openbsd
2 months agoUse getaddrinfo to parse IP addresses and lookup names.
florian [Tue, 27 Aug 2024 06:03:20 +0000 (06:03 +0000)]
Use getaddrinfo to parse IP addresses and lookup names.

OK bluhm

2 months agoDo not send zero sized vendor or client ids.
florian [Tue, 27 Aug 2024 05:55:39 +0000 (05:55 +0000)]
Do not send zero sized vendor or client ids.

The frontend and engine do not like this due to improved error
checking.

Found by Josh Grosse and Renato Aguiar, thanks!

2 months agocms_att.c: tidy includes and add x509_local.h for upcoming change
tb [Tue, 27 Aug 2024 01:19:27 +0000 (01:19 +0000)]
cms_att.c: tidy includes and add x509_local.h for upcoming change

2 months agocalendars are so hard
deraadt [Mon, 26 Aug 2024 22:54:21 +0000 (22:54 +0000)]
calendars are so hard

2 months agoreplace atoi(3) usage with strtonum(3); ok/tweaks tb@
op [Mon, 26 Aug 2024 22:01:28 +0000 (22:01 +0000)]
replace atoi(3) usage with strtonum(3); ok/tweaks tb@

2 months agoreplace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@
op [Mon, 26 Aug 2024 22:00:47 +0000 (22:00 +0000)]
replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@

2 months agoreplace hand-rolled number parser with strtonum
op [Mon, 26 Aug 2024 21:34:32 +0000 (21:34 +0000)]
replace hand-rolled number parser with strtonum

original report by Collin Funk
ok bluhm, millert

2 months agofortune files are no longer being rot13d;
jmc [Mon, 26 Aug 2024 20:12:33 +0000 (20:12 +0000)]
fortune files are no longer being rot13d;

2 months ago- remove the "real" dance. there is no longer a need for it.
jmc [Mon, 26 Aug 2024 20:10:53 +0000 (20:10 +0000)]
- remove the "real" dance. there is no longer a need for it.

- do not install the offensive files rotated 13 chars, as suggested by deraadt.
it hardly makes sense, and only one of the "potentially offensive" files
was being treated this way anyway

- simplify the makefile to catch up with all this

- update NOTES to catch up with all this

- the notes in README pertaining to not installing the offensive files is no
longer relevant, so remove it, as suggested by millert

2 months agovirtio: Introduce dedicated attach args
sf [Mon, 26 Aug 2024 19:37:54 +0000 (19:37 +0000)]
virtio: Introduce dedicated attach args

Instead of abusing virtio_softc as attach args, create a separate
struct. Use it to pass the number of available interrupts. This will be
useful for vio(4) multi-queue support.

ok jan@

2 months agovio(4): Fix hardmtu without MRG_RXBUF
sf [Mon, 26 Aug 2024 19:24:02 +0000 (19:24 +0000)]
vio(4): Fix hardmtu without MRG_RXBUF

Without VIRTIO_NET_F_MRG_RXBUF, we cannot chain several buffers together
and we can only receive packets up to the length of the buffers we put
into the ring.

OK bluhm@

2 months agots.c: typo flaf -> flag
tb [Mon, 26 Aug 2024 18:40:50 +0000 (18:40 +0000)]
ts.c: typo flaf -> flag

2 months agoReplace recallocarray() with a realloc() + memset() combo.
claudio [Mon, 26 Aug 2024 13:57:34 +0000 (13:57 +0000)]
Replace recallocarray() with a realloc() + memset() combo.

recallocarray(), with its guarantee that memory becoming unallocated is
explicitly discarded, is too slow. In rpki-client forming one particular
ibuf takes more then 4mins because every recallocarray() call ends up
doing a fresh malloc + memcpy + freezero call.
For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid
any memory reallocations.
OK tb@

2 months agoRearrange #ifdef TCP_SIGNATURE to keep braces balanced.
bluhm [Mon, 26 Aug 2024 13:55:14 +0000 (13:55 +0000)]
Rearrange #ifdef TCP_SIGNATURE to keep braces balanced.

2 months agoUse strtonum instead of atoi.
nicm [Mon, 26 Aug 2024 13:02:15 +0000 (13:02 +0000)]
Use strtonum instead of atoi.

2 months agoTest bitstring macro evaluation.
bluhm [Mon, 26 Aug 2024 12:15:40 +0000 (12:15 +0000)]
Test bitstring macro evaluation.

For all bitstring macros, add a test with side effects in the
arguments.  Also fix compiler warnings and wrap long line.  In
main() replace exit(0) with return(0) to check stack canary.  Create
expected test files with make target create-good.

OK florian deraadt@

2 months agoEvaluate arguments of bitstring macros only once.
bluhm [Mon, 26 Aug 2024 11:52:54 +0000 (11:52 +0000)]
Evaluate arguments of bitstring macros only once.

According to bit_alloc(3) man page the arguments to bitstring macros
are evaluated only once and may safely have side effects.  Fix the
implementation with temporary variables to fulfill this requirement.

OK florian@ deraadt@

2 months agostyle(9) fix. No functional changes.
mvs [Mon, 26 Aug 2024 08:24:25 +0000 (08:24 +0000)]
style(9) fix. No functional changes.

2 months agoC-h should not be treated specially and represented internally as \b but
nicm [Mon, 26 Aug 2024 07:45:05 +0000 (07:45 +0000)]
C-h should not be treated specially and represented internally as \b but
as C-h like the other Ctrl keys. Backspace is already handled separately
if it VERASE.

2 months agoPass the screen_redraw_ctx struct into more functions instead of
nicm [Mon, 26 Aug 2024 07:34:40 +0000 (07:34 +0000)]
Pass the screen_redraw_ctx struct into more functions instead of
individual arguments (for example for the pane status), from Michael
Grant.

2 months agoClient flags was changed to uint64_t a while ago, fix a few cases where
nicm [Mon, 26 Aug 2024 07:30:46 +0000 (07:30 +0000)]
Client flags was changed to uint64_t a while ago, fix a few cases where
it is still int (do not matter now but will with some new flags). From
Michael Grant.

2 months agoAdd window_pane_mode helper function to tell if a pane is in copy mode,
nicm [Mon, 26 Aug 2024 07:14:40 +0000 (07:14 +0000)]
Add window_pane_mode helper function to tell if a pane is in copy mode,
from Michael Grant.

2 months agoAdd copy-mode -d flag to scroll a page down if in copy mode already,
nicm [Mon, 26 Aug 2024 07:09:34 +0000 (07:09 +0000)]
Add copy-mode -d flag to scroll a page down if in copy mode already,
from Michael Grant.

2 months agoUse i2s instead of hard coding the imsg type. Suggested by tb.
florian [Mon, 26 Aug 2024 06:06:04 +0000 (06:06 +0000)]
Use i2s instead of hard coding the imsg type. Suggested by tb.

2 months agoerrno is unset, use fatalx(3) instead of fatal(3).
florian [Mon, 26 Aug 2024 06:05:05 +0000 (06:05 +0000)]
errno is unset, use fatalx(3) instead of fatal(3).

2 months agoBe stricter in what we accept from the main process.
florian [Mon, 26 Aug 2024 06:04:24 +0000 (06:04 +0000)]
Be stricter in what we accept from the main process.

While here mention function where fatalx(3) occurred like everywhere
else.

Suggested by & OK tb

2 months agoannoying whitespace found during an audit process
deraadt [Mon, 26 Aug 2024 03:49:06 +0000 (03:49 +0000)]
annoying whitespace found during an audit process

2 months agoreplace multiple '.arch armv8.3-a' with a pauth target attribute
jsg [Mon, 26 Aug 2024 03:37:56 +0000 (03:37 +0000)]
replace multiple '.arch armv8.3-a' with a pauth target attribute
'no objection' kettenis@

2 months agotypo
miod [Sun, 25 Aug 2024 19:57:33 +0000 (19:57 +0000)]
typo

2 months agomake activate function confirm to the common idiom; ok miod
deraadt [Sun, 25 Aug 2024 14:51:33 +0000 (14:51 +0000)]
make activate function confirm to the common idiom; ok miod

2 months agoDo not peek inside of struct imsg.
florian [Sun, 25 Aug 2024 09:53:53 +0000 (09:53 +0000)]
Do not peek inside of struct imsg.

input & OK tb

2 months agoSince netstart r1.208 (2020), it no longer applies /etc/myname
tb [Sun, 25 Aug 2024 09:32:08 +0000 (09:32 +0000)]
Since netstart r1.208 (2020), it no longer applies /etc/myname

Change Xr from netstart to rc.

From Christian Schulte, ok florian

2 months agosin6_to_str and i2s take a single argument.
florian [Sun, 25 Aug 2024 07:04:05 +0000 (07:04 +0000)]
sin6_to_str and i2s take a single argument.

Pointed out by tb

2 months agoPASSTHROUGH -> FALLTHROUGH
jsg [Sun, 25 Aug 2024 05:43:36 +0000 (05:43 +0000)]
PASSTHROUGH -> FALLTHROUGH
ok ratchov@

2 months agoMore precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare.
tb [Sat, 24 Aug 2024 19:31:09 +0000 (19:31 +0000)]
More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare.
The existing description was lacking and incorrect, respectively.

2 months agoSimplify engine_showinfo_ctl()
florian [Sat, 24 Aug 2024 16:35:05 +0000 (16:35 +0000)]
Simplify engine_showinfo_ctl()

It only handles one imsg type these days, so it doesn't need to peek
into struct imsg at all.

pointed out by & OK tb

2 months agoStop peeking into struct imsg when relaying control messages.
florian [Sat, 24 Aug 2024 16:34:23 +0000 (16:34 +0000)]
Stop peeking into struct imsg when relaying control messages.

pointed out by & OK tb

2 months agoconf_def.c: add two trailing commas
tb [Sat, 24 Aug 2024 12:08:49 +0000 (12:08 +0000)]
conf_def.c: add two trailing commas

2 months agoRemove documentation for no longer existing or mostly unused allocators.
mpi [Sat, 24 Aug 2024 10:47:59 +0000 (10:47 +0000)]
Remove documentation for no longer existing or mostly unused allocators.

ok guenther@

2 months agoPlace uvm_km_zalloc(9) under #ifdef __i386__.
mpi [Sat, 24 Aug 2024 10:46:43 +0000 (10:46 +0000)]
Place uvm_km_zalloc(9) under #ifdef __i386__.

This allocator is only used by a single pmap which will be hopefully
converted.

Suggested by guenther@

2 months agoKill uvm_km_alloc(9) and uvm_km_alloc1(9).
mpi [Sat, 24 Aug 2024 10:38:44 +0000 (10:38 +0000)]
Kill uvm_km_alloc(9) and uvm_km_alloc1(9).

ok guenther@

2 months agoDo not peek inside of struct imsg.
florian [Sat, 24 Aug 2024 09:44:41 +0000 (09:44 +0000)]
Do not peek inside of struct imsg.

While here use i2s helper function for error logging.

OK tb

2 months agoHelper function for logging imsg type names.
florian [Sat, 24 Aug 2024 09:42:40 +0000 (09:42 +0000)]
Helper function for logging imsg type names.

OK tb as part of a larger diff

2 months agoX509at_get_attr: zap trailing comma.
tb [Sat, 24 Aug 2024 09:23:09 +0000 (09:23 +0000)]
X509at_get_attr: zap trailing comma.

reminded by mandoc -Tlint

2 months agosync
tb [Sat, 24 Aug 2024 09:16:12 +0000 (09:16 +0000)]
sync

2 months agoLibreSSL no longer supports adding X.501 attributes to an EVP_PKEY
tb [Sat, 24 Aug 2024 09:15:36 +0000 (09:15 +0000)]
LibreSSL no longer supports adding X.501 attributes to an EVP_PKEY

Remove the corresponding documentation.

2 months agosync
tb [Sat, 24 Aug 2024 09:08:38 +0000 (09:08 +0000)]
sync

2 months agoChange DHCP_SYNC_LEASE messages from log_info to log_debug, they result
sthen [Sat, 24 Aug 2024 08:35:24 +0000 (08:35 +0000)]
Change DHCP_SYNC_LEASE messages from log_info to log_debug, they result
in quite a lot of noise in a typical dhcpd sync setup.

From MichaƂ Markowski, ok florian

2 months agoSwitch UI_UTIL_read_pw* to LCRYPTO_UNUSED()
tb [Sat, 24 Aug 2024 07:51:19 +0000 (07:51 +0000)]
Switch UI_UTIL_read_pw* to LCRYPTO_UNUSED()

ok jsing

2 months agoNeuter the completely broken UI_UTIL_read_pw* API
tb [Sat, 24 Aug 2024 07:50:23 +0000 (07:50 +0000)]
Neuter the completely broken UI_UTIL_read_pw* API

Return 0 on success, return <= 0 on failure. Sigh. In particular, if an
allocation failed, the password that no one entered was considered valid.

ok jsing

2 months agoRemove documentation of UI_UTIL_read_pw*
tb [Sat, 24 Aug 2024 07:48:37 +0000 (07:48 +0000)]
Remove documentation of UI_UTIL_read_pw*

According to some, a fail-open password verification function is par for
the course for libcrypto. Unfortunately, we have been recommending its use
over similarly named EVP functions after what amounted to a coin toss a
few years back. Luckily enough, no one followed that advice and we can
soon remove this API for good.

2 months agoMake clear it's about *ship* parts when you list the quiz(6) subjects.
mglocker [Sat, 24 Aug 2024 07:04:29 +0000 (07:04 +0000)]
Make clear it's about *ship* parts when you list the quiz(6) subjects.

ok jmc@

2 months agospelling
jsg [Sat, 24 Aug 2024 06:45:26 +0000 (06:45 +0000)]
spelling

2 months agothe index is alphabetically sorted;
jmc [Sat, 24 Aug 2024 05:35:28 +0000 (05:35 +0000)]
the index is alphabetically sorted;

2 months agosync
deraadt [Fri, 23 Aug 2024 23:45:34 +0000 (23:45 +0000)]
sync

2 months agoEnable per-cpu page cache; tested on Octeon.
miod [Fri, 23 Aug 2024 19:47:13 +0000 (19:47 +0000)]
Enable per-cpu page cache; tested on Octeon.

2 months agoSwitch alpha to MI mplock code.
miod [Fri, 23 Aug 2024 18:45:28 +0000 (18:45 +0000)]
Switch alpha to MI mplock code.

2 months agoThe greek quiz is so obscure that it is ridiculous -- noone can play
deraadt [Fri, 23 Aug 2024 17:29:08 +0000 (17:29 +0000)]
The greek quiz is so obscure that it is ridiculous -- noone can play
this.  Replace it with a new quiz about galley (ship) parts.  This
commit changes the *LAST UNMODIFIED ORIGINAL FILE* (meaning revision
1.1.1.1) from the original import that created OpenBSD on Oct 18,
1995.  With this commit, we have completed an amusing mission of
replacing the final parts of the original OpenBSD.

We have reached OpenBSD of Theseus.

ideas & assistance from mglocker, naval terminology help from jmc

2 months agoPutting Xs into squares is all the rage with statisticians. We should
florian [Fri, 23 Aug 2024 17:19:16 +0000 (17:19 +0000)]
Putting Xs into squares is all the rage with statisticians. We should
test that they can use bitstring macros for that.

with & OK deraadt
OK bluhm

2 months agoSpeed up script by using awk(1).
mglocker [Fri, 23 Aug 2024 15:22:59 +0000 (15:22 +0000)]
Speed up script by using awk(1).

Discussed with deraadt@

2 months agoMake sure pmap_kernel's mutex field gets correctly initialized rather than
miod [Fri, 23 Aug 2024 15:14:45 +0000 (15:14 +0000)]
Make sure pmap_kernel's mutex field gets correctly initialized rather than
bss initialized.

2 months agoGenerate tabset files using a script. ok deraadt millert
nicm [Fri, 23 Aug 2024 15:13:58 +0000 (15:13 +0000)]
Generate tabset files using a script. ok deraadt millert

2 months agoFix some program names that were not expanded correctly when ncurses was
nicm [Fri, 23 Aug 2024 15:10:40 +0000 (15:10 +0000)]
Fix some program names that were not expanded correctly when ncurses was
updated and were instead replaced by ?. ok millert

2 months agoslight improvement to index file parsing; ok mlarkin
deraadt [Fri, 23 Aug 2024 14:50:16 +0000 (14:50 +0000)]
slight improvement to index file parsing; ok mlarkin

2 months agoIgnore internal function keys if they have not got an entry in the key
nicm [Fri, 23 Aug 2024 13:25:39 +0000 (13:25 +0000)]
Ignore internal function keys if they have not got an entry in the key
table.

2 months agoRemove unwanted trailing newlines from err/warn format strings.
anton [Fri, 23 Aug 2024 12:56:26 +0000 (12:56 +0000)]
Remove unwanted trailing newlines from err/warn format strings.

2 months agoCheck for exact match for layout name before looking for a prefix match.
nicm [Fri, 23 Aug 2024 10:19:06 +0000 (10:19 +0000)]
Check for exact match for layout name before looking for a prefix match.

2 months agoRemove use of CSP/LMK in pkcs12 create/verify tests
tb [Fri, 23 Aug 2024 04:57:12 +0000 (04:57 +0000)]
Remove use of CSP/LMK in pkcs12 create/verify tests

reminded by ... anton

2 months agoAs defined in the RFC, the SSH protocol has negotiable compression support
deraadt [Fri, 23 Aug 2024 04:51:00 +0000 (04:51 +0000)]
As defined in the RFC, the SSH protocol has negotiable compression support
(which is requested as the name "zlib"). Compression starts very early in
the session.
Relative early in OpenSSH lifetime, privsep was added to sshd, and this
required a shared-memory hack so the two processes could see what was going
on in the dataflow.  This shared-memory hack was soon recognized as a tremendous
complexity risk, because it put libz (which very much trusts it's memory)
in a dangerous place, and a new option ("zlib@openssh.com") was added begins
compression after authentication (aka delayed-compression).  That change
also permitted removal of the shared-memory hack.
Despite removal from the server, the old "zlib" support remained in the
client, to allow negotiation with non-OpenSSH daemons which lack the
delayed-compression option.
This commit deletes support for the older "zlib" option in the client.
It reduces our featureset in a small way, and encourages other servers
to move to a better design.
The SSH protocol is different enough that compressed-key-material attacks
like BEAST are unlikely, but who wants to take the chance?
We encourage other ssh servers who care about optional compression support
to add delayed-zlib support.  (Some already do "zlib@openssh.com")
ok djm markus

2 months agoadd rcsid markers so that we can visually see the flurry of commits in
deraadt [Fri, 23 Aug 2024 04:26:11 +0000 (04:26 +0000)]
add rcsid markers so that we can visually see the flurry of commits in
this area
ok mlarkin

2 months agoadd the dumbest #-comment parser for the Game_List parser, someone
deraadt [Fri, 23 Aug 2024 04:25:46 +0000 (04:25 +0000)]
add the dumbest #-comment parser for the Game_List parser, someone
else can improve this later.  My code is not substandard considering
what I saw.

2 months agoadd rcsid markers so that we can visually see the flurry of commits in
deraadt [Fri, 23 Aug 2024 04:21:18 +0000 (04:21 +0000)]
add rcsid markers so that we can visually see the flurry of commits in
this area
ok mlarkin

2 months agofix spelling of sequence
tb [Fri, 23 Aug 2024 04:19:40 +0000 (04:19 +0000)]
fix spelling of sequence

ok mglocker

2 months agoatc(6): update ORD marker beacon information
mlarkin [Fri, 23 Aug 2024 03:43:33 +0000 (03:43 +0000)]
atc(6): update ORD marker beacon information

ok deraadt@

2 months agoprobition is over. most people want want to laugh at lightly
deraadt [Fri, 23 Aug 2024 03:25:32 +0000 (03:25 +0000)]
probition is over.  most people want want to laugh at lightly
offensive things.
suggested it is time by millert

2 months agothese tests only print strerror result, which can be confusing to look up.
deraadt [Fri, 23 Aug 2024 02:49:20 +0000 (02:49 +0000)]
these tests only print strerror result, which can be confusing to look up.
print errno also.

2 months agomust use sh to run the script, because /usr/src may be noexec
deraadt [Fri, 23 Aug 2024 02:46:09 +0000 (02:46 +0000)]
must use sh to run the script, because /usr/src may be noexec

2 months agoFix KERN_AUDIO broken in rev 1.440.
mvs [Fri, 23 Aug 2024 01:31:04 +0000 (01:31 +0000)]
Fix KERN_AUDIO broken in rev 1.440.

2 months agoFALLTROUGH -> FALLTHROUGH
jsg [Fri, 23 Aug 2024 01:23:50 +0000 (01:23 +0000)]
FALLTROUGH -> FALLTHROUGH

2 months agoFALLTHROUHG -> FALLTHROUGH
jsg [Fri, 23 Aug 2024 01:19:33 +0000 (01:19 +0000)]
FALLTHROUHG -> FALLTHROUGH

2 months agocron: use strtonum() and tighter limits on step values
millert [Fri, 23 Aug 2024 00:58:04 +0000 (00:58 +0000)]
cron: use strtonum() and tighter limits on step values

Using strtonum() instead of atoi() gives us an extra layer of bounds
checking for free while parsing an entry.  This is in addition to
the existing bounds checking in set_range().  The step value is now
limited to the maximum range for an entry.  If the field consists
of a range, the step must not be larger than the difference between
the high and low parts of the range.  OK deraadt@

2 months agoChange SIGCHLD handler to just set a flag.
millert [Fri, 23 Aug 2024 00:43:34 +0000 (00:43 +0000)]
Change SIGCHLD handler to just set a flag.
We already call reap_kids() in multiple event loops so there is no
need to call waitpid() inside the handler itself.
OK denis@ deraadt@

2 months agosntrup761x25519-sha512 now has an IANA codepoint assigned,
djm [Thu, 22 Aug 2024 23:11:30 +0000 (23:11 +0000)]
sntrup761x25519-sha512 now has an IANA codepoint assigned,
so we can make the algorithm available without the @openssh.com
suffix too. ok markus@ deraadt@

2 months agoPKCS12_create(3): remove Xr to EVP_PKEY_add1_attr(3)
tb [Thu, 22 Aug 2024 12:26:01 +0000 (12:26 +0000)]
PKCS12_create(3): remove Xr to EVP_PKEY_add1_attr(3)

This API family has been neutered and will be removed in the next bump.
Further cross references will be untangled in the future.

2 months agoGarbage collect unused attributes member from EVP_PKEY
tb [Thu, 22 Aug 2024 12:24:24 +0000 (12:24 +0000)]
Garbage collect unused attributes member from EVP_PKEY

ok miod

2 months agoRemove copy_bag_attr()
tb [Thu, 22 Aug 2024 12:22:42 +0000 (12:22 +0000)]
Remove copy_bag_attr()

It is no longer possible to set an attribute on an EVP_PKEY, so this
code is dead.

ok miod

2 months agoNeuter EVP_PKEY_add1_attr_by_NID()
tb [Thu, 22 Aug 2024 12:21:07 +0000 (12:21 +0000)]
Neuter EVP_PKEY_add1_attr_by_NID()

The last consumer in openssl(1) pkcs12 has been removed, so we no longer
need this function.

ok miod

2 months agoopenssl: adjust manual for LMK and CSP removal
tb [Thu, 22 Aug 2024 12:15:07 +0000 (12:15 +0000)]
openssl: adjust manual for LMK and CSP removal

2 months agoopenssl pkcs12: remove support for LMK and CSP attributes
tb [Thu, 22 Aug 2024 12:14:33 +0000 (12:14 +0000)]
openssl pkcs12: remove support for LMK and CSP attributes

Documentation on what the Microsoft-specific local machine keyset and the
cryptographic service provider are actually good for is hard to find. For
some reason (perhaps one million and two arguments for PKCS12_create() was
considered two too many) these hang off the EVP_PKEY in the attributes
member, which serves no other purpose.

Every use of EVP_PKEY (of which there are far too many) pays extra memory
taxes for this fringe use case. This complication is not worth it.

ok miod

2 months agoFix merge of bounce buffer segments in amd64 bus dma.
bluhm [Thu, 22 Aug 2024 11:36:24 +0000 (11:36 +0000)]
Fix merge of bounce buffer segments in amd64 bus dma.

If the physical pages are contiguous, _bus_dmamap_load_buffer()
tries to merge the segments.  In case of mbuf chains, it can happen
that the physical bounce buffers are contiguous, but the virtual
addresses of mbuf m_data are not.  Then during transmit _bus_dmamap_sync()
tries to copy segments where it cannot access the virtual source
address which is mapped in a different mbuf.  So if bounce buffers
are used, physical and virtual buffer must be contigous, to merge
a segment.
While there, split check and decrement of variable i in a for loop
to make the code readable.

with and OK hshoexer@

2 months agoUnlock unlock ipip_sysctl().
mvs [Thu, 22 Aug 2024 10:58:31 +0000 (10:58 +0000)]
Unlock unlock ipip_sysctl().

- IPIPCTL_ALLOW - atomically accessed integer;
- IPIPCTL_STATS - per-CPU counters;

In ipip_input() load `ipip_allow' value to `ipip_allow_local' and pass
it down to ipip_input_if() as `allow' arg.

ok bluhm

2 months agoUse aes128-ctr for MAC tests since default has implicit MAC.
dtucker [Thu, 22 Aug 2024 10:21:02 +0000 (10:21 +0000)]
Use aes128-ctr for MAC tests since default has implicit MAC.
Also verify that the Cipher or MAC we intended to use is actually the one
selected during the test.

2 months agoIntroduce sysctl_securelevel() to modify `securelevel' mp-safe. Keep
mvs [Thu, 22 Aug 2024 10:08:25 +0000 (10:08 +0000)]
Introduce sysctl_securelevel() to modify `securelevel' mp-safe. Keep
KERN_SECURELVL locked until existing `securelevel' checks became moved
out of kernel lock.

Make sysctl_securelevel_int() mp-safe by using atomic_load_int(9) to
unlocked read-only access for `securelevel'.

Unlock KERN_ALLOWDT. `allowdt' is the atomically accessed integer used
only once in dtopen().

ok mpi

2 months agosync manual section numbers
jsg [Thu, 22 Aug 2024 10:00:16 +0000 (10:00 +0000)]
sync manual section numbers

2 months agoClear overlay when command prompt is entered. Also fix some spacing in
nicm [Thu, 22 Aug 2024 09:05:51 +0000 (09:05 +0000)]
Clear overlay when command prompt is entered. Also fix some spacing in
man page pointed out by jmc.

2 months agoFix answer.
florian [Thu, 22 Aug 2024 08:44:22 +0000 (08:44 +0000)]
Fix answer.

2,$-1g/^/.,.1j does not combine every even-numbered line with the next
odd-numbered line. One correct way is 2,$-1g/^/.,+1j

Pointed out by ed1conf on mastodon.

2 months agoospfd: fix whitespace error introduced in previous
tb [Thu, 22 Aug 2024 08:34:51 +0000 (08:34 +0000)]
ospfd: fix whitespace error introduced in previous

2 months agolldb: shut up the warning message on quit debugging kernel core file.
asou [Thu, 22 Aug 2024 08:22:13 +0000 (08:22 +0000)]
lldb: shut up the warning message on quit debugging kernel core file.

The diff from Yuichiro NAITO.

ok yasuoka

2 months agoinet_pton returns 0 and -1 for error.
florian [Thu, 22 Aug 2024 08:17:54 +0000 (08:17 +0000)]
inet_pton returns 0 and -1 for error.

Adjust the error check that is now wrong after the inet_aton -> inet_pton
conversion.

Noticed by & OK bluhm.
OK tb

2 months agoMechanically change inet_aton to inet_pton.
florian [Thu, 22 Aug 2024 07:56:47 +0000 (07:56 +0000)]
Mechanically change inet_aton to inet_pton.

npppd does not document that it would accept truncated or otherwise
not fully spelled out IPv4 addresses.

ok yasuoka