openbsd
6 years agoTidy/standardise some code.
jsing [Sat, 10 Feb 2018 04:48:44 +0000 (04:48 +0000)]
Tidy/standardise some code.

6 years agoRemove NULL check from tls_conninfo_cert_pem() - all of the other conninfo
jsing [Sat, 10 Feb 2018 04:48:17 +0000 (04:48 +0000)]
Remove NULL check from tls_conninfo_cert_pem() - all of the other conninfo
functions require the conninfo passed in to be non-NULL.

6 years agoDocument functions for client-side TLS session support.
jsing [Sat, 10 Feb 2018 04:43:16 +0000 (04:43 +0000)]
Document functions for client-side TLS session support.

6 years agoAdd support to libtls for client-side TLS session resumption.
jsing [Sat, 10 Feb 2018 04:41:24 +0000 (04:41 +0000)]
Add support to libtls for client-side TLS session resumption.

A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.

Discussed at length with deraadt@ and tedu@.

Rides previous minor bump.

ok beck@

6 years agoBump lib{crypto,ssl,tls} minors due to symbol addition.
jsing [Sat, 10 Feb 2018 04:34:25 +0000 (04:34 +0000)]
Bump lib{crypto,ssl,tls} minors due to symbol addition.

6 years agoExpose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2
jsing [Sat, 10 Feb 2018 04:33:47 +0000 (04:33 +0000)]
Expose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2
API and are now in use by various libraries and applications.

6 years agoclaudio noted that this is an else case because we have either a
benno [Sat, 10 Feb 2018 04:23:48 +0000 (04:23 +0000)]
claudio noted that this is an else case because we have either a
prefix or a prefix-set.

6 years agoUse sched_pause(yield) to decide when to yield when filling randomdata.
mortimer [Sat, 10 Feb 2018 02:54:33 +0000 (02:54 +0000)]
Use sched_pause(yield) to decide when to yield when filling randomdata.

ok deraadt@

6 years agoAdd prefix-sets, lists of prefixes which can be used in place of a
benno [Sat, 10 Feb 2018 01:24:28 +0000 (01:24 +0000)]
Add prefix-sets, lists of prefixes which can be used in place of a
prefix in a filter rule. Initial idea hashed out with job@ in Toronto.
This is WIP, i'm commiting it now so we can work on it in the tree.
ok florian@ claudio@

6 years agoUse return instead of exit from main.
tb [Sat, 10 Feb 2018 00:00:47 +0000 (00:00 +0000)]
Use return instead of exit from main.

6 years agoIf there is no link after link_timeout seconds don't forget
krw [Fri, 9 Feb 2018 23:23:02 +0000 (23:23 +0000)]
If there is no link after link_timeout seconds don't forget
to go_daemon() while waiting for the RTM_IFINFO message.

Problem spotted by Holger Mikolon.

6 years agoSchedule alarm for start of minute if departure time is absolute.
cheloha [Fri, 9 Feb 2018 23:12:13 +0000 (23:12 +0000)]
Schedule alarm for start of minute if departure time is absolute.

e.g., "leave 1530" goes off closer to 15:30:00.

Timezone-related bug caught by tb@ in review.

ok tb@ tedu@

6 years agoStyle tweaks
jca [Fri, 9 Feb 2018 22:52:54 +0000 (22:52 +0000)]
Style tweaks

ok remi@ benno@

6 years agoUse a static chacha instance to fill randomdata sections. Avoids looping
mortimer [Fri, 9 Feb 2018 22:13:04 +0000 (22:13 +0000)]
Use a static chacha instance to fill randomdata sections. Avoids looping
over a syscall for randomdata sections larger than 256B.

ok djm@ deraadt@ kettenis@

6 years agoImprove documentation of protected domains.
mpi [Fri, 9 Feb 2018 20:13:28 +0000 (20:13 +0000)]
Improve documentation of protected domains.

Required by and ok otto@, ok jmc@

6 years agouse in_addr and in6_addr instead of uint32_ts
dlg [Fri, 9 Feb 2018 10:12:38 +0000 (10:12 +0000)]
use in_addr and in6_addr instead of uint32_ts

6 years agooh carp - i didnt mean to commit these
dlg [Fri, 9 Feb 2018 09:35:03 +0000 (09:35 +0000)]
oh carp - i didnt mean to commit these

6 years agouse struct in_addr to represent an address.
dlg [Fri, 9 Feb 2018 09:30:37 +0000 (09:30 +0000)]
use struct in_addr to represent an address.

6 years agoisolate calls to the rfc2822 parser and handling of "." in smtp_dataline()
eric [Fri, 9 Feb 2018 09:29:03 +0000 (09:29 +0000)]
isolate calls to the rfc2822 parser and handling of "." in smtp_dataline()

ok gilles@

6 years agoadd support for setting the ttl on the tunnel traffic.
dlg [Fri, 9 Feb 2018 09:22:46 +0000 (09:22 +0000)]
add support for setting the ttl on the tunnel traffic.

6 years agoCall socreate() before falloc() in sys_socket().
mpi [Fri, 9 Feb 2018 07:32:35 +0000 (07:32 +0000)]
Call socreate() before falloc() in sys_socket().

This is similar to what we do in sys_socketpair() and will allow us
to grab the KERNEL_LOCK() only after having created a socket.

ok tedu@

6 years agoa little more adjustment, after discussing with henning;
jmc [Fri, 9 Feb 2018 07:14:17 +0000 (07:14 +0000)]
a little more adjustment, after discussing with henning;

6 years agouse ether_tryprint, which looks inside the ether packet.
dlg [Fri, 9 Feb 2018 04:08:26 +0000 (04:08 +0000)]
use ether_tryprint, which looks inside the ether packet.

ether_print just prints the ether header.

6 years agorework etherip to make it more consistent and reduce code duplication.
dlg [Fri, 9 Feb 2018 04:05:58 +0000 (04:05 +0000)]
rework etherip to make it more consistent and reduce code duplication.

ok claudio@

6 years agoCheck for the existence of /bsd before trying to back it up to /obsd.
tb [Fri, 9 Feb 2018 03:59:15 +0000 (03:59 +0000)]
Check for the existence of /bsd before trying to back it up to /obsd.
Fixes 'make install' when /bsd is not present for some reason.

ok rob florian, "fine with me" deraadt

6 years agoClear the dr and bdr fields of a neighbor when it goes down.
claudio [Fri, 9 Feb 2018 03:53:37 +0000 (03:53 +0000)]
Clear the dr and bdr fields of a neighbor when it goes down.
Same is done in ospfd for quite a while.

6 years agoSkip sftp-chroot test when SUDO not set instead of fatal().
dtucker [Fri, 9 Feb 2018 03:42:57 +0000 (03:42 +0000)]
Skip sftp-chroot test when SUDO not set instead of fatal().

6 years agoReplace fatal with exit in the case that we do not have $SUDO set.
dtucker [Fri, 9 Feb 2018 03:40:22 +0000 (03:40 +0000)]
Replace fatal with exit in the case that we do not have $SUDO set.
Prevents test failures when neither sudo nor doas are configured.

6 years agoSituation occur where bootloader cannot supply kernel with early
deraadt [Fri, 9 Feb 2018 03:01:24 +0000 (03:01 +0000)]
Situation occur where bootloader cannot supply kernel with early
random data. But a new source of entropy arrived a few months ago
-- KARL generates highly disturbed images for some kernels (well,
not for bsd.rd)
This assumes the tail of text (just before etext[]) is readable.
We are trying to use a portable symbol name, and also avoid reading
a locore0 which has been unmapped...
ok mortimer

6 years agoRemove unused sKerberosTgtPassing from enum. From calestyo via github
dtucker [Fri, 9 Feb 2018 02:37:36 +0000 (02:37 +0000)]
Remove unused sKerberosTgtPassing from enum.  From calestyo via github
pull req #11, ok djm@

6 years agoExtend the mbuf queue API with an accessor that checks whether
patrick [Fri, 9 Feb 2018 02:26:33 +0000 (02:26 +0000)]
Extend the mbuf queue API with an accessor that checks whether
or not the mbuf queue is full.

ok dlg@

6 years agoImplement the bwfm(4) SDIO bus logic. This is the bus layer that
patrick [Fri, 9 Feb 2018 02:21:16 +0000 (02:21 +0000)]
Implement the bwfm(4) SDIO bus logic.  This is the bus layer that
converts the logic of the upper layers (sending control messages,
sending data messages, receiving event or data messages) into the
corresponding work that has to be done on the lowest layer.  SDIO
is not the fastest bus for exchanging network packets, but maybe
there is room for tuning.  Actual TX/RX is being done in a worker
task that serializes access to the hardware.  This is good enough
to attach to WiFi networks and do network transfers.  Developed
and tested on a Cubox-i.

6 years agoSimplify logic a bit by moving a block. nbr_stop_itimer() does not use
claudio [Fri, 9 Feb 2018 02:14:03 +0000 (02:14 +0000)]
Simplify logic a bit by moving a block. nbr_stop_itimer() does not use
the dr or bdr fields so clear them first.

6 years agotimeout_add -> timeout_add_sec
jmatthew [Fri, 9 Feb 2018 00:08:17 +0000 (00:08 +0000)]
timeout_add -> timeout_add_sec

ok patrick@

6 years agoit turns out the wccp header is optional
dlg [Fri, 9 Feb 2018 00:06:51 +0000 (00:06 +0000)]
it turns out the wccp header is optional

peek inside the payload to see if the first nibble looks like ipv4.
if it isnt ipv4 assume it is the wccp header.

6 years agobring back the wccp shizz.
dlg [Fri, 9 Feb 2018 00:03:13 +0000 (00:03 +0000)]
bring back the wccp shizz.

6 years agoimplement support for tunnelttl copy.
dlg [Thu, 8 Feb 2018 23:53:20 +0000 (23:53 +0000)]
implement support for tunnelttl copy.

if the ttl is set to copy, gre will copy the ttl in and out of the
encapsulated packet. it's probably a good idea to set this the same
on both ends of a tunnel.

egre doesn't support tunnelttl copy.

6 years agohave a go at decoding cisco wccp gre packets, and let them fall into IP.
dlg [Thu, 8 Feb 2018 22:56:28 +0000 (22:56 +0000)]
have a go at decoding cisco wccp gre packets, and let them fall into IP.

6 years agosync
tb [Thu, 8 Feb 2018 22:49:53 +0000 (22:49 +0000)]
sync

6 years agoMake the routing socket more MP save by using a SRPL list for the pcb list.
claudio [Thu, 8 Feb 2018 22:24:41 +0000 (22:24 +0000)]
Make the routing socket more MP save by using a SRPL list for the pcb list.
Still needs the big kernel lock but this is another step in the right direction.
With and OK mpi@

6 years agottl 0 is not valid on the wire, so dont accept it.
dlg [Thu, 8 Feb 2018 22:11:06 +0000 (22:11 +0000)]
ttl 0 is not valid on the wire, so dont accept it.

6 years agoimplement ethernet over gre encapsulation with a thing egre(4) driver.
dlg [Thu, 8 Feb 2018 22:08:18 +0000 (22:08 +0000)]
implement ethernet over gre encapsulation with a thing egre(4) driver.

there's three main chunks in this: transmit, receive, and factoring out
common gre code.

ethernet over gre unfortunately doesnt pad ethernet frames, so their
payload on rx and their headers on tx will be misaligned. egre copes
with this in the rx path by copying the payload with m_dup_pkt if
it detects misalignment. in the tx path, it unconditionally allocates
a new mbuf for the headers, that can be aligned separately to the
existing payload.

most of the common gre code is in the ioctl paths, so this diff
adds gre_tunnel_ioctl, which is in the spirit of ether_ioctl.

ok claudio@

6 years agohandle SIOCGLIFPHYTTL and say that the ttl is always "copied"
dlg [Thu, 8 Feb 2018 21:55:34 +0000 (21:55 +0000)]
handle SIOCGLIFPHYTTL and say that the ttl is always "copied"

6 years agowhen using tunnelttl, let -1 mean "copy the ttl from the inner traffic".
dlg [Thu, 8 Feb 2018 21:54:55 +0000 (21:54 +0000)]
when using tunnelttl, let -1 mean "copy the ttl from the inner traffic".

tunnelttl now accepts "copy" as an argument, and prints "copy" when
it sees -1.

ok claudio@

6 years agoospf6d mostly only cares about AF_INET6 routes
benno [Thu, 8 Feb 2018 21:37:36 +0000 (21:37 +0000)]
ospf6d mostly only cares about AF_INET6 routes
found while investigating routing socket desync with claudio.
ok remi jca claudio

6 years agoKill ber.c support for direct fd read/writes
jca [Thu, 8 Feb 2018 18:02:06 +0000 (18:02 +0000)]
Kill ber.c support for direct fd read/writes

This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around.  ok claudio@

6 years agotweak previous;
jmc [Thu, 8 Feb 2018 17:52:24 +0000 (17:52 +0000)]
tweak previous;

6 years agotweak previous; ok henning
jmc [Thu, 8 Feb 2018 17:51:43 +0000 (17:51 +0000)]
tweak previous; ok henning

6 years agoTest that next-hop L2 caches are cloned using the correct MPATH route.
mpi [Thu, 8 Feb 2018 13:51:08 +0000 (13:51 +0000)]
Test that next-hop L2 caches are cloned using the correct MPATH route.

ok jmatthew@, claudio@, dlg@

6 years agoWhen multiple RTF_CLONING routes for the same subnet are present, use
mpi [Thu, 8 Feb 2018 13:50:48 +0000 (13:50 +0000)]
When multiple RTF_CLONING routes for the same subnet are present, use
the correct one to clone the gateway.

Fix wired vs wireless on the same subnet issue as well as a more
complicated setup reported by dlg@.

ok jmatthew@, claudio@, dlg@

6 years agoMake pool order on size actually order on size instead of size*inuse.
martijn [Thu, 8 Feb 2018 13:22:25 +0000 (13:22 +0000)]
Make pool order on size actually order on size instead of size*inuse.

Prompted by and OK otto@

6 years agoAdd a new '-protected' option for bridge members.
mpi [Thu, 8 Feb 2018 13:15:31 +0000 (13:15 +0000)]
Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others.  This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

6 years agoRemove CSRG copyright, there isn't any code left from Berkeley here.
mpi [Thu, 8 Feb 2018 12:57:24 +0000 (12:57 +0000)]
Remove CSRG copyright, there isn't any code left from Berkeley here.

In 2016 natano@ removed the last two functions remaining from the CSRG
time: lockinit() and lockstatus().  At that time they were already wrappers
around recursive rwlocks functions from thib@ that tedu@ committed in 2013.

ok deraadt@

6 years agoUpdate regress to use tlsext_serverhello_parse().
jsing [Thu, 8 Feb 2018 11:31:00 +0000 (11:31 +0000)]
Update regress to use tlsext_serverhello_parse().

6 years agoComplete the TLS extension rewrite on the client-side.
jsing [Thu, 8 Feb 2018 11:30:30 +0000 (11:30 +0000)]
Complete the TLS extension rewrite on the client-side.

The RI logic gets pulled up into ssl3_get_server_hello() and
ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(),
which allows a CBS to be passed all the way down.

This also deduplicates the tlsext_client_build() and tlsext_server_build()
code.

ok beck@

6 years agoConvert option handling for openssl(1) genpkey.
jsing [Thu, 8 Feb 2018 11:17:44 +0000 (11:17 +0000)]
Convert option handling for openssl(1) genpkey.

ok beck@ inoguchi@

6 years agoUpdate regress to match change to tls_keypair_pubkey_hash().
jsing [Thu, 8 Feb 2018 10:19:57 +0000 (10:19 +0000)]
Update regress to match change to tls_keypair_pubkey_hash().

6 years agoHave tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead of
jsing [Thu, 8 Feb 2018 10:19:31 +0000 (10:19 +0000)]
Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead of
rolling its own certificate loading. This also means we get better error
reporting on failure.

6 years agoAdd a regress test that covers libtls keypairs.
jsing [Thu, 8 Feb 2018 10:06:52 +0000 (10:06 +0000)]
Add a regress test that covers libtls keypairs.

6 years agoTweak compiler flags to include -DLIBRESSL_INTERNAL and make more warnings
jsing [Thu, 8 Feb 2018 10:05:43 +0000 (10:05 +0000)]
Tweak compiler flags to include -DLIBRESSL_INTERNAL and make more warnings
fatal.

6 years agoEnsure that tls_keypair_clear() clears the OCSP staple and pubkey hash.
jsing [Thu, 8 Feb 2018 10:03:19 +0000 (10:03 +0000)]
Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash.

6 years agoDo not bother NULLing pointers in a struct that is about to be freed.
jsing [Thu, 8 Feb 2018 10:02:48 +0000 (10:02 +0000)]
Do not bother NULLing pointers in a struct that is about to be freed.

6 years agoDo not hardcode key length. Pointed out by jsing@
mortimer [Thu, 8 Feb 2018 10:01:12 +0000 (10:01 +0000)]
Do not hardcode key length. Pointed out by jsing@

ok deraadt@

6 years agoAfter flushing disks, try again to release all memory. We don't need to
deraadt [Thu, 8 Feb 2018 09:42:48 +0000 (09:42 +0000)]
After flushing disks, try again to release all memory.  We don't need to
save dirty memory to the hibernate space.

6 years agoToss all releaseable memory, because fragmentation can get in the way
deraadt [Thu, 8 Feb 2018 09:37:17 +0000 (09:37 +0000)]
Toss all releaseable memory, because fragmentation can get in the way
of allocating the hibernate playpen.

6 years agoUse a temporary chacha instance to fill large randomdata sections. Avoids
mortimer [Thu, 8 Feb 2018 09:27:44 +0000 (09:27 +0000)]
Use a temporary chacha instance to fill large randomdata sections. Avoids
grabbing the rnglock repeatedly.

ok deraadt@ djm@

6 years agomake the watermarks/thresholds for entering and leaving syncookie mode when
henning [Thu, 8 Feb 2018 09:15:46 +0000 (09:15 +0000)]
make the watermarks/thresholds for entering and leaving syncookie mode when
syncookies are set to adaptive tunable, ok claudio benno

6 years agogive jmc another chance to "fix previous" - document syncookies
henning [Thu, 8 Feb 2018 09:14:19 +0000 (09:14 +0000)]
give jmc another chance to "fix previous" - document syncookies
(thanks jmc!)

6 years agorecognise gre proto 0 as a "keep alive" packet
dlg [Thu, 8 Feb 2018 09:01:45 +0000 (09:01 +0000)]
recognise gre proto 0 as a "keep alive" packet

6 years agosome helpers to check verbose/quiet mode
djm [Thu, 8 Feb 2018 08:46:20 +0000 (08:46 +0000)]
some helpers to check verbose/quiet mode

6 years agoDon't update first_sending in state_selecting() and thus
krw [Thu, 8 Feb 2018 08:22:31 +0000 (08:22 +0000)]
Don't update first_sending in state_selecting() and thus
fix the accounting for the interval since we started the
process of getting a lease.

Fixes the 'no lease ... got lease' messaging at a minimum.

6 years agoMove tls_keypair_pubkey_hash() to the keypair file.
jsing [Thu, 8 Feb 2018 08:09:10 +0000 (08:09 +0000)]
Move tls_keypair_pubkey_hash() to the keypair file.

6 years agoAvoid a memory leak that results when the same tls_config is reused.
jsing [Thu, 8 Feb 2018 08:04:12 +0000 (08:04 +0000)]
Avoid a memory leak that results when the same tls_config is reused.

Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.

6 years agoAssert tedu's copyright since some of the code moved here is his.
jsing [Thu, 8 Feb 2018 07:55:29 +0000 (07:55 +0000)]
Assert tedu's copyright since some of the code moved here is his.

6 years agoAdd the order keyword to systat global command interpreter.
martijn [Thu, 8 Feb 2018 07:00:33 +0000 (07:00 +0000)]
Add the order keyword to systat global command interpreter.
This command shows the available orderings for the current view, which
ordering is active, their shortcuts, and if they're in reverse order.

manpage nits jmc@
OK tedu@

6 years agosr_quiesce() is a new approach for ensuring that softraid drains
deraadt [Thu, 8 Feb 2018 06:02:09 +0000 (06:02 +0000)]
sr_quiesce() is a new approach for ensuring that softraid drains
output to the disks.

This is part of a larger suspend/resume filesystem-safety diff, which
has been worked on for a couple of months already.  Tests by job, krw,
beck, benno, and others.  Sometimes even by snapshot users...

6 years agoSplit keypair handling out into its own file - it had already appeared
jsing [Thu, 8 Feb 2018 05:56:49 +0000 (05:56 +0000)]
Split keypair handling out into its own file - it had already appeared
in multiple locations.

ok beck@

6 years agoMove bwfm(4) from ifq begin/commit/rollback semantics to the newer
patrick [Thu, 8 Feb 2018 05:00:38 +0000 (05:00 +0000)]
Move bwfm(4) from ifq begin/commit/rollback semantics to the newer
ifq dequeue semantics.  This basically means we need to check for
available space before dequeuing a packet.  As soon as we dequeue
a packet we commit to it.  On the PCIe backend this check can not
be done easily since the flowring depends on the packet contents and
we cannot take a peek.  When there is no flowring we cache the mbuf
and send it out as soon as the flowring opened up.  Then the ifq can
be restarted and traffic can flow.  Typically we usually run out of
packet ids, which can be checked without consulting the packet.  The
flowring probably never becomes full as the bwfm(4) firmware takes
the packets off the ring without actually sending them out.

Discussed with dlg@

6 years agogre doesnt need ifmedia
dlg [Thu, 8 Feb 2018 05:00:37 +0000 (05:00 +0000)]
gre doesnt need ifmedia

6 years agoreintroduce support for keepalives.
dlg [Thu, 8 Feb 2018 04:58:55 +0000 (04:58 +0000)]
reintroduce support for keepalives.

there's a couple of bug fixes in here too. this properly initializes
the ttl on the tunnel, and it clears the ip_off header.

requested by claudio@

6 years agoRename struct umac_ctx to umac128_ctx too. In portable some linkers
dtucker [Thu, 8 Feb 2018 04:12:32 +0000 (04:12 +0000)]
Rename struct umac_ctx to umac128_ctx too.  In portable some linkers
complain about two symbols with the same name having differing
sizes.  ok djm@

6 years agoshow current synflood detection watermarks in pfctl -vsi, for the lack
henning [Thu, 8 Feb 2018 02:26:39 +0000 (02:26 +0000)]
show current synflood detection watermarks in pfctl -vsi, for the lack
of a more appropriate place. ok claudio benno procter

6 years agoadd DIOCGETSYNFLWATS to get current synflood detection watermarks,
henning [Thu, 8 Feb 2018 02:25:44 +0000 (02:25 +0000)]
add DIOCGETSYNFLWATS to get current synflood detection watermarks,
ok claudio benno procter

6 years agoInvalidate the tag_files.tfd after fclose(3)ing the stram associated with
tb [Thu, 8 Feb 2018 01:36:38 +0000 (01:36 +0000)]
Invalidate the tag_files.tfd after fclose(3)ing the stram associated with
it. In main assert that the tfd was actually invalidated. This avoids
closing an invalid fd.

ok deraadt on earlier version, tweak & ok schwarze

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:21:10 +0000 (00:21 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:19:54 +0000 (00:19 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:18:57 +0000 (00:18 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:18:20 +0000 (00:18 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:17:31 +0000 (00:17 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:16:54 +0000 (00:16 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agoBump the read sockbuf of the routing socket to 2MB, may help reduce some of
claudio [Thu, 8 Feb 2018 00:16:18 +0000 (00:16 +0000)]
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

6 years agorename var 's' -> 'fd' to ease finding it in a long function
procter [Wed, 7 Feb 2018 23:04:50 +0000 (23:04 +0000)]
rename var 's' -> 'fd' to ease finding it in a long function
ok tb@ deraadt@

6 years agoeliminate close()/fclose() dance.
procter [Wed, 7 Feb 2018 23:01:09 +0000 (23:01 +0000)]
eliminate close()/fclose() dance.
ok tb@ deraadt@

6 years agossh_free checks for and handles NULL args, remove NULL checks from remaining
dtucker [Wed, 7 Feb 2018 22:52:45 +0000 (22:52 +0000)]
ssh_free checks for and handles NULL args, remove NULL checks from remaining
callers.  ok djm@

6 years agocomment change only. ok bluhm@
procter [Wed, 7 Feb 2018 22:46:11 +0000 (22:46 +0000)]
comment change only. ok bluhm@

6 years agoadd SIOCSETKALIVE to the list of ioctls that need root and NET_LOCK
dlg [Wed, 7 Feb 2018 22:36:54 +0000 (22:36 +0000)]
add SIOCSETKALIVE to the list of ioctls that need root and NET_LOCK

6 years agoSporadically the network over gem(4) interface hang on sparc64 and
bluhm [Wed, 7 Feb 2018 22:35:14 +0000 (22:35 +0000)]
Sporadically the network over gem(4) interface hang on sparc64 and
macppc.  Receiving packets stopped, ifconfig down/up made it work
again.
In the tick timeout handler refill the receive ring if it is empty.
The logic is taken from hme(4).  Also protect the register access
and ifp counters with splnet().
In gem_rx_watchdog() is a workaround for a hardware bug.  It resets
the hardware when there is no progress.  If the fifo pointers
advanced a bit, it got stuck anyway.  So restart the receive watchdog
timeout in that case.
OK mpi@

6 years agoupdate the gre driver.
dlg [Wed, 7 Feb 2018 22:30:59 +0000 (22:30 +0000)]
update the gre driver.

the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.

this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.

ok claudio@

6 years agodcoppa@ and bluhm@ noted that i accidentally removed POOL_DEBUG
dlg [Wed, 7 Feb 2018 22:10:17 +0000 (22:10 +0000)]
dcoppa@ and bluhm@ noted that i accidentally removed POOL_DEBUG

put it back.

6 years agoOutsource setting the backplane window into a specific function so it
patrick [Wed, 7 Feb 2018 22:08:24 +0000 (22:08 +0000)]
Outsource setting the backplane window into a specific function so it
can be called and reused in different places.