[patch] opencvs rcsnum_free()
Hi,
If people are interested in opencvs diffs again, sharing a rcsnum_free()->free()
clean-up item. Note that rcs(1) also has a version of rcsnum_free() which does
more
than simply call free().
- Michael
Index: add.c
===
RCS file: /cvs/src/usr.bin/cvs/add.c,v
retrieving revision 1.112
diff -u -p -u -r1.112 add.c
--- add.c 5 Nov 2015 09:48:21 - 1.112
+++ add.c 24 Jun 2016 06:10:45 -
@@ -485,8 +485,7 @@ add_file(struct cvs_file *cf)
break;
}
- if (head != NULL)
- rcsnum_free(head);
+ free(head);
if (stop == 1)
return;
Index: admin.c
===
RCS file: /cvs/src/usr.bin/cvs/admin.c,v
retrieving revision 1.66
diff -u -p -u -r1.66 admin.c
--- admin.c 5 Nov 2015 09:48:21 - 1.66
+++ admin.c 24 Jun 2016 06:10:45 -
@@ -334,11 +334,11 @@ cvs_admin_local(struct cvs_file *cf)
if (rcs_rev_setlog(cf->file_rcs, rev, logmsg) < 0) {
cvs_log(LP_ERR, "failed to set logmsg for `%s' to `%s'",
logstr, logmsg);
- rcsnum_free(rev);
+ free(rev);
return;
}
- rcsnum_free(rev);
+ free(rev);
}
if (orange != NULL) {
@@ -380,7 +380,7 @@ cvs_admin_local(struct cvs_file *cf)
(void)rcs_state_set(cf->file_rcs, rev, state);
- rcsnum_free(rev);
+ free(rev);
}
if (lkmode != RCS_LOCK_INVAL)
Index: annotate.c
===
RCS file: /cvs/src/usr.bin/cvs/annotate.c,v
retrieving revision 1.65
diff -u -p -u -r1.65 annotate.c
--- annotate.c 5 Nov 2015 09:48:21 - 1.65
+++ annotate.c 24 Jun 2016 06:10:45 -
@@ -178,7 +178,7 @@ cvs_annotate_local(struct cvs_file *cf)
rev = rcsnum_parse(cvs_specified_tag);
if (rev == NULL)
fatal("no such tag %s", cvs_specified_tag);
-rcsnum_free(rev);
+free(rev);
rev = rcsnum_alloc();
rcsnum_cpy(cf->file_rcs->rf_head, rev, 0);
}
@@ -205,9 +205,9 @@ cvs_annotate_local(struct cvs_file *cf)
*/
if (bnum != rev) {
rcs_annotate_getlines(cf->file_rcs, rev, &alines);
- rcsnum_free(bnum);
+ free(bnum);
}
- rcsnum_free(rev);
+ free(rev);
} else {
rcs_rev_getlines(cf->file_rcs, (cvs_specified_date != -1 ||
cvs_directory_date != -1) ? cf->file_rcsrev :
Index: commit.c
===
RCS file: /cvs/src/usr.bin/cvs/commit.c,v
retrieving revision 1.154
diff -u -p -u -r1.154 commit.c
--- commit.c5 Nov 2015 09:48:21 - 1.154
+++ commit.c24 Jun 2016 06:10:45 -
@@ -365,7 +365,7 @@ cvs_commit_check_files(struct cvs_file *
if (brev != NULL) {
if (RCSNUM_ISBRANCH(brev))
goto next;
- rcsnum_free(brev);
+ free(brev);
}
brev = rcs_translate_tag(tag, cf->file_rcs);
@@ -382,7 +382,7 @@ cvs_commit_check_files(struct cvs_file *
"a branch for file %s", tag,
cf->file_path);
conflicts_found++;
- rcsnum_free(brev);
+ free(brev);
return;
}
@@ -391,8 +391,8 @@ cvs_commit_check_files(struct cvs_file *
"a branch for file %s", tag,
cf->file_path);
conflicts_found++;
- rcsnum_free(branch);
- rcsnum_free(brev);
+ free(branch);
+ free(brev);
return;
}
@@ -401,18 +401,16 @@ cvs_commit_check_files(struct cvs_file *
"a branch for file %s", tag,
cf->file_path);
conflicts_found++;
- rcsnum_free(branch);
- rcsnum_free(brev);
+ free(branch);
+ free(brev);
return;
}
Re: Building tree without making obj symlinks
Theo de Raadt wrote: > Why? > > I've been here for a while. My experiences: > > Lots of variations of build environment -> lots of failure > conditions happen -> many people wasting their time. > > Please supply a good justification why that is good. Actually, it's kind of interesting. Taking the obj/ links out of the src/ tree is a natural extension of taking the objects themselves out. Two users could build from the same src tree into different obj directories. Right now that doesn't work because there can only be one symlink. src and obj on nfs mostly works, but only if one is careful about the mount points. As a third or fifth or whatever configuration, it may be too much variety, but it sounds like it could replace the current obj system. Same amount of variation.
Re: Building tree without making obj symlinks
Why?
I've been here for a while. My experiences:
Lots of variations of build environment -> lots of failure
conditions happen -> many people wasting their time.
Please supply a good justification why that is good.
If you can't, throw your diff away. It Simple as that.
> With these changes applied, and by specifying
> MAKESRCDIRPREFIX/MAKEOBJDIRPREFIX,
> I can build tree without creating obj symlinks under source.
>
> If src directory is /a/src, and obj is /b/obj, use
> MAKESRCDIRPREFIX=/a/src
> MAKEOBJDIRPREFIX=/b/obj
> then .OBJDIR under /a/src/bin/ls becomes /b/obj/bin/ls (if object directories
> are already generated by "make obj").
>
> I'm not 100% sure about the change in bsd.obj.mk (i.e. interaction with
> bsd.subdir.mk).
>
> --y0ulUmNC+osPPQO6
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment;
> filename="0001-Teach-make-1-handling-of-BSDSRCDIRPREFIX-BSDOBJDIRPR.patch"
>
> >From d81931ee7fea3e1f30c7d05ef95bbc01a489f73f Mon Sep 17 00:00:00 2001
> From: Masao Uebayashi
> Date: Fri, 24 Jun 2016 02:35:35 +0900
> Subject: [PATCH 1/3] Teach make(1) handling of BSDSRCDIRPREFIX/BSDOBJDIRPREFIX
>
> ---
> usr.bin/make/main.c | 47 ---
> 1 file changed, 40 insertions(+), 7 deletions(-)
>
> diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c
> index ac2402c..6cb4191 100644
> --- a/usr.bin/make/main.c
> +++ b/usr.bin/make/main.c
> @@ -546,22 +546,55 @@ chdir_verify_path(const char *path, struct dirs *d)
> static void
> setup_CURDIR_OBJDIR(struct dirs *d, const char *machine)
> {
> - char *path;
> + char *srcpfx, *objpfx;
> + char objdirbuf[PATH_MAX], *objdir;
>
> d->current = figure_out_CURDIR();
> /*
> - * If the MAKEOBJDIR (or by default, the _PATH_OBJDIR) directory
> - * exists, change into it and build there.
> + * 1. If both MAKESRCDIRPREFIX and MAKEOBJDIRPREFIX are defined,
> + *the object directory is:
> + * ${MAKEOBJDIRPREFIX}/
> + * 2. If MAKEOBJDIR is defined, the object directory is:
> + * ${.CURDIR}/${MAKEOBJDIR}
> + * 3. Or by default:
> + * ${.CURDIR}/<_PATH_OBJDIR>
> + *
> + * If the object directory exists, change into it and build there.
> + * The object directory has to be created in prior by "make obj";
> + * otherwise chdir(2) fails and build is done in the current directory.
>*
>* Once things are initted,
>* have to add the original directory to the search path,
>* and modify the paths for the Makefiles appropriately. The
>* current directory is also placed as a variable for make scripts.
>*/
> - if ((path = getenv("MAKEOBJDIR")) == NULL) {
> - path = _PATH_OBJDIR;
> - }
> - d->object = chdir_verify_path(path, d);
> +
> + srcpfx = getenv("MAKESRCDIRPREFIX");
> + objpfx = getenv("MAKEOBJDIRPREFIX");
> + if (srcpfx != NULL && objpfx != NULL) {
> + const size_t srcpfxlen = strlen(srcpfx);
> + const ssize_t srcsfxlen = strlen(d->current) - srcpfxlen;
> + const size_t objpfxlen = strlen(objpfx);
> +
> + if (srcsfxlen <= 0 ||
> + memcmp(d->current, srcpfx, srcpfxlen) != 0 ||
> + d->current[srcpfxlen] != '/') {
> + Fatal("make: .CURDIR (%s) not under "
> + "MAKESRCDIRPREFIX (%s).", d->current, srcpfx);
> + }
> + if (objpfxlen + srcsfxlen + 1 > PATH_MAX) {
> + Fatal("make: .OBJDIR too long (%s%s).", objpfx,
> + d->current + srcpfxlen);
> + }
> + objdir = objdirbuf;
> + strncpy(objdir, objpfx, objpfxlen);
> + strncpy(objdir + objpfxlen, d->current + srcpfxlen, srcsfxlen);
> + } else {
> + if ((objdir = getenv("MAKEOBJDIR")) == NULL) {
> + objdir = _PATH_OBJDIR;
> + }
> + }
> + d->object = chdir_verify_path(objdir, d);
> if (d->object == NULL)
> d->object = d->current;
> }
> --
> 2.8.4
>
>
> --y0ulUmNC+osPPQO6
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment;
> filename="0002-Create-obj-directories-for-BSDSRCDIRPREFIX-BSDOBJDIR.patch"
>
> >From 317a1522aac0464d87d6ed37559db7e73bf5d91c Mon Sep 17 00:00:00 2001
> From: Masao Uebayashi
> Date: Fri, 24 Jun 2016 02:36:19 +0900
> Subject: [PATCH 2/3] Create obj directories for
> BSDSRCDIRPREFIX/BSDOBJDIRPREFIX
>
> ---
> share/mk/bsd.obj.mk | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/share/mk/bsd.obj.mk b/share/mk/bsd.obj.mk
> index 0c2a67a..d8c21ca 100644
> --- a/share/mk/bsd.obj.mk
> +++ b/share/mk/bsd.obj.mk
> @@ -4,6 +4,12 @@
> .if !target(obj)
> . if defined(NOOBJ)
> obj:
> +. elif defined(MAKEOBJDIRPREFIX) && defined(MAKESRCDIRPREFIX)
> +
> +_SUBDIRUSE:
> +obj! _SUBDIRUSE
> +
Building tree without making obj symlinks
With these changes applied, and by specifying MAKESRCDIRPREFIX/MAKEOBJDIRPREFIX,
I can build tree without creating obj symlinks under source.
If src directory is /a/src, and obj is /b/obj, use
MAKESRCDIRPREFIX=/a/src
MAKEOBJDIRPREFIX=/b/obj
then .OBJDIR under /a/src/bin/ls becomes /b/obj/bin/ls (if object directories
are already generated by "make obj").
I'm not 100% sure about the change in bsd.obj.mk (i.e. interaction with
bsd.subdir.mk).
>From d81931ee7fea3e1f30c7d05ef95bbc01a489f73f Mon Sep 17 00:00:00 2001
From: Masao Uebayashi
Date: Fri, 24 Jun 2016 02:35:35 +0900
Subject: [PATCH 1/3] Teach make(1) handling of BSDSRCDIRPREFIX/BSDOBJDIRPREFIX
---
usr.bin/make/main.c | 47 ---
1 file changed, 40 insertions(+), 7 deletions(-)
diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c
index ac2402c..6cb4191 100644
--- a/usr.bin/make/main.c
+++ b/usr.bin/make/main.c
@@ -546,22 +546,55 @@ chdir_verify_path(const char *path, struct dirs *d)
static void
setup_CURDIR_OBJDIR(struct dirs *d, const char *machine)
{
- char *path;
+ char *srcpfx, *objpfx;
+ char objdirbuf[PATH_MAX], *objdir;
d->current = figure_out_CURDIR();
/*
-* If the MAKEOBJDIR (or by default, the _PATH_OBJDIR) directory
-* exists, change into it and build there.
+* 1. If both MAKESRCDIRPREFIX and MAKEOBJDIRPREFIX are defined,
+*the object directory is:
+* ${MAKEOBJDIRPREFIX}/
+* 2. If MAKEOBJDIR is defined, the object directory is:
+* ${.CURDIR}/${MAKEOBJDIR}
+* 3. Or by default:
+* ${.CURDIR}/<_PATH_OBJDIR>
+*
+* If the object directory exists, change into it and build there.
+* The object directory has to be created in prior by "make obj";
+* otherwise chdir(2) fails and build is done in the current directory.
*
* Once things are initted,
* have to add the original directory to the search path,
* and modify the paths for the Makefiles appropriately. The
* current directory is also placed as a variable for make scripts.
*/
- if ((path = getenv("MAKEOBJDIR")) == NULL) {
- path = _PATH_OBJDIR;
- }
- d->object = chdir_verify_path(path, d);
+
+ srcpfx = getenv("MAKESRCDIRPREFIX");
+ objpfx = getenv("MAKEOBJDIRPREFIX");
+ if (srcpfx != NULL && objpfx != NULL) {
+ const size_t srcpfxlen = strlen(srcpfx);
+ const ssize_t srcsfxlen = strlen(d->current) - srcpfxlen;
+ const size_t objpfxlen = strlen(objpfx);
+
+ if (srcsfxlen <= 0 ||
+ memcmp(d->current, srcpfx, srcpfxlen) != 0 ||
+ d->current[srcpfxlen] != '/') {
+ Fatal("make: .CURDIR (%s) not under "
+ "MAKESRCDIRPREFIX (%s).", d->current, srcpfx);
+ }
+ if (objpfxlen + srcsfxlen + 1 > PATH_MAX) {
+ Fatal("make: .OBJDIR too long (%s%s).", objpfx,
+ d->current + srcpfxlen);
+ }
+ objdir = objdirbuf;
+ strncpy(objdir, objpfx, objpfxlen);
+ strncpy(objdir + objpfxlen, d->current + srcpfxlen, srcsfxlen);
+ } else {
+ if ((objdir = getenv("MAKEOBJDIR")) == NULL) {
+ objdir = _PATH_OBJDIR;
+ }
+ }
+ d->object = chdir_verify_path(objdir, d);
if (d->object == NULL)
d->object = d->current;
}
--
2.8.4
>From 317a1522aac0464d87d6ed37559db7e73bf5d91c Mon Sep 17 00:00:00 2001
From: Masao Uebayashi
Date: Fri, 24 Jun 2016 02:36:19 +0900
Subject: [PATCH 2/3] Create obj directories for
BSDSRCDIRPREFIX/BSDOBJDIRPREFIX
---
share/mk/bsd.obj.mk | 6 ++
1 file changed, 6 insertions(+)
diff --git a/share/mk/bsd.obj.mk b/share/mk/bsd.obj.mk
index 0c2a67a..d8c21ca 100644
--- a/share/mk/bsd.obj.mk
+++ b/share/mk/bsd.obj.mk
@@ -4,6 +4,12 @@
.if !target(obj)
. if defined(NOOBJ)
obj:
+. elif defined(MAKEOBJDIRPREFIX) && defined(MAKESRCDIRPREFIX)
+
+_SUBDIRUSE:
+obj! _SUBDIRUSE
+ mkdir -p ${MAKEOBJDIRPREFIX}${.CURDIR:C|^${MAKESRCDIRPREFIX}||}
+
. else
. if defined(MAKEOBJDIR)
--
2.8.4
>From 4741aa198b2dd411b2a7baed848263561d30734a Mon Sep 17 00:00:00 2001
From: Masao Uebayashi
Date: Fri, 24 Jun 2016 10:52:18 +0900
Subject: [PATCH 3/3] Pass MAKESRCDIRPREFIX/MAKEOBJDIRPREFIX for cross build
---
Makefile.cross | 52
1 file changed, 52 insertions(+)
diff --git a/Makefile.cross b/Makefile.cross
index 8e2afa1..90d8e25 100644
--- a/Makefile.cross
+++ b/Makefile.cross
@@ -119,6 +119,8 @@ cross-env:
@echo ${CROSSENV} MACHINE=${TARGET} \
MACHINE_ARCH=`cat ${CROSSDIR}/TARGET_ARCH` \
MACHINE_CPU=`cat ${CROSSDIR}/TARGET_CPU` \
+ M
less progname in r
These programs don't do anything interesting based on progname, except to echo
is back to the user. If the user creates a link, is it somehow more correct
to print that name? I'd argue the original name is better (especially in
usage) because then you have a hint what man page to read.
Index: radioctl/radioctl.c
===
RCS file: /cvs/src/usr.bin/radioctl/radioctl.c,v
retrieving revision 1.19
diff -u -p -r1.19 radioctl.c
--- radioctl/radioctl.c 21 Dec 2013 06:54:53 - 1.19
+++ radioctl/radioctl.c 24 Jun 2016 01:47:26 -
@@ -94,7 +94,6 @@ struct chansets {
{ 0, NULL }
};
-extern char *__progname;
const char *onchar = "on";
#define ONCHAR_LEN 2
const char *offchar = "off";
@@ -218,10 +217,9 @@ void
usage(void)
{
fprintf(stderr,
- "usage: %s [-anv] [-f file]\n"
- " %s [-nv] [-f file] name\n"
- " %s [-n] [-f file] name=value\n",
- __progname, __progname, __progname);
+ "usage: radioctl [-anv] [-f file]\n"
+ " radioctl [-nv] [-f file] name\n"
+ " radioctl [-n] [-f file] name=value\n");
exit(1);
}
Index: rdist/common.c
===
RCS file: /cvs/src/usr.bin/rdist/common.c,v
retrieving revision 1.37
diff -u -p -r1.37 common.c
--- rdist/common.c 22 Dec 2015 08:48:39 - 1.37
+++ rdist/common.c 24 Jun 2016 01:48:13 -
@@ -62,7 +62,6 @@ int isserver = FALSE; /* We're the ser
intamchild = 0;/* This PID is a child */
intdo_fork = 1;/* Fork child process */
char *currenthost = NULL; /* Current client hostname */
-char *progname = NULL;/* Name of this program */
intrem_r = -1; /* Client file descriptor */
intrem_w = -1; /* Client file descriptor */
struct passwd *pw = NULL; /* Local user's pwd entry */
Index: rdist/defs.h
===
RCS file: /cvs/src/usr.bin/rdist/defs.h,v
retrieving revision 1.36
diff -u -p -r1.36 defs.h
--- rdist/defs.h21 Jan 2015 03:05:03 - 1.36
+++ rdist/defs.h24 Jun 2016 01:48:18 -
@@ -156,7 +156,6 @@
extern char *currenthost;/* Name of current host */
-extern char *progname; /* Name of this program */
extern char *locuser;/* Local User's name */
extern int debug; /* Debugging flag */
extern int isserver; /* Acting as remote server */
Index: rdist/message.c
===
RCS file: /cvs/src/usr.bin/rdist/message.c,v
retrieving revision 1.28
diff -u -p -r1.28 message.c
--- rdist/message.c 30 Mar 2016 20:51:59 - 1.28
+++ rdist/message.c 24 Jun 2016 01:48:30 -
@@ -251,7 +251,7 @@ setmsgtypes(struct msgfacility *msgfac,
break;
case MF_SYSLOG:
- openlog(progname, LOG_PID, LOG_DAEMON);
+ openlog("rdist", LOG_PID, LOG_DAEMON);
break;
}
Index: rdist/rdist.c
===
RCS file: /cvs/src/usr.bin/rdist/rdist.c,v
retrieving revision 1.30
diff -u -p -r1.30 rdist.c
--- rdist/rdist.c 8 Feb 2015 23:40:34 - 1.30
+++ rdist/rdist.c 24 Jun 2016 01:48:55 -
@@ -87,7 +87,6 @@ addhostlist(char *name, struct namelist
int
main(int argc, char **argv, char **envp)
{
- extern char *__progname;
struct namelist *hostlist = NULL;
char *distfile = NULL;
char *cp;
@@ -95,8 +94,6 @@ main(int argc, char **argv, char **envp)
int c;
const char *errstr;
- progname = __progname;
-
if ((cp = msgparseopts(localmsglist, TRUE)) != NULL) {
error("Bad builtin log option (%s): %s.",
localmsglist, cp);
@@ -334,16 +331,15 @@ opendist(char *distfile)
static void
usage(void)
{
- extern char *__progname;
(void) fprintf(stderr,
- "usage: %s [-DFnV] [-A num] [-a num] "
+ "usage: rdist [-DFnV] [-A num] [-a num] "
"[-c mini_distfile]\n"
"\t[-d var=value] [-f distfile] [-L remote_logopts] "
"[-l local_logopts]\n"
"\t[-M maxproc] [-m host] [-o distopts] [-P rsh-path] "
"[-p rdistd-path]\n"
- "\t[-t timeout] [name ...]\n", __progname);
+ "\t[-t timeout] [name ...]\n");
(void) fprintf(stderr, "\nThe values for are:\n\t%s\n",
Index: rev/rev.c
===
RCS file: /cvs/src/usr.bin/rev/rev.c,v
retrieving revision 1.13
diff -u -p -r1.
login tweaks
A few changes to improve readability. Remove lots of casts. Casting printf is
just noise. Casting signal() is also uncommon in our tree. I kept a casts for
functions like write() where we would normally expect to check the error. (For
that matter, why do we ignore failure to write failedlogin?)
Also returning after open() returns -1 instead of wrapping the entire function
in an if drops us down a level of indentation.
Bonus fact: main() declares 40 variables. Maybe something can be done about
that too.
Index: failedlogin.c
===
RCS file: /cvs/src/usr.bin/login/failedlogin.c,v
retrieving revision 1.17
diff -u -p -r1.17 failedlogin.c
--- failedlogin.c 16 Jan 2015 06:40:09 - 1.17
+++ failedlogin.c 24 Jun 2016 01:18:41 -
@@ -55,30 +55,30 @@ log_failedlogin(uid_t uid, char *host, c
int fd;
/* Add O_CREAT if you want to create failedlogin if it doesn't exist */
- if ((fd = open(_PATH_FAILEDLOGIN, O_RDWR, S_IRUSR|S_IWUSR)) >= 0) {
- (void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
-
- /* Read in last bad login so can get the count */
- if (read(fd, (char *)&failedlogin, sizeof(failedlogin)) !=
- sizeof(failedlogin) || failedlogin.bl_time == 0)
- memset((void *)&failedlogin, 0, sizeof(failedlogin));
-
- (void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
- /* Increment count of bad logins */
- ++failedlogin.count;
- (void)time(&failedlogin.bl_time);
- strncpy(failedlogin.bl_line, tty, sizeof(failedlogin.bl_line));
- if (host)
- strncpy(failedlogin.bl_host, host,
sizeof(failedlogin.bl_host));
- else
- *failedlogin.bl_host = '\0';/* NULL host field */
- if (name)
- strncpy(failedlogin.bl_name, name,
sizeof(failedlogin.bl_name));
- else
- *failedlogin.bl_name = '\0';/* NULL name field */
- (void)write(fd, (char *)&failedlogin, sizeof(failedlogin));
- (void)close(fd);
- }
+ if ((fd = open(_PATH_FAILEDLOGIN, O_RDWR, S_IRUSR|S_IWUSR)) == -1)
+ return;
+ (void)lseek(fd, uid * sizeof(failedlogin), SEEK_SET);
+
+ /* Read in last bad login so can get the count */
+ if (read(fd, &failedlogin, sizeof(failedlogin)) !=
+ sizeof(failedlogin) || failedlogin.bl_time == 0)
+ memset(&failedlogin, 0, sizeof(failedlogin));
+
+ (void)lseek(fd, uid * sizeof(failedlogin), SEEK_SET);
+ /* Increment count of bad logins */
+ ++failedlogin.count;
+ time(&failedlogin.bl_time);
+ strncpy(failedlogin.bl_line, tty, sizeof(failedlogin.bl_line));
+ if (host)
+ strncpy(failedlogin.bl_host, host, sizeof(failedlogin.bl_host));
+ else
+ *failedlogin.bl_host = '\0';/* NULL host field */
+ if (name)
+ strncpy(failedlogin.bl_name, name, sizeof(failedlogin.bl_name));
+ else
+ *failedlogin.bl_name = '\0';/* NULL name field */
+ (void)write(fd, &failedlogin, sizeof(failedlogin));
+ close(fd);
}
/*
@@ -93,45 +93,44 @@ check_failedlogin(uid_t uid)
struct badlogin failedlogin;
int fd, was_bad = 0;
- (void)memset((void *)&failedlogin, 0, sizeof(failedlogin));
+ memset(&failedlogin, 0, sizeof(failedlogin));
- if ((fd = open(_PATH_FAILEDLOGIN, O_RDWR, 0)) >= 0) {
- (void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
- if (read(fd, (char *)&failedlogin, sizeof(failedlogin)) ==
- sizeof(failedlogin) && failedlogin.count > 0 ) {
- /* There was a bad login */
- was_bad = 1;
- if (failedlogin.count > 1)
- (void)printf("There have been %lu unsuccessful "
- "login attempts to your account.\n",
- (u_long)failedlogin.count);
- (void)printf("Last unsuccessful login: %.*s", 24-5,
- (char *)ctime(&failedlogin.bl_time));
- (void)printf(" on %.*s",
- (int)sizeof(failedlogin.bl_line),
- failedlogin.bl_line);
- if (*failedlogin.bl_host != '\0') {
- if (*failedlogin.bl_name != '\0')
- (void)printf(" from %.*s@%.*s",
- (int)sizeof(failedlogin.bl_name),
- failedlogin.bl_name,
- (int)sizeof(failedlogin.bl_host),
-
logname turd polish
just because.
Index: logname.c
===
RCS file: /cvs/src/usr.bin/logname/logname.c,v
retrieving revision 1.9
diff -u -p -r1.9 logname.c
--- logname.c 9 Oct 2015 01:37:08 - 1.9
+++ logname.c 24 Jun 2016 01:02:58 -
@@ -32,45 +32,30 @@
#include
#include
-#include
+#include
#include
#include
-void usage(void);
+static void __dead
+usage(void)
+{
+ (void)fprintf(stderr, "usage: logname\n");
+ exit(1);
+}
int
main(int argc, char *argv[])
{
- int ch;
- char *p;
-
- setlocale(LC_ALL, "");
+ const char *p;
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
- while ((ch = getopt(argc, argv, "")) != -1)
- switch (ch) {
- case '?':
- default:
- usage();
- /* NOTREACHED */
- }
-
- if (argc != optind) {
+ if (!(argc == 1 || (argc == 2 && strcmp(argv[1], "--") == 0)))
usage();
- /* NOTREACHED */
- }
if ((p = getlogin()) == NULL)
err(1, NULL);
(void)printf("%s\n", p);
- exit(0);
-}
-
-void
-usage(void)
-{
- (void)fprintf(stderr, "usage: logname\n");
- exit(1);
+ return 0;
}
Re: route warns twice
On Thu, 23 Jun 2016 13:46:55 -0400, "Ted Unangst" wrote: > yes, i think the caller should do the most checking. > > (there is still a warning in rtmsg() for reading, but it will return 0 even > for failure in that case, so no double warning.) OK millert@ for the revised diff. - todd
Re: route warns twice
Todd C. Miller wrote:
> On Thu, 23 Jun 2016 13:13:57 -0400, "Ted Unangst" wrote:
>
> > # route delete 1.1.1.1
> > route: writing to routing socket: No such process
> > delete host 1.1.1.1: not in table
> >
> > The first error is unnecessary and misleading. It comes from the rtmsg()
> > function, but another error will be printed by the caller, which will also
> > perform correct errno translation.
>
> With this change no warning will be written for "route get". Is that
> desirable? Perhaps the warning should just be moved, ala:
>
> if (*cmd == 'g') {
> if (qflag == 0)
> warn("writing to routing socket");
> exit(0);
yes, i think the caller should do the most checking.
(there is still a warning in rtmsg() for reading, but it will return 0 even
for failure in that case, so no double warning.)
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.183
diff -u -p -r1.183 route.c
--- route.c 7 Jun 2016 01:29:38 - 1.183
+++ route.c 23 Jun 2016 17:44:46 -
@@ -644,8 +644,11 @@ newroute(int argc, char **argv)
} else
break;
}
- if (*cmd == 'g')
+ if (*cmd == 'g') {
+ if (ret != 0 && qflag == 0)
+ warn("writing to routing socket");
exit(0);
+ }
oerrno = errno;
if (!qflag) {
printf("%s %s %s", cmd, ishost ? "host" : "net", dest);
@@ -1165,8 +1168,6 @@ rtmsg(int cmd, int flags, int fmask, uin
if (debugonly)
return (0);
if (write(s, &m_rtmsg, l) != l) {
- if (qflag == 0)
- warn("writing to routing socket");
return (-1);
}
if (cmd == RTM_GET) {
Re: route warns twice
On Thu, 23 Jun 2016 13:13:57 -0400, "Ted Unangst" wrote:
> # route delete 1.1.1.1
> route: writing to routing socket: No such process
> delete host 1.1.1.1: not in table
>
> The first error is unnecessary and misleading. It comes from the rtmsg()
> function, but another error will be printed by the caller, which will also
> perform correct errno translation.
With this change no warning will be written for "route get". Is that
desirable? Perhaps the warning should just be moved, ala:
if (*cmd == 'g') {
if (qflag == 0)
warn("writing to routing socket");
exit(0);
}
- todd
route warns twice
# route delete 1.1.1.1
route: writing to routing socket: No such process
delete host 1.1.1.1: not in table
The first error is unnecessary and misleading. It comes from the rtmsg()
function, but another error will be printed by the caller, which will also
perform correct errno translation.
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.183
diff -u -p -r1.183 route.c
--- route.c 7 Jun 2016 01:29:38 - 1.183
+++ route.c 23 Jun 2016 17:12:25 -
@@ -1165,8 +1165,6 @@ rtmsg(int cmd, int flags, int fmask, uin
if (debugonly)
return (0);
if (write(s, &m_rtmsg, l) != l) {
- if (qflag == 0)
- warn("writing to routing socket");
return (-1);
}
if (cmd == RTM_GET) {
Re: client certificate support in syslogd
On 23/06/16 18:14, Kapetanakis Giannis wrote:
Hi,
Following http://marc.info/?l=openbsd-tech&m=142136923124184&w=2 which
added TLS client support in syslogd and since now libtls supports
client certificates, this patch adds client's certificate support in
syslogd for mutual authentication to a remote syslog server.
It is based on code from netcat.c
tested on -current logging to a a remote syslog-ng server using syslog
driver requiring trusted certificates from it's peers.
It adds two switches:
-c client_cert_file
-k client_key_file
Minor modification in CAfile setup as well to match the netcat code.
It is missing manual page change for the two switches. I will fix this
if ok.
comments?
Giannis
slightly improved version which handles CAfile if missing (like previous
behavior).
Changed usage and removed unnecessary checks of CAfile.
Index: syslogd.c
===
RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.205
diff -u -p -r1.205 syslogd.c
--- syslogd.c 2 Apr 2016 19:55:10 - 1.205
+++ syslogd.c 23 Jun 2016 16:49:58 -
@@ -63,6 +63,7 @@
#define DEFUPRI(LOG_USER|LOG_NOTICE)
#define DEFSPRI(LOG_KERN|LOG_CRIT)
#define TIMERINTVL 30 /* interval for checking flush, mark */
+#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
#include
#include
@@ -223,8 +224,16 @@ char *path_ctlsock = NULL; /* Path to co
struct tls *server_ctx;
struct tls_config *client_config, *server_config;
-const char *CAfile = "/etc/ssl/cert.pem"; /* file containing CA certificates */
-intNoVerify = 0; /* do not verify TLS server x509 certificate */
+intNoVerify = 0; /* verify TLS server x509 certificate */
+char *CAfile = DEFAULT_CA_FILE; /* file containing CA certificates */
+char *PubCertfile = NULL; /* file containing public certificate */
+char *PrivKeyfile = NULL; /* file containing private key */
+uint8_t*cacert;
+size_t cacertlen;
+uint8_t*privkey;
+size_t privkeylen;
+uint8_t*pubcert;
+size_t pubcertlen;
inttcpbuf_dropped = 0; /* count messages dropped from TCP or TLS */
#define CTL_READING_CMD 1
@@ -353,7 +362,7 @@ main(int argc, char *argv[])
int ch, i;
int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
- while ((ch = getopt(argc, argv, "46a:C:dFf:hm:np:S:s:T:U:uV")) != -1)
+ while ((ch = getopt(argc, argv, "46a:C:c:dFf:hk:m:np:S:s:T:U:uV")) !=
-1)
switch (ch) {
case '4': /* disable IPv6 */
Family = PF_INET;
@@ -369,6 +378,9 @@ main(int argc, char *argv[])
case 'C': /* file containing CA certificates */
CAfile = optarg;
break;
+ case 'c': /* file containing public certificate */
+ PubCertfile = optarg;
+ break;
case 'd': /* debug */
Debug++;
break;
@@ -381,6 +393,9 @@ main(int argc, char *argv[])
case 'h': /* RFC 3164 hostnames */
IncludeHostname = 1;
break;
+ case 'k': /* file containing private key */
+ PrivKeyfile = optarg;
+ break;
case 'm': /* mark interval */
MarkInterval = strtonum(optarg, 0, 365*24*60, &errstr);
if (errstr)
@@ -553,34 +568,33 @@ main(int argc, char *argv[])
tls_config_insecure_noverifycert(client_config);
tls_config_insecure_noverifyname(client_config);
} else {
- struct stat sb;
int fail = 1;
- fd = -1;
- p = NULL;
- if ((fd = open(CAfile, O_RDONLY)) == -1) {
- logerror("open CAfile");
- } else if (fstat(fd, &sb) == -1) {
- logerror("fstat CAfile");
- } else if (sb.st_size > 50*1024*1024) {
- logerrorx("CAfile larger than 50MB");
- } else if ((p = calloc(sb.st_size, 1)) == NULL) {
- logerror("calloc CAfile");
- } else if (read(fd, p, sb.st_size) != sb.st_size) {
- logerror("read CAfile");
- } else if (tls_config_set_ca_mem(client_config, p,
- sb.st_size) == -1) {
- logerrorx("tls_config_set_ca_mem");
- } else {
+ if ((cacert = tls_load_file(CAfile, &cacertlen, NULL))
== NULL)
+
rwlock for sblock
Instead of using the old flags and tsleep style lock, switch to rwlock in
sblock. That's what it's for. More legible, and as a bonus, MP safer.
Index: kern/uipc_socket2.c
===
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.63
diff -u -p -r1.63 uipc_socket2.c
--- kern/uipc_socket2.c 6 Oct 2015 14:38:32 - 1.63
+++ kern/uipc_socket2.c 23 Jun 2016 16:38:41 -
@@ -185,6 +185,9 @@ sonewconn(struct socket *head, int conns
so->so_rcv.sb_lowat = head->so_rcv.sb_lowat;
so->so_rcv.sb_timeo = head->so_rcv.sb_timeo;
+ rw_init(&so->so_rcv.sb_rwl, "sbsndl");
+ rw_init(&so->so_snd.sb_rwl, "sbrcvl");
+
soqinsque(head, so, soqueue);
if ((*so->so_proto->pr_usrreq)(so, PRU_ATTACH, NULL, NULL, NULL,
curproc)) {
@@ -286,22 +289,24 @@ sbwait(struct sockbuf *sb)
* return any error returned from sleep (EINTR).
*/
int
-sb_lock(struct sockbuf *sb)
+sblock(struct sockbuf *sb, int wf)
{
int error;
- while (sb->sb_flags & SB_LOCK) {
- sb->sb_flags |= SB_WANT;
- error = tsleep(&sb->sb_flags,
- (sb->sb_flags & SB_NOINTR) ?
- PSOCK : PSOCK|PCATCH, "netlck", 0);
- if (error)
- return (error);
- }
- sb->sb_flags |= SB_LOCK;
- return (0);
+ error = rw_enter(&sb->sb_rwl, RW_WRITE |
+ (sb->sb_flags & SB_NOINTR ? 0 : RW_INTR) |
+ (wf == M_WAITOK ? 0 : RW_NOSLEEP));
+
+ return (error);
}
+void
+sbunlock(struct sockbuf *sb)
+{
+ rw_exit(&sb->sb_rwl);
+}
+
+
/*
* Wakeup processes waiting on a socket buffer.
* Do asynchronous notification via SIGIO
@@ -827,7 +832,7 @@ void
sbflush(struct sockbuf *sb)
{
- KASSERT((sb->sb_flags & SB_LOCK) == 0);
+ rw_assert_unlocked(&sb->sb_rwl);
while (sb->sb_mbcnt)
sbdrop(sb, (int)sb->sb_cc);
Index: sys/socketvar.h
===
RCS file: /cvs/src/sys/sys/socketvar.h,v
retrieving revision 1.60
diff -u -p -r1.60 socketvar.h
--- sys/socketvar.h 25 Feb 2016 07:39:09 - 1.60
+++ sys/socketvar.h 23 Jun 2016 16:40:56 -
@@ -108,13 +108,12 @@ struct socket {
struct mbuf *sb_lastrecord;/* first mbuf of last record in
socket buffer */
struct selinfo sb_sel; /* process selecting read/write */
+ struct rwlock sb_rwl; /* lock */
int sb_flagsintr; /* flags, changed during interrupt */
short sb_flags; /* flags, see below */
u_short sb_timeo; /* timeout for read/write */
} so_rcv, so_snd;
#defineSB_MAX (256*1024) /* default for max chars in
sockbuf */
-#defineSB_LOCK 0x01/* lock on data queue */
-#defineSB_WANT 0x02/* someone is waiting to lock */
#defineSB_WAIT 0x04/* someone is waiting for
data/space */
#defineSB_SEL 0x08/* someone is selecting */
#defineSB_ASYNC0x10/* ASYNC I/O, need signals */
@@ -218,18 +217,10 @@ struct socket {
* Unless SB_NOINTR is set on sockbuf, sleep is interruptible.
* Returns error without lock if sleep is interrupted.
*/
-#define sblock(sb, wf) ((sb)->sb_flags & SB_LOCK ? \
- (((wf) == M_WAITOK) ? sb_lock(sb) : EWOULDBLOCK) : \
- ((sb)->sb_flags |= SB_LOCK, 0))
+int sblock(struct sockbuf *sb, int wf);
/* release lock on sockbuf sb */
-#definesbunlock(sb) do {
\
- (sb)->sb_flags &= ~SB_LOCK; \
- if ((sb)->sb_flags & SB_WANT) { \
- (sb)->sb_flags &= ~SB_WANT; \
- wakeup((caddr_t)&(sb)->sb_flags); \
- } \
-} while (/* CONSTCOND */ 0)
+void sbunlock(struct sockbuf *sb);
#defineSB_EMPTY_FIXUP(sb) do {
\
if ((sb)->sb_mb == NULL) { \
opencvs - fix regression tests
Hi,
Diff fixes a two broken regression tests for opencvs.
.joris
Index: Makefile
===
RCS file: /cvs/src/regress/usr.bin/cvs/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- Makefile13 Jul 2010 21:31:17 - 1.28
+++ Makefile23 Jun 2016 16:37:36 -
@@ -263,10 +263,10 @@ test-cvs-rlog:
@eval 'test `${CVSCMD} -Q -d ${MYCVSROOT} rlog seed | wc -l` -eq
65'
test-cvs-status:
- @cd ${REGRESS_SEED}; eval 'test `${CVSCMD} -Q status | wc -l`
-eq 18'
+ @cd ${REGRESS_SEED}; eval 'test `${CVSCMD} -Q status | wc -l`
-eq 21'
test-cvs-status-vflag:
- @cd ${REGRESS_SEED}; eval 'test `${CVSCMD} -Q status -v | wc -l`
-eq 30'
+ @cd ${REGRESS_SEED}; eval 'test `${CVSCMD} -Q status -v | wc -l`
-eq 33'
test-cvs-tag:
@cd ${REGRESS_SEED}; ${CVSCMD} -Q tag FIRST_TAG > /dev/null
opencvs - revision log diff
Hi,
This is a revised diff from the previous one I sent regarding updating
the log command to be a bit more similar to GNU cvs.
This diff now also fixes a bunch of segfaults with rare corner cases.
There are still several problems with log however, including not properly
iterating over Attic files if running with a directory as its parameter
or the fact that cvs_revision_select() is fatal happy instead of
bubbling up an error if a revision cannot be found. But those issues
will be fixed with a later diff.
.joris
Index: getlog.c
===
RCS file: /cvs/src/usr.bin/cvs/getlog.c,v
retrieving revision 1.98
diff -u -p -r1.98 getlog.c
--- getlog.c1 Dec 2014 21:58:46 - 1.98
+++ getlog.c23 Jun 2016 16:13:55 -
@@ -40,7 +40,7 @@
voidcvs_log_local(struct cvs_file *);
static void log_rev_print(struct rcs_delta *);
static char*push_date(char *dest, const char *);
-static u_intdate_select(RCSFILE *, char *);
+static int date_select(RCSFILE *, char *, u_int *);
int runflags = 0;
char *logrev = NULL;
@@ -216,9 +216,18 @@ cvs_log_local(struct cvs_file *cf)
return;
}
- if (cf->file_rcs == NULL) {
+ if (cf->file_rcs == NULL)
return;
- } else if (cf->file_status == FILE_ADDED) {
+
+ if (logrev != NULL)
+ nrev = cvs_revision_select(cf->file_rcs, logrev);
+ else if (logdate != NULL) {
+ if (date_select(cf->file_rcs, logdate, &nrev) == -1)
+ fatal("Can't parse date/time: %s", logdate);
+ } else
+ nrev = cf->file_rcs->rf_ndelta;
+
+ if (cf->file_status == FILE_ADDED) {
if (verbosity > 0)
cvs_log(LP_ERR, "%s has been added, but not committed",
cf->file_path);
@@ -230,16 +239,6 @@ cvs_log_local(struct cvs_file *cf)
return;
}
- if (logrev != NULL)
- nrev = cvs_revision_select(cf->file_rcs, logrev);
- else if (logdate != NULL) {
- if ((nrev = date_select(cf->file_rcs, logdate)) == -1) {
- cvs_log(LP_ERR, "invalid date: %s", logdate);
- return;
- }
- } else
- nrev = cf->file_rcs->rf_ndelta;
-
cvs_printf("\nRCS file: %s", cf->file_rpath);
if (cvs_cmdop != CVS_OP_RLOG)
@@ -418,8 +417,8 @@ push_date(char *dest, const char *src)
return (dest);
}
-static u_int
-date_select(RCSFILE *file, char *date)
+static int
+date_select(RCSFILE *file, char *date, u_int *cnt)
{
int i, nrev, flags;
struct rcs_delta *rdp;
@@ -427,6 +426,7 @@ date_select(RCSFILE *file, char *date)
char *first, *last, delim;
time_t firstdate, lastdate, rcsdate;
+ *cnt = 0;
nrev = 0;
args = cvs_strsplit(date, ";");
@@ -566,7 +566,8 @@ date_select(RCSFILE *file, char *date)
}
}
+ *cnt = nrev;
cvs_argv_destroy(args);
- return (nrev);
+ return 0;
}
Re: IP_SENDSRCADDR [2/2] : add cmsg support
On 2016/06/15 19:43, Vincent Gross wrote:
> On Mon, 13 Jun 2016 16:49:01 +0200
> Vincent Gross wrote:
> >
> > While validating source address inside selection functions is the
> > right direction, I don't think it would be a good thing to extend
> > further in_selectsrc() prototype. However it is easy to add a check
> > while processing cmsg.
> >
> > rev2 below. Ok ?
> >
>
> rev3 below.
>
> I fixed the line length, the useless bzero(), and also the wording in
> ip.4
>
> Ok ?
Basically yes but one observation.
> Index: sys/netinet/in.h
> ===
> RCS file: /cvs/src/sys/netinet/in.h,v
> retrieving revision 1.115
> diff -u -p -r1.115 in.h
> --- sys/netinet/in.h 20 Oct 2015 20:22:42 - 1.115
> +++ sys/netinet/in.h 15 Jun 2016 17:37:11 -
> @@ -307,6 +307,7 @@ struct ip_opts {
> #define IP_RECVRTABLE35 /* bool; receive rdomain w/dgram */
> #define IP_IPSECFLOWINFO 36 /* bool; IPsec flow info for dgram */
> #define IP_IPDEFTTL 37 /* int; IP TTL system default */
> +#define IP_SENDSRCADDR 38 /* struct in_addr; source address
> to use */
Other OS with this have it at the same value as IP_RECVDSTADDR.
Not doing that currently breaks net/gdnsd - I can take care of that
but I just wanted to flag it up as a difference to other implementations.
So as long as that doesn't cause any concern, OK sthen@, and I will take
care of bumps etc as necessary in ports.
Re: [PATCH] let the mbufs use more then 4gb of memory
Mark Kettenis [mark.kette...@xs4all.nl] wrote: > > We really don't want to implement bounce-buffers. Adding IOMMU > support is probably a better approach as it also brings some security > benefits. Not all amd64 hardware supports an IOMMU. And hardware > that does support it doesn't always have it enabled. But for modern > hardware an iommu is pretty much standard, except for the absolute > low-end. But those low-end machines tend to have only 2GB of memory > anyway. Is the sparc64 iommu code port usable for this purpose? http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/amd64/Attic/sg_dma.c
client certificate support in syslogd
Hi,
Following http://marc.info/?l=openbsd-tech&m=142136923124184&w=2 which
added TLS client support in syslogd and since now libtls supports client
certificates, this patch adds client's certificate support in syslogd
for mutual authentication to a remote syslog server.
It is based on code from netcat.c
tested on -current logging to a a remote syslog-ng server using syslog
driver requiring trusted certificates from it's peers.
It adds two switches:
-c client_cert_file
-k client_key_file
Minor modification in CAfile setup as well to match the netcat code.
It is missing manual page change for the two switches. I will fix this
if ok.
comments?
Giannis
Index: syslogd.c
===
RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.205
diff -u -p -r1.205 syslogd.c
--- syslogd.c 2 Apr 2016 19:55:10 - 1.205
+++ syslogd.c 23 Jun 2016 15:09:23 -
@@ -63,6 +63,7 @@
#define DEFUPRI(LOG_USER|LOG_NOTICE)
#define DEFSPRI(LOG_KERN|LOG_CRIT)
#define TIMERINTVL 30 /* interval for checking flush, mark */
+#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
#include
#include
@@ -223,8 +224,16 @@ char *path_ctlsock = NULL; /* Path to co
struct tls *server_ctx;
struct tls_config *client_config, *server_config;
-const char *CAfile = "/etc/ssl/cert.pem"; /* file containing CA certificates */
-intNoVerify = 0; /* do not verify TLS server x509 certificate */
+intNoVerify = 0; /* verify TLS server x509 certificate */
+char *CAfile = DEFAULT_CA_FILE; /* file containing CA certificates */
+char *PubCertfile; /* file containing public certificate */
+char *PrivKeyfile; /* file containing private key */
+uint8_t*cacert;
+size_t cacertlen;
+uint8_t*privkey;
+size_t privkeylen;
+uint8_t*pubcert;
+size_t pubcertlen;
inttcpbuf_dropped = 0; /* count messages dropped from TCP or TLS */
#define CTL_READING_CMD 1
@@ -353,7 +362,7 @@ main(int argc, char *argv[])
int ch, i;
int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
- while ((ch = getopt(argc, argv, "46a:C:dFf:hm:np:S:s:T:U:uV")) != -1)
+ while ((ch = getopt(argc, argv, "46a:C:c:dFf:hk:m:np:S:s:T:U:uV")) !=
-1)
switch (ch) {
case '4': /* disable IPv6 */
Family = PF_INET;
@@ -369,6 +378,9 @@ main(int argc, char *argv[])
case 'C': /* file containing CA certificates */
CAfile = optarg;
break;
+ case 'c': /* file containing public certificate */
+ PubCertfile = optarg;
+ break;
case 'd': /* debug */
Debug++;
break;
@@ -381,6 +393,9 @@ main(int argc, char *argv[])
case 'h': /* RFC 3164 hostnames */
IncludeHostname = 1;
break;
+ case 'k': /* file containing private key */
+ PrivKeyfile = optarg;
+ break;
case 'm': /* mark interval */
MarkInterval = strtonum(optarg, 0, 365*24*60, &errstr);
if (errstr)
@@ -553,35 +568,37 @@ main(int argc, char *argv[])
tls_config_insecure_noverifycert(client_config);
tls_config_insecure_noverifyname(client_config);
} else {
- struct stat sb;
int fail = 1;
- fd = -1;
- p = NULL;
- if ((fd = open(CAfile, O_RDONLY)) == -1) {
- logerror("open CAfile");
- } else if (fstat(fd, &sb) == -1) {
- logerror("fstat CAfile");
- } else if (sb.st_size > 50*1024*1024) {
- logerrorx("CAfile larger than 50MB");
- } else if ((p = calloc(sb.st_size, 1)) == NULL) {
- logerror("calloc CAfile");
- } else if (read(fd, p, sb.st_size) != sb.st_size) {
- logerror("read CAfile");
- } else if (tls_config_set_ca_mem(client_config, p,
- sb.st_size) == -1) {
- logerrorx("tls_config_set_ca_mem");
- } else {
+ if (CAfile && (cacert = tls_load_file(CAfile,
&cacertlen, NULL))
+ == NULL)
+ errx(1, "unable to load CAfile %s", CAfile);
+ if (CAfile && tls_config_set_ca_mem(client_config,
cacert, cacertle
Re: pf divert port reuse
On Thu, Jun 23, 2016 at 00:38 +0200, Alexander Bluhm wrote:
> On Wed, Jun 22, 2016 at 08:15:09PM +0200, Mike Belopuhov wrote:
> > Can you or benno test NAT64 with this change?
> > In case of weird behavior do this:
> >
> > int sidx = pd->af == pd->naf ? pd->sidx : pd->didx;
> > int didx = pd->af == pd->naf ? pd->didx : pd->sidx;
> >
> > And use sidx/didx throughout instead of pd->sidx and pd->didx.
> >
> > I'm pretty sure you need to do this trick, but I'm not 100%
> > certain.
>
> af-to state lookup in pf_get_sport() is quite broken.
>
> Jun 23 00:25:26 q70 /bsd: pf: af-to inet6 rdr, 10.188.70.17:3003 ->
> 10.188.216.114:7
> Jun 23 00:25:26 q70 /bsd: pf: find state all dir=out, af=24, key0:
> fdd7:e83e:66bc:211:725f:caff:fe21:8d70[10001], key1: abc:d872::[7], proto=17
> Jun 23 00:25:26 q70 /bsd: pf: af-to inet6 rdr done, prefixlen 120,
> fdd7:e83e:66bc:211:725f:caff:fe21:8d70[10001] ->
> fdd7:e83e:66bc:212:725f:caff:fe21:8d72[7]
>
> Look at the key1: abc:d872::[7], that is the IPv4 address used as IPv6.
> pf_get_transaddr_af() will fix the prefix later.
>
Looks like the pd->ndaddr/nsaddr patching should happen before
calling pf_get_sport.
> As there is more work to be done for af-to, I propose this version
> of the nat-to fix. With the explicit variables sidx and didx we
> can swap it easily if we will need it.
>
Sure, OK mikeb.
> bluhm
>
> Index: net/pf_lb.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf_lb.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 pf_lb.c
> --- net/pf_lb.c 15 Jun 2016 11:36:06 - 1.53
> +++ net/pf_lb.c 22 Jun 2016 22:18:30 -
> @@ -155,6 +155,9 @@ pf_get_sport(struct pf_pdesc *pd, struct
> struct pf_state_key_cmp key;
> struct pf_addr init_addr;
> u_int16_t cut;
> + int dir = (pd->dir == PF_IN) ? PF_OUT : PF_IN;
> + int sidx = pd->sidx;
> + int didx = pd->didx;
>
> bzero(&init_addr, sizeof(init_addr));
> if (pf_map_addr(pd->naf, r, &pd->nsaddr, naddr, &init_addr, sn, &r->nat,
> @@ -182,9 +185,9 @@ pf_get_sport(struct pf_pdesc *pd, struct
> key.af = pd->naf;
> key.proto = pd->proto;
> key.rdomain = pd->rdomain;
> - PF_ACPY(&key.addr[0], &pd->ndaddr, key.af);
> - PF_ACPY(&key.addr[1], naddr, key.af);
> - key.port[0] = pd->ndport;
> + PF_ACPY(&key.addr[didx], &pd->ndaddr, key.af);
> + PF_ACPY(&key.addr[sidx], naddr, key.af);
> + key.port[didx] = pd->ndport;
>
> /*
>* port search; start random, step;
> @@ -194,20 +197,20 @@ pf_get_sport(struct pf_pdesc *pd, struct
> pd->proto == IPPROTO_ICMP || pd->proto == IPPROTO_ICMPV6)) {
> /* XXX bug: icmp states dont use the id on both
>* XXX sides (traceroute -I through nat) */
> - key.port[1] = pd->nsport;
> - if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
> + key.port[sidx] = pd->nsport;
> + if (pf_find_state_all(&key, dir, NULL) == NULL) {
> *nport = pd->nsport;
> return (0);
> }
> } else if (low == 0 && high == 0) {
> - key.port[1] = pd->nsport;
> - if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
> + key.port[sidx] = pd->nsport;
> + if (pf_find_state_all(&key, dir, NULL) == NULL) {
> *nport = pd->nsport;
> return (0);
> }
> } else if (low == high) {
> - key.port[1] = htons(low);
> - if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
> + key.port[sidx] = htons(low);
> + if (pf_find_state_all(&key, dir, NULL) == NULL) {
> *nport = htons(low);
> return (0);
> }
> @@ -223,16 +226,16 @@ pf_get_sport(struct pf_pdesc *pd, struct
> cut = arc4random_uniform(1 + high - low) + low;
> /* low <= cut <= high */
> for (tmp = cut; tmp <= high; ++(tmp)) {
> - key.port[1] = htons(tmp);
> - if (pf_find_state_all(&key, PF_IN, NULL) ==
> + key.port[sidx] = htons(tmp);
> + if (pf_find_state_all(&key, dir, NULL) ==
> NULL && !in_baddynamic(tmp, pd->proto)) {
> *nport = htons(tmp);
> return (0);
>
Re: sqlite3 update
On Thu, Jun 23, 2016 at 09:03:43AM +0100, Stuart Henderson wrote: > On 2016/06/23 00:25, Ted Unangst wrote: > > Stuart Henderson wrote: > > > Turns out I forgot about the pthread stubs, without which there > > > are build failures in mandoc and various ports things unless we link > > > them with -lpthread. This broke a few things in my first ports test > > > build, but thanks to guenther's work it should now be valid to pull > > > this in via an inter-library dependency rather than having to > > > sprinkle it over mandoc and lots of the ports tree. > > > > > > > Index: Makefile > > > -# so that it works with NO THREADS > > > -SRCS += pthread_stub.c > > > - > > > -#mem3.c mem5.c > > > +SRCS = sqlite3.c > > > +LDADD = -lpthread > > > > Why are we dropping the stubs in favor of linking with libpthread? > > Trying to avoid too many changes to upstream's source. But I suppose > we can keep that as a separate file - just tested that with 3 things > where I ran into the problem (mandoc, www/kcaldav, www/nsh,static) > and they're happy. And I've tried build usr.bin/sqlite3 both with > and without -pthread and both versions of that also work OK for the > things I've tested. > > So, new diff: https://junkpile.org/sqlite-3.11.0.diff.gz,2 > > pthread_stub.c moves from lib/libsqlite3/tsrc/ to lib/libsqlite3/ > but is otherwise unchanged from the in-tree version. > > The only change to the Makefile from my previous diff is adding > pthread_stub.c to SRCS. > Like I've stated before, I think this is the best way to move forward for the time being, so you have my ok. -- James Turner
Re: [PATCH] let the mbufs use more then 4gb of memory
> Date: Thu, 23 Jun 2016 13:09:28 +0200
> From: Alexander Bluhm
>
> On Wed, Jun 22, 2016 at 10:54:27PM +1000, David Gwynne wrote:
> > secondly, allocating more than 4g at a time to socket buffers is
> > generally a waste of memory. in practice you should scale the amount
> > of memory available to sockets according to the size of the tcp
> > windows you need to saturate the bandwidth available to the box.
>
> Currently OpenBSD limits the socket buffer size to 256k.
> #define SB_MAX (256*1024) /* default for max chars in sockbuf */
>
> For downloading large files from the internet this is not sufficinet
> anymore. After customer complaints we have increased the limit to
> 1MB. This still does not give maximum throughput, but granting
> more could easily result in running out of mbufs. 16MB would be
> sufficent.
>
> Besides from single connections with high throughput we also have
> a lot of long running connections, say some 1. Each connection
> over a relay needs two sockets and four socket buffers. With 1MB
> limit and 1 connections the theoretical maximum is 40GB.
>
> It is hard to figure out which connections need socket buffer space
> in advance. tcp_update_{snd,rcv}space() adjusts it dynamically,
> there sbchecklowmem() has a first come first serve policy. Another
> challenge is, that the peers on both sides of the relay can decide
> wether they fill our buffers.
>
> Besides from finding a smarter algorithm to distribute the socket
> buffer space, increasing the number of mbufs could be a solution.
> Our server machines mostly relay connection data, there I seems
> seductive to use much more mbuf memory to speed up TCP connetions.
> Without 64 bit DMA most memory of the machine is unused.
>
> Also modern BIOS maps only 2GB in low region. All DMA devices must
> share these. Putting mbufs high should reduce pressure.
>
> Of course there are problems with network adaptors that support
> less DMA space and with hotplug configurations. For a general
> solution we can implement bounce buffers, disable the feature on
> such machines or have a knob.
We really don't want to implement bounce-buffers. Adding IOMMU
support is probably a better approach as it also brings some security
benefits. Not all amd64 hardware supports an IOMMU. And hardware
that does support it doesn't always have it enabled. But for modern
hardware an iommu is pretty much standard, except for the absolute
low-end. But those low-end machines tend to have only 2GB of memory
anyway.
Re: add mirror discovery to pkg_add
You guys made me think about the actual use case: noob user of OpenBSD, installs the ISO, never gets to have any pkg.conf by default. A way to handle that case would be to have non-network iso *installs* put a pkg.conf that says "hey we didn't configure anything, let's do that later". A bit a la first-time-boot. If you unconfigure things, end up with no pkg.conf, then it will never trigger. Anyhow, the code I have made me see thru a few "fun" pkg_add details I'll have to fix anyway (make ask_list able to deal with long lists in every case looks like a worthwhile pursuit always)
Re: [PATCH] let the mbufs use more then 4gb of memory
On Wed, Jun 22, 2016 at 10:54:27PM +1000, David Gwynne wrote:
> secondly, allocating more than 4g at a time to socket buffers is
> generally a waste of memory. in practice you should scale the amount
> of memory available to sockets according to the size of the tcp
> windows you need to saturate the bandwidth available to the box.
Currently OpenBSD limits the socket buffer size to 256k.
#define SB_MAX (256*1024) /* default for max chars in sockbuf */
For downloading large files from the internet this is not sufficinet
anymore. After customer complaints we have increased the limit to
1MB. This still does not give maximum throughput, but granting
more could easily result in running out of mbufs. 16MB would be
sufficent.
Besides from single connections with high throughput we also have
a lot of long running connections, say some 1. Each connection
over a relay needs two sockets and four socket buffers. With 1MB
limit and 1 connections the theoretical maximum is 40GB.
It is hard to figure out which connections need socket buffer space
in advance. tcp_update_{snd,rcv}space() adjusts it dynamically,
there sbchecklowmem() has a first come first serve policy. Another
challenge is, that the peers on both sides of the relay can decide
wether they fill our buffers.
Besides from finding a smarter algorithm to distribute the socket
buffer space, increasing the number of mbufs could be a solution.
Our server machines mostly relay connection data, there I seems
seductive to use much more mbuf memory to speed up TCP connetions.
Without 64 bit DMA most memory of the machine is unused.
Also modern BIOS maps only 2GB in low region. All DMA devices must
share these. Putting mbufs high should reduce pressure.
Of course there are problems with network adaptors that support
less DMA space and with hotplug configurations. For a general
solution we can implement bounce buffers, disable the feature on
such machines or have a knob.
bluhm
Re: sqlite3 update
On 2016/06/23 00:25, Ted Unangst wrote: > Stuart Henderson wrote: > > Turns out I forgot about the pthread stubs, without which there > > are build failures in mandoc and various ports things unless we link > > them with -lpthread. This broke a few things in my first ports test > > build, but thanks to guenther's work it should now be valid to pull > > this in via an inter-library dependency rather than having to > > sprinkle it over mandoc and lots of the ports tree. > > > > Index: Makefile > > -# so that it works with NO THREADS > > -SRCS +=pthread_stub.c > > - > > -# mem3.c mem5.c > > +SRCS = sqlite3.c > > +LDADD =-lpthread > > Why are we dropping the stubs in favor of linking with libpthread? Trying to avoid too many changes to upstream's source. But I suppose we can keep that as a separate file - just tested that with 3 things where I ran into the problem (mandoc, www/kcaldav, www/nsh,static) and they're happy. And I've tried build usr.bin/sqlite3 both with and without -pthread and both versions of that also work OK for the things I've tested. So, new diff: https://junkpile.org/sqlite-3.11.0.diff.gz,2 pthread_stub.c moves from lib/libsqlite3/tsrc/ to lib/libsqlite3/ but is otherwise unchanged from the in-tree version. The only change to the Makefile from my previous diff is adding pthread_stub.c to SRCS.
