Re: rman.h
Op 17 sep. 2013 om 21:54 heeft Kyle R W Milz het volgende geschreven: > tech@, > > I was porting over some freebsd kernel code and came across a struct > rman and some rman_* utility functions, defined in fbsd's sys/rman.h . > > Does obsd have an equivalent interface? It might help if you explain what this API does. -Otto
Re: edgerouter lite ethernet
On 9/17/2013 12:45 AM, Brian Callahan wrote: On 09/16/13 19:29, Jonathan Matthew wrote: Here's the rest of the changes required to get ethernet working on the edgerouter lite, which makes it possible to boot off nfsroot and do exciting stuff like build kernels. - add atphy(4) to configs - allow separate rx and tx clock settings - add phy mapping for erl - add tx/rx clock settings for erl ok? No. This breaks the RAMDISK (tested on CAM-0100). Log at the bottom of this email from the CAM-0100 (and attached as a tarball too because I don't trust Thunderbird). Note that everything else works except for the RAMDISK. The GENERIC kernel works great on the CAM-0100 and ERL and everything works as expected on both machines with GENERIC. Also, the panic still occurs if you remove the atphy* line from RAMDISK. Can someone else who has a CAM-0100 double check to make sure it's not just me, since I'd love to have this go in. I double and triple checked this today: turns out the first RAMDISK was built incorrectly somehow. The second and third check RAMDISKs work fine so I retract everything I said before and this is ok me. ~Brian ~Brian Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.4-current (GENERIC) #29: Tue Sep 17 08:07:14 EST 2013 r...@cantrip.eait.uq.edu.au:/usr/src/sys/arch/octeon/compile/GENERIC real mem = 247922688 (236MB) avail mem = 245612544 (234MB) mainbus0 at root cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation cpu0: cache L1-I 32KB D 16KB 4 way, L2 128KB direct clock0 at mainbus0: int 5 iobus0 at mainbus0 octcf at iobus0 base 0x1d000800 irq 0 not configured pcibus at iobus0 irq 0 not configured cn30xxgmx0 at iobus0 base 0x118000800 irq 48 cnmac0 at cn30xxgmx0 address=0x000118000800: RGMII, address dc:9f:db:29:40:2f atphy0 at cnmac0 phy 7: F1 10/100/1000 PHY, rev. 2 cnmac1 at cn30xxgmx0 address=0x000118000800: RGMII, address dc:9f:db:29:40:30 atphy1 at cnmac1 phy 6: F1 10/100/1000 PHY, rev. 2 cnmac2 at cn30xxgmx0 address=0x000118000800: RGMII, address dc:9f:db:29:40:31 atphy2 at cnmac2 phy 5: F1 10/100/1000 PHY, rev. 2 uar: ns16550, no working fifo com0: console com1 at uartbus0 base 0x118000c00 irq 35: ns16550, no working fifo /dev/ksyms: Symbol table not valid. vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root device: cnmac0 nfs_boot: using interface cnmac0, with revarp & bootparams cnmac0: link up (1000baseT-FDX) cnmac0: link down cnmac0: link up (1000baseT-FDX) nfs_boot: client_addr=192.168.1.2 nfs_boot: server_addr=192.168.1.22 hostname=erl root on 192.168.1.22:/srv/octeon-nfsroot WARNING: No TOD clock, believing file system. WARNING: CHECK AND RESET THE DATE! swap on 192.168.1.22:/srv/octeon-nfsswap Index: arch/octeon/conf/GENERIC === RCS file: /cvs/src/sys/arch/octeon/conf/GENERIC,v retrieving revision 1.9 diff -u -p -r1.9 GENERIC --- arch/octeon/conf/GENERIC24 Jun 2011 02:18:17 -1.9 +++ arch/octeon/conf/GENERIC16 Sep 2013 22:50:31 - @@ -44,6 +44,7 @@ cnmac*at cn30xxgmx? rgephy*at mii? ukphy*at mii? +atphy*at mii? # IDE Controller pciide*at pci? flags 0x Index: arch/octeon/conf/RAMDISK === RCS file: /cvs/src/sys/arch/octeon/conf/RAMDISK,v retrieving revision 1.11 diff -u -p -r1.11 RAMDISK --- arch/octeon/conf/RAMDISK26 Mar 2013 14:23:19 -1.11 +++ arch/octeon/conf/RAMDISK16 Sep 2013 22:50:31 - @@ -64,6 +64,7 @@ cnmac*at cn30xxgmx? rgephy*at mii? ukphy*at mii? +atphy*at mii? pseudo-deviceloop1# network loopback pseudo-devicebpfilter1# packet filter Index: arch/octeon/dev/cn30xxasx.c === RCS file: /cvs/src/sys/arch/octeon/dev/cn30xxasx.c,v retrieving revision 1.3 diff -u -p -r1.3 cn30xxasx.c --- arch/octeon/dev/cn30xxasx.c5 Dec 2012 23:20:14 -1.3 +++ arch/octeon/dev/cn30xxasx.c16 Sep 2013 22:50:31 - @@ -175,10 +175,10 @@ cn30xxasx_enable_intr(struct cn30xxasx_s #endif int -cn30xxasx_clk_set(struct cn30xxasx_softc *sc, int setting) +cn30xxasx_clk_set(struct cn30xxasx_softc *sc, int tx_setting, int rx_setting) { -_ASX_WR8(sc, ASX0_TX_CLK_SET0_OFFSET + 8 * sc->sc_port, setting); -_ASX_WR8(sc, ASX0_RX_CLK_SET0_OFFSET + 8 * sc->sc_port, setting); +_ASX_WR8(sc, ASX0_TX_CLK_SET0_OFFSET + 8 * sc->sc_port, tx_setting); +_ASX_WR8(sc, ASX0_RX_CLK_SET0_OFFSET + 8 * sc->sc_port, rx_setting); return 0; } Index: arch/octeon/dev/cn30xxasxvar.h === RCS file: /cvs/src/sys/arch/
Re: /etc/rc.d/rc.subr; prefix ${pexp} with script interpretor path
On 09/17/13 13:49, Craig R. Skinner wrote: On 2013-09-16 Mon 23:28 PM |, Alexander Hall wrote: sed can do it all. Really. This is getting beyond me Alexander. Is sed a mechanism to step away from using file(1) ? Heh, sorry about that. :) Nah, it's merely a way to combine `head | grep | sed | cut | ...` pipes since sed is often capable to cope with it all. Notes: - I separate re_quote() cause I think it can be useful in other places. - I think re_quote() is (basic) regex complete. - I don't care if the interpreter is (or seems) nonexistant, as that shouldn't be a runtime error. - I'm sure sed may die horribly if you try to feed it a 9GB oneline file. However, if so, it should not produce any output anyway. ;) If this would ever be considered a real problem, dd(1) would help (as espie already mentioned). re_quote() { sed 's/\([]^$*.\\[]\)/\\\1/g'; } interpreter=$( sed -n 's/^#![[:space:]]*\(.*\)/\1 /p;q' "${daemon}" | In this case I make sure sed only looks at the first line (unconditional 'q'uit at the end), and prints it, followed by a space, but only if it was able to withdraw a shebang and optional following whitespace from the start of the line (-n, s/^...\(.*\)/\1 /p). What is known and discussed though, is that sed could potentially crash on a *really* long first line in that file. In this case, a pre-check with file(1), or input truncation with dd, would help. Anyway, my $.02 is running out, so I leave it up to the rc.d maintainer(s) to determine if they consider it a real problem or if it can go the way of the hash-collision discussion... /Alexander re_quote) pexp="$interpreter$pexp" Moreover, - you probably want to unset $interpreter when done. - we might want to re_quote the entire $pexp later instead.
rman.h
tech@, I was porting over some freebsd kernel code and came across a struct rman and some rman_* utility functions, defined in fbsd's sys/rman.h . Does obsd have an equivalent interface?
Re: divert-to with port range
The patch is extending the rules, so i dont see how it could behave differently The original set of percentage is still strange so you have a point. Unless they expect this behavior (they still end with the good 100% rules) isn't it possible to round robin this ? with relayd or something else ? On Tue, Sep 17, 2013 at 3:42 PM, Dave Anderson wrote: > On Tue, 17 Sep 2013, Ivan Popovski wrote: > > >Hi > > > >I've been asked, by net admin, to implement pf.conf simplification for > >divert-to rule. Reason is that divert-to is written to support only one > >port per line and because of that there are situations where admins > >must write lot of lines only because different ports. After looking at > >pfctl/parse.y I've found that patch (for 5.3) would be trivial and > >wouldn't break anything, ie. works for one port and port range at the > >same time. > > > >Please let me know if there is interest for this and ofc if something > >needs to be fixed. > > > >Here is an example. > > > >Now: > > > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42240 modulate state probability 20% > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42241 modulate state probability 20% > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42242 modulate state probability 20% > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42243 modulate state probability 20% > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42244 modulate state > > This appears to be intended to divide connections equally among five > ports, but (given that the probability applies only to the packets which > actually reach the rule) doesn't it actually divide them as 20%, 16%, > 12.8%, 10.24%, 40.96%? To get an (approximately) equal distribution I > think you'd need to use probabilities 20%, 25%, 33%, 50%. > > If using a port range were to implicitly divide connections equally > among those ports, this problem would go away. But that's not what your > patch does. > > Dave > > >After patching: > > > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42240:42243 modulate state probability 20% > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 > divert-to 127.0.0.1 port 42244 modulate state > > > >Patch: > > > >Index: parse.y > >=== > >RCS file: /cvs/src/sbin/pfctl/parse.y,v > >retrieving revision 1.621 > >diff -u -r1.621 parse.y > >--- parse.y16 Jan 2013 01:49:20 - 1.621 > >+++ parse.y17 Sep 2013 15:45:20 - > >@@ -261,7 +261,7 @@ > > u_int8_t set_prio[2]; > > struct { > > struct node_host*addr; > >- u_int16_t port; > >+ u_int16_t port, port_top; > > }divert, divert_packet; > > struct redirspec nat; > > struct redirspec rdr; > >@@ -475,7 +475,7 @@ > > %typesourcetrack flush unaryop statelock > > %typeaction > > %typeflags flag blockspec prio > >-%typeportplain portstar portrange > >+%typeportstar portrange > > %type hashkey > > %typeproto proto_list proto_item > > %type protoval > >@@ -2078,6 +2078,28 @@ > > r.divert.addr = > > $8.divert.addr->addr.v.a.addr; > > } > >+ if ($8.divert.port_top && > >+ $8.divert.port_top < r.divert.port) { > >+ yyerror("invalid divert port > range: " > >+ "%u:%u", ntohs(r.divert.port), > >+ ntohs($8.divert.port_top)); > >+ YYERROR; > >+ } > >+ > >+#define NHS_LT(x, y) (ntohs(x) < ntohs(y)) > >+#define NHS_INC(x) x = htons(ntohs(x) + 1) > >+ while(NHS_LT(r.divert.port, > >+ $8.divert.port_top)) { > >+ expand_rule(&r, 1, $4, &$8.nat, > &$8.rdr, > >+ &$8.rroute, $6, $7.src_os, > >+ $7.src.host, $7.src.port, > >+ $7.dst.host, $7.dst.port, > >+ $8.uid, $8.gid, $8.rcv, > >+ $8.icmpspec, ""); > >+ NHS_INC(r.divert.port); > >+ } > >+#undef NHS_INC > >+#undef NHS_LT > >
Re: divert-to with port range
On Tue, 17 Sep 2013, Ivan Popovski wrote: >Hi > >I've been asked, by net admin, to implement pf.conf simplification for >divert-to rule. Reason is that divert-to is written to support only one >port per line and because of that there are situations where admins >must write lot of lines only because different ports. After looking at >pfctl/parse.y I've found that patch (for 5.3) would be trivial and >wouldn't break anything, ie. works for one port and port range at the >same time. > >Please let me know if there is interest for this and ofc if something >needs to be fixed. > >Here is an example. > >Now: > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42240 modulate state probability 20% >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42241 modulate state probability 20% >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42242 modulate state probability 20% >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42243 modulate state probability 20% >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42244 modulate state This appears to be intended to divide connections equally among five ports, but (given that the probability applies only to the packets which actually reach the rule) doesn't it actually divide them as 20%, 16%, 12.8%, 10.24%, 40.96%? To get an (approximately) equal distribution I think you'd need to use probabilities 20%, 25%, 33%, 50%. If using a port range were to implicitly divide connections equally among those ports, this problem would go away. But that's not what your patch does. Dave >After patching: > >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42240:42243 modulate state probability 20% >pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to >127.0.0.1 port 42244 modulate state > >Patch: > >Index: parse.y >=== >RCS file: /cvs/src/sbin/pfctl/parse.y,v >retrieving revision 1.621 >diff -u -r1.621 parse.y >--- parse.y16 Jan 2013 01:49:20 - 1.621 >+++ parse.y17 Sep 2013 15:45:20 - >@@ -261,7 +261,7 @@ > u_int8_t set_prio[2]; > struct { > struct node_host*addr; >- u_int16_t port; >+ u_int16_t port, port_top; > }divert, divert_packet; > struct redirspec nat; > struct redirspec rdr; >@@ -475,7 +475,7 @@ > %typesourcetrack flush unaryop statelock > %typeaction > %typeflags flag blockspec prio >-%typeportplain portstar portrange >+%typeportstar portrange > %type hashkey > %typeproto proto_list proto_item > %type protoval >@@ -2078,6 +2078,28 @@ > r.divert.addr = > $8.divert.addr->addr.v.a.addr; > } >+ if ($8.divert.port_top && >+ $8.divert.port_top < r.divert.port) { >+ yyerror("invalid divert port range: " >+ "%u:%u", ntohs(r.divert.port), >+ ntohs($8.divert.port_top)); >+ YYERROR; >+ } >+ >+#define NHS_LT(x, y) (ntohs(x) < ntohs(y)) >+#define NHS_INC(x) x = htons(ntohs(x) + 1) >+ while(NHS_LT(r.divert.port, >+ $8.divert.port_top)) { >+ expand_rule(&r, 1, $4, &$8.nat, &$8.rdr, >+ &$8.rroute, $6, $7.src_os, >+ $7.src.host, $7.src.port, >+ $7.dst.host, $7.dst.port, >+ $8.uid, $8.gid, $8.rcv, >+ $8.icmpspec, ""); >+ NHS_INC(r.divert.port); >+ } >+#undef NHS_INC >+#undef NHS_LT > } > r.divert_packet.port = $8.divert_packet.port; > >@@ -2197,7 +2219,7 @@ > } > filter_opts.rtableid = $2; > } >- | DIVERTTO STRING PORT portplain { >+ | DIVERTTO STRING PORT portrange { > if ((filter_opts.divert.addr = host($2)) == NULL) { > yyerror("could not parse divert address: %s", > $2); >@@ -2210,6 +2232,7 @@ >
divert-to with port range
Hi I've been asked, by net admin, to implement pf.conf simplification for divert-to rule. Reason is that divert-to is written to support only one port per line and because of that there are situations where admins must write lot of lines only because different ports. After looking at pfctl/parse.y I've found that patch (for 5.3) would be trivial and wouldn't break anything, ie. works for one port and port range at the same time. Please let me know if there is interest for this and ofc if something needs to be fixed. Here is an example. Now: pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42240 modulate state probability 20% pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42241 modulate state probability 20% pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42242 modulate state probability 20% pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42243 modulate state probability 20% pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42244 modulate state After patching: pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42240:42243 modulate state probability 20% pass in quick inet proto tcp from 192.168.1.0/24 to any port 21 divert-to 127.0.0.1 port 42244 modulate state Patch: Index: parse.y === RCS file: /cvs/src/sbin/pfctl/parse.y,v retrieving revision 1.621 diff -u -r1.621 parse.y --- parse.y 16 Jan 2013 01:49:20 - 1.621 +++ parse.y 17 Sep 2013 15:45:20 - @@ -261,7 +261,7 @@ u_int8_t set_prio[2]; struct { struct node_host*addr; - u_int16_t port; + u_int16_t port, port_top; }divert, divert_packet; struct redirspec nat; struct redirspec rdr; @@ -475,7 +475,7 @@ %type sourcetrack flush unaryop statelock %type action %type flags flag blockspec prio -%type portplain portstar portrange +%type portstar portrange %type hashkey %type proto proto_list proto_item %typeprotoval @@ -2078,6 +2078,28 @@ r.divert.addr = $8.divert.addr->addr.v.a.addr; } + if ($8.divert.port_top && + $8.divert.port_top < r.divert.port) { + yyerror("invalid divert port range: " + "%u:%u", ntohs(r.divert.port), + ntohs($8.divert.port_top)); + YYERROR; + } + +#define NHS_LT(x, y) (ntohs(x) < ntohs(y)) +#define NHS_INC(x) x = htons(ntohs(x) + 1) + while(NHS_LT(r.divert.port, + $8.divert.port_top)) { + expand_rule(&r, 1, $4, &$8.nat, &$8.rdr, + &$8.rroute, $6, $7.src_os, + $7.src.host, $7.src.port, + $7.dst.host, $7.dst.port, + $8.uid, $8.gid, $8.rcv, + $8.icmpspec, ""); + NHS_INC(r.divert.port); + } +#undef NHS_INC +#undef NHS_LT } r.divert_packet.port = $8.divert_packet.port; @@ -2197,7 +2219,7 @@ } filter_opts.rtableid = $2; } - | DIVERTTO STRING PORT portplain { + | DIVERTTO STRING PORT portrange { if ((filter_opts.divert.addr = host($2)) == NULL) { yyerror("could not parse divert address: %s", $2); @@ -2210,6 +2232,7 @@ yyerror("invalid divert port: %u", ntohs($4.a)); YYERROR; } + filter_opts.divert.port_top = $4.b; } | DIVERTREPLY { filter_opts.divert.port = 1;/* some random value */ @@ -3073,15 +3096,6 @@ $$->op = $2; $$->next = NULL; $$->tail = $$; - } - ; - -portplain : numberstring { - if (parseport($1, &$$, 0) == -1) {
Re: /etc/rc.d/rc.subr; prefix ${pexp} with script interpretor path
On 2013-09-16 Mon 23:28 PM |, Alexander Hall wrote: > > sed can do it all. Really. This is getting beyond me Alexander. Is sed a mechanism to step away from using file(1) ? > Notes: > > - I separate re_quote() cause I think it can be useful in other places. > - I think re_quote() is (basic) regex complete. > - I don't care if the interpreter is (or seems) nonexistant, as that > shouldn't be a runtime error. > - I'm sure sed may die horribly if you try to feed it a 9GB oneline > file. However, if so, it should not produce any output anyway. ;) > If this would ever be considered a real problem, dd(1) would help > (as espie already mentioned). > > re_quote() { sed 's/\([]^$*.\\[]\)/\\\1/g'; } > > interpreter=$( > sed -n 's/^#![[:space:]]*\(.*\)/\1 /p;q' "${daemon}" | > re_quote) > pexp="$interpreter$pexp" > > Moreover, > > - you probably want to unset $interpreter when done. > - we might want to re_quote the entire $pexp later instead. >