openbsd
9 years agoRemove unused ipsp_parse_headers that was supposed to parse packets
mikeb [Fri, 17 Apr 2015 10:08:07 +0000 (10:08 +0000)]
Remove unused ipsp_parse_headers that was supposed to parse packets
returned by IPsec-enabled NICs;  OK markus, hshoexer

9 years agoRemove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer
mikeb [Fri, 17 Apr 2015 10:04:37 +0000 (10:04 +0000)]
Remove unsupported SADB_X_IDENTTYPE_CONNECTION;  OK markus, hshoexer

9 years agoRemove superflous "::1" route, test currently failing but a fix is
mpi [Fri, 17 Apr 2015 08:20:24 +0000 (08:20 +0000)]
Remove superflous "::1" route, test currently failing but a fix is
in its way.

9 years agoLocal routes should be present in the routing table output.
mpi [Fri, 17 Apr 2015 08:19:27 +0000 (08:19 +0000)]
Local routes should be present in the routing table output.

9 years agoparse_prefix in parse.c got changed but the declaration in bgpctl.c
phessler [Fri, 17 Apr 2015 07:51:09 +0000 (07:51 +0000)]
parse_prefix in parse.c got changed but the declaration in bgpctl.c
wasn't updated, so we would crash when doing `bgpctl net bulk` commands.

Fix by moving parse_prefix into a header, since we use it in more than
one file.

crash found by henning@
underlying problem found by blambert@

OK sthen@ deraadt@ claudio@ henning@

9 years agoMatch -current output. Every configured address should have a local route
mpi [Fri, 17 Apr 2015 07:46:10 +0000 (07:46 +0000)]
Match -current output.  Every configured address should have a local route
and remove redundant loopback cloning route.

Note that tests using IPv6 still contain two routes to "::1" this should
cause no harm but is being investigated.

9 years agoCrank the timeout and decrease the buffer size to not end up dropping
mpi [Fri, 17 Apr 2015 07:17:51 +0000 (07:17 +0000)]
Crank the timeout and decrease the buffer size to not end up dropping
all the entropy provided by the device.

Also make sure we match the right endpoint.

From Sean Levy based on comments from Andreas Gustafsson who's behind
Alea.

9 years agooops, started expecting sockoptlevelname() to handle two arguments
guenther [Fri, 17 Apr 2015 06:33:30 +0000 (06:33 +0000)]
oops, started expecting sockoptlevelname() to handle two arguments
but never actually did so.  Fix that so that we stop losing the
second argument to {get,set}sockopt().  Handling of levels other than
SOL_SOCKET could be improved.

9 years agoThe first argument to socket/socketpair is an address family, not a protocol
guenther [Fri, 17 Apr 2015 06:14:36 +0000 (06:14 +0000)]
The first argument to socket/socketpair is an address family, not a protocol
family.  (sysctl(3) is practically the only place where PF_* is correct)

9 years agoTweaks utimensat/futimens handling to always update ctime, even when both
guenther [Fri, 17 Apr 2015 04:43:20 +0000 (04:43 +0000)]
Tweaks utimensat/futimens handling to always update ctime, even when both
atime and mtime are UTIME_OMIT (at least for ufs, tmpfs, and ext2fs), and
to correctly handle a timestamp of -1.

ok millert@

9 years agodon't call record_login() in monitor when UseLogin is enabled;
djm [Fri, 17 Apr 2015 04:32:31 +0000 (04:32 +0000)]
don't call record_login() in monitor when UseLogin is enabled;
bz#278 reported by drk AT sgi.com; ok dtucker

9 years agoAdd some missing options to sshd -T and fix the output of VersionAddendum
dtucker [Fri, 17 Apr 2015 04:12:35 +0000 (04:12 +0000)]
Add some missing options to sshd -T and fix the output of VersionAddendum
HostCertificate.  bz#2346, patch from jjelen at redhat com, ok djm.

9 years agoMake drm ioctls table driven. Further reduces the diff to linux.
jsg [Fri, 17 Apr 2015 00:54:41 +0000 (00:54 +0000)]
Make drm ioctls table driven.  Further reduces the diff to linux.
ok kettenis@

9 years agoDocument "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys.
dtucker [Thu, 16 Apr 2015 23:25:50 +0000 (23:25 +0000)]
Document "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys.
bz#2382, feedback from jmc@, ok djm@

9 years agoRestore the page headers and page footers that accidentally got lost
schwarze [Thu, 16 Apr 2015 20:21:08 +0000 (20:21 +0000)]
Restore the page headers and page footers that accidentally got lost
in rev. 1.225.  Regression reported by florian@.

9 years agofirmware, not firmwares;
jmc [Thu, 16 Apr 2015 20:01:39 +0000 (20:01 +0000)]
firmware, not firmwares;

9 years agotweak previous;
jmc [Thu, 16 Apr 2015 19:59:28 +0000 (19:59 +0000)]
tweak previous;

9 years agoipa_inp_next is unused; via mikeb@
markus [Thu, 16 Apr 2015 19:44:01 +0000 (19:44 +0000)]
ipa_inp_next is unused; via mikeb@

9 years agoremove unfinished/unused support for socket-attached ipsec-policies
markus [Thu, 16 Apr 2015 19:24:13 +0000 (19:24 +0000)]
remove unfinished/unused support for socket-attached ipsec-policies
ok mikeb

9 years agochange {import,export}_identity so it can be used for policies; ok mikeb
markus [Thu, 16 Apr 2015 19:18:10 +0000 (19:18 +0000)]
change {import,export}_identity so it can be used for policies; ok mikeb
(fixes sadb_ident_type conversion for policies)

9 years agoshorten "outdated mandoc.db" warning message; requested by deraadt@
schwarze [Thu, 16 Apr 2015 16:35:02 +0000 (16:35 +0000)]
shorten "outdated mandoc.db" warning message; requested by deraadt@

9 years agosync
deraadt [Thu, 16 Apr 2015 15:50:47 +0000 (15:50 +0000)]
sync

9 years agoTweak error output.
gsoares [Thu, 16 Apr 2015 15:14:30 +0000 (15:14 +0000)]
Tweak error output.
ok krw@

9 years agoMake sure LLVM static analyzer do not report a false positive,
mpi [Thu, 16 Apr 2015 14:23:48 +0000 (14:23 +0000)]
Make sure LLVM static analyzer do not report a false positive,
found by and fix confirmed by jsg@.

9 years agodocument %m, sort %.
espie [Thu, 16 Apr 2015 14:11:29 +0000 (14:11 +0000)]
document %m, sort %.

9 years agoadd %m as a shorthand, will expand to
espie [Thu, 16 Apr 2015 14:08:19 +0000 (14:08 +0000)]
add %m as a shorthand, will expand to
pub/OpenBSD/5.7/packages/amd64
for lazy typers.

okay aja@

9 years agodocument % sequences.
espie [Thu, 16 Apr 2015 13:40:56 +0000 (13:40 +0000)]
document % sequences.

9 years agoreorg code, the arch/osversion code should live in a single place,
espie [Thu, 16 Apr 2015 13:29:16 +0000 (13:29 +0000)]
reorg code, the arch/osversion code should live in a single place,
short and sweet

9 years agoMatch the Nd of the page, prodded by jmc@
mpi [Thu, 16 Apr 2015 11:21:01 +0000 (11:21 +0000)]
Match the Nd of the page, prodded by jmc@

9 years agocommit expanded tags for %c, %v, %a
espie [Thu, 16 Apr 2015 09:32:23 +0000 (09:32 +0000)]
commit expanded tags for %c, %v, %a

9 years agoEnable ualea(4) where we have uhub(4), these USB device lists cry for
mpi [Thu, 16 Apr 2015 09:09:49 +0000 (09:09 +0000)]
Enable ualea(4) where we have uhub(4), these USB device lists cry for
unification...

9 years agoManpage for ualea(4) with tweaks from jmc@.
mpi [Thu, 16 Apr 2015 08:56:53 +0000 (08:56 +0000)]
Manpage for ualea(4) with tweaks from jmc@.

9 years agoNew driver for Araneus Alea II TRNG. All the hardwork has been done by
mpi [Thu, 16 Apr 2015 08:55:21 +0000 (08:55 +0000)]
New driver for Araneus Alea II TRNG.  All the hardwork has been done by
Sean Levy, aka attila, <attila + stalphonsos ! com>, thanks!

ok deraadt@

9 years agoPlug leak of address passed to logging. bz#2373, patch from jjelen at redhat,
dtucker [Wed, 15 Apr 2015 23:23:25 +0000 (23:23 +0000)]
Plug leak of address passed to logging.  bz#2373, patch from jjelen at redhat,
ok markus@

9 years agoFix some issues in bright colour handling. Bold background doesn't exist
nicm [Wed, 15 Apr 2015 22:34:46 +0000 (22:34 +0000)]
Fix some issues in bright colour handling. Bold background doesn't exist
so there is no reason for tty_check_bg to mess with the BRIGHT flag at
all, ever. Also use aixterm colours for 256-to-16 translation if the
terminal supports them. And there is no reason for tty_colours_bg to
worry about whether the terminal supports them - tty_check_bg has
already taken care of it.

9 years agoUse tty_term_flag not _has for flags, also fix a typo (position not
nicm [Wed, 15 Apr 2015 22:10:13 +0000 (22:10 +0000)]
Use tty_term_flag not _has for flags, also fix a typo (position not
permission).

9 years agoTest that ping6 fragments with ethernet padding get reassembled
bluhm [Wed, 15 Apr 2015 21:29:15 +0000 (21:29 +0000)]
Test that ping6 fragments with ethernet padding get reassembled
correctly.

9 years agoConvert error/errorx/errorc functions -> fatal/fatalx/fatalc and
millert [Wed, 15 Apr 2015 16:43:11 +0000 (16:43 +0000)]
Convert error/errorx/errorc functions -> fatal/fatalx/fatalc and
make then take a printf format string instead of requiring the
caller to snprintf into a buffer first.  OK deraadt@

9 years agoOnly set the cipher list if one was specified and actually check the return
jsing [Wed, 15 Apr 2015 16:33:49 +0000 (16:33 +0000)]
Only set the cipher list if one was specified and actually check the return
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.

ok bcook@ doug@

9 years agoClean up the ssl_bytes_to_cipher_list() API - rather than having the
jsing [Wed, 15 Apr 2015 16:25:43 +0000 (16:25 +0000)]
Clean up the ssl_bytes_to_cipher_list() API - rather than having the
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.

Inspired by simliar changes in BoringSSL.

ok beck@ doug@

9 years agoNow that tls_close() is more robust, consider a failure to be fatal.
jsing [Wed, 15 Apr 2015 16:09:29 +0000 (16:09 +0000)]
Now that tls_close() is more robust, consider a failure to be fatal.

9 years agoTreat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also
jsing [Wed, 15 Apr 2015 16:08:43 +0000 (16:08 +0000)]
Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also
ensure that outlen is set to zero so that tls_read() has read(2) like
semantics for EOF.

Spotted by doug@

9 years agoMake tls_close() more robust - do not rely on a close notify being received
jsing [Wed, 15 Apr 2015 16:05:23 +0000 (16:05 +0000)]
Make tls_close() more robust - do not rely on a close notify being received
from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we
failed to send a close notify on a non-blocking socket.

Otherwise be more forceful and always shutdown/close the socket regardless
of other failures. Also do not consider ENOTCONN or ECONNRESET to be a
shutdown failure, since there are various situations where this can occur.

ok doug@ guenther@

9 years agoFix setting old-style window -fg/-bg/-attr options that aren't global.
nicm [Wed, 15 Apr 2015 15:44:40 +0000 (15:44 +0000)]
Fix setting old-style window -fg/-bg/-attr options that aren't global.

9 years agoAdd the necessary glue to keep carp(4) working while other pseudo-drivers
mpi [Wed, 15 Apr 2015 15:16:17 +0000 (15:16 +0000)]
Add the necessary glue to keep carp(4) working while other pseudo-drivers
are converted to if_input().

ok dlg@, claudio@

9 years agoUse ether_ifattach() and ether_ifdetach() when cloning/destroying an
mpi [Wed, 15 Apr 2015 15:14:37 +0000 (15:14 +0000)]
Use ether_ifattach() and ether_ifdetach() when cloning/destroying an
interface instead of rewritting most of them.

This change is also needed for upcoming if_input() conversion.

As a bonus pseudo-driver attached on top of carp are now detached in
the right order.

ok claudio@, henning@

9 years agoinclude header required for DEBUG build; ok jsg@
naddy [Wed, 15 Apr 2015 14:06:03 +0000 (14:06 +0000)]
include header required for DEBUG build; ok jsg@

9 years agoAvoid using inet_ntoa() twice in a single printf() parameter list
krw [Wed, 15 Apr 2015 12:40:57 +0000 (12:40 +0000)]
Avoid using inet_ntoa() twice in a single printf() parameter list
by caching the results from excess inet_ntoa() calls before doing
the printf(). Should improve usefullness (?) of DHCPRELEASE log
entries by actually printing ciaddr and giaddr correctly when
dhcprelays stand between servers and clients.

Looks good to dlg@.

9 years agoFix a typo introduced in the niq_enqueue() conversion.
mpi [Wed, 15 Apr 2015 10:11:29 +0000 (10:11 +0000)]
Fix a typo introduced in the niq_enqueue() conversion.

Should fix a panic reported by many on bugs@ and misc@.

ok dlg@

9 years agoAdd the necessary glue to keep vlan(4) working while other pseudo-drivers
mpi [Wed, 15 Apr 2015 09:58:44 +0000 (09:58 +0000)]
Add the necessary glue to keep vlan(4) working while other pseudo-drivers
are converted to if_input().

Reviewed by Rafael Zalamena.

ok claudio@, dlg@

9 years agoConvert remaining drm ioctl implementation functions to return Linux-style
kettenis [Wed, 15 Apr 2015 09:48:18 +0000 (09:48 +0000)]
Convert remaining drm ioctl implementation functions to return Linux-style
negative errno values.

ok jsg@

9 years agoadd the include dir for libepoxy
jsg [Wed, 15 Apr 2015 07:41:53 +0000 (07:41 +0000)]
add the include dir for libepoxy

9 years agoUnneeded return at the end of a void function.
mlarkin [Wed, 15 Apr 2015 03:52:45 +0000 (03:52 +0000)]
Unneeded return at the end of a void function.

9 years agoopt{ind,err,arg} are already known
deraadt [Wed, 15 Apr 2015 02:32:28 +0000 (02:32 +0000)]
opt{ind,err,arg} are already known

9 years agoremove historical (void)foo (which were only here to hide lint's
deraadt [Wed, 15 Apr 2015 02:12:00 +0000 (02:12 +0000)]
remove historical (void)foo (which were only here to hide lint's
undrenchable thirst for false positives)

9 years agoIt feels like this Makefile should contain -Wall at least
deraadt [Wed, 15 Apr 2015 02:10:25 +0000 (02:10 +0000)]
It feels like this Makefile should contain -Wall at least

9 years agodocument missing argument; ok jmc
deraadt [Tue, 14 Apr 2015 23:59:40 +0000 (23:59 +0000)]
document missing argument; ok jmc

9 years agoAnother couple of commas in the wrong place, ok jmc
nicm [Tue, 14 Apr 2015 22:16:03 +0000 (22:16 +0000)]
Another couple of commas in the wrong place, ok jmc

9 years agoRemove an extra comma pointed out by jmc@.
nicm [Tue, 14 Apr 2015 21:34:45 +0000 (21:34 +0000)]
Remove an extra comma pointed out by jmc@.

9 years agoReorder prototypes to better match manpage layout and add some missing
nicm [Tue, 14 Apr 2015 21:25:54 +0000 (21:25 +0000)]
Reorder prototypes to better match manpage layout and add some missing
argument names, from Fabian Raetz. ok deraadt

9 years agosparc{,64} do not need softraid partitions to be defined as 4.2BSD, probably
miod [Tue, 14 Apr 2015 19:10:13 +0000 (19:10 +0000)]
sparc{,64} do not need softraid partitions to be defined as 4.2BSD, probably
since only one month after this was mentioned in CAVEATS.

9 years agoIPsec auth and credentials are not stored in the kernel anymore;
mikeb [Tue, 14 Apr 2015 17:53:13 +0000 (17:53 +0000)]
IPsec auth and credentials are not stored in the kernel anymore;
noticed by deraadt@

9 years agowrap a long line
deraadt [Tue, 14 Apr 2015 17:29:06 +0000 (17:29 +0000)]
wrap a long line

9 years agoFix sa_sigaction() handler example. The third argument is void * and
millert [Tue, 14 Apr 2015 17:05:28 +0000 (17:05 +0000)]
Fix sa_sigaction() handler example.  The third argument is void * and
should be cast to ucontext_t * to actually use it.  OK deraadt@

9 years agoThis is not System V, we spell it SIGCHLD.
millert [Tue, 14 Apr 2015 16:40:46 +0000 (16:40 +0000)]
This is not System V, we spell it SIGCHLD.
Adapted from a diff from Jan Stary.

9 years agoSetting the configuration in *_attach() is a bad practise because if it
mpi [Tue, 14 Apr 2015 14:57:05 +0000 (14:57 +0000)]
Setting the configuration in *_attach() is a bad practise because if it
fails it's impossible to debug and you cannot use your device.

So instead of calling usbd_set_config_index(), match the right interface.

This is trivial with this device because it has only one configuration
and interface.

9 years agoIt's not possible to call umcs_get_status() in interrupt context
mpi [Tue, 14 Apr 2015 14:38:17 +0000 (14:38 +0000)]
It's not possible to call umcs_get_status() in interrupt context
because it submits synchronous transfers, so schedule a task when
necessary.

9 years agomake ipsp_address thread safe; ok mpi
mikeb [Tue, 14 Apr 2015 14:20:01 +0000 (14:20 +0000)]
make ipsp_address thread safe;  ok mpi

9 years agoip6_sprintf is long gone; noticed by blambert
mikeb [Tue, 14 Apr 2015 14:18:37 +0000 (14:18 +0000)]
ip6_sprintf is long gone;  noticed by blambert

9 years agoMove verify externs into the header file.
jsing [Tue, 14 Apr 2015 12:56:36 +0000 (12:56 +0000)]
Move verify externs into the header file.

9 years agoRemove support for storing credentials and auth information in the kernel.
mikeb [Tue, 14 Apr 2015 12:22:15 +0000 (12:22 +0000)]
Remove support for storing credentials and auth information in the kernel.

This code is largely unfinished and is not used for anything.  The change
leaves identities as only objects referenced by ipsec_ref structure and
their handling requires some changes to support more advanced matching of
IPsec connections.

No objections from reyk and hshoexer, with and OK markus.

9 years agoConvert openssl(1) s_time to new option handling.
jsing [Tue, 14 Apr 2015 11:45:00 +0000 (11:45 +0000)]
Convert openssl(1) s_time to new option handling.

ok doug@

9 years agoClean up and improve openssl(1) errstr:
jsing [Tue, 14 Apr 2015 10:54:40 +0000 (10:54 +0000)]
Clean up and improve openssl(1) errstr:

- Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL
  return value in a more appropriate manner.

- Use stroul() instead of sscanf() with appropriate error checking.

ok doug@

9 years agoMake sure we close the interrupt pipe when the device is detached.
mpi [Tue, 14 Apr 2015 07:57:33 +0000 (07:57 +0000)]
Make sure we close the interrupt pipe when the device is detached.

Bug reported and fix tested by Thomas Pfaff, thanks!

9 years agoReduce differences between non-PAE and PAE pmaps. This diff removes an
mlarkin [Tue, 14 Apr 2015 05:21:51 +0000 (05:21 +0000)]
Reduce differences between non-PAE and PAE pmaps. This diff removes an
unneeded disable/enable_intr sequence around the PTE unmap operation.

9 years agoOutput remote username in debug output since with Host and Match it's not
dtucker [Tue, 14 Apr 2015 04:17:03 +0000 (04:17 +0000)]
Output remote username in debug output since with Host and Match it's not
always obvious what it will be.  bz#2368, ok djm@

9 years agoLog a more useful error message if ttyname() fails. OK deraadt@
millert [Tue, 14 Apr 2015 02:24:17 +0000 (02:24 +0000)]
Log a more useful error message if ttyname() fails.  OK deraadt@

9 years agopwd_mkdb now fits onto the install media. no more chroot games.
deraadt [Mon, 13 Apr 2015 21:27:05 +0000 (21:27 +0000)]
pwd_mkdb now fits onto the install media.  no more chroot games.

9 years agoInitialize RX/TX on re(4) slightly later; it appears that newer chips
sthen [Mon, 13 Apr 2015 20:45:49 +0000 (20:45 +0000)]
Initialize RX/TX on re(4) slightly later; it appears that newer chips
don't setup DMA correctly until more configuration has been done -
enabling RX too soon causes DMA to bad places. KVM corruption problems
reported by Adam Wolk on Lenovo G50-70 (RTL8111GU).

Diff derived by Brad from FreeBSD commit; see bz# 197535 and 193743, inspired by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d6e572911a4cb2b9fcd1c26a38d5317a3971f2fd

Tested on the following by Brad, Adam Wolk, box963 at gmail, Jim Smith

re0 at pci4 dev 0 function 0 "Realtek 8168" rev 0x03: RTL8168D/8111D (0x2800), apic 2 int 16, address 00:0a:cd:1a:86:04
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 80:ee:73:76:8e:8a
re0 at pci0 dev 3 function 0 "Realtek 8169" rev 0x10: RTL8110S (0x0400), ivec 0x78c, address 00:22:3f:ee:fa:25
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:31:2e:88
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU (0x5080), msi, address 68:f7:28:18:35:8e

ok mpi@ dlg@

9 years agoMake sure we print the MAC address on sparc64 as well.
kettenis [Mon, 13 Apr 2015 20:02:58 +0000 (20:02 +0000)]
Make sure we print the MAC address on sparc64 as well.

9 years agoMake filter argument to ipsp_aux_match optional like the rest of them.
mikeb [Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)]
Make filter argument to ipsp_aux_match optional like the rest of them.
OK markus, hshoexer

9 years agoPerform IPsec bypass check on a socket before performing TDB lookups.
mikeb [Mon, 13 Apr 2015 16:50:43 +0000 (16:50 +0000)]
Perform IPsec bypass check on a socket before performing TDB lookups.
OK markus, hshoexer

9 years agoRename gettdbbyaddr to gettdbbydst; OK markus, hshoexer, mpi
mikeb [Mon, 13 Apr 2015 16:48:01 +0000 (16:48 +0000)]
Rename gettdbbyaddr to gettdbbydst;  OK markus, hshoexer, mpi

9 years agoRemove unused arguments from gettdb* functions; OK markus, hshoexer, mpi
mikeb [Mon, 13 Apr 2015 16:45:52 +0000 (16:45 +0000)]
Remove unused arguments from gettdb* functions;  OK markus, hshoexer, mpi

9 years agoConvert openssl(1) errstr to new option handling.
jsing [Mon, 13 Apr 2015 15:02:23 +0000 (15:02 +0000)]
Convert openssl(1) errstr to new option handling.

ok bcook@ doug@

9 years agoMove one "#ifdef NVLAN" chunk needed only if you're running bridge(4) on
mpi [Mon, 13 Apr 2015 08:52:51 +0000 (08:52 +0000)]
Move one "#ifdef NVLAN" chunk needed only if you're running bridge(4) on
to of vlan(4) from ether_input() to bridge_input().

One of the goal of the if_input() plumbing is to stop doing all possible
pseudo-drivers checks on every packets.  There's no reason that even if
you're not running a bridge(4) you've to run this code.

This change also will also makes it easier to convert vlan(4) to if_input().

Reviewed by Rafael Zalamena and mikeb@, ok markus@

9 years agoNow that if_input() set the receiving interface pointer on mbufs for us
mpi [Mon, 13 Apr 2015 08:45:48 +0000 (08:45 +0000)]
Now that if_input() set the receiving interface pointer on mbufs for us
there's no need to do it in m_devget(9).

Stop passing an ``ifp'' will help for upcoming interface pointer -> index
conversion.

While here remove unused ``ifp'' argument from m_clget(9) and kill two
birds^W layer violations in one commit.

ok henning@

9 years agoether_input() should not longer be called directly so convert to
mpi [Mon, 13 Apr 2015 08:40:32 +0000 (08:40 +0000)]
ether_input() should not longer be called directly so convert to
if_input().

Needed for the upcoming pseudo-driver integration work.

ok dlg@

9 years agocorrect multiplication idiom during xreallocarray, and expand appendnum
deraadt [Mon, 13 Apr 2015 05:11:23 +0000 (05:11 +0000)]
correct multiplication idiom during xreallocarray, and expand appendnum
to size_t to avoid overflow after allocation success
ok guenther doug

9 years agodeprecate ancient, pre-RFC4419 and undocumented
djm [Mon, 13 Apr 2015 02:04:08 +0000 (02:04 +0000)]
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message;
ok markus@ deraadt@ "seems reasonable" dtucker@

9 years agosync
deraadt [Sun, 12 Apr 2015 22:58:34 +0000 (22:58 +0000)]
sync

9 years agoPrevent use after free in definemacro().
florian [Sun, 12 Apr 2015 21:42:18 +0000 (21:42 +0000)]
Prevent use after free in definemacro().
When the startup file contains (start-kbd-macro) mg crashes when
executing "start-kbd-macro" two times in the running mg.

The problem is that execline() is cleaning up behind our backs.
Finish the cleanup and make sure mg doesn't think we are in the
middle of a macro definition.

Problem found, tracked down and diff by gsoares@
Tweaked & OK by me.
Committing on request of gsoares@ who currently doesn't have good net
to commit.

9 years agoFix some KNF, spacing, and typo issues. Moving the deck chairs around to
mlarkin [Sun, 12 Apr 2015 21:37:33 +0000 (21:37 +0000)]
Fix some KNF, spacing, and typo issues. Moving the deck chairs around to
reduce differences between PAE and no-PAE i386 pmaps.

9 years agoLet nl_langinfo(CODESET) return "US-ASCII" as the name of the
naddy [Sun, 12 Apr 2015 20:18:41 +0000 (20:18 +0000)]
Let nl_langinfo(CODESET) return "US-ASCII" as the name of the
character codeset for the POSIX/C default locale.  This is the
preferred IANA name and also used by FreeBSD.

The previous value "646" was an obscure reference to ISO 646 (= ASCII)
and was not recognized by GNU iconv out of the box.

ok millert@, stsp@

9 years agoFix some typos in comments, and remove an outdated comment about how
mlarkin [Sun, 12 Apr 2015 19:21:32 +0000 (19:21 +0000)]
Fix some typos in comments, and remove an outdated comment about how
certain pmap structures are allocated.

No functional change.

9 years agoBring PAE code back to life, in a different form. This diff (via bluhm then
mlarkin [Sun, 12 Apr 2015 18:37:53 +0000 (18:37 +0000)]
Bring PAE code back to life, in a different form. This diff (via bluhm then
to deraadt, then myself) brings the PAE pmap on i386 (not touched in any
significant way for years) closer to the current non-PAE pmap and allows
us to take a big next step toward better i386 W^X in the kernel (similar to
what we did a few months ago on amd64). Unlike the original PAE pmap, this
diff will not be supporting > 4GB physical memory on i386 - this effort is
specifically geared toward providing W^X (via NX) only.

There still seems to be a bug removing certain pmap entries when PAE is
enabled, so I'm leaving PAE mode disabled for the moment until we can
figure out what is going on, but with this diff in the tree hopefully
others can help.

The pmap functions now operate through function pointers, due to the need
to support both non-PAE and PAE forms. My unscientific testing showed
less than 0.3% (a third of a percent) slowdown with this approach during
a base build.

Discussed for months with guenther, kettenis, and deraadt.

ok kettenis@, deraadt@

9 years agoAdd a few missing trace functions, and "use" them. Add back the WATCH_GTT
kettenis [Sun, 12 Apr 2015 17:10:07 +0000 (17:10 +0000)]
Add a few missing trace functions, and "use" them.  Add back the WATCH_GTT
code (that isn't actually compiled in).  Use dev_priv->dev in one more place
now that we have it, and add set_normalized_timespec() and use it.

9 years agoRemove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.
doug [Sun, 12 Apr 2015 15:15:51 +0000 (15:15 +0000)]
Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.

i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken.

Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d.

ok deraadt@, jsing@

9 years agohfsc_classq has a type member which is never set or read, except to report
dlg [Sun, 12 Apr 2015 14:09:40 +0000 (14:09 +0000)]
hfsc_classq has a type member which is never set or read, except to report
its value to userland which will always be 0.

drop the member. lie to userland.

ok henning@

9 years agothere's a 1:1 correlation between hfsc_class instances and hfsc_classq
dlg [Sun, 12 Apr 2015 12:22:26 +0000 (12:22 +0000)]
there's a 1:1 correlation between hfsc_class instances and hfsc_classq
instances, so maintaining separate pools for them and pointing
between them is overhead.

this drops the hfsc_classq pool and inlines it into hfsc_class.

ok henning@