carp(4) and Ethernet header
Same problem as with vlan(4). carp(4) also need to stop calling ether_input() directly and that implies having a mbuf with the correct Ethernet header prepended. Index: netinet/ip_carp.c === RCS file: /cvs/src/sys/netinet/ip_carp.c,v retrieving revision 1.249 diff -u -p -r1.249 ip_carp.c --- netinet/ip_carp.c 7 Apr 2015 10:46:20 - 1.249 +++ netinet/ip_carp.c 9 Apr 2015 12:08:35 - @@ -1434,11 +1434,15 @@ carp_our_mcastaddr(struct ifnet *ifp, u_ int carp_input(struct ifnet *ifp0, struct ether_header *eh0, struct mbuf *m) { - struct ether_header eh; + struct ether_header *eh; struct carp_if *cif = (struct carp_if *)ifp0-if_carp; struct ifnet *ifp; - memcpy(eh, eh0, sizeof(eh)); + M_PREPEND(m, sizeof(*eh), M_DONTWAIT); + if (m == NULL) + return (-1); + eh = mtod(m, struct ether_header *); + memmove(eh, eh0, sizeof(*eh)); if ((ifp = carp_ourether(cif, eh0-ether_dhost))) ; @@ -1459,11 +1463,11 @@ carp_input(struct ifnet *ifp0, struct et m0-m_pkthdr.rcvif = vh-sc_if; #if NBPFILTER 0 if (vh-sc_if.if_bpf) - bpf_mtap_hdr(vh-sc_if.if_bpf, (char *)eh, - ETHER_HDR_LEN, m0, BPF_DIRECTION_IN, NULL); + bpf_mtap_ether(vh-sc_if.if_bpf, m, + BPF_DIRECTION_IN); #endif vh-sc_if.if_ipackets++; - ether_input(m0, eh); + ether_input_mbuf(vh-sc_if, m0); } return (1); } @@ -1475,11 +1479,10 @@ carp_input(struct ifnet *ifp0, struct et #if NBPFILTER 0 if (ifp-if_bpf) - bpf_mtap_hdr(ifp-if_bpf, (char *)eh, ETHER_HDR_LEN, m, - BPF_DIRECTION_IN, NULL); + bpf_mtap_ether(ifp-if_bpf, m, BPF_DIRECTION_IN); #endif ifp-if_ipackets++; - ether_input(m, eh); + ether_input_mbuf(ifp, m); return (0); }
prevent short transfer in lptwrite()
uio_resid may overflow when coerced to u_int, causing lptwrite() to return early. Also, uiomovei() can be replaced with uiomove(), the size argument is of type size_t anyway. Index: dev/ic/lpt.c === RCS file: /cvs/src/sys/dev/ic/lpt.c,v retrieving revision 1.13 diff -u -p -r1.13 lpt.c --- dev/ic/lpt.c10 Feb 2015 21:56:09 - 1.13 +++ dev/ic/lpt.c9 Apr 2015 17:56:17 - @@ -367,8 +367,8 @@ lptwrite(dev_t dev, struct uio *uio, int size_t n; int error = 0; - while ((n = min(LPT_BSIZE, uio-uio_resid)) != 0) { - error = uiomovei(sc-sc_cp = sc-sc_inbuf-b_data, n, uio); + while ((n = ulmin(LPT_BSIZE, uio-uio_resid)) != 0) { + error = uiomove(sc-sc_cp = sc-sc_inbuf-b_data, n, uio); if (error != 0) return error; sc-sc_count = n; cheers, natano
Re: autoinstall(8) tweaks
On 09/04/15 10:53, Theo de Raadt wrote: If you have very small disk, disklabel will give you one partition. No problem. DONE. If you have ample disk, it will try to give you more partitions, because the split partition scheme is MORE SECURE. It will stepwise increase the number of partitions in use, using a heuristic that a lot of development effort went into. The example I have is one of a cluster of about 50 small machines with 16GB flash cards each. Currently the alloc_big scheme is used by disklabel for these (as with anything about 8GB, depending on RAM). On a 16GB flash card it will allocate about 17% of total space to /usr/src and /usr/obj. I have no intention at all of rebuilding OpenBSD on any of these, so I consider this wasted space. I agree that such a use case seems to be very uncommon, and after reading the replies I withdraw my question as to whether there could be a useful patch to come out of it. Building a patched bsd.rd locally for such a unique need is not a problem at all. I asked out of curiousity more than anything else, so I'm sorry to waste your time on it.
Re: autoinstall(8) tweaks
On April 9, 2015 9:33:57 AM GMT+02:00, Stuart Henderson st...@openbsd.org wrote: On 2015/04/09 09:13, Alexander Hall wrote: I don't think tweaking an existing auto label is unnecessary and overly . Hardcoding mount points and their sizes should be enough, and leave the rest unallocated. At least, specifying in % is pretty important. Sounds plausible. Maybe even *. But it seems people are expected to build a custom bsd.rd if they want something different so I'll bow out of this conversation. I'm by no means a big user of autoinstall, so my opinion on the use case shouldn't matter that much. I do think defining the file system layout is an almost essential detail thereof, though. I'm just interested in a clean implementation.
Re: autoinstall(8) tweaks
On 2015/04/09 09:13, Alexander Hall wrote: I don't think tweaking an existing auto label is unnecessary and overly . Hardcoding mount points and their sizes should be enough, and leave the rest unallocated. At least, specifying in % is pretty important. But it seems people are expected to build a custom bsd.rd if they want something different so I'll bow out of this conversation.
Re: pfi_kif leaks for PBR rules
On 8 April 2015 at 19:16, Mike Belopuhov m...@belopuhov.com wrote: On Sun, Apr 05, 2015 at 12:06 +0200, Alexandr Nedvedicky wrote: Hello, while testing PBR on Solaris we found out the pfi_kif instances are not removed from pfi_ifs table. We took a look at crashdump and have seen pfik_route counter at those object is still non-zero, while all rules were gone. looking at sources we can see the 'pfik_route' (PFI_KIF_REF_ROUTE) reference is being grabbed in pfr_create_kentry(): 840 case PFRKE_ROUTE: 841 if (ad-pfra_ifname[0]) 842 ke-pfrke_rkif = pfi_kif_get(ad-pfra_ifname); 843 if (ke-pfrke_rkif) 844 pfi_kif_ref(ke-pfrke_rkif, PFI_KIF_REF_ROUTE); 845 break; 846 default: 847 panic(unknown pfrke_type %d, ke-pfrke_type); 848 break; however we have not found any matching pfi_kif_ref() command, which would remove the reference created by pfr_create_kentry(). It seems to us the call to pfi_kif_unref(ke-pfrke_rkif, PFI_KIF_REF_ROUTE) is missing at pfr_destroy_kentry(). We created patch against OpenBSD CURRENT. We have no OpenBSD boxes around, where we could verify our fix. also for your info: IPF in Solaris is on its death row. PF in 11.3 release will be available as optional firewall. We hope to make PF default (and only firewall) in Solaris 12. You've made excellent job, your PF is crystal-clear design. kind regards sasha [snip] Hi, Your analysis is correct. I'd drop the switch statement here for simplicity though. Anyone's willing to OK? Committed, thanks!
Re: autoinstall(8) tweaks
The example I have is one of a cluster of about 50 small machines with 16GB flash cards each. Currently the alloc_big scheme is used by disklabel for these (as with anything about 8GB, depending on RAM). On a 16GB flash card it will allocate about 17% of total space to /usr/src and /usr/obj. I have no intention at all of rebuilding OpenBSD on any of these, so I consider this wasted space. Do you have a specific need for that 2.7GB of space, or do you wish to add it to another partition because the waste looks offensive? By the way, not using that space can have a side benefit. If it is currently scrubbed, it can stay in the flash scrubber's hands, and thus improve wear-leveling. I agree that such a use case seems to be very uncommon, and after reading the replies I withdraw my question as to whether there could be a useful patch to come out of it. As Alexander and I have explained, complicated hacks like this come with maintainance downsides. Secondly, the usage pattern for this so twisted and obtuse, some of us doubt more than a handful would use it before it passes into obscurity. A better over-reaching solution was suggested around a year ago, which is to replace the entire prompt-answering mechanism with something more like expect. Steps towards adding this would be: add pty support to the media, write a minimal command with the functionality of expect; then run the install script on a pty, and subject the questions to answers subject to the autoinstall scheme. That would allow input into ALL the command prompts, not just the ksh-provided questions. That would need to be written, then looked at to see if there are downsides. Please understand that uwe's autoinstall was not the first attempt at adding the mechanism... rather, it was the first clean one which did not make the install scripts much more complex (in fact, his changes pushed the scripts to be become simpler). Building a patched bsd.rd locally for such a unique need is not a problem at all. I asked out of curiousity more than anything else, so I'm sorry to waste your time on it.
Run ifp detach hooks before ether_ifdetach()
Changes done by pseudo-driver *after* ether_ifattach() must be undone *before* ether_ifdetach(). Otherwise it is impossible to ensure we're leaving a stacked pseudo-interface in a correct state. Since I don't want to modify every single driver calling ether_ifdetach() I'm using a new function, if_deactivate() to undo all the pseudo-driver stuff. It is safe to call this function multiple times because after the first time the parent interface won't have any pseudo-interface attached to it. I'm leaving splnet() below, even if pseudo-interfaces that need it should take care of raising it, to be on the safe side. More cleanup might happen later. This is a trivial change needed for upcoming if_input() work. Ok? Index: net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.327 diff -u -p -r1.327 if.c --- net/if.c7 Apr 2015 10:46:20 - 1.327 +++ net/if.c9 Apr 2015 09:15:37 - @@ -521,22 +521,12 @@ nettxintr(void) splx(s); } -/* - * Detach an interface from everything in the kernel. Also deallocate - * private resources. - */ void -if_detach(struct ifnet *ifp) +if_deactivate(struct ifnet *ifp) { - struct ifaddr *ifa; - struct ifg_list *ifg; - int s = splnet(); - struct domain *dp; + int s; - ifp-if_flags = ~IFF_OACTIVE; - ifp-if_start = if_detached_start; - ifp-if_ioctl = if_detached_ioctl; - ifp-if_watchdog = NULL; + s = splnet(); /* * Call detach hooks from head to tail. To make sure detach @@ -545,12 +535,6 @@ if_detach(struct ifnet *ifp) */ dohooks(ifp-if_detachhooks, HOOK_REMOVE | HOOK_FREE); - /* Remove the watchdog timeout */ - timeout_del(ifp-if_slowtimo); - - /* Remove the link state task */ - task_del(systq, ifp-if_linkstatetask); - #if NBRIDGE 0 /* Remove the interface from any bridge it is part of. */ if (ifp-if_bridgeport) @@ -562,6 +546,36 @@ if_detach(struct ifnet *ifp) if (ifp-if_carp ifp-if_type != IFT_CARP) carp_ifdetach(ifp); #endif + + splx(s); +} + +/* + * Detach an interface from everything in the kernel. Also deallocate + * private resources. + */ +void +if_detach(struct ifnet *ifp) +{ + struct ifaddr *ifa; + struct ifg_list *ifg; + struct domain *dp; + int s; + + /* Undo pseudo-driver changes. */ + if_deactivate(ifp); + + s = splnet(); + ifp-if_flags = ~IFF_OACTIVE; + ifp-if_start = if_detached_start; + ifp-if_ioctl = if_detached_ioctl; + ifp-if_watchdog = NULL; + + /* Remove the watchdog timeout */ + timeout_del(ifp-if_slowtimo); + + /* Remove the link state task */ + task_del(systq, ifp-if_linkstatetask); #if NBPFILTER 0 bpfdetach(ifp); Index: net/if.h === RCS file: /cvs/src/sys/net/if.h,v retrieving revision 1.161 diff -u -p -r1.161 if.h --- net/if.h18 Mar 2015 12:23:15 - 1.161 +++ net/if.h9 Apr 2015 09:15:37 - @@ -446,6 +446,7 @@ voidif_attach(struct ifnet *); void if_attachdomain(void); void if_attachtail(struct ifnet *); void if_attachhead(struct ifnet *); +void if_deactivate(struct ifnet *); void if_detach(struct ifnet *); void if_down(struct ifnet *); void if_downall(void); Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.191 diff -u -p -r1.191 if_ethersubr.c --- net/if_ethersubr.c 7 Apr 2015 10:46:20 - 1.191 +++ net/if_ethersubr.c 9 Apr 2015 09:16:45 - @@ -802,6 +802,9 @@ ether_ifdetach(struct ifnet *ifp) struct ifih *ether_ifih; struct ether_multi *enm; + /* Undo pseudo-driver changes. */ + if_deactivate(ifp); + ether_ifih = SLIST_FIRST(ifp-if_inputs); SLIST_REMOVE_HEAD(ifp-if_inputs, ifih_next);
Re: libressl-2.1.6 on AIX
Just to make sure I understand what is expected of isssetguid() - could you perhaps, in terms of ls -l output with suid programs describe the sequence(s) where the value should be 1 - and especially, when they might (read should) be 0. From memory of what I read (how I understood) the man page, if was superuser, and am still user - then 0 is appropriate. However, if was superuser (euid == 0) and a setuid call is used to demote/lower privilidge then 1 is the correct value. Completely wrong, and I have no no idea where you got that from! Read the man page again! http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/issetugid.2?query=issetugid The issetugid status of a process is only affected by execve(). Let's look at the OpenBSD kernel, where this system call was invented, for the exact semantics. This issetugid() system call simply returns the status: if (p-p_p-ps_flags PS_SUGIDEXEC) *retval = 1; else *retval = 0; What affects PS_SUGIDEXEC? It is only set or cleared in execve() based on variables which are probably self-evident: /* * If process does execve() while it has a mismatched real, * effective, or saved uid/gid, we set PS_SUGIDEXEC. */ if (cred-cr_uid != cred-cr_ruid || cred-cr_uid != cred-cr_svuid || cred-cr_gid != cred-cr_rgid || cred-cr_gid != cred-cr_svgid) atomic_setbits_int(pr-ps_flags, PS_SUGIDEXEC); else atomic_clearbits_int(pr-ps_flags, PS_SUGIDEXEC); Meanwhile, at fork() time, the child simply inherits the status of the parent: pr-ps_flags = parent-ps_flags (PS_SUGID | PS_SUGIDEXEC); You will note a second flag called PS_SUGID at fork, which dates back to the dawn of time. The difference between these flags is very subtly described in the .h file: #define PS_SUGID0x0010 /* Had set id privs since last exec. */ #define PS_SUGIDEXEC0x0020 /* last execve() was set[ug]id */ The dominant usage pattern for issetugid() is to prevent inspection of the environment via getenv(), down in a library. The issetugid() API relieves programs from having to sanitize their environment before calling into libraries, because the 90's showed us someone always screws up that pattern the libraries need a method to save themselves. Patterns like getuid() != geteuid() do not give you the same guarantees. issetugid() tells you that your priviledge level is incompatible with the provinance of the environment strings.
Re: whois(1): use whois.nic.tld where possible
Stuart Henderson wrote: There is a standard (required) hostname scheme, whois.nic.tld, for the new gTLDs. For months whois-servers.net didn't list any of the new ones, they are starting to catch up but are still behind, $ unbound-host sucks.whois-servers.net Host sucks.whois-servers.net not found: 3(NXDOMAIN). $ unbound-host whois.nic.sucks whois.nic.sucks is an alias for whois.sucks.aridnrs.net.au. whois.sucks.aridnrs.net.au has address 120.29.248.191 whois.sucks.aridnrs.net.au has IPv6 address 2001:dcd:11::f0bf and the extra indirection just adds fragility in the cases where they do have the right details, so the diff teaches whois to use them directly. Any comments/OKs? - strlcpy(server, qhead, len); - strlcat(server, QNICHOST_TAIL, len); + + /* + * Post-2003 (new) gTLDs are all supposed to have whois.nic.domain + * (per registry agreement), some older gTLDs also support this... + */ + strlcpy(server, whois.nic., len); + strlcat(server, qhead, len); + strlcpy(server, qhead, len); + strlcat(server, QNICHOST_TAIL, len); I see it was like this before, but these are obvious places to use snprintf instead.
prevent short transfer in nvramread()
Below another min() - ulmin() conversion to prevent integer overflow. The size (tmp - buf) passed to uiomovei() is essentially bound by the 'count' variable, thus convert to uiomove(). Index: arch/amd64/amd64/nvram.c === RCS file: /cvs/src/sys/arch/amd64/amd64/nvram.c,v retrieving revision 1.3 diff -u -p -r1.3 nvram.c --- arch/amd64/amd64/nvram.c14 Mar 2015 03:38:46 - 1.3 +++ arch/amd64/amd64/nvram.c9 Apr 2015 17:50:54 - @@ -94,7 +94,7 @@ nvramread(dev_t dev, struct uio *uio, in u_char buf[NVRAM_SIZE]; u_int pos = uio-uio_offset; u_char *tmp; - int count = min(sizeof(buf), uio-uio_resid); + size_t count = ulmin(sizeof(buf), uio-uio_resid); int ret; if (!nvram_initialized) @@ -104,7 +104,7 @@ nvramread(dev_t dev, struct uio *uio, in return (0); #ifdef NVRAM_DEBUG - printf(attempting to read %d bytes at offset %d\n, count, pos); + printf(attempting to read %zu bytes at offset %d\n, count, pos); #endif for (tmp = buf; count-- 0 pos NVRAM_SIZE; ++pos, ++tmp) @@ -114,7 +114,7 @@ nvramread(dev_t dev, struct uio *uio, in printf(nvramread read %d bytes (%s)\n, (tmp - buf), tmp); #endif - ret = uiomovei((caddr_t)buf, (tmp - buf), uio); + ret = uiomove((caddr_t)buf, (tmp - buf), uio); uio-uio_offset += uio-uio_resid; cheers, natano
Re: autoinstall(8) tweaks
On April 9, 2015 2:44:28 AM GMT+02:00, Stuart Henderson st...@openbsd.org wrote: On 2015/04/09 01:53, Alexander Hall wrote: On April 8, 2015 9:13:27 AM GMT+02:00, Stuart Henderson st...@openbsd.org wrote: On 2015/04/07 20:02, Alex Wilson wrote: On the topic of local tweaks to autoinstall, I was trying to use it for a bunch of blades with very limited disk the other day, and I really wanted to make them just create a single slice for / and some swap. .. So that then I could put Use (W)hole disk, use the = W Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = C disklabel = D\na b\n\n4g\n\na a\n\n\n\n/\np\nq\n in my install.conf I think this diff has been written a few times now, iirc everybody settled on the same method.. We strive to make install.conf readable, and not contain semi-binary data. Also, the question asked should be specific enough to allow for more than one disk (unless we only do the disklabel for the primary disk?). I haven't put a great effort into it, but I'd rather present a possibility to suck in a disklabel from a separate file and allow the user to point out said file. IIRC, krw@ made some changes that improved that possibility. /Alexander Are people really wanting to change fsize, bsize and work out offsets here? IIRC you can leave those out. And if you want your own layout, I don't think creating a fake disklabel on some vnd is a huge effort I'd have thought they want to say things like I want 2G /, 2G /home, 8G /var, 4G /usr, 20G /usr/local, and split the rest of the disk between /var/www and /data, or this is all great except this humongous /home, change it to 4G and put the rest in /mail. I don't think tweaking an existing auto label is unnecessary and overly . Hardcoding mount points and their sizes should be enough, and leave the rest unallocated. If I'm not mistaken disklabel only looks at the first letter, so it could be a bit more self-documenting, disklabel = Default\nadd b\n\n4g\n\nadd a\n\n\n\n/\nprint\nquit\n or neatened (to some eyes) with an s_;_\n_g disklabel = Default;add b;;4g;;add a/;print;quit; For the rest of the autoinstall file, while the questions and answers are readable, they aren't documented, so basing it on a manual installer run seems the only way to get started (it could even be automated from a serial port capture), the disklabel -E language seems a reasonable fit with this doesn't it? I think we can do better. Again, I'd much rather feed it a stripped down disklabel, possibly extending disklabel(8) to cope with the minimal amount of information, if needed. One missing thing was the ability to pass it the mount point. Ken might have added that since, but I'm not sure. /Alexander
whois(1): use whois.nic.tld where possible
There is a standard (required) hostname scheme, whois.nic.tld, for the new gTLDs. For months whois-servers.net didn't list any of the new ones, they are starting to catch up but are still behind, $ unbound-host sucks.whois-servers.net Host sucks.whois-servers.net not found: 3(NXDOMAIN). $ unbound-host whois.nic.sucks whois.nic.sucks is an alias for whois.sucks.aridnrs.net.au. whois.sucks.aridnrs.net.au has address 120.29.248.191 whois.sucks.aridnrs.net.au has IPv6 address 2001:dcd:11::f0bf and the extra indirection just adds fragility in the cases where they do have the right details, so the diff teaches whois to use them directly. Any comments/OKs? Index: whois.c === RCS file: /cvs/src/usr.bin/whois/whois.c,v retrieving revision 1.46 diff -u -p -r1.46 whois.c --- whois.c 3 Jan 2014 15:25:18 - 1.46 +++ whois.c 9 Apr 2015 08:56:54 - @@ -278,6 +278,12 @@ choose_server(const char *name, const ch char *nserver; char *ep; size_t len; + struct addrinfo hints, *res; + + memset(hints, 0, sizeof(hints)); + hints.ai_flags = 0; + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; if (country != NULL) qhead = country; @@ -299,8 +305,33 @@ choose_server(const char *name, const ch if ((nserver = realloc(server, len)) == NULL) err(1, realloc); server = nserver; - strlcpy(server, qhead, len); - strlcat(server, QNICHOST_TAIL, len); + + /* +* Post-2003 (new) gTLDs are all supposed to have whois.nic.domain +* (per registry agreement), some older gTLDs also support this... +*/ + strlcpy(server, whois.nic., len); + strlcat(server, qhead, len); + + /* most ccTLDs don't do this, but QNICHOST/whois-servers mostly works */ + if ((strlen(qhead) == 2 || + /* and is required for most of the =2003 TLDs/gTLDs */ + strncasecmp(qhead, org, 3) == 0 || + strncasecmp(qhead, com, 3) == 0 || + strncasecmp(qhead, net, 3) == 0 || + strncasecmp(qhead, cat, 3) == 0 || + strncasecmp(qhead, pro, 3) == 0 || + strncasecmp(qhead, info, 4) == 0 || + strncasecmp(qhead, aero, 4) == 0 || + strncasecmp(qhead, jobs, 4) == 0 || + strncasecmp(qhead, mobi, 4) == 0 || + strncasecmp(qhead, museum., 6) == 0 || +/* for others, if whois.nic.TLD doesn't exist, try whois-servers */ + getaddrinfo(server, NULL, hints, res) != 0)) { + strlcpy(server, qhead, len); + strlcat(server, QNICHOST_TAIL, len); + } + return (server); } Index: whois.1 === RCS file: /cvs/src/usr.bin/whois/whois.1,v retrieving revision 1.32 diff -u -p -r1.32 whois.1 --- whois.1 5 Mar 2013 16:09:10 - 1.32 +++ whois.1 9 Apr 2015 09:25:10 - @@ -97,8 +97,11 @@ By default .Nm constructs the name of a whois server to use from the top-level domain .Pq Tn TLD -of the supplied (single) argument, and appending -.Qq Li .whois-servers.net . +of the supplied (single) argument. +For newer generic domains (gTLDs), a lookup for whois.nic.tld is attempted. +For other TLDs, or if this lookup fails, +.Qq Li .whois-servers.net +is appended to the TLD. This effectively allows a suitable whois server to be selected automatically for a large number of .Tn TLDs .
bridge(4) and Ethernet header
Like vlan(4) and carp(4), bridge(4) also need to be tweaked to still work during the if_input() transition. Removing the ether_input() calls in this driver was a bit tricky *because* bridge_input() is called after ether_input(). See how 3 M_PREPEND() are converted to 1? And soon none will be required. Index: net/if_bridge.c === RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.233 diff -u -p -r1.233 if_bridge.c --- net/if_bridge.c 7 Apr 2015 10:46:20 - 1.233 +++ net/if_bridge.c 9 Apr 2015 13:56:07 - @@ -115,8 +115,7 @@ voidbridge_broadcast(struct bridge_soft struct ether_header *, struct mbuf *); void bridge_localbroadcast(struct bridge_softc *, struct ifnet *, struct ether_header *, struct mbuf *); -void bridge_span(struct bridge_softc *, struct ether_header *, -struct mbuf *); +void bridge_span(struct bridge_softc *, struct mbuf *); void bridge_stop(struct bridge_softc *); void bridge_init(struct bridge_softc *); intbridge_bifconf(struct bridge_softc *, struct ifbifconf *); @@ -1004,7 +1003,7 @@ bridge_output(struct ifnet *ifp, struct return (0); } #endif /* IPSEC */ - bridge_span(sc, NULL, m); + bridge_span(sc, m); TAILQ_FOREACH(p, sc-sc_iflist, next) { dst_if = p-ifp; @@ -1080,7 +1079,7 @@ sendunicast: (sa = bridge_tunneltag(m, dst_p-brt_tunnel.sa.sa_family)) != NULL) memcpy(sa, dst_p-brt_tunnel.sa, dst_p-brt_tunnel.sa.sa_len); - bridge_span(sc, NULL, m); + bridge_span(sc, m); if ((dst_if-if_flags IFF_RUNNING) == 0) { m_freem(m); return (ENETDOWN); @@ -1296,9 +1295,10 @@ bridgeintr_frame(struct bridge_softc *sc * not for us, and schedule an interrupt. */ struct mbuf * -bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) +bridge_input(struct ifnet *ifp, struct ether_header *eh0, struct mbuf *m) { struct bridge_softc *sc; + struct ether_header *eh; int s; struct bridge_iflist *ifl, *srcifl; struct arpcom *ac; @@ -1320,13 +1320,18 @@ bridge_input(struct ifnet *ifp, struct e if ((sc-sc_if.if_flags IFF_RUNNING) == 0) return (m); + M_PREPEND(m, sizeof(*eh), M_DONTWAIT); + if (m == NULL) + return (NULL); + eh = mtod(m, struct ether_header *); + memmove(eh, eh0, sizeof(*eh)); + #if NBPFILTER 0 if (sc-sc_if.if_bpf) - bpf_mtap_hdr(sc-sc_if.if_bpf, (caddr_t)eh, - ETHER_HDR_LEN, m, BPF_DIRECTION_IN, NULL); + bpf_mtap_ether(sc-sc_if.if_bpf, m, BPF_DIRECTION_IN); #endif - bridge_span(sc, eh, m); + bridge_span(sc, m); if (m-m_flags (M_BCAST | M_MCAST)) { /* @@ -1356,18 +1361,9 @@ bridge_input(struct ifnet *ifp, struct e (ifl-bif_state == BSTP_IFSTATE_DISCARDING)) return (m); - /* -* make a copy of 'm' with 'eh' tacked on to the -* beginning. Return 'm' for local processing -* and enqueue the copy. Schedule netisr. -*/ mc = m_copym2(m, 0, M_COPYALL, M_NOWAIT); if (mc == NULL) return (m); - M_PREPEND(mc, ETHER_HDR_LEN, M_DONTWAIT); - if (mc == NULL) - return (m); - bcopy(eh, mtod(mc, caddr_t), ETHER_HDR_LEN); s = splnet(); if (IF_QFULL(sc-sc_if.if_snd)) { m_freem(mc); @@ -1387,11 +1383,11 @@ bridge_input(struct ifnet *ifp, struct e m-m_pkthdr.ph_rtableid = ifl-ifp-if_rdomain; #if NBPFILTER 0 if (ifl-ifp-if_bpf) - bpf_mtap(ifl-ifp-if_bpf, m, + bpf_mtap_ether(ifl-ifp-if_bpf, m, BPF_DIRECTION_IN); #endif m-m_flags |= M_PROTO1; - ether_input(m, eh); + ether_input_mbuf(ifl-ifp, m); ifl-ifp-if_ipackets++; m = NULL; } @@ -1434,21 +1430,21 @@ bridge_input(struct ifnet *ifp, struct e * is aware */ #if NBPFILTER 0 if (ifl-ifp-if_bpf) - bpf_mtap_hdr(ifl-ifp-if_bpf, (caddr_t)eh, - ETHER_HDR_LEN, m, BPF_DIRECTION_IN, NULL); + bpf_mtap_ether(ifl-ifp-if_bpf, m, + BPF_DIRECTION_IN); #endif /* Count for the interface we are
ps(1) getopt flags are not counters
Hi, kflag and wflag don't need to be counters; wflag only needs to know if greater than 0 for its one test case. Expanded diff context below. OK? Thanks, Okan Index: ps.c === RCS file: /home/open/cvs/src/bin/ps/ps.c,v retrieving revision 1.63 diff -u -p -U8 -r1.63 ps.c --- ps.c16 Jan 2015 06:39:32 - 1.63 +++ ps.c9 Apr 2015 18:41:13 - @@ -153,17 +153,17 @@ main(int argc, char *argv[]) prtheader = ws.ws_row 5 ? ws.ws_row : 22; break; case 'j': parsefmt(jfmt); fmt = 1; jfmt[0] = '\0'; break; case 'k': - kflag++; + kflag = 1; break; case 'L': showkey(); exit(0); case 'l': parsefmt(lfmt); fmt = 1; lfmt[0] = '\0'; @@ -243,17 +243,17 @@ main(int argc, char *argv[]) case 'W': swapf = optarg; break; case 'w': if (wflag) termwidth = UNLIMITED; else if (termwidth 131) termwidth = 131; - wflag++; + wflag = 1; break; case 'x': xflg = 1; break; default: usage(); } argc -= optind;
Re: zmore diff
On Thu, 09 Apr 2015 08:37:31 +0200, Tim van der Molen wrote: This diff makes zmore and zless recognise options starting with + so that commands like zless +G foo.gz work. It makes sense to do this for zmore, too, because the less implementation of more also supports + options. Thanks, committed. - todd
Re: whois(1): use whois.nic.tld where possible
On 2015/04/09 10:25, Stuart Henderson wrote: There is a standard (required) hostname scheme, whois.nic.tld, for the new gTLDs. For months whois-servers.net didn't list any of the new ones, they are starting to catch up but are still behind, $ unbound-host sucks.whois-servers.net Host sucks.whois-servers.net not found: 3(NXDOMAIN). $ unbound-host whois.nic.sucks whois.nic.sucks is an alias for whois.sucks.aridnrs.net.au. whois.sucks.aridnrs.net.au has address 120.29.248.191 whois.sucks.aridnrs.net.au has IPv6 address 2001:dcd:11::f0bf and the extra indirection just adds fragility in the cases where they do have the right details, so the diff teaches whois to use them directly. Any comments/OKs? Giovanni noticed a stray . - fixed below. Index: whois.c === RCS file: /cvs/src/usr.bin/whois/whois.c,v retrieving revision 1.46 diff -u -p -r1.46 whois.c --- whois.c 3 Jan 2014 15:25:18 - 1.46 +++ whois.c 9 Apr 2015 11:38:15 - @@ -278,6 +278,12 @@ choose_server(const char *name, const ch char *nserver; char *ep; size_t len; + struct addrinfo hints, *res; + + memset(hints, 0, sizeof(hints)); + hints.ai_flags = 0; + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; if (country != NULL) qhead = country; @@ -299,8 +305,33 @@ choose_server(const char *name, const ch if ((nserver = realloc(server, len)) == NULL) err(1, realloc); server = nserver; - strlcpy(server, qhead, len); - strlcat(server, QNICHOST_TAIL, len); + + /* +* Post-2003 (new) gTLDs are all supposed to have whois.nic.domain +* (per registry agreement), some older gTLDs also support this... +*/ + strlcpy(server, whois.nic., len); + strlcat(server, qhead, len); + + /* most ccTLDs don't do this, but QNICHOST/whois-servers mostly works */ + if ((strlen(qhead) == 2 || + /* and is required for most of the =2003 TLDs/gTLDs */ + strncasecmp(qhead, org, 3) == 0 || + strncasecmp(qhead, com, 3) == 0 || + strncasecmp(qhead, net, 3) == 0 || + strncasecmp(qhead, cat, 3) == 0 || + strncasecmp(qhead, pro, 3) == 0 || + strncasecmp(qhead, info, 4) == 0 || + strncasecmp(qhead, aero, 4) == 0 || + strncasecmp(qhead, jobs, 4) == 0 || + strncasecmp(qhead, mobi, 4) == 0 || + strncasecmp(qhead, museum, 6) == 0 || +/* for others, if whois.nic.TLD doesn't exist, try whois-servers */ + getaddrinfo(server, NULL, hints, res) != 0)) { + strlcpy(server, qhead, len); + strlcat(server, QNICHOST_TAIL, len); + } + return (server); } Index: whois.1 === RCS file: /cvs/src/usr.bin/whois/whois.1,v retrieving revision 1.32 diff -u -p -r1.32 whois.1 --- whois.1 5 Mar 2013 16:09:10 - 1.32 +++ whois.1 9 Apr 2015 11:38:15 - @@ -97,8 +97,11 @@ By default .Nm constructs the name of a whois server to use from the top-level domain .Pq Tn TLD -of the supplied (single) argument, and appending -.Qq Li .whois-servers.net . +of the supplied (single) argument. +For newer generic domains (gTLDs), a lookup for whois.nic.tld is attempted. +For other TLDs, or if this lookup fails, +.Qq Li .whois-servers.net +is appended to the TLD. This effectively allows a suitable whois server to be selected automatically for a large number of .Tn TLDs .
Re: falloc and related stuff
Struct file again. f_flag isn’t modified often, so it’s modifacation can be atomic. f_msgcount and f_rxfer, f_wxfer, f_seek, f_rbytes, f_wbytes can be protected by rwlock. f_offset protection is actual for vnodes only. FIF_MARK and FIF_DEFER flags are used only by unpc garbage collector. This flags can be moved out from f_iflags, for example to f_unpc_flags, and use their own protection. FIF_HASLOCK checked only in vn_closefile(), but this flag doesn’t indicate actual vnode lock state, because VOP_ADVLOCK()’s return value is not checked. May be it can be replaced by new vn_islocked() function, which will check actual vnode lock possibility and lock state? only FIF_LARVAL remains in f_iflags, this flag sets only once, so it’s modification can be atomic. f_count may be modified and checked under rwlock, but I think atomic ops are better on smp, afaik, with uniprocessor kernel simple increment/decrement over volatile variable will be enough. This modification doesn’t break pstat, all related FIF_* flags can be set in kinfo_file struct. f_offset protection can be done like in patch below. it is just proof-of-concept. I think f_offset protection stuff can be moved to external struct, which will be stored in hash with fp address as key. FIF_MARK and FIF_DEFER stuff can be moved to external struct too, I suppose. Index: compat/common/compat_dir.c === RCS file: /cvs/src/sys/compat/common/compat_dir.c,v retrieving revision 1.11 diff -u -p -r1.11 compat_dir.c --- compat/common/compat_dir.c 16 Dec 2014 21:25:28 - 1.11 +++ compat/common/compat_dir.c 9 Apr 2015 10:40:55 - @@ -51,7 +51,6 @@ readdir_with_callback(struct file *fp, o struct iovec aiov; int eofflag = 0; int error, len, reclen; - off_t newoff = *off; struct vnode *vp; struct vattr va; @@ -84,10 +83,16 @@ again: auio.uio_segflg = UIO_SYSSPACE; auio.uio_procp = curproc; auio.uio_resid = buflen; - auio.uio_offset = newoff; - + if (fp-f_offset == off) + foffset_lock(fp, auio.uio_offset); + else + auio.uio_offset = *off; error = VOP_READDIR(vp, auio, fp-f_cred, eofflag); - *off = auio.uio_offset; + if (fp-f_offset == off) + foffset_unlock(fp, auio.uio_offset); + else + *off = auio.uio_offset; + if (error) goto out; Index: kern/kern_descrip.c === RCS file: /cvs/src/sys/kern/kern_descrip.c,v retrieving revision 1.116 diff -u -p -r1.116 kern_descrip.c --- kern/kern_descrip.c 19 Jan 2015 01:19:17 - 1.116 +++ kern/kern_descrip.c 9 Apr 2015 10:41:10 - @@ -61,6 +61,7 @@ #include sys/event.h #include sys/pool.h #include sys/ktrace.h +#include sys/rwlock.h #include sys/pipe.h @@ -451,9 +452,9 @@ restart: if (fl.l_start == 0 fl.l_len 0) { /* lockf(3) compliance hack */ fl.l_len = -fl.l_len; - fl.l_start = fp-f_offset - fl.l_len; + fl.l_start = foffset_get(fp) - fl.l_len; } else - fl.l_start += fp-f_offset; + fl.l_start += foffset_get(fp); } switch (fl.l_type) { @@ -514,9 +515,9 @@ restart: if (fl.l_start == 0 fl.l_len 0) { /* lockf(3) compliance hack */ fl.l_len = -fl.l_len; - fl.l_start = fp-f_offset - fl.l_len; + fl.l_start = foffset_get(fp) - fl.l_len; } else - fl.l_start += fp-f_offset; + fl.l_start += foffset_get(fp); } if (fl.l_type != F_RDLCK fl.l_type != F_WRLCK @@ -869,6 +870,7 @@ restart: */ nfiles++; fp = pool_get(file_pool, PR_WAITOK|PR_ZERO); + rw_init(fp-f_offset_lck, f_offset_lck); fp-f_iflags = FIF_LARVAL; if ((fq = p-p_fd-fd_ofiles[0]) != NULL) { LIST_INSERT_AFTER(fq, fp, f_list); @@ -1125,6 +1127,47 @@ fdrop(struct file *fp, struct proc *p) pool_put(file_pool, fp); return (error); +} + +off_t +foffset_get(struct file *fp) +{ + off_t offset; + + rw_enter_read(fp-f_offset_lck); + offset = fp-f_offset; + rw_exit_read(fp-f_offset_lck); + + return offset; +} + +void +foffset_lock(struct file *fp, off_t *foffset) +{ + KASSERT(foffset != NULL); + rw_enter_write(fp-f_offset_lck); + while (fp-f_offset_lckf FOFFSET_LOCKED) { + fp-f_offset_lckf |= FOFFSET_LOCK_WAITING; +
vlan(4) and Ethernet header
Right now vlan_input() is called *after* ether_input(). More precisely it is called after the mbuf has been m_adj(9)'usted to skip the Ethernet header. This is not a problem in se but... To make sure vlan(4) keeps working during the if_input() transition, it has to stop calling ether_input() and use if_input() instead. Since this new API will run input handler *before* ether_input(), the packet *must* contain the original Ethernet header. Hence the small hack below. This is just temporary this code will be deleted as soon as vlan(4) is converted to if_input(). Index: net/if_vlan.c === RCS file: /cvs/src/sys/net/if_vlan.c,v retrieving revision 1.114 diff -u -p -r1.114 if_vlan.c --- net/if_vlan.c 7 Apr 2015 10:46:20 - 1.114 +++ net/if_vlan.c 9 Apr 2015 12:12:35 - @@ -277,6 +277,7 @@ vlan_input(struct ether_header *eh, stru struct vlan_taghash *tagh; u_inttag; u_int16_tetype; + struct ether_header *eh1; if (m-m_flags M_VLANTAG) { etype = ETHERTYPE_VLAN; @@ -351,8 +352,14 @@ vlan_input(struct ether_header *eh, stru } } + M_PREPEND(m, sizeof(*eh1), M_DONTWAIT); + if (m == NULL) + return (-1); + eh1 = mtod(m, struct ether_header *); + memmove(eh1, eh, sizeof(*eh1)); + ifv-ifv_if.if_ipackets++; - ether_input(m, eh); + ether_input_mbuf(ifv-ifv_if, m); return (0); }
zmore diff
This diff makes zmore and zless recognise options starting with + so that commands like zless +G foo.gz work. It makes sense to do this for zmore, too, because the less implementation of more also supports + options. cvs server: Diffing compress Index: compress/zmore === RCS file: /cvs/src/usr.bin/compress/zmore,v retrieving revision 1.7 diff -u -r1.7 zmore --- compress/zmore 7 May 2014 21:42:50 - 1.7 +++ compress/zmore 9 Apr 2015 06:36:46 - @@ -29,7 +29,7 @@ shift break ;; - -*) + -*|+*) flags=$flags $1 shift ;;
Re: libressl-2.1.6 on AIX
I shall look at collecting the in-tree stuff. My servers are in the netherlands, and I am in austin atm. I have a meeting with the security team in about 30 minutes and I am going to mention libressl and get a discussion going. One of the things I wanted to discuss is about priv escalation. Just to make sure I understand what is expected of isssetguid() - could you perhaps, in terms of ls -l output with suid programs describe the sequence(s) where the value should be 1 - and especially, when they might (read should) be 0. From memory of what I read (how I understood) the man page, if was superuser, and am still user - then 0 is appropriate. However, if was superuser (euid == 0) and a setuid call is used to demote/lower privilidge then 1 is the correct value. Also, if euid != 0 and an suid bit makes euid == 0 then the value should be one. Lastly, I am thinking that if a program starts as euid (even ruid) == 0, but used setuid to implement a safe-mode (i.e., not running as root) issetuid() should also return 1. I just repeated the process of configure, make, make check - but with OBJECT_MODE=64 and one test fails: asn1test. No time to look at it right now. This evening I will download the tree and test. Atm I am testing with no openssl installed. I would like to be able to run the whole process without needint autoconf/automake (because that requires additional libraries). And I need to figure out a better way to get the libraries to take a suffix of _64 so I can have both 32 and 64 bit support - eventually. Adding the configure setting: --program-suffix=_64 did not have any effect I could discover. re: the library loader - you can see what libpath is compiled into an program and/or a library member using dump -H. At least, that is how I examine it. regards, Michael On Wed, Apr 8, 2015 at 10:28 PM, Brent Cook bust...@gmail.com wrote: Thanks Michael, I have incorporated some initial AIX patches - can you please check out the latest tree? https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03 There are a few changes from your original patch set, but this should make it easier to move forward now that they are in-tree. You can just patch on top of that rather than sending the whole thing. I undid some of the formatting changes for the getentropy file so it matched the other files - the style is intentional between the files so its easy to diff between them to spot changes. The perfstat stuff moves into the inner loop like the other files as well. I added the network counters (we have network counters on OS X too), but also added wpar cpu stats. The issetugid currently short circuits to always return '1' because I think it still needs some work, as we discussed earlier. If we can't find a way to make it work, a failsafe version isn't really a bad thing for most uses. Also, I didn't add the configure.ac line that set CFLAGS to empty string that was in the original patch. The current master branch has switched to letting autoconf initialize the CFLAGS directly. This worked fine with gcc when I tried it, but I'd be interested in seeing how it works with other AIX compilers. One slightly annoying thing I found was the system library loader would find other versions of libcrypto.a / libssl.a under LIBPATH and try to load those when running binaries in-tree rather than the build versions. I don't know if that was just a misconfiguration with my system. - Brent On Apr 8, 2015, at 9:19 PM, Michael Felt aixto...@gmail.com wrote: I applied the patch I had sent in before, made one change (correction) - correcting a typo that brent had pointed out (netinfo that needs to be diskinfo) in the getentrophy_aix.c If you need the patch again, I can send it again. I am curious about whether this is moving forward - and if there is anything extra I can do to assist. Testsuite summary for libressl 2.1.6 # TOTAL: 47 # PASS: 47 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 regards, Michael
Re: autoinstall(8) tweaks
But it seems people are expected to build a custom bsd.rd if they want something different so I'll bow out of this conversation. No, the situation is that less than 1% of the user community apparently have a secret usage case, but never manage to explain it.