jsg [Sat, 23 Jan 2021 23:36:20 +0000 (23:36 +0000)]
regen
jsg [Sat, 23 Jan 2021 23:35:28 +0000 (23:35 +0000)]
add another Realtek RTL8168 id
shows up on a TP-Link TG-3468 John Batteen has
mlarkin [Sat, 23 Jan 2021 22:56:35 +0000 (22:56 +0000)]
Fix whitespace issues
mlarkin [Sat, 23 Jan 2021 22:34:46 +0000 (22:34 +0000)]
vmm(4): wire faulted in pages
This change wires the pages used by virtual machines managed by vmm(4).
When uvm swaps out a page, vmm(4) does not properly do TLB flushing,
possibly leading to memory corruption or improper page access later.
While this diff is not the correct fix (implementing proper TLB flush
semantics), it does work around the problem by not letting the pages
get swapped out in the first place.
This means that under memory pressure, swap pages will have to come
from other processes, and it also means you cannot overcommit vmm(4)
memory assignment (eg, assign more memory to VMs than you actually
have).
It is my plan to fix this the correct way, but that will take time.
This issue was originally pointed out a long time ago by Maxime V., but
due to my taking a year away from OpenBSD, the issue remained unfixed.
tobhe [Sat, 23 Jan 2021 22:04:55 +0000 (22:04 +0000)]
Handle write() errors.
ok patrick@
tobhe [Sat, 23 Jan 2021 21:51:29 +0000 (21:51 +0000)]
Handle errors and truncated output from snprintf().
ok patrick@
kn [Sat, 23 Jan 2021 21:39:54 +0000 (21:39 +0000)]
list-io must be run from config dir
The current description fails to explain how to use it properly and the
error message is only helpful for people that know how ldomctl works
and/or what the Phsyical Resource Inventory is.
OK afresh1 kettenis
tobhe [Sat, 23 Jan 2021 21:35:48 +0000 (21:35 +0000)]
Fix typos.
From Ryan Kavanagh
ok patrick@
patrick [Sat, 23 Jan 2021 20:01:01 +0000 (20:01 +0000)]
Fix IORT struct for Context and PMU interrupts. I misread bytes with bits.
ok kettenis@
deraadt [Sat, 23 Jan 2021 17:36:22 +0000 (17:36 +0000)]
sync
florian [Sat, 23 Jan 2021 16:28:12 +0000 (16:28 +0000)]
Move resolv_conf string generation for ASR to function; makes
upcomming DNS64 diff simpler.
florian [Sat, 23 Jan 2021 16:27:24 +0000 (16:27 +0000)]
Don't just blindly upgrade to VALIDATING if we see a SECURE answer.
Let's go through the check_resolver() / new_resolver() code path
which will also hook up the resovler to the shared cache.
This means also one less special case for upcomming DNS64 support.
rob [Sat, 23 Jan 2021 16:11:11 +0000 (16:11 +0000)]
Remove unused variables found by clang. Additional unused var spotted by eric@.
OK mvs@, eric@
sthen [Sat, 23 Jan 2021 15:03:00 +0000 (15:03 +0000)]
sync
kettenis [Sat, 23 Jan 2021 12:10:08 +0000 (12:10 +0000)]
OPAL implements firmware calls that abstract communicating with the BMC over
IPMI. Use these calls to add support for impi(4) on PowerNV systems.
ok dlg@
espie [Sat, 23 Jan 2021 10:18:28 +0000 (10:18 +0000)]
recognize those ubiquitous webp file
cherry-picked from FreeBSD
okay millert@, deraadt@, sthen@
thfr [Sat, 23 Jan 2021 05:08:33 +0000 (05:08 +0000)]
introduce ujoy(4), a restricted subset of uhid(4) for gamecontrollers.
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
rob [Fri, 22 Jan 2021 18:27:52 +0000 (18:27 +0000)]
Gracefully handle any erroneous closing bracket/brace trailers in
ober_scanf_elements().
OK martijn@
jcs [Fri, 22 Jan 2021 17:35:00 +0000 (17:35 +0000)]
ims: an actual i2c-connected mouse is unlikely
Claim to be a touchpad instead, which sets up ims devices in X11 to
be more like touchpads.
ok mglocker
claudio [Fri, 22 Jan 2021 17:18:13 +0000 (17:18 +0000)]
Extend test with an full depth search of all possible prefix_evaluations.
This currently fails because the MED is not handled properly. Fix for this
will follow shortly.
florian [Fri, 22 Jan 2021 16:10:01 +0000 (16:10 +0000)]
The correct spelling is NULL.
tb [Fri, 22 Jan 2021 15:56:17 +0000 (15:56 +0000)]
Avoid NULL deref on BIO_new{_mem_buf,}() failure.
tb [Fri, 22 Jan 2021 15:54:32 +0000 (15:54 +0000)]
Avoid NULL deref on BIO_new{_mem_buf,}() failure.
millert [Fri, 22 Jan 2021 14:13:57 +0000 (14:13 +0000)]
Private functions in the kernel do not to be prototyped.
We don't use static in the kernel due to ddb so functions private
to the compilation unit are basically equivalent.
OK cheloha@ gnezdo@ mglocker@
claudio [Fri, 22 Jan 2021 13:57:32 +0000 (13:57 +0000)]
Cleanup and document the code a bit
benno [Fri, 22 Jan 2021 13:07:17 +0000 (13:07 +0000)]
fix a memory leak, found by rob@ in relayd.
ok tb@
nicm [Fri, 22 Jan 2021 11:28:33 +0000 (11:28 +0000)]
Revert clear changes to writing as they don't work properly, better
change to come.
nicm [Fri, 22 Jan 2021 10:24:52 +0000 (10:24 +0000)]
Add rectangle-on and rectangle-off copy mode commands, GitHub isse 2546
from author at will dot party.
nicm [Fri, 22 Jan 2021 10:21:24 +0000 (10:21 +0000)]
Fix some cursor movement commands, from Anindya Mukherjee.
martijn [Fri, 22 Jan 2021 06:35:26 +0000 (06:35 +0000)]
Adjust for traphandler process removal commit.
OK denis@, rob@
martijn [Fri, 22 Jan 2021 06:33:26 +0000 (06:33 +0000)]
Remove the traphandler process, which was nothing more then a sham.
It did nothing more then receive a message over UDP, do some basic ber
and ASN.1 parsing and forward the packet to the parent process. snmpe can
do/does the same thing but with a far more thorough ASN.1 validation.
Because we move trap receiving to snmpe we get trap over tcp for free.
However, to make sure that a normal snmp port doesn't automatically start
handling traps a new set of "listen on" flags are introduced: read, write,
and notify. To enable trap handling either let snmpd listen on port 162
without flags, or add the notify flag. Only a flag without port results in
listening on port 162.
To keep current behaviour copy all UDP-based "listen on" lines without port
and add the notify keyword:
listen on 127.0.0.1 port 666
becomes
listen on 127.0.0.1 port 666
listen on 127.0.0.1 notify
This change also enforces snmpd to honor trap community on receiving a
trap, where previously no community was checked before handling a packet.
OK denis@, rob@
rob [Fri, 22 Jan 2021 03:20:56 +0000 (03:20 +0000)]
Valid integer and enumerated types always have non-zero length. Perform
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.
Tweaked and OK martijn@
dtucker [Fri, 22 Jan 2021 02:46:40 +0000 (02:46 +0000)]
PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms here too.
dtucker [Fri, 22 Jan 2021 02:44:58 +0000 (02:44 +0000)]
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms.
While the two were originally equivalent, this actually specifies the
signature algorithms that are accepted. Some key types (eg RSA) can be
used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is
becoming increasingly misleading. The old name is retained as an alias.
Prompted by bz#3253, help & ok djm@, man page help jmc@
eric [Thu, 21 Jan 2021 22:03:25 +0000 (22:03 +0000)]
when using fake keys, skip the private key check
ok tb@
eric [Thu, 21 Jan 2021 22:02:17 +0000 (22:02 +0000)]
return -1 on error for consistency
ok tb@
millert [Thu, 21 Jan 2021 20:08:17 +0000 (20:08 +0000)]
Ignore special keys returned by the curses getch() function.
Prevents canfield from suspending itself when you resize the window.
Canfield is not prepared to deal with anything other than normal
characters so just ignore them. OK tb@ pjanzen@
florian [Thu, 21 Jan 2021 19:12:13 +0000 (19:12 +0000)]
ndp only deals with current localtime. Print time with subsecond
resolution in a less roundabout way.
OK phessler, bluhm
eric [Thu, 21 Jan 2021 19:11:39 +0000 (19:11 +0000)]
sync for libtls bump
eric [Thu, 21 Jan 2021 19:09:43 +0000 (19:09 +0000)]
minor bump after symbol addition
eric [Thu, 21 Jan 2021 19:09:10 +0000 (19:09 +0000)]
Allow setting a keypair on a tls context without specifying the private
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.
ok beck@ tb@ jsing@
jsing [Thu, 21 Jan 2021 18:48:56 +0000 (18:48 +0000)]
Mop up unused dtls1_build_sequence_number() function.
bluhm [Thu, 21 Jan 2021 17:02:37 +0000 (17:02 +0000)]
Pledge violation for SO_RTABLE prints "wroute" now. Adapt test.
tobhe [Thu, 21 Jan 2021 16:50:46 +0000 (16:50 +0000)]
Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.
ok markus@
tobhe [Thu, 21 Jan 2021 16:46:47 +0000 (16:46 +0000)]
Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SA
exchange. In the case of an invalid KE error, retry
CREATE_CHILD_SA exchange with different group instead
of restarting the full IKE handshake.
ok markus@
jmc [Thu, 21 Jan 2021 13:19:58 +0000 (13:19 +0000)]
revert previous after complaints from sthen and deraadt;
mpi [Thu, 21 Jan 2021 13:19:25 +0000 (13:19 +0000)]
Make it possible to convert map arguments to long and insert nsecs in maps.
Necessary to measure latency, example below to better understand the kqueue
select(2) regression:
syscall:select:entry { @start[pid] = nsecs; }
syscall:select:return { @usecs = hist((nsecs - @start[pid]) / 1000); }
mvs [Thu, 21 Jan 2021 13:18:07 +0000 (13:18 +0000)]
carp(4): convert ifunit() to if_unit(9)
ok dlg@ bluhm@
mvs [Thu, 21 Jan 2021 13:17:13 +0000 (13:17 +0000)]
vlan(4): convert ifunit() to if_unit(9)
ok dlg@ kn@
jmc [Thu, 21 Jan 2021 12:43:30 +0000 (12:43 +0000)]
remove an unneccessary escape; from martin vahlensieck
ok gilles
while, there, zap an unneccessary Tn;
dlg [Thu, 21 Jan 2021 12:33:14 +0000 (12:33 +0000)]
let vfs keep track of nonblocking state for us.
ok claudio@ mvs@
kevlo [Thu, 21 Jan 2021 11:05:38 +0000 (11:05 +0000)]
Document IFM_2500_T media type.
ok claudio@ jmc@ sthen@
sthen [Thu, 21 Jan 2021 10:31:57 +0000 (10:31 +0000)]
Backport "Squelch udp connect 'no route to host' errors" from upstream.
Problem reported and diff tested by danj@
From
5906811ff19f005110b2edbda5aa144ad5fa05b1 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 1 Dec 2020 09:09:13 +0100
Subject: [PATCH] - Fix #358: Squelch udp connect 'no route to host' errors on
low verbosity.
kn [Thu, 21 Jan 2021 08:13:59 +0000 (08:13 +0000)]
Revert r1.87 "Pledge before authentication when possible"
Someone reported to me that
''This breaks ansible managed machines where "persist" isn't used. There
i get
/bsd: doas[49341]: pledge "proc", syscall 2
Using "persist", everything is fine.''
jmc [Thu, 21 Jan 2021 07:12:34 +0000 (07:12 +0000)]
some updates from pjanzen;
tb [Thu, 21 Jan 2021 05:02:25 +0000 (05:02 +0000)]
don't set AUTO_RETRY. it's a remnant of an experiment.
mortimer [Thu, 21 Jan 2021 00:16:36 +0000 (00:16 +0000)]
Rearrange variables in dump / restore to handle -fno-common.
Largely following the commit by mckusick in FreeBSD.
ok naddy@
bluhm [Wed, 20 Jan 2021 23:25:19 +0000 (23:25 +0000)]
An invalid packet may not have set src and dst in packet descriptor.
Add a NULL check to prevent crash in pflog(4) introduced in previous
commit.
Reported-by: syzbot+c6d2f2ad34b822bce98a@syzkaller.appspotmail.com
otto [Wed, 20 Jan 2021 19:44:48 +0000 (19:44 +0000)]
Missing return value; ok jmc@
tobhe [Wed, 20 Jan 2021 18:44:28 +0000 (18:44 +0000)]
Make sure to enforce matching dstid as initiator. Use policy lookup
to make sure the negotiated SA matches the selected policy.
ok patrick@
claudio [Wed, 20 Jan 2021 18:02:19 +0000 (18:02 +0000)]
Cleanup, fix and add a few more test cases. Make sure that the decision
flags work (by checking the same routes with and without the flag).
bluhm [Wed, 20 Jan 2021 17:38:18 +0000 (17:38 +0000)]
Test path MTU discovery with IPv6 TCP packets tunneled in IPv4 ESP.
bluhm [Wed, 20 Jan 2021 16:36:09 +0000 (16:36 +0000)]
If pledge "wroute" is missing for setsockopt SO_RTABLE, print failure
message "wroute" into dmesg. Since revision 1.263 pledge "wroute"
allows to change the routing table of a socket.
OK florian@ semarie@
bluhm [Wed, 20 Jan 2021 13:50:09 +0000 (13:50 +0000)]
Check the rewritten address output from tcpdump -e on pflog.
bluhm [Wed, 20 Jan 2021 13:40:15 +0000 (13:40 +0000)]
Print rewritten addresses in tcpdump(8) logged with pflog(4) for
rdr-to, nat-to, af-to rules. The kernel uses the information from
the packet description and fills it into the fields in the pflog
header. While doing this, it is trival to figure out whether the
packet has been rewritten.
OK sashan@
kettenis [Wed, 20 Jan 2021 12:44:45 +0000 (12:44 +0000)]
Reprogram outbound windows to match the device tree. Necessary because
the EDK2-based UEFI firmware sets it to its own hardcoded values.
Makes device-tree mode work with newer versions of the Raspberry Pi firmware.
ok patrick@
sthen [Wed, 20 Jan 2021 12:37:26 +0000 (12:37 +0000)]
typo; spotted by jmc
jmatthew [Wed, 20 Jan 2021 10:04:26 +0000 (10:04 +0000)]
Check management capabilities before trying to attach temperature sensors,
avoiding an unhelpful error message if the card's firmware doesn't expose
the sensor registers.
tested by chris@, who saw the unhelpful error message
ok dlg@
kn [Wed, 20 Jan 2021 07:30:51 +0000 (07:30 +0000)]
Pledge before authentication when possible
Generally, pleding before parsing the file seems hardly possible due to
unveil() being involved.
Pledging in case of the winning rule being a "persist" one is not possible
either due to TIOC{SET,CHK}VERAUTH not being allowed in the "tty" pledge.
But if "persist" is not used, we can pledge before authentication
without having to hoist or chang anything.
Feedback deraadt tedu
OK tdeu
nicm [Wed, 20 Jan 2021 07:16:54 +0000 (07:16 +0000)]
Change so that window_flags escapes # automatically which means configs
will not have to change. A new format window_raw_flags contains the old
unescaped version.
tb [Wed, 20 Jan 2021 07:05:25 +0000 (07:05 +0000)]
Drop unneeded cast in seal_record_protected_cipher
eiv_len was changed from an int to a size_t in r1.10, so casting it
to a size_t is now a noop.
ok jsing
bluhm [Tue, 19 Jan 2021 22:22:23 +0000 (22:22 +0000)]
pflog(4) tried to log the translated packet with rdr-to, nat-to,
and af-to addresses and ports applied. Therefore it created a mbuf
chain on the stack with a partial copy. This is too complicated
for IP options, extension header, NAT46 af-to, and fragmented mbuf
chains. It even caused a crash in syzkaller. Usually the length
checks in pf_setup_pdesc() rejected the faked mbuf and the goto
copy logged the packet unmodified. Remove the pflog_mtap() function
and call bpf_mtap_hdr() directly. As the old buggy code was bypassed
in most cases, tcpdump(8) output of pflog does not change.
Uncondionally log the unmodified packet.
Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com
OK sashan@
dlg [Tue, 19 Jan 2021 21:52:59 +0000 (21:52 +0000)]
blacklist com on m3000s. our com code causes faults somehow.
console i/o still happens using ofw routines, which is Good Enough(tm)
for now. having a working machine means i can better test changes
now though.
ok deraadt@
kettenis [Tue, 19 Jan 2021 19:46:40 +0000 (19:46 +0000)]
Implement intx support.
ok patrick@
mvs [Tue, 19 Jan 2021 19:39:58 +0000 (19:39 +0000)]
pipex(4): convert ifunit() to if_unit(9)
ok dlg@
mvs [Tue, 19 Jan 2021 19:39:14 +0000 (19:39 +0000)]
switch(4): convert ifunit to if_unit(9)
ok dlg@
mvs [Tue, 19 Jan 2021 19:38:29 +0000 (19:38 +0000)]
pppoe(4): convert ifunit() to if_unit(9)
ok dlg@ kn@
mvs [Tue, 19 Jan 2021 19:37:42 +0000 (19:37 +0000)]
pipex(4): convert ifunit() to if_unit(9)
ok dlg@
mvs [Tue, 19 Jan 2021 19:36:48 +0000 (19:36 +0000)]
kern/subr_disk.c: convert ifunit() to if_unit(9)
ok dlg@
mvs [Tue, 19 Jan 2021 19:35:59 +0000 (19:35 +0000)]
nfs/nfs_boot.c: convert ifunit() to if_unit(9)
ok dlg@
kettenis [Tue, 19 Jan 2021 19:14:39 +0000 (19:14 +0000)]
Enable athn(4)
jsing [Tue, 19 Jan 2021 19:07:39 +0000 (19:07 +0000)]
Add code to handle change of cipher state in the new TLSv1.2 record layer.
This provides the basic framework for handling change of cipher state in
the new TLSv1.2 record layer, creating new record protection. In the DTLS
case we retain the previous write record protection and can switch back to
it when retransmitting. This will allow the record layer to start owning
sequence numbers and encryption/decryption state.
ok inoguchi@ tb@
jsing [Tue, 19 Jan 2021 18:57:09 +0000 (18:57 +0000)]
Provide functions to determine if TLSv1.2 record protection is engaged.
Call these functions from code that needs to know if we've changed cipher
state and enabled record protection, rather than inconsistently checking
various pointers from other places in the code base. This also fixes a
minor bug where the wrong pointers are checked if we're operating with
AEAD.
ok inoguchi@ tb@
jsing [Tue, 19 Jan 2021 18:51:08 +0000 (18:51 +0000)]
Provide record layer overhead for DTLS.
Rather than manually calculating the maximum record layer overhead in the
DTLS code, have the record layer provide this information. This also makes
it work correctly with AEAD ciphersuites.
ok inoguchi@ tb@
jsing [Tue, 19 Jan 2021 18:34:02 +0000 (18:34 +0000)]
Factor out code for explicit IV length, block size and MAC length.
Pull this code up into the record protection struct, which means we only
need the length checks in one place. This code will soon be used for
additional purposes.
ok inoguchi@ tb@
kettenis [Tue, 19 Jan 2021 18:07:15 +0000 (18:07 +0000)]
s/KHz/kHz/ and reduce dmesg spam a bit
ok tb@, deraadt@
kettenis [Tue, 19 Jan 2021 18:04:43 +0000 (18:04 +0000)]
s/KHZ/kHz/ and reduce dmesg spam a bit
ok tb@, deraadt@
deraadt [Tue, 19 Jan 2021 17:41:51 +0000 (17:41 +0000)]
/etc/malloc.conf path-approval in pledge is no longer needed since 6.5
moved option control into a sysctl.
reminder that we can delete this from benjamin baier
florian [Tue, 19 Jan 2021 17:38:41 +0000 (17:38 +0000)]
Get rid of inet_net_pton and inet_net_ntop.
This is not an api that seems to have caught on (especially the
AF_INET6 variant), maybe we can get rid of it entirely.
It is not difficult to hand-roll the AF_INET6 variant.
OK tb
florian [Tue, 19 Jan 2021 16:54:48 +0000 (16:54 +0000)]
Make imsg event structs static to fix -fno-common.
Follows claudio's lead in ospfd et al.
Problem reported by mortimer.
florian [Tue, 19 Jan 2021 16:54:00 +0000 (16:54 +0000)]
Move control_state and ctl_conns to control.c, it's not needed
elsewhere and unbreaks -fno-common.
Inspired by claudio
Problem reported by mortimer
florian [Tue, 19 Jan 2021 16:53:27 +0000 (16:53 +0000)]
No need for a global rad_process; unbreaks -fno-common.
Problem reported by mortimer
florian [Tue, 19 Jan 2021 16:52:40 +0000 (16:52 +0000)]
Make imsg event structs static to fix -fno-common.
Follows claudio's lead in ospfd et al.
Problem reported by mortimer.
florian [Tue, 19 Jan 2021 16:52:12 +0000 (16:52 +0000)]
Move control_state and ctl_conns to control.c, it's not needed
elsewhere and unbreaks -fno-common.
Inspired by claudio
Problem reported by mortimer
florian [Tue, 19 Jan 2021 16:51:28 +0000 (16:51 +0000)]
Prevent more yacc clashes; fixes -fno-common.
Problem reported by mortimer.
florian [Tue, 19 Jan 2021 16:50:50 +0000 (16:50 +0000)]
Reduce scope of routesock unbreaking -fno-common.
Problem reported by mortimer.
florian [Tue, 19 Jan 2021 16:50:23 +0000 (16:50 +0000)]
No need for a global uw_process; unbreaks -fno-common.
Problem reported by mortimer
florian [Tue, 19 Jan 2021 16:49:56 +0000 (16:49 +0000)]
Make imsg event structs static to fix -fno-common.
Follows claudio's lead in ospfd et al.
Problem reported by mortimer.
florian [Tue, 19 Jan 2021 16:49:10 +0000 (16:49 +0000)]
Move control_state and ctl_conns to control.c, it's not needed
elsewhere and unbreaks -fno-common.
Inspired by claudio
Problem reported by mortimer
florian [Tue, 19 Jan 2021 16:48:20 +0000 (16:48 +0000)]
No need for a global slaacd_process; unbreaks -fno-common.
Problem reported by mortimer