mlarkin [Wed, 11 Jul 2018 18:08:05 +0000 (18:08 +0000)]
Detect vmm(4) in the bootloader and automatically switch to the serial
console at 115200 baud.
ok deraadt
kn [Wed, 11 Jul 2018 18:06:25 +0000 (18:06 +0000)]
Prevent invalid interface specifiers on queue rules
pf.conf(5) states that queues attach to actual interfaces only, yet the
following parses:
# echo queue eq on egress bandwidth 1G default | pfctl -f-
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
# echo queue rq on rdomain 0 bandwidth 1G default | pfctl -vf-
queue rq bandwidth 1G default
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
On rdomains, ifa_exists() returns NULL.
On interface groups, ifa_exists() returns non-NULL but af is never set
to AF_LINK.
OK henning sashan
nayden [Wed, 11 Jul 2018 18:04:18 +0000 (18:04 +0000)]
adding __func__ identifier to panic() calls in vmm.c for amd64 and i386
ok mlarkin@
kn [Wed, 11 Jul 2018 17:44:57 +0000 (17:44 +0000)]
Prevent updating async option on softdep mount
`mount -uo async,nosoftdep /mnt' would set "async" but keep "softdep"
untouched on a read/write mount.
OK deraadt krw beck bluhm
claudio [Wed, 11 Jul 2018 17:35:07 +0000 (17:35 +0000)]
Bump some of the hash table size to more resonable numbers.
Still probably not optimal but less bad.
florian [Wed, 11 Jul 2018 17:32:05 +0000 (17:32 +0000)]
Send a RA with router lifetime of 0 when an interface is removed from
the config.
RFC 4861, 6.2.5:
[...] the router SHOULD transmit one or more (but not more than
MAX_FINAL_RTR_ADVERTISEMENTS) final multicast Router Advertisements on
the interface with a Router Lifetime field of zero.
jmc [Wed, 11 Jul 2018 17:21:57 +0000 (17:21 +0000)]
remove useless macro;
espie [Wed, 11 Jul 2018 16:53:14 +0000 (16:53 +0000)]
"running tags"
reyk [Wed, 11 Jul 2018 16:43:24 +0000 (16:43 +0000)]
sort tokens
naddy [Wed, 11 Jul 2018 16:38:03 +0000 (16:38 +0000)]
do not pick up groff from /usr/local/bin in configure, noticed by benno@;
ok benno@ jca@
reyk [Wed, 11 Jul 2018 16:37:31 +0000 (16:37 +0000)]
style - indent each case statement in a switch.
claudio [Wed, 11 Jul 2018 16:35:37 +0000 (16:35 +0000)]
Print out the hash info sent by the RDE in bgpctl show rib mem
OK phessler@ benno@
claudio [Wed, 11 Jul 2018 16:34:36 +0000 (16:34 +0000)]
On IMSG_CTL_SHOW_RIB_MEM also send back information of some of the
hash structures used in the RDE. Makes it fairly obvious that more
is needed in that area.
OK phessler@ benno@
beck [Wed, 11 Jul 2018 16:25:39 +0000 (16:25 +0000)]
test changed stat lying semantics - we don't lie about files
remi [Wed, 11 Jul 2018 15:41:19 +0000 (15:41 +0000)]
Print the rdomain config option if present.
ok kn@ tb@ deraadt@ sthen@ jca@
kn [Wed, 11 Jul 2018 15:25:42 +0000 (15:25 +0000)]
Use AF_UNSPEC not 0
bluhm [Wed, 11 Jul 2018 14:57:58 +0000 (14:57 +0000)]
Some spaces have been removed from pfctl print. Adapt expected
output in regress.
deraadt [Wed, 11 Jul 2018 14:51:01 +0000 (14:51 +0000)]
retire the old cron socket path; ok jca millert
mlarkin [Wed, 11 Jul 2018 14:48:40 +0000 (14:48 +0000)]
Detect vmm(4) in the bootloader and automatically switch to the serial
console at 115200 baud.
tested by phessler and myself, ok deraadt
beck [Wed, 11 Jul 2018 14:35:37 +0000 (14:35 +0000)]
Regress update to match changes for chrome
sf [Wed, 11 Jul 2018 14:20:18 +0000 (14:20 +0000)]
Fix comment about VLAN encapsulation and checksum offload
Document that some chips actually could do hardware checksum offload for
encapsulated packets, though that would need special handling in those
drivers.
discussions and ok naddy@
benno [Wed, 11 Jul 2018 14:08:46 +0000 (14:08 +0000)]
add option "network ... priority number" to announce prefixes from the
kernel routing table selected by priority.
For example to import all ospfd/ospf6d routes into bgp.
tested by remi@
ok remi@ henning@ and maybe a little claudio@
florian [Wed, 11 Jul 2018 14:03:13 +0000 (14:03 +0000)]
Detect when a router advertisement packet changes due to config
change and if it does send a new advertisement.
The way this is implemented gives us various things for free:
- periodic sending of router advertisements
- send initial advertisement for every interface on startup
florian [Wed, 11 Jul 2018 14:01:44 +0000 (14:01 +0000)]
no longer needed
kn [Wed, 11 Jul 2018 13:57:53 +0000 (13:57 +0000)]
Sync comment
Makes it a tad easier to read through and compare with BN_swap_ct().
OK tb
reyk [Wed, 11 Jul 2018 13:19:47 +0000 (13:19 +0000)]
Add -w option to vmctl stop to wait for completion of VM termination.
Use it in /etc/rc.d/vmd accordingly.
OK sthen@
mlarkin [Wed, 11 Jul 2018 13:19:42 +0000 (13:19 +0000)]
vmm(4): return proper cache topology for cpuid(0x4)
Make the cache neighbor fields match the number of VCPUs present
(currently 1)
ok reyk
claudio [Wed, 11 Jul 2018 13:08:00 +0000 (13:08 +0000)]
Retire RTM_LOSING, it no longer makes sense and on busy servers the
route socket is flooded with those messages. Instead maek sure that the
removal of the dynamic route that can happen is actually also sent to
the routing socket.
OK mpi@ henning@
claudio [Wed, 11 Jul 2018 13:06:16 +0000 (13:06 +0000)]
rtm_send() the cloned routes because of ICMP mtu changes. Until now
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
mlarkin [Wed, 11 Jul 2018 12:55:01 +0000 (12:55 +0000)]
vmm(4): respect argument size when reading from undefined ports.
mlarkin [Wed, 11 Jul 2018 12:45:01 +0000 (12:45 +0000)]
vmm(4): small cleanup in vm_rwregs.
Clarify error values and change a panic into a debug printf (which will
in turn just kill the VM).
martijn [Wed, 11 Jul 2018 12:38:46 +0000 (12:38 +0000)]
Drop a const-bomb on regexec. It's probably not a good idea to remove a
const promise when processing it in the regex engine.
Minor tweak and OK schwarze@
krw [Wed, 11 Jul 2018 12:21:37 +0000 (12:21 +0000)]
When in incremental search handle ^M (a.k.a. <cr>) like ^[ (a.k.a.
<esc>). i.e. exit incremental search and set the mark. This is what
emacs does.
pointers, suggestions and ok florian@
remi [Wed, 11 Jul 2018 12:09:34 +0000 (12:09 +0000)]
Change the control socket to ospfd.sock.<rdomain>.
ok friehm@ jca@
schwarze [Wed, 11 Jul 2018 11:42:17 +0000 (11:42 +0000)]
After opening all the needed files, tighten the pledge(2)
from "stdio rpath" to just "stdio", before parsing any user data.
It may not matter that much just yet, but parsing will become
slightly more complicated soon when i shall add UTF-8 handling.
OK millert@
henning [Wed, 11 Jul 2018 11:39:31 +0000 (11:39 +0000)]
the STATE_LOOKUP macro made sense ages ago. It stopped making sense
when we moved most of the functionality into a function. g/c the macro
and just call the function. ok mpi jca
schwarze [Wed, 11 Jul 2018 11:35:06 +0000 (11:35 +0000)]
Repair the regression introduced by the recent refactoring
revision 1.11 date: 2004/07/03 21:00:37;
for -p/-P, the argument was no longer parsed, causing segfaults.
OK millert@
reyk [Wed, 11 Jul 2018 10:31:45 +0000 (10:31 +0000)]
Rename function to vmd_check_vmh
remi [Wed, 11 Jul 2018 10:23:47 +0000 (10:23 +0000)]
remove wrong comment
ok jca@ tb@
espie [Wed, 11 Jul 2018 09:57:59 +0000 (09:57 +0000)]
allow default from state
espie [Wed, 11 Jul 2018 09:54:49 +0000 (09:54 +0000)]
allow state->new to deduce the command name from $0
reyk [Wed, 11 Jul 2018 09:35:44 +0000 (09:35 +0000)]
Add -f option to vmctl stop to forcefully kill a VM.
This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.
OK ccardenas@ mlarkin@ benno@ kn@
henning [Wed, 11 Jul 2018 09:08:21 +0000 (09:08 +0000)]
in if_addgroup(), call the new pfi_group_addmember() instead of
pf_group_change() - the latter is called by _addmemeber now to update dynaddr.
before this, "set skip on lo", ifconfig lo1 create -> no skip on lo1 until
pf rueset got reloaded. Now lo1 gets the skip flag as intended. This has
caused much confusion with i. e. gif interfaces in the past.
ok benno, very excited ok phessler
mpi [Wed, 11 Jul 2018 09:07:59 +0000 (09:07 +0000)]
Convert AH & IPcomp to ipsec_input_cb() and count drops on input.
ok markus@
henning [Wed, 11 Jul 2018 09:05:51 +0000 (09:05 +0000)]
provide pfi_group_addmember(), which makes the new member interface inherit
set flags from the group. ok phessler benno
florian [Wed, 11 Jul 2018 08:47:03 +0000 (08:47 +0000)]
there is nothing secret about rad.conf
tb [Wed, 11 Jul 2018 08:42:38 +0000 (08:42 +0000)]
Document behavior change of EC_POINTs_mul(3) from EC constant time changes.
ok beck on earlier version, markup help from Schwarze.
florian [Wed, 11 Jul 2018 08:31:48 +0000 (08:31 +0000)]
Don't hide errors when IPv6 forwarding is not enabled.
OK(failed) phessler
OK deraadt
nicm [Wed, 11 Jul 2018 08:29:21 +0000 (08:29 +0000)]
Expand formats in load-buffer and save-buffer.
martijn [Wed, 11 Jul 2018 08:19:35 +0000 (08:19 +0000)]
s/wuth/with/ in comment
deraadt [Wed, 11 Jul 2018 07:59:16 +0000 (07:59 +0000)]
sync
krw [Wed, 11 Jul 2018 07:39:22 +0000 (07:39 +0000)]
Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
tb [Wed, 11 Jul 2018 07:38:00 +0000 (07:38 +0000)]
Turn yesterday's optimistic ! in an XXX comment into a more cautious ?
martijn [Wed, 11 Jul 2018 07:03:03 +0000 (07:03 +0000)]
Using resolved after realpath(3) has failed is dangerous. Don't do it!
Minor tweak and OK jca@
OK beck@ deraadt@
martijn [Wed, 11 Jul 2018 06:57:18 +0000 (06:57 +0000)]
Make the output of the list command more sensible for the output device.
We now output $COLUMNS - 8 characters of the string and a newline.
This is similar to the behaviour in ed(1).
Discussed with and OK schwarze@
nicm [Wed, 11 Jul 2018 06:51:39 +0000 (06:51 +0000)]
Helper function to shorten history.
jmatthew [Wed, 11 Jul 2018 06:48:58 +0000 (06:48 +0000)]
implement media type detection and forcing of link speed, lightly tested
with a variety of 10g optics.
martijn [Wed, 11 Jul 2018 06:47:38 +0000 (06:47 +0000)]
Rephrase the wording on the replacement string of the substitute command.
Cover more cases with less wording.
Joint work with schwarze@
OK millert@
nicm [Wed, 11 Jul 2018 06:43:45 +0000 (06:43 +0000)]
Add function comments.
jmatthew [Wed, 11 Jul 2018 06:43:30 +0000 (06:43 +0000)]
move declarations of hwrm message functions up to the top and make them
non-static.
jmatthew [Wed, 11 Jul 2018 06:39:57 +0000 (06:39 +0000)]
don't bother checking the rx index matches what we expect, it works
properly.
martijn [Wed, 11 Jul 2018 06:39:23 +0000 (06:39 +0000)]
Remove an old and false comment. REALLOC now free(3)s the code if realloc
fails.
OK millert@
jmc [Wed, 11 Jul 2018 06:16:50 +0000 (06:16 +0000)]
zap trailing whitespace;
tb [Wed, 11 Jul 2018 06:16:40 +0000 (06:16 +0000)]
Update EC regression tests.
Part of https://github.com/libressl-portable/openbsd/pull/94
from Billy Brumley and his team.
ok jsing
florian [Tue, 10 Jul 2018 22:14:19 +0000 (22:14 +0000)]
remove newd control leftovers
florian [Tue, 10 Jul 2018 22:13:16 +0000 (22:13 +0000)]
remove unused variable; pointed out by llvm
florian [Tue, 10 Jul 2018 22:12:43 +0000 (22:12 +0000)]
add ractl, the rad(8) control program
tb [Tue, 10 Jul 2018 22:06:14 +0000 (22:06 +0000)]
Indent labels by a space so they don't obliterate function names in diffs.
tb [Tue, 10 Jul 2018 21:55:49 +0000 (21:55 +0000)]
ECC constant time scalar multiplication support. First step in overhauling
the EC module.
From Billy Brumley and his team, via
https://github.com/libressl-portable/openbsd/pull/94
With tweaks from jsing and me.
ok jsing
tb [Tue, 10 Jul 2018 21:52:07 +0000 (21:52 +0000)]
Provide BN_swap_ct(), a constant time function that conditionally swaps
two bignums. It's saner and substantially less ugly than the existing
public BN_constantime_swap() function and will be used in forthcoming work
on constant time ECC code.
From Billy Brumley and his team. Thanks!
ok jsing
tb [Tue, 10 Jul 2018 21:36:02 +0000 (21:36 +0000)]
Factor out a bit of ugly code that truncates the digest to the order_bits
leftmost bits of a longer digest, according to FIPS 183-6, 6.4. Eliminate
a microoptimization that only converts the relevant part of the digest to
a bignum.
ok beck, jsing
friehm [Tue, 10 Jul 2018 21:21:56 +0000 (21:21 +0000)]
pledge(2)
Looks great! deraadt@
OK florian
OK remi@
reyk [Tue, 10 Jul 2018 21:12:20 +0000 (21:12 +0000)]
style (single-line ifs don't need braces)
tb [Tue, 10 Jul 2018 20:55:57 +0000 (20:55 +0000)]
$OpenBSD$
tb [Tue, 10 Jul 2018 20:53:30 +0000 (20:53 +0000)]
Now that all *_free() functions are NULL safe, we can generate the
freenull test from Symbols.list.
Suggested by jsing, discussed with beck and bluhm.
reyk [Tue, 10 Jul 2018 20:52:51 +0000 (20:52 +0000)]
Return the VM pid to the vmd parent. This pid field already existed
in the result but wasn't filled in by the vmm process. No functional
change.
reyk [Tue, 10 Jul 2018 20:46:50 +0000 (20:46 +0000)]
Remove a debug message
florian [Tue, 10 Jul 2018 20:44:39 +0000 (20:44 +0000)]
When an interface doesn't have a layer 2 address in6_get_soii_ifid()
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
florian [Tue, 10 Jul 2018 20:43:26 +0000 (20:43 +0000)]
When an interface doesn't have a layer 2 address in6_get_ifid()
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
reyk [Tue, 10 Jul 2018 20:43:15 +0000 (20:43 +0000)]
vmd already had DEBUG/DPRINTF, there is no need for VMD_DEBUG/dprintf
Replace all occurences of dprintf with DPRINTF (defined in proc.h).
claudio [Tue, 10 Jul 2018 20:30:31 +0000 (20:30 +0000)]
Remove raw_usrreq and raw_cb, nothing is using them anymore.
OK mpi@
claudio [Tue, 10 Jul 2018 20:28:34 +0000 (20:28 +0000)]
Remove net/raw_cb.h from includes and replace the RAWSNDQ, RAWRCVQ with
protocol specific ones.
OK mpi@
bluhm [Tue, 10 Jul 2018 20:21:53 +0000 (20:21 +0000)]
machine/fpu.h is not needed on amd64 and does not exist on i386.
Remove the include.
henning [Tue, 10 Jul 2018 19:28:35 +0000 (19:28 +0000)]
we were refering to 10k states by default here as well, pt out by claudio
henning [Tue, 10 Jul 2018 19:27:11 +0000 (19:27 +0000)]
where we were showing "set limit states 10000" make that 100k as well,
and adjust adaptive.start/end as well (just like in the code)
tb [Tue, 10 Jul 2018 17:45:52 +0000 (17:45 +0000)]
Fix a few, but not all, clang warnings: Use "%s" to print modifiable
strings, add a couple of braces, ansify a few functions, add and remove
a few extra parens.
ok jcs
kettenis [Tue, 10 Jul 2018 17:11:42 +0000 (17:11 +0000)]
Make legacy interrupts work in acpipci(4).
ok patrick@
tb [Tue, 10 Jul 2018 16:58:15 +0000 (16:58 +0000)]
+addsub
tb [Tue, 10 Jul 2018 16:57:50 +0000 (16:57 +0000)]
Add simple regression tests for BN_{,u}{add,sub}(3). With input from jca
henning [Tue, 10 Jul 2018 16:48:22 +0000 (16:48 +0000)]
The year is 2018.
Mercury, Bowie, Cash, Motorola and DEC all left us.
Just pf still has a default state table limit of 10000.
Had! Now it's a tiny little bit more, 100k.
lead guitar: me
ok chorus: phessler theo claudio benno
background school girl laughing: bob
krw [Tue, 10 Jul 2018 16:42:12 +0000 (16:42 +0000)]
"%%s: s" -> "%s: %s" in log_warn()
florian [Tue, 10 Jul 2018 16:39:54 +0000 (16:39 +0000)]
Import rad(8).
It's a Router Advertisement Daemon written using the standard 3
process privsep pattern and a parse.y based config file.
Commit early to continue work in tree.
OK jca
"it's totally rad" phessler@
"usr.sbin never runs out of space" deraadt@
reyk [Tue, 10 Jul 2018 16:15:51 +0000 (16:15 +0000)]
Tweak debug log messages
- Turn tracing messages into DPRINTF (only compiled with DEBUG).
- Pass __func__ to vm_stop and vm_remove: this way we can track who
called the function in the async context. It replaces the manual
log_debug in front of each vm_stop/vm_remove. This debug logging
trick can be removed in the future once we are more confident about
it.
OK ccardenas@ mlarkin@
jmc [Tue, 10 Jul 2018 16:01:48 +0000 (16:01 +0000)]
check-problems -> pkg_check-problems;
deraadt [Tue, 10 Jul 2018 16:01:26 +0000 (16:01 +0000)]
In asm.h ensure NENTRY uses the old-school nop-sled align, but change standard
ENTRY is a trapsled. Fix a few functions which fall-through into an ENTRY
macro. amd64 binaries now are free of double+-nop sequences (except for one
assember nit in aes-586.pl). Previous changes by guenther got us here.
ok mortimer kettenis
claudio [Tue, 10 Jul 2018 15:13:35 +0000 (15:13 +0000)]
rde_update_get_prefix() and friends should also verify the prefixlen.
This way the check can be removed from rde_update_dispatch() which is
just a duplicate of the general failure case of rde_update_get_prefix().
OK benno@ phessler@
rpe [Tue, 10 Jul 2018 14:22:36 +0000 (14:22 +0000)]
Tweak comments and explain some not so obvious things.
kn [Tue, 10 Jul 2018 13:11:38 +0000 (13:11 +0000)]
Error out if -netmask/-prefixlen does not follow the destination parameter
Since the address string comes last, `-prefixlen 56 2001:db8::' silently
installs a route for /64 since that's the currently implied prefix length.
The manual page already states that these options must follow the
destination parameter in order to have any effect.
Discussed at length with many
OK benno sthen bluhm jca
deraadt [Tue, 10 Jul 2018 13:09:29 +0000 (13:09 +0000)]
sync
kettenis [Tue, 10 Jul 2018 13:06:55 +0000 (13:06 +0000)]
Always use PSCI to enable secondary CPUs if it is detected.