openbsd
3 years agoUse message_set() instead of direct assignment to curr_message
tb [Sat, 6 Feb 2021 06:19:28 +0000 (06:19 +0000)]
Use message_set() instead of direct assignment to curr_message
to avoid leaking the current help text.

from Anindya Mukherjee

3 years agoRoll back the hostname->uname change in rev 1.10. It turns out
dtucker [Fri, 5 Feb 2021 22:03:40 +0000 (22:03 +0000)]
Roll back the hostname->uname change in rev 1.10.  It turns out
uname -n doesn't do what we need for some platforms in portable,
so we'll fix the original problem (that some other platforms don't
have hostname at all) by providing wrapper function to implement
it.

3 years agodisable autovol by default and set default volume to 127
jcs [Fri, 5 Feb 2021 17:59:33 +0000 (17:59 +0000)]
disable autovol by default and set default volume to 127

The previous behavior of automatically decreasing playback volume
when new programs start playing can be achieved with '-w on'.

ok ratchov, patrick

3 years agoFix whitespace.
bluhm [Fri, 5 Feb 2021 16:47:48 +0000 (16:47 +0000)]
Fix whitespace.

3 years agosync
deraadt [Fri, 5 Feb 2021 16:24:55 +0000 (16:24 +0000)]
sync

3 years agoRemove the terrible_ping_kludge() workaround. We have committed a fix to
mglocker [Fri, 5 Feb 2021 14:19:21 +0000 (14:19 +0000)]
Remove the terrible_ping_kludge() workaround.  We have committed a fix to
the USB stack in the meantime for uhidev(4) and ugen(4) to resolve the data
toggle issue in relation to xhci(4).

ok gnezdo@, djm@

3 years agoSetup two pair(4) and one lo(4) interface in different routing
bluhm [Fri, 5 Feb 2021 14:12:17 +0000 (14:12 +0000)]
Setup two pair(4) and one lo(4) interface in different routing
domains and with different interface MTU.  Test that packet flow
and TCP path MTU discovery works.

3 years agoSend Unicode directional isolate characters around horizontal pane
nicm [Fri, 5 Feb 2021 12:29:18 +0000 (12:29 +0000)]
Send Unicode directional isolate characters around horizontal pane
borders if the terminal support UTF-8 and an extension terminfo(5)
capability "Bidi" is present. On terminals with BiDi support (ie, VTE)
this seems to be enough to display right-to-left text acceptably enough
to be usable (with some caveats about the mouse position). Requested by
and with help from Mahmoud Elagdar in GitHub issue 2425.

3 years agoRemove the not so periodic stats from rpki-client. The output is not very
claudio [Fri, 5 Feb 2021 12:26:52 +0000 (12:26 +0000)]
Remove the not so periodic stats from rpki-client. The output is not very
useful and the way it works is a bit strange.
OK job@ tb@

3 years agoAdd a -S flag to new-window to make it select the existing window if one
nicm [Fri, 5 Feb 2021 12:23:49 +0000 (12:23 +0000)]
Add a -S flag to new-window to make it select the existing window if one
with the given name already exists rather than failing with an error.
Also add a format to check if a window or session name exists which
allows the same with other commands. Requested by and discussed with
kn@.

3 years agoIntroduce a transaction id. This is currently mostly a dummy-variable, but
martijn [Fri, 5 Feb 2021 10:30:45 +0000 (10:30 +0000)]
Introduce a transaction id. This is currently mostly a dummy-variable, but
will later on be needed for when we reintroduce agentx master support.

feedback and OK dlg@, rob@

3 years agoPrevent that when ugen(4) tries to set an alternative configuration
mglocker [Fri, 5 Feb 2021 08:17:22 +0000 (08:17 +0000)]
Prevent that when ugen(4) tries to set an alternative configuration
descriptor (usually doesn't happen), that we continue to use an outdated
cdesc pointer which still refers to the previous cdesc.  Instead update
the cdesc pointer to the new configuration descriptor.

Reported by Thomas Jeunet <cleptho AT gmail DOT com>

ok phessler@

3 years agohostname is not specified by POSIX but uname -n is, so use the latter for
dtucker [Fri, 5 Feb 2021 06:01:58 +0000 (06:01 +0000)]
hostname is not specified by POSIX but uname -n is, so use the latter for
portability.  Patch from Geert Hendrickx via github PR#208.

3 years agoRemove debug message from sigchld handler. While this works on OpenBSD
dtucker [Fri, 5 Feb 2021 02:20:23 +0000 (02:20 +0000)]
Remove debug message from sigchld handler.  While this works on OpenBSD
it can cause problems on other platforms.  From kircherlike at outlook.com
via bz#3259, ok djm@

3 years agoarm_intr_establish_fdt() has long been renamed to fdt_intr_establish().
patrick [Fri, 5 Feb 2021 00:42:25 +0000 (00:42 +0000)]
arm_intr_establish_fdt() has long been renamed to fdt_intr_establish().

3 years agoFix CVS tag.
patrick [Fri, 5 Feb 2021 00:25:19 +0000 (00:25 +0000)]
Fix CVS tag.

3 years agoFix whitespace.
patrick [Fri, 5 Feb 2021 00:13:37 +0000 (00:13 +0000)]
Fix whitespace.

3 years agoRename probe/attach functions to fit our regular naming scheme. Replace
patrick [Fri, 5 Feb 2021 00:08:26 +0000 (00:08 +0000)]
Rename probe/attach functions to fit our regular naming scheme.  Replace
&armv7_bs_tag with fdt_cons_bs_tag, which is our early console bus tag
for both arm64 and armv7.  On armv7, it points to &armv7_bs_tag.  With
this we can get rid of the armv7var.h include.  Reduce a bit of diff to
imxuart(4).

ok kettenis@

3 years agoMove exuart(4) to sys/dev/fdt so it can be shared between arm64 and armv7.
patrick [Fri, 5 Feb 2021 00:05:20 +0000 (00:05 +0000)]
Move exuart(4) to sys/dev/fdt so it can be shared between arm64 and armv7.

ok kettenis@

3 years agoexuart(4) does not need to include exclockvar.h. The header seems to only
patrick [Thu, 4 Feb 2021 23:36:31 +0000 (23:36 +0000)]
exuart(4) does not need to include exclockvar.h.  The header seems to only
provide a function for the I2C clock frequency, used by exiic(4).

3 years agoTedu exuartvar.h, which has not been needed since we switched to the "new
patrick [Thu, 4 Feb 2021 23:28:20 +0000 (23:28 +0000)]
Tedu exuartvar.h, which has not been needed since we switched to the "new
way" of attaching the console.

3 years agoAdd missing CVS tag.
patrick [Thu, 4 Feb 2021 23:23:23 +0000 (23:23 +0000)]
Add missing CVS tag.

3 years agosync
patrick [Thu, 4 Feb 2021 22:40:45 +0000 (22:40 +0000)]
sync

3 years agoTedu unnecessary imxuartvar.h.
patrick [Thu, 4 Feb 2021 22:40:04 +0000 (22:40 +0000)]
Tedu unnecessary imxuartvar.h.

ok kettenis@

3 years agoremove the suggestion to permit pkg_add with doas "nopass" when doing
sthen [Thu, 4 Feb 2021 22:12:03 +0000 (22:12 +0000)]
remove the suggestion to permit pkg_add with doas "nopass" when doing
ports dev work.

if you are able to run pkg_add as root without a password, your account
is root-equivalent.

typing the password multiple times is a pain but if somebody is going to
choose to weaken their local security in this way, it should be their
own decision and not something they have read in a manpage.

ok tb@ thfr@

3 years agoit's fine to route-to to a table.
dlg [Thu, 4 Feb 2021 21:28:44 +0000 (21:28 +0000)]
it's fine to route-to to a table.

i think this should have been tweaked a while back.

3 years agoroute-to rules take ips now, not interfaces with optional ips.
dlg [Thu, 4 Feb 2021 21:27:18 +0000 (21:27 +0000)]
route-to rules take ips now, not interfaces with optional ips.

reminded by bluhm@

3 years agoroute-to rules take ips, not interfaces with optional ips.
dlg [Thu, 4 Feb 2021 21:26:02 +0000 (21:26 +0000)]
route-to rules take ips, not interfaces with optional ips.

reminded by bluhm@

3 years agoroute-to rules take an ip now, not an interface with optional ip.
dlg [Thu, 4 Feb 2021 21:20:24 +0000 (21:20 +0000)]
route-to rules take an ip now, not an interface with optional ip.

they now also only work on keep state rules, so there's even more
errors from the parser to expect.

reminded by bluhm@

3 years ago'struct group' is now called 'struct dh_group'.
tobhe [Thu, 4 Feb 2021 20:45:13 +0000 (20:45 +0000)]
'struct group' is now called 'struct dh_group'.

3 years agoRename 'struct group' to 'struct dh_group' for more clarity and
tobhe [Thu, 4 Feb 2021 20:38:26 +0000 (20:38 +0000)]
Rename 'struct group' to 'struct dh_group' for more clarity and
to avoid name clashes.

ok patrick@

3 years agoEC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m()
tobhe [Thu, 4 Feb 2021 20:15:02 +0000 (20:15 +0000)]
EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m()
do the same thing.  Remove redundant check and always use the _GFp() variant.

discussed with tb@
ok patrick@

3 years agoUpgrade to OpenSSL 1.1 compatible crypto API. Add additional
tobhe [Thu, 4 Feb 2021 19:59:15 +0000 (19:59 +0000)]
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional
checks where needed.

ok markus@ patrick@

3 years agoReferece trpt(8) from the SO_DEBUG section of getsockopt(2).
bluhm [Thu, 4 Feb 2021 18:51:01 +0000 (18:51 +0000)]
Referece trpt(8) from the SO_DEBUG section of getsockopt(2).
OK claudio@ visa@

3 years agoImplement the nc(1) -D socket debug option also in tcpbench(1).
bluhm [Thu, 4 Feb 2021 18:46:25 +0000 (18:46 +0000)]
Implement the nc(1) -D socket debug option also in tcpbench(1).
This allows to analyse TCP connections.
OK claudio@

3 years agosync
anton [Thu, 4 Feb 2021 16:28:07 +0000 (16:28 +0000)]
sync

3 years agoAdd uhidpp(4), a driver for Logitech HID++ devices. Currently limited to
anton [Thu, 4 Feb 2021 16:25:38 +0000 (16:25 +0000)]
Add uhidpp(4), a driver for Logitech HID++ devices. Currently limited to
exposing battery sensors for HID++ 2.0 devices. Most of the code is
derived from the hid-logitech-hidpp Linux driver.

Thanks to Ville Valkonen <weezeldinga at gmail dot com> for testing.

ok mglocker@

3 years agoAdd uhidev_set_report_dev() allowing usb drivers to early on install a
anton [Thu, 4 Feb 2021 16:18:34 +0000 (16:18 +0000)]
Add uhidev_set_report_dev() allowing usb drivers to early on install a
handler for a specific report id. Needed by an upcoming driver in order
to communicate with the device already in the attach routine.

ok mglocker@ as part of a larger diff

3 years agoHandle Netgear ProSecure UTM25
visa [Thu, 4 Feb 2021 16:16:10 +0000 (16:16 +0000)]
Handle Netgear ProSecure UTM25

This makes the system recognize and configure Netgear ProSecure UTM25.
Of the network ports, LAN1-4 and WAN1 are functional. WAN2 does not work
for some reason. Even though WAN1 has a separate link to the SoC, the
connection appears to go through the same switch that the LAN ports use.
At the moment, the system relies on U-Boot to set up the switch so that
the LAN and WAN segments stay separate.

Initial diff and input from Thaison Nguyen, thank you!

3 years agoThe uri parameter of struct entity is actually a local file path.
claudio [Thu, 4 Feb 2021 14:32:01 +0000 (14:32 +0000)]
The uri parameter of struct entity is actually a local file path.
Rename field to reduce confusion about what is what.
OK tb@

3 years agoRedraw status line and borders on pane enable/disable, GitHub issue 2554.
nicm [Thu, 4 Feb 2021 14:02:24 +0000 (14:02 +0000)]
Redraw status line and borders on pane enable/disable, GitHub issue 2554.

3 years agoDefine the msgbuf queues globably. Clean up the code since rsyncq and procq
claudio [Thu, 4 Feb 2021 13:38:27 +0000 (13:38 +0000)]
Define the msgbuf queues globably. Clean up the code since rsyncq and procq
no longer need to be passed all the way down anymore. Shuffle code a bit
to bring it into more order.
OK tb@

3 years agoRevert previous commit. The vnode returned by ptm_vn_open() is open and
claudio [Thu, 4 Feb 2021 13:32:33 +0000 (13:32 +0000)]
Revert previous commit. The vnode returned by ptm_vn_open() is open and
can not simply be vrele()-ed on error. The code currently depends on
closef() to do the cleanup.

Reported-by: syzbot+b0e18235e96adf81883d@syzkaller.appspotmail.com
3 years agoFix an overly long line
claudio [Thu, 4 Feb 2021 09:57:37 +0000 (09:57 +0000)]
Fix an overly long line

3 years agoEventhough most openssl includes include everything try to be a bit more
claudio [Thu, 4 Feb 2021 08:58:19 +0000 (08:58 +0000)]
Eventhough most openssl includes include everything try to be a bit more
explicit about what is used where. Seems to be the least worst solution.

3 years agoRemove openssl includes and fcntl.h neither of those are used in main.c.
claudio [Thu, 4 Feb 2021 08:21:50 +0000 (08:21 +0000)]
Remove openssl includes and fcntl.h neither of those are used in main.c.
Add errno.h since this code makes direct use of errno.

3 years agoCleanup openssl includes a bit. Use x509.h instead of x509v3.h, add asn1.h
claudio [Thu, 4 Feb 2021 08:13:57 +0000 (08:13 +0000)]
Cleanup openssl includes a bit. Use x509.h instead of x509v3.h, add asn1.h
and remove evp.h. First two suggested by tb@
Compiler agrees

3 years agoShuffle code around, move all the bits of proc_parser into parser.c.
claudio [Thu, 4 Feb 2021 08:10:24 +0000 (08:10 +0000)]
Shuffle code around, move all the bits of proc_parser into parser.c.
OK tb@

3 years agoPrevent a lock order issue by shuffling code around. Instead of allocating
claudio [Thu, 4 Feb 2021 07:54:51 +0000 (07:54 +0000)]
Prevent a lock order issue by shuffling code around. Instead of allocating
the file descriptors early do it late. This way the fdplock is not held
during the VFS operations.
OK mvs@

3 years agoUnconditionally allocate a buffer big enough to hold a struct
anton [Thu, 4 Feb 2021 06:57:19 +0000 (06:57 +0000)]
Unconditionally allocate a buffer big enough to hold a struct
usb_ctl_report.

Limiting the size of the buffer to the size of the requested report can
cause the ioctl(USB_GET_REPORT) command to fail with EFAULT as the
kernel will always copy sizeof(struct usb_ctl_report) bytes from the
address passed from user space. That is when the given address +
sizeof(struct usb_ctl_report) crosses a page boundary and the adjacent
page is not mapped.

ok mglocker@

3 years agoRemove last remnants of ASU ac_flag from accounting.
rob [Thu, 4 Feb 2021 02:03:53 +0000 (02:03 +0000)]
Remove last remnants of ASU ac_flag from accounting.

OK deraadt@, bluhm@

3 years agomake if_pfsync.c a better friend with PF_LOCK
sashan [Thu, 4 Feb 2021 00:55:41 +0000 (00:55 +0000)]
make if_pfsync.c a better friend with PF_LOCK

The code delivered in this change is currently disabled. Brave souls
may enable the code by adding -DWITH_PF_LOCK when building customized
kernel. Big thanks goes to Hrvoje@ for providing test equipment and
testing.

As soon as we enter the next release cycle, the WITH_PF_LOCK will be
defined as default option for MP kernels.

OK dlg@

3 years agoAdd SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledge
tobhe [Wed, 3 Feb 2021 22:46:55 +0000 (22:46 +0000)]
Add SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledge
to allow setting and removing IPv4 addresses.
Needed for future iked(8) improvements.

Discussed with sthen@ and florian@
ok bluhm@ deraadt@

3 years agoFail early in legacy exporter if master secret is not available
tb [Wed, 3 Feb 2021 15:14:44 +0000 (15:14 +0000)]
Fail early in legacy exporter if master secret is not available

The exporter depends on having a master secret. If the handshake is
not completed, it is neither guaranteed that a shared ciphersuite was
selected (in which case tls1_PRF() will currently NULL deref) or that
a master secret was set up (in which case the exporter will succeed
with a predictable value). Neither outcome is desirable, so error out
early instead of entering the sausage factory unprepared. This aligns
the legacy exporter with the TLSv1.3 exporter in that regard.

with/ok jsing

3 years agounbreak getline() conversion in disklabel
naddy [Wed, 3 Feb 2021 14:41:40 +0000 (14:41 +0000)]
unbreak getline() conversion in disklabel

3 years agoTurns off the direct ACK on every other segment
jan [Wed, 3 Feb 2021 13:40:06 +0000 (13:40 +0000)]
Turns off the direct ACK on every other segment

The kernel uses a huge amount of processing time for sending ACKs to the sender
on the receiving interface.  After receiving a data segment, we send out two
ACKs.  The first one in tcp_input() direct after receiving.  The second ACK is
send out, after the userland or the sosplice task read some data out of the
socket buffer.  Thus, we save some processing time and improve network
performance.

Longer tested by sthen@
OK claudio@

3 years agoAdding a hard-trap instruction after the __threxit syscall instruction
kurt [Wed, 3 Feb 2021 13:00:39 +0000 (13:00 +0000)]
Adding a hard-trap instruction after the __threxit syscall instruction
broke pthreads on hppa. Reverting. Ok deraadt@

3 years agoAdd OID for draft-ietf-opsawg-finding-geofeeds
job [Wed, 3 Feb 2021 12:52:05 +0000 (12:52 +0000)]
Add OID for draft-ietf-opsawg-finding-geofeeds

https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes
a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI.

OpenSSL counterpart https://github.com/openssl/openssl/pull/14050

OK tb@ jsing@

3 years agoAfter the rev. 1.108 commit we see some issues with ugen(4) behaviour,
mglocker [Wed, 3 Feb 2021 11:34:24 +0000 (11:34 +0000)]
After the rev. 1.108 commit we see some issues with ugen(4) behaviour,
which finally makes umb(4) fail, since ugen(4) attaches to one of the
umb(4) interfaces, fails, and marks the whole device dying.  Therefore
make usbd_device2interface_handle() backwards compatible again.

Problem reported by Mikolaj Kucharski.

ok edd@

3 years agoRemove rsync.c from the test tool builds, nothing depends on that anymore
claudio [Wed, 3 Feb 2021 10:45:12 +0000 (10:45 +0000)]
Remove c from the test tool builds, nothing depends on that anymore

3 years agoUse mkpath() == -1 to check for failure. No functional change.
claudio [Wed, 3 Feb 2021 09:29:22 +0000 (09:29 +0000)]
Use mkpath() == -1 to check for failure. No functional change.

3 years agochange pf_route so pf only runs when packets enter and leave the stack.
dlg [Wed, 3 Feb 2021 07:41:12 +0000 (07:41 +0000)]
change pf_route so pf only runs when packets enter and leave the stack.

before this change pf_route operated on the semantic that pf runs
when packets go over an interface, so when pf_route changed which
interface the packet was on it would run pf_test again. this change
changes (restores) the semantic that pf is only supposed to run
when packets go in or out of the network stack, even if route-to
is responsibly for short circuiting past the network stack.

just to be clear, for normal packets (ie, those not touched by
route-to/reply-to/dup-to), there isn't a difference between running
pf when packets enter or leave the stack, or having pf run when a
packet goes over an interface.

the main reason for this change is that running the same packet
through pf multiple times creates confusion for the state table.
by default, pf states are floating, meaning that packets are matched
to states regardless of which interface they're going over. if a
packet leaving on em0 is rerouted out em1, both traversals will end
up using the same state, which at best will make the accounting
look weird, or at worst fail some checks in the state and get
dropped.

another reason for this commit is is to make handling of the changes
that route-to makes consistent with other changes that are made to
packet. eg, when nat is applied to a packet, we don't run pf_test
again with the new addresses.

the main caveat with this diff is you can't have one rule that
pushes a packet out a different interface, and then have a rule on
that second interface that NATs the packet. i'm not convinced this
ever worked reliably or was used much anyway, so we don't think
it's a big concern.

discussed with many, with special thanks to bluhm@, sashan@ and
sthen@ for weathering most of that pain.
ok claudio@ sashan@ jmatthew@

3 years agoremove ancient malloc ? realloc dance. always use realloc.
deraadt [Wed, 3 Feb 2021 01:10:10 +0000 (01:10 +0000)]
remove ancient malloc ? realloc dance.  always use realloc.
ok millert tb

3 years agowhitespace
djm [Tue, 2 Feb 2021 22:36:59 +0000 (22:36 +0000)]
whitespace

3 years agofix memleaks in private key deserialisation; enforce more consistency
djm [Tue, 2 Feb 2021 22:36:46 +0000 (22:36 +0000)]
fix memleaks in private key deserialisation; enforce more consistency
between redundant fields in private key certificate and private key
body; ok markus@

3 years agomemleak on error path; ok markus@
djm [Tue, 2 Feb 2021 22:35:14 +0000 (22:35 +0000)]
memleak on error path; ok markus@

3 years agoadd -Tu to usage();
jmc [Tue, 2 Feb 2021 21:41:12 +0000 (21:41 +0000)]
add -Tu to usage();

3 years agoAdjust the repository handling a bit. Instead of storing host/module pairs
claudio [Tue, 2 Feb 2021 18:35:38 +0000 (18:35 +0000)]
Adjust the repository handling a bit. Instead of storing host/module pairs
store repo (rsync URI) and local (the local path to the repository).
Simplifies the the rsync handling a fair bit.
OK deraadt@

3 years agoAdd a mkpath() helper function to rpki-client to recursively create
claudio [Tue, 2 Feb 2021 18:33:11 +0000 (18:33 +0000)]
Add a mkpath() helper function to rpki-client to recursively create
directories.
OK deraadt@

3 years agoAs done for the AF_INET multicast case, ensure that passed interface
claudio [Tue, 2 Feb 2021 17:55:12 +0000 (17:55 +0000)]
As done for the AF_INET multicast case, ensure that passed interface
via index is actually in the right rdomain for the socket.
OK bluhm@ mvs@

3 years agoKNF, move { up to if () statement
claudio [Tue, 2 Feb 2021 17:53:02 +0000 (17:53 +0000)]
KNF, move { up to if () statement

3 years agoIf IP_MULTICAST_IF or IP_ADD_MEMBERSHIP pass a interface index to the
claudio [Tue, 2 Feb 2021 17:47:42 +0000 (17:47 +0000)]
If IP_MULTICAST_IF or IP_ADD_MEMBERSHIP pass a interface index to the
kernel make sure that the rdomain of that interface is the same as
the rdomain of the inpcb.
Problem spotted and fix tested by semarie@
OK bluhm@ mvs@

3 years agodhclient(8): fork_privchld, take_charge, propose_release: poll(2) -> ppoll(2)
cheloha [Tue, 2 Feb 2021 15:46:16 +0000 (15:46 +0000)]
dhclient(8): fork_privchld, take_charge, propose_release: poll(2) -> ppoll(2)

Switch from poll(2) to ppoll(2) in a few more functions.

Because we're working with ppoll(2) and clock_gettime(2) it is easier
to encode the various timeouts as static const timespecs instead of
preprocessor macros.  This way we aren't packing timespecs in the
middle of the code, which distracts from the (more important) logic of
what the code is doing.

Part of a larger campaign improve "time stuff" in dhclient(8).

Prompted by and discussed with krw@.  Based on a diff by krw@.

ok krw@

3 years agoreplace fgetln(3) with getline(3) in disklabel
naddy [Tue, 2 Feb 2021 15:42:00 +0000 (15:42 +0000)]
replace fgetln(3) with getline(3) in disklabel

Since getline() returns a C string, we don't need to carry around
the length separately.

ok millert@

3 years agoProperly implement 'rde med compare strict' and make sure that the order
claudio [Tue, 2 Feb 2021 15:24:43 +0000 (15:24 +0000)]
Properly implement 'rde med compare strict' and make sure that the order
of prefixes is always correct. The strict RFC4271 way of checking MED is
requires to check the neighbor AS and only do the check if the AS are equal.
Because of this it is possible that inserting or removing a route reshuffles
the total order.

prefix_cmp() was extended to return the location where the decision happened:
- 0 if the decision was before the MED comparison or med compare always is set
- 1 if the decision happened after the MED comparison
- 2 if the MED made caused the decision

With this the new functions prefix_insert() and prefix_remove() are able
to decide if more prefixes need to be evaluated (testall was not 0.) and
if prefixes need to be re-evaluated after this one was put (testall = 2).
There is a local redo list where prefixes where the MED resulted in a
reshuffle are put on. After the new prefix is inserted all prefixes on
the redo list are reinserted. Because now all affected MED routes get
reevaluated the order is always correct.

3 years agoAdd a bunch of RPKI OIDs
job [Tue, 2 Feb 2021 13:58:26 +0000 (13:58 +0000)]
Add a bunch of RPKI OIDs

RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs

Also in OpenSSL: https://github.com/openssl/openssl/commit/d3372c2f35495d0c61ab09daf7fba3ecbbb595aa

OK sthen@ tb@ jsing@

3 years agoFix popup mouse position.
nicm [Tue, 2 Feb 2021 13:03:03 +0000 (13:03 +0000)]
Fix popup mouse position.

3 years agointroduce support for sending the If-Modified-Since header while
robert [Tue, 2 Feb 2021 12:58:42 +0000 (12:58 +0000)]
introduce support for sending the If-Modified-Since header while
fetching over http(s) and use the timestamps from the remote server's
Last-Modified header if available when saving local files
this makes it possible to mirror files better with ftp(1)

the new timestamp behaviour can be disabled with the new '-u' flag

ok sthen@, input from sthen@ and gnezdo@

3 years agoFix use-after-free in dev_abort()
ratchov [Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)]
Fix use-after-free in dev_abort()

Fixes crash that can occur when an usb device is unplugged, found by edd@

3 years agoarticle fix; from eddie youseph
jmc [Tue, 2 Feb 2021 07:37:18 +0000 (07:37 +0000)]
article fix; from eddie youseph

3 years agoarticle fixes; from eddie youseph
jmc [Tue, 2 Feb 2021 07:33:29 +0000 (07:33 +0000)]
article fixes; from eddie youseph

3 years agoImprove the last comment
danj [Tue, 2 Feb 2021 00:34:03 +0000 (00:34 +0000)]
Improve the last comment

Remove a trailing white space, don't misspell misconfiguration and
use https.

ok jmc, claudio

3 years agoDocument MODOCAML_RUNDEP
jca [Mon, 1 Feb 2021 21:48:36 +0000 (21:48 +0000)]
Document MODOCAML_RUNDEP

ok bket@ sthen@ (who initially suggested the if-not-native value under
a similar name)

3 years agoin case we're not a tty, don't do anything else
espie [Mon, 1 Feb 2021 20:15:01 +0000 (20:15 +0000)]
in case we're not a tty, don't do anything else

this does fix the grep case

3 years agoESP path MTU discovery over IPv6 tunnel has been fixed. Add test.
bluhm [Mon, 1 Feb 2021 18:11:46 +0000 (18:11 +0000)]
ESP path MTU discovery over IPv6 tunnel has been fixed.  Add test.

3 years agochange "demote counter" / "demote count" to "demotion counter", ok deraadt
sthen [Mon, 1 Feb 2021 16:39:50 +0000 (16:39 +0000)]
change "demote counter" / "demote count" to "demotion counter", ok deraadt

3 years agodescribe pfsync(4)'s use of carpdemote, ok/tweak kn deraadt
sthen [Mon, 1 Feb 2021 16:39:19 +0000 (16:39 +0000)]
describe pfsync(4)'s use of carpdemote, ok/tweak kn deraadt

3 years agoTake flows into consideration for policy lookup as initiator.
tobhe [Mon, 1 Feb 2021 16:37:48 +0000 (16:37 +0000)]
Take flows into consideration for policy lookup as initiator.
Fixes a bug where policies that only differ in their flow
configuration lead to a handshake error.

Found by claudio@
ok patrick@

3 years agodhclient(8): default_route_index(): poll(2) -> ppoll(2)
cheloha [Mon, 1 Feb 2021 16:29:22 +0000 (16:29 +0000)]
dhclient(8): default_route_index(): poll(2) -> ppoll(2)

Use ppoll(2) instead of poll(2) in default_route_index().  Using
ppoll(2) here forces us to use clock_gettime(2) to measure the
timeout, which is less error-prone than using time(3).

Part of a larger campaign in dhclient(8) to make "time stuff" more
accurate and robust.

Prompted by krw@.  Based on a diff from krw@.

ok krw@

3 years agoThe code in mdstore.c should stand on its own, so rename the global
kettenis [Mon, 1 Feb 2021 16:27:06 +0000 (16:27 +0000)]
The code in mdstore.c should stand on its own, so rename the global
variables used here instead of using the ones from config.c.

ok deraadt@, kn@

3 years agoRemove obsolete vnode operation vector declarations.
visa [Mon, 1 Feb 2021 15:55:07 +0000 (15:55 +0000)]
Remove obsolete vnode operation vector declarations.

OK bluhm@, claudio@, mpi@, semarie@

3 years agoUse "EC/RSA key setup failure" to align error with others
tb [Mon, 1 Feb 2021 15:35:41 +0000 (15:35 +0000)]
Use "EC/RSA key setup failure" to align error with others

ok eric jsing

3 years agoWhitespace
tobhe [Mon, 1 Feb 2021 15:13:15 +0000 (15:13 +0000)]
Whitespace

3 years agohandle #pinctrl-cells 2
jsg [Mon, 1 Feb 2021 14:30:01 +0000 (14:30 +0000)]
handle #pinctrl-cells 2

needed for >= linux 5.9 dtbs on bbb
ok kettenis@

3 years agoFix path MTU discovery for ESP tunneled in IPv6. We always want
bluhm [Mon, 1 Feb 2021 13:25:04 +0000 (13:25 +0000)]
Fix path MTU discovery for ESP tunneled in IPv6.  We always want
short TCP segments or fragments encapsulated in ESP instead of
fragmented ESP packets.  Pass the don't fragment flag down along
the stack so that dynamic routes with MTU are created eventually.
with and OK markus@; OK tobhe@

3 years agoSyntax of pf(4) route-to has changed. Adapt tests.
bluhm [Mon, 1 Feb 2021 12:52:07 +0000 (12:52 +0000)]
Syntax of pf(4) route-to has changed.  Adapt tests.

3 years agoFix white spaces and wrap long lines.
bluhm [Mon, 1 Feb 2021 12:08:50 +0000 (12:08 +0000)]
Fix white spaces and wrap long lines.

3 years agoStart implementing conditionals for filters.
mpi [Mon, 1 Feb 2021 11:26:28 +0000 (11:26 +0000)]
Start implementing conditionals for filters.

Allows to check the existence of a variable in predicates, making it
possible to trace syscall latency, as follow:

syscall:select:entry
{
  @start[pid] = nsecs;
}

syscall:select:return
/@start[pid]/
{
  @usecs = hist((nsecs - @start[pid]) / 1000);
  delete(@start[pid]);
}

3 years agoAlign the mixed naming for the variables used to reference to
mglocker [Mon, 1 Feb 2021 09:21:51 +0000 (09:21 +0000)]
Align the mixed naming for the variables used to reference to
bInterfaceNumber and bAlternateSetting as following:

        ifaceidx -> ifaceno
        altidx -> altno

Suggested and ok mpi@

3 years agoAdd a no-detached choice to detach-on-destroy which detaches only if
nicm [Mon, 1 Feb 2021 08:01:14 +0000 (08:01 +0000)]
Add a no-detached choice to detach-on-destroy which detaches only if
there are no other detached sessions to switch to, from Sencer Selcuk in
GitHub issue 2553.