for concision. Remove some background covered by wg(4).
procter [Fri, 19 Mar 2021 19:36:10 +0000 (19:36 +0000)]
Edit wireguard for concision. Remove some background covered by wg(4).
Swap -wgpeerall and wgpeer in synopsis to ease parsing.
"I'm good" - Matt Dunwoodie. "just commit" - jmc
suggestions and ok sthen@

3 years agoFix copy-paste error in previous
tb [Fri, 19 Mar 2021 18:52:14 +0000 (18:52 +0000)]
Fix copy-paste error in previous

Found the hard way by lists y42 org via an OCSP validation failure that
in turn caused pkg_add over TLS to fail. Detailed report by sthen.

ok sthen

3 years agoAdd an -V option to show the version of rpki-client. For the base version
claudio [Fri, 19 Mar 2021 13:56:10 +0000 (13:56 +0000)]
Add an -V option to show the version of rpki-client. For the base version
it will show just OpenBSD while -portable will show the portable version.
OK sthen@, tb@, kn@

3 years agoDelay chdir to the cache directory to after parsing the tal files.
claudio [Fri, 19 Mar 2021 09:43:59 +0000 (09:43 +0000)]
Delay chdir to the cache directory to after parsing the tal files.
Using the -t option relative locations can be passed as tal locations
and so the process can not chdir until these files were read.
OK job@

3 years agoRemove booting from kernels in raw/qcow2 images
kn [Fri, 19 Mar 2021 09:29:33 +0000 (09:29 +0000)]
Remove booting from kernels in raw/qcow2 images

Diff and (slightly tweaked) text below from
Dave Voutila < dave at sisu dot io >, thanks!

--
Since 6.7 switched to FFS2 as the default filesystem for new installs,
the ability for vmd(8) to load a kernel and boot.conf from a disk image
directly (without SeaBIOS) has been broken.

A diff from tb to add FFS2 support never mdae it into the tree.

On 5th Jan 2021, new ramdisks for amd64 have started shipping gzipped,
breaking the ability to load the bsd.rd directly as a kernel image for a vmd
guest without first uncompressing the image.

Using BIOS works, the FFS2 change happend ten months ago and few if any have
complained about the breakage.  vmctl(8) is still vague about supporting it
per its man page and one still has to pass the disk image twice as a "-b"
and "-d" argument to boot an OpenBSD guest *without* BIOS.

Josh Rickmar reported the gzip issue on bugs@ and provided patches to add
support for compressed ramdisks and kernel images.  The easiest way to do so
is to drop support for FFS images since they require a call to fmemopen(3)
while all the other logic uses fopen(3)/fdopen(3) calls and a file
descriptor.  It is much easier to get thsoe patches merged if they don't
have to account for extracting files from disk images.
--

No objections anyone
"Removing it makes sense" reyk (who wrote the FFS module)
OK mlarkin

3 years agoFix function name in warning
kn [Fri, 19 Mar 2021 08:10:57 +0000 (08:10 +0000)]
Fix function name in warning

3 years agoRTM_IFINFO is providing the mac address now, no need to go through
florian [Fri, 19 Mar 2021 07:43:27 +0000 (07:43 +0000)]
RTM_IFINFO is providing the mac address now, no need to go through
getifaddrs on every route message.
This also allows us to drop the route pledge since we only need to
fetch the interface state with getifaddrs on startup.

3 years agoanother unfortunate action to cope with relentless kernel growth
deraadt [Fri, 19 Mar 2021 04:30:56 +0000 (04:30 +0000)]
another unfortunate action to cope with relentless kernel growth

3 years agoadd a test for misc.c:argv_split(), currently fails
djm [Fri, 19 Mar 2021 04:23:50 +0000 (04:23 +0000)]
add a test for misc.c:argv_split(), currently fails

3 years agosplit
djm [Fri, 19 Mar 2021 03:25:01 +0000 (03:25 +0000)]
split

3 years agoreturn non-zero exit status when killed by signal; bz#3281
djm [Fri, 19 Mar 2021 02:22:34 +0000 (02:22 +0000)]
return non-zero exit status when killed by signal; bz#3281
ok dtucker@

3 years agoincrease maximum SSH2_FXP_READ to match the maximum packet size.
djm [Fri, 19 Mar 2021 02:18:28 +0000 (02:18 +0000)]
increase maximum SSH2_FXP_READ to match the maximum packet size.
Also handle zero-length reads that are borderline nonsensical but
not explicitly banned by the spec.
Based on patch from Mike Frysinger, feedback deraadt@ ok dtucker@

3 years agoUpdate go-module docs for recent changes, from Josh Rickmar, small tweak
sthen [Thu, 18 Mar 2021 22:36:36 +0000 (22:36 +0000)]
Update go-module docs for recent changes, from Josh Rickmar, small tweak
from me

3 years agoFrom Joachim Wiberg's version of mg.
lum [Thu, 18 Mar 2021 18:09:21 +0000 (18:09 +0000)]
From Joachim Wiberg's version of mg.

"This patch makes sure to clear the status/echo line after killing and
switching buffers by name.  Otherwise the kill/switch prompt lingers"

3 years agoDo not include ':' in the port number.
tb [Thu, 18 Mar 2021 16:15:19 +0000 (16:15 +0000)]
Do not include ':' in the port number.

ok claudio

3 years agoWhen changing the link local address send a RTM_IFINFO message out.
claudio [Thu, 18 Mar 2021 15:58:58 +0000 (15:58 +0000)]
When changing the link local address send a RTM_IFINFO message out.
Also prefer if (error == 0) over if (!error).
OK florian@ bluhm@

3 years agoDo not call rtm_ifchg() if IFF_UP changed. The code in if_up() and if_down()
claudio [Thu, 18 Mar 2021 15:57:16 +0000 (15:57 +0000)]
Do not call rtm_ifchg() if IFF_UP changed. The code in if_up() and if_down()
already call rtm_ifchg() and so this would just result in a duplicate message.
Noticed by deraadt@. OK florian@ bluhm@

3 years agoLike in the sysctl case include the ifp_sadl as RTA_IFP address in RTM_IFINFO
claudio [Thu, 18 Mar 2021 15:55:19 +0000 (15:55 +0000)]
Like in the sysctl case include the ifp_sadl as RTA_IFP address in RTM_IFINFO
messages. This way userland can detect if the lladdr of an interface was
changed.
OK florian@ bluhm@

3 years agoFail in rsync_base_uri() if the strdup calls fail. Do not bubble this
claudio [Thu, 18 Mar 2021 15:47:10 +0000 (15:47 +0000)]
Fail in rsync_base_uri() if the strdup calls fail. Do not bubble this
error upwards since a NULL return represents a bad-URI.
Diff originally from tb@

3 years agoAvoid NULL access in http_parse_uri()
tb [Thu, 18 Mar 2021 15:40:45 +0000 (15:40 +0000)]
Avoid NULL access in http_parse_uri()

A malformed URI such as "https://[::1/index.html" causes a NULL access
in the hosttail[1] == ":" check.

ok claudio

3 years agoFix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely
kn [Thu, 18 Mar 2021 14:47:17 +0000 (14:47 +0000)]
Fix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely

While the corresponding route gets removed properly, the driver's softc
kept the old label, i.e. "ifconfig mpe0" would show "mpls: label 42"
instead of "mpls: label (unset)" even though it was unset.

OK claudio

3 years agoDocument SIOCDELLABEL, link among MPLS drivers
kn [Thu, 18 Mar 2021 14:22:04 +0000 (14:22 +0000)]
Document SIOCDELLABEL, link among MPLS drivers

Use of the IOCTL section losely adopted from bridge(4),
the list of ioctls however is still incomplete.

mpw(4) and mpip(4) could use a reference to mpe(4) IOCTL or so,
but this is good enough for starters.

Feedback OK claudio

3 years agoDocument "-tunneldomain" and "-mplslabel", complete MPLS synopsis
kn [Thu, 18 Mar 2021 14:16:38 +0000 (14:16 +0000)]
Document "-tunneldomain" and "-mplslabel", complete MPLS synopsis

OK claudio

3 years agoDo not assign the return value from asprintf (int) to a size_t and then
claudio [Thu, 18 Mar 2021 14:08:01 +0000 (14:08 +0000)]
Do not assign the return value from asprintf (int) to a size_t and then
compare it to -1. Instead use a temp variable and assign to bufsz after
the -1 check.
Also add errx() calls after the switch statements in the FSM functions.
OK job@ tb@

3 years agoInitialize rsyncpid and httppid in the noop case. It seem gcc is not able
claudio [Thu, 18 Mar 2021 14:05:44 +0000 (14:05 +0000)]
Initialize rsyncpid and httppid in the noop case. It seem gcc is not able
to realize that the pids are initialized if !noop and not accessed if noop.
OK job@ tb@

3 years agoSince the entity queues are per repo there is no need to store the repo id
claudio [Thu, 18 Mar 2021 14:03:42 +0000 (14:03 +0000)]
Since the entity queues are per repo there is no need to store the repo id
anymore.
OK job@ tb@

3 years agoRemove duplicate prototype.
bluhm [Thu, 18 Mar 2021 11:17:04 +0000 (11:17 +0000)]
Remove duplicate prototype.

3 years agoType-cast getpagesize() from int to size_t for the comparison with d.
claudio [Thu, 18 Mar 2021 11:16:58 +0000 (11:16 +0000)]
Type-cast getpagesize() from int to size_t for the comparison with d.
getpagesize() will only return positive numbers (there is no negative
page size system) and it can not fail.
Should fix some compiler warnings seen in -portable projects.
OK otto@

3 years agoThe ntpd client code corrects both T1 and T4 with the current offset
bluhm [Thu, 18 Mar 2021 11:06:41 +0000 (11:06 +0000)]
The ntpd client code corrects both T1 and T4 with the current offset
returned by adjtime(2) from the kernel.  T1 is local time when the
NTP packet is sent and T4 when the response is received.  If between
these events a NTP reply from another server is received, it may
change the kernel offset with adjtime(2).  Then the calulation of
the client offset was done with different bases, the result was
wrong and the system time started moving around.
So instead of correcting T1 and T4 individually at different events,
correct their sum once.
Error handling was missing if there is no timestamp in the response.
As this should not happen in our kernel, fatal() is appropriate.
tested by weerd@; OK claudio@

3 years agoIn revision 1.91 of uhidev.c, jcs@ made sure to only detach devices
anton [Thu, 18 Mar 2021 09:21:53 +0000 (09:21 +0000)]
In revision 1.91 of uhidev.c, jcs@ made sure to only detach devices
claiming multiple report ids once. This allows uhidpp to piggy back on
the same functionality making uhidev_unset_report_dev() redundant.

3 years agoregen
mvs [Thu, 18 Mar 2021 08:44:59 +0000 (08:44 +0000)]
regen

3 years agoUnlock sendsyslog(2). Console output still requires kernel lock to be
mvs [Thu, 18 Mar 2021 08:43:38 +0000 (08:43 +0000)]
Unlock sendsyslog(2). Console output still requires kernel lock to be
held but this path is only followed while `syslogf' socket is not set.

New `syslogf_rwlock' used to protect `syslogf' access.

ok bluhm@

3 years agoFix previous (1.258). It breaks if localX itself is an object reference.
yasuoka [Thu, 18 Mar 2021 00:17:26 +0000 (00:17 +0000)]
Fix previous (1.258).  It breaks if localX itself is an object reference.
found and test by Rafael Avila de Espindola

ok kettenis

3 years agoWhen devices have claimed multiple report ids, only detach and send
jcs [Wed, 17 Mar 2021 19:44:16 +0000 (19:44 +0000)]
When devices have claimed multiple report ids, only detach and send
DVACT_DEACTIVATE to them once when walking sc_subdevs.

Fixes a regression reported and tested by Edd Barrett.

Input from and previous version ok anton.

3 years agoMake "ifconfig mpw0 -mplslabel" work
kn [Wed, 17 Mar 2021 18:53:25 +0000 (18:53 +0000)]
Make "ifconfig mpw0 -mplslabel" work

Code is there, noone ever used it, I guess.
This makes ifconfig(8) documentation actually hold true.

OK claudio

3 years agoRead ahead is now enforced for DTLS - remove workarounds.
jsing [Wed, 17 Mar 2021 18:11:01 +0000 (18:11 +0000)]
Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

3 years agoUse consistent s_server_opt_ prefix.
jsing [Wed, 17 Mar 2021 18:09:50 +0000 (18:09 +0000)]
Use consistent s_server_opt_ prefix.

3 years agoAdd DTLSv1.2 support to openssl(1) s_client/s_server.
jsing [Wed, 17 Mar 2021 18:08:32 +0000 (18:08 +0000)]
Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

3 years agofix whitespace nit in previous
tb [Wed, 17 Mar 2021 18:04:21 +0000 (18:04 +0000)]
fix whitespace nit in previous

3 years agoUpdate for DTLSv1.2 being enabled.
jsing [Wed, 17 Mar 2021 17:43:31 +0000 (17:43 +0000)]
Update for DTLSv1.2 being enabled.

3 years agoEnable DTLSv1.2.
jsing [Wed, 17 Mar 2021 17:42:53 +0000 (17:42 +0000)]
Enable DTLSv1.2.

This means that the DTLS_method() will now use DTLSv1.2 rather than DTLSv1.
Additional DTLSv1.2 related symbols and defines will be made publicly
visible in the near future.

ok inoguchi@ tb@

3 years agoUpdate for DTLSv1.2 version handling.
jsing [Wed, 17 Mar 2021 17:23:42 +0000 (17:23 +0000)]
Update for DTLSv1.2 version handling.

3 years agoAdd support for DTLSv1.2 version handling.
jsing [Wed, 17 Mar 2021 17:22:37 +0000 (17:22 +0000)]
Add support for DTLSv1.2 version handling.

This teaches the version functions that handle protocol versions about
DTLSv1.2 and the SSL_OP_NO_DTLS* options. We effectively convert between
TLS and TLS protocol versions where necessary.

ok inoguchi@ tb@

3 years agoList the Qu-c0-hr-b0-48 firmware image in the iwx(4) man page.
stsp [Wed, 17 Mar 2021 16:01:21 +0000 (16:01 +0000)]
List the Qu-c0-hr-b0-48 firmware image in the iwx(4) man page.

3 years agoMake iwx(4) attach to AX201 devices with PCI ID 0x34f0.
stsp [Wed, 17 Mar 2021 15:59:27 +0000 (15:59 +0000)]
Make iwx(4) attach to AX201 devices with PCI ID 0x34f0.

Requires Qu-c0-hr-b0-48 firmware which is available via fw_update(1).

Patch by Fredrik Engberg

3 years agoregen
stsp [Wed, 17 Mar 2021 15:58:51 +0000 (15:58 +0000)]
regen

3 years agoAdd another iwx(4) PCI device ID.
stsp [Wed, 17 Mar 2021 15:58:38 +0000 (15:58 +0000)]
Add another iwx(4) PCI device ID.
Based on a patch by Fredrik Engberg

3 years agoMake iwn(4) send block ack request frames with the firmware node
stsp [Wed, 17 Mar 2021 15:34:21 +0000 (15:34 +0000)]
Make iwn(4) send block ack request frames with the firmware node
which represents the AP, rather than the firmware's broadcast node.

Fixes a problem where firmware would generate bogus block ack requests
with a wrong starting sequence number, shifting the receiver's block ack
window out of sync with that of the firmware. Traffic would stall until
enough frames were sent to wrap sequence numbers of the block ack window.

ok chris@ kmos@

3 years agoSplit off init_ifaces from update_iface. init_ifaces discovers the
florian [Wed, 17 Mar 2021 15:24:04 +0000 (15:24 +0000)]
Split off init_ifaces from update_iface. init_ifaces discovers the
state of the machine on startup using ioctl(2) and getifaddrs(3).
We can then update this state with information provided by route
messages. We still need getifaddrs(3) to check if the layer 2 address
has changed.

This simplifies error handling (what should we do if ioctl(2) fails?),
reduces kernel round trips (no need to ask the kernel again for
information RTM_IFINFO provided already) and prevents a theoretical
race between RTM_IFINFO and getaddrinfo(3).

In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us
that the link went down but we were not using this information but
rather looked at getifaddrs(3) information which might see the link as
already up again. We would then do nothing while we should try to get
a new lease.

By storing all interface information in the frontend process we can
skip imsgs to the engine process if we get an RTM_IFINFO without
relevant changes for us.

3 years agoUse correct rdomain when adding/deleting routes
kn [Wed, 17 Mar 2021 14:30:08 +0000 (14:30 +0000)]
Use correct rdomain when adding/deleting routes

mpip(4) always adds and deletes routes in rdomain 0 regardless of the
`tunneldomain', i.e. the `sc_rdomain' value.

mpw(4) adds routes with the specified rdomain but always deletes them
in rdomain 0.

mpe(4) consistently uses the softc's rdomain which is tracked
consistently across the various ioctls -- no fix needed.

Found while reading the code and testing ifconfig(8)'s "tunneldomain" in
order to document MPLS ioctls.

OK claudio

3 years agoFix bit position of ORPHAN in PS_BITS.
visa [Wed, 17 Mar 2021 14:06:54 +0000 (14:06 +0000)]
Fix bit position of ORPHAN in PS_BITS.

3 years agoAdd missing memory clobbers to "data" barriers.
kettenis [Wed, 17 Mar 2021 12:03:40 +0000 (12:03 +0000)]
Add missing memory clobbers to "data" barriers.

3 years agoHide kernel internals from userland by wrapping more bits in _KERNEL blocks.
claudio [Wed, 17 Mar 2021 09:05:42 +0000 (09:05 +0000)]
Hide kernel internals from userland by wrapping more bits in _KERNEL blocks.
Especially the includes of net/rtable.h and sys/queue.h are problematic.
OK florian@

3 years agoNetstat wants to access kernel internal structures for the kvm walker of
claudio [Wed, 17 Mar 2021 09:03:51 +0000 (09:03 +0000)]
Netstat wants to access kernel internal structures for the kvm walker of
the routing table.  Define _KERNEL around the net/route.h include.
OK florian@