claudio [Thu, 22 Feb 2018 07:42:38 +0000 (07:42 +0000)]
The IF_EVT_NBR_CHNG event needs to be fired when a neighbor transitions to
a state of 2-Way or higher. There is no need to trigger the event for new
neighbors. With this situations with multiple DRs after a netsplit should
be solved.
OK sthen@ and remi@
dlg [Thu, 22 Feb 2018 07:33:24 +0000 (07:33 +0000)]
don't get in the way of setting the rdomain on gre(4)
dlg [Thu, 22 Feb 2018 07:27:26 +0000 (07:27 +0000)]
slight tweak
dlg [Thu, 22 Feb 2018 07:24:58 +0000 (07:24 +0000)]
reorganise the manpage with subsections for each type of interface.
the page was getting a bit cumbersome with the arrival of nvgre,
so hopefully this makes it a bit more straightforward.
jmc@ says he can fix stuff as i go
dlg [Thu, 22 Feb 2018 01:35:04 +0000 (01:35 +0000)]
make the Nd lines (subjectively) less worse
dlg [Wed, 21 Feb 2018 22:20:19 +0000 (22:20 +0000)]
implement nvgre(4) based on rfc7637 aka NVGRE
NVGRE is short for Network Virtualization Using Generic Routing
Encapsulation.
it provides an overlay ethernet network with multiple ip peers,
rather than a tunnel to a single peer like egre(4) provides. unlike
egre the vnetid is mandantory and always 24 bits. it offers similar
functionality to vxlan(4).
mikeb [Wed, 21 Feb 2018 21:09:57 +0000 (21:09 +0000)]
Mark VIA padlock as capable of dealing with ESN
There are no actual changes to the driver since the software crypto
driver is called to handle authentication operations.
This enabled padlock to be used when tunnels are setup with iked(8).
Tested by and OK fcambus
rpe [Wed, 21 Feb 2018 20:02:37 +0000 (20:02 +0000)]
Delete the kernel link kit tgz after extraction to align with the
libexec/reorder_kernel script.
OK tb
rpe [Wed, 21 Feb 2018 19:57:21 +0000 (19:57 +0000)]
Tweak comments.
OK tb
rpe [Wed, 21 Feb 2018 19:54:25 +0000 (19:54 +0000)]
If there is one interface, and it is configured via dhcp, and the lease
contains both domain-name and domain-search options make sure to use the
first domain-name entry (there might be multiple).
This issue was noticed by Raf Czlonka, thanks for reporting
Discussed with, tested and OK krw
guenther [Wed, 21 Feb 2018 19:24:15 +0000 (19:24 +0000)]
Meltdown: implement user/kernel page table separation.
On Intel CPUs which speculate past user/supervisor page permission checks,
use a separate page table for userspace with only the minimum of kernel code
and data required for the transitions to/from the kernel (still marked as
supervisor-only, of course):
- the IDT (RO)
- three pages of kernel text in the .kutext section for interrupt, trap,
and syscall trampoline code (RX)
- one page of kernel data in the .kudata section for TLB flush IPIs (RW)
- the lapic page (RW, uncachable)
- per CPU: one page for the TSS+GDT (RO) and one page for trampoline
stacks (RW)
When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
trampoline code switches page tables, switches stacks to the thread's real
kernel stack, then copies over the necessary bits from the trampoline stack.
On return to userspace the opposite occurs: recreate the iretq frame on the
trampoline stack, switch stack, switch page tables, and return to userspace.
mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
issues on MP in particular, and drove the final push to completion.
Many rounds of testing by naddy@, sthen@, and others
Thanks to Alex Wilson from Joyent for early discussions about trampolines
and their data requirements.
Per-CPU page layout mostly inspired by DragonFlyBSD.
ok mlarkin@ deraadt@
mpi [Wed, 21 Feb 2018 09:30:02 +0000 (09:30 +0000)]
Call socreate() before falloc() in sys_socket().
This is similar to what we do in sys_socketpair() and will allow us
to grab the KERNEL_LOCK() only after having created a socket.
This time with correct non-blocking check.
Tested by landry@, previous diff ok tedu@
dlg [Wed, 21 Feb 2018 05:20:17 +0000 (05:20 +0000)]
if egre takes the packet, it's done, don't fall through to l3 processing.
dlg [Wed, 21 Feb 2018 05:19:11 +0000 (05:19 +0000)]
whitespace fixes
jsg [Wed, 21 Feb 2018 00:43:03 +0000 (00:43 +0000)]
add bsd.mp
jsg [Wed, 21 Feb 2018 00:04:41 +0000 (00:04 +0000)]
match linux whitespace in ioctl list
kettenis [Tue, 20 Feb 2018 23:57:54 +0000 (23:57 +0000)]
Add GENERIC.MP directory.
kettenis [Tue, 20 Feb 2018 23:48:23 +0000 (23:48 +0000)]
Add GENERIC.MP.
kettenis [Tue, 20 Feb 2018 23:46:48 +0000 (23:46 +0000)]
Release the secondary CPUs.
kettenis [Tue, 20 Feb 2018 23:45:24 +0000 (23:45 +0000)]
Make arm64 pmap (somewhat) mpsafe.
jsg [Tue, 20 Feb 2018 23:44:19 +0000 (23:44 +0000)]
stop mixing bsd and c99 fixed width types and just use c99 types everywhere
tb [Tue, 20 Feb 2018 21:11:15 +0000 (21:11 +0000)]
Fix bogus check. Spotted by brynet, thanks.
tb [Tue, 20 Feb 2018 20:59:19 +0000 (20:59 +0000)]
RSA_get_flags should be RSA_test_flags.
Noted by sthen. Rides previous minor bump.
tb [Tue, 20 Feb 2018 18:51:35 +0000 (18:51 +0000)]
whitespace nit
tb [Tue, 20 Feb 2018 18:20:29 +0000 (18:20 +0000)]
sync
tb [Tue, 20 Feb 2018 18:19:07 +0000 (18:19 +0000)]
Crank lib{crypto,ssl,tls} minors after symbol addition.
tb [Tue, 20 Feb 2018 18:17:17 +0000 (18:17 +0000)]
Provide BIO_meth_{g,s}et_callback_ctrl()
with & ok jsing
tb [Tue, 20 Feb 2018 18:13:31 +0000 (18:13 +0000)]
Provide BIO_meth_get_{create,ctrl,destroy,gets,puts,read}()
ok jsing
tb [Tue, 20 Feb 2018 18:10:27 +0000 (18:10 +0000)]
Zap an 'int' that snuck in.
ok jsing
tb [Tue, 20 Feb 2018 18:07:11 +0000 (18:07 +0000)]
Provide SSL_SESSION_get_protocol_version()
ok jsing
tb [Tue, 20 Feb 2018 18:05:28 +0000 (18:05 +0000)]
Provide EVP_PKEY_get0_EC_KEY() and 'if (ret)' vs 'if (ret != 0)' cosmetics.
ok jsing
tb [Tue, 20 Feb 2018 18:01:42 +0000 (18:01 +0000)]
Provide DH_set_length()
ok jsing
tb [Tue, 20 Feb 2018 17:59:31 +0000 (17:59 +0000)]
Provide DH_bits()
ok jsing
tb [Tue, 20 Feb 2018 17:55:26 +0000 (17:55 +0000)]
Provide BIO_{g,s}et_shutdown().
ok jsing
tb [Tue, 20 Feb 2018 17:52:27 +0000 (17:52 +0000)]
Provide DSA_get0_engine()
ok jsing
tb [Tue, 20 Feb 2018 17:48:35 +0000 (17:48 +0000)]
Provide DSA_SIG_{g,s}et0()
ok jsing
tb [Tue, 20 Feb 2018 17:45:44 +0000 (17:45 +0000)]
Provide DSA_{clear,set,test}_flags()
ok jsing
tb [Tue, 20 Feb 2018 17:42:32 +0000 (17:42 +0000)]
Provide RSA_{clear,set,test}_flasg()
ok jsing
tb [Tue, 20 Feb 2018 17:38:15 +0000 (17:38 +0000)]
Provide DH_{clear,set,test}_flags().
ok jsing
jsing [Tue, 20 Feb 2018 17:15:27 +0000 (17:15 +0000)]
Provide BIO_get_new_index().
Based on BoringSSL.
jsing [Tue, 20 Feb 2018 17:13:14 +0000 (17:13 +0000)]
Provide BN_GENCB_new(), BN_GENCB_free() and BN_GENCB_get_arg()
jsing [Tue, 20 Feb 2018 17:09:20 +0000 (17:09 +0000)]
Provide X509_NAME_get0_der().
From OpenSSL.
jsing [Tue, 20 Feb 2018 17:06:19 +0000 (17:06 +0000)]
Provide X509_REQ_get0_signature()
jsing [Tue, 20 Feb 2018 17:04:58 +0000 (17:04 +0000)]
Provide X509_CRL_get0_{last,next}Update() and X509_CRL_get0_signature().
jsing [Tue, 20 Feb 2018 17:02:30 +0000 (17:02 +0000)]
Provide BN_get_rfc2409_prime_*() and BN_get_rfc3526_prime_*().
otto [Tue, 20 Feb 2018 16:22:19 +0000 (16:22 +0000)]
make sure we've read the lenght bytes before checking the length
ok benno@
tb [Tue, 20 Feb 2018 15:33:16 +0000 (15:33 +0000)]
Move getvnetflowid() out of #ifndef SMALL to unbreak 'make release'.
Diff from jsg, ok millert, benno
mikeb [Tue, 20 Feb 2018 15:02:13 +0000 (15:02 +0000)]
Convert key length from bits to bytes
Reported by Renaud Allard, fix tested by Renaud (i386) and fcambus@ (amd64).
OK visa, fcambus
visa [Tue, 20 Feb 2018 14:46:22 +0000 (14:46 +0000)]
Make ddb's "show all locks" command show spinlocks in addition
to sleeplocks.
OK mpi@
mpi [Tue, 20 Feb 2018 12:44:28 +0000 (12:44 +0000)]
Test that removing a mpath RTF_CLONING route entry do not remove the
RTF_CACHED entry of a sibling RTF_CLONING entry.
mpi [Tue, 20 Feb 2018 12:43:03 +0000 (12:43 +0000)]
Removing an RTF_CLONING route entry should not invalidate an RTF_CACHED
entry that has been cloned from a different RTF_CLONING route.
Bug report & ok friehm@
mpi [Tue, 20 Feb 2018 12:38:58 +0000 (12:38 +0000)]
Introduce enternewpgrp() & enterthispgrp(), from FreeBSD via guenther@.
This code shuffling will ease the introduction of the proctree lock
in sys_setsid() and sys_setpgid().
Extracted from a larger diff from guenther@, ok visa@
nicm [Tue, 20 Feb 2018 10:43:46 +0000 (10:43 +0000)]
Do not leak memory when working out job name in formats.
sthen [Tue, 20 Feb 2018 10:12:14 +0000 (10:12 +0000)]
Call "vmctl stop" on each VM at shutdown, for OpenBSD guests this means they
are signalled to shutdown cleanly. Wait for each to finish to avoid too much
busy work at once; this may need revising if it turns out to be too slow with
a larger number of VMs (e.g. signal/delay/signal/delay/... then wait for
shutdowns), but let's avoid making it more complex unless we know it's needed.
Based on a diff from abieber@, discussed with mlarkin@ aja@ rpe@, ok rpe
sthen [Tue, 20 Feb 2018 09:43:59 +0000 (09:43 +0000)]
sync
sthen [Tue, 20 Feb 2018 09:20:47 +0000 (09:20 +0000)]
merge configure.ac from NSD 4.1.19, previously we had an updated
generated configure file, but old configure.ac.
jmc [Tue, 20 Feb 2018 07:34:28 +0000 (07:34 +0000)]
tweak previous, with some help from dlg;
jmatthew [Tue, 20 Feb 2018 05:40:52 +0000 (05:40 +0000)]
Set the chain_offset field (same as sgl_offset0, only in 16 byte units)
in passthrough IO requests, which makes AEN processing work on SAS2208
controllers, and since AEN processing works now, enable it again.
tested on SAS2208 (PERC H710P) and SAS3108 (PERC H730), SAS3.5 parts
should work too.
ok dlg@
dlg [Tue, 20 Feb 2018 04:03:15 +0000 (04:03 +0000)]
cisco set the tos on their keepalive packets to ip precedence
internet control, so we can too.
dlg [Tue, 20 Feb 2018 03:53:54 +0000 (03:53 +0000)]
add support for vnetflowid.
when enabled, the 32bit key on gre a packet is split into a 24bit
key and an 8 bit flow id. this allows better use of multipath links
if the intermediate routers feed the gre key into their hashing
algorithms. because gre can encapsulate pretty much anything, it
can be non-trivial for a router to reach into a payload to harvest
entropy for feeding into a hashing algorithm. having the endpoints
do it and feed it into the gre header is a lot simpler.
this allows interoperationg with cisco gre tunnels with key entropy
enabled. this was tested against a csr1000v.
also, this arrangement coincides with how nvgre works, so it paves
the way for supporting that protocol.
right now the driver relies on the flowid in mbufs to populate the
packet field. this generally means that pf should be enabled to
provide the flowid.
dlg [Tue, 20 Feb 2018 03:46:45 +0000 (03:46 +0000)]
only allow root to use SIOCSVNETFLOWID.
dlg [Tue, 20 Feb 2018 03:45:06 +0000 (03:45 +0000)]
add support for toggling partitioning a vnetid into a netid and flowid
"vnetflowid" enables it on an interface, and "-vnetflowid" disables it.
a vnetid will be suffixed with + on the encap line if it an interface
reports that it is enabled.
dlg [Tue, 20 Feb 2018 03:43:07 +0000 (03:43 +0000)]
add ioctls to toggle partitioning a vnetid into a netid and flowid
this maps to key entropy in cisco tunnel terminology, and will be
used in gre and egre to interoperate with their tunnels.
dlg [Tue, 20 Feb 2018 01:20:37 +0000 (01:20 +0000)]
add support for setting the tunnel df bit.
ok mpi@
rpe [Mon, 19 Feb 2018 23:42:29 +0000 (23:42 +0000)]
Write warning/error messages to stderr and end them with a fullstop.
OK tb
rpe [Mon, 19 Feb 2018 21:47:43 +0000 (21:47 +0000)]
- use specific patterns when looping over /etc/hostname.if files
to skip backup or temp files.
- test if the patterns matched actual files
- warn if ifcreate() fails on an interface and continue with the
subsequent interfaces in the list instead of return'ing
OK dlg sthen tb
nicm [Mon, 19 Feb 2018 21:20:10 +0000 (21:20 +0000)]
Support ISO colon-separated SGR.
schwarze [Mon, 19 Feb 2018 16:11:02 +0000 (16:11 +0000)]
Merge new RETURN VALUES section; from Paul Yang via
OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
schwarze [Mon, 19 Feb 2018 14:22:15 +0000 (14:22 +0000)]
In bio.h rev. 1.33 2018/02/18 12:59:06, tb@ provided BIO_meth_set_gets(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 14:08:52 +0000 (14:08 +0000)]
In bio.h rev. 1.32 2018/02/18 12:58:25, tb@ provided
BIO_get_data(3), BIO_set_data(3), and BIO_set_init(3).
Import the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 13:28:05 +0000 (13:28 +0000)]
In rsa.h rev. 1.34 2018/02/18 12:53:46, tb@ provided RSA_get0_factors(3)
and RSA_set0_factors(3) and in rev. 1.36 2018/02/18 12:57:14
RSA_get0_crt_params(3) and RSA_set0_crt_params(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 12:14:11 +0000 (12:14 +0000)]
In rsa.h rev. 1.33 2018/02/18 12:52:13, tb@ provided RSA_bits(3).
Merge the documentation; from Kurt Roeckx <kurt at roeckx dot be>
via OpenSSL commit
26c79d56 Apr 18 12:23:12 2015 +0200.
schwarze [Mon, 19 Feb 2018 11:55:49 +0000 (11:55 +0000)]
In dh.h rev. 1.20 2018/02/18 12:51:31, tb@ provided DH_set0_pqg(3)
and in dh.h rev. 1.21 2018/02/18 14:58:12 DH_set0_key(3).
Merge the documentation from OpenSSL.
mpi [Mon, 19 Feb 2018 11:37:38 +0000 (11:37 +0000)]
Correctly diff the output of test 32.
mpi [Mon, 19 Feb 2018 11:35:41 +0000 (11:35 +0000)]
Grab solock() inside soconnect2() instead of asserting for it to be held.
ok millert@
schwarze [Mon, 19 Feb 2018 10:40:00 +0000 (10:40 +0000)]
In dsa.h rev. 1.25 2018/02/18 12:50:58, tb@ provided DSA_set0_pqg(3)
and in dsa.h rev. 1.26 2018/02/18 14:58:12 DSA_set0_key(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 10:04:08 +0000 (10:04 +0000)]
In evp.h rev. 1.57 2018/02/17 16:54:08,
jsing@ provided EVP_CIPHER_CTX_reset(3).
Merge the documentation, most from Richard Levitte
via OpenSSL commit
05fdb8d3 Dec 18 17:09:45 2015 +0100.
Also merge improvements to the EXAMPLES section from OpenSSL,
fixing one additional bug that still remains in OpenSSL.
While here, improve information on the deprecated functions,
sort RETURN VALUES, and add a few missing functions to it,
though that section still remains incomplete.
otto [Mon, 19 Feb 2018 09:52:16 +0000 (09:52 +0000)]
(static) byte buffers are not aligned in any way, malloc the buffer to
solve that. Prevents bus error on armv7. ok naddy@ florian@
mpi [Mon, 19 Feb 2018 09:25:13 +0000 (09:25 +0000)]
Change some returns into gotos, will help keeping the unlocking path
simpler. No functional change.
Extracted from a larger diff from guenther@, ok kettenis@
jsg [Mon, 19 Feb 2018 09:20:45 +0000 (09:20 +0000)]
Add a default case to a usb_tap() switch statement which mpi@ says will
never be called to convince compilers and static analysis tools a path
that uses uninitialised memory does not exist.
ok krw@ mpi@
mpi [Mon, 19 Feb 2018 09:18:50 +0000 (09:18 +0000)]
Convert sparc64 to MI mutex.
ok dlg@
mpi [Mon, 19 Feb 2018 09:18:00 +0000 (09:18 +0000)]
Include <sys/mutex.h> directly instead of relying on other headers to
include it.
jsg [Mon, 19 Feb 2018 09:08:13 +0000 (09:08 +0000)]
Directly include sys/mplock.h when needed instead of depending on
indirect inclusion. Fixes non-MULTIPROCESSOR WITNESS build.
ok visa@ mpi@
mpi [Mon, 19 Feb 2018 08:59:52 +0000 (08:59 +0000)]
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
schwarze [Mon, 19 Feb 2018 08:20:26 +0000 (08:20 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_signature(3). Merge the documentation from OpenSSL.
Rename the file from X509_get_signature_nid.3 to X509_get0_signature.3
for consistency because we are not losing any history yet.
schwarze [Mon, 19 Feb 2018 07:59:23 +0000 (07:59 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_extensions(3). Merge the documentation from OpenSSL.
jmc [Mon, 19 Feb 2018 06:48:45 +0000 (06:48 +0000)]
tweak previous;
jsg [Mon, 19 Feb 2018 06:22:12 +0000 (06:22 +0000)]
sync
dlg [Mon, 19 Feb 2018 04:43:48 +0000 (04:43 +0000)]
tunneldf needs ifr_df
djm [Mon, 19 Feb 2018 00:55:02 +0000 (00:55 +0000)]
emphasise that the hostkey rotation may send key types that the client
may not support, and that the client should simply disregard such keys
(this is what ssh does already).
dlg [Mon, 19 Feb 2018 00:46:27 +0000 (00:46 +0000)]
support configuration of fragmentation of the tunnel traffic
dlg [Mon, 19 Feb 2018 00:34:32 +0000 (00:34 +0000)]
enable configuration of tunnel fragmentation.
dlg [Mon, 19 Feb 2018 00:29:29 +0000 (00:29 +0000)]
initialise sc_df to 0 in clone create rather than setting sc_ttl badly
dlg [Mon, 19 Feb 2018 00:26:26 +0000 (00:26 +0000)]
add code to support configuration of tunnel traffic fragmentation
dlg [Mon, 19 Feb 2018 00:24:48 +0000 (00:24 +0000)]
make sure only root can configure an interface with SIOCSLIFPHYDF.
dlg [Mon, 19 Feb 2018 00:23:57 +0000 (00:23 +0000)]
add support for setting and displaying whether a tunnel allows fragmentation
ifconfig will output "nodf" or "df" on tunnel interfaces that support
the ioctl., and accepts "tunneldf" and "-tunneldf" as options to
try and configure it.
dlg [Mon, 19 Feb 2018 00:21:31 +0000 (00:21 +0000)]
add ioctls for tunnels to configure whether they allow fragmentation or not.
discussed with cladio@ at a2k18
dlg [Mon, 19 Feb 2018 00:18:31 +0000 (00:18 +0000)]
gif carries mpls too
dlg [Sun, 18 Feb 2018 23:53:17 +0000 (23:53 +0000)]
don't allow configuration of non-ipv4 addresses.
i found out how to do this while reading the freebsd stf(4) driver.
schwarze [Sun, 18 Feb 2018 23:34:01 +0000 (23:34 +0000)]
In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,
jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and
SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL,
with some tweaks.
projects / openbsd / log