OpenBSD src changes summary for 2017-11-12 to 2017-11-19 inclusive ==================================================================
bin/csh distrib/alpha distrib/amd64 distrib/arm64 distrib/armv7 distrib/hppa distrib/i386 distrib/landisk distrib/loongson distrib/luna88k distrib/macppc distrib/octeon distrib/sets distrib/sgi distrib/socppc distrib/sparc64 distrib/special etc/MAKEDEV.common etc/acme-client.conf etc/etc.alpha/MAKEDEV etc/etc.amd64/MAKEDEV etc/etc.arm64/MAKEDEV etc/etc.armv7/MAKEDEV etc/etc.hppa/MAKEDEV etc/etc.i386/MAKEDEV etc/etc.landisk/MAKEDEV etc/etc.loongson/MAKEDEV etc/etc.luna88k/MAKEDEV etc/etc.macppc/MAKEDEV etc/etc.octeon/MAKEDEV etc/etc.sgi/MAKEDEV etc/etc.socppc/MAKEDEV etc/etc.sparc64/MAKEDEV etc/netstart lib/libc lib/libfuse libexec/ld.so regress/bin regress/lib regress/sys sbin/dhclient sbin/fdisk sbin/ifconfig sbin/iked sbin/pfctl share/dict share/man share/mk sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/include sys/arch/arm64/conf sys/arch/i386/i386 sys/arch/i386/include sys/arch/mips64/mips64 sys/arch/octeon/dev sys/arch/octeon/include sys/arch/sparc64/sparc64 sys/conf sys/dev sys/dev/acpi sys/dev/fdt sys/dev/ic sys/dev/ofw sys/dev/pci sys/dev/pckbc sys/dev/wscons sys/kern sys/miscfs/fuse sys/net sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin/ctfconv usr.bin/ctfdump usr.bin/ssh usr.bin/tmux usr.sbin/bgpd usr.sbin/pppd usr.sbin/relayd usr.sbin/smtpd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin csh ~ file.c > Zap a redundant cast. (anton@) ~ file.c > In revision 1.35 of file.c, tenex() was modified to respect the > inputline_size > argument but I forgot to adapt one conditional. Still no functional change > since > tenex() only has one call site where `inputline_size == sizeof(buf)`. > (anton@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib alpha ~ bsd.rd/list.local > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) amd64 ~ ramdisk_cd/list.local > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) arm64 ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) armv7 ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) hppa ~ ramdisk/list.local > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) i386 ~ ramdisk_cd/list.local > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) landisk ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) loongson ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) luna88k ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) macppc ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) octeon ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) sets ~ lists/comp/mi > sync (deraadt@) sgi ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) socppc ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) sparc64 ~ ramdisk/list > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) special ~ Makefile + growfs/Makefile > add growfs(8) to ramdisk > Some resizing scenarios can be done from within single user mode, but > resizing the root partition required you to bring your own growfs(8) > binary into the ramdisk environment. This commit adds growfs(8) to the > ramdisks (the ones that don't have space constraints) to simplify such > operations. > OK deraadt@ (job@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc MAKEDEV.common ~ MAKEDEV.common > Remove /dev/arandom symlink. Nothing in base, xenocara, or ports uses > /dev/arandom any longer. ok deraadt@ (naddy@) acme-client.conf ~ acme-client.conf > Update agreement URL; pointed out by sthen. > OK benno, sthen (florian@) ~ acme-client.conf TAGGED OPENBSD_6_2 > MFC, ok florian@ > revision 1.5 > date: 2017/11/15 12:22:45; author: florian; state: Exp; lines: +3 -3; > commitid: MAwMJwlTsZeUyhbs; > Update agreement URL; pointed out by sthen. > OK benno, sthen (benno@) etc.alpha/MAKEDEV ~ etc.alpha/MAKEDEV > sync (naddy@) etc.amd64/MAKEDEV ~ etc.amd64/MAKEDEV > sync (naddy@) etc.arm64/MAKEDEV ~ etc.arm64/MAKEDEV > sync (naddy@) etc.armv7/MAKEDEV ~ etc.armv7/MAKEDEV > sync (naddy@) etc.hppa/MAKEDEV ~ etc.hppa/MAKEDEV > sync (naddy@) etc.i386/MAKEDEV ~ etc.i386/MAKEDEV > sync (naddy@) etc.landisk/MAKEDEV ~ etc.landisk/MAKEDEV > sync (naddy@) etc.loongson/MAKEDEV ~ etc.loongson/MAKEDEV > sync (naddy@) etc.luna88k/MAKEDEV ~ etc.luna88k/MAKEDEV > sync (naddy@) etc.macppc/MAKEDEV ~ etc.macppc/MAKEDEV > sync (naddy@) etc.octeon/MAKEDEV ~ etc.octeon/MAKEDEV > sync (naddy@) etc.sgi/MAKEDEV ~ etc.sgi/MAKEDEV > sync (naddy@) etc.socppc/MAKEDEV ~ etc.socppc/MAKEDEV > sync (naddy@) etc.sparc64/MAKEDEV ~ etc.sparc64/MAKEDEV > sync (naddy@) netstart ~ netstart > Remove HN_DIR variable and expand it in the only place it was used. It > currently serves no purpose. > ok rpe, agreement from deraadt and halex (tb@) == lib =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ stdio/vfwprintf.c > Add error checking to some calls to __find_arguments(). Matches similar > changes by schwarze to vfprintf.c r1.71. Cherrypicked from android: > https://github.com/aosp-mirror/platform_bionic/commit/5305a4d4a723b06494b93 > f2df81733b83a0c46d3 > ok millert (tb@) libfuse ~ fuse_opt.c > Add support for: > multiple options after -o. > arguments that require options e.g. -p 22 > %s, %lu, %u option templates > ok mpi@ (helg@) ~ fuse.h ~ fuse_ops.c > Fixes the following bugs when getcwd(3) is used on a fuse file system > Endless loop if directory nested more than one level from root of file > system > Current directory not found if the parent directory contains more children > than > will fit in the buffer passed to VOP_READDIR(9) > Open and close directory in fusefs_readdir if dir is not already open. > Now behaves as if readdir_ino option was passed to fuse so that directories > in > path have a valid ino. > ok mpi@ (helg@) ~ fuse.c > Implement safe signal handling and handle unmount failure gracefully. > ok mpi@ (helg@) == libexec =========================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ arm/rtld_machine.c > Tweak bitmask calculation to match i386 and avoid clang warning. > ok tom@ (kettenis@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ csh/Makefile ~ csh/filec.sh > Add a variable referencing the csh binary to test. (anton@) lib ~ libpthread/pthread_once/Makefile > Disable the pthread_once subtest until the problem with samba port > is resolved and libpthread can be fixed. > discussed with guenther@ (bluhm@) ~ libfuse/Makefile + libfuse/fuse-opt-parse.c + libfuse/fuse-parse-cmdline.c > Add regress tests for fuse_opt_parse() and fuse_parse_cmdline() > ok mpi@ (helg@) sys ~ netinet6/frag6/Makefile > Add more checks helping to set up the test environment. (bluhm@) ~ ffs/ffs/Makefile > Do not unconfigure vnd1, the test did not configure it. (bluhm@) ~ net/etherip/Makefile > Makefile cleanup, avoid DNS lookups, add copyright. (bluhm@) + net/loop/Makefile + net/loop/pf.conf > New import: > Set up two loopback interfaces in different routing domains. Try ~ net/Makefile > Link loopback test to build. (bluhm@) ~ net/loop/Makefile ~ net/loop/pf.conf > Let packets jump between routing domains until the ttl is used up. > Use tcpdump to check that the ttl decrements to one. (bluhm@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c > Clone epoch value in clone_lease(), not manually. (krw@) ~ dhclient.c > Treat invalid server name as empty instead of declining the lease offered > by such misconfigured DHCP servers. > Original diff from and ok krw@, ok sthen@ (mpi@) ~ dhclient.c > Generate correct time comments (renewal/rebind/expiry) in > dhclient.leases and the 'offered' lease generated by -L. i.e. the > times contained in the actual offer, and not the 'effective' times > that reflect changes imposed by dhclient.conf or -i. (krw@) fdisk ~ cmd.c > Constrain MBR partition offsets to 0 .. disk.size - 1. > Issue reported by Alexi Malinin via bugs@. Thanks! (krw@) ~ misc.c > Range check default values so that a range like > '[1 - 0] [1]' can no longer return '1'. > Issue reported by Alexi Malinin via bugs@. Thanks! (krw@) ifconfig ~ ifconfig.8 ~ ifconfig.c > replace the deletetunnel option with -tunnel > ok bluhm@ (benno@) iked ~ parse.y > Reset the OCSP URL on config reload. Otherwise we end up not being > able to disable OCSP without restarting iked. > ok beck@ sthen@ (patrick@) pfctl ~ parse.y ~ pfctl_parser.c > add a generic packet rate matching filter. allows things like > pass in proto icmp max-pkt-rate 100/10 > all packets matching the rule in the direction the state was created are > taken into consideration (typically: requests, but not replies). > Just like with the other max-*, the rule stops matching if the maximum is > reached, so in typical scenarios the default block rule would kick in then. > with input from Holger Mikolon > ok mikeb (henning@) ~ parse.y > - nested anchors vs. pfctl/parse.y > bug reported and fix tested by Leonardo Guardati > OK bluhm@ (sashan@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share dict ~ web2 > Add the word "software" to our dictionary to help passing the test > of Sub::Attribute Perl module. > OK jmc@ (bluhm@) man ~ man5/pf.conf.5 > add a generic packet rate matching filter. allows things like > pass in proto icmp max-pkt-rate 100/10 > all packets matching the rule in the direction the state was created are > taken into consideration (typically: requests, but not replies). > Just like with the other max-*, the rule stops matching if the maximum is > reached, so in typical scenarios the default block rule would kick in then. > with input from Holger Mikolon > ok mikeb (henning@) ~ man5/pf.conf.5 > tweak previous; (jmc@) ~ man9/task_add.9 > add taskq_barrier > taskq_barrier guarantees that any task that was running on the taskq > has finished by the time taskq_barrier returns. it is similar to > intr_barrier. > this is needed for use in ifq_barrier as part of an upcoming change. (dlg@) ~ man9/if_rxr_init.9 > wrap some long lines for function prototypes with .Fo, .Fa, and .Fc. > no functional change, ie, the output is the same (dlg@) ~ man4/netintro.4 > sync struct ifreq with if.h. ifr_vnetid is now a proper member of > struct ifreq and is no longer overloaded with ifr_metric. Moreover, > ifr_index and ifr_llprio were missing and mandoc -Tlint complained > about a "useless macro: Tn". > ok jmc, benno, visa (tb@) ~ man4/dwiic.4 > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) ~ man4/dwiic.4 > fix SEE ALSO; (jmc@) ~ man5/bsd.port.mk.5 > the COMPILER transition mechanism is gone (naddy@) ~ man9/if_rxr_init.9 > add if_rxr_livelocked so rxr users can request backpressure themselves. > right now the rx ring moderation code makes a decision globally > that a machine is livelocked, and uses that to apply backpressure > on all the rx rings. we're moving toward having the network stack > run on multiple cpus, and fed from multiple rx rings. if_rxr_livelocked > lets a driver apply backpressure explicitely if something tells it > that whatever is consuming previous packets cannot keep up. > while here expose the current ring watermark with if_rxr_cwm. > tweaks and ok visa@ (dlg@) ~ man4/man4.macppc/openprom.4 ~ man4/man4.sparc64/openprom.4 > add some missing markup; from artturi alm (jmc@) mk ~ bsd.lib.mk > Set soname when building shared libraries. > ok guenther@ (kettenis@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ via.c > Add sizes for free() in the VIA PadLock driver. > OK mikeb@ (fcambus@) - lock_machdep.c > Remove lock_machdep.c from amd64, i386, mips64 and sparc64. > The architectures have been using the MI mplock for a while. > OK deraadt@, kettenis@ (visa@) arch/amd64/conf ~ GENERIC ~ RAMDISK_CD > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) arch/amd64/include ~ vmmvar.h > vmmvar.h changes for upcoming cdrom support in vmd(8). > Diff from carlos cardenas, thanks (mlarkin@) arch/arm64/conf ~ GENERIC ~ RAMDISK > Add support for the i2c controller variant found on the Allwinner A31 and > above and enable the driver on arm64. > From Artturi Alm. Tested by Stephen Graf. (kettenis@) arch/i386/i386 - lock_machdep.c > Remove lock_machdep.c from amd64, i386, mips64 and sparc64. > The architectures have been using the MI mplock for a while. > OK deraadt@, kettenis@ (visa@) arch/i386/include ~ vmmvar.h > vmmvar.h changes for upcoming cdrom support in vmd(8). > Diff from carlos cardenas, thanks (mlarkin@) arch/mips64/mips64 - lock_machdep.c > Remove lock_machdep.c from amd64, i386, mips64 and sparc64. > The architectures have been using the MI mplock for a while. > OK deraadt@, kettenis@ (visa@) arch/octeon/dev ~ cn30xxgmx.c ~ cn30xxsmi.c ~ octrtc.c > Add the board ID for the Ubiquiti Unifi Security Gateway. > From Justin Hibbits, thanks! (visa@) ~ if_cnmac.c ~ if_cnmacvar.h > Rename octeon_eth_* to cnmac_* for consistency with the driver's name. > This also makes the code a bit less noisy to read. (visa@) ~ if_cnmac.c > Pass the software context as an argument to the interrupt handler. > This is now possible because each port has a dedicated work queue > interrupt. (visa@) ~ cn30xxpow.c ~ cn30xxpowvar.h ~ if_cnmac.c > Move the packet input work requesting inside if_cnmac.c. This removes > a layer of abstraction that would complicate upcoming changes. (visa@) ~ if_cnmac.c > Submit incoming packets to the network stack in batches like is done > in many other NIC drivers. This reduces submission overhead. (visa@) arch/octeon/include ~ octeonvar.h > Add the board ID for the Ubiquiti Unifi Security Gateway. > From Justin Hibbits, thanks! (visa@) arch/sparc64/sparc64 - lock_machdep.c > Remove lock_machdep.c from amd64, i386, mips64 and sparc64. > The architectures have been using the MI mplock for a while. > OK deraadt@, kettenis@ (visa@) conf ~ files > remove MALLOC_DEBUG > the code has rotted, and obviously hasnt been used for ages. it is > also hard to make mpsafe. if we need something like this again it > would be better to do it from scratch. > ok tedu@ visa@ (dlg@) ~ files > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) dev ~ rnd.c > Remove interlocks between producers and consumers of randomness data > A lot of randomness event producers are executed in the interrupt > context increasing the time spent in the interrupt handler resulting > in extra costs when adding randomness data to the pool. However, in > practice randomness event producers require interlocking between each > other, but not with with consumers due to the opportunistic nature of > event consumers. > To be able to take advantage of this idea, the ring buffer indexing > is now done with two free running producer and consumer counters modulo > power of 2 size of the ring buffer. > With input from and OK visa, tb, jasper (mikeb@) dev/acpi ~ acpi.c > Add a few more PNP IDs to the skip lists. > ok deraadt@, mpi@ (kettenis@) - dwiic.c ~ acpi.c ~ files.acpi + dwiic_acpi.c > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) dev/fdt ~ sxipio.c > Newer Allwinner SoCs (H3/H4/A64) use an "unconfigured" default state. > Recognize this state and allow user configuration of the pin if the > pin is left into this state. > tested by Stephen Graf. (kettenis@) ~ sxiccmu_clocks.h > Add i2c-related clocks for Allwinner H3/H5/A64. > From Artturi Alm. Tested by Stephen Graf. (kettenis@) ~ sxitwi.c > Add support for the i2c controller variant found on the Allwinner A31 and > above and enable the driver on arm64. > From Artturi Alm. Tested by Stephen Graf. (kettenis@) ~ rkpmic.c > Add support for voltage regulators. (kettenis@) ~ sxiccmu.c ~ sxiccmu_clocks.h > Implement support for the "next-generation" clock bindings for the > Allwinner A10/A20. (kettenis@) dev/ic + dwiic.c + dwiicreg.h + dwiicvar.h > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) dev/ofw ~ fdt.c > Make OF_getnodebyname() scan its child nodes instead of its peer nodes. > This still deviates from the implementation we have on macppc, but we only > ever use OF_getnodebyname() to find child nodes in our tree. > ok tom@, visa@ (kettenis@) ~ ofw_regulator.c > Extend regulator "framework" with functions to get/set voltages. > ok jsg@ (kettenis@) ~ ofw_regulator.h > Extend regulator "framework" with functions to get/set voltages. > ok jsg@ (kettenis@) dev/pci ~ files.pci + dwiic_pci.c > Add PCI attachment for dwiic(4) needed by Intel 100 Series machines > ok kettenis (jcs@) dev/pckbc ~ pms.c > Print out the offending data causing pms sync to fail. > ok bru@, mpi@ (as part of a larger diff) (anton@) ~ pms.c > Detect touchpad reset announcements. On rare occasions, the touchpad is > reset > due to power failure and an announcement is transmitted as input by the > device > making it detectable. At this point, the device must be re-enabled to > continue > working since any configuration done prior to the reset is lost. > Detection is implemented using a watchdog and enabled for all protocols. So > far, > the announcement has been observed on Synaptics by me and on Elantech v4 by > bru@. Extra care has been taken to handle potential false positives: when > the > announcement byte sequence is part of a valid input packet. > with help and ok bru@, mpi@ (anton@) dev/wscons ~ wsconsio.h > Remove unused compat macros. > ok kettenis@ mpi@ (anton@) kern ~ kern_task.c > add taskq_barrier > taskq_barrier guarantees that any task that was running on the taskq > has finished by the time taskq_barrier returns. it is similar to > intr_barrier. > this is needed for use in ifq_barrier as part of an upcoming change. (dlg@) - kern_malloc_debug.c ~ kern_malloc.c > remove MALLOC_DEBUG > the code has rotted, and obviously hasnt been used for ages. it is > also hard to make mpsafe. if we need something like this again it > would be better to do it from scratch. > ok tedu@ visa@ (dlg@) ~ subr_witness.c > Fix the initial check of the checkorder and lock operations > so that statically initialized locks get properly enrolled > to the validator. > OK mpi@ (visa@) ~ sys_socket.c > Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get(). > In particular, this allows SIOCGIF* requests to run in parallel. > lots of help & ok mpi, ok visa, sashan (tb@) ~ kern_pledge.c > permit IPV6_V6ONLY in sockopt > OK deraadt@ (abieber@) miscfs/fuse ~ fuse_vnops.c > Fixes the following bugs when getcwd(3) is used on a fuse file system > Endless loop if directory nested more than one level from root of file > system > Current directory not found if the parent directory contains more children > than > will fit in the buffer passed to VOP_READDIR(9) > Open and close directory in fusefs_readdir if dir is not already open. > Now behaves as if readdir_ino option was passed to fuse so that directories > in > path have a valid ino. > ok mpi@ (helg@) net ~ pfkeyv2.c ~ if.c > Only use a single taskq to process incoming network packets as soon as > IPsec is enabled. > This is currently a no-op since we still use a single taskq. But it > will allows us to experiment with multiple forwarding threads and the > PF_LOCK() without having to fix IPsec at the same time. > ok sashan@, visa@ (mpi@) ~ pf.c > remove the ability for pf_ouraddr to say that a packet is forwarded. > having pf_ouraddr say a packet is forwarded let's in_ouraddr avoid > doing a route lookup for the packet. however, because it is forwarded > we need to do a route lookup in ip_output anyway to know where it > goes. > in_ouraddr does a bunch of extra checks on the result of the route > lookup that ip_output does not do though, including special handling > of ip_directedbroadcast and M_BCAST. if you have directed broadcast > enabled and do not do these checks, the ethernet layer will loop a > copy of broadcast packets back into the stack recursively which > can blow the thread stack in the kernel. > discussed with jmatthew@, sashan@, and henning@ > ok mpi@ > diagnosing this led to the enabling of a guard page on amd64 kernel > stacks, which was necessary for correctly identifying this problem. (dlg@) ~ pf.c ~ pf_ioctl.c ~ pfvar.h > add a generic packet rate matching filter. allows things like > pass in proto icmp max-pkt-rate 100/10 > all packets matching the rule in the direction the state was created are > taken into consideration (typically: requests, but not replies). > Just like with the other max-*, the rule stops matching if the maximum is > reached, so in typical scenarios the default block rule would kick in then. > with input from Holger Mikolon > ok mikeb (henning@) ~ if_gif.c > Remove useless comment about if_ioctl() & reduce grep noise. (mpi@) ~ pfkeyv2.c > Grab the KERNEL_LOCK() to iterate on the global list of PF_KEY sockets. > It isn't safe to manipulate PF_KEY sockets without KERNEL_LOCK() because > they aren't protected by the NET_LOCK(). > I missed this in my previous audit and neither my tests, the regression > tests nor the IPsec performance tests exposed the problem. Hopefully I > added the right check to soassertlocked() a while back. > Found the hardway by and ok sthen@ (mpi@) ~ ifq.c ~ ifq.h > reintroduce tx mitigation, like dfly does and like we used to do. > this replaces ifq_start with code that waits until at least 4 packets > have been queued on the ifq before calling the drivers start routine. > if less than 4 packets get queued, the start routine is called from > a task in a softnet tq. > 4 packets was chosen this time based on testing sephe did in dfly > which showed no real improvement when bundling more packets. hrvoje > popovski tested this on several nics and found an improvement of > 10 to 20 percent when forwarding across the board. > because some of the ifq's work could be sitting on a softnet tq, > ifq_barrier now calls taskq_barrier to guarantee any work that was > pending there has finished. > ok mpi@ visa@ (dlg@) ~ if.c ~ ifq.c ~ ifq.h > move the adding of an ifqs counters in if_getdata to ifq.c > this keeps the knowledge of ifq locking in ifq.c > ok visa@ (dlg@) ~ ifq.c ~ ifq.h > anton@ reports that ifq tx mitigation breaks iwm somehow. > back it out until i can figure the problem out. (dlg@) ~ if.c > Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get(). > In particular, this allows SIOCGIF* requests to run in parallel. > lots of help & ok mpi, ok visa, sashan (tb@) ~ if_media.h > some more 25g media types, and a bunch of AOC types. > with tweaks from carlos cardenas and visa@ > ok mpi@ (dlg@) ~ if_etherip.c > etherip(4) now handles etherip sysctls, move/remove code accordingly. > ok visa@ as part of a larger diff, ok mpi@ (jca@) ~ if_var.h ~ if.c > add if_rxr_livelocked so rxr users can request backpressure themselves. > right now the rx ring moderation code makes a decision globally > that a machine is livelocked, and uses that to apply backpressure > on all the rx rings. we're moving toward having the network stack > run on multiple cpus, and fed from multiple rx rings. if_rxr_livelocked > lets a driver apply backpressure explicitely if something tells it > that whatever is consuming previous packets cannot keep up. > while here expose the current ring watermark with if_rxr_cwm. > tweaks and ok visa@ (dlg@) ~ if_etherip.c > Move etherip counters and their allocation to etherip(4) > gif(4) now depends on etherip(4) but this is a temporary drawback: we > can get rid of etherip_init(), called from the protocol switch, and > ip_ether.c should stop using etherip counters once it is clear that this > file doesn't handle ethernet-in-IP any more. > ok visa@ as part of a larger diff, ok mpi@ (jca@) ~ if_etherip.c > Don't pass unhandled packets to gif(4) > This was useful for the migration path, it's not since gif(4) can't be > added to a bridge any more. ok visa@ as part of a larger diff, ok mpi@ > (jca@) ~ if_etherip.c ~ if_etherip.h > Move etherip_allow where it is used > While here, drop the declaration in headers, since the variable is used > in a single file. ok visa@ mpi@ (jca@) ~ if_gif.c > Rename functions that now handle only MPLS-in-IP > ok visa@ mpi@ (jca@) ~ if_etherip.c ~ if_etherip.h > Rename etherip sysctl handler, there's no conflict with ip_ether.c any more > ok visa@ mpi@ (jca@) ~ if_gif.c > #if -> #ifdef for consistency > ok visa@ as part of a larger diff (jca@) netinet ~ in.h ~ ip_input.c ~ ip_ipsp.h ~ ipsec_input.c > Introduce ipsec_sysctl() and move IPsec tunables where they belong. > ok bluhm@, visa@ (mpi@) ~ ip_ipsp.h ~ ip_var.h > Unbreak ENCDEBUG kernels by declaring `encdebug' in ip_ipsp.h (mpi@) ~ in_proto.c > Make etherip(4) the single driver responsible for etherip sysctl entries. > One step needed to completely remove ethernet-in-IP support from gif(4). > No functional changes. > ok visa@ as part of a larger diff, ok mpi@ (jca@) ~ ip_ether.h ~ ip_ether.c > etherip(4) now handles etherip sysctls, move/remove code accordingly. > ok visa@ as part of a larger diff, ok mpi@ (jca@) ~ in_proto.c ~ ip_ether.c ~ ip_ether.h > Move etherip counters and their allocation to etherip(4) > gif(4) now depends on etherip(4) but this is a temporary drawback: we > can get rid of etherip_init(), called from the protocol switch, and > ip_ether.c should stop using etherip counters once it is clear that this > file doesn't handle ethernet-in-IP any more. > ok visa@ as part of a larger diff, ok mpi@ (jca@) ~ ip_ether.c ~ in_proto.c > Drop all Ethernet-in-IP support from gif(4) > As a result, ip_ether.c now only deals with MPLS-in-IP. The next > commits will move & rename stuff to make this clear. ok visa@ mpi@ (jca@) ~ ip_ether.c > Drop etheripstat use in ip_ether.c > Those functions only handle MPLS-in-IP packets, it makes little sense to > count those as ethernet-in-IP. ok visa@ mpi@ (jca@) ~ ip_ether.c ~ ip_ether.h > Move etherip_allow where it is used > While here, drop the declaration in headers, since the variable is used > in a single file. ok visa@ mpi@ (jca@) ~ in_proto.c ~ ip_ether.c ~ ip_ether.h > Rename functions that now handle only MPLS-in-IP > ok visa@ mpi@ (jca@) ~ ip_ether.c ~ ip_ether.h > Add ifdef MPLS around all the MPLS-in-IP code > ok visa@ mpi@ (jca@) ~ in_proto.c > Rename etherip sysctl handler, there's no conflict with ip_ether.c any more > ok visa@ mpi@ (jca@) netinet6 ~ frag6.c > Remove 18 year old #if 0. > ok visa@, benno@ (mpi@) ~ frag6.c > Put the net lock around frag6_freef() as it sends ICMP6 error > messages. Splassert was triggered by regress/sys/netinet6/frag6. > OK mpi@ sashan@ visa@ (bluhm@) ~ in6_proto.c > Remove inet6 etherip sysctl entries > The INET6 entries are not needed, not documented (use net.inet.etherip) > and do not appear in sysctl(8) output. > ok mpi@ (jca@) ~ in6_proto.c > Drop all Ethernet-in-IP support from gif(4) > As a result, ip_ether.c now only deals with MPLS-in-IP. The next > commits will move & rename stuff to make this clear. ok visa@ mpi@ (jca@) nfs ~ nfs_boot.c > Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get(). > In particular, this allows SIOCGIF* requests to run in parallel. > lots of help & ok mpi, ok visa, sashan (tb@) sys ~ systm.h > Do not call splassert_fail() if splassert_ctl is <= 0. > This matches splassert(9)s behavior and prevent noise when a CPU > panic(9) and set splassert_ctl to 0. > Found the hardway by sthen@ (mpi@) ~ task.h > add taskq_barrier > taskq_barrier guarantees that any task that was running on the taskq > has finished by the time taskq_barrier returns. it is similar to > intr_barrier. > this is needed for use in ifq_barrier as part of an upcoming change. (dlg@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ctfconv ~ elf.c > Verify that every section header lies within the mapped file. > Pointed out by Mark Johnston, Markj@FreeBSD (mpi@) ctfdump ~ elf.c > Verify that every section header lies within the mapped file. > Pointed out by Mark Johnston, Markj@FreeBSD (mpi@) ssh ~ sshd.c > fix problem in configuration parsing when in config dump mode (sshd -T) > without providing a full connection specification (sshd -T -C ...) > spotted by bluhm@ (djm@) ~ ssh-agent.c > fix regression in 7.6: failure to parse a signature request message > shouldn't be fatal to the process, just the request. Reported by > Ron Frederick (djm@) ~ ssh-agent.c > downgrade a couple more request parsing errors from process-fatal to > just returning failure, making them consistent with the others that > were already like that. (djm@) tmux ~ window-copy.c > When searching in copy mode, do not scroll if the result is already on > screen. GitHub issue 1150. (nicm@) ~ tty.c > If there is a double width character at the very end of the line with > not enough room to draw it, just leave it out. (nicm@) ~ grid.c ~ screen-write.c ~ screen.c ~ tmux.h > Completely rewrite the reflow code to correctly handle double width > characters (previously they were not accounted for). (nicm@) ~ cmd-select-layout.c ~ key-bindings.c ~ layout-set.c ~ layout.c ~ tmux.1 ~ tmux.h > Add a common function for spreading out cells and use it for the two > even layouts and to add a -E flag to select-layout to spread out cells > evenly without changing parent cells. (nicm@) ~ tmux.1 ~ window-copy.c > Add -and-cancel variants for scrolling commands to exit copy mode when > the bottom is reached, from Stephen Hicks. (nicm@) ~ cmd-select-pane.c > Allow formats in selectp -T, from Thomas Adam. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ rde.c > Inverse logic, issue found by henning@. MPLS VPN is still broken though. > (claudio@) pppd ~ auth.c ~ chap.c ~ pppd.h ~ upap.c > Use explicit_bzero to erase secrets > from Scott Cheloa, ok tb@ (jca@) relayd ~ parse.y ~ relay_http.c ~ relayd.conf.5 ~ relayd.h > make the maximum size of http headers configurable in the protocol. > ok bluhm@, >8k makes sense claudio@ (benno@) ~ parse.y > Check that http options are only configured in http protocols. > OK benno@ (bluhm@) smtpd ~ smtp_session.c > merge the masquerade and missing domain header callbacks into one function. > ok gilles@ (eric@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
