Re: "max" field in "netstat -m" is ambiguous
On Wed, Oct 25, 2017 at 11:46:05PM +0200, Mike Belopuhov wrote: > On Wed, Oct 25, 2017 at 21:56 +0200, Claudio Jeker wrote: > > On Wed, Oct 25, 2017 at 01:39:35PM -0600, Todd C. Miller wrote: > > > On Wed, 25 Oct 2017 19:46:56 +0200, Mike Belopuhov wrote: > > > > > > > I think we can extend this by adding an additional number for the > > > > upper boundary (kern.maxclusters), like so: > > > > > > > > saru:usr.bin/netstat% ./obj/netstat -m > > > > 539 mbufs in use: > > > > 385 mbufs allocated to data > > > > 13 mbufs allocated to packet headers > > > > 141 mbufs allocated to socket names and addresses > > > > 19/144 mbuf 2048 byte clusters in use (current/peak) > > > > 0/45 mbuf 2112 byte clusters in use (current/peak) > > > > 256/312 mbuf 4096 byte clusters in use (current/peak) > > > > 0/48 mbuf 8192 byte clusters in use (current/peak) > > > > 0/28 mbuf 9216 byte clusters in use (current/peak) > > > > 0/40 mbuf 12288 byte clusters in use (current/peak) > > > > 0/40 mbuf 16384 byte clusters in use (current/peak) > > > > 0/40 mbuf 65536 byte clusters in use (current/peak) > > > > 5876 out of 524288 Kbytes allocated to network (20% in use) > > > > 0 requests for memory denied > > > > 0 requests for memory delayed > > > > 0 calls to protocol drain routines > > > > > > That's definitely an improvement. OK millert@ > > > > > > > The math for the percentage in use is doing something different at least > > 20% of 524288 is not 5876. AFAIK the percentage is calculated against the > > pool size and not the maximum size. > > Correct and I didn't say otherwise. I wrote: > > This shows how much backing memory has been allocated by all cluster > pools from the UVM and percentage of how much of it has been taken > out by pool_get operations. > > It's 20% of 5876K that is in use. > > > Would be great if netstat could show the current and peak memory usage. > > > > Current is 5876. Maximum is 524288. Do you want to display them in > the x/y/z format? > > 5876//524288 Kbytes allocated to network, 20% in use (current/peak/max) > > Something like this? Any other ideas? I think that would be an improvement. I normally look for peak values. The current is normally not interesting when tuning systems. Maybe we can even drop the use percentage since it more confusing than anything. -- :wq Claudio
adjust Makefile.armv7 for clang
Also add aliases for additional eabi calls clang emits.
Index: lib/libkern/arch/arm/divsi3.S
===
RCS file: /cvs/src/sys/lib/libkern/arch/arm/divsi3.S,v
retrieving revision 1.4
diff -u -p -r1.4 divsi3.S
--- lib/libkern/arch/arm/divsi3.S 22 Sep 2016 19:43:25 - 1.4
+++ lib/libkern/arch/arm/divsi3.S 26 Oct 2017 04:36:24 -
@@ -387,4 +387,6 @@ L_udivide_l1:
mov pc, lr
STRONG_ALIAS(__aeabi_idiv, __divsi3)
+STRONG_ALIAS(__aeabi_idivmod, __divsi3)
STRONG_ALIAS(__aeabi_uidiv, __udivsi3)
+STRONG_ALIAS(__aeabi_uidivmod, __udivsi3)
Index: arch/armv7/conf/Makefile.armv7
===
RCS file: /cvs/src/sys/arch/armv7/conf/Makefile.armv7,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile.armv7
--- arch/armv7/conf/Makefile.armv7 28 Sep 2017 16:16:34 - 1.36
+++ arch/armv7/conf/Makefile.armv7 26 Oct 2017 04:36:24 -
@@ -25,9 +25,15 @@ INCLUDES=-nostdinc -I$S -I. -I$S/arch
CPPFLAGS= ${INCLUDES} ${IDENT} ${PARAM} -D_KERNEL -D__${_mach}__ -MD -MP
CWARNFLAGS=-Werror -Wall -Wimplicit-function-declaration \
-Wno-uninitialized -Wno-pointer-sign \
+ -Wno-address-of-packed-member -Wno-constant-conversion \
-Wframe-larger-than=2047
-CMACHFLAGS=-msoft-float -march=armv6 -Wa,-march=armv7a
+CMACHFLAGS=-msoft-float
+.if ${COMPILER_VERSION:Mgcc4}
+CMACHFLAGS+= -march=armv6 -Wa,-march=armv7a
+.else
+CMACHFLAGS+= -march=armv7a
+.endif
CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS}
SORTR= sort -R
.if ${IDENT:M-DNO_PROPOLICE}
@@ -36,6 +42,9 @@ CMACHFLAGS+= -fno-stack-protector
.if ${IDENT:M-DSMALL_KERNEL}
SORTR= cat
.endif
+.if ${COMPILER_VERSION:Mclang}
+NO_INTEGR_AS= -no-integrated-as
+.endif
DEBUG?=-g
COPTS?=-O2
@@ -93,7 +102,7 @@ LINKFLAGS+= -S
assym.h: $S/kern/genassym.sh Makefile \
${_archdir}/${_arch}/genassym.cf ${_machdir}/${_mach}/genassym.cf
cat ${_archdir}/${_arch}/genassym.cf ${_machdir}/${_mach}/genassym.cf |
\
- sh $S/kern/genassym.sh ${CC} ${CFLAGS} ${CPPFLAGS} -MF assym.P >
assym.h.tmp
+ sh $S/kern/genassym.sh ${CC} ${NO_INTEGR_AS} ${CFLAGS} ${CPPFLAGS}
-MF assym.P > assym.h.tmp
sed '1s/.*/assym.h: \\/' assym.P > assym.d
sort -u assym.h.tmp > assym.h
Re: "max" field in "netstat -m" is ambiguous
On Wed, Oct 25, 2017 at 21:56 +0200, Claudio Jeker wrote: > On Wed, Oct 25, 2017 at 01:39:35PM -0600, Todd C. Miller wrote: > > On Wed, 25 Oct 2017 19:46:56 +0200, Mike Belopuhov wrote: > > > > > I think we can extend this by adding an additional number for the > > > upper boundary (kern.maxclusters), like so: > > > > > > saru:usr.bin/netstat% ./obj/netstat -m > > > 539 mbufs in use: > > > 385 mbufs allocated to data > > > 13 mbufs allocated to packet headers > > > 141 mbufs allocated to socket names and addresses > > > 19/144 mbuf 2048 byte clusters in use (current/peak) > > > 0/45 mbuf 2112 byte clusters in use (current/peak) > > > 256/312 mbuf 4096 byte clusters in use (current/peak) > > > 0/48 mbuf 8192 byte clusters in use (current/peak) > > > 0/28 mbuf 9216 byte clusters in use (current/peak) > > > 0/40 mbuf 12288 byte clusters in use (current/peak) > > > 0/40 mbuf 16384 byte clusters in use (current/peak) > > > 0/40 mbuf 65536 byte clusters in use (current/peak) > > > 5876 out of 524288 Kbytes allocated to network (20% in use) > > > 0 requests for memory denied > > > 0 requests for memory delayed > > > 0 calls to protocol drain routines > > > > That's definitely an improvement. OK millert@ > > > > The math for the percentage in use is doing something different at least > 20% of 524288 is not 5876. AFAIK the percentage is calculated against the > pool size and not the maximum size. Correct and I didn't say otherwise. I wrote: This shows how much backing memory has been allocated by all cluster pools from the UVM and percentage of how much of it has been taken out by pool_get operations. It's 20% of 5876K that is in use. > Would be great if netstat could show the current and peak memory usage. > Current is 5876. Maximum is 524288. Do you want to display them in the x/y/z format? 5876//524288 Kbytes allocated to network, 20% in use (current/peak/max) Something like this? Any other ideas?
Re: "max" field in "netstat -m" is ambiguous
On 2017/10/25 21:03, Stuart Henderson wrote: > On 2017/10/25 19:46, Mike Belopuhov wrote: > > I gather this isn't very friendly towards existing scripts parsing > > this output, but YMMV. > > I don't see anything in ports that cares. The only thing that parses > netstat -m output at all seems to be some code in gnupg/libgcrypt/mcrypt > that uses it as (one among several) sources to seed RNG. > > There are some things that do look at mbuf use for monitoring etc (symon > for example) but I think usually not per-interface. > ...don't know what I was thinking about per-interface there. Anyway at least symon is using sysctl for this, see symon/platform/OpenBSD/sm_mbuf.c, so netstat -m changes won't affect it, but the underlying problem making "max" useless probably affects it too. (I don't use it any more..)
Re: "max" field in "netstat -m" is ambiguous
On 2017/10/25 19:46, Mike Belopuhov wrote: > I gather this isn't very friendly towards existing scripts parsing > this output, but YMMV. I don't see anything in ports that cares. The only thing that parses netstat -m output at all seems to be some code in gnupg/libgcrypt/mcrypt that uses it as (one among several) sources to seed RNG. There are some things that do look at mbuf use for monitoring etc (symon for example) but I think usually not per-interface.
Re: "max" field in "netstat -m" is ambiguous
On Wed, Oct 25, 2017 at 01:39:35PM -0600, Todd C. Miller wrote: > On Wed, 25 Oct 2017 19:46:56 +0200, Mike Belopuhov wrote: > > > I think we can extend this by adding an additional number for the > > upper boundary (kern.maxclusters), like so: > > > > saru:usr.bin/netstat% ./obj/netstat -m > > 539 mbufs in use: > > 385 mbufs allocated to data > > 13 mbufs allocated to packet headers > > 141 mbufs allocated to socket names and addresses > > 19/144 mbuf 2048 byte clusters in use (current/peak) > > 0/45 mbuf 2112 byte clusters in use (current/peak) > > 256/312 mbuf 4096 byte clusters in use (current/peak) > > 0/48 mbuf 8192 byte clusters in use (current/peak) > > 0/28 mbuf 9216 byte clusters in use (current/peak) > > 0/40 mbuf 12288 byte clusters in use (current/peak) > > 0/40 mbuf 16384 byte clusters in use (current/peak) > > 0/40 mbuf 65536 byte clusters in use (current/peak) > > 5876 out of 524288 Kbytes allocated to network (20% in use) > > 0 requests for memory denied > > 0 requests for memory delayed > > 0 calls to protocol drain routines > > That's definitely an improvement. OK millert@ > The math for the percentage in use is doing something different at least 20% of 524288 is not 5876. AFAIK the percentage is calculated against the pool size and not the maximum size. Would be great if netstat could show the current and peak memory usage. -- :wq Claudio
Re: "max" field in "netstat -m" is ambiguous
On Wed, 25 Oct 2017 19:46:56 +0200, Mike Belopuhov wrote: > I think we can extend this by adding an additional number for the > upper boundary (kern.maxclusters), like so: > > saru:usr.bin/netstat% ./obj/netstat -m > 539 mbufs in use: > 385 mbufs allocated to data > 13 mbufs allocated to packet headers > 141 mbufs allocated to socket names and addresses > 19/144 mbuf 2048 byte clusters in use (current/peak) > 0/45 mbuf 2112 byte clusters in use (current/peak) > 256/312 mbuf 4096 byte clusters in use (current/peak) > 0/48 mbuf 8192 byte clusters in use (current/peak) > 0/28 mbuf 9216 byte clusters in use (current/peak) > 0/40 mbuf 12288 byte clusters in use (current/peak) > 0/40 mbuf 16384 byte clusters in use (current/peak) > 0/40 mbuf 65536 byte clusters in use (current/peak) > 5876 out of 524288 Kbytes allocated to network (20% in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines That's definitely an improvement. OK millert@ - todd
Re: Kill deprecated IPv6 ioctl(2)s
OK florian@
On Wed, Oct 25, 2017 at 10:20:45AM +, Martin Pieuchot wrote:
> Diff below remove some more deprecated ioctl(2). The first group below
> correspond to features now deprecated by slaacd(8):
>
> SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6, SIOCSRTRFLUSH_IN6
>
> Removing those might break some ports. This is good! Because now they
> are broken at compile time and can be fixed. Currently they might or
> might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
> them.
>
> The second group of ioctl(2)s is not used in base and should be used
> conditionally in ports, so it should be safe:
> SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
>
> Diff below also move some define around in netinet6/in6_var.h to reduce
> the number of #ifdef _KERNEL chunks.
>
> ok?
>
> Index: netinet6/in6.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 in6.c
> --- netinet6/in6.c24 Oct 2017 09:30:15 - 1.215
> +++ netinet6/in6.c25 Oct 2017 10:06:05 -
> @@ -213,13 +213,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> return (EOPNOTSUPP);
>
> switch (cmd) {
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> - case SIOCSIFINFO_FLAGS:
> - if (!privileged)
> - return (EPERM);
> - /* FALLTHROUGH */
> case SIOCGIFINFO_IN6:
> case SIOCGNBRINFO_IN6:
> return (nd6_ioctl(cmd, data, ifp));
> @@ -241,17 +234,11 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCAIFADDR_IN6:
> sa6 = &ifra->ifra_addr;
> break;
> - case SIOCGIFADDR_IN6:
> case SIOCGIFDSTADDR_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCDIFADDR_IN6:
> case SIOCGIFAFLAG_IN6:
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> case SIOCGIFALIFETIME_IN6:
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> sa6 = &ifr->ifr_addr;
> break;
> case SIOCSIFADDR:
> @@ -313,9 +300,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> break;
>
> - case SIOCGIFADDR_IN6:
> - /* This interface is basically deprecated. use SIOCGIFCONF. */
> - /* FALLTHROUGH */
> case SIOCGIFAFLAG_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCGIFDSTADDR_IN6:
> @@ -328,10 +312,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> switch (cmd) {
>
> - case SIOCGIFADDR_IN6:
> - ifr->ifr_addr = ia6->ia_addr;
> - break;
> -
> case SIOCGIFDSTADDR_IN6:
> if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
> return (EINVAL);
> @@ -349,10 +329,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCGIFAFLAG_IN6:
> ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
> break;
> -
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> - return (EOPNOTSUPP);
>
> case SIOCGIFALIFETIME_IN6:
> ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
> Index: netinet6/in6_var.h
> ===
> RCS file: /cvs/src/sys/netinet6/in6_var.h,v
> retrieving revision 1.70
> diff -u -p -r1.70 in6_var.h
> --- netinet6/in6_var.h24 Oct 2017 09:36:13 - 1.70
> +++ netinet6/in6_var.h25 Oct 2017 10:06:05 -
> @@ -278,40 +278,21 @@ struct in6_aliasreq {
> #define IFA_IN6(x) (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr)
> #define IFA_DSTIN6(x)(&((struct sockaddr_in6
> *)((x)->ifa_dstaddr))->sin6_addr)
>
> -#ifdef _KERNEL
> -#define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
> - (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
> - (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
> - (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
> - (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
> -#endif /* _KERNEL */
> -
> -#define SIOCGIFADDR_IN6 _IOWR('i', 33, struct in6_ifreq)
> +#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> +#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
>
> #define SIOCGIFDSTADDR_IN6 _IOWR('i', 34, struct in6_ifreq)
> #define SIOCGIFNETMASK_IN6 _IOWR('i', 37, struct in6_ifreq)
>
> -#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> -#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
> -
> #define SIOCGIFAFLAG_IN6 _IOWR('i', 73, struct in6_ifreq)
>
> #define SIOCGIFINFO_IN6 _IOWR('i', 108, struct in6_ndireq)
> -#define SIOCSNDFLUSH_IN6 _IOWR('i', 77, struct in6_ifreq)
> #define SIOCGNBRINFO_IN6 _IOWR('i', 78, struct
"max" field in "netstat -m" is ambiguous
Hi,
After some changes in the way mbuf cluster pool limits are set up,
we have a situation where the "max" number doesn't reflect what it
used to and is ambiguous most of the time. Right now I have:
36/144/64 mbuf 2048 byte clusters in use (current/peak/max)
0/45/120 mbuf 2112 byte clusters in use (current/peak/max)
256/312/64 mbuf 4096 byte clusters in use (current/peak/max)
0/40/64 mbuf 8192 byte clusters in use (current/peak/max)
0/14/112 mbuf 9216 byte clusters in use (current/peak/max)
0/30/80 mbuf 12288 byte clusters in use (current/peak/max)
0/40/64 mbuf 16384 byte clusters in use (current/peak/max)
0/40/64 mbuf 65536 byte clusters in use (current/peak/max)
Several users expressed their concern regarding this and I agree
that this was one of the important metrics that we used to look at.
Now that kern.maxclusters defines how much memory (in 2k chunks) in
total can be spent on (all) clusters, there's no well defined maximum
value for each individual pool as they share this global limit. But
we shouldn't provide values that are misinterpreted by users.
Here's my take on how to improve the situation.
One line in the "netstat -m" output talks about memory usage:
5748 Kbytes allocated to network (21% in use)
This shows how much backing memory has been allocated by all cluster
pools from the UVM and percentage of how much of it has been taken
out by pool_get operations.
I think we can extend this by adding an additional number for the
upper boundary (kern.maxclusters), like so:
saru:usr.bin/netstat% ./obj/netstat -m
539 mbufs in use:
385 mbufs allocated to data
13 mbufs allocated to packet headers
141 mbufs allocated to socket names and addresses
19/144 mbuf 2048 byte clusters in use (current/peak)
0/45 mbuf 2112 byte clusters in use (current/peak)
256/312 mbuf 4096 byte clusters in use (current/peak)
0/48 mbuf 8192 byte clusters in use (current/peak)
0/28 mbuf 9216 byte clusters in use (current/peak)
0/40 mbuf 12288 byte clusters in use (current/peak)
0/40 mbuf 16384 byte clusters in use (current/peak)
0/40 mbuf 65536 byte clusters in use (current/peak)
5876 out of 524288 Kbytes allocated to network (20% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
I gather this isn't very friendly towards existing scripts parsing
this output, but YMMV.
diff --git usr.bin/netstat/mbuf.c usr.bin/netstat/mbuf.c
index f7970a57c32..701385b2e6b 100644
--- usr.bin/netstat/mbuf.c
+++ usr.bin/netstat/mbuf.c
@@ -86,11 +86,11 @@ bool seen[256]; /* "have we seen this
type yet?" */
*/
void
mbpr(void)
{
unsigned long totmem, totused, totmbufs;
- int totpct;
+ int maxclusters, totpct;
int i, mib[4], npools;
struct kinfo_pool pool;
struct mbtypes *mp;
size_t size;
@@ -99,10 +99,20 @@ mbpr(void)
"%s: unexpected change to mbstat; check source\n",
__progname);
return;
}
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_MAXCLUSTERS;
+ size = sizeof(maxclusters);
+
+ if (sysctl(mib, 2, &maxclusters, &size, NULL, 0) < 0) {
+ printf("Can't retrieve value of maxclusters from the "
+ "kernel: %s\n", strerror(errno));
+ return;
+ }
+
mib[0] = CTL_KERN;
mib[1] = KERN_MBSTAT;
size = sizeof(mbstat);
if (sysctl(mib, 2, &mbstat, &size, NULL, 0) < 0) {
@@ -176,24 +186,23 @@ mbpr(void)
plural(mbstat.m_mtypes[i]), i);
}
totmem = (mbpool.pr_npages * mbpool.pr_pgsize);
totused = mbpool.pr_nout * mbpool.pr_size;
for (i = 0; i < mclp; i++) {
- printf("%u/%lu/%lu mbuf %d byte clusters in use"
- " (current/peak/max)\n",
+ printf("%u/%lu mbuf %d byte clusters in use"
+ " (current/peak)\n",
mclpools[i].pr_nout,
(unsigned long)
(mclpools[i].pr_hiwat * mclpools[i].pr_itemsperpage),
- (unsigned long)
- (mclpools[i].pr_maxpages * mclpools[i].pr_itemsperpage),
mclpools[i].pr_size);
totmem += (mclpools[i].pr_npages * mclpools[i].pr_pgsize);
totused += mclpools[i].pr_nout * mclpools[i].pr_size;
}
totpct = (totmem == 0) ? 0 : (totused/(totmem / 100));
- printf("%lu Kbytes allocated to network (%d%% in use)\n",
- totmem / 1024, totpct);
+ printf("%lu out of %lu Kbytes allocated to network (%d%% in use)\n",
+ totmem / 1024, (unsigned long)(maxclusters * MCLBYTES) / 1024,
+ totpct);
printf("%lu requests for memory denied\n", mbstat.m_drops);
printf("%lu requests for memory delayed\n", mbstat.m_wait);
printf("%lu calls to protocol
Re: tftpd(8): diff for ip path rewrite
On Tue, Oct 24 2017, Jeremie Courreges-Anglas wrote: > On Mon, Oct 23 2017, Jan Klemkow wrote: >> On Sun, Oct 22, 2017 at 09:32:54PM +, Jeremie Courreges-Anglas wrote: >>> On Sat, Oct 21 2017, Jan Klemkow wrote: >>> > On Fri, Oct 20, 2017 at 12:04:41PM +, Jeremie Courreges-Anglas wrote: >>> >> On Fri, Oct 20 2017, Sebastien Marie wrote: >>> >> > On Thu, Oct 19, 2017 at 08:58:12PM +0200, Jan Klemkow wrote: >>> >> >> + char nfilename[PATH_MAX]; >>> >> >> + >>> >> >> + snprintf(nfilename, sizeof nfilename, "%s/%s", >>> >> >> + getip(&client->ss), filename); >>> >> > >>> >> > - filename has PATH_MAX length >>> >> > - getip(&client->ss) could have NI_MAXHOST length >>> >> >>> >> INET6_ADDRSTRLEN since getip() calls getnameinfo(NI_NUMERICHOST), but >>> >> your point stands. >>> >> >>> >> > so nfilename could be larger than PATH_MAX (sizeof nfilename). >>> >> > >>> >> > I assume the return of snprintf() need to be checked. if truncation >>> >> > occured, a warning should be issued and nfilename discarded (just >>> >> > calling tftp_open(client, filename)) ? >>> >> >>> >> I think we should refuse the request if truncated. >>> > >>> > done >>> > >>> >> >> + if (access(nfilename, R_OK) == 0) >>> >> >> + tftp_open(client, nfilename); >>> >> >> + else >>> >> >> + tftp_open(client, filename); >>> >> >> + } >>> >> >>> >> Here we look up the same file in both the client-specific subdirectory >>> >> and the default directory. Should we instead look only in the >>> >> client-specific directory if the latter exist? >>> > >>> > Common files should be found in the default directory. But, host >>> > specific files could be overwritten if they exist in the subdirectory. >>> >>> I think it would be better to perform those access tests in >>> validate_access(); logic in a single place, and a less quirky handling >>> of SEEDPATH. Also the test done should probably depend on the type >>> (read, write) of the request. Retrying with the default directory may >>> make sense in read mode, but maybe not in write (and -c, create) mode? >>> >>> The updated diff below implements such semantics, but in >>> validate_access(). While here, >>> - improve diagnostic if both -i and -r are given; usage() doesn't show >>> the conflict >>> - also test snprintf return value against -1, as spotted by semarie@ >>> >>> Maybe we should add a mention in the manpage that the client can >>> "escape" its client-specific directory? (ie /../192.0.2.1/file) >>> >>> The logic is more complicated but I hope it's for good. >> >> I successfully testes jca's diff in my setup and add two lines about >> directory escaping to the manpage. > > I don't think there is a need to expand on security and machines > changing their IP address, especially when you're using TFTP, an > insecure protocol. I just wanted to stress that no enforcement was > done. > > Here's an alternate take at documenting -i, addressing a few issues. It > moves the "no path enforcement" sentence to CAVEATS. I hope you agree > with this move. At least jmc@ thinks that the -i flag description is a better place. > While here: > - kill .Tn > - the content of the previous BUGS section doesn't look like a TFTP bug, > so CAVEATS looks more appropriate to me I've kept those changes (to be committed seperately). > Feedback & oks welcome. New diff after feedback from jmc@ Index: tftpd.8 === RCS file: /d/cvs/src/usr.sbin/tftpd/tftpd.8,v retrieving revision 1.5 diff -u -p -r1.5 tftpd.8 --- tftpd.8 18 Jul 2015 05:32:56 - 1.5 +++ tftpd.8 25 Oct 2017 16:48:32 - @@ -37,16 +37,14 @@ .Nd DARPA Trivial File Transfer Protocol daemon .Sh SYNOPSIS .Nm tftpd -.Op Fl 46cdv +.Op Fl 46cdiv .Op Fl l Ar address .Op Fl p Ar port .Op Fl r Ar socket .Ar directory .Sh DESCRIPTION .Nm -is a server which implements the -.Tn DARPA -Trivial File Transfer Protocol. +is a server which implements the DARPA Trivial File Transfer Protocol. .Pp The use of .Xr tftp 1 @@ -100,6 +98,15 @@ If this option is specified, .Nm will run in the foreground and log the client IP, type of request, and filename to stderr. +.It Fl i +Look up the requested path in the subdirectory named after the +client's IP address. +For read requests, if the file is not found, +.Nm +falls back on the requested path. +Note that no attempt is made to limit the client to its subdirectory. +This option cannot be combined with +.Fl r . .It Fl l Ar address Listen on the specified address. By default @@ -126,6 +133,8 @@ before the TFTP request will continue. By default .Nm does not use filename rewriting. +This option cannot be combined with +.Fl i . .It Fl v Log the client IP, type of request, and filename. .It Ar directory @@ -151,6 +160,6 @@ and appeared in It was rewritten for .Ox 5.2 as a persistent non-blocking daemo
Re: armv7 asm fix for clang 5.0.0
> Date: Thu, 26 Oct 2017 03:10:44 +1100 > From: Jonathan Gray > > On Wed, Oct 25, 2017 at 05:04:10PM +0200, Mark Kettenis wrote: > > The clang 5.0.0 integrated assembler seems to be a little bit more > > fussy and doesn't allow the use of the "smc" instructions without > > declaring that you want to use the TrustZone architecture extension. > > Unfortunately our binutils assembler doesn't recognize the pseudo-op. > > So this diff wraps it into an #ifdef. > > > > ok? > > It seems it is in binutils since 2.21 > https://gcc.gnu.org/ml/gcc-help/2012-07/msg00180.html > > Too bad the test can't be against a binutils version. > > hvc also requires an .arch_extension line when used without .word > > The other option would be to build the kernel with -march=armv7ve > when not building gcc4 which enables > 'FeatureTrustZone, FeatureMP, FeatureVirtualization' but that > might creep into places where it shouldn't. Indeed. I don't think we want to go there. Your version is fine with me. ok kettenis@ > Index: armv7/armv7_start.S > === > RCS file: /cvs/src/sys/arch/armv7/armv7/armv7_start.S,v > retrieving revision 1.14 > diff -u -p -r1.14 armv7_start.S > --- armv7/armv7_start.S 14 Jun 2017 13:12:49 - 1.14 > +++ armv7/armv7_start.S 25 Oct 2017 15:53:24 - > @@ -38,7 +38,13 @@ > #undef DOMAIN_CLIENT /* XXX */ > #include "assym.h" > > +#ifdef __clang__ > +.arch_extension sec > +.arch_extension virt > +#define HVC hvc #0 > +#else > #define HVC .word 0xe1400070 @ hvc > +#endif > > .text > >
Re: armv7 asm fix for clang 5.0.0
On Wed, Oct 25, 2017 at 05:04:10PM +0200, Mark Kettenis wrote: > The clang 5.0.0 integrated assembler seems to be a little bit more > fussy and doesn't allow the use of the "smc" instructions without > declaring that you want to use the TrustZone architecture extension. > Unfortunately our binutils assembler doesn't recognize the pseudo-op. > So this diff wraps it into an #ifdef. > > ok? It seems it is in binutils since 2.21 https://gcc.gnu.org/ml/gcc-help/2012-07/msg00180.html Too bad the test can't be against a binutils version. hvc also requires an .arch_extension line when used without .word The other option would be to build the kernel with -march=armv7ve when not building gcc4 which enables 'FeatureTrustZone, FeatureMP, FeatureVirtualization' but that might creep into places where it shouldn't. Index: armv7/armv7_start.S === RCS file: /cvs/src/sys/arch/armv7/armv7/armv7_start.S,v retrieving revision 1.14 diff -u -p -r1.14 armv7_start.S --- armv7/armv7_start.S 14 Jun 2017 13:12:49 - 1.14 +++ armv7/armv7_start.S 25 Oct 2017 15:53:24 - @@ -38,7 +38,13 @@ #undef DOMAIN_CLIENT /* XXX */ #include "assym.h" +#ifdef __clang__ +.arch_extension sec +.arch_extension virt +#define HVChvc #0 +#else #define HVC.word 0xe1400070 @ hvc +#endif .text
armv7 asm fix for clang 5.0.0
The clang 5.0.0 integrated assembler seems to be a little bit more fussy and doesn't allow the use of the "smc" instructions without declaring that you want to use the TrustZone architecture extension. Unfortunately our binutils assembler doesn't recognize the pseudo-op. So this diff wraps it into an #ifdef. ok? Index: arch/armv7/armv7/armv7_start.S === RCS file: /cvs/src/sys/arch/armv7/armv7/armv7_start.S,v retrieving revision 1.14 diff -u -p -r1.14 armv7_start.S --- arch/armv7/armv7/armv7_start.S 14 Jun 2017 13:12:49 - 1.14 +++ arch/armv7/armv7/armv7_start.S 25 Oct 2017 14:58:40 - @@ -38,6 +38,10 @@ #undef DOMAIN_CLIENT /* XXX */ #include "assym.h" +#ifdef __clang__ +.arch_extension sec +#endif + #define HVC.word 0xe1400070 @ hvc .text
Re: wireless ioctl & multicast
On 25/10/17(Wed) 15:37, Martin Pieuchot wrote:
> Diff below moves the common code to add/remove multicast filters
> to ieee80211_ioctl(9). Wireless drivers that do things slightly
> differently are left untouched for the moment.
>
> ok?
Updated diff.
Index: dev/ic/acx.c
===
RCS file: /cvs/src/sys/dev/ic/acx.c,v
retrieving revision 1.120
diff -u -p -r1.120 acx.c
--- dev/ic/acx.c22 Jan 2017 10:17:37 - 1.120
+++ dev/ic/acx.c25 Oct 2017 13:31:27 -
@@ -837,7 +837,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
{
struct acx_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -855,16 +854,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
if (ifp->if_flags & IFF_RUNNING)
error = acx_stop(sc);
}
- break;
- case SIOCADDMULTI:
- case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
Index: dev/ic/bwi.c
===
RCS file: /cvs/src/sys/dev/ic/bwi.c,v
retrieving revision 1.126
diff -u -p -r1.126 bwi.c
--- dev/ic/bwi.c8 Sep 2017 05:36:52 - 1.126
+++ dev/ic/bwi.c25 Oct 2017 13:31:16 -
@@ -7107,7 +7107,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
{
struct bwi_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -7125,16 +7124,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
if (ifp->if_flags & IFF_RUNNING)
bwi_stop(sc, 1);
}
- break;
-case SIOCADDMULTI:
-case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
Index: dev/ic/rtwn.c
===
RCS file: /cvs/src/sys/dev/ic/rtwn.c,v
retrieving revision 1.35
diff -u -p -r1.35 rtwn.c
--- dev/ic/rtwn.c 23 Sep 2017 13:57:41 - 1.35
+++ dev/ic/rtwn.c 25 Oct 2017 13:32:05 -
@@ -1434,7 +1434,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
{
struct rtwn_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
s = splnet();
@@ -1462,15 +1461,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
if (ifp->if_flags & IFF_RUNNING)
rtwn_stop(ifp);
}
- break;
- case SIOCADDMULTI:
- case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
error = ieee80211_ioctl(ifp, cmd, data);
Index: dev/ic/malo.c
===
RCS file: /cvs/src/sys/dev/ic/malo.c,v
retrieving revision 1.115
diff -u -p -r1.115 malo.c
--- dev/ic/malo.c 8 Sep 2017 05:36:52 - 1.115
+++ dev/ic/malo.c 25 Oct 2017 13:31:09 -
@@ -933,7 +933,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
{
struct malo_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -951,16 +950,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
if (ifp->if_flags & IFF_RUNNING)
malo_stop(sc);
}
- break;
-case SIOCADDMULTI:
-case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
I
Re: Kill deprecated IPv6 ioctl(2)s
On 25/10/17(Wed) 14:17, Stuart Henderson wrote: > On 2017/10/25 12:20, Martin Pieuchot wrote: > > The second group of ioctl(2)s is not used in base and should be used > > conditionally in ports, so it should be safe: > > SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6 > > "should" :-) Net-SNMP uses SIOCGIFSTAT_IN6 without a guard in > > agent/mibgroup/ip-mib/data_access/systemstats_sysctl.c:_systemstats_v6_load_ifstats() This is inside #ifdef __NetBSD__, the port builds fine for me.
wireless ioctl & multicast
Diff below moves the common code to add/remove multicast filters
to ieee80211_ioctl(9). Wireless drivers that do things slightly
differently are left untouched for the moment.
ok?
Index: dev/ic/acx.c
===
RCS file: /cvs/src/sys/dev/ic/acx.c,v
retrieving revision 1.120
diff -u -p -r1.120 acx.c
--- dev/ic/acx.c22 Jan 2017 10:17:37 - 1.120
+++ dev/ic/acx.c25 Oct 2017 13:31:27 -
@@ -837,7 +837,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
{
struct acx_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -855,16 +854,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
if (ifp->if_flags & IFF_RUNNING)
error = acx_stop(sc);
}
- break;
- case SIOCADDMULTI:
- case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
Index: dev/ic/bwi.c
===
RCS file: /cvs/src/sys/dev/ic/bwi.c,v
retrieving revision 1.126
diff -u -p -r1.126 bwi.c
--- dev/ic/bwi.c8 Sep 2017 05:36:52 - 1.126
+++ dev/ic/bwi.c25 Oct 2017 13:31:16 -
@@ -7107,7 +7107,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
{
struct bwi_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -7125,16 +7124,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
if (ifp->if_flags & IFF_RUNNING)
bwi_stop(sc, 1);
}
- break;
-case SIOCADDMULTI:
-case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
Index: dev/ic/rtwn.c
===
RCS file: /cvs/src/sys/dev/ic/rtwn.c,v
retrieving revision 1.35
diff -u -p -r1.35 rtwn.c
--- dev/ic/rtwn.c 23 Sep 2017 13:57:41 - 1.35
+++ dev/ic/rtwn.c 25 Oct 2017 13:32:05 -
@@ -1434,7 +1434,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
{
struct rtwn_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
s = splnet();
@@ -1462,15 +1461,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
if (ifp->if_flags & IFF_RUNNING)
rtwn_stop(ifp);
}
- break;
- case SIOCADDMULTI:
- case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
error = ieee80211_ioctl(ifp, cmd, data);
Index: dev/ic/malo.c
===
RCS file: /cvs/src/sys/dev/ic/malo.c,v
retrieving revision 1.115
diff -u -p -r1.115 malo.c
--- dev/ic/malo.c 8 Sep 2017 05:36:52 - 1.115
+++ dev/ic/malo.c 25 Oct 2017 13:31:09 -
@@ -933,7 +933,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
{
struct malo_softc *sc = ifp->if_softc;
struct ieee80211com *ic = &sc->sc_ic;
- struct ifreq *ifr;
int s, error = 0;
uint8_t chan;
@@ -951,16 +950,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
if (ifp->if_flags & IFF_RUNNING)
malo_stop(sc);
}
- break;
-case SIOCADDMULTI:
-case SIOCDELMULTI:
- ifr = (struct ifreq *)data;
- error = (cmd == SIOCADDMULTI) ?
- ether_addmulti(ifr, &ic->ic_ac) :
- ether_delmulti(ifr, &ic->ic_ac);
-
- if (error == ENETRESET)
- error = 0;
break;
case SIOCS80211CHANNEL:
/* allow fast channel switching in monitor mode */
Index: dev/ic/pgt.c
=
Re: Remove TCP_FACK
This has been committed. Since the patch changed the userland ABI, don't forget to rebuild (at least) fstat, netstat & tcpbench. Kind regards, Job
Re: Kill deprecated IPv6 ioctl(2)s
On 2017/10/25 12:20, Martin Pieuchot wrote:
> The second group of ioctl(2)s is not used in base and should be used
> conditionally in ports, so it should be safe:
> SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
"should" :-) Net-SNMP uses SIOCGIFSTAT_IN6 without a guard in
agent/mibgroup/ip-mib/data_access/systemstats_sysctl.c:_systemstats_v6_load_ifstats()
Sorry ENOTIME to look right now.
> Diff below also move some define around in netinet6/in6_var.h to reduce
> the number of #ifdef _KERNEL chunks.
>
> ok?
>
> Index: netinet6/in6.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 in6.c
> --- netinet6/in6.c24 Oct 2017 09:30:15 - 1.215
> +++ netinet6/in6.c25 Oct 2017 10:06:05 -
> @@ -213,13 +213,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> return (EOPNOTSUPP);
>
> switch (cmd) {
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> - case SIOCSIFINFO_FLAGS:
> - if (!privileged)
> - return (EPERM);
> - /* FALLTHROUGH */
> case SIOCGIFINFO_IN6:
> case SIOCGNBRINFO_IN6:
> return (nd6_ioctl(cmd, data, ifp));
> @@ -241,17 +234,11 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCAIFADDR_IN6:
> sa6 = &ifra->ifra_addr;
> break;
> - case SIOCGIFADDR_IN6:
> case SIOCGIFDSTADDR_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCDIFADDR_IN6:
> case SIOCGIFAFLAG_IN6:
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> case SIOCGIFALIFETIME_IN6:
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> sa6 = &ifr->ifr_addr;
> break;
> case SIOCSIFADDR:
> @@ -313,9 +300,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> break;
>
> - case SIOCGIFADDR_IN6:
> - /* This interface is basically deprecated. use SIOCGIFCONF. */
> - /* FALLTHROUGH */
> case SIOCGIFAFLAG_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCGIFDSTADDR_IN6:
> @@ -328,10 +312,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> switch (cmd) {
>
> - case SIOCGIFADDR_IN6:
> - ifr->ifr_addr = ia6->ia_addr;
> - break;
> -
> case SIOCGIFDSTADDR_IN6:
> if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
> return (EINVAL);
> @@ -349,10 +329,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCGIFAFLAG_IN6:
> ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
> break;
> -
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> - return (EOPNOTSUPP);
>
> case SIOCGIFALIFETIME_IN6:
> ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
> Index: netinet6/in6_var.h
> ===
> RCS file: /cvs/src/sys/netinet6/in6_var.h,v
> retrieving revision 1.70
> diff -u -p -r1.70 in6_var.h
> --- netinet6/in6_var.h24 Oct 2017 09:36:13 - 1.70
> +++ netinet6/in6_var.h25 Oct 2017 10:06:05 -
> @@ -278,40 +278,21 @@ struct in6_aliasreq {
> #define IFA_IN6(x) (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr)
> #define IFA_DSTIN6(x)(&((struct sockaddr_in6
> *)((x)->ifa_dstaddr))->sin6_addr)
>
> -#ifdef _KERNEL
> -#define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
> - (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
> - (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
> - (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
> - (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
> -#endif /* _KERNEL */
> -
> -#define SIOCGIFADDR_IN6 _IOWR('i', 33, struct in6_ifreq)
> +#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> +#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
>
> #define SIOCGIFDSTADDR_IN6 _IOWR('i', 34, struct in6_ifreq)
> #define SIOCGIFNETMASK_IN6 _IOWR('i', 37, struct in6_ifreq)
>
> -#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> -#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
> -
> #define SIOCGIFAFLAG_IN6 _IOWR('i', 73, struct in6_ifreq)
>
> #define SIOCGIFINFO_IN6 _IOWR('i', 108, struct in6_ndireq)
> -#define SIOCSNDFLUSH_IN6 _IOWR('i', 77, struct in6_ifreq)
> #define SIOCGNBRINFO_IN6 _IOWR('i', 78, struct in6_nbrinfo)
> -#define SIOCSPFXFLUSH_IN6_IOWR('i', 79, struct in6_ifreq)
> -#define SIOCSRTRFLUSH_IN6_IOWR('i', 80, struct in6_ifreq)
>
> #define SIOCGIFALIFETIME_IN6 _IOWR('i', 81, struct in6_ifreq)
> -#define SIOCGIFSTAT_IN6 _IOWR('i', 83, struct in6_ifreq)
> -#define
Re: Kill deprecated IPv6 ioctl(2)s
On Wed, Oct 25, 2017 at 10:56:40AM +, Martin Pieuchot wrote:
> On 25/10/17(Wed) 21:53, Jonathan Gray wrote:
> > On Wed, Oct 25, 2017 at 12:20:45PM +0200, Martin Pieuchot wrote:
> > > Diff below remove some more deprecated ioctl(2). The first group below
> > > correspond to features now deprecated by slaacd(8):
> > >
> > > SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6,
> > > SIOCSRTRFLUSH_IN6
> > >
> > > Removing those might break some ports. This is good! Because now they
> > > are broken at compile time and can be fixed. Currently they might or
> > > might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
> > > them.
> > >
> > > The second group of ioctl(2)s is not used in base and should be used
> > > conditionally in ports, so it should be safe:
> > > SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
> > >
> > > Diff below also move some define around in netinet6/in6_var.h to reduce
> > > the number of #ifdef _KERNEL chunks.
> > >
> > > ok?
> >
> > no, this will break the build
> >
> > src/usr.sbin/ndp/ndp.c: if (ioctl(s, SIOCSNDFLUSH_IN6,
> > (caddr_t)&dummyif) < 0)
>
> This is dead code, here's a diff to remove it, ok?
>
oops, forgot to remove that when i was in there :(
OK florian@
> Index: ndp.c
> ===
> RCS file: /cvs/src/usr.sbin/ndp/ndp.c,v
> retrieving revision 1.86
> diff -u -p -r1.86 ndp.c
> --- ndp.c 9 Aug 2017 17:35:38 - 1.86
> +++ ndp.c 25 Oct 2017 10:55:22 -
> @@ -135,7 +135,6 @@ void usage(void);
> int rtmsg(int);
> int rtget(struct sockaddr_in6 **, struct sockaddr_dl **);
> void ifinfo(char *);
> -void harmonize_rtr(void);
> static char *sec2str(time_t);
> static void ts_print(const struct timeval *);
> static int rdomain;
> @@ -904,21 +903,6 @@ ifinfo(char *ifname)
> printf(", reachable=%ds", nd.ndi.reachable);
> printf(", retrans=%ds%dms\n", nd.ndi.retrans / 1000,
> nd.ndi.retrans % 1000);
> -
> - close(s);
> -}
> -
> -void
> -harmonize_rtr(void)
> -{
> - char dummyif[IFNAMSIZ+8];
> - int s;
> -
> - if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
> - err(1, "socket");
> - strlcpy(dummyif, "lo0", sizeof(dummyif)); /* dummy */
> - if (ioctl(s, SIOCSNDFLUSH_IN6, (caddr_t)&dummyif) < 0)
> - err(1, "ioctl(SIOCSNDFLUSH_IN6)");
>
> close(s);
> }
>
--
I'm not entirely sure you are real.
Re: Remove TCP_FACK
On Tue, Oct 24, 2017 at 23:22 +0200, Job Snijders wrote:
> Dear all,
>
> This patch builds upon the work shared in the following email. Mike's
> patch is a prerequisite to apply this patch.
>
> Date: Tue, 24 Oct 2017 15:21:08 +0200
> From: Mike Belopuhov
> Subject: Re: Refactor TCP partial ACK handling
>
> TCP_FACK was disabled by provos@ in June 1999. This patch removes
> the TCP_FACK option and associated #if{,n}def code.
>
> TCP_FACK is an algorithm that decides that when something is lost, all
> not SACKed packets until the most forward SACK are lost. It may be a
> correct estimate, if network does not reorder packets.
>
> The algorithm described in RFC 6675 may be a better replacement. This
> culling patch can provide guidance how and where to implement 6675.
>
> Kind regards,
>
> Job
>
This makes my life that much easier so naturally I'm in favour of this
change. OK mikeb
> @@ -2705,11 +2608,9 @@ tcp_sack_partialack(struct tcpcb *tp, struct tcphdr
> *th)
> /* Turn off retx. timer (will start again next segment) */
> TCP_TIMER_DISARM(tp, TCPT_REXMT);
> tp->t_rtttime = 0;
> -#ifndef TCP_FACK
> /*
>* Partial window deflation. This statement relies on the
> - * fact that tp->snd_una has not been updated yet. In FACK
> - * hold snd_cwnd constant during fast recovery.
> + * fact that tp->snd_una has not been updated yet.
>*/
trailing white space in the '+' line above.
Re: Kill deprecated IPv6 ioctl(2)s
On Wed, Oct 25, 2017 at 12:56:40PM +0200, Martin Pieuchot wrote:
> On 25/10/17(Wed) 21:53, Jonathan Gray wrote:
> > On Wed, Oct 25, 2017 at 12:20:45PM +0200, Martin Pieuchot wrote:
> > > Diff below remove some more deprecated ioctl(2). The first group below
> > > correspond to features now deprecated by slaacd(8):
> > >
> > > SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6,
> > > SIOCSRTRFLUSH_IN6
> > >
> > > Removing those might break some ports. This is good! Because now they
> > > are broken at compile time and can be fixed. Currently they might or
> > > might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
> > > them.
> > >
> > > The second group of ioctl(2)s is not used in base and should be used
> > > conditionally in ports, so it should be safe:
> > > SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
> > >
> > > Diff below also move some define around in netinet6/in6_var.h to reduce
> > > the number of #ifdef _KERNEL chunks.
> > >
> > > ok?
> >
> > no, this will break the build
> >
> > src/usr.sbin/ndp/ndp.c: if (ioctl(s, SIOCSNDFLUSH_IN6,
> > (caddr_t)&dummyif) < 0)
>
> This is dead code, here's a diff to remove it, ok?
sure, call to that was removed in 1.83
>
> Index: ndp.c
> ===
> RCS file: /cvs/src/usr.sbin/ndp/ndp.c,v
> retrieving revision 1.86
> diff -u -p -r1.86 ndp.c
> --- ndp.c 9 Aug 2017 17:35:38 - 1.86
> +++ ndp.c 25 Oct 2017 10:55:22 -
> @@ -135,7 +135,6 @@ void usage(void);
> int rtmsg(int);
> int rtget(struct sockaddr_in6 **, struct sockaddr_dl **);
> void ifinfo(char *);
> -void harmonize_rtr(void);
> static char *sec2str(time_t);
> static void ts_print(const struct timeval *);
> static int rdomain;
> @@ -904,21 +903,6 @@ ifinfo(char *ifname)
> printf(", reachable=%ds", nd.ndi.reachable);
> printf(", retrans=%ds%dms\n", nd.ndi.retrans / 1000,
> nd.ndi.retrans % 1000);
> -
> - close(s);
> -}
> -
> -void
> -harmonize_rtr(void)
> -{
> - char dummyif[IFNAMSIZ+8];
> - int s;
> -
> - if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
> - err(1, "socket");
> - strlcpy(dummyif, "lo0", sizeof(dummyif)); /* dummy */
> - if (ioctl(s, SIOCSNDFLUSH_IN6, (caddr_t)&dummyif) < 0)
> - err(1, "ioctl(SIOCSNDFLUSH_IN6)");
>
> close(s);
> }
>
Re: Kill deprecated IPv6 ioctl(2)s
On 25/10/17(Wed) 21:53, Jonathan Gray wrote:
> On Wed, Oct 25, 2017 at 12:20:45PM +0200, Martin Pieuchot wrote:
> > Diff below remove some more deprecated ioctl(2). The first group below
> > correspond to features now deprecated by slaacd(8):
> >
> > SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6, SIOCSRTRFLUSH_IN6
> >
> > Removing those might break some ports. This is good! Because now they
> > are broken at compile time and can be fixed. Currently they might or
> > might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
> > them.
> >
> > The second group of ioctl(2)s is not used in base and should be used
> > conditionally in ports, so it should be safe:
> > SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
> >
> > Diff below also move some define around in netinet6/in6_var.h to reduce
> > the number of #ifdef _KERNEL chunks.
> >
> > ok?
>
> no, this will break the build
>
> src/usr.sbin/ndp/ndp.c: if (ioctl(s, SIOCSNDFLUSH_IN6,
> (caddr_t)&dummyif) < 0)
This is dead code, here's a diff to remove it, ok?
Index: ndp.c
===
RCS file: /cvs/src/usr.sbin/ndp/ndp.c,v
retrieving revision 1.86
diff -u -p -r1.86 ndp.c
--- ndp.c 9 Aug 2017 17:35:38 - 1.86
+++ ndp.c 25 Oct 2017 10:55:22 -
@@ -135,7 +135,6 @@ void usage(void);
int rtmsg(int);
int rtget(struct sockaddr_in6 **, struct sockaddr_dl **);
void ifinfo(char *);
-void harmonize_rtr(void);
static char *sec2str(time_t);
static void ts_print(const struct timeval *);
static int rdomain;
@@ -904,21 +903,6 @@ ifinfo(char *ifname)
printf(", reachable=%ds", nd.ndi.reachable);
printf(", retrans=%ds%dms\n", nd.ndi.retrans / 1000,
nd.ndi.retrans % 1000);
-
- close(s);
-}
-
-void
-harmonize_rtr(void)
-{
- char dummyif[IFNAMSIZ+8];
- int s;
-
- if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
- err(1, "socket");
- strlcpy(dummyif, "lo0", sizeof(dummyif)); /* dummy */
- if (ioctl(s, SIOCSNDFLUSH_IN6, (caddr_t)&dummyif) < 0)
- err(1, "ioctl(SIOCSNDFLUSH_IN6)");
close(s);
}
Re: Kill deprecated IPv6 ioctl(2)s
On Wed, Oct 25, 2017 at 12:20:45PM +0200, Martin Pieuchot wrote:
> Diff below remove some more deprecated ioctl(2). The first group below
> correspond to features now deprecated by slaacd(8):
>
> SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6, SIOCSRTRFLUSH_IN6
>
> Removing those might break some ports. This is good! Because now they
> are broken at compile time and can be fixed. Currently they might or
> might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
> them.
>
> The second group of ioctl(2)s is not used in base and should be used
> conditionally in ports, so it should be safe:
> SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
>
> Diff below also move some define around in netinet6/in6_var.h to reduce
> the number of #ifdef _KERNEL chunks.
>
> ok?
no, this will break the build
src/usr.sbin/ndp/ndp.c: if (ioctl(s, SIOCSNDFLUSH_IN6, (caddr_t)&dummyif) < 0)
>
> Index: netinet6/in6.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 in6.c
> --- netinet6/in6.c24 Oct 2017 09:30:15 - 1.215
> +++ netinet6/in6.c25 Oct 2017 10:06:05 -
> @@ -213,13 +213,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> return (EOPNOTSUPP);
>
> switch (cmd) {
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> - case SIOCSIFINFO_FLAGS:
> - if (!privileged)
> - return (EPERM);
> - /* FALLTHROUGH */
> case SIOCGIFINFO_IN6:
> case SIOCGNBRINFO_IN6:
> return (nd6_ioctl(cmd, data, ifp));
> @@ -241,17 +234,11 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCAIFADDR_IN6:
> sa6 = &ifra->ifra_addr;
> break;
> - case SIOCGIFADDR_IN6:
> case SIOCGIFDSTADDR_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCDIFADDR_IN6:
> case SIOCGIFAFLAG_IN6:
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> case SIOCGIFALIFETIME_IN6:
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> sa6 = &ifr->ifr_addr;
> break;
> case SIOCSIFADDR:
> @@ -313,9 +300,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> break;
>
> - case SIOCGIFADDR_IN6:
> - /* This interface is basically deprecated. use SIOCGIFCONF. */
> - /* FALLTHROUGH */
> case SIOCGIFAFLAG_IN6:
> case SIOCGIFNETMASK_IN6:
> case SIOCGIFDSTADDR_IN6:
> @@ -328,10 +312,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>
> switch (cmd) {
>
> - case SIOCGIFADDR_IN6:
> - ifr->ifr_addr = ia6->ia_addr;
> - break;
> -
> case SIOCGIFDSTADDR_IN6:
> if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
> return (EINVAL);
> @@ -349,10 +329,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
> case SIOCGIFAFLAG_IN6:
> ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
> break;
> -
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> - return (EOPNOTSUPP);
>
> case SIOCGIFALIFETIME_IN6:
> ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
> Index: netinet6/in6_var.h
> ===
> RCS file: /cvs/src/sys/netinet6/in6_var.h,v
> retrieving revision 1.70
> diff -u -p -r1.70 in6_var.h
> --- netinet6/in6_var.h24 Oct 2017 09:36:13 - 1.70
> +++ netinet6/in6_var.h25 Oct 2017 10:06:05 -
> @@ -278,40 +278,21 @@ struct in6_aliasreq {
> #define IFA_IN6(x) (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr)
> #define IFA_DSTIN6(x)(&((struct sockaddr_in6
> *)((x)->ifa_dstaddr))->sin6_addr)
>
> -#ifdef _KERNEL
> -#define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
> - (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
> - (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
> - (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
> - (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
> -#endif /* _KERNEL */
> -
> -#define SIOCGIFADDR_IN6 _IOWR('i', 33, struct in6_ifreq)
> +#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> +#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
>
> #define SIOCGIFDSTADDR_IN6 _IOWR('i', 34, struct in6_ifreq)
> #define SIOCGIFNETMASK_IN6 _IOWR('i', 37, struct in6_ifreq)
>
> -#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
> -#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
> -
> #define SIOCGIFAFLAG_IN6 _IOWR('i', 73, struct in6_ifreq)
>
> #define SIOCGIFINFO_IN6 _IOWR('i', 108, struct in6_ndireq)
> -#define SIOCSNDF
Kill deprecated IPv6 ioctl(2)s
Diff below remove some more deprecated ioctl(2). The first group below
correspond to features now deprecated by slaacd(8):
SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6, SIOCSRTRFLUSH_IN6
Removing those might break some ports. This is good! Because now they
are broken at compile time and can be fixed. Currently they might or
might not work. On codesearch.debian.net only dhcpcd5 seems to try to use
them.
The second group of ioctl(2)s is not used in base and should be used
conditionally in ports, so it should be safe:
SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
Diff below also move some define around in netinet6/in6_var.h to reduce
the number of #ifdef _KERNEL chunks.
ok?
Index: netinet6/in6.c
===
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.215
diff -u -p -r1.215 in6.c
--- netinet6/in6.c 24 Oct 2017 09:30:15 - 1.215
+++ netinet6/in6.c 25 Oct 2017 10:06:05 -
@@ -213,13 +213,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
return (EOPNOTSUPP);
switch (cmd) {
- case SIOCSNDFLUSH_IN6:
- case SIOCSPFXFLUSH_IN6:
- case SIOCSRTRFLUSH_IN6:
- case SIOCSIFINFO_FLAGS:
- if (!privileged)
- return (EPERM);
- /* FALLTHROUGH */
case SIOCGIFINFO_IN6:
case SIOCGNBRINFO_IN6:
return (nd6_ioctl(cmd, data, ifp));
@@ -241,17 +234,11 @@ in6_ioctl(u_long cmd, caddr_t data, stru
case SIOCAIFADDR_IN6:
sa6 = &ifra->ifra_addr;
break;
- case SIOCGIFADDR_IN6:
case SIOCGIFDSTADDR_IN6:
case SIOCGIFNETMASK_IN6:
case SIOCDIFADDR_IN6:
case SIOCGIFAFLAG_IN6:
- case SIOCSNDFLUSH_IN6:
- case SIOCSPFXFLUSH_IN6:
- case SIOCSRTRFLUSH_IN6:
case SIOCGIFALIFETIME_IN6:
- case SIOCGIFSTAT_IN6:
- case SIOCGIFSTAT_ICMP6:
sa6 = &ifr->ifr_addr;
break;
case SIOCSIFADDR:
@@ -313,9 +300,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
break;
- case SIOCGIFADDR_IN6:
- /* This interface is basically deprecated. use SIOCGIFCONF. */
- /* FALLTHROUGH */
case SIOCGIFAFLAG_IN6:
case SIOCGIFNETMASK_IN6:
case SIOCGIFDSTADDR_IN6:
@@ -328,10 +312,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
switch (cmd) {
- case SIOCGIFADDR_IN6:
- ifr->ifr_addr = ia6->ia_addr;
- break;
-
case SIOCGIFDSTADDR_IN6:
if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
return (EINVAL);
@@ -349,10 +329,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
case SIOCGIFAFLAG_IN6:
ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
break;
-
- case SIOCGIFSTAT_IN6:
- case SIOCGIFSTAT_ICMP6:
- return (EOPNOTSUPP);
case SIOCGIFALIFETIME_IN6:
ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
Index: netinet6/in6_var.h
===
RCS file: /cvs/src/sys/netinet6/in6_var.h,v
retrieving revision 1.70
diff -u -p -r1.70 in6_var.h
--- netinet6/in6_var.h 24 Oct 2017 09:36:13 - 1.70
+++ netinet6/in6_var.h 25 Oct 2017 10:06:05 -
@@ -278,40 +278,21 @@ structin6_aliasreq {
#define IFA_IN6(x) (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr)
#define IFA_DSTIN6(x) (&((struct sockaddr_in6
*)((x)->ifa_dstaddr))->sin6_addr)
-#ifdef _KERNEL
-#define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
- (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
- (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
- (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
- (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
-#endif /* _KERNEL */
-
-#define SIOCGIFADDR_IN6_IOWR('i', 33, struct in6_ifreq)
+#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
+#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
#define SIOCGIFDSTADDR_IN6 _IOWR('i', 34, struct in6_ifreq)
#define SIOCGIFNETMASK_IN6 _IOWR('i', 37, struct in6_ifreq)
-#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
-#define SIOCAIFADDR_IN6 _IOW('i', 26, struct in6_aliasreq)
-
#define SIOCGIFAFLAG_IN6 _IOWR('i', 73, struct in6_ifreq)
#define SIOCGIFINFO_IN6_IOWR('i', 108, struct in6_ndireq)
-#define SIOCSNDFLUSH_IN6 _IOWR('i', 77, struct in6_ifreq)
#define SIOCGNBRINFO_IN6 _IOWR('i', 78, struct in6_nbrinfo)
-#define SIOCSPFXFLUSH_IN6 _IOWR('i', 79, struct in6_ifreq)
-#define SIOCSRTRFLUSH_IN6 _IOWR('i', 80, struct in6_ifreq)
#define SIOCGIFALIFETIME_IN6 _IOWR('i', 81, struct in6_
Re: Please test: IPsec w/o KERNEL_LOCK()
On 16/10/17(Mon) 12:47, Martin Pieuchot wrote:
> On 11/10/17(Wed) 17:01, Martin Pieuchot wrote:
> > OpenBSD 6.2 includes nice performance and latency improvements due to
> > the work done in the Network Stack in the previous years. However as
> > soon as IPsec is enabled, all network related processing are affected.
> > In other words you cannot profit from the last MP work in the Network
> > stack if you use IPsec.
> >
> > During the last 6 months I hoped that somebody else would look at the
> > IPsec stack and tell us what needs to be done. This didn't happen.
> >
> > Now that 6.2 is released, we cannot afford to continue to parallelize
> > the Network Stack if some of our users and testers still run it under
> > KERNEL_LOCK().
> >
> > So I did an audit of the IPsec stack and came with the small diff below.
> > This diff doesn't remove the KERNEL_LOCK() (yet), but add some asserts
> > to make sure that the global data structure are all accessed while
> > holding the NET_LOCK().
>
> Here's the diff to stop grabbing the KERNEL_LOCK(), please test and
> report back.
Updated diff to apply on top of recent changes. I'm still looking for
tests and oks.
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.519
diff -u -p -r1.519 if.c
--- net/if.c16 Oct 2017 13:40:58 - 1.519
+++ net/if.c25 Oct 2017 09:36:14 -
@@ -873,9 +873,6 @@ if_input_process(void *xifidx)
struct ifih *ifih;
struct srp_ref sr;
int s;
-#ifdef IPSEC
- int locked = 0;
-#endif /* IPSEC */
ifp = if_get(ifidx);
if (ifp == NULL)
@@ -902,22 +899,6 @@ if_input_process(void *xifidx)
*/
NET_LOCK();
s = splnet();
-
-#ifdef IPSEC
- /*
-* IPsec is not ready to run without KERNEL_LOCK(). So all
-* the traffic on your machine is punished if you have IPsec
-* enabled.
-*/
- extern int ipsec_in_use;
- if (ipsec_in_use) {
- NET_UNLOCK();
- KERNEL_LOCK();
- NET_LOCK();
- locked = 1;
- }
-#endif /* IPSEC */
-
while ((m = ml_dequeue(&ml)) != NULL) {
/*
* Pass this mbuf to all input handlers of its
@@ -934,11 +915,6 @@ if_input_process(void *xifidx)
}
splx(s);
NET_UNLOCK();
-
-#ifdef IPSEC
- if (locked)
- KERNEL_UNLOCK();
-#endif /* IPSEC */
out:
if_put(ifp);
}
Index: netinet/ip_input.c
===
RCS file: /cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.323
diff -u -p -r1.323 ip_input.c
--- netinet/ip_input.c 9 Oct 2017 08:35:38 - 1.323
+++ netinet/ip_input.c 25 Oct 2017 09:36:14 -
@@ -482,8 +482,6 @@ ip_input_if(struct mbuf **mp, int *offp,
if (ipsec_in_use) {
int rv;
- KERNEL_ASSERT_LOCKED();
-
rv = ipsec_forward_check(m, hlen, AF_INET);
if (rv != 0) {
ipstat_inc(ips_cantforward);
@@ -1825,40 +1823,16 @@ ip_send_dispatch(void *xmq)
struct mbuf_queue *mq = xmq;
struct mbuf *m;
struct mbuf_list ml;
-#ifdef IPSEC
- int locked = 0;
-#endif /* IPSEC */
mq_delist(mq, &ml);
if (ml_empty(&ml))
return;
NET_LOCK();
-
-#ifdef IPSEC
- /*
-* IPsec is not ready to run without KERNEL_LOCK(). So all
-* the traffic on your machine is punished if you have IPsec
-* enabled.
-*/
- extern int ipsec_in_use;
- if (ipsec_in_use) {
- NET_UNLOCK();
- KERNEL_LOCK();
- NET_LOCK();
- locked = 1;
- }
-#endif /* IPSEC */
-
while ((m = ml_dequeue(&ml)) != NULL) {
ip_output(m, NULL, NULL, 0, NULL, NULL, 0);
}
NET_UNLOCK();
-
-#ifdef IPSEC
- if (locked)
- KERNEL_UNLOCK();
-#endif /* IPSEC */
}
void
Index: netinet/ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.342
diff -u -p -r1.342 ip_output.c
--- netinet/ip_output.c 20 Sep 2017 16:22:02 - 1.342
+++ netinet/ip_output.c 25 Oct 2017 09:36:14 -
@@ -233,7 +233,6 @@ reroute:
#ifdef IPSEC
if (ipsec_in_use || inp != NULL) {
- KERNEL_ASSERT_LOCKED();
/* Do we have any pending SAs to apply ? */
tdb = ip_output_ipsec_lookup(m, hlen, &error, inp,
ipsecflowinfo);
@@ -404,7 +403,6 @@ sendit:
* Check if the packet needs encapsulation.
*/
if (tdb != NULL) {
- KERNEL_ASSERT_LOCKED();
/* Callee frees mbuf */
error = ip_output_ipsec_send(tdb, m, ifp, ro);
goto done;
Index: netinet
Re: Remove TCP_FACK
On 24/10/17(Tue) 23:22, Job Snijders wrote:
> Dear all,
>
> This patch builds upon the work shared in the following email. Mike's
> patch is a prerequisite to apply this patch.
>
> Date: Tue, 24 Oct 2017 15:21:08 +0200
> From: Mike Belopuhov
> Subject: Re: Refactor TCP partial ACK handling
>
> TCP_FACK was disabled by provos@ in June 1999. This patch removes
> the TCP_FACK option and associated #if{,n}def code.
>
> TCP_FACK is an algorithm that decides that when something is lost, all
> not SACKed packets until the most forward SACK are lost. It may be a
> correct estimate, if network does not reorder packets.
>
> The algorithm described in RFC 6675 may be a better replacement. This
> culling patch can provide guidance how and where to implement 6675.
I'm happy to see fewer #ifdef in these spaghetti. Especially now that
some refactoring is welcome for future CC and MP works.
ok mpi@
> diff --git share/man/man4/options.4 share/man/man4/options.4
> index c28d4e27896..737dc29efea 100644
> --- share/man/man4/options.4
> +++ share/man/man4/options.4
> @@ -445,11 +445,6 @@ TCP to adjust the transmission rate using this signal.
> Both communication endpoints negotiate enabling
> .Em ECN
> functionality at the TCP connection establishment.
> -.It Cd option TCP_FACK
> -Turns on forward acknowledgements allowing a more precise estimate of
> -outstanding data during the fast recovery phase by using
> -.Em SACK
> -information.
> .It Cd option TCP_SIGNATURE
> Turns on support for the TCP MD5 Signature option (RFC 2385).
> This is used by
> diff --git sys/conf/GENERIC sys/conf/GENERIC
> index 6df800175ed..e385b45785c 100644
> --- sys/conf/GENERIC
> +++ sys/conf/GENERIC
> @@ -47,7 +47,6 @@ option FUSE# FUSE
> option SOCKET_SPLICE # Socket Splicing for TCP and UDP
> option TCP_ECN # Explicit Congestion Notification for
> TCP
> option TCP_SIGNATURE # TCP MD5 Signatures, for BGP routing
> sessions
> -#option TCP_FACK# Forward Acknowledgements for TCP
>
> option INET6 # IPv6
> option IPSEC # IPsec
> diff --git sys/netinet/tcp_input.c sys/netinet/tcp_input.c
> index 8d172e2905c..4321d85854c 100644
> --- sys/netinet/tcp_input.c
> +++ sys/netinet/tcp_input.c
> @@ -974,10 +974,6 @@ findpcb:
> if (SEQ_GT(tp->snd_una, tp->snd_last))
> #endif
> tp->snd_last = tp->snd_una;
> -#ifdef TCP_FACK
> - tp->snd_fack = tp->snd_una;
> - tp->retran_data = 0;
> -#endif
> m_freem(m);
>
> /*
> @@ -1566,18 +1562,7 @@ trimthenstep6:
>*/
> if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0)
> tp->t_dupacks = 0;
> -#ifdef TCP_FACK
> - /*
> - * In FACK, can enter fast rec. if the receiver
> - * reports a reass. queue longer than 3 segs.
> - */
> - else if (++tp->t_dupacks == tcprexmtthresh ||
> - ((SEQ_GT(tp->snd_fack, tcprexmtthresh *
> - tp->t_maxseg + tp->snd_una)) &&
> - SEQ_GT(tp->snd_una, tp->snd_last))) {
> -#else
> else if (++tp->t_dupacks == tcprexmtthresh) {
> -#endif /* TCP_FACK */
> tcp_seq onxt = tp->snd_nxt;
> u_long win =
> ulmin(tp->snd_wnd, tp->snd_cwnd) /
> @@ -1603,15 +1588,6 @@ trimthenstep6:
> #endif
> tcpstat_inc(tcps_cwr_frecovery);
>
> tcpstat_inc(tcps_sack_recovery_episode);
> -#ifdef TCP_FACK
> - tp->t_dupacks = tcprexmtthresh;
> - (void) tcp_output(tp);
> - /*
> - * During FR, snd_cwnd is held
> - * constant for FACK.
> - */
> - tp->snd_cwnd = tp->snd_ssthresh;
> -#else
> /*
>* tcp_output() will send
>* oldest SACK-eligible rtx.
> @@ -1619,7 +1595,6 @@ trimthenstep6:
> (void) tcp_output(tp);
> tp->snd_cwnd = tp->snd_ssthresh+
>
enable wsdisplay of efifb on serial console hosts
Make efifb(4) usable as a video console even when the system is booted
with serial console. It tries to use wsdisplay0 regardless its
console since efifb is always primary display.
comment? ok?
diff --git a/sys/arch/amd64/amd64/efifb.c b/sys/arch/amd64/amd64/efifb.c
index 2418354beaf..5bcb2feaf59 100644
--- a/sys/arch/amd64/amd64/efifb.c
+++ b/sys/arch/amd64/amd64/efifb.c
@@ -79,6 +79,7 @@ struct efifb {
int depth;
paddr_t paddr;
psize_t psize;
+ int detached;
struct cb_framebuffercb_table_fb;
};
@@ -101,6 +102,7 @@ int efifb_show_screen(void *, void *, int, void (*cb)
(void *, int, int),
void *);
int efifb_list_font(void *, struct wsdisplay_font *);
int efifb_load_font(void *, void *, struct wsdisplay_font *);
+voidefifb_efiinfo_init(struct efifb *);
struct cb_framebuffer *cb_find_fb(paddr_t);
@@ -139,15 +141,22 @@ struct cfdriver efifb_cd = {
};
struct efifb efifb_console;
+struct wsdisplay_charcell efifb_bs[EFIFB_HEIGHT * EFIFB_WIDTH];
int
efifb_match(struct device *parent, void *cf, void *aux)
{
struct efifb_attach_args *eaa = aux;
- if (strcmp(eaa->eaa_name, efifb_cd.cd_name) == 0 &&
- efifb_console.paddr != 0)
- return (1);
+ if (strcmp(eaa->eaa_name, efifb_cd.cd_name) == 0) {
+ if (efifb_console.paddr != 0) {
+ if (efifb_console.detached)
+ return (0);
+ return (1);
+ }
+ if (bios_efiinfo != NULL && bios_efiinfo->fb_addr != 0)
+ return (1);
+ }
return (0);
}
@@ -159,18 +168,44 @@ efifb_attach(struct device *parent, struct device *self,
void *aux)
struct efifb_softc *sc = (struct efifb_softc *)self;
struct wsemuldisplaydev_attach_args aa;
struct rasops_info *ri;
- int ccol = 0, crow = 0;
+ int console = 0, ccol = 0, crow = 0;
bus_space_tag_t iot = X86_BUS_SPACE_MEM;
bus_space_handle_t ioh;
- long defattr;
- printf(": %dx%d, %dbpp\n", efifb_console.rinfo.ri_width,
- efifb_console.rinfo.ri_height, efifb_console.rinfo.ri_depth);
+ fb = &efifb_console;
+ ri = &fb->rinfo;
+ if (efifb_console.paddr != 0)
+ console = 1;
+ else {
+ KASSERT(bios_efiinfo != NULL && bios_efiinfo->fb_addr != 0);
+
+ memset(fb, 0, sizeof(*fb));
+ efifb_efiinfo_init(fb);
+
+ if (bus_space_map(iot, fb->paddr, fb->psize,
+ BUS_SPACE_MAP_PREFETCHABLE | BUS_SPACE_MAP_LINEAR,
+ &ioh) != 0) {
+ free(fb, M_DEVBUF, sizeof(*fb));
+ return;
+ }
+ ri->ri_bits = bus_space_vaddr(iot, ioh);
+ efifb_rasops_preinit(fb);
+ ri->ri_flg = RI_VCONS | RI_CENTER | RI_WRONLY;
+ rasops_init(ri, EFIFB_HEIGHT, EFIFB_WIDTH);
+ efifb_std_descr.ncols = ri->ri_cols;
+ efifb_std_descr.nrows = ri->ri_rows;
+ efifb_std_descr.textops = &ri->ri_ops;
+ efifb_std_descr.fontwidth = ri->ri_font->fontwidth;
+ efifb_std_descr.fontheight = ri->ri_font->fontheight;
+ efifb_std_descr.capabilities = ri->ri_caps;
+ }
+
+ sc->sc_fb = fb;
+ printf(": %dx%d, %dbpp\n", ri->ri_width, ri->ri_height, ri->ri_depth);
+
+ if (console) {
+ long defattr = 0;
- if (1) {/* XXX console */
- aa.console = 1;
- fb = sc->sc_fb = &efifb_console;
- ri = &fb->rinfo;
ccol = ri->ri_ccol;
crow = ri->ri_crow;
@@ -182,19 +217,22 @@ efifb_attach(struct device *parent, struct device *self,
void *aux)
efifb_rasops_preinit(fb);
ri->ri_flg &= ~RI_CLEAR;
ri->ri_flg |= RI_VCONS | RI_WRONLY;
-
rasops_init(ri, efifb_std_descr.nrows, efifb_std_descr.ncols);
+
+ ri->ri_ops.alloc_attr(ri->ri_active, 0, 0, 0, &defattr);
+ wsdisplay_cnattach(&efifb_std_descr, ri->ri_active, ccol, crow,
+ defattr);
}
+ memset(&aa, 0, sizeof(aa));
+ aa.console = console;
aa.scrdata = &efifb_screen_list;
aa.accessops = &efifb_accessops;
aa.accesscookie = sc;
aa.defaultscreens = 0;
- ri->ri_ops.alloc_attr(ri->ri_active, 0, 0, 0, &defattr);
- wsdisplay_cnattach(&efifb_std_descr, ri->ri_active, ccol, crow,
defattr);
-
- config_found(self, &aa, wsemuldisplaydevprint);
+ config_found_sm(self, &aa, wsemuldisplaydevprint,
+ wsemuldisplaydevsubmatch);
}
void
@@ -227,6
Re: [patch]Use BUFSIZE instead of hard-code in netcat.c
On Tue, Oct 24, 2017 at 02:52:39PM +0200, Alexander Bluhm wrote: > On Tue, Oct 24, 2017 at 07:44:02PM +0800, Nan Xiao wrote: > > Use BUFSIZE instead of hard-code in netcat.c, FYI. Thanks! > > As this buffer is used with MSG_PEEK and its content is discarded, > the size does not really matter. The complicated logic seems to > be a leftover from the -j jumbo option. > > I think this is simpler. > > bluhm > > Index: usr.bin/nc/netcat.c > === > RCS file: /data/mirror/openbsd/cvs/src/usr.bin/nc/netcat.c,v > retrieving revision 1.187 > diff -u -p -r1.187 netcat.c > --- usr.bin/nc/netcat.c 15 Jul 2017 17:27:39 - 1.187 > +++ usr.bin/nc/netcat.c 24 Oct 2017 12:41:38 - > @@ -563,13 +563,12 @@ main(int argc, char *argv[]) >* initially to wait for a caller, then use >* the regular functions to talk to the caller. >*/ > - int rv, plen; > - char buf[16384]; > + int rv; > + char buf[2048]; > struct sockaddr_storage z; > > len = sizeof(z); > - plen = 2048; > - rv = recvfrom(s, buf, plen, MSG_PEEK, > + rv = recvfrom(s, buf, sizeof(buf), MSG_PEEK, > (struct sockaddr *)&z, &len); > if (rv < 0) > err(1, "recvfrom"); > Doesn't this have a performance impact? A bigger buffer like the original seems better to me. -- Kind regards, Hiltjo
