claudio [Thu, 13 Sep 2018 11:16:21 +0000 (11:16 +0000)]
ROA entires are allowing to define a prefix with a maxlen.
In the end this is just another way to specify a prefixlen range
and kind of an or-longer case with an upper limit.
So these two prefix statements are equivalent:
prefix 10.0.0.0/8 prefixlen 8 - 24
prefix 10.0.0.0/8 maxlen 24
While there also make 'prefixlen = 17' a OP_RANGE and because of that also
usable in prefix-set tables. Finally adjust printconf.c for those to
changes to print them nicely.
OK phessler@
kettenis [Thu, 13 Sep 2018 09:32:27 +0000 (09:32 +0000)]
In drm_wait_one_vblank() add a delay when we're "cold". Interrupts aren't
enabled at that point, so we cannot wait for one to happen. But having no
delay at all breaks detection of some output connectors.
Thanks to Philippe Meunier for tracking down the issue.
ok millert@, jsg@
kevlo [Thu, 13 Sep 2018 09:28:07 +0000 (09:28 +0000)]
- There's no need to set R92C_HSSI_PARAM2_READ_EDGE for R92C_HSSI_PARAM2(0)
for rtl8188eu
- Fix typo in structure r92c_rom in comment: s/0x8192/0x8129/
- Add id member to struct r88e_rom which identifies eeprom
- Replace magic numbers with something more readable
- Cosmetic tweaking
ok stsp@
djm [Thu, 13 Sep 2018 09:03:20 +0000 (09:03 +0000)]
missed a bit of openssl-1.0.x API in this unittest
mestre [Thu, 13 Sep 2018 07:49:33 +0000 (07:49 +0000)]
When unveil(2) was introduced one break from SYS_access case was removed
here, this adds it back. Noticed by Coverity
1471854.
feedback from semarie@ OK deraadt@
kn [Thu, 13 Sep 2018 06:03:27 +0000 (06:03 +0000)]
Avoid unneeded variable in gen_dynnode()
OK bluhm
djm [Thu, 13 Sep 2018 05:06:51 +0000 (05:06 +0000)]
use only openssl-1.1.x API here too
pd [Thu, 13 Sep 2018 04:23:36 +0000 (04:23 +0000)]
vmd: set irq and vm_id in virtio dev structs on restore
This unbreaks vmctl receive.
ok ccardenas@
miko [Thu, 13 Sep 2018 04:07:20 +0000 (04:07 +0000)]
clarify that config_activate_children() is called unconditionally in *activate().
ok ratchov@
jsg [Thu, 13 Sep 2018 03:55:17 +0000 (03:55 +0000)]
drm/drivers: add support for using the arch wc mapping API.
From Dave Airlie
c59fdc4cfbda52ce081c59540762185d765c3369 in linux 4.4.y/4.4.155
7cf321d118a825c1541b43ca45294126fd474efa in mainline linux
ccardenas [Thu, 13 Sep 2018 03:53:33 +0000 (03:53 +0000)]
Add initial set of unveil's to vmctl.
Was in snaps for a while.
Ok mlarkin@ and reyk@
jsg [Thu, 13 Sep 2018 03:45:08 +0000 (03:45 +0000)]
drm/i915/userptr: reject zero user_size
From Matthew Auld
182e963432d867384f2e55487ec60ca7a9f99cd1 in linux 4.4.y/4.4.155
c11c7bfd213495784b22ef82a69b6489f8d0092f in mainline linux
jsg [Thu, 13 Sep 2018 03:38:15 +0000 (03:38 +0000)]
avoid sequence-point warning with gcc 4.9
ok kettenis@
djm [Thu, 13 Sep 2018 02:08:33 +0000 (02:08 +0000)]
hold our collective noses and use the openssl-1.1.x API in OpenSSH;
feedback and ok tb@ jsing@ markus@
sthen [Wed, 12 Sep 2018 22:17:08 +0000 (22:17 +0000)]
sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=
1439127)
ok danj guenther millert
jmc [Wed, 12 Sep 2018 15:09:22 +0000 (15:09 +0000)]
tweak previous;
kettenis [Wed, 12 Sep 2018 11:59:40 +0000 (11:59 +0000)]
Make this work on arm64.
kettenis [Wed, 12 Sep 2018 11:58:28 +0000 (11:58 +0000)]
Make pmap_protect(9) actually remove exec permission if the new permissions
include PROT_READ but not PROT_EXEC.
ok patrick@
mpi [Wed, 12 Sep 2018 11:24:38 +0000 (11:24 +0000)]
Stop exporting TDB counters to userland, this change introduced a
regression with iked(8).
Reported by Mark Patruck.
krw [Wed, 12 Sep 2018 09:20:34 +0000 (09:20 +0000)]
Fix obvious cut&pasto in comment (ifa_msghdr -> if_announcemsghdr).
ok claudio@
guenther [Wed, 12 Sep 2018 07:00:51 +0000 (07:00 +0000)]
Whitespace fixes
djm [Wed, 12 Sep 2018 06:37:23 +0000 (06:37 +0000)]
sync for libcrypto/libssl/libtls minor bumps; from tb@
djm [Wed, 12 Sep 2018 06:36:15 +0000 (06:36 +0000)]
crank to follow minor crank in libcrypto; ok tb@ jsing@
djm [Wed, 12 Sep 2018 06:35:38 +0000 (06:35 +0000)]
Add some accessor functions:
RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()
feedback and ok jsing@ tb@
djm [Wed, 12 Sep 2018 06:18:59 +0000 (06:18 +0000)]
fix edit mistake; spotted by jmc@
guenther [Wed, 12 Sep 2018 06:12:59 +0000 (06:12 +0000)]
Now that the pmap is more paranoid about some shootdowns (pmap.c rev 1.119),
avoid some TLB flushes by not reloading %cr3 when the value isn't changing.
original diff by and ok mlarkin@
guenther [Wed, 12 Sep 2018 06:09:39 +0000 (06:09 +0000)]
When shooting pages in the KVA range, all pmaps have the page mapped,
not just pmap_kernel() and this CPUs pmap. Meanwhile, when mapping
another pmap's tables, order the locking so that we don't need IPIs
specific to the temp pmap.
tested in snaps for a bit
ok mlarkin@
jsg [Wed, 12 Sep 2018 04:34:59 +0000 (04:34 +0000)]
Move -Wno-address-of-packed-member to the clang block as well and sync
armv7 and i386 with amd64.
ok guenther@
djm [Wed, 12 Sep 2018 01:36:45 +0000 (01:36 +0000)]
Include certs with multiple RSA signature variants in test data
Ensure that cert->signature_key is populated correctly
djm [Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)]
add SSH_ALLOWED_CA_SIGALGS - the default list of signature algorithms
that are allowed for CA signatures. Notably excludes ssh-dsa.
ok markus@
djm [Wed, 12 Sep 2018 01:32:54 +0000 (01:32 +0000)]
add sshkey_check_cert_sigtype() that checks a cert->signature_type
against a supplied whitelist; ok markus
djm [Wed, 12 Sep 2018 01:31:30 +0000 (01:31 +0000)]
add cert->signature_type field and keep it in sync with certificate
signature wrt loading and certification operations; ok markus@
djm [Wed, 12 Sep 2018 01:30:10 +0000 (01:30 +0000)]
Add "ssh -Q sig" to allow listing supported signature algorithms
ok markus@
djm [Wed, 12 Sep 2018 01:23:48 +0000 (01:23 +0000)]
test revocation by explicit hash and by fingerprint
djm [Wed, 12 Sep 2018 01:22:43 +0000 (01:22 +0000)]
s/sshkey_demote/sshkey_from_private/g
djm [Wed, 12 Sep 2018 01:21:34 +0000 (01:21 +0000)]
allow key revocation by SHA256 hash and allow ssh-keygen to create KRLs
using SHA256/base64 key fingerprints; ok markus@
djm [Wed, 12 Sep 2018 01:19:12 +0000 (01:19 +0000)]
log certificate fingerprint in authentication success/failure message
(previously we logged only key ID and CA key fingerprint).
ok markus@
bluhm [Tue, 11 Sep 2018 21:04:03 +0000 (21:04 +0000)]
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also
what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap.
OK mpi@
kettenis [Tue, 11 Sep 2018 20:25:58 +0000 (20:25 +0000)]
Only look for acpi tables if acpi(4) attached. Fixes radeondrm(4) crash
on arm64 when using a device tree.
sthen [Tue, 11 Sep 2018 19:43:15 +0000 (19:43 +0000)]
sync (libc++/libc++abi update)
phessler [Tue, 11 Sep 2018 19:25:54 +0000 (19:25 +0000)]
ues the format string for signed ints, for signed ints
reminded by stsp@
robert [Tue, 11 Sep 2018 18:36:58 +0000 (18:36 +0000)]
define _LIBCXXABI_BUILDING_LIBRARY to avoid the same issues as in libcxx
robert [Tue, 11 Sep 2018 18:32:56 +0000 (18:32 +0000)]
add -Wall to CFLAGS
robert [Tue, 11 Sep 2018 18:31:58 +0000 (18:31 +0000)]
instead of defining _LIBCPP_DEBUG in debug.cpp which enables some debug
code which breaks quiet a few things, define _LIBCPP_BUILDING_LIBRARY
for the complete build to get the needed definitions in debug.cpp without
enabling debug code
robert [Tue, 11 Sep 2018 18:29:53 +0000 (18:29 +0000)]
merge libc++ 6.0.0 (bump lib major); ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 18:18:58 +0000 (18:18 +0000)]
import of libc++ 6.0.0
krw [Tue, 11 Sep 2018 18:16:26 +0000 (18:16 +0000)]
Nuke unused LIST() ieee80211com_head.
ok stsp@
robert [Tue, 11 Sep 2018 18:12:06 +0000 (18:12 +0000)]
merge libc++abi 6.0.0 and bump lib minor; ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 18:06:31 +0000 (18:06 +0000)]
import of libc++abi 6.0.0
robert [Tue, 11 Sep 2018 18:03:05 +0000 (18:03 +0000)]
merge libunwind 6.0.0; ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 17:41:23 +0000 (17:41 +0000)]
import of libunwind 6.0.0
nicm [Tue, 11 Sep 2018 17:31:01 +0000 (17:31 +0000)]
The cursor position is limited to the margins for CUF and CUB, so turn
margins off for printing cells (like most everything else already
does). Problem reported by Thomas Sattler.
guenther [Tue, 11 Sep 2018 15:52:00 +0000 (15:52 +0000)]
Put clang-specific options behind conditionals to reduce meta-warnings
ok mpi@
bluhm [Tue, 11 Sep 2018 14:34:49 +0000 (14:34 +0000)]
Make the distribution of in_ and in6_ functions in in_pcb.c and
in6_pcb.c consistent, to ease comparing the code. Move all inet6
functions to in6_. Bring functions in both source files in same
order. Cleanup the include section. Now in_pcb.c is a superset
of in6_pcb.c. The latter contains all the special implementations.
Just moving arround, no code change intended.
OK mpi@
ccardenas [Tue, 11 Sep 2018 13:54:28 +0000 (13:54 +0000)]
Include bnxt in arm64.
Tested on mcbin with Broadcom BCM57404 (Dell variant).
Ok jmatthew@ and kettenis@
ccardenas [Tue, 11 Sep 2018 13:45:29 +0000 (13:45 +0000)]
Be consistent in logging messages.
Change "fmt" to "format".
Ok kn@
kettenis [Tue, 11 Sep 2018 12:41:30 +0000 (12:41 +0000)]
We actually support 39-bit VA's in userland.
ok patrick@, jsg@
kn [Tue, 11 Sep 2018 10:42:10 +0000 (10:42 +0000)]
Fix netmask regression in get_dynnode()
I introduced this error with r1.330 while removing the af parameter from
unmask().
`pass inet from (lo0)/24' would result in `pass inet from (lo0)', sorry.
krw [Tue, 11 Sep 2018 10:23:40 +0000 (10:23 +0000)]
Nuke some trailing spaces that wandered into the
crosshairs.
phessler [Tue, 11 Sep 2018 10:21:29 +0000 (10:21 +0000)]
With the interface debug flag enabled, print a "score" for each AP we
consider during auto-join. This can help users determine why a specific
network was chosen.
OK stsp@
espie [Tue, 11 Sep 2018 09:43:08 +0000 (09:43 +0000)]
add the conflict info to what's stored in pkglocatedb, as it's meta-info
that's not readily available otherwise.
kettenis [Tue, 11 Sep 2018 09:25:56 +0000 (09:25 +0000)]
Fix --exclude-libs option. Based on code already committed upstream.
tested by naddy@
krw [Tue, 11 Sep 2018 09:13:19 +0000 (09:13 +0000)]
Tighten validation tests on an obscure corner case of
trying to align partitions to size <= 0 or past the
end of the disk. Emit error message in this case as
in other align errors.
Looks good to otto@.
kn [Tue, 11 Sep 2018 09:02:27 +0000 (09:02 +0000)]
Remove unused buffer from host()
Left-over from pre-host_ip() times. While here, use __func__.
OK henning benno
benno [Tue, 11 Sep 2018 08:55:49 +0000 (08:55 +0000)]
add files for test 4
sashan [Tue, 11 Sep 2018 07:53:38 +0000 (07:53 +0000)]
- moving state look up outside of PF_LOCK()
this change adds a pf_state_lock rw-lock, which protects consistency
of state table in PF. The code delivered in this change is guarded
by 'WITH_PF_LOCK', which is still undefined. People, who are willing
to experiment and want to run it must do two things:
- compile kernel with -DWITH_PF_LOCK
- bump NET_TASKQ from 1 to ... sky is the limit,
(just select some sensible value for number of tasks your
system is able to handle)
OK bluhm@
jsg [Tue, 11 Sep 2018 07:13:23 +0000 (07:13 +0000)]
Add defines for amd microcode msrs which appear to be present since k8
though amd only provides public redistributable updates for >= family 10h.
nicm [Tue, 11 Sep 2018 06:37:54 +0000 (06:37 +0000)]
Do not check for mouse events on pane borders when zoomed, based on a
fix from Avi Halachmi.
ccardenas [Tue, 11 Sep 2018 04:06:32 +0000 (04:06 +0000)]
Fail fast when we are unable to determine disk format.
While here, minor cleanup on logging.
ccardenas [Tue, 11 Sep 2018 04:03:16 +0000 (04:03 +0000)]
Add ability to create qcow2 disk.
vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.
Many thanks to Ori Bernstein.
bluhm [Mon, 10 Sep 2018 22:21:39 +0000 (22:21 +0000)]
Remove useless INPCBHASH() macros. Just expand them.
OK stsp@
kn [Mon, 10 Sep 2018 20:53:53 +0000 (20:53 +0000)]
Merge host_v{4,6}() into simpler host_ip()
Except for networks such as "10/8" host_ip() now handles addresses in an
AF-agnostic way with more duplicate code removed/merged.
OK sashan (as for earlier copy_satopfaddr() diff) henning
benno [Mon, 10 Sep 2018 20:51:59 +0000 (20:51 +0000)]
check orlonger option of trie_match()
anton [Mon, 10 Sep 2018 19:22:53 +0000 (19:22 +0000)]
logmsg(LOG_ERR) -> logerr(); ok tedu@
gerhard [Mon, 10 Sep 2018 17:00:45 +0000 (17:00 +0000)]
Prevent a panic in umb(4) when roaming is diabled.
Found by beck@, tested and ok by bluhm@
sashan [Mon, 10 Sep 2018 16:18:34 +0000 (16:18 +0000)]
- if_cloners list populated at boot time only then becomes immutable,
so we can let go if_cloners_lock.
OK tb@, claudio@, bluhm@, kn@, henning@
kn [Mon, 10 Sep 2018 16:17:48 +0000 (16:17 +0000)]
Introduce copy_satopfaddr()
Move the same dance around v4/v6 for copying IP addresses from sockaddr
into pf_addr to avoid duplicate code and improve readability.
Feedback and OK bluhm
bluhm [Mon, 10 Sep 2018 16:14:07 +0000 (16:14 +0000)]
Instead of calculating the mbuf packet header length here and there,
put the algorithm into a new function m_calchdrlen(). Also set an
uninitialized m_len to 0 in NFS code.
OK claudio@
henning [Mon, 10 Sep 2018 16:07:20 +0000 (16:07 +0000)]
if_setrdomain could potentially call if_clone_create recursively in the create
rdomain case leading to locking issues and lots of headscratching. turns out
the only case where if_setrdomain could actually create an rdomain and thus
end up with that pattern is the ioctl path.
make if_setrdomain never create an rdomain, return error if it doesn't exist
already, introduce if_createrdomain, and adjust the ioctl path to use it.
ok sashan bluhm claudio
henning [Mon, 10 Sep 2018 15:54:28 +0000 (15:54 +0000)]
in pf_syncookie_validate, return early if we don't have syncookies in
flight that can possibly match. there is a tiny but existing chance that
a sequence number matches w/ our hash and we'd end up dropping traffic.
unclear whether that has actually happened since the report chain is long :)
report via haesbert via bluhm; ok bluhm
benno [Mon, 10 Sep 2018 14:29:19 +0000 (14:29 +0000)]
test all variations of network statements
benno [Mon, 10 Sep 2018 14:20:25 +0000 (14:20 +0000)]
add a test for network statements with prefix-sets
jmc [Mon, 10 Sep 2018 13:52:37 +0000 (13:52 +0000)]
tweak previous;
akoshibe [Mon, 10 Sep 2018 13:21:39 +0000 (13:21 +0000)]
Mirror bluhm's fixes for proc.c daemons to dup /dev/null for child processes
in switchd(8).
OK henning@ bluhm@
denis [Mon, 10 Sep 2018 13:15:50 +0000 (13:15 +0000)]
fix typos
OK claudio@
bluhm [Mon, 10 Sep 2018 13:00:58 +0000 (13:00 +0000)]
Send many small fragments that exceed the pf reassembly queue limit.
bluhm [Mon, 10 Sep 2018 12:47:02 +0000 (12:47 +0000)]
During fragment reassembly, mbuf chains with packet headers were
created. Add a new function m_removehdr() do convert packet header
mbufs within the chain to regular mbufs. Assert that the mbuf at
the beginning of the chain has a packet header.
found by Maxime Villard in NetBSD; from markus@; OK claudio@
jmc [Mon, 10 Sep 2018 12:42:17 +0000 (12:42 +0000)]
tweak the table commands somewhat; ok gilles
bluhm [Mon, 10 Sep 2018 11:37:26 +0000 (11:37 +0000)]
Limit the fragment entry queue length to 64 per bucket. So we have
a global limit of 1024 fragments, but it is fine grained to the
region of the packet. Smaller packets may have less fragments.
This costs another 16 bytes of memory per reassembly and devides
the worst case for searching by 8.
requestd by claudio@; OK sashan@ claudio@
benno [Mon, 10 Sep 2018 11:09:25 +0000 (11:09 +0000)]
use filterset_move() like all other network statements. It checks for
source == NULL, avoiding a possible crash introduced yesterday.
ok claudio@
phessler [Mon, 10 Sep 2018 11:07:43 +0000 (11:07 +0000)]
do not immediately set the join'd network, the join command only updates
the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
benno [Mon, 10 Sep 2018 11:02:35 +0000 (11:02 +0000)]
update regression tests after previous commit. ok claudio@
benno [Mon, 10 Sep 2018 11:01:15 +0000 (11:01 +0000)]
remove some empty lines from printconf output. ok claudio@
bluhm [Mon, 10 Sep 2018 10:39:26 +0000 (10:39 +0000)]
vmd(8) clould close file descriptor 0 as not all fd fields were
properly initialized with -1. Also avoid closing -1.
OK mlarkin@
bluhm [Mon, 10 Sep 2018 10:36:01 +0000 (10:36 +0000)]
During the fork+exec implementation, daemon(3) was moved after
proc_init(). As a consequence vmd(8) child processes did not detach
from the terminal anymore. Dup /dev/null to the stdio file descriptors
in the children.
OK mlarkin@ reyk@
phessler [Mon, 10 Sep 2018 10:11:18 +0000 (10:11 +0000)]
fix typo in the length of the essid we want to switch to
found with and OK stsp@
phessler [Mon, 10 Sep 2018 09:13:53 +0000 (09:13 +0000)]
extract clearing WEP/WPA in ess into helper functions
claudio [Mon, 10 Sep 2018 09:10:36 +0000 (09:10 +0000)]
Adjust the config to -current bgpd which makes it a lot more readable.
OK phessler@
phessler [Mon, 10 Sep 2018 08:27:13 +0000 (08:27 +0000)]
use the correct essid when switching during the ioctl path
pointed out by stsp@
phessler [Mon, 10 Sep 2018 08:26:39 +0000 (08:26 +0000)]
give set_ess a len variable, so we can correctly match the essid we want
to switch to.
pointed out by stsp@