openbsd
6 years agoShift top-of-stack down so that the random==0 case doesn't leave stack
deraadt [Sat, 10 Feb 2018 22:59:02 +0000 (22:59 +0000)]
Shift top-of-stack down so that the random==0 case doesn't leave stack
pointer beyond the space.
ok stefan, tedu

6 years agoEnable axppmic(4).
kettenis [Sat, 10 Feb 2018 22:32:32 +0000 (22:32 +0000)]
Enable axppmic(4).

6 years agoAdd AXP803 support.
kettenis [Sat, 10 Feb 2018 22:32:01 +0000 (22:32 +0000)]
Add AXP803 support.

6 years agoMore Allwinner A64 clocks.
kettenis [Sat, 10 Feb 2018 22:31:34 +0000 (22:31 +0000)]
More Allwinner A64 clocks.

6 years agoCap wait/interval at 100 million seconds.
cheloha [Sat, 10 Feb 2018 19:49:50 +0000 (19:49 +0000)]
Cap wait/interval at 100 million seconds.

Keeps nanosleep(2) from choking.

While here, call the argument to the -w flag "wait" in the
error message to match up with documentation and usage().

ok tedu@ deraadt@ tb@

6 years agoPledge monitoring process; ok tedu@
anton [Sat, 10 Feb 2018 17:51:37 +0000 (17:51 +0000)]
Pledge monitoring process; ok tedu@

6 years agoMerge license blocks now that they are identical.
mpi [Sat, 10 Feb 2018 12:59:24 +0000 (12:59 +0000)]
Merge license blocks now that they are identical.

6 years agoArtur Grabowski agreed to relicense his C mutex implementation under ISC.
mpi [Sat, 10 Feb 2018 12:53:22 +0000 (12:53 +0000)]
Artur Grabowski agreed to relicense his C mutex implementation under ISC.

This will prevent a copyright-o-rama in kern_lock.c

6 years agoConvert armv7 to MI mutex.
mpi [Sat, 10 Feb 2018 12:44:20 +0000 (12:44 +0000)]
Convert armv7 to MI mutex.

Tested by jsg@, ok patrick@

6 years agoless macro; ok benno
jmc [Sat, 10 Feb 2018 11:19:09 +0000 (11:19 +0000)]
less macro; ok benno

6 years agoimplement the use of new ftp -S session=... for https
espie [Sat, 10 Feb 2018 10:35:09 +0000 (10:35 +0000)]
implement the use of new ftp -S session=... for https
- add a setup_session hook that creates an anonymous tempfile in the ::HTTPS
class
- parse tls connection resumed messages and tell on servers that do not
support this
- remove the CLOEXE flag on the fd just before running ftp, so that other
processes do not see it at all.

This makes https somewhat more bearable, though still slower than http... :(

thanks to jsing@ et al  for the design of session

6 years agoMove cleanup job control bits to their own function.
mpi [Sat, 10 Feb 2018 10:32:51 +0000 (10:32 +0000)]
Move cleanup job control bits to their own function.

Part of the larger 'proctreelk' diff from guenther@

No functional change, ok benno@, tedu@

6 years agoRevert previous & incorrect NULL dereference fix.
mpi [Sat, 10 Feb 2018 10:25:44 +0000 (10:25 +0000)]
Revert previous & incorrect NULL dereference fix.

This unbreak backtrace across interrupt frames.

6 years agorewrite file around fh_file, temp file creation with signal protection,
espie [Sat, 10 Feb 2018 10:08:05 +0000 (10:08 +0000)]
rewrite file around fh_file, temp file creation with signal protection,
to be used to get anon temp files for https

6 years agoprint etherip on ipv6.
dlg [Sat, 10 Feb 2018 10:00:32 +0000 (10:00 +0000)]
print etherip on ipv6.

6 years agoReplace two spaces indents with tabs. Makes it easier to read and
patrick [Sat, 10 Feb 2018 09:53:47 +0000 (09:53 +0000)]
Replace two spaces indents with tabs.  Makes it easier to read and
especially makes it easier to diff against our other linker scripts.

ok jsg@

6 years agoAdditional AMD CPUID bits documented in
jsg [Sat, 10 Feb 2018 09:46:58 +0000 (09:46 +0000)]
Additional AMD CPUID bits documented in
"Processor Programming Reference (PPR) for AMD Family 17h
Model 01h, Revision B1 Processors"

ok mlarkin@ deraadt@

6 years agoThere is a problem with assigning 127.0.0.1 here. Revert the call
claudio [Sat, 10 Feb 2018 09:32:54 +0000 (09:32 +0000)]
There is a problem with assigning 127.0.0.1 here. Revert the call
to in_up_loopback(). There is an issue when doing ifconfig lo0 127.0.0.1/8
the system ends up with 2 127.0.0.1 routes which breaks things like smptd.
Found by tb@

6 years agoconstify some private key-related functions; based on
djm [Sat, 10 Feb 2018 09:25:34 +0000 (09:25 +0000)]
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault

6 years agoRemove now unused assembly mutex code.
mpi [Sat, 10 Feb 2018 09:21:12 +0000 (09:21 +0000)]
Remove now unused assembly mutex code.

ok mlarkin@, deraadt@

6 years agoIf the kernel fails to clone an entry, report rtrequest(9) error.
mpi [Sat, 10 Feb 2018 09:17:56 +0000 (09:17 +0000)]
If the kernel fails to clone an entry, report rtrequest(9) error.

ok claudio@, jmatthew@

6 years agoMention ServerAliveTimeout in context of TCPKeepAlives; prompted by
djm [Sat, 10 Feb 2018 09:03:54 +0000 (09:03 +0000)]
Mention ServerAliveTimeout in context of TCPKeepAlives; prompted by
Christoph Anton Mitterer via github

6 years agoKill unneeded caddr_t cast.
claudio [Sat, 10 Feb 2018 08:47:37 +0000 (08:47 +0000)]
Kill unneeded caddr_t cast.

6 years agoRemove some special IPv4 in IPv6 mapped prefixes that are already rejected
claudio [Sat, 10 Feb 2018 08:46:10 +0000 (08:46 +0000)]
Remove some special IPv4 in IPv6 mapped prefixes that are already rejected
by the ::0.0.0.0/96 reject route added to deny all IPv4 mapped addresses.
Makes the inet6 routing table almost fit in one screen.
OK benno@

6 years agorework gif to be more consistent.
dlg [Sat, 10 Feb 2018 08:12:01 +0000 (08:12 +0000)]
rework gif to be more consistent.

while here, give us support for mpls in gif on ipv6.

this moves all the gif handling into if_gif, eg, the mpls handling
is no longer in ip_etherip.c.

ok claudio@

6 years agozap trailing whitespace;
jmc [Sat, 10 Feb 2018 07:54:34 +0000 (07:54 +0000)]
zap trailing whitespace;

6 years agoSupplying entropy from etext has created a regression on arm where we
patrick [Sat, 10 Feb 2018 07:02:21 +0000 (07:02 +0000)]
Supplying entropy from etext has created a regression on arm where we
get an alignment fault while copying the data.  Turns out that since we
have .rodata in the text segment, it's very easily possible that etext
remains unaligned.  Work around this by word-aligning etext.  The next
step is to split .rodata out of the text segment.

ok deraadt@

6 years agoclarify IgnoreUserKnownHosts; based on github PR from
djm [Sat, 10 Feb 2018 06:54:38 +0000 (06:54 +0000)]
clarify IgnoreUserKnownHosts; based on github PR from
Christoph Anton Mitterer.

6 years agoPut the ldscript parts into a single file instead of storing it as head
patrick [Sat, 10 Feb 2018 06:52:47 +0000 (06:52 +0000)]
Put the ldscript parts into a single file instead of storing it as head
and tail and cat(1) it together.  It was maybe needed when ports needed
different contents, but now it's just a headache.

ok deraadt@

6 years agoShorter, more accurate explanation of NoHostAuthenticationForLocalhost
djm [Sat, 10 Feb 2018 06:40:28 +0000 (06:40 +0000)]
Shorter, more accurate explanation of NoHostAuthenticationForLocalhost
without the confusing example. Prompted by Christoph Anton Mitterer
via github and bz#2293.

6 years agosync
deraadt [Sat, 10 Feb 2018 06:37:12 +0000 (06:37 +0000)]
sync

6 years agoAdd TLS session support to ftp(1).
jsing [Sat, 10 Feb 2018 06:25:16 +0000 (06:25 +0000)]
Add TLS session support to ftp(1).

If a session file is specified via the `-S session=...', ftp(1) will
attempt to resume TLS sessions based on the session data contained within
this file. Upon completion of a successful TLS handshake the session file
will be updated with new session data, if available.

Discussed with deraadt@ and beck@.

Requested by and input from espie@.

6 years agoDisable RemoteCommand and RequestTTY in the ssh session started by
djm [Sat, 10 Feb 2018 06:15:12 +0000 (06:15 +0000)]
Disable RemoteCommand and RequestTTY in the ssh session started by
scp. sftp is already doing this. From Camden Narzt via github;
ok dtucker

6 years agoBe more specific about when the session file will be updated.
jsing [Sat, 10 Feb 2018 06:07:43 +0000 (06:07 +0000)]
Be more specific about when the session file will be updated.

6 years agombufs and mbuf clusters are now backed by large pools. Because of this
claudio [Sat, 10 Feb 2018 06:00:06 +0000 (06:00 +0000)]
mbufs and mbuf clusters are now backed by large pools. Because of this
we can relax the oversubscribe limit of socketbuffers a fair bit.
Instead of maxing out as sb_max * 1.125 or 2 * sb_hiwat the maximum is
increased to 8 * sb_hiwat -- which seems to be a good compromise between
memory waste and better socket buffer usage.
OK deraadt@

6 years agoinstaller bits for RFC 7217 support
florian [Sat, 10 Feb 2018 05:59:06 +0000 (05:59 +0000)]
installer bits for RFC 7217 support

OK rpe, tb, naddy, sthen

6 years agoRFC 7217 support for slaacd
florian [Sat, 10 Feb 2018 05:57:59 +0000 (05:57 +0000)]
RFC 7217 support for slaacd

OK naddy, sthen

6 years agoLoad RFC 7217 key material and generate if it does not already exist.
florian [Sat, 10 Feb 2018 05:56:47 +0000 (05:56 +0000)]
Load RFC 7217 key material and generate if it does not already exist.

Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).

OK naddy, sthen, rpe, tb

6 years agoifconfig can be used to to set interface flag to not do RFC 7217.
florian [Sat, 10 Feb 2018 05:55:26 +0000 (05:55 +0000)]
ifconfig can be used to to set interface flag to not do RFC 7217.

OK naddy, sthen
man page bits input & OK jmc

6 years agoFollow rfc8277 more closely and make make sure bgpd is encoding VPNv4
claudio [Sat, 10 Feb 2018 05:54:31 +0000 (05:54 +0000)]
Follow rfc8277 more closely and make make sure bgpd is encoding VPNv4
withdraws they way other systems are doing it. Interop problem discovered
by Andrew Thrift. Tested by Andrew and job@.

6 years agoadd support for binary sysctl payloads by handling them as hex
florian [Sat, 10 Feb 2018 05:53:58 +0000 (05:53 +0000)]
add support for binary sysctl payloads by handling them as hex
strings.

this was part of a demo showing how to implement the kernel side of
sysctl(3) for setting Semantically Opaque Interface Identifier key
material (for RFC 7217), but it seems to be the most straightforward
path toward integrating soiikey handling and rc.

Originally written by dlg, who commited it some time ago on my request.
I then backed it out again, now it's time to put it back in.

ok florian@ sthen@ naddy@ tb@

Man page bits tweaked & OK jmc

6 years agoImplement RFC 7217: "A Method for Generating Semantically Opaque
florian [Sat, 10 Feb 2018 05:52:08 +0000 (05:52 +0000)]
Implement RFC 7217: "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."

"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."

OK naddy, sthen

6 years agoRefuse to create a certificate with an unusable number of principals;
djm [Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)]
Refuse to create a certificate with an unusable number of principals;
Prompted by gdestuynder via github

6 years agofatal if we're unable to write all the public key; previously we
djm [Sat, 10 Feb 2018 05:43:26 +0000 (05:43 +0000)]
fatal if we're unable to write all the public key; previously we
would silently ignore errors writing the comment and terminating
newline. Prompted by github PR from WillerZ; ok dtucker

6 years agoSimilar to the IPv6 case create 127.0.0.1/8 on lo(4) interfaces which act
claudio [Sat, 10 Feb 2018 05:32:21 +0000 (05:32 +0000)]
Similar to the IPv6 case create 127.0.0.1/8 on lo(4) interfaces which act
as loopback interfaces for each rdomain (including lo0). This is done when
the interface is brought up. This is now also done by default (either on
attach of lo0 or when creating the rdomain).
OK mpi@

6 years agoSyncronize filesystems to disk when suspending. Each mountpoint's vnodes
deraadt [Sat, 10 Feb 2018 05:24:23 +0000 (05:24 +0000)]
Syncronize filesystems to disk when suspending.  Each mountpoint's vnodes
are pushed to disk.  Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required).  Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

6 years agofix build with SDHC_DEBUG defined, no binary change otherwise
jmatthew [Sat, 10 Feb 2018 05:21:13 +0000 (05:21 +0000)]
fix build with SDHC_DEBUG defined, no binary change otherwise

6 years agoAdd a mapping from grandparent driver name to hibernate io function to reduce
jmatthew [Sat, 10 Feb 2018 05:11:06 +0000 (05:11 +0000)]
Add a mapping from grandparent driver name to hibernate io function to reduce
the number of ->dv_parent->dv_parent chains and make this more readable.

ok deraadt@ phessler@

6 years agoBump TLS API version since we've added more functionality.
jsing [Sat, 10 Feb 2018 04:58:08 +0000 (04:58 +0000)]
Bump TLS API version since we've added more functionality.

6 years agoMove the keypair pubkey hash handling code to during config.
jsing [Sat, 10 Feb 2018 04:57:35 +0000 (04:57 +0000)]
Move the keypair pubkey hash handling code to during config.

The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).

Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.

ok beck@

6 years agoTidy/standardise some code.
jsing [Sat, 10 Feb 2018 04:48:44 +0000 (04:48 +0000)]
Tidy/standardise some code.

6 years agoRemove NULL check from tls_conninfo_cert_pem() - all of the other conninfo
jsing [Sat, 10 Feb 2018 04:48:17 +0000 (04:48 +0000)]
Remove NULL check from tls_conninfo_cert_pem() - all of the other conninfo
functions require the conninfo passed in to be non-NULL.

6 years agoDocument functions for client-side TLS session support.
jsing [Sat, 10 Feb 2018 04:43:16 +0000 (04:43 +0000)]
Document functions for client-side TLS session support.

6 years agoAdd support to libtls for client-side TLS session resumption.
jsing [Sat, 10 Feb 2018 04:41:24 +0000 (04:41 +0000)]
Add support to libtls for client-side TLS session resumption.

A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.

Discussed at length with deraadt@ and tedu@.

Rides previous minor bump.

ok beck@

6 years agoBump lib{crypto,ssl,tls} minors due to symbol addition.
jsing [Sat, 10 Feb 2018 04:34:25 +0000 (04:34 +0000)]
Bump lib{crypto,ssl,tls} minors due to symbol addition.

6 years agoExpose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2
jsing [Sat, 10 Feb 2018 04:33:47 +0000 (04:33 +0000)]
Expose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2
API and are now in use by various libraries and applications.

6 years agoclaudio noted that this is an else case because we have either a
benno [Sat, 10 Feb 2018 04:23:48 +0000 (04:23 +0000)]
claudio noted that this is an else case because we have either a
prefix or a prefix-set.

6 years agoUse sched_pause(yield) to decide when to yield when filling randomdata.
mortimer [Sat, 10 Feb 2018 02:54:33 +0000 (02:54 +0000)]
Use sched_pause(yield) to decide when to yield when filling randomdata.

ok deraadt@

6 years agoAdd prefix-sets, lists of prefixes which can be used in place of a
benno [Sat, 10 Feb 2018 01:24:28 +0000 (01:24 +0000)]
Add prefix-sets, lists of prefixes which can be used in place of a
prefix in a filter rule. Initial idea hashed out with job@ in Toronto.
This is WIP, i'm commiting it now so we can work on it in the tree.
ok florian@ claudio@

6 years agoUse return instead of exit from main.
tb [Sat, 10 Feb 2018 00:00:47 +0000 (00:00 +0000)]
Use return instead of exit from main.

6 years agoIf there is no link after link_timeout seconds don't forget
krw [Fri, 9 Feb 2018 23:23:02 +0000 (23:23 +0000)]
If there is no link after link_timeout seconds don't forget
to go_daemon() while waiting for the RTM_IFINFO message.

Problem spotted by Holger Mikolon.

6 years agoSchedule alarm for start of minute if departure time is absolute.
cheloha [Fri, 9 Feb 2018 23:12:13 +0000 (23:12 +0000)]
Schedule alarm for start of minute if departure time is absolute.

e.g., "leave 1530" goes off closer to 15:30:00.

Timezone-related bug caught by tb@ in review.

ok tb@ tedu@

6 years agoStyle tweaks
jca [Fri, 9 Feb 2018 22:52:54 +0000 (22:52 +0000)]
Style tweaks

ok remi@ benno@

6 years agoUse a static chacha instance to fill randomdata sections. Avoids looping
mortimer [Fri, 9 Feb 2018 22:13:04 +0000 (22:13 +0000)]
Use a static chacha instance to fill randomdata sections. Avoids looping
over a syscall for randomdata sections larger than 256B.

ok djm@ deraadt@ kettenis@

6 years agoImprove documentation of protected domains.
mpi [Fri, 9 Feb 2018 20:13:28 +0000 (20:13 +0000)]
Improve documentation of protected domains.

Required by and ok otto@, ok jmc@

6 years agouse in_addr and in6_addr instead of uint32_ts
dlg [Fri, 9 Feb 2018 10:12:38 +0000 (10:12 +0000)]
use in_addr and in6_addr instead of uint32_ts

6 years agooh carp - i didnt mean to commit these
dlg [Fri, 9 Feb 2018 09:35:03 +0000 (09:35 +0000)]
oh carp - i didnt mean to commit these

6 years agouse struct in_addr to represent an address.
dlg [Fri, 9 Feb 2018 09:30:37 +0000 (09:30 +0000)]
use struct in_addr to represent an address.

6 years agoisolate calls to the rfc2822 parser and handling of "." in smtp_dataline()
eric [Fri, 9 Feb 2018 09:29:03 +0000 (09:29 +0000)]
isolate calls to the rfc2822 parser and handling of "." in smtp_dataline()

ok gilles@

6 years agoadd support for setting the ttl on the tunnel traffic.
dlg [Fri, 9 Feb 2018 09:22:46 +0000 (09:22 +0000)]
add support for setting the ttl on the tunnel traffic.

6 years agoCall socreate() before falloc() in sys_socket().
mpi [Fri, 9 Feb 2018 07:32:35 +0000 (07:32 +0000)]
Call socreate() before falloc() in sys_socket().

This is similar to what we do in sys_socketpair() and will allow us
to grab the KERNEL_LOCK() only after having created a socket.

ok tedu@

6 years agoa little more adjustment, after discussing with henning;
jmc [Fri, 9 Feb 2018 07:14:17 +0000 (07:14 +0000)]
a little more adjustment, after discussing with henning;

6 years agouse ether_tryprint, which looks inside the ether packet.
dlg [Fri, 9 Feb 2018 04:08:26 +0000 (04:08 +0000)]
use ether_tryprint, which looks inside the ether packet.

ether_print just prints the ether header.

6 years agorework etherip to make it more consistent and reduce code duplication.
dlg [Fri, 9 Feb 2018 04:05:58 +0000 (04:05 +0000)]
rework etherip to make it more consistent and reduce code duplication.

ok claudio@

6 years agoCheck for the existence of /bsd before trying to back it up to /obsd.
tb [Fri, 9 Feb 2018 03:59:15 +0000 (03:59 +0000)]
Check for the existence of /bsd before trying to back it up to /obsd.
Fixes 'make install' when /bsd is not present for some reason.

ok rob florian, "fine with me" deraadt

6 years agoClear the dr and bdr fields of a neighbor when it goes down.
claudio [Fri, 9 Feb 2018 03:53:37 +0000 (03:53 +0000)]
Clear the dr and bdr fields of a neighbor when it goes down.
Same is done in ospfd for quite a while.

6 years agoSkip sftp-chroot test when SUDO not set instead of fatal().
dtucker [Fri, 9 Feb 2018 03:42:57 +0000 (03:42 +0000)]
Skip sftp-chroot test when SUDO not set instead of fatal().

6 years agoReplace fatal with exit in the case that we do not have $SUDO set.
dtucker [Fri, 9 Feb 2018 03:40:22 +0000 (03:40 +0000)]
Replace fatal with exit in the case that we do not have $SUDO set.
Prevents test failures when neither sudo nor doas are configured.

6 years agoSituation occur where bootloader cannot supply kernel with early
deraadt [Fri, 9 Feb 2018 03:01:24 +0000 (03:01 +0000)]
Situation occur where bootloader cannot supply kernel with early
random data. But a new source of entropy arrived a few months ago
-- KARL generates highly disturbed images for some kernels (well,
not for bsd.rd)
This assumes the tail of text (just before etext[]) is readable.
We are trying to use a portable symbol name, and also avoid reading
a locore0 which has been unmapped...
ok mortimer

6 years agoRemove unused sKerberosTgtPassing from enum. From calestyo via github
dtucker [Fri, 9 Feb 2018 02:37:36 +0000 (02:37 +0000)]
Remove unused sKerberosTgtPassing from enum.  From calestyo via github
pull req #11, ok djm@

6 years agoExtend the mbuf queue API with an accessor that checks whether
patrick [Fri, 9 Feb 2018 02:26:33 +0000 (02:26 +0000)]
Extend the mbuf queue API with an accessor that checks whether
or not the mbuf queue is full.

ok dlg@

6 years agoImplement the bwfm(4) SDIO bus logic. This is the bus layer that
patrick [Fri, 9 Feb 2018 02:21:16 +0000 (02:21 +0000)]
Implement the bwfm(4) SDIO bus logic.  This is the bus layer that
converts the logic of the upper layers (sending control messages,
sending data messages, receiving event or data messages) into the
corresponding work that has to be done on the lowest layer.  SDIO
is not the fastest bus for exchanging network packets, but maybe
there is room for tuning.  Actual TX/RX is being done in a worker
task that serializes access to the hardware.  This is good enough
to attach to WiFi networks and do network transfers.  Developed
and tested on a Cubox-i.

6 years agoSimplify logic a bit by moving a block. nbr_stop_itimer() does not use
claudio [Fri, 9 Feb 2018 02:14:03 +0000 (02:14 +0000)]
Simplify logic a bit by moving a block. nbr_stop_itimer() does not use
the dr or bdr fields so clear them first.

6 years agotimeout_add -> timeout_add_sec
jmatthew [Fri, 9 Feb 2018 00:08:17 +0000 (00:08 +0000)]
timeout_add -> timeout_add_sec

ok patrick@

6 years agoit turns out the wccp header is optional
dlg [Fri, 9 Feb 2018 00:06:51 +0000 (00:06 +0000)]
it turns out the wccp header is optional

peek inside the payload to see if the first nibble looks like ipv4.
if it isnt ipv4 assume it is the wccp header.

6 years agobring back the wccp shizz.
dlg [Fri, 9 Feb 2018 00:03:13 +0000 (00:03 +0000)]
bring back the wccp shizz.

6 years agoimplement support for tunnelttl copy.
dlg [Thu, 8 Feb 2018 23:53:20 +0000 (23:53 +0000)]
implement support for tunnelttl copy.

if the ttl is set to copy, gre will copy the ttl in and out of the
encapsulated packet. it's probably a good idea to set this the same
on both ends of a tunnel.

egre doesn't support tunnelttl copy.

6 years agohave a go at decoding cisco wccp gre packets, and let them fall into IP.
dlg [Thu, 8 Feb 2018 22:56:28 +0000 (22:56 +0000)]
have a go at decoding cisco wccp gre packets, and let them fall into IP.

6 years agosync
tb [Thu, 8 Feb 2018 22:49:53 +0000 (22:49 +0000)]
sync

6 years agoMake the routing socket more MP save by using a SRPL list for the pcb list.
claudio [Thu, 8 Feb 2018 22:24:41 +0000 (22:24 +0000)]
Make the routing socket more MP save by using a SRPL list for the pcb list.
Still needs the big kernel lock but this is another step in the right direction.
With and OK mpi@

6 years agottl 0 is not valid on the wire, so dont accept it.
dlg [Thu, 8 Feb 2018 22:11:06 +0000 (22:11 +0000)]
ttl 0 is not valid on the wire, so dont accept it.

6 years agoimplement ethernet over gre encapsulation with a thing egre(4) driver.
dlg [Thu, 8 Feb 2018 22:08:18 +0000 (22:08 +0000)]
implement ethernet over gre encapsulation with a thing egre(4) driver.

there's three main chunks in this: transmit, receive, and factoring out
common gre code.

ethernet over gre unfortunately doesnt pad ethernet frames, so their
payload on rx and their headers on tx will be misaligned. egre copes
with this in the rx path by copying the payload with m_dup_pkt if
it detects misalignment. in the tx path, it unconditionally allocates
a new mbuf for the headers, that can be aligned separately to the
existing payload.

most of the common gre code is in the ioctl paths, so this diff
adds gre_tunnel_ioctl, which is in the spirit of ether_ioctl.

ok claudio@

6 years agohandle SIOCGLIFPHYTTL and say that the ttl is always "copied"
dlg [Thu, 8 Feb 2018 21:55:34 +0000 (21:55 +0000)]
handle SIOCGLIFPHYTTL and say that the ttl is always "copied"

6 years agowhen using tunnelttl, let -1 mean "copy the ttl from the inner traffic".
dlg [Thu, 8 Feb 2018 21:54:55 +0000 (21:54 +0000)]
when using tunnelttl, let -1 mean "copy the ttl from the inner traffic".

tunnelttl now accepts "copy" as an argument, and prints "copy" when
it sees -1.

ok claudio@

6 years agoospf6d mostly only cares about AF_INET6 routes
benno [Thu, 8 Feb 2018 21:37:36 +0000 (21:37 +0000)]
ospf6d mostly only cares about AF_INET6 routes
found while investigating routing socket desync with claudio.
ok remi jca claudio

6 years agoKill ber.c support for direct fd read/writes
jca [Thu, 8 Feb 2018 18:02:06 +0000 (18:02 +0000)]
Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around.  ok claudio@

6 years agotweak previous;
jmc [Thu, 8 Feb 2018 17:52:24 +0000 (17:52 +0000)]
tweak previous;

6 years agotweak previous; ok henning
jmc [Thu, 8 Feb 2018 17:51:43 +0000 (17:51 +0000)]
tweak previous; ok henning

6 years agoTest that next-hop L2 caches are cloned using the correct MPATH route.
mpi [Thu, 8 Feb 2018 13:51:08 +0000 (13:51 +0000)]
Test that next-hop L2 caches are cloned using the correct MPATH route.

ok jmatthew@, claudio@, dlg@

6 years agoWhen multiple RTF_CLONING routes for the same subnet are present, use
mpi [Thu, 8 Feb 2018 13:50:48 +0000 (13:50 +0000)]
When multiple RTF_CLONING routes for the same subnet are present, use
the correct one to clone the gateway.

Fix wired vs wireless on the same subnet issue as well as a more
complicated setup reported by dlg@.

ok jmatthew@, claudio@, dlg@