openbsd
2 years agoImprove accessibility of -T html -O toc output by using the <nav> element
schwarze [Fri, 24 Jun 2022 11:15:19 +0000 (11:15 +0000)]
Improve accessibility of -T html -O toc output by using the <nav> element
in the DPUB-ARIA doc-toc role.
Patch from Anna Vyalkova <cyber at sysrq dot in> slightly tweaked by me.

This is hopefully the start of a collaboration to improve accessibility
of Unix manual pages using the WAI-ARIA, HTML-ARIA, and DPUB-ARIA standards.
Progress appears to be possible without changing *anything* with respect to
the way manual pages are written.  Instead, it seems sufficient to properly
translate semantic cues already implied by existing mdoc(7) markup into the
appropriate HTML elements and ARIA attributes.  Overall, the total length
of HTML output is likely to increase slightly, but not much.

2 years agoRoll back previous KEX changes as they aren't safe until
dtucker [Fri, 24 Jun 2022 10:45:06 +0000 (10:45 +0000)]
Roll back previous KEX changes as they aren't safe until
compat_pkalg_proposal and friends always allocate their returned
strings.  Reported by Qualys.

2 years agoUse IN6_IS_ADDR_MC_NODELOCAL() instead of IN6_IS_ADDR_MC_INTFACELOCAL().
claudio [Fri, 24 Jun 2022 10:36:53 +0000 (10:36 +0000)]
Use IN6_IS_ADDR_MC_NODELOCAL() instead of IN6_IS_ADDR_MC_INTFACELOCAL().
It seems that IN6_IS_ADDR_MC_NODELOCAL() is the official name of this
nightmare and therefor more portable.
OK tb@

2 years agoDon't leak the strings allocated by order_hostkeyalgs() and
dtucker [Fri, 24 Jun 2022 04:37:00 +0000 (04:37 +0000)]
Don't leak the strings allocated by order_hostkeyalgs() and
list_hostkey_types() that are passed to compat_pkalg_proposal().
Part of github PR#324 from ZoltanFridrich, ok djm@

2 years agomake it clear that RekeyLimit applies to both transmitted and
djm [Fri, 24 Jun 2022 04:27:14 +0000 (04:27 +0000)]
make it clear that RekeyLimit applies to both transmitted and
received data. GHPR#328 from Jan Pazdziora

2 years agoUse dynamic linking correctly. bntest and bn_to_string need static linking.
tb [Thu, 23 Jun 2022 18:09:19 +0000 (18:09 +0000)]
Use dynamic linking correctly. bntest and bn_to_string need static linking.

2 years agoMove struct kif from bgpd.h to kroute.c
claudio [Thu, 23 Jun 2022 13:09:03 +0000 (13:09 +0000)]
Move struct kif from bgpd.h to kroute.c

The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG as well.
OK tb@

2 years agofmt_timeframe() cleanup. Remove the ring buffer, it is not required.
claudio [Thu, 23 Jun 2022 12:40:32 +0000 (12:40 +0000)]
fmt_timeframe() cleanup. Remove the ring buffer, it is not required.
Ensure that the time_t is positive and print increadibly long timeframes
of over 19 years just as weeks.
OK tb@

2 years agoFix comments
claudio [Thu, 23 Jun 2022 10:22:23 +0000 (10:22 +0000)]
Fix comments

2 years agoThanks IPv6 for being extra complex. Recover scope_id for link local addrs.
claudio [Thu, 23 Jun 2022 09:54:31 +0000 (09:54 +0000)]
Thanks IPv6 for being extra complex. Recover scope_id for link local addrs.
OK tb@

2 years agoungate DMA clock on >= tgp to avoid packet loss on Alder Lake
jsg [Thu, 23 Jun 2022 09:47:04 +0000 (09:47 +0000)]
ungate DMA clock on >= tgp to avoid packet loss on Alder Lake
chicken bit set in linux but not documented anywhere I can find
ok claudio@

2 years agoadd tgp and adp mac types and change from reusing cnp
jsg [Thu, 23 Jun 2022 09:38:28 +0000 (09:38 +0000)]
add tgp and adp mac types and change from reusing cnp
ok claudio@

2 years agoReplace struct kroute_node and kroute6_node with direct versions of
claudio [Thu, 23 Jun 2022 07:43:37 +0000 (07:43 +0000)]
Replace struct kroute_node and kroute6_node with direct versions of
struct kroute and kroute6.

Rename knexthop_node to knexthop as well. Mostly mechanical but fix
at least one log format string to have the correct order of arguments.

OK tb@

2 years agoregen
jsg [Thu, 23 Jun 2022 00:32:06 +0000 (00:32 +0000)]
regen

2 years agoadd some intel bluetooth ids
jsg [Thu, 23 Jun 2022 00:31:37 +0000 (00:31 +0000)]
add some intel bluetooth ids

0x0032 Typhoon Peak (AX210, AX1675)
0x0033 Garfield Peak (AX211, AX411, AX1690, AX1675)
0x0035 Madison Peak
0x07da Jackson Peak (2230, 6235)
0x07dc Wilkins Peak (7260)
0x0aa7 Sandy Peak (3168)
0x0aaa Jefferson Peak (9461, 9462, 9560)

2 years agodrm/amd/display: Cap OLED brightness per max frame-average luminance
jsg [Wed, 22 Jun 2022 23:00:02 +0000 (23:00 +0000)]
drm/amd/display: Cap OLED brightness per max frame-average luminance

From Roman Li
8720414b51d43a407dc6e7d7d70cebd459b0b93b in linux 5.15.y/5.15.49
4fd17f2ac0aa4e48823ac2ede5b050fb70300bf4 in mainline linux

2 years agodrm/i915/reset: Fix error_state_read ptr + offset use
jsg [Wed, 22 Jun 2022 22:55:56 +0000 (22:55 +0000)]
drm/i915/reset: Fix error_state_read ptr + offset use

From Alan Previn
f4c5eba87675a07a6c28cdaca7366aeb4258ec78 in linux 5.15.y/5.15.49
c9b576d0c7bf55aeae1a736da7974fa202c4394d in mainline linux

2 years agodrm/amdkfd: add pinned BOs to kfd_bo_list
jsg [Wed, 22 Jun 2022 22:53:12 +0000 (22:53 +0000)]
drm/amdkfd: add pinned BOs to kfd_bo_list

From Lang Yu
4a0d2797918c87e30193167a2da6a743aa2cddc1 in linux 5.15.y/5.15.49
4fac4fcf4500bce515b0f32195e7bb86aa0246c6 in mainline linux

2 years agodrm/amdkfd: Use mmget_not_zero in MMU notifier
jsg [Wed, 22 Jun 2022 22:50:55 +0000 (22:50 +0000)]
drm/amdkfd: Use mmget_not_zero in MMU notifier

From Philip Yang
09c5cdbc62d99fc6306a21b24b60eb11a3bd0963 in linux 5.15.y/5.15.49
fa582c6f3684ac0098a9d02ddf0ed52a02b37127 in mainline linux

2 years agodrm/amd/display: Read Golden Settings Table from VBIOS
jsg [Wed, 22 Jun 2022 22:49:10 +0000 (22:49 +0000)]
drm/amd/display: Read Golden Settings Table from VBIOS

From Sherry Wang
a2010538c9d25bafb35ebaff4d9eb9d0390b402b in linux 5.15.y/5.15.49
4b81dd2cc6f4f4e8cea0ed6ee8d5193a8ae14a72 in mainline linux

2 years agoRevert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping"
jsg [Wed, 22 Jun 2022 22:46:24 +0000 (22:46 +0000)]
Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping"

From Stylon Wang
22fbef00c9a3d1aac705e3dc3493bad92360bb41 in linux 5.15.y/5.15.49
1039188806d4cfdf9c412bb4ddb51b4d8cd15478 in mainline linux

2 years agoDelete the statement that the default stylesheet only used CSS1
schwarze [Wed, 22 Jun 2022 17:34:57 +0000 (17:34 +0000)]
Delete the statement that the default stylesheet only used CSS1
because that has no longer been true for some time now.

I would certainly like to adhere to a coherent standard and state
which one that is.  Unfortunately, the W3C deliberately smashed
the CSS standard into pieces such that a coherent standard no
longer exists and such that statements about standard conformance
have become next to meaningless.  Consequently, i now remain
reluctantly silent regarding CSS standard(s) conformance.

Going back to CSS2.1, published in 2011, which was the last CSS
standard in the proper sense of the word, is not an option because
it has gaping holes in functionality and is no longer adequate for
use on today's WWW.

2 years agoMove struct kroute and kroute6 to kroute.c and out of bgpd.h
claudio [Wed, 22 Jun 2022 15:24:58 +0000 (15:24 +0000)]
Move struct kroute and kroute6 to kroute.c and out of bgpd.h
OK tb@

2 years agoUse struct kroute_full in bgpd_filternexthop() so this code becomes a lot
claudio [Wed, 22 Jun 2022 14:56:11 +0000 (14:56 +0000)]
Use struct kroute_full in bgpd_filternexthop() so this code becomes a lot
simpler.

OK tb@

2 years agoAdjust code after changing struct ctl_show_nexthop to embed a struct kroute_full
claudio [Wed, 22 Jun 2022 14:49:51 +0000 (14:49 +0000)]
Adjust code after changing struct ctl_show_nexthop to embed a struct kroute_full
OK tb@

2 years agoSync KAME hack in log_in6addr() with route/show.c
tb [Wed, 22 Jun 2022 14:49:02 +0000 (14:49 +0000)]
Sync KAME hack in log_in6addr() with route/show.c

ok claudio

2 years agoUse struct kroute_full instead of a union of struct kroute & kroute6.
claudio [Wed, 22 Jun 2022 14:48:51 +0000 (14:48 +0000)]
Use struct kroute_full instead of a union of struct kroute & kroute6.

struct kroute_full is address family independent and so more portable.
Also struct kroute and struct kroute6 will be kroute.c internal soon.
OK tb@

2 years agoDocument a locking constraint that applies to barriers.
visa [Wed, 22 Jun 2022 14:10:49 +0000 (14:10 +0000)]
Document a locking constraint that applies to barriers.

OK cheloha@

2 years agoRemove comment which is no longer true.
claudio [Wed, 22 Jun 2022 12:28:33 +0000 (12:28 +0000)]
Remove comment which is no longer true.

2 years agoFix last commit. addr is already a pointer.
claudio [Wed, 22 Jun 2022 12:27:46 +0000 (12:27 +0000)]
Fix last commit. addr is already a pointer.
Noticed by anton@

2 years agoExplicitly include fcntl.h and unistd.h for pipe2
tb [Wed, 22 Jun 2022 10:01:17 +0000 (10:01 +0000)]
Explicitly include fcntl.h and unistd.h for pipe2

2 years agoFix format strings for size_t
tb [Wed, 22 Jun 2022 09:56:45 +0000 (09:56 +0000)]
Fix format strings for size_t

2 years agoFix format string: use %zu for size_t, not %lu.
tb [Wed, 22 Jun 2022 09:54:19 +0000 (09:54 +0000)]
Fix format string: use %zu for size_t, not %lu.

2 years agoError out on negative shifts in BN_{r,l}shift()
tb [Wed, 22 Jun 2022 09:03:06 +0000 (09:03 +0000)]
Error out on negative shifts in BN_{r,l}shift()

Without these checks in both functions nw = n / BN_BITS2 will be negative
and this leads to out-of-bounds accesses via negative array indices and
memset with a negative size.

Pointed out by cheloha

ok jsing

2 years agoRevert part of r1.212, which caused a regression in a previously working
bket [Tue, 21 Jun 2022 17:33:21 +0000 (17:33 +0000)]
Revert part of r1.212, which caused a regression in a previously working
setup

OK dlg@

2 years agoMake sure not to fclose() the same fd twice in case of an error.
tobhe [Tue, 21 Jun 2022 14:52:13 +0000 (14:52 +0000)]
Make sure not to fclose() the same fd twice in case of an error.

ok dtucker@

2 years agoAvoid saying that running netstart manually post-boot will "reset an
sthen [Tue, 21 Jun 2022 11:55:55 +0000 (11:55 +0000)]
Avoid saying that running netstart manually post-boot will "reset an
existing interface to its default state", because it doesn't.  ok jmc@

2 years agodrm/i915/adl_p: Add ddc pin mapping
jsg [Tue, 21 Jun 2022 11:21:22 +0000 (11:21 +0000)]
drm/i915/adl_p: Add ddc pin mapping

From Tejas Upadhyay
af10ec31a81b2f8b9a3b2d1ef05f553cc9495701 in mainline linux

2 years agoUse applymask() instead of inetXapplymask() since this code operates on
claudio [Tue, 21 Jun 2022 10:05:48 +0000 (10:05 +0000)]
Use applymask() instead of inetXapplymask() since this code operates on
struct bgpd_addr.
OK tb@

2 years agodrm/i915/adlp: Implement workaround 16013190616
jsg [Tue, 21 Jun 2022 09:46:33 +0000 (09:46 +0000)]
drm/i915/adlp: Implement workaround 16013190616

From Jose Roberto de Souza
9556829ce4d0618ae4295af8e4b3dd7e38f43598 in mainline linux

2 years agoStore time lines are scrolled into history and display in copy mode.
nicm [Tue, 21 Jun 2022 09:30:01 +0000 (09:30 +0000)]
Store time lines are scrolled into history and display in copy mode.

2 years agosync
jsg [Tue, 21 Jun 2022 07:11:18 +0000 (07:11 +0000)]
sync

2 years agodrm/i915/adlp: Remove require_force_probe protection
jsg [Tue, 21 Jun 2022 07:08:53 +0000 (07:08 +0000)]
drm/i915/adlp: Remove require_force_probe protection

From Clint Taylor
dfb924e33927ffa51e197acd58ad1c5edf1b5ff5 in mainline linux

2 years agodrm/i915/adl_s: Remove require_force_probe protection
jsg [Tue, 21 Jun 2022 07:05:55 +0000 (07:05 +0000)]
drm/i915/adl_s: Remove require_force_probe protection

From ravitejax
f5392e5f8ef300c5d8fb97fb441aad217e44f394 in mainline linux

2 years agounstub intel_guc_submission.c
jsg [Tue, 21 Jun 2022 06:17:32 +0000 (06:17 +0000)]
unstub intel_guc_submission.c

2 years agoadd Intel 600 Series LP
jsg [Tue, 21 Jun 2022 04:17:21 +0000 (04:17 +0000)]
add Intel 600 Series LP

2 years agoregen
jsg [Tue, 21 Jun 2022 04:09:28 +0000 (04:09 +0000)]
regen

2 years agoadd some Intel ADL-P and 600 Series LP ids
jsg [Tue, 21 Jun 2022 04:08:53 +0000 (04:08 +0000)]
add some Intel ADL-P and 600 Series LP ids

2 years agoTweak a comment
tb [Mon, 20 Jun 2022 19:42:58 +0000 (19:42 +0000)]
Tweak a comment

2 years agoFlip roles of lowercase and uppercase A and B.
tb [Mon, 20 Jun 2022 19:38:25 +0000 (19:38 +0000)]
Flip roles of lowercase and uppercase A and B.

This matches Cohen's text better and makes the entire thing easier to
read.

suggested by jsing

2 years agoClean up BN_kronecker()
tb [Mon, 20 Jun 2022 19:32:35 +0000 (19:32 +0000)]
Clean up BN_kronecker()

Instead of "Cohen's step N" explain in words what is being done. Things
such as (A & B & 2) != 0 being equivalent to (-1)^((A-1)(B-1)/4) being
negative are not entirely obvious...  Remove the strange error dance and
adjust variable names to what Cohen's book uses. Simplify various curly
bits.

ok jsing

2 years agoFix console screen blanker setting timeout back to zero
gnezdo [Mon, 20 Jun 2022 16:28:42 +0000 (16:28 +0000)]
Fix console screen blanker setting timeout back to zero

Tested locally. "looks correct" to miod@

From Crystal Kolipe kolipe DOT c AT exoticsilicon DOT com

2 years agoFix some bizarre indentation and line breaks.
tb [Mon, 20 Jun 2022 15:02:21 +0000 (15:02 +0000)]
Fix some bizarre indentation and line breaks.

2 years agoDo not display configuration file errors in a pane when in control mode,
nicm [Mon, 20 Jun 2022 07:59:37 +0000 (07:59 +0000)]
Do not display configuration file errors in a pane when in control mode,
instead report them with a %config-error notification. GitHub issue 3193.

2 years agoFixup comment
jca [Mon, 20 Jun 2022 06:45:31 +0000 (06:45 +0000)]
Fixup comment

2 years agoWhen there are multiple GOPs, try to select first one from which we
yasuoka [Mon, 20 Jun 2022 02:22:05 +0000 (02:22 +0000)]
When there are multiple GOPs, try to select first one from which we
can get a handle of DevicePath protocol if any, otherwise select first
one.  This is expected to workaround the garbled screen problem when
booting with efiboot happened on some machines.

origin diff from Alexei K.

2 years agoRemove unused struct fileops field fo_poll and callbacks.
visa [Mon, 20 Jun 2022 01:39:44 +0000 (01:39 +0000)]
Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

2 years agoRevert previous iwn(4) commit. Later testing done by Christian Schulte
stsp [Sun, 19 Jun 2022 18:27:06 +0000 (18:27 +0000)]
Revert previous iwn(4) commit. Later testing done by Christian Schulte
suggests that this fix did not in fact help with the issue. And this
change broke wireless for other iwn(4) users, as reported by Lucas on bugs@

2 years agoUse uppercase for SUCCESS for consistency
tb [Sun, 19 Jun 2022 17:10:02 +0000 (17:10 +0000)]
Use uppercase for SUCCESS for consistency

2 years agoNone of these tests needs to link statically.
tb [Sun, 19 Jun 2022 17:08:19 +0000 (17:08 +0000)]
None of these tests needs to link statically.

2 years agoDrop bogus DPADD += ${LIBSSL}
tb [Sun, 19 Jun 2022 17:05:31 +0000 (17:05 +0000)]
Drop bogus DPADD += ${LIBSSL}

2 years agoMake expected output match reality again.
tb [Sun, 19 Jun 2022 14:02:44 +0000 (14:02 +0000)]
Make expected output match reality again.

2 years agoThere is no reason to print the RTF_DONE bit in the routing table output.
claudio [Sun, 19 Jun 2022 13:59:22 +0000 (13:59 +0000)]
There is no reason to print the RTF_DONE bit in the routing table output.
It is now set on all routes (and before it was never set).
OK tb@ anton@

2 years agopluart(4) does not report the correct baudrate for the hardware console
anton [Sun, 19 Jun 2022 12:52:19 +0000 (12:52 +0000)]
pluart(4) does not report the correct baudrate for the hardware console
but instead defaults to 38400. This in turn causes the same baudrate to
end up in /etc/ttys during installation. Note that this is not a problem
as of now since pluart does not support changing the baudrate just yet.

Instead, honor and propagate the baudrate given to pluartcnattach()
while attaching the hardware console.

ok visa@

2 years agoSince rtsock.c -r1.329 routes sent via sysctl(2) are now marked RTF_DONE.
tb [Sun, 19 Jun 2022 10:58:22 +0000 (10:58 +0000)]
Since rtsock.c -r1.329 routes sent via sysctl(2) are now marked RTF_DONE.
Adjust expected output.

2 years agoFix rttest output after rtsock.c r1.329 that RTF_DONE to routes sent
tb [Sun, 19 Jun 2022 10:56:25 +0000 (10:56 +0000)]
Fix rttest output after rtsock.c r1.329 that RTF_DONE to routes sent
via sysctl(2)

2 years agoImplement a applymask() function that works on bgpd_addr structs.
claudio [Sun, 19 Jun 2022 10:30:09 +0000 (10:30 +0000)]
Implement a applymask() function that works on bgpd_addr structs.
Use this function in kroute so that kroute_find and kroute6_find can switch
to use struct bgpd_addr as argument.
OK tb@

2 years agogrammar fix; from S M
jmc [Sun, 19 Jun 2022 05:49:51 +0000 (05:49 +0000)]
grammar fix; from S M

2 years agoQuick regression test that checks that BN_is_prime_fasttest_ex()
tb [Sat, 18 Jun 2022 19:53:19 +0000 (19:53 +0000)]
Quick regression test that checks that BN_is_prime_fasttest_ex()
recognizes the primes in the primes[] table with and without trial
division. Would have caught the bug fixed in bn_primes.c r1.9.

2 years agosync to libunbound 1.16.0; heavy lifting by sthen
florian [Sat, 18 Jun 2022 16:20:13 +0000 (16:20 +0000)]
sync to libunbound 1.16.0; heavy lifting by sthen

2 years agoWe were a bit too enthusiastic when we copied libunbound and some other
florian [Sat, 18 Jun 2022 16:17:29 +0000 (16:17 +0000)]
We were a bit too enthusiastic when we copied libunbound and some other
helper functions from unbound(8).
Delete unused shared memory functions that the unbound(8) daemon uses
for statistics gathering. While here get rid of daemon.h which is
unused, too.
With this we can remove the hack in config.h to pretend we don't have
shmget to prevent linker errors which makes syncing with unbound(8)
easier.

2 years agoFix prime recognition when doing trial divisions
tb [Sat, 18 Jun 2022 15:52:35 +0000 (15:52 +0000)]
Fix prime recognition when doing trial divisions

If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the
case that a == primes[i], so check for that case as well.

Problem noted by Martin Grenouilloux

ok jsing

2 years agoFix gzip byte counts with 32-bit integers
gkoehler [Sat, 18 Jun 2022 03:23:19 +0000 (03:23 +0000)]
Fix gzip byte counts with 32-bit integers

If zlib is without our local change in lib/libz/zlib.h r1.7, then
s->z_stream.total_in and s->z_stream.total_out might overflow on
architectures where uLong has 32 bits.  After overflow, the total
would be 4G below the correct total.

Calculate our own 64-bit totals.  When decompressing, take
(uLong)s->z_stream.total_in as a total modulo ULONG_MAX + 1.

ok tb@

2 years agoDon't attempt to fprintf a null identity comment. From Martin Vahlensieck
dtucker [Sat, 18 Jun 2022 02:17:16 +0000 (02:17 +0000)]
Don't attempt to fprintf a null identity comment.  From Martin Vahlensieck
via tech@.

2 years agoThe timeout for ipsec acquire does not decrement the reference
bluhm [Fri, 17 Jun 2022 13:40:21 +0000 (13:40 +0000)]
The timeout for ipsec acquire does not decrement the reference
counter to 0 properly.  We have one reference count for the lists,
and one for the timeout handler.  When the timout fires, it has to
decrement the reference to itself.  Then the ipa is removed from
the lists and decremented again.
from Stefan Butz; OK tobhe@ mvs@

2 years agoOnly probe device 0 on PCI busses corresponding to a PCIe root port or a
kettenis [Fri, 17 Jun 2022 10:08:36 +0000 (10:08 +0000)]
Only probe device 0 on PCI busses corresponding to a PCIe root port or a
PCIe switch/bridge downstream port.  This fixes an issue where a device would
show up 32 times if the PCIe port does not terminate configuration requests
targeted at device numbers 1-31 as required by the spec and the PCIe device
does not filter requests based on its own device number.  Linux, NetBSD and
FreeBSD (to some extent) already do this.

This should fix an issue seen on Ampere Altra where the BMC's PCI bridge
and USB controller would show up multiple times.

ok jsg@

2 years agoAdapt the KAME hack in sa2addr() to be the same as in route/show.c
claudio [Fri, 17 Jun 2022 09:12:06 +0000 (09:12 +0000)]
Adapt the KAME hack in sa2addr() to be the same as in route/show.c
Also fix the function by moving the memcpy() after the embedded scope
has been removed.
OK tb@

2 years agoCheck cursor options when a pane is created, not just when they are changed.
nicm [Fri, 17 Jun 2022 07:28:05 +0000 (07:28 +0000)]
Check cursor options when a pane is created, not just when they are changed.

2 years agoLog an error if pipe() fails while accepting a connection. bz#3447, from
dtucker [Fri, 17 Jun 2022 01:00:03 +0000 (01:00 +0000)]
Log an error if pipe() fails while accepting a connection.  bz#3447, from
vincent-openssh at vinc17 net, ok djm@

2 years agoAdd boundary checks to hidms_setup.
bru [Thu, 16 Jun 2022 20:52:38 +0000 (20:52 +0000)]
Add boundary checks to hidms_setup.

Thanks to Sven M. Hallberg.

2 years agopfctl reports existing table as being added. glitch has
sashan [Thu, 16 Jun 2022 20:47:26 +0000 (20:47 +0000)]
pfctl reports existing table as being added. glitch has
been spotted and reported by jmc@

OK kn@

2 years agoBump MAXCPUS to 256, which is the maximum number of cores on a dual socket
kettenis [Thu, 16 Jun 2022 20:45:42 +0000 (20:45 +0000)]
Bump MAXCPUS to 256, which is the maximum number of cores on a dual socket
machine with Ampere Altra Max CPUs.  OpenBSD should run on such a machine
now.

ok patrick@, deraadt@

2 years agoThe 64-core versions of the Ampere Altra SoC still have 80 redistributors.
kettenis [Thu, 16 Jun 2022 20:44:09 +0000 (20:44 +0000)]
The 64-core versions of the Ampere Altra SoC still have 80 redistributors.
Presumably these are the same silicon and the 64-core version just has some
of the cores disabled.  This means that the redistributors don't necessarily
all match up with a core that is actually enabled.  So remove the panic
that would happen if we found a redistributor without a matching core.

ok patrick@, deraadt@

2 years agoOpenBSD syslogd(8) escapes binary data with vis(3). Use the
bluhm [Thu, 16 Jun 2022 18:44:43 +0000 (18:44 +0000)]
OpenBSD syslogd(8) escapes binary data with vis(3).  Use the
VIS_NOSLASH option to avoid additional backslashes.  Although this
option prevents to decode binaries, it makes automatic post processing
easier.  Formats like JSON use backslash escaping themself, additional
escaping from syslogd would break SIEM systems.  vis protection was
introduced to avoid evil characters in log files and not to make
binary logging possible.
from Matthias Pitzl; OK deraadt@

2 years agoRRDP serial numbers should only increase.
claudio [Thu, 16 Jun 2022 16:09:56 +0000 (16:09 +0000)]
RRDP serial numbers should only increase.
Warn if the serial number decreases between syncs.

On top of this only allow a small window of up to 2 deltas from the
current one to consider our cache to be in sync.
The number 2 is probably to conservative and should be adjusted once
some data points got collected.

It seems to happen that CAs restore RRDP snapshots instead of building
a fresh snapshot with a new session-id. Which results in rpki-client to
ignore the repo until the serial number is bigger again.
OK tb@

2 years agoNeither inet4allone nor inet6allone need global scope. Make them static.
claudio [Thu, 16 Jun 2022 15:36:36 +0000 (15:36 +0000)]
Neither inet4allone nor inet6allone need global scope. Make them static.
Noticed by tb@

2 years agoRemove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().
claudio [Thu, 16 Jun 2022 15:34:07 +0000 (15:34 +0000)]
Remove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().
Neccessary after similar change in bgpd.
OK tb@

2 years agoRemove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().
claudio [Thu, 16 Jun 2022 15:33:05 +0000 (15:33 +0000)]
Remove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().

Using inet4applymask() makes the code similar to the IPv6 version.
Also switch kroute{,6}_match() to use a struct bgpd_addr * as argument.
OK tb@

2 years agoIf anything in name2id conversion fails then just return 0.
claudio [Thu, 16 Jun 2022 15:30:12 +0000 (15:30 +0000)]
If anything in name2id conversion fails then just return 0.

Do not set any errno. So if a non empty string is used in name2id
conversion and the return value is 0 then that would be an error.
Callers in most cases do not care and accept that a label may be
lost because of conversion failure.

Noticed by and OK tb@

2 years agoshmaddr is a pointer, so use NULL instead 0f
deraadt [Thu, 16 Jun 2022 13:54:39 +0000 (13:54 +0000)]
shmaddr is a pointer, so use NULL instead 0f

2 years agoKeep cursor on selected item on menu (useful for blind people), GitHub
nicm [Thu, 16 Jun 2022 13:27:39 +0000 (13:27 +0000)]
Keep cursor on selected item on menu (useful for blind people), GitHub
issue 3225.

2 years agoMark routes sent via sysctl(2) with RTF_DONE like it is done on the
claudio [Thu, 16 Jun 2022 10:35:45 +0000 (10:35 +0000)]
Mark routes sent via sysctl(2) with RTF_DONE like it is done on the
route socket. All messages passed are by definition done. This may
allow to share more code between sysctl and route socket parsers.
OK mpi@

2 years agoRemove __func__ from warning messages where it does not add anything
claudio [Thu, 16 Jun 2022 09:51:07 +0000 (09:51 +0000)]
Remove __func__ from warning messages where it does not add anything
to the warning. The messages are clear enough and unique.
OK tb@

2 years agomake sure that UseDNS hostname lookup happens in the monitor and
djm [Wed, 15 Jun 2022 16:08:25 +0000 (16:08 +0000)]
make sure that UseDNS hostname lookup happens in the monitor and
not in the pledge(2)'d unprivileged process; fixes regression
caused by recent refactoring spotted by henning@

2 years agoPrevent busy poll loop on pfkey message error.
claudio [Wed, 15 Jun 2022 16:00:37 +0000 (16:00 +0000)]
Prevent busy poll loop on pfkey message error.

When pfkey_reply() detects an error in a message it needs to flush that
message out of the buffer because pfkey_read() only did a peak read.
OK tb@

2 years agoNeed to continue to the next message for route messages with errors
claudio [Wed, 15 Jun 2022 15:06:25 +0000 (15:06 +0000)]
Need to continue to the next message for route messages with errors
or which are not marked RTF_DONE. Possible fix for bgpd exiting for
no obvious reason. Found with help from florian@
OK florian@

2 years agoDo not use defines from pfkeyv2.h in portable code.
claudio [Wed, 15 Jun 2022 14:09:30 +0000 (14:09 +0000)]
Do not use defines from pfkeyv2.h in portable code.

Instead define our own algorithm enums for the IPsec code.
OK tb@ sthen@

2 years agoAdjust after chaning F_BGPD_INSERTED to F_BGPD and removal of F_DYNAMIC
claudio [Wed, 15 Jun 2022 10:10:50 +0000 (10:10 +0000)]
Adjust after chaning F_BGPD_INSERTED to F_BGPD and removal of F_DYNAMIC

2 years agoRename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that
claudio [Wed, 15 Jun 2022 10:10:03 +0000 (10:10 +0000)]
Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that
indicates that the route was successfully added to the FIB.

Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.

Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.

OK tb@

2 years agoIn iwn(4), delay 40MHz RXON config until we have negotiated 11n mode.
stsp [Wed, 15 Jun 2022 08:43:17 +0000 (08:43 +0000)]
In iwn(4), delay 40MHz RXON config until we have negotiated 11n mode.

Enabling 40MHz too early can cause firmware sysassert 0x05 on 5300 devices
when we send the initial AUTH frame to kick off association. At this point
we haven't negotiated 11n mode yet (this happens later during the association
sequence), so perhaps firmware saw an inconsistent configuration state?
It is unclear why this problem did not seem to affect any other devices.

Reported by Christian Schulte on misc@