jsg [Wed, 3 Mar 2021 23:58:28 +0000 (23:58 +0000)]
off by one
ok claudio@ deraadt@
djm [Wed, 3 Mar 2021 22:41:49 +0000 (22:41 +0000)]
don't sshbuf_get_u32() into an enum; reported by goetze AT
dovetail.com via bz3269
tobhe [Wed, 3 Mar 2021 22:18:00 +0000 (22:18 +0000)]
Free sc_vroute on shutdown.
kettenis [Wed, 3 Mar 2021 21:47:27 +0000 (21:47 +0000)]
Remove bogus (and pointless) pmap_activate(9) call.
ok drahn@
sthen [Wed, 3 Mar 2021 21:40:16 +0000 (21:40 +0000)]
typo in other_hostkeys_message() display output, ok djm
martijn [Wed, 3 Mar 2021 20:15:54 +0000 (20:15 +0000)]
s/byte/character
Discussed with claudio@
Feedback jmc@
bru [Wed, 3 Mar 2021 19:44:37 +0000 (19:44 +0000)]
Add a configurable button mapping for tap gestures on touchpads.
Thanks to RJ Johnson for this work!
ok mpi@
ratchov [Wed, 3 Mar 2021 10:19:06 +0000 (10:19 +0000)]
sndiod: Move MTC/MMC state to its own global structure
ratchov [Wed, 3 Mar 2021 10:13:06 +0000 (10:13 +0000)]
sndiod: Move MIDI control endpoint to opt structure
No behavior change.
ratchov [Wed, 3 Mar 2021 10:00:27 +0000 (10:00 +0000)]
sndiod: Move controls out of the device structure
Moving to a global server-wide controls list is necessary to expose
controls that are not associated to a particular device (ex. a device
selector).
The current hack to use the device-side sioctl_desc->addr variable as
client-side key can't work anymore. So, we use a unique dynamically
allocated ctl->addr key; this is much cleaner. A new "scope" enum
(with two "void *" arguments) is used to determine what the control
does control. This adds flexibility and allows to easily add new
control types that are not associated to devices.
No behavior change.
ratchov [Wed, 3 Mar 2021 09:40:43 +0000 (09:40 +0000)]
sndioctl: Flush stdout before polling
If stdout is not flushed, output is not seen by programs using
sndioctl through a pipe (ex. "sndioctl -m | cat" displays nothing).
Patch from Erico Nogueira <ericonr@disroot.org>, idea
from Duncan Overbruck <mail@duncano.de>
kn [Wed, 3 Mar 2021 09:32:11 +0000 (09:32 +0000)]
Unveil only /etc/resolv.conf and /etc/resolv.conf.new not /etc/
Unveiling the entire directory stems from earlier development cycles
and is by no means required now, only the two files are created,
read from and written to.
OK deraadt florian semarie
jsg [Wed, 3 Mar 2021 09:06:20 +0000 (09:06 +0000)]
remove unreachable and unneeded code
ok martijn@
djm [Wed, 3 Mar 2021 08:42:52 +0000 (08:42 +0000)]
needs FILE*; from Mike Frysinger
jsg [Wed, 3 Mar 2021 01:27:54 +0000 (01:27 +0000)]
off by one in array bounds tests
ok mlarkin@
dlg [Wed, 3 Mar 2021 00:00:03 +0000 (00:00 +0000)]
clean up span ports as span ports, not bridge ports.
the visible result of this is that span ports aren't made promisc
like bridge ports. when cleaning up a span port, trying to take
promisc off it screwed up the refs, and it makes the underlying
interface not able to be promisc when it should be promisc.
found by dave voutila
dlg [Tue, 2 Mar 2021 23:40:06 +0000 (23:40 +0000)]
fix an assert in veb_p_ioctl() that failed when called by a span port.
veb_p_ioctl() is used by both veb bridge and veb span ports, but
it had an assert to check that it was being called by a veb bridge
port. this extends the check so using it on a span port doesnt cause
a panic.
found by dave voutila
bru [Tue, 2 Mar 2021 22:35:19 +0000 (22:35 +0000)]
Read general and touchpad-specific wsmouse settings separately.
Correct the identification of the device type when reading the
touchpad parameters fails.
ok jcs@
millert [Tue, 2 Mar 2021 20:41:42 +0000 (20:41 +0000)]
Fix size computation in replace_repeat() for special_case REPEAT_WITH_Q.
This resulted in the NUL terminator being written to the end of the
buffer which was not the same as the end of the string. That in
turn caused garbage bytes from malloc() to be processed. Also
change the NUL termination to be less error prone by writing the
NUL immediately after the last byte copied. OK sthen@
lum [Tue, 2 Mar 2021 19:50:52 +0000 (19:50 +0000)]
It is now possible to define single value variables in the startup file:
(define myfile d.txt)
And use them like:
(find-file myfile)
florian [Tue, 2 Mar 2021 19:20:13 +0000 (19:20 +0000)]
Only attach a fully configured bpf filter to a network interface.
I'm worried we could see packets we shouldn't during a small time window.
deraadt [Tue, 2 Mar 2021 17:50:41 +0000 (17:50 +0000)]
include of netinet/in.h here is incorrect, because net/route.h will pull
excessive types into scope.
ok claudio
deraadt [Tue, 2 Mar 2021 17:43:04 +0000 (17:43 +0000)]
document ENOTSUP wxallowed/wxneeded behaviour more clearly; ok kurt
claudio [Tue, 2 Mar 2021 17:39:26 +0000 (17:39 +0000)]
Must include netinet/in.h before netinet/ip.h or bad things happen.
jsing [Tue, 2 Mar 2021 17:26:25 +0000 (17:26 +0000)]
Separate variable declaration and assignment.
Requested by tb@
jsing [Tue, 2 Mar 2021 17:24:37 +0000 (17:24 +0000)]
Replace two handrolled tls12_record_protection_engaged().
Noted by tb@
jsing [Tue, 2 Mar 2021 17:18:59 +0000 (17:18 +0000)]
Move key/IV length checks closer to usage sites.
Also add explicit checks against EVP_CIPHER_iv_length() and
EVP_CIPHER_key_length().
Requested by tb@ during review.
ok tb@
florian [Tue, 2 Mar 2021 17:17:15 +0000 (17:17 +0000)]
Fix indentation of switch / case. No binary change.
jsing [Tue, 2 Mar 2021 17:16:44 +0000 (17:16 +0000)]
Add tls12_record_protection_unused() and call from CCS functions.
This moves the check closer to where a leak could occur and checks all
pointers in the struct.
Suggested by tb@ during review.
ok tb@
deraadt [Tue, 2 Mar 2021 17:11:28 +0000 (17:11 +0000)]
satisfy older gcc with poor warning generation
deraadt [Tue, 2 Mar 2021 16:39:46 +0000 (16:39 +0000)]
requires netinet/in.h
krw [Tue, 2 Mar 2021 16:17:26 +0000 (16:17 +0000)]
Rename local variable 'cur_time' in set_timeout() to 'now' like
all the other struct timespec variables holding the current time.
tb [Tue, 2 Mar 2021 15:43:12 +0000 (15:43 +0000)]
Fix misleading indentation in SSL_get_error()
lum [Tue, 2 Mar 2021 15:03:35 +0000 (15:03 +0000)]
This diff soaks up the user input while the the maximum character
length boundary is crossed in the minbuffer and allows the user to see
the error message and respond accordingly. The goto named "null"
changed to "skipkey" as per Emil Engler's suggestion on tech@.
krw [Tue, 2 Mar 2021 14:32:14 +0000 (14:32 +0000)]
Eliminate redundant checks for expired leases in ifi->leasedb. Simply
toss expired leases when writing the list to disk. And write the list
to disk before using a lease from it. Just make sure ifi->active
isn't tossed.
lum [Tue, 2 Mar 2021 13:06:50 +0000 (13:06 +0000)]
Update logging with comments made by florian@ some time ago (i've not
updated logging to $HOME, but will do so). Also include mglog_misc()
which takes formatted input from Joachim Wiberg's mg. Thankyou both.
edd [Tue, 2 Mar 2021 12:15:46 +0000 (12:15 +0000)]
sndiod: Allow alternative devices to support different modes.
Currently sndiod does not allow you to use alternative devices (-F
devices) which support only a subset of the modes of the main (-f)
device.
For example, if you do `sndiod -f rsnd/0 -F rsnd/1` and:
- rsnd/0 is full-duplex (rec + play).
- rsnd/1 is play-only.
Then you will be unable to use rsnd/1 as sndiod deems it incompatible
and refuses to use it (similarly if rsnd/1 is record-only).
This is annoying. It means if you want to use a record-only or play-only
device, you will either have to kill sndiod and restart it specifying
only that device (`sndiod -f rsnd/1` for the above example), or failing
that, downgrade the functionality of the main device (`-m play`).
This diff (a joint effort between ratchov@ and myself) makes mixing
devices with different modes possible. It does this by making both
recording and playing available for all devices, even if the underlying
hardware doesn't support both modes.
For example, if I try to record from a play-only device, then recording
will succeed, but the captured PCM data will be pure silence. Similarly,
if I try to play to a record-only device, then the audio stream will
disappear into the ether.
This is mostly a no-op for sndiod in the default configuration (except
that play-only devices now accept recording clients). If you use
alternative devices (-F), then it's possible for a record-only device to
be found first, which may be confusing if you just want to hear sound.
We can only assume that if you deviate from defaults, then you know what
you are doing.
With guidance from, and OK ratchov@, thanks!
florian [Tue, 2 Mar 2021 12:03:50 +0000 (12:03 +0000)]
Make unveiling the lease directory a warning instead of a fatal error
when the lease directory does not exist.
This means that dhcpleased(8) will no longer request a previously
configured IP address from the dhcp server and will fall back to
DHCPDISCOVER which requests any IP address from the dhcp server.
This likely makes diskless(8) work with dhcpleased(8).
A normal diskless(8) setup has only / mounted via nfs when
dhcpleased(8) starts. /var exists but nothing is mounted there yet,
meaning /var/db/dhcpleased does not exist so lease files are disabled.
dhcpleased(8) sends a DHCPDISCOVER to request any IP address but since
the dhcp server has (very likely) a 'fixed-address' configured we get
the same IP back that is already configured.
If /var/db/dhcpleased/ exists on / (and /var is *NOT* mounted later)
in a diskless(8) setup, care must be taken that the root file system is
not shared between machines.
If /var/db/dhcpleased/ exists on / and /var on NFS is mounted over
this later bad things probably happen. This is a configuration error
and must befixed.
discussed with deraadt@
Actuall tests on existing diskless(8) setups would be appreciated.
florian [Tue, 2 Mar 2021 12:01:39 +0000 (12:01 +0000)]
Better unveil error messages; requested by deraadt some time ago.
nicm [Tue, 2 Mar 2021 11:00:38 +0000 (11:00 +0000)]
Do not use NULL active window; also do not leak window name. GitHub
issue 2590 from Chester Liu.
espie [Tue, 2 Mar 2021 10:59:20 +0000 (10:59 +0000)]
finish GC old unintuitive interface
now handle_continue and find_window_size are fully separated.
nicm [Tue, 2 Mar 2021 10:56:45 +0000 (10:56 +0000)]
Drop support for popups where the content is provided directly to tmux
(which does not have many practical uses) and only support running a
program in the popup. display-popup is now simpler and can accept
multiple arguments to avoid escaping problems (like the other commands).
mpi [Tue, 2 Mar 2021 10:12:37 +0000 (10:12 +0000)]
Fix the deadlock between uvn_io() and uvn_flush() by restarting the fault.
Do not allow a faulting thread to sleep on a contended vnode lock to prevent
lock ordering issues with upcoming per-uobj lock.
ok anton@
Reported-by: syzbot+e63407b35dff08dbee02@syzkaller.appspotmail.com
mpi [Tue, 2 Mar 2021 10:09:20 +0000 (10:09 +0000)]
Revert the fix for the deadlock between uvn_io() and uvn_flush().
This fix (ab)use the vnode lock to serialize access to some fields of
the corresponding pages associated with UVM vnode object and this will
create new deadlocks with the introduction of a per-uobj lock.
ok anton@
claudio [Tue, 2 Mar 2021 09:45:07 +0000 (09:45 +0000)]
Introduce 'rde evaluate all' a mode to work around path hiding in IXP
route-server environments.
By default only the best path is sent to peers and if that path is filtered
then the path is hidden for that peer. On route-servers this is sometimes
not desried. For this 'rde evaluate all' will cause the evaluation process
to fall back to alternate routes and will redistribute the first non-filtered
path to the peer. This is very similar to per-peer RIBs but accomplishes
the same effect without the massive increase in memory usage. Compared to
the default mode this requires more CPU resources but it is probably less
than what per-peer RIBs would require.
'rde evaluate all' can be set and reset globally, on groups and on idividual
neighbors. It is not limited to route-server configs but route loops are
possible if not properly used.
OK benno@
claudio [Tue, 2 Mar 2021 09:23:59 +0000 (09:23 +0000)]
There is no longer the need to mkpathat(), the main process runs now from
the cachedir.
kn [Tue, 2 Mar 2021 09:18:58 +0000 (09:18 +0000)]
Add missing RCS marker
kn [Tue, 2 Mar 2021 09:17:10 +0000 (09:17 +0000)]
Do not unveil unused unwind socket under SMALL
Remove unused STARTUP_WAIT_TIMO (since import),
add missing space to error message.
claudio [Tue, 2 Mar 2021 09:08:59 +0000 (09:08 +0000)]
Open both the cachedir and outputdir early and use fchdir(2) to
switch between the two.
OK deraadt@ job@
claudio [Tue, 2 Mar 2021 09:00:46 +0000 (09:00 +0000)]
When building the chain of the intermediate certificates do not include the
root node (which should be a trust anchor). Trust anchors where added to
the X509_store and having them in the chain is kind of wrong and confuse
the new libressl X509 validator.
OK tb@
jsg [Tue, 2 Mar 2021 05:34:20 +0000 (05:34 +0000)]
remove ts_print() prototype function was removed in rev 1.100
jsg [Tue, 2 Mar 2021 04:10:07 +0000 (04:10 +0000)]
remove uneeded md5.h include
ok florian@
jsg [Tue, 2 Mar 2021 03:31:25 +0000 (03:31 +0000)]
Increase the size of iov in pfkey_sa() to be large enough for all
possible options.
ok tobhe@
jsg [Tue, 2 Mar 2021 02:56:22 +0000 (02:56 +0000)]
don't read past the end of an array
ok mvs@ mlarkin@
djm [Tue, 2 Mar 2021 01:48:18 +0000 (01:48 +0000)]
openssh-8.5
patrick [Tue, 2 Mar 2021 01:34:43 +0000 (01:34 +0000)]
Do *not* delay while waiting for IOTLB invalidation to complete. A 1ms
delay is awful in a hot path, and the SMMU is actually quite quick on
invalidation, so simply removing the delay is worth a thousand roses.
Found with mental support from dlg@ (and btrace)
jsg [Tue, 2 Mar 2021 00:39:57 +0000 (00:39 +0000)]
off by one in bounds test
ok sthen@ millert@
afresh1 [Mon, 1 Mar 2021 23:26:45 +0000 (23:26 +0000)]
sync for perl 5.32.1
afresh1 [Mon, 1 Mar 2021 23:23:17 +0000 (23:23 +0000)]
Apply pre-built unicore patch, remove excess files - perl-5.32.1
OK sthen@
afresh1 [Mon, 1 Mar 2021 23:21:24 +0000 (23:21 +0000)]
Apply local patches, remove excess files - perl-5.32.1
OK sthen@
afresh1 [Mon, 1 Mar 2021 23:19:42 +0000 (23:19 +0000)]
Fix merge issues, remove excess files - match perl-5.32.1 dist
OK sthen@
afresh1 [Mon, 1 Mar 2021 23:14:32 +0000 (23:14 +0000)]
Import perl-5.32.1
OK sthen@
patrick [Mon, 1 Mar 2021 21:38:20 +0000 (21:38 +0000)]
Update the MSI addresses for the Armada 8040. This chunk will only be
there until we have a proper way of making the MSI pages available.
patrick [Mon, 1 Mar 2021 21:35:03 +0000 (21:35 +0000)]
Instead of sprinkling the device's DMA tag, always return a new DMA tag
which is based on the IOMMU's. If you think about it, using the IOMMU's
DMA tag makes more sense because it is the IOMMU that does the actual DMA.
Noticed while debugging, since the SMMU's map function was called twice:
once for the PCI device, and once for its ppb(4). As the transaction has
the PCI device's Stream ID, not the ppb(4)'s, this would be useless work.
Suggested by kettenis@
patrick [Mon, 1 Mar 2021 21:03:24 +0000 (21:03 +0000)]
Transactions on the AXI bus contain a Stream ID. SMMUs filter
based on Stream IDs. On the Armada 8040 these Stream IDs can
be configured in different registers. The PCIe controller has
a register which maps root port, bus, dev and func number to
the Stream ID. This should be set up by TF-A firmware, but on
the 8040 the current images don't do this. For chips with more
than one PCIe controller this register must be setup correctly
depending on the implementation, but on the 8040 there only is
one controller, so we can configure a fixed value to match what
is defined in the device tree. This allows the SMMU to properly
track the PCIe controller's transactions.
ok kettenis@
patrick [Mon, 1 Mar 2021 20:49:20 +0000 (20:49 +0000)]
The ep-gpios property is optional on the Rockchip PCIe controller.
While there, enable the different voltage regulators and set the
PHY's assigned clocks. This makes PCIe work on the NanoPi R4S.
Tested by kurt@ on Rock Pi N10 and ROCKPro64
ok kurt@ kettenis@
deraadt [Mon, 1 Mar 2021 19:25:58 +0000 (19:25 +0000)]
sync
jmc [Mon, 1 Mar 2021 17:56:16 +0000 (17:56 +0000)]
remove unneccessary Pp;
espie [Mon, 1 Mar 2021 17:52:36 +0000 (17:52 +0000)]
document log entry W, reminded by naddy@
jmc [Mon, 1 Mar 2021 17:51:43 +0000 (17:51 +0000)]
fix Nd and remove trailing whitespace;
jmc [Mon, 1 Mar 2021 17:49:08 +0000 (17:49 +0000)]
escape quotes and remove some unneccessary Pp; ok nicm
tobhe [Mon, 1 Mar 2021 16:38:07 +0000 (16:38 +0000)]
Make sure sa_policy is not NULL in sa_configure_iface(). This can happen
if the SA is deleted because of a failed policy lookup.
florian [Mon, 1 Mar 2021 15:56:31 +0000 (15:56 +0000)]
Log adding and deleting of IP addresses as well as nameservers.
deraadt@ pointed out that dhcpleased is too quiet.
florian [Mon, 1 Mar 2021 15:56:00 +0000 (15:56 +0000)]
We really must handle all possible enumeration values in
state_transition() and iface_timeout(). Let the compiler help us by
emitting a warning when we missed one (-Wswitch).
Reminded by jsg who pointed out that gcc is quite confused and thinks
there is an out of bounds access in if_state_name[] in the default
case. There is not, if_state_name[] and enum if_state have to be kept
in sync.
(Note that -Wswitch is not a silver bullet, it just happens to work
here.)
florian [Mon, 1 Mar 2021 15:54:49 +0000 (15:54 +0000)]
Let send_rdns_withdraw and send_deconfigure_interface clean up after
themselves. This way the iface object is in a consistent state.
For consistency we should also withdraw rdns first, then deconfigure
the interface.
Lastly make sure we parse the lease file on a down -> up transition if
we had a lease before and it had expired while the interface was in
down state. Otherwise we'd send a dhcpdiscover requesting any IP
address while we really should send a dhcprequest asking for our
previous IP back.
kn [Mon, 1 Mar 2021 14:27:44 +0000 (14:27 +0000)]
Document veb(4) support
Feedback jmc
OK dlg
bluhm [Mon, 1 Mar 2021 11:05:42 +0000 (11:05 +0000)]
Refactor ip_fragment() and ip6_fragment(). Use a mbuf list to
simplify the handling of the fragment list. Now the functions
ip_fragment() and ip6_fragment() always consume the mbuf. They
free the mbuf and mbuf list in case of an error and take care about
the counter. Adjust the code a bit to make v4 and v6 look similar.
Fixes a potential mbuf leak when pf_route6() called pf_refragment6()
and it failed. Now the mbuf is always freed by ip6_fragment().
OK dlg@ mvs@
lum [Mon, 1 Mar 2021 10:51:14 +0000 (10:51 +0000)]
Put the hardcoded '\n' character which is found throughout mg into a
buffer specific variable. The diff should not produce any behavourial
changes in mg.
nicm [Mon, 1 Mar 2021 10:50:14 +0000 (10:50 +0000)]
There is no need to call del_curterm in the server anymore.
nicm [Mon, 1 Mar 2021 10:44:38 +0000 (10:44 +0000)]
Add some text with examples of ; as a separator, GitHub issues 2522 and
2580.
espie [Mon, 1 Mar 2021 10:35:49 +0000 (10:35 +0000)]
document pkg_check-version
jsg [Mon, 1 Mar 2021 09:50:40 +0000 (09:50 +0000)]
allocate enough space in start_child() argv for all possible flags
ok claudio@
mpi [Mon, 1 Mar 2021 09:13:33 +0000 (09:13 +0000)]
If an anon is associated with a page, acquire its lock before any modification.
This change should have been part of the previous anon-locking diff and is
necessary to run the top part of uvm_fault() unlocked.
ok jmatthew@
mpi [Mon, 1 Mar 2021 09:09:35 +0000 (09:09 +0000)]
Move the top part of uvm_fault_lower(), the lookup, in its own function.
The name and logic come from NetBSD in order to reduce the difference
between the two code bases.
No functional change intended.
ok tb@
jsg [Mon, 1 Mar 2021 08:05:40 +0000 (08:05 +0000)]
off by one in bounds test
ok florian@
jsg [Mon, 1 Mar 2021 08:02:34 +0000 (08:02 +0000)]
off by one in bounds test
ok claudio@
deraadt [Mon, 1 Mar 2021 07:25:07 +0000 (07:25 +0000)]
resolvd and dhcpleased should not be enabled yet
jmc [Mon, 1 Mar 2021 06:30:05 +0000 (06:30 +0000)]
update currency exchange rates;
deraadt [Mon, 1 Mar 2021 05:15:37 +0000 (05:15 +0000)]
typo; from Scott Bennett
deraadt [Mon, 1 Mar 2021 02:42:07 +0000 (02:42 +0000)]
sync
dtucker [Sun, 28 Feb 2021 22:56:30 +0000 (22:56 +0000)]
Add %k to list of keywords. From Eero Häkkinenvia bz#3267
dlg [Sun, 28 Feb 2021 22:56:09 +0000 (22:56 +0000)]
add veb(4) to the list of supported bridges/switches you can configure.
tested by josh rickmar
ok kn@
patrick [Sun, 28 Feb 2021 21:42:08 +0000 (21:42 +0000)]
Have acpipci(4) look for a matching SMMU in the IORT.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:41:07 +0000 (21:41 +0000)]
Enable acpiiort(4), add smmu(4) but keep disabled.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:40:11 +0000 (21:40 +0000)]
acpiiort(4) and smmu(4)
patrick [Sun, 28 Feb 2021 21:39:31 +0000 (21:39 +0000)]
Add smmu(4), a driver the ARM System MMU. This IOMMU is basically a
regular ARM CPU MMU re-used for I/O devices. Implementations can have a
mix of stage-2 only and stage-2/stage-2 context blocks (domains). The
IOMMU allows different ways of grouping devices into a single domain.
This implementation only supports SMMUv2, since there is basically
no relevant SMMUv1 hardware. It also only supports AArch64
pagetables, the same as our pmap. Hence lots of code was taken from
there. There is no support for 32-bit pagetables, which would have
also been needed for SMMUv1 support. I have not yet seen any
machines with SMMUv3, which will probably need a new driver.
There is some work to be done, but the code works and it's about
time it hits the tree.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:31:10 +0000 (21:31 +0000)]
Add acpiiort(4), a driver for the ACPI I/O Remapping Table. This table
contains information which IOMMUs we have and how the devices are routed.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:28:33 +0000 (21:28 +0000)]
Add memory attributes for stage-2 pagetables.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:10:22 +0000 (21:10 +0000)]
Issue call to IOMMU OFW API to collect an IOMMU-sprinkled DMA tag.
ok kettenis@
patrick [Sun, 28 Feb 2021 21:09:44 +0000 (21:09 +0000)]
Implement IOMMU OFW API for on-SoC/non-PCI devices.
ok kettenis@