mikeb [Wed, 28 Jun 2017 18:31:03 +0000 (18:31 +0000)]
Extend pf queueing ops to include queue manager hooks
Discussed with and OK henning@ at d2k17 as a part of a larger diff.
mikeb [Wed, 28 Jun 2017 18:24:02 +0000 (18:24 +0000)]
hfsc.c should depend on pf instead of inet
Discussed with and OK henning@ at d2k17 as a part of a larger diff.
jmc [Wed, 28 Jun 2017 17:54:31 +0000 (17:54 +0000)]
reinstate .El removed in previous;
nicm [Wed, 28 Jun 2017 17:28:39 +0000 (17:28 +0000)]
Test for file from stdin.
brynet [Wed, 28 Jun 2017 17:14:15 +0000 (17:14 +0000)]
Fix stdin file read support, accidentally broken in my last commit.
krw [Wed, 28 Jun 2017 16:31:52 +0000 (16:31 +0000)]
Only pass required fields of interface_info to priv_* functions
and friends. i.e. ifi->name, ifi->rdomain, or both.
krw [Wed, 28 Jun 2017 15:45:32 +0000 (15:45 +0000)]
delete_route() doesn't need any info from its struct interface_info
parameter as the route message already has the correct tableid. So
eliminate the useless parameter.
deraadt [Wed, 28 Jun 2017 15:42:49 +0000 (15:42 +0000)]
remove excess #include
deraadt [Wed, 28 Jun 2017 15:40:54 +0000 (15:40 +0000)]
perform an initial pledge very early on, and drop tzset to later.
ok nicm brynet
krw [Wed, 28 Jun 2017 15:23:19 +0000 (15:23 +0000)]
resolv_conf_priority() is a function local to kroute.c, no
need to expose its definition in dhcpd.h. While here change
the parameter from struct interface_info to int and just pass
the only field used (rdomain).
anton [Wed, 28 Jun 2017 15:09:41 +0000 (15:09 +0000)]
Add regression tests for mail.
anton [Wed, 28 Jun 2017 14:58:23 +0000 (14:58 +0000)]
Replace usage of TIOCSTI in mail while editing headers using a more common
IO-loop where ICANON is disabled and a single char of input is read at a time.
This requires the line editing capabilities provided when ICANON is enabled to
be implemented.
ok deraadt@
schwarze [Wed, 28 Jun 2017 14:49:26 +0000 (14:49 +0000)]
Remove the nonsensical "-s - -" in the third example; quirk reported
by Redouan Ait Mallouk <raitmallouk at gmail dot com>.
The paste(1) utility allows two equivalent solutions for many tasks
involving only one input stream; while here, make that more obvious
by always showing both solutions.
krw [Wed, 28 Jun 2017 14:35:43 +0000 (14:35 +0000)]
Stop trying to clean up addresses, routes and "-L" file
whenever dhclient dies. Eliminates differences in handling
and thus need to intercept signals INT, TERM, USR1,
USR2. Eliminates need for 'zapzombies' field and thus
entire struct imsg_flushroutes. Eliminates need for 'imsg'
parameter to and associated logic in priv_flush_routes().
Address, routes and '-L' file are still cleaned out when
binding a lease.
jmc [Wed, 28 Jun 2017 14:07:11 +0000 (14:07 +0000)]
remove a contradictory sentence (see dhcp-options(5)) which claims
hostnames which resolve to muliple ip addresses are all forwarded to
the client;
issue reported by edgar pettijohn;
discussed with dhcpd's de facto maintainer, kenneth westerback;
brynet [Wed, 28 Jun 2017 13:37:56 +0000 (13:37 +0000)]
Simplify file(1) by removing the no longer necessary parent/child separation
and just drop privileges in the main process.
Also allows for a tighter "stdio" pledge.
passing regress tests still pass
ok nicm@ with helpful feedback
deraadt [Wed, 28 Jun 2017 13:34:50 +0000 (13:34 +0000)]
.init stub creation doesn't need a jmp + .align to reach a branch target,
just fall into the code. The .align created a FILL zone in the .init section,
which on i386 was filled with a NOP-sled, something we want to get away
from.
discussed with kettenis and tom
krw [Wed, 28 Jun 2017 12:53:46 +0000 (12:53 +0000)]
Consistently use socket(..., AF_INET) for routing
sockets to cut down on unwanted IPv6 messages.
suggested by & ok claudio@
schwarze [Wed, 28 Jun 2017 12:52:27 +0000 (12:52 +0000)]
fix incomplete handling of roff(7) nodes in man(7) block next-line scope;
assertion failure in tclsh(1) reported by deraadt@ via bentley@
krw [Wed, 28 Jun 2017 11:53:08 +0000 (11:53 +0000)]
Be consistent and always use socket(..., SOCK_DGRAM, ...) for
the sockets being used to issue ioctl()'s.
ok claudio@
nicm [Wed, 28 Jun 2017 11:36:39 +0000 (11:36 +0000)]
Apply the xterm key flag when needed for send-keys, fixes problem
reported by Franky Spamschleuder.
benno [Wed, 28 Jun 2017 11:10:08 +0000 (11:10 +0000)]
whitespace fixes, from Rob Pierce and me
benno [Wed, 28 Jun 2017 10:38:16 +0000 (10:38 +0000)]
usage() gets __dead attribute, from Rob Pierce
espie [Wed, 28 Jun 2017 10:34:10 +0000 (10:34 +0000)]
and emphasize that PKGDIR must exist.
espie [Wed, 28 Jun 2017 10:33:08 +0000 (10:33 +0000)]
document generate-readmes and diagnostic for missing PKGDIR.
aoyama [Wed, 28 Jun 2017 10:31:48 +0000 (10:31 +0000)]
Delete '0x' in DIAGNOSTIC panic message; ipl value is printed in decimal.
espie [Wed, 28 Jun 2017 10:24:23 +0000 (10:24 +0000)]
extra step between fake and package
mlarkin [Wed, 28 Jun 2017 08:51:36 +0000 (08:51 +0000)]
hide symbols in the acpi trampoline pages. matches a previous diff from
amd64.
tested un-zzz and un-ZZZ on i386 VM, no issues seen.
ok deraadt
espie [Wed, 28 Jun 2017 07:40:08 +0000 (07:40 +0000)]
move all the post-Configure stuff to Makefile.bsd-wrapper1 instead of just
the man parts.
just leave Configure and forwarding targets in Makefile.bsd-wrapper,
this allows bsd.lib.mk to function normally without depend, because all
the puzzle is here.
okay millert@ afresh1@
espie [Wed, 28 Jun 2017 07:37:38 +0000 (07:37 +0000)]
if we return nullptr for a "noexec" section, then don't change section.
prevents core dumps :)
okay tedu@
mlarkin [Wed, 28 Jun 2017 07:16:58 +0000 (07:16 +0000)]
hide symbols used in the ACPI resume trampoline pages
ok deraadt@
mlarkin [Wed, 28 Jun 2017 07:10:02 +0000 (07:10 +0000)]
fix potential use of uninitialized variable, noticed by jsg@.
nicm [Wed, 28 Jun 2017 06:45:31 +0000 (06:45 +0000)]
Fix visual-silence (check accidentally the wrong way round), from Brad
Town. Plus some tmux.1 fixes from jmc@.
jmc [Wed, 28 Jun 2017 06:24:38 +0000 (06:24 +0000)]
add -v to SYNOPSIS and STANDARDS;
djm [Wed, 28 Jun 2017 01:09:22 +0000 (01:09 +0000)]
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing
certificates. bz#2377 ok markus
schwarze [Wed, 28 Jun 2017 00:59:30 +0000 (00:59 +0000)]
Rewrite half of this, i was completely unaware how bad it was.
Remove several lies, lots of duplicate information,
and a lengthy discussion of features we don't support.
Clarify the wording in some places and make it more concise in others.
Delete examples from where they don't belong
and write a new EXAMPLES section from scratch.
tedu [Tue, 27 Jun 2017 22:18:24 +0000 (22:18 +0000)]
remove the obsolete timeslot ioctl
tedu [Tue, 27 Jun 2017 21:49:47 +0000 (21:49 +0000)]
fix a few lines of unusual length
tedu [Tue, 27 Jun 2017 21:43:46 +0000 (21:43 +0000)]
add a -v verbose flag to cp, mv, and rm. useful for monitoring progress,
and present on several other systems. some ok, some less ok.
from Job Snijders
benno [Tue, 27 Jun 2017 20:46:34 +0000 (20:46 +0000)]
Hoist some privileged code in preparation for future work.
Based on an approach in vmd with mc146818/ns8250.
diff by Rob Pierce <rob -AT- 2keys -DOT- ca>
ok deraadt@
schwarze [Tue, 27 Jun 2017 19:51:28 +0000 (19:51 +0000)]
test inter-column spacing
schwarze [Tue, 27 Jun 2017 18:23:29 +0000 (18:23 +0000)]
Implement spacing of columns as defined in the table layout;
this is for example used by lftp(1)
and, ironically, misused by our very own tbl(7) manual...
deraadt [Tue, 27 Jun 2017 16:43:29 +0000 (16:43 +0000)]
trapsleds for clang, similar to the change on gas side.
Also from Todd Mortimer
tested by espie
tb [Tue, 27 Jun 2017 16:02:05 +0000 (16:02 +0000)]
Remove an extra '\n' from the printf strings fed into disklabel -E
from corsah () mail ! ru
deraadt [Tue, 27 Jun 2017 15:58:07 +0000 (15:58 +0000)]
move a global into local context; from rob pierce
krw [Tue, 27 Jun 2017 15:56:15 +0000 (15:56 +0000)]
Make if_register_bpf() the same as the other if_register_*() functions
by directly assigning the socket fd to ifi->bfdesc rather than
returning it and having the caller do the assignment.
anton [Tue, 27 Jun 2017 15:02:18 +0000 (15:02 +0000)]
Tweak previous: align declarations and rename local variable.
deraadt [Tue, 27 Jun 2017 14:37:08 +0000 (14:37 +0000)]
in recently commited TIOCSTI replacement code, do not assume
little-endian or unsigned char :-)
ok anton
mikeb [Tue, 27 Jun 2017 13:56:15 +0000 (13:56 +0000)]
Provide a handler stub for the "channel rescind" message
bluhm [Tue, 27 Jun 2017 13:28:02 +0000 (13:28 +0000)]
Convert ip6_input() to a pr_input style function. Goal is to process
IPsec packets without additional enqueueing.
OK mpi@
krw [Tue, 27 Jun 2017 13:24:49 +0000 (13:24 +0000)]
Nuke get_rdomain() and just snag the interface rdomain from the same
ifa we use to get the interface hw address. One less socket() and
ioctl()! MIssed cleanup from shift to just watching RTM_IFINFO
messages for rdomain switch.
schwarze [Tue, 27 Jun 2017 12:17:35 +0000 (12:17 +0000)]
warn about .Ns macros that have no effect because they are followed
by an isolated closing delimiter; inspired by mdoclint
jsg [Tue, 27 Jun 2017 12:10:21 +0000 (12:10 +0000)]
Avoid the possibility of accessing an array out of bounds.
Found with cppcheck. ok krw@
jsg [Tue, 27 Jun 2017 12:04:26 +0000 (12:04 +0000)]
Avoid testing an uninitialised variable in the SCSI_BUSY/SCSI_QUEUE_FULL
paths of hvs_scsi_cmd_done().
ok mikeb@
mpi [Tue, 27 Jun 2017 12:02:43 +0000 (12:02 +0000)]
Add missing solock()/sounlock() dances around sbreserve().
While here document an abuse of parent socket's lock.
Problem reported by krw@, analysis and ok bluhm@
schwarze [Tue, 27 Jun 2017 11:48:00 +0000 (11:48 +0000)]
remove -DSw; the useful parts are now covered by mandoc;
discussed with jmc@
deraadt [Tue, 27 Jun 2017 06:12:51 +0000 (06:12 +0000)]
throw strip into base, until we consider a solution for the
linkkit bsd.gdb strip gongshow
deraadt [Tue, 27 Jun 2017 04:22:13 +0000 (04:22 +0000)]
the illegal instruction is 0x00000000
tedu [Tue, 27 Jun 2017 03:42:00 +0000 (03:42 +0000)]
remove some old cruft.
mikeb [Mon, 26 Jun 2017 20:12:14 +0000 (20:12 +0000)]
Minor cleanup; when polling delay before calling the interrupt handler
schwarze [Mon, 26 Jun 2017 20:11:23 +0000 (20:11 +0000)]
catch up with the recent eqn(7) improvements
schwarze [Mon, 26 Jun 2017 19:53:00 +0000 (19:53 +0000)]
Complete rewrite of the lexer in a single function with four operation
modes instead of four functions, resulting in considerable
simplification, fifty lines less of code, fifteen fewer automatic
variables, and several bug fixes, for example:
1. The delim control statement consumes exactly two bytes of input,
requires no whitespace after these two bytes, and does not treat
quotes in any special way.
2. If the argument of left, right, gfont, gsize, or size is defined
as an alias, only the first word of the value is used as the
delimiter, font name, or font size.
3. If a back, fwd, down, or up keyword is followed by another keyword
instead of the required number, GNU eqn does nothing useful, but
typically errors out. So no need to have special handling (with
an ugly goto!) for it in mandoc.
Also getting rid of one pointless static buffer and twelve redundant
calls to strlcpy(3).
bluhm [Mon, 26 Jun 2017 19:06:12 +0000 (19:06 +0000)]
Convert ip_input() to a pr_input style function. Goal is to process
IPsec packets without additional enqueueing.
OK mpi@
mikeb [Mon, 26 Jun 2017 18:42:23 +0000 (18:42 +0000)]
Rework the deferred interrupt loop
By performing a task_add an interrupt handler can rely on the
taskq_thread to invoke it again with an additional benefit of
being able to sched_pause when required. In the long run more
than 99.8% of calls do not require an additional iteration.
bluhm [Mon, 26 Jun 2017 18:33:24 +0000 (18:33 +0000)]
Fragments for a single connection (a combination of proto,src,dst,af)
may easily reuse the fragment id as it is only 16 bit for IPv4. To
avoid that pf reassembles them into the wrong packet, throw away
stale fragments. With the default timeout this happens after 12,000
newer fragements have been seen.
from markus@; OK sashan@
rpe [Mon, 26 Jun 2017 18:31:57 +0000 (18:31 +0000)]
Add a MDKERNEL variable that contains the name of the boot kernel.
This will be used by the installer in an upcoming change.
OK deraadt@
tb [Mon, 26 Jun 2017 17:00:49 +0000 (17:00 +0000)]
RANDOM1 was subject to rather bad modulus bias. Improve the situation a bit
by implementing an arc4random_uniform(3) clone with beloved jot(1) and
using it.
discussed with and ok deraadt
visa [Mon, 26 Jun 2017 16:54:31 +0000 (16:54 +0000)]
Arrange a phandle for the "ciu" node.
deraadt [Mon, 26 Jun 2017 16:14:24 +0000 (16:14 +0000)]
note.ABI-tag and .MIPS.options are not needed anymore when
we use gapdummy.o
bluhm [Mon, 26 Jun 2017 14:12:35 +0000 (14:12 +0000)]
When pinging an IPv6 link-local address, the reflected packet had
::1 as source address. It should be the link-local address of the
attached interface. The rtalloc() in icmp6_reflect() did not find
the correct local address. The IPv6 routing table does not use
sin6_scope_id, but the embedded scope. So do not recover the scope.
bug report Harald Dunkel; OK mpi@
schwarze [Mon, 26 Jun 2017 11:04:26 +0000 (11:04 +0000)]
when splitting a composite word,
do not forget to close the inserted list box
phessler [Mon, 26 Jun 2017 10:09:13 +0000 (10:09 +0000)]
don't print the WELLKNOWN string for unknown well-known communities
from Job Snijders
ok phessler@ benno@
phessler [Mon, 26 Jun 2017 10:08:06 +0000 (10:08 +0000)]
let admins set an unknown well-known community
from Job Snijders
ok phessler@ benno@
phessler [Mon, 26 Jun 2017 10:05:57 +0000 (10:05 +0000)]
add support for the "graceful shutdown" well-known community as described
in draft-ietf-grow-bgp-gshut
from Job Snijders
ok phessler@ benno@
phessler [Mon, 26 Jun 2017 10:04:21 +0000 (10:04 +0000)]
allow setting localpref to 0
from Job Snijders
ok phessler@ benno@
mpi [Mon, 26 Jun 2017 09:32:31 +0000 (09:32 +0000)]
Assert that the corresponding socket is locked when manipulating socket
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
patrick [Mon, 26 Jun 2017 09:17:55 +0000 (09:17 +0000)]
Allow updating the destination address of an existing TDB. Since the
destination address is used as an index when looking for a TDB, we need
to supply the new destination address in a different member. For this,
re-use the proxy address, that so far no one else has been using. It
would make sense to rename this member in the future.
ok claudio@
patrick [Mon, 26 Jun 2017 09:08:00 +0000 (09:08 +0000)]
Split a part of tdb_delete() into tdb_unlink() so that we can remove
a TDB from the hash table without actually free()ing it. That way we
can modify the TDB and then put it back in using puttdb().
ok claudio@
ratchov [Mon, 26 Jun 2017 07:02:16 +0000 (07:02 +0000)]
Factor a variable assignment in audiopoll().
From Michael Bombardieri, thanks.
stsp [Sun, 25 Jun 2017 22:22:06 +0000 (22:22 +0000)]
Make ifconfig(8) default to prefixlen 128 when setting an IPv6 destination
address on a point-to-point interface. Makes it easier to configure IPv6 on
interfaces such as gif(4). Specifying 'prefixlen 128' is no longer required.
This is consistent with IPv4 where a netmask is not required either.
ok mpi@ bluhm@ benno@
bluhm [Sun, 25 Jun 2017 22:07:55 +0000 (22:07 +0000)]
Link acme-client, ldapd, switchd regress to build.
bluhm [Sun, 25 Jun 2017 22:06:06 +0000 (22:06 +0000)]
Do not run .END cleanup during clean, cleandir, obj in ldapd regress.
bluhm [Sun, 25 Jun 2017 21:59:59 +0000 (21:59 +0000)]
Clean all files created during switchd regress.
bluhm [Sun, 25 Jun 2017 21:33:23 +0000 (21:33 +0000)]
Convert the acme-client test to use a config file acme-client.conf.
Restructure the Makefile, put httpd.conf in separate config file.
Skip test if domain name for letsencrypt.org is not set.
discussed with benno@
schwarze [Sun, 25 Jun 2017 17:42:37 +0000 (17:42 +0000)]
Catch typos in .Sh names; suggested by jmc@.
I'm using a very simple, linear time / zero space fuzzy string
matching heuristic rather than a full Levenshtein metric, to keep
the code both simple and fast.
anton [Sun, 25 Jun 2017 17:28:39 +0000 (17:28 +0000)]
No need to NUL-terminate the line buffer since it's handled by x_e_getu8() by
now.
ok schwarze@
deraadt [Sun, 25 Jun 2017 17:14:24 +0000 (17:14 +0000)]
lld's linker-script parser has to be fixed to accept ; after LONG()
directives. binutils requires it, and binutils is the authoritative
parser in this regard. This means arm64 +lld remains broken (but all
the other architectures work)
schwarze [Sun, 25 Jun 2017 14:09:14 +0000 (14:09 +0000)]
test new MT macro
deraadt [Sun, 25 Jun 2017 14:02:21 +0000 (14:02 +0000)]
dull dependency for copying makegap.sh to obj, so that installs
without src and comp work. That is what we've designed for, but since
we always have src and comp on our systems it is so easy to slide...
problem first noted by rpe.
schwarze [Sun, 25 Jun 2017 12:48:56 +0000 (12:48 +0000)]
cope with changes in BASE messages
schwarze [Sun, 25 Jun 2017 12:48:04 +0000 (12:48 +0000)]
add some empty targets that were missing
anton [Sun, 25 Jun 2017 08:51:52 +0000 (08:51 +0000)]
Don't output partial UTF-8 characters in ksh emacs mode. Instead, try to read a
complete UTF-8 character first. Fixes an issue while running ksh in tmux where
UTF-8 characters inserted in columns other than the last one are discarded.
With help from nicm@ and schwarze@ who also wrote the UTF-8 validation, thanks!
ok schwarze@
anton [Sun, 25 Jun 2017 08:31:44 +0000 (08:31 +0000)]
Capture SIGINT and print out all received output so far. Useful when debugging
broken tests.
bentley [Sun, 25 Jun 2017 07:23:53 +0000 (07:23 +0000)]
Add support for the MT and ME mailto macros, used for example in wg(8).
feedback and ok schwarze@
otto [Sun, 25 Jun 2017 06:54:26 +0000 (06:54 +0000)]
ldd is more strict wrt semicolons, they can only appear after an
expression line. Removing the extra semicolons makes both ld and
ldd accept the link script generated, although ldd produces a wrong
object file on arm64; ok kettenis@ deraadt@
krw [Sun, 25 Jun 2017 00:44:49 +0000 (00:44 +0000)]
priv_add_address() is no longer invoked to signal the deletion of the
active address. So no need to check for the magic INADDR_ANY address.
krw [Sun, 25 Jun 2017 00:38:38 +0000 (00:38 +0000)]
Oops. Revert unintentional/premature functional change. Deleting the
address configured by dhclient should cause exit, not restart. There
is no need to invoke sendhup(). Just exit and let the privileged child
follow.
krw [Sat, 24 Jun 2017 23:32:57 +0000 (23:32 +0000)]
Tweak handling of HUP and new LLADDR. Just use expose and use sighup()
function. Don't exit dispatch() loop on SIGHUP, wait for privileged
child to execvp() dhclient. Eliminate struct imsg_hup since its
contents were not being used except in priv_cleanup(). And
'active_addr' works just as well there.
Cleaner and eliminates some extraneous log entries.
schwarze [Sat, 24 Jun 2017 21:08:28 +0000 (21:08 +0000)]
delete useless .Ns macro that jmc@ found with mdoclint(1)
bluhm [Sat, 24 Jun 2017 20:32:39 +0000 (20:32 +0000)]
To avoid packet loss due to reuse of the 16 bit IPv4 fragment id,
we need suitable data structures. Organize the pf fragments with
two red-black trees. One is holding the address and protocol
information and the other has only the fragment id. This will allow
to drop fragemts for specific connections more aggressively. `
from markus@; OK sashan@