kettenis [Tue, 23 Feb 2021 17:01:17 +0000 (17:01 +0000)]
Add aplintc(4), a driver for the interrupt controller found on
Apple M1 SoCs.
ok patrick@
deraadt [Tue, 23 Feb 2021 15:58:19 +0000 (15:58 +0000)]
sync
cheloha [Tue, 23 Feb 2021 15:47:53 +0000 (15:47 +0000)]
sparc64/clock.c: use ANSI-style function definitions
While here, zap a few ARGUSED linter comments.
Compile-tested by deraadt@.
ok deraadt@
mvs [Tue, 23 Feb 2021 15:13:58 +0000 (15:13 +0000)]
Wrap by netlock the whole foreach loop which calls switch_port_detach() in
switch_clone_destroy(). This fixes netlock assertion within underlay
ifpromisc(). The problem was reported by hrvoje@ [1].
"why not" by deraadt@
1. https://marc.info/?l=openbsd-bugs&m=
161338077403538&w=2
mvs [Tue, 23 Feb 2021 14:57:52 +0000 (14:57 +0000)]
Fix m_copyback(9) prototype in DESCRIPTION section.
ok millert@
deraadt [Tue, 23 Feb 2021 14:27:16 +0000 (14:27 +0000)]
previous commit mismanaged the control fd
ok claudio
claudio [Tue, 23 Feb 2021 14:25:29 +0000 (14:25 +0000)]
Adjust pledge() and unveil() calls for proc_rsync() a bit. Since the
mkdir was moved to the main process there is no need for access to .
in the rsync process.
OK job@ deraadt@
deraadt [Tue, 23 Feb 2021 14:18:59 +0000 (14:18 +0000)]
sync
jsg [Tue, 23 Feb 2021 13:50:16 +0000 (13:50 +0000)]
remove unused malloc_roundup()
bluhm [Tue, 23 Feb 2021 12:14:10 +0000 (12:14 +0000)]
As ip_insertoptions() may prepend a mbuf, "goto bad" has to free
the new chain. This fixes a potential memory leak in ip_output().
Also simplify a bunch of "goto done".
OK kn@ mvs@
aoyama [Tue, 23 Feb 2021 11:48:21 +0000 (11:48 +0000)]
Make more efficient clearing interrupts on all processors at boot time.
Without this modification, because of the volatile qualifier, the
compiler does not produce four `` = 0 '' assignments, but code
equivalent to:
*(volatile uint32_t *)INT_ST_MASK3 = 0;
*(volatile uint32_t *)INT_ST_MASK2 =
*(volatile uint32_t *)INT_ST_MASK3;
*(volatile uint32_t *)INT_ST_MASK1 =
*(volatile uint32_t *)INT_ST_MASK2;
*(volatile uint32_t *)INT_ST_MASK0 =
*(volatile uint32_t *)INT_ST_MASK1;
Anders Gavare reported to Miod Vallat, and he gave me a diff.
dlg [Tue, 23 Feb 2021 11:44:53 +0000 (11:44 +0000)]
small adjustment of the deck chairs, no functional change.
dlg [Tue, 23 Feb 2021 11:43:41 +0000 (11:43 +0000)]
fix up which link flags do what.
ipsec code is written, but is disabled, so the ipsec words here are
still commented out for now.
mvs [Tue, 23 Feb 2021 11:43:40 +0000 (11:43 +0000)]
Use NULL instead of 0 in `m_nextpkt' assignment.
ok deraadt@ dlg@
dlg [Tue, 23 Feb 2021 11:40:28 +0000 (11:40 +0000)]
make a start on transparent ipsec interception, based on bridge(4).
i found the Transparent Network Security Policy Enforcement paper
by angelos and jason was useful for understanding the background
and why you'd want to do this.
the implementation is a little bit different to the bridge one
because i've tweaked the order that pf and ipsec processing happens,
depending on which direction the packet is going over the bridge.
bridge always runs ipsec processing before pf, no matter which
direction the packet is going. packets going into veb, pf runs first
and then ipsec input processing is allowed to happen. in the outgoing
direction ipsec happens first and then pf. pf runs before ipsec in
the inbound direction so pf can apply policy to ipsec encapsulated
packets before they hit pf. this allows you to apply policy to both
the encrypted and unencrypted packets in both directions.
the code is disabled for now. this is mostly because i want veb(4)
to have a good chance at operating outside the netlock, and i'm
pretty sure the ipsec stack isn't ready for that yet. the other
reason why it's disabled is getting a test setup is effort, but i
want to sleep.
jsg [Tue, 23 Feb 2021 11:22:20 +0000 (11:22 +0000)]
remove unused uvm_mapent_bias()
ok mpi@
mpi [Tue, 23 Feb 2021 10:41:59 +0000 (10:41 +0000)]
Move `pgo_fault' handler outside of uvm_fault_lower().
Reduce differences with NetBSD and prepare for `uobj' locking.
No functionnal change. ok chris@, kettenis@
jsg [Tue, 23 Feb 2021 10:20:10 +0000 (10:20 +0000)]
remove some unused includes
dlg [Tue, 23 Feb 2021 09:51:08 +0000 (09:51 +0000)]
use the ipv6 dst addr to look up an ipsec tdb in bridge_ipsec in.
using the ipv6 next protocol header probably doesnt work. it also
probably doesnt matter cos i'm not sure anyone uses this feature in
bridge. or maybe there isn't anyone who uses ipv6. both are plausible
options.
hahaha^Wok patrick@
lum [Tue, 23 Feb 2021 08:10:51 +0000 (08:10 +0000)]
Allow the user to specify a path to the mg startup file on the command line.
dlg [Tue, 23 Feb 2021 07:29:07 +0000 (07:29 +0000)]
use link0 to allow vlans to cross the bridge.
dlg [Tue, 23 Feb 2021 05:23:02 +0000 (05:23 +0000)]
implement support for the blocknonip port flag.
dlg [Tue, 23 Feb 2021 05:01:00 +0000 (05:01 +0000)]
add support for setting and getting bridge port flags.
cheloha [Tue, 23 Feb 2021 04:44:30 +0000 (04:44 +0000)]
timecounting: use C99-style initialization for all timecounter structs
The timecounter struct is large and I think it may change in the
future. Changing it later will be easier if we use C99-style
initialization for all timecounter structs. It also makes reading the
code a bit easier.
For reasons I cannot explain, switching to C99-style initialization
sometimes changes the hash of the resulting object file, even though
the resulting struct should be the same. So there is a binary change
here, but only sometimes. No behavior should change in either case.
I can't compile-test this everywhere but I have been staring at the
diff for days now and I'm relatively confident this will not break
compilation. Fingers crossed.
ok gnezdo@
dlg [Tue, 23 Feb 2021 04:40:27 +0000 (04:40 +0000)]
filter MAC Bridge component Reserved address
im considering converting ethernet addresses into uint64_ts to make
comparisons (and masking) easier. im trialling it here, and it
doesn't seem like the worst.
dlg [Tue, 23 Feb 2021 04:13:17 +0000 (04:13 +0000)]
try and use my words to explain what veb is and does.
ok jmatthew@
dlg [Tue, 23 Feb 2021 03:30:04 +0000 (03:30 +0000)]
add veb(4), a Virtual Ethernet Bridge driver.
my intention is to replace bridge(4), but the way it works is
different enough from from bridge that a name change is justified
to distinguish them. it also makes it easier to commit it to the
tree and work on it in parallel to bridge, and allows a window of
migration.
the main difference between veb(4) and bridge(4) is how they use
interfaces as ports. veb takes over interfaces completely and only
uses them to receive and transmit ethernet packets. bridge also use
each interface as a port to the ethernet segment it's connected to,
but also tries to continue supporting the use of the interface as
a way to talk to the network stack on the local system. supporting
the use of interfaces for both external and local communication is
where most of my confusion with bridge comes from, both when i'm
trying to operate it and also understand the code. changing this
semantic is where most of the simplification in veb comes from
compared to bridge.
because veb takes over interfaces, the ethernet network set up on
a veb is isolated from the host network stack. by default veb does
not interact with pf or the ip (and mpls) stacks. to enable pf for
ip frames going over veb ports link1 on the veb interface must be
set. to have the stack interact with a veb network, vport interfaces
must be created and added as ports to a veb.
the vport interface driver is provided as part of veb, and is handled
specially by veb. veb usually prevents the use of ports by the stack
for sending an receiving packets, but that's why vports exist, so
veb has special handling for them.
veb already supports a lot of the other features that bridge has,
including bridge rules and protected domains, but i got tired of
working out of the tree and stopped implementing them. the main
outstanding features is better address table management, the
blocknonip flag on ports, transparent ipsec interception, and
spanning tree. i may not bother with spanning tree unless someone
tells me that they actually use it.
the core ethernet learning bridge functionality is provided by the
etherbridge code that was factored out of nvgre and bpe. veb is
already (a lot) faster than bridge, and is better prepared to operate
in parallel on multiple CPUs concurrently.
thanks to hrvoje popovski for testing some earlier versions of this.
discussed with many
ok patrick@ jmatthew@
deraadt [Tue, 23 Feb 2021 02:42:58 +0000 (02:42 +0000)]
sync
djm [Tue, 23 Feb 2021 00:05:31 +0000 (00:05 +0000)]
warn when the user specifies a ForwardAgent path that does not exist
and exit if ExitOnForwardFailure is set; bz3264
jsg [Tue, 23 Feb 2021 00:03:01 +0000 (00:03 +0000)]
remove unused acpiec_lock() acpiec_unlock() functions
ok kettenis@ pirofti@
jsg [Mon, 22 Feb 2021 23:43:59 +0000 (23:43 +0000)]
remove unused decode_hw_header() function
ok krw@
kettenis [Mon, 22 Feb 2021 23:17:50 +0000 (23:17 +0000)]
Terminate backtrace of secondary processors in ddb.
From miod@
kettenis [Mon, 22 Feb 2021 21:58:25 +0000 (21:58 +0000)]
Mark as arm64-specific.
tobhe [Mon, 22 Feb 2021 21:58:12 +0000 (21:58 +0000)]
Don't pass 'id' as argument to make function signature match similar
functions. config_setpfkey() is always called with id PROC_IKEV2.
kettenis [Mon, 22 Feb 2021 21:51:48 +0000 (21:51 +0000)]
Enable bge(4).
kettenis [Mon, 22 Feb 2021 21:47:47 +0000 (21:47 +0000)]
Enable apldog(4).
kettenis [Mon, 22 Feb 2021 21:42:17 +0000 (21:42 +0000)]
apldog(4)
kettenis [Mon, 22 Feb 2021 21:30:54 +0000 (21:30 +0000)]
Add apldog(4), a driver for the watchdog on Apple M1 SoCs.
This allows us to reboot the machine.
ok patrick@
mvs [Mon, 22 Feb 2021 19:14:01 +0000 (19:14 +0000)]
Move UNIX socket's garbage collector to `systqmp'. It touches nothing
which requires kernel lock to be held.
ok mpi@
patrick [Mon, 22 Feb 2021 18:55:23 +0000 (18:55 +0000)]
Disable double-data rate modes if 1.8V signalling is not possible.
ok kettenis@
patrick [Mon, 22 Feb 2021 18:53:26 +0000 (18:53 +0000)]
Slow mode is only relevant for legacy and high speed timings.
ok kettenis@
kettenis [Mon, 22 Feb 2021 18:32:02 +0000 (18:32 +0000)]
Improve support for the variant found on the Apple M1 SoC.
This mostly adjust the interrupt masking and status support since this
variant lacks the UINTM and UINTP registers.
ok patrick@
martijn [Mon, 22 Feb 2021 17:15:02 +0000 (17:15 +0000)]
Make the ober_get_* set of function to accept a NULL-pointer.
This allows us to do ber-type checking inside ober_scanf_elements, which
will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@
OK claudio@
tb [Mon, 22 Feb 2021 16:15:49 +0000 (16:15 +0000)]
Fix bizarre punctuation and capitalization in a comment.
tb [Mon, 22 Feb 2021 16:13:31 +0000 (16:13 +0000)]
Simplify version checks in the TLSv1.3 client
Ensure that the server announced TLSv1.3 (and nothing higher) in the
supported_versions extension. In that case, the legacy_version must
be TLSv1.2 according to RFC 8446, 4.1.3 and 4.2.1.
This commit also removes some unreachable code which is a remnant of
very early TLSv1.3 code from before the legacy fallback was introduced.
Simplify a few checks and adjust some comments nearby.
ok jsing
jsing [Mon, 22 Feb 2021 15:59:10 +0000 (15:59 +0000)]
Factor out/change some of the legacy client version handling code.
This consolidates the version handling code and will make upcoming changes
easier.
ok tb@
bluhm [Mon, 22 Feb 2021 13:04:56 +0000 (13:04 +0000)]
When cutting of the head of an overlapping fragment during pf
reassembly, reinsert the fragment into the lookup table with correct
index.
Reported-by: syzbot+d043455a5346f726f1c4@syzkaller.appspotmail.com
OK claudio@
robert [Mon, 22 Feb 2021 11:49:35 +0000 (11:49 +0000)]
add 7.0 syspatch pubkey
nicm [Mon, 22 Feb 2021 11:42:50 +0000 (11:42 +0000)]
expand_paths needs the global environment to be set up, do that first.
martijn [Mon, 22 Feb 2021 11:31:09 +0000 (11:31 +0000)]
Make use of the new '$' feature of ober_scanf_elements to enforce stricter
ASN.1 verification.
OK claudio@
claudio [Mon, 22 Feb 2021 09:46:05 +0000 (09:46 +0000)]
Rename mkpath() to mkpathat() since it uses mkdirat() internally.
nicm [Mon, 22 Feb 2021 08:31:19 +0000 (08:31 +0000)]
Fix regex searching with wrapped lines, from Anindya Mukherjee; GitHub
issue 2570.
nicm [Mon, 22 Feb 2021 08:18:13 +0000 (08:18 +0000)]
Move config file path expansion much earlier, keep the list of paths
around rather than freeing later, and add a config_files format variable
containing it. Suggested by kn@ a while back.
nicm [Mon, 22 Feb 2021 07:09:06 +0000 (07:09 +0000)]
There are many format variables now so allocating all the default ones
each time a tree is created is too expensive. Instead, convert them all
into callbacks and put them in a static table so they only allocate on
demand. The tree remains for the moment for extra (non-default)
variables added by for example copy mode or popups. Also reduce
expensive calls to localtime_r/strftime. GitHub issue 2253.
nicm [Mon, 22 Feb 2021 06:53:04 +0000 (06:53 +0000)]
Move jump commands to grid reader, make them UTF-8 aware, and tidy up,
from Anindya Mukherjee.
krw [Mon, 22 Feb 2021 02:19:03 +0000 (02:19 +0000)]
Switch reboot timing to timespec, the better to handle the
default reboot interval of 1 sec. Gives the DHCP server a
fairer shot at replying before the timeout expires.
ok millert@
jmatthew [Mon, 22 Feb 2021 01:24:59 +0000 (01:24 +0000)]
Use the F_CHECK_SENT and F_CHECK_DONE flags to determine whether a
previous attempt at running a check script has finished yet, so we
can avoid building up a backlog of check requests.
ok dlg@ tb@ giovanni@
jsg [Mon, 22 Feb 2021 01:18:01 +0000 (01:18 +0000)]
regen
jsg [Mon, 22 Feb 2021 01:17:23 +0000 (01:17 +0000)]
add some AMD 500 series, 17h/71h, Navi 10 and Kingston NVMe ids
initial diff from Sven Wolf
tb [Sun, 21 Feb 2021 19:21:15 +0000 (19:21 +0000)]
PATH does not include '.' anymore. Fix the runs test for that situation.
krw [Sun, 21 Feb 2021 18:16:59 +0000 (18:16 +0000)]
Rename struct client_config fields 'timeout', 'link_timeout' and
'reboot_timeout' to 'offer_interval', 'link_interval' and
'reboot_interval' to be consistant with other '_interval' fields that
specify a number of seconds to wait.
jmc [Sun, 21 Feb 2021 17:18:01 +0000 (17:18 +0000)]
exclamation mark needs escaped too;
deraadt [Sun, 21 Feb 2021 15:56:25 +0000 (15:56 +0000)]
how about sticking to standard C.
tobhe [Sun, 21 Feb 2021 14:55:16 +0000 (14:55 +0000)]
Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.
Asked to commit by and ok patrick@
krw [Sun, 21 Feb 2021 14:30:29 +0000 (14:30 +0000)]
No need for state_preboot() to double check timeout being
tracked in tick_msg() and explicitly calling tick_msg(TICK_SLEEP).
One fewer use of each of time(), ifi->startup_time and
config->link_timeout. Makes code easier to follow.
No intentional functional change.
tobhe [Sun, 21 Feb 2021 14:21:37 +0000 (14:21 +0000)]
Don't explicitly send address family in IMSG_VROUTE_ADD. The receiving
process parses af from the sockaddrs.
ok patrick@
kettenis [Sun, 21 Feb 2021 13:14:47 +0000 (13:14 +0000)]
One CPUs that implement the VHE extension and have the E2H bit set, keep
running the kernel in EL2.
ok patrick@
sthen [Sun, 21 Feb 2021 10:38:42 +0000 (10:38 +0000)]
Add ping -g, a concise display format similar to that used by other
network devices that shows one character per echo request (! for normal
response, . for timed out, D for duplicate, T for truncated) making
it easier to identify patterns of loss over periods of time.
ok remi@ kn@, feedback from deraadt@ chris@
!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!!!!!!!!!!!!!
jmc [Sun, 21 Feb 2021 06:35:31 +0000 (06:35 +0000)]
zap duplicate .Nm;
deraadt [Sun, 21 Feb 2021 06:20:07 +0000 (06:20 +0000)]
sync
dlg [Sun, 21 Feb 2021 03:46:34 +0000 (03:46 +0000)]
cut nvgre(4) over to use common etherbridge code.
the "ports" that nvgre provides to etherbridge are ip addresses
used in the underlay network.
ok patrick@ jmatthew@
dlg [Sun, 21 Feb 2021 03:35:17 +0000 (03:35 +0000)]
cut bpe(4) over to using the common etherbridge code.
it's pretty straightforward since etherbridge was mostly based on
this code in the first place. the etherbridge_ops that bpe provides
to etherbridge set entries up to point at mac addresses in the
underlay network.
ok patrick@ jmatthew@
dlg [Sun, 21 Feb 2021 03:26:46 +0000 (03:26 +0000)]
add etherbridge, the guts of a learning bridge that can be reused.
this allows for the factoring out of the learning bridge code i
wrote in bpe and nvme, and should be reusable for other drivers
needing a mac learning bridge.
the core data structures are an etherbridge struct to represent the
learning bridge, eb_entry structs for each mac address entry that
the bridge knows about, and an etherbridge_ops struct that drivers
fill in so that they can use this code.
eb_entry structs are stored in a hash table made up of SMR_TAILQs
to support lookups of entries quickly and concurrently in the
forwarding path. they are also stored in a locked red-black tree
to help manage the uniqueness of the mac address in the table.
the etherbridge_ops handlers mostly deal with comparing and testing
the "ports" associated with mac address table entries. the "port"
that a mac address entry is associated with is opaque to the
etherbridge code, which allows for this code to be used by nvgre
and bpe which map mac addresses inside the bridge to addresses in
their underlay networks. it also supports traditional bridges where
"ports" are actual interfaces.
ok patrick@ jmatthew@
dlg [Sun, 21 Feb 2021 02:43:17 +0000 (02:43 +0000)]
i added stoeplitz_eaddr
dlg [Sun, 21 Feb 2021 02:40:41 +0000 (02:40 +0000)]
fix the names of the things that actually do the hashing.
dlg [Sun, 21 Feb 2021 02:37:38 +0000 (02:37 +0000)]
add stoeplitz_eaddr, for getting a hash value from an ethernet address.
tobhe [Sat, 20 Feb 2021 22:00:32 +0000 (22:00 +0000)]
Fail on invalid address family.
jsg [Sat, 20 Feb 2021 21:50:04 +0000 (21:50 +0000)]
remove warning about amdgpu userptr ioctl being unimplemented
matches radeon and i915
reported by Benjamin Baier
otto [Sat, 20 Feb 2021 19:06:38 +0000 (19:06 +0000)]
Enable threads test
otto [Sat, 20 Feb 2021 19:05:28 +0000 (19:05 +0000)]
A regress test to test concurrent exception handling in threads
otto [Sat, 20 Feb 2021 19:03:28 +0000 (19:03 +0000)]
Make the unwind cache tread-safe by declaring it thread_local. Solves
segfaults seen on exception handling. ok kettenis@
krw [Sat, 20 Feb 2021 14:56:59 +0000 (14:56 +0000)]
tick_msg("lease", TICK_SUCCESS) in bind_lease() should *not* be
invoked when log_getverbose() returns 0.
visa [Sat, 20 Feb 2021 14:42:51 +0000 (14:42 +0000)]
Fix disestablishing of PCI interrupt handlers.
tb [Sat, 20 Feb 2021 14:16:56 +0000 (14:16 +0000)]
ugly whitespace
tb [Sat, 20 Feb 2021 14:14:16 +0000 (14:14 +0000)]
Rename f_err into fatal_err.
discussed with jsing
tb [Sat, 20 Feb 2021 14:03:50 +0000 (14:03 +0000)]
Rename the truncated label into decode_err. This describes its purpose
better and doesn't look odd if there's trailing data for exapmle.
Indent a few labels in the neighborhood while there.
ok jsing
jmc [Sat, 20 Feb 2021 12:37:59 +0000 (12:37 +0000)]
zap unneccessary .Pp;
jsing [Sat, 20 Feb 2021 09:45:14 +0000 (09:45 +0000)]
Revise regress to match change in SSL{_CTX,}_get_{min,max}_proto_version().
jsing [Sat, 20 Feb 2021 09:43:29 +0000 (09:43 +0000)]
Return a min/max version of zero if set to zero.
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
jsing [Sat, 20 Feb 2021 08:33:17 +0000 (08:33 +0000)]
Add DTLSv1.2 methods.
These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL.
ok tb@
jsing [Sat, 20 Feb 2021 08:30:52 +0000 (08:30 +0000)]
Handle DTLS1_2_VERSION in various places.
ok tb@
jsing [Sat, 20 Feb 2021 08:22:55 +0000 (08:22 +0000)]
Revise HelloVerifyRequest handling for DTLSv1.2.
Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always contain
DTLSv1.0 - ensure this is the case on the server side, allow both DTLSv1.0
and DTLSv1.2 on the client.
ok tb@
jsing [Sat, 20 Feb 2021 08:19:01 +0000 (08:19 +0000)]
Group HelloVerifyRequest decoding and add missing check for trailing data.
ok tb@
jsing [Sat, 20 Feb 2021 08:11:57 +0000 (08:11 +0000)]
Add various public DTLS related defines.
These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL.
ok tb@
jsing [Sat, 20 Feb 2021 07:29:07 +0000 (07:29 +0000)]
Clean up/simplify dtls1_get_cipher().
ok tb@
dlg [Sat, 20 Feb 2021 05:03:37 +0000 (05:03 +0000)]
move from calling l3 protocol input handlers to using if_vinput.
if_vinput requires mpsafe interface counters, so add those in. this
factors out some more code between drivers. monitor mode will work
on these interfaces now too.
dlg [Sat, 20 Feb 2021 05:01:33 +0000 (05:01 +0000)]
move gre and mgre from calling l3 input handlers to using if_vinput.
using if_vinput factors out a lot of repeated code between tunnel
drivers, and it means monitor mode works on gre and mgre now too.
make the l2 gre interfaces do some things in the same order while
here.
dlg [Sat, 20 Feb 2021 04:58:29 +0000 (04:58 +0000)]
move gif from calling l3 protocol input handlers to using if_vinput.
if_vinput requires mpsafe interface counters, so gif is a bit more
mpsafe now than it was before. using if_vinput means monitor mode
works on gif now too.
dlg [Sat, 20 Feb 2021 04:55:52 +0000 (04:55 +0000)]
add p2p_input, like ether_input but for l3 tunnel interfaces.
the l3 protocol input to push the packet is based on a value in
m->m_pkthdr.ph_family, which tunnel drivers should set before calling
if_vinput.
add p2p_bpf_mtap to call bpf_mtap_af also using m->m_pkthdr.ph_family.
dlg [Sat, 20 Feb 2021 04:39:16 +0000 (04:39 +0000)]
let tun use bpf_mtap for handling input packets.
tun (not tap) input packets are written from userland in the same
format that it's bpf dlt is expecting, so we can push the packet
straight into bpf with bpf_mtap. this is more correct that using
bpf_mtap_ether for tun.