Re: ldapd: adding bsd.schema
On Thu, 10 Sep 2020 17:03:28 -0400 Aisha Tammy wrote: > On 9/10/20 2:03 AM, Robert Klein wrote: > > On Sat, 5 Sep 2020 18:47:08 -0400 > > Aisha Tammy wrote: > > > >> Sorry for the late reply. > >> > >> On 8/12/20 8:19 AM, Robert Klein wrote: > >>> Hi, > >>> > >>> On Wed, 12 Aug 2020 09:00:18 +0200 > >>> Theo Buehler wrote: > >>> > On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > > Another bump. > > I think this is useful and am ok with this. > > Are there any concerns? If not, I'm going to commit it tomorrow. > > >>> > >>> for an sshPublicKey attribute, there's a “openssh-lpk” schema > >>> which seems to be in common use. It's defined as > >>> > >>> # octetString SYNTAX > >>> attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' > >>> DESC 'OpenSSH Public key' > >>> EQUALITY octetStringMatch > >>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) > >>> > >> I prefer the non-octet version mostly because of inconsistent > >> spacing when > >> > >> copy pasting. > > > > IA5Match precludes non-ascii comments. BTW, your version has 'SSH > > public key' as DESC. I suppose it means a 'OpenSSH public key', as > > above, not a RFC4716 public key which wouldn't make much sense in > > OpenBSD context I guess. > > > Haha, I wasn't even aware SSH public key was a different thing >.< > (how do ya'll know/remember these weird RFCs...) Honestly, I like to read. > Updated patch with OpenSSH public key. I'd still prefer octetstring instead of ia5string. Don't care enough though to object if someones willing to ok and commit it. Best regards Robert > > OK? > > Aisha > > > > >> > >> > >> > >>> # printableString SYNTAX yes|no > >>> objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' > >>> SUP top AUXILIARY DESC 'OpenSSH LPK objectclass' > >>> MUST uid > >>> MAY sshPublicKey > >>> ) > >>> > >>> though there are versions of the “ldapPublicKey” definitions with > >>> both uid and sshPublicKye in the MUST and both in the MAY clause. > >>> The “both MAY” version is imho more flexible. > >>> > >>> > >>> The original mail proposing bsd.schema seems to have added both > >>> “shadowPassword” and “bsdaccount” more as an afterthought, it > >>> seems. > >> The bsd account is a bit more flexible than the ldapPublicKey and > >> can be substituted for this. > >> I am fine with moving the `uid` to MAY as well, that would be very > >> nice for virtual user setups, where uid is unimportant and not > >> used. > > > > +1 > > > > > > Best regards > > Robert > > > > > >> > >> I've attached the updated patch which moves uid to MAY. > >> I would really like this to be in 6.8. > >> > >> OK? > >> > >> Thanks, > >> Aisha > >> > >>> > >>> Best regards > >>> Robert > >>> > >>> > > Index: etc/examples/ldapd.conf > === > RCS file: /cvs/src/etc/examples/ldapd.conf,v > retrieving revision 1.1 > diff -u -p -u -p -r1.1 ldapd.conf > --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - > 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - > @@ -3,6 +3,7 @@ > schema "/etc/ldap/core.schema" > schema "/etc/ldap/inetorgperson.schema" > schema "/etc/ldap/nis.schema" > +schema "/etc/ldap/bsd.schema" > > listen on lo0 > listen on "/var/run/ldapi" > Index: usr.sbin/ldapd/Makefile > === > RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v > retrieving revision 1.15 > diff -u -p -u -p -r1.15 Makefile > --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - > 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 > - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith > -Wcast CFLAGS+= -Wsign-compare > CLEANFILES+=y.tab.h parse.c > > -SCHEMA_FILES= core.schema \ > +SCHEMA_FILES= bsd.schema \ > +core.schema \ > inetorgperson.schema \ > nis.schema > > Index: usr.sbin/ldapd/schema/bsd.schema > === > RCS file: usr.sbin/ldapd/schema/bsd.schema > diff -N usr.sbin/ldapd/schema/bsd.schema > --- /dev/null1 Jan 1970 00:00:00 - > +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 > - @@ -0,0 +1,17 @@ > +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' > +DESC 'POSIX hashed password' > +EQUALITY caseExactIA5Match > +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' > +DESC 'SSH public key' > +EQUALITY caseExactIA5Match > +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +objectclass (
Re: diff: pfctl: error message for nonexisting rtable
Hi, On Tue, 15 Sep 2020 02:31:24 +0200 Klemens Nanni wrote: > On Tue, Sep 15, 2020 at 12:30:35AM +0200, Klemens Nanni wrote: >> Actually, that should just work regardless of whether the rounting >> domain exists at ruleset creation time; just like it is the case with >> interface names/groups which may come and go at runtime without >> requiring changes to the ruleset. >> >> Rules on nonexistent interfaces won't match, routing domains (and >> ultimately routing tables) should behave the same, I think. >> >> Here's a diff that does this for routing domains allowing me to always >> use `on rdomain 5' - I've tested it with a few examplatory rulesets and >> behaviour is as expected. >> >> It will need more eye balling and I am not pushing such changes before >> release, but if that is a general direction we agree, your proposed >> `rtable' fix could move along and become just as flexible instead. > More on this: > > # ifconfig lo1 rdomain 1 > # echo pass on rdomain 1 | pfctl -f- > # ifconfig lo1 destroy > # pfctl -sr > > pass on rdomain 1 all flags S/SA > > The ruleset stays valid and continues to work as soon as routing domain > `1' reappears, there is no reason to require existence of it at ruleset > creation; this is safe because routing domains are just normative > numbers, there's no further state when it comes to filtering - either > the id on the packet matches the number in the ruleset or it doesn't. > > Routing tables however are more involved as they can be used to *alter* > a packet's flow in pf.conf(5), so requiring them to be present at > ruleset creation makes sense to guarantee that pf will only ever change > routing table ids to valid ones. It's not clear for me why non-existing rdomain is accepted but non-existing rtable is rejected. I suppose we can make pf(4) can handle a packet for the non-existing routing table as if the routing table is empty. > Routing domains can be deleted, but that doesn't invalidate rules like > `on rdomain 1', which simply won't match when the given id does not > exist. > > Routing tables however cannot be deleted, they get moved to the default > routing domain whenever their corresponding routing domain disappears; > this is in line with only ever loading valid routing table ids into pf. > > So unless I missed something, that ruleset creation (`pfctl -f ...') > is the only occasion pf actually needs to validate routing table ids: > they are guaranteed to always exist from then on. > > Given this, my diff looks fine as is and should not change `rtable' > behaviour - YASUOKA's diff is also fine as is and actually implements > the validity check I just mentioned, obsoleting my initial feedback.
cap_mkdb: remove igetnext prototype for the function does not exist
ok? Index: usr.bin/cap_mkdb/cap_mkdb.c === RCS file: /cvs/src/usr.bin/cap_mkdb/cap_mkdb.c,v retrieving revision 1.24 diff -u -p -u -p -r1.24 cap_mkdb.c --- usr.bin/cap_mkdb/cap_mkdb.c 28 Jun 2019 14:20:40 - 1.24 +++ usr.bin/cap_mkdb/cap_mkdb.c 15 Sep 2020 03:35:42 - @@ -49,8 +49,6 @@ voiddb_build(char **); voiddounlink(void); voidusage(void); -int igetnext(char **, char **); -int main(int, char *[]); DB *capdbp; int verbose;
Re: diff: pfctl: error message for nonexisting rtable
On Tue, Sep 15, 2020 at 12:30:35AM +0200, Klemens Nanni wrote: > Actually, that should just work regardless of whether the rounting > domain exists at ruleset creation time; just like it is the case with > interface names/groups which may come and go at runtime without > requiring changes to the ruleset. > > Rules on nonexistent interfaces won't match, routing domains (and > ultimately routing tables) should behave the same, I think. > > Here's a diff that does this for routing domains allowing me to always > use `on rdomain 5' - I've tested it with a few examplatory rulesets and > behaviour is as expected. > > It will need more eye balling and I am not pushing such changes before > release, but if that is a general direction we agree, your proposed > `rtable' fix could move along and become just as flexible instead. More on this: # ifconfig lo1 rdomain 1 # echo pass on rdomain 1 | pfctl -f- # ifconfig lo1 destroy # pfctl -sr pass on rdomain 1 all flags S/SA The ruleset stays valid and continues to work as soon as routing domain `1' reappears, there is no reason to require existence of it at ruleset creation; this is safe because routing domains are just normative numbers, there's no further state when it comes to filtering - either the id on the packet matches the number in the ruleset or it doesn't. Routing tables however are more involved as they can be used to *alter* a packet's flow in pf.conf(5), so requiring them to be present at ruleset creation makes sense to guarantee that pf will only ever change routing table ids to valid ones. Routing domains can be deleted, but that doesn't invalidate rules like `on rdomain 1', which simply won't match when the given id does not exist. Routing tables however cannot be deleted, they get moved to the default routing domain whenever their corresponding routing domain disappears; this is in line with only ever loading valid routing table ids into pf. So unless I missed something, that ruleset creation (`pfctl -f ...') is the only occasion pf actually needs to validate routing table ids: they are guaranteed to always exist from then on. Given this, my diff looks fine as is and should not change `rtable' behaviour - YASUOKA's diff is also fine as is and actually implements the validity check I just mentioned, obsoleting my initial feedback.
Re: diff: pfctl: error message for nonexisting rtable
On Mon, Sep 14, 2020 at 02:09:27PM +0900, YASUOKA Masahiko wrote:
> When pf rule with a "on rdomain n" with nonexisting rdomain n causes
>
> /etc/pf.conf:XXX: rdomain n does not exist
Actually, that should just work regardless of whether the rounting
domain exists at ruleset creation time; just like it is the case with
interface names/groups which may come and go at runtime without
requiring changes to the ruleset.
Rules on nonexistent interfaces won't match, routing domains (and
ultimately routing tables) should behave the same, I think.
Here's a diff that does this for routing domains allowing me to always
use `on rdomain 5' - I've tested it with a few examplatory rulesets and
behaviour is as expected.
It will need more eye balling and I am not pushing such changes before
release, but if that is a general direction we agree, your proposed
`rtable' fix could move along and become just as flexible instead.
Discussed with claudio at k2k20.
Index: /sys/net/pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.356
diff -u -p -r1.356 pf_ioctl.c
--- /sys/net/pf_ioctl.c 24 Aug 2020 15:41:15 - 1.356
+++ /sys/net/pf_ioctl.c 14 Sep 2020 22:27:55 -
@@ -2820,10 +2820,8 @@ pf_rule_copyin(struct pf_rule *from, str
if (to->rtableid >= 0 && !rtable_exists(to->rtableid))
return (EBUSY);
to->onrdomain = from->onrdomain;
- if (to->onrdomain >= 0 && !rtable_exists(to->onrdomain))
- return (EBUSY);
- if (to->onrdomain >= 0) /* make sure it is a real rdomain */
- to->onrdomain = rtable_l2(to->onrdomain);
+ if (to->rtableid < 0 || to->rtableid > RT_TABLEID_MAX)
+ return (EINVAL);
for (i = 0; i < PFTM_MAX; i++)
to->timeout[i] = from->timeout[i];
Index: sbin/pfctl/parse.y
===
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.701
diff -u -p -r1.701 parse.y
--- sbin/pfctl/parse.y 28 Jan 2020 15:40:35 - 1.701
+++ sbin/pfctl/parse.y 14 Sep 2020 21:52:54 -
@@ -392,7 +392,6 @@ int invalid_redirect(struct node_host *
u_int16_t parseicmpspec(char *, sa_family_t);
int kw_casecmp(const void *, const void *);
int map_tos(char *string, int *);
-int rdomain_exists(u_int);
int filteropts_to_rule(struct pf_rule *, struct filter_opts *);
TAILQ_HEAD(loadanchorshead, loadanchors)
@@ -2475,8 +2474,6 @@ if_item : STRING{
| RDOMAIN NUMBER{
if ($2 < 0 || $2 > RT_TABLEID_MAX)
yyerror("rdomain %lld outside range", $2);
- else if (rdomain_exists($2) != 1)
- yyerror("rdomain %lld does not exist", $2);
$$ = calloc(1, sizeof(struct node_if));
if ($$ == NULL)
@@ -5865,40 +5862,6 @@ map_tos(char *s, int *val)
return (1);
}
return (0);
-}
-
-int
-rdomain_exists(u_int rdomain)
-{
- size_t len;
- struct rt_tableinfo info;
- int mib[6];
- static u_int found[RT_TABLEID_MAX+1];
-
- if (found[rdomain] == 1)
- return 1;
-
- mib[0] = CTL_NET;
- mib[1] = PF_ROUTE;
- mib[2] = 0;
- mib[3] = 0;
- mib[4] = NET_RT_TABLE;
- mib[5] = rdomain;
-
- len = sizeof(info);
- if (sysctl(mib, 6, , , NULL, 0) == -1) {
- if (errno == ENOENT) {
- /* table nonexistent */
- return 0;
- }
- err(1, "%s", __func__);
- }
- if (info.rti_domainid == rdomain) {
- found[rdomain] = 1;
- return 1;
- }
- /* rdomain is a table, but not an rdomain */
- return 0;
}
int
Re: acme-client: improve account creation error message
>please dont drop the all buffer , or keep it with -vv ?
>example : warnx("%s: bad JSON object:%s", p->newaccount, c->buf.buf);
>
>i don't want to ktrace it to see why the new certbot version is not working
Yeah, I think it's good to have the choice to inspect the vomit, maybe you
stumble upon some useful nuggets for troubleshooting an obscure issue.
I believe the JSON output is valid, just not pretty. Maybe we could add syntax
highlighting? (just kidding)
Re: syslogd listen keep alive
Excellent!
Alexander Bluhm wrote:
> Hi,
>
> A while ago dhill@ pointed out that syslogd TCP sockets will stay
> open forever if a client aborts the connection silently. As syslogd
> does not write anything into incoming connections, it will not
> recognize failure and the socket will stay forever.
>
> Setting TCP keep alive on the listen socket will prevent that. Note
> that outgoing connections don't need it as syslogd will write data
> into them.
>
> After keep alive timeout you get this:
>
> syslogd[51331]: tcp logger "10.188.74.74:32769" connection error: Operation
> timed out
> syslogd[51331]: tls logger "10.188.74.74:15557" connection error: read
> failed: error:02FFF03C:system library:func(4095):Operation timed out
>
> ok?
>
> bluhm
>
> Index: usr.sbin/syslogd/syslogd.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
> retrieving revision 1.263
> diff -u -p -r1.263 syslogd.c
> --- usr.sbin/syslogd/syslogd.c25 May 2020 10:38:32 - 1.263
> +++ usr.sbin/syslogd/syslogd.c14 Sep 2020 15:09:14 -
> @@ -354,6 +354,7 @@ int socket_bind(const char *, const char
> int unix_socket(char *, int, mode_t);
> void double_sockbuf(int, int, int);
> void set_sockbuf(int);
> +void set_keepalive(int);
> void tailify_replytext(char *, int);
>
> int
> @@ -979,8 +980,10 @@ socket_bind(const char *proto, const cha
> }
> if (!shutread && res->ai_protocol == IPPROTO_UDP)
> double_sockbuf(*fdp, SO_RCVBUF, 0);
> - else if (res->ai_protocol == IPPROTO_TCP)
> + else if (res->ai_protocol == IPPROTO_TCP) {
> set_sockbuf(*fdp);
> + set_keepalive(*fdp);
> + }
> reuseaddr = 1;
> if (setsockopt(*fdp, SOL_SOCKET, SO_REUSEADDR, ,
> sizeof(reuseaddr)) == -1) {
> @@ -3104,6 +3107,15 @@ set_sockbuf(int fd)
> log_warn("setsockopt sndbufsize %d", size);
> if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, , sizeof(size)) == -1)
> log_warn("setsockopt rcvbufsize %d", size);
> +}
> +
> +void
> +set_keepalive(int fd)
> +{
> + int val = 1;
> +
> + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, , sizeof(val)) == -1)
> + log_warn("setsockopt keepalive %d", val);
> }
>
> void
>
Re: syslogd listen keep alive
On Mon, 14 Sep 2020 21:49:07 +0200, Alexander Bluhm wrote: > A while ago dhill@ pointed out that syslogd TCP sockets will stay > open forever if a client aborts the connection silently. As syslogd > does not write anything into incoming connections, it will not > recognize failure and the socket will stay forever. > > Setting TCP keep alive on the listen socket will prevent that. Note > that outgoing connections don't need it as syslogd will write data > into them. OK millert@ - todd
syslogd listen keep alive
Hi,
A while ago dhill@ pointed out that syslogd TCP sockets will stay
open forever if a client aborts the connection silently. As syslogd
does not write anything into incoming connections, it will not
recognize failure and the socket will stay forever.
Setting TCP keep alive on the listen socket will prevent that. Note
that outgoing connections don't need it as syslogd will write data
into them.
After keep alive timeout you get this:
syslogd[51331]: tcp logger "10.188.74.74:32769" connection error: Operation
timed out
syslogd[51331]: tls logger "10.188.74.74:15557" connection error: read failed:
error:02FFF03C:system library:func(4095):Operation timed out
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.263
diff -u -p -r1.263 syslogd.c
--- usr.sbin/syslogd/syslogd.c 25 May 2020 10:38:32 - 1.263
+++ usr.sbin/syslogd/syslogd.c 14 Sep 2020 15:09:14 -
@@ -354,6 +354,7 @@ int socket_bind(const char *, const char
intunix_socket(char *, int, mode_t);
void double_sockbuf(int, int, int);
void set_sockbuf(int);
+void set_keepalive(int);
void tailify_replytext(char *, int);
int
@@ -979,8 +980,10 @@ socket_bind(const char *proto, const cha
}
if (!shutread && res->ai_protocol == IPPROTO_UDP)
double_sockbuf(*fdp, SO_RCVBUF, 0);
- else if (res->ai_protocol == IPPROTO_TCP)
+ else if (res->ai_protocol == IPPROTO_TCP) {
set_sockbuf(*fdp);
+ set_keepalive(*fdp);
+ }
reuseaddr = 1;
if (setsockopt(*fdp, SOL_SOCKET, SO_REUSEADDR, ,
sizeof(reuseaddr)) == -1) {
@@ -3104,6 +3107,15 @@ set_sockbuf(int fd)
log_warn("setsockopt sndbufsize %d", size);
if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, , sizeof(size)) == -1)
log_warn("setsockopt rcvbufsize %d", size);
+}
+
+void
+set_keepalive(int fd)
+{
+ int val = 1;
+
+ if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, , sizeof(val)) == -1)
+ log_warn("setsockopt keepalive %d", val);
}
void
Re: smtp(1) fix for usernames containing '@' symbols
On Mon, 14 Sep 2020 16:55:43 -, Josh Rickmar wrote: > Some email accounts use account names that include the @host portion, > and this broke the server and credentials parsing in smtp(1). Sometimes > I see these @ characters encoded as %40, but smtp(1) was not decoding > these url escape sequences before base64 encoding and talking with the > server. > > Searching for the last @ character instead of the first is a simple > fix. This mail was sent using this diff. Yes, that seems like the simplest approach and matches how smtpd handles user@host strings. I've committed the patch, thanks. - todd
Re: [PATCH] Add IOMMU support for Intel VT-d and AMD-Vi
> Date: Tue, 8 Sep 2020 21:43:39 -0500
> From: Jordan Hargrave
>
> Made changes for the iommu_readq -> iommu_read_8 and also now
> dynamically allocate the hwdte for AMD IOMMU.
Some more bits...
> On Fri, Sep 04, 2020 at 09:17:18PM +0200, Mark Kettenis wrote:
> > > Date: Fri, 4 Sep 2020 00:50:44 -0500
> > > From: Jordan Hargrave
> >
> > A few hints below...
> >
> > > > > +
> > > > > +/* Page Table Entry per domain */
> > > > > +static struct ivhd_dte hwdte[65536] __aligned(PAGE_SIZE);
> > > > > +
> > > > > +/* Alias mapping */
> > > > > +#define SID_INVALID 0x8000L
> > > > > +static uint32_t sid_flag[65536];
> > > >
> > > > Can we avoid having these large arrays, or at least allocate them
> > > > dynamically? That would also avoid the explicit alignment which is
> > > > somewhat nasty since it affects the entire kernel.
> > >
> > > OK. But the hwdte does need the 2M area to be all contiguous but it is not
> > > needed for DMAR/Intel. You *can* have up to 8 different device table
> > > entries
> > > though to split up the area.
> >
> > The appropriate interface to use in this context is
> > bus_dmamem_alloc(9). You can specify alignment, and if you set nsegs
> > to 1, you will get memory that is physicaly contiguous.
> >
> > To map the memory into kernel address space you'll need create a map
> > using bus_dmamap_create(9) and map it using bus_dmamem_map(9). Then
> > instead of using pmap_extract(9) you use bus_dmamap_load_raw(9) which
> > then populates the physical addresses.
> >
> > Many of the drivers written by dlg@ define convenience functions to do
> > all these steps, although interestingly enough he tends to use
> > bus_dmamap_load(9) instead of bus_dmamap_load_raw(9) which is
> > sub-optimal.
> >
> > > > > +
> > > > > +struct domain_dev {
> > > > > + int sid;
> > > > > + int sec;
> > > > > + int sub;
> > > > > + TAILQ_ENTRY(domain_dev) link;
> > > > > +};
> > > > > +
> > > > > +struct domain {
> > > > > + struct iommu_softc *iommu;
> > > > > + int did;
> > > > > + int gaw;
> > > > > + struct pte_entry*pte;
> > > > > + paddr_t ptep;
> > > > > + struct bus_dma_tag dmat;
> > > > > + int flag;
> > > > > +
> > > > > + struct mutexexlck;
> > > > > + charexname[32];
> > > > > + struct extent *iovamap;
> > > > > + TAILQ_HEAD(,domain_dev) devices;
> > > > > + TAILQ_ENTRY(domain) link;
> > > > > +};
> > > > > +
> > > > > +#define DOM_DEBUG 0x1
> > > > > +#define DOM_NOMAP 0x2
> > > > > +
> > > > > +struct dmar_devlist {
> > > > > + int type;
> > > > > + int bus;
> > > > > + int ndp;
> > > > > + struct acpidmar_devpath *dp;
> > > > > + TAILQ_ENTRY(dmar_devlist) link;
> > > > > +};
> > > > > +
> > > > > +TAILQ_HEAD(devlist_head, dmar_devlist);
> > > > > +
> > > > > +struct ivhd_devlist {
> > > > > + int start_id;
> > > > > + int end_id;
> > > > > + int cfg;
> > > > > + TAILQ_ENTRY(ivhd_devlist) link;
> > > > > +};
> > > > > +
> > > > > +struct rmrr_softc {
> > > > > + TAILQ_ENTRY(rmrr_softc) link;
> > > > > + struct devlist_head devices;
> > > > > + int segment;
> > > > > + uint64_tstart;
> > > > > + uint64_tend;
> > > > > +};
> > > > > +
> > > > > +struct atsr_softc {
> > > > > + TAILQ_ENTRY(atsr_softc) link;
> > > > > + struct devlist_head devices;
> > > > > + int segment;
> > > > > + int flags;
> > > > > +};
> > > > > +
> > > > > +struct iommu_pic {
> > > > > + struct pic pic;
> > > > > + struct iommu_softc *iommu;
> > > > > +};
> > > > > +
> > > > > +#define IOMMU_FLAGS_CATCHALL 0x1
> > > > > +#define IOMMU_FLAGS_BAD 0x2
> > > > > +#define IOMMU_FLAGS_SUSPEND 0x4
> > > > > +
> > > > > +struct iommu_softc {
> > > > > + TAILQ_ENTRY(iommu_softc)link;
> > > > > + struct devlist_head devices;
> > > > > + int id;
> > > > > + int flags;
> > > > > + int segment;
> > > > > +
> > > > > + struct mutexreg_lock;
> > > > > +
> > > > > + bus_space_tag_t iot;
> > > > > + bus_space_handle_t ioh;
> > > > > +
> > > > > + uint64_tcap;
> > > > > + uint64_tecap;
> > > > > + uint32_tgcmd;
> > > > > +
> > > > > + int mgaw;
> > > > > + int agaw;
> > > > > + int ndoms;
> > > > > +
> >
Re: ldom.conf.5: clarify vcpu strides
On Wed, Sep 02, 2020 at 04:58:39PM +0200, Stefan Sperling wrote:
> I would like to suggest an example for the EXAMPLES section which
> illustrates how a suitable stride factor can be determined (divide the
> number of desired "unused" cpus by the number of desired "used" cpus):
We can do with an example, but to me yours does not read obvious enough.
Also, `vcpu' denotes *virtual* CPUs inside domains, not CPUs on the
machine, so "CPU" (without "V") reads off in your example and conflicts
with the otherwise consistent mentions of "virtual CPUs" in this manual.
Here's my last diff incl. an example which reads a tad clearer to me and
is placed in the EXAMPLES section instead.
Feedback? OK?
Index: ldom.conf.5
===
RCS file: /cvs/src/usr.sbin/ldomctl/ldom.conf.5,v
retrieving revision 1.13
diff -u -p -r1.13 ldom.conf.5
--- ldom.conf.5 21 Feb 2020 19:39:28 - 1.13
+++ ldom.conf.5 14 Sep 2020 17:51:39 -
@@ -38,8 +38,13 @@ If no configuration for the primary doma
all CPU and memory resources not used by any guest domains.
.It Ic vcpu Ar number Ns Op : Ns Ar stride
Declare the number of virtual CPUs assigned to a domain.
-Optionally a stride can be specified to allocate additional virtual CPUs
-but not assign them to a domain.
+Optionally a stride factor can be specified to allocate
+.Ar number
+virtual CPUs
+.Ar stride
+times but not assign more than
+.Ar number
+virtual CPUs to a domain, leaving the rest unassigned.
This can be used to distribute virtual CPUs over the available CPU cores.
.It Ic memory Ar bytes
Declare the amount of memory assigned to a domain, in bytes.
@@ -112,6 +117,20 @@ domain "salmah" {
.Pp
On a machine with 32 cores and 64GB physical memory, this leaves 12 cores and
58GB memory to the primary domain.
+.Pp
+Use
+.Ar stride
+factors to distribute virtual CPUs:
+.Bd -literal -offset indent
+domain "sun" {
+ vcpu 2:4
+ memory 4G
+ vdisk "/home/sun/vdisk0"
+}
+.Ed
+On a machine with eight threads per physical core, this allocates four strides
+of two virtual CPUs to the guest domain but only assigns one stride to it, i.e.
+make it occupy an entire physical core while running on only two threads.
.Sh SEE ALSO
.Xr eeprom 8 ,
.Xr ldomctl 8 ,
smtp(1) fix for usernames containing '@' symbols
Some email accounts use account names that include the @host portion,
and this broke the server and credentials parsing in smtp(1). Sometimes
I see these @ characters encoded as %40, but smtp(1) was not decoding
these url escape sequences before base64 encoding and talking with the
server.
Searching for the last @ character instead of the first is a simple
fix. This mail was sent using this diff.
diff 594937660a36a61c991da10e4d9f91c8e1cdb9d0 /usr/src
blob - deb99c6394e09f605db53cbdb1cddbf61ac72bf8
file + usr.sbin/smtpd/smtpc.c
--- usr.sbin/smtpd/smtpc.c
+++ usr.sbin/smtpd/smtpc.c
@@ -185,7 +185,7 @@ parse_server(char *server)
*p = '\0';
p += 3;
/* check for credentials */
- c = strchr(p, '@');
+ c = strrchr(p, '@');
if (c) {
creds = p;
*c = '\0';
Re: acme-client(1) and Buypass Go SSL
This fell through the cracks back in April.
We need to be able to provide contact information to use the
buypass.com acme api.
OK?
diff --git etc/examples/acme-client.conf etc/examples/acme-client.conf
index 32ecd8e8655..40d231725ac 100644
--- etc/examples/acme-client.conf
+++ etc/examples/acme-client.conf
@@ -11,6 +11,18 @@ authority letsencrypt-staging {
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
+authority buypass {
+api url "https://api.buypass.com/acme/directory;
+account key "/etc/acme/buypass-privkey.pem"
+contact "mailto:m...@example.com;
+}
+
+authority buypass-test {
+api url "https://api.test4.buypass.no/acme/directory;
+account key "/etc/acme/buypass-test-privkey.pem"
+contact "mailto:m...@example.com;
+}
+
domain example.com {
alternative names { secure.example.com }
domain key "/etc/ssl/private/example.com.key"
diff --git usr.sbin/acme-client/acme-client.conf.5
usr.sbin/acme-client/acme-client.conf.5
index 08a47a76ab7..41994d13676 100644
--- usr.sbin/acme-client/acme-client.conf.5
+++ usr.sbin/acme-client/acme-client.conf.5
@@ -98,6 +98,11 @@ It defaults to
Specify the
.Ar url
under which the ACME API is reachable.
+.It Ic contact Ar contact
+Optional
+.Ar contact
+URLs that the authority can use to contact the client for issues related to
+this account.
.El
.Sh DOMAINS
The certificates to be obtained through ACME.
diff --git usr.sbin/acme-client/extern.h usr.sbin/acme-client/extern.h
index 364425b0500..ee341e0950f 100644
--- usr.sbin/acme-client/extern.h
+++ usr.sbin/acme-client/extern.h
@@ -263,7 +263,7 @@ char*json_getstr(struct jsmnn *, const char
*);
char *json_fmt_newcert(const char *);
char *json_fmt_chkacc(void);
-char *json_fmt_newacc(void);
+char *json_fmt_newacc(const char *);
char *json_fmt_neworder(const char *const *, size_t);
char *json_fmt_protected_rsa(const char *,
const char *, const char *, const char *);
diff --git usr.sbin/acme-client/json.c usr.sbin/acme-client/json.c
index a6762eeb258..9201f8d2fc3 100644
--- usr.sbin/acme-client/json.c
+++ usr.sbin/acme-client/json.c
@@ -618,14 +618,24 @@ json_fmt_chkacc(void)
* Format the "newAccount" resource request.
*/
char *
-json_fmt_newacc(void)
+json_fmt_newacc(const char *contact)
{
int c;
- char*p;
+ char*p, *cnt = NULL;
+
+ if (contact != NULL) {
+ c = asprintf(, "\"contact\": [ \"%s\" ], ", contact);
+ if (c == -1) {
+ warn("asprintf");
+ return NULL;
+ }
+ }
c = asprintf(, "{"
+ "%s"
"\"termsOfServiceAgreed\": true"
- "}");
+ "}", cnt == NULL ? "" : cnt);
+ free(cnt);
if (c == -1) {
warn("asprintf");
p = NULL;
diff --git usr.sbin/acme-client/netproc.c usr.sbin/acme-client/netproc.c
index 05e36897c38..4490450003e 100644
--- usr.sbin/acme-client/netproc.c
+++ usr.sbin/acme-client/netproc.c
@@ -369,14 +369,14 @@ sreq(struct conn *c, const char *addr, int kid, const
char *req, char **loc)
* Returns non-zero on success.
*/
static int
-donewacc(struct conn *c, const struct capaths *p)
+donewacc(struct conn *c, const struct capaths *p, const char *contact)
{
struct jsmnn*j = NULL;
int rc = 0;
char*req, *detail, *error = NULL;
long lc;
- if ((req = json_fmt_newacc()) == NULL)
+ if ((req = json_fmt_newacc(contact)) == NULL)
warnx("json_fmt_newacc");
else if ((lc = sreq(c, p->newaccount, 0, req, >kid)) < 0)
warnx("%s: bad comm", p->newaccount);
@@ -410,7 +410,7 @@ donewacc(struct conn *c, const struct capaths *p)
* Returns non-zero on success.
*/
static int
-dochkacc(struct conn *c, const struct capaths *p)
+dochkacc(struct conn *c, const struct capaths *p, const char *contact)
{
int rc = 0;
char*req;
@@ -425,7 +425,7 @@ dochkacc(struct conn *c, const struct capaths *p)
else if (c->buf.buf == NULL || c->buf.sz == 0)
warnx("%s: empty response", p->newaccount);
else if (lc == 400)
- rc = donewacc(c, p);
+ rc = donewacc(c, p, contact);
else
rc = 1;
@@ -755,7 +755,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
rfd,
c.newnonce = paths.newnonce;
/* Check if our account already exists or create it. */
- if (!dochkacc(, ))
+ if (!dochkacc(, , authority->contact))
goto out;
/*
diff --git usr.sbin/acme-client/parse.h usr.sbin/acme-client/parse.h
index 9de5a490f69..c928a9de7da 100644
--- usr.sbin/acme-client/parse.h
+++ usr.sbin/acme-client/parse.h
@@ -38,6 +38,7 @@ struct authority_c {
acme-client: relax certificate parsing
Relax parsing of pem files a bit. Apparently there are CAs that use
\r\n line endings.
>From Bartosz Kuzma as part of a larger diff.
OK?
diff --git certproc.c certproc.c
index 7fde96e970e..975e12afaaa 100644
--- certproc.c
+++ certproc.c
@@ -28,7 +28,8 @@
#include "extern.h"
-#define MARKER "-END CERTIFICATE-\n"
+#define BEGIN_MARKER "-BEGIN CERTIFICATE-"
+#define END_MARKER "-END CERTIFICATE-"
int
certproc(int netsock, int filesock)
@@ -81,19 +82,25 @@ certproc(int netsock, int filesock)
if ((csr = readbuf(netsock, COMM_CSR, )) == NULL)
goto out;
- if (csrsz < strlen(MARKER)) {
+ if (csrsz < strlen(END_MARKER)) {
warnx("invalid cert");
goto out;
}
- chaincp = strstr(csr, MARKER);
+ chaincp = strstr(csr, END_MARKER);
if (chaincp == NULL) {
warnx("invalid cert");
goto out;
}
- chaincp += strlen(MARKER);
+ chaincp += strlen(END_MARKER);
+
+ if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) {
+ warnx("invalid certificate chain");
+ goto out;
+ }
+
if ((chain = strdup(chaincp)) == NULL) {
warn("strdup");
goto out;
--
I'm not entirely sure you are real.
snmp request specific OIDs from mibtree
Sometimes I want to know the OID from a name and vice versa.
I'm done doing these by hand. Diff below does this for me:
$ ./obj/snmp mibtree -On snmpTrapOID.0
.1.3.6.1.6.3.1.1.4.1.0
OK?
martijn@
Index: snmp.1
===
RCS file: /cvs/src/usr.bin/snmp/snmp.1,v
retrieving revision 1.14
diff -u -p -r1.14 snmp.1
--- snmp.1 8 Aug 2020 07:11:47 - 1.14
+++ snmp.1 14 Sep 2020 14:50:09 -
@@ -49,6 +49,7 @@
.Nm
.Cm mibtree
.Op Fl O Ar fns
+.Op Ar oid ...
.Sh DESCRIPTION
The
.Nm
@@ -165,8 +166,12 @@ An SNMP based version of the
.Xr df 1
command.
If no size suffix is shown the sizes are in kilobytes.
-.It Nm Cm mibtree Op Fl O Ar fnS
+.It Nm Cm mibtree Oo Fl O Ar fnS Oc Op Ar oid ...
Dump the tree of compiled-in MIB objects.
+If
+.Ar oid
+is specified it wil print the objects in the requested output format if
+available, or print a warning if the object can't be found.
.El
.Pp
The
Index: snmpc.c
===
RCS file: /cvs/src/usr.bin/snmp/snmpc.c,v
retrieving revision 1.29
diff -u -p -r1.29 snmpc.c
--- snmpc.c 12 Sep 2020 18:11:43 - 1.29
+++ snmpc.c 14 Sep 2020 14:50:10 -
@@ -80,7 +80,7 @@ struct snmp_app snmp_apps[] = {
{ "set", 1, NULL, "agent oid type value [oid type value] ...",
snmpc_set },
{ "trap", 1, NULL, "agent uptime oid [oid type value] ...", snmpc_trap
},
{ "df", 1, "C:", "[-Ch] [-Cr] agent", snmpc_df },
- { "mibtree", 0, "O:", "[-O fnS]", snmpc_mibtree }
+ { "mibtree", 0, "O:", "[-O fnS] [oid] ...", snmpc_mibtree }
};
struct snmp_app *snmp_app = NULL;
@@ -1060,11 +1060,25 @@ int
snmpc_mibtree(int argc, char *argv[])
{
struct oid *oid;
+ struct ber_oid soid;
char buf[BUFSIZ];
+ int i;
- for (oid = NULL; (oid = smi_foreach(oid)) != NULL;) {
- smi_oid2string(>o_id, buf, sizeof(buf), oid_lookup);
- printf("%s\n", buf);
+ if (argc == 0) {
+ for (oid = NULL; (oid = smi_foreach(oid)) != NULL;) {
+ smi_oid2string(>o_id, buf, sizeof(buf),
+ oid_lookup);
+ printf("%s\n", buf);
+ }
+ } else {
+ for (i = 0; i < argc; i++) {
+ if (smi_string2oid(argv[i], ) == -1) {
+ warnx("%s: Unknown object identifier", argv[i]);
+ continue;
+ }
+ smi_oid2string(, buf, sizeof(buf), oid_lookup);
+ printf("%s\n", buf);
+ }
}
return 0;
}
Re: acme-client: improve account creation error message
On Mon, Sep 14, 2020 at 9:45 AM Bob Beck wrote:
>
> But what if I like json and I am already set up to be a hipster and
> feed all the untrusted inputs through jq..
>
> (ok beck@)
>
> On Mon, Sep 14, 2020 at 03:37:25PM +0200, Florian Obser wrote:
> > not helpful:
> > $ doas acme-client $(hostname)
> > acme-client: https://api.test4.buypass.no/acme-v02/new-acct: bad HTTP:
> 400
> >
> > vomitting unformated json is not better:
> > $ doas acme-client -v $(hostname)
> > acme-client: transfer buffer:
> [{"type":"urn:ietf:params:acme:error:malformed","detail":"Email is a
> required
> contact","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400
> Bad Request"}] (164 bytes)
> >
> > let's do this:
> > $ doas obj/acme-client -v $(hostname)
> > acme-client: Email is a required contact
> >
> > OK?
> >
> > diff --git extern.h extern.h
> > index 529d3350205..364425b0500 100644
> > --- extern.h
> > +++ extern.h
> > @@ -259,6 +259,7 @@ intjson_parse_order(struct jsmnn *,
> struct order *);
> > int json_parse_upd_order(struct jsmnn *, struct order *);
> > void json_free_capaths(struct capaths *);
> > int json_parse_capaths(struct jsmnn *, struct capaths *);
> > +char *json_getstr(struct jsmnn *, const char *);
> >
> > char *json_fmt_newcert(const char *);
> > char *json_fmt_chkacc(void);
> > diff --git json.c json.c
> > index 61d2631359f..a6762eeb258 100644
> > --- json.c
> > +++ json.c
> > @@ -297,7 +297,7 @@ json_getobj(struct jsmnn *n, const char *name)
> > * that it's the correct type.
> > * Returns NULL on failure.
> > */
> > -static char *
> > +char *
> > json_getstr(struct jsmnn *n, const char *name)
> > {
> > size_t i;
> > diff --git netproc.c netproc.c
> > index 7b8152196d1..05e36897c38 100644
> > --- netproc.c
> > +++ netproc.c
> > @@ -371,15 +371,27 @@ sreq(struct conn *c, const char *addr, int kid,
> const char *req, char **loc)
> > static int
> > donewacc(struct conn *c, const struct capaths *p)
> > {
> > + struct jsmnn*j = NULL;
> > int rc = 0;
> > - char*req;
> > + char*req, *detail, *error = NULL;
> > long lc;
> >
> > if ((req = json_fmt_newacc()) == NULL)
> > warnx("json_fmt_newacc");
> > else if ((lc = sreq(c, p->newaccount, 0, req, >kid)) < 0)
> > warnx("%s: bad comm", p->newaccount);
> > - else if (lc != 200 && lc != 201)
> > + else if (lc == 400) {
> > + if ((j = json_parse(c->buf.buf, c->buf.sz)) == NULL)
> > + warnx("%s: bad JSON object", p->newaccount);
> > + else {
> > + detail = json_getstr(j, "detail");
> > + if (detail != NULL && stravis(, detail,
> VIS_SAFE)
> > + != -1) {
> > + warnx("%s", error);
> > + free(error);
> > + }
> > + }
> > + } else if (lc != 200 && lc != 201)
> > warnx("%s: bad HTTP: %ld", p->newaccount, lc);
> > else if (c->buf.buf == NULL || c->buf.sz == 0)
> > warnx("%s: empty response", p->newaccount);
> >
> >
> > --
> > I'm not entirely sure you are real.
> >
>
>
please dont drop the all buffer , or keep it with -vv ?
example : warnx("%s: bad JSON object:%s", p->newaccount, c->buf.buf);
i don't want to ktrace it to see why the new certbot version is not working
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: btrace: add boolean AND and OR operators
On Mon, Sep 14, 2020 at 03:28:17PM +0200, Jasper Lievisse Adriaanse wrote:
> Hi,
>
> This diff adds support for the '&' and '|' operators, along with
> a new testcase.
>
> OK?
make sens to me. ok semarie@
> Index: usr.sbin/btrace/bt_parse.y
> ===
> RCS file: /cvs/src/usr.sbin/btrace/bt_parse.y,v
> retrieving revision 1.16
> diff -u -p -r1.16 bt_parse.y
> --- usr.sbin/btrace/bt_parse.y11 Jul 2020 14:52:14 - 1.16
> +++ usr.sbin/btrace/bt_parse.y14 Sep 2020 15:14:10 -
> @@ -119,6 +119,7 @@ static int yylex(void);
>
> %left'+' '-'
> %left'/' '*'
> +%left'&' '|'
> %%
>
> grammar : /* empty */
> @@ -172,6 +173,8 @@ term : '(' term ')' { $$ =
> $2; }
> | term '-' term { $$ = ba_op('-', $1, $3); }
> | term '/' term { $$ = ba_op('/', $1, $3); }
> | term '*' term { $$ = ba_op('*', $1, $3); }
> + | term '&' term { $$ = ba_op('&', $1, $3); }
> + | term '|' term { $$ = ba_op('|', $1, $3); }
> | NUMBER{ $$ = ba_new($1, B_AT_LONG); }
> | builtin { $$ = ba_new(NULL, $1); }
> | gvar { $$ = bv_get($1); }
> @@ -331,6 +334,12 @@ ba_op(const char op, struct bt_arg *da0,
> break;
> case '/':
> type = B_AT_OP_DIVIDE;
> + break;
> + case '&':
> + type = B_AT_OP_AND;
> + break;
> + case '|':
> + type = B_AT_OP_OR;
> break;
> default:
> assert(0);
> Index: usr.sbin/btrace/bt_parser.h
> ===
> RCS file: /cvs/src/usr.sbin/btrace/bt_parser.h,v
> retrieving revision 1.9
> diff -u -p -r1.9 bt_parser.h
> --- usr.sbin/btrace/bt_parser.h 13 Aug 2020 11:29:39 - 1.9
> +++ usr.sbin/btrace/bt_parser.h 14 Sep 2020 15:14:10 -
> @@ -143,6 +143,8 @@ struct bt_arg {
> B_AT_OP_MINUS,
> B_AT_OP_MULT,
> B_AT_OP_DIVIDE,
> + B_AT_OP_AND,
> + B_AT_OP_OR,
> }ba_type;
> };
>
> Index: usr.sbin/btrace/btrace.c
> ===
> RCS file: /cvs/src/usr.sbin/btrace/btrace.c,v
> retrieving revision 1.24
> diff -u -p -r1.24 btrace.c
> --- usr.sbin/btrace/btrace.c 11 Sep 2020 08:16:15 - 1.24
> +++ usr.sbin/btrace/btrace.c 14 Sep 2020 15:14:10 -
> @@ -812,7 +812,7 @@ stmt_store(struct bt_stmt *bs, struct dt
> case B_AT_BI_NSECS:
> bv->bv_value = ba_new(builtin_nsecs(dtev), B_AT_LONG);
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> bv->bv_value = ba_new(ba2long(ba, dtev), B_AT_LONG);
> break;
> default:
> @@ -992,6 +992,12 @@ baexpr2long(struct bt_arg *ba, struct dt
> case B_AT_OP_DIVIDE:
> result = first / second;
> break;
> + case B_AT_OP_AND:
> + result = first & second;
> + break;
> + case B_AT_OP_OR:
> + result = first | second;
> + break;
> default:
> xabort("unsuported operation %d", ba->ba_type);
> }
> @@ -1025,7 +1031,7 @@ ba2long(struct bt_arg *ba, struct dt_evt
> case B_AT_BI_RETVAL:
> val = dtev->dtev_sysretval[0];
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> val = baexpr2long(ba, dtev);
> break;
> default:
> @@ -1093,7 +1099,7 @@ ba2str(struct bt_arg *ba, struct dt_evt
> case B_AT_VAR:
> str = ba2str(ba_read(ba), dtev);
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> snprintf(buf, sizeof(buf) - 1, "%ld", ba2long(ba, dtev));
> str = buf;
> break;
> @@ -1152,7 +1158,7 @@ ba2dtflags(struct bt_arg *ba)
> case B_AT_MF_MAX:
> case B_AT_MF_MIN:
> case B_AT_MF_SUM:
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> break;
> default:
> xabort("invalid argument type %d", ba->ba_type);
> Index: regress/usr.sbin/btrace/Makefile
> ===
> RCS file: /cvs/src/regress/usr.sbin/btrace/Makefile,v
> retrieving revision 1.4
> diff -u -p -r1.4 Makefile
> --- regress/usr.sbin/btrace/Makefile 19 Mar 2020 15:53:09 - 1.4
> +++ regress/usr.sbin/btrace/Makefile 14 Sep 2020 15:14:10
Re: btrace: add boolean AND and OR operators
On Mon, Sep 14, 2020 at 03:39:04PM +0200, Otto Moerbeek wrote:
> On Mon, Sep 14, 2020 at 03:28:17PM +0200, Jasper Lievisse Adriaanse wrote:
>
> > Hi,
> >
> > This diff adds support for the '&' and '|' operators, along with
> > a new testcase.
> >
> > OK?
>
> The precedence looks funny
>
> I'd guess you want
>
> %left '|'
> %left '&'
> %left '+' '-'
> %left '/' '*'
>
> To avoid suprises.
>
> -Otto
Good point.
Index: usr.sbin/btrace/bt_parse.y
===
RCS file: /cvs/src/usr.sbin/btrace/bt_parse.y,v
retrieving revision 1.16
diff -u -p -r1.16 bt_parse.y
--- usr.sbin/btrace/bt_parse.y 11 Jul 2020 14:52:14 - 1.16
+++ usr.sbin/btrace/bt_parse.y 14 Sep 2020 15:41:40 -
@@ -117,6 +117,8 @@ static int yylex(void);
%type expr vargs map mexpr term
%type beginend
+%left '|'
+%left '&'
%left '+' '-'
%left '/' '*'
%%
@@ -172,6 +174,8 @@ term: '(' term ')' { $$ =
$2; }
| term '-' term { $$ = ba_op('-', $1, $3); }
| term '/' term { $$ = ba_op('/', $1, $3); }
| term '*' term { $$ = ba_op('*', $1, $3); }
+ | term '&' term { $$ = ba_op('&', $1, $3); }
+ | term '|' term { $$ = ba_op('|', $1, $3); }
| NUMBER{ $$ = ba_new($1, B_AT_LONG); }
| builtin { $$ = ba_new(NULL, $1); }
| gvar { $$ = bv_get($1); }
@@ -331,6 +335,12 @@ ba_op(const char op, struct bt_arg *da0,
break;
case '/':
type = B_AT_OP_DIVIDE;
+ break;
+ case '&':
+ type = B_AT_OP_AND;
+ break;
+ case '|':
+ type = B_AT_OP_OR;
break;
default:
assert(0);
Index: usr.sbin/btrace/bt_parser.h
===
RCS file: /cvs/src/usr.sbin/btrace/bt_parser.h,v
retrieving revision 1.9
diff -u -p -r1.9 bt_parser.h
--- usr.sbin/btrace/bt_parser.h 13 Aug 2020 11:29:39 - 1.9
+++ usr.sbin/btrace/bt_parser.h 14 Sep 2020 15:41:40 -
@@ -143,6 +143,8 @@ struct bt_arg {
B_AT_OP_MINUS,
B_AT_OP_MULT,
B_AT_OP_DIVIDE,
+ B_AT_OP_AND,
+ B_AT_OP_OR,
}ba_type;
};
Index: usr.sbin/btrace/btrace.c
===
RCS file: /cvs/src/usr.sbin/btrace/btrace.c,v
retrieving revision 1.24
diff -u -p -r1.24 btrace.c
--- usr.sbin/btrace/btrace.c11 Sep 2020 08:16:15 - 1.24
+++ usr.sbin/btrace/btrace.c14 Sep 2020 15:41:40 -
@@ -812,7 +812,7 @@ stmt_store(struct bt_stmt *bs, struct dt
case B_AT_BI_NSECS:
bv->bv_value = ba_new(builtin_nsecs(dtev), B_AT_LONG);
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
bv->bv_value = ba_new(ba2long(ba, dtev), B_AT_LONG);
break;
default:
@@ -992,6 +992,12 @@ baexpr2long(struct bt_arg *ba, struct dt
case B_AT_OP_DIVIDE:
result = first / second;
break;
+ case B_AT_OP_AND:
+ result = first & second;
+ break;
+ case B_AT_OP_OR:
+ result = first | second;
+ break;
default:
xabort("unsuported operation %d", ba->ba_type);
}
@@ -1025,7 +1031,7 @@ ba2long(struct bt_arg *ba, struct dt_evt
case B_AT_BI_RETVAL:
val = dtev->dtev_sysretval[0];
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
val = baexpr2long(ba, dtev);
break;
default:
@@ -1093,7 +1099,7 @@ ba2str(struct bt_arg *ba, struct dt_evt
case B_AT_VAR:
str = ba2str(ba_read(ba), dtev);
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
snprintf(buf, sizeof(buf) - 1, "%ld", ba2long(ba, dtev));
str = buf;
break;
@@ -1152,7 +1158,7 @@ ba2dtflags(struct bt_arg *ba)
case B_AT_MF_MAX:
case B_AT_MF_MIN:
case B_AT_MF_SUM:
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
break;
default:
xabort("invalid argument type %d", ba->ba_type);
Index: regress/usr.sbin/btrace/Makefile
===
RCS file: /cvs/src/regress/usr.sbin/btrace/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
---
Re: acme-client: improve account creation error message
But what if I like json and I am already set up to be a hipster and
feed all the untrusted inputs through jq..
(ok beck@)
On Mon, Sep 14, 2020 at 03:37:25PM +0200, Florian Obser wrote:
> not helpful:
> $ doas acme-client $(hostname)
> acme-client: https://api.test4.buypass.no/acme-v02/new-acct: bad HTTP: 400
>
> vomitting unformated json is not better:
> $ doas acme-client -v $(hostname)
> acme-client: transfer buffer:
> [{"type":"urn:ietf:params:acme:error:malformed","detail":"Email is a required
> contact","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad
> Request"}] (164 bytes)
>
> let's do this:
> $ doas obj/acme-client -v $(hostname)
> acme-client: Email is a required contact
>
> OK?
>
> diff --git extern.h extern.h
> index 529d3350205..364425b0500 100644
> --- extern.h
> +++ extern.h
> @@ -259,6 +259,7 @@ intjson_parse_order(struct jsmnn *,
> struct order *);
> int json_parse_upd_order(struct jsmnn *, struct order *);
> void json_free_capaths(struct capaths *);
> int json_parse_capaths(struct jsmnn *, struct capaths *);
> +char *json_getstr(struct jsmnn *, const char *);
>
> char *json_fmt_newcert(const char *);
> char *json_fmt_chkacc(void);
> diff --git json.c json.c
> index 61d2631359f..a6762eeb258 100644
> --- json.c
> +++ json.c
> @@ -297,7 +297,7 @@ json_getobj(struct jsmnn *n, const char *name)
> * that it's the correct type.
> * Returns NULL on failure.
> */
> -static char *
> +char *
> json_getstr(struct jsmnn *n, const char *name)
> {
> size_t i;
> diff --git netproc.c netproc.c
> index 7b8152196d1..05e36897c38 100644
> --- netproc.c
> +++ netproc.c
> @@ -371,15 +371,27 @@ sreq(struct conn *c, const char *addr, int kid, const
> char *req, char **loc)
> static int
> donewacc(struct conn *c, const struct capaths *p)
> {
> + struct jsmnn*j = NULL;
> int rc = 0;
> - char*req;
> + char*req, *detail, *error = NULL;
> long lc;
>
> if ((req = json_fmt_newacc()) == NULL)
> warnx("json_fmt_newacc");
> else if ((lc = sreq(c, p->newaccount, 0, req, >kid)) < 0)
> warnx("%s: bad comm", p->newaccount);
> - else if (lc != 200 && lc != 201)
> + else if (lc == 400) {
> + if ((j = json_parse(c->buf.buf, c->buf.sz)) == NULL)
> + warnx("%s: bad JSON object", p->newaccount);
> + else {
> + detail = json_getstr(j, "detail");
> + if (detail != NULL && stravis(, detail, VIS_SAFE)
> + != -1) {
> + warnx("%s", error);
> + free(error);
> + }
> + }
> + } else if (lc != 200 && lc != 201)
> warnx("%s: bad HTTP: %ld", p->newaccount, lc);
> else if (c->buf.buf == NULL || c->buf.sz == 0)
> warnx("%s: empty response", p->newaccount);
>
>
> --
> I'm not entirely sure you are real.
>
Re: btrace: add boolean AND and OR operators
On Mon, Sep 14, 2020 at 03:28:17PM +0200, Jasper Lievisse Adriaanse wrote:
> Hi,
>
> This diff adds support for the '&' and '|' operators, along with
> a new testcase.
>
> OK?
The precedence looks funny
I'd guess you want
%left '|'
%left '&'
%left '+' '-'
%left '/' '*'
To avoid suprises.
-Otto
>
> Index: usr.sbin/btrace/bt_parse.y
> ===
> RCS file: /cvs/src/usr.sbin/btrace/bt_parse.y,v
> retrieving revision 1.16
> diff -u -p -r1.16 bt_parse.y
> --- usr.sbin/btrace/bt_parse.y11 Jul 2020 14:52:14 - 1.16
> +++ usr.sbin/btrace/bt_parse.y14 Sep 2020 15:14:10 -
> @@ -119,6 +119,7 @@ static int yylex(void);
>
> %left'+' '-'
> %left'/' '*'
> +%left'&' '|'
> %%
>
> grammar : /* empty */
> @@ -172,6 +173,8 @@ term : '(' term ')' { $$ =
> $2; }
> | term '-' term { $$ = ba_op('-', $1, $3); }
> | term '/' term { $$ = ba_op('/', $1, $3); }
> | term '*' term { $$ = ba_op('*', $1, $3); }
> + | term '&' term { $$ = ba_op('&', $1, $3); }
> + | term '|' term { $$ = ba_op('|', $1, $3); }
> | NUMBER{ $$ = ba_new($1, B_AT_LONG); }
> | builtin { $$ = ba_new(NULL, $1); }
> | gvar { $$ = bv_get($1); }
> @@ -331,6 +334,12 @@ ba_op(const char op, struct bt_arg *da0,
> break;
> case '/':
> type = B_AT_OP_DIVIDE;
> + break;
> + case '&':
> + type = B_AT_OP_AND;
> + break;
> + case '|':
> + type = B_AT_OP_OR;
> break;
> default:
> assert(0);
> Index: usr.sbin/btrace/bt_parser.h
> ===
> RCS file: /cvs/src/usr.sbin/btrace/bt_parser.h,v
> retrieving revision 1.9
> diff -u -p -r1.9 bt_parser.h
> --- usr.sbin/btrace/bt_parser.h 13 Aug 2020 11:29:39 - 1.9
> +++ usr.sbin/btrace/bt_parser.h 14 Sep 2020 15:14:10 -
> @@ -143,6 +143,8 @@ struct bt_arg {
> B_AT_OP_MINUS,
> B_AT_OP_MULT,
> B_AT_OP_DIVIDE,
> + B_AT_OP_AND,
> + B_AT_OP_OR,
> }ba_type;
> };
>
> Index: usr.sbin/btrace/btrace.c
> ===
> RCS file: /cvs/src/usr.sbin/btrace/btrace.c,v
> retrieving revision 1.24
> diff -u -p -r1.24 btrace.c
> --- usr.sbin/btrace/btrace.c 11 Sep 2020 08:16:15 - 1.24
> +++ usr.sbin/btrace/btrace.c 14 Sep 2020 15:14:10 -
> @@ -812,7 +812,7 @@ stmt_store(struct bt_stmt *bs, struct dt
> case B_AT_BI_NSECS:
> bv->bv_value = ba_new(builtin_nsecs(dtev), B_AT_LONG);
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> bv->bv_value = ba_new(ba2long(ba, dtev), B_AT_LONG);
> break;
> default:
> @@ -992,6 +992,12 @@ baexpr2long(struct bt_arg *ba, struct dt
> case B_AT_OP_DIVIDE:
> result = first / second;
> break;
> + case B_AT_OP_AND:
> + result = first & second;
> + break;
> + case B_AT_OP_OR:
> + result = first | second;
> + break;
> default:
> xabort("unsuported operation %d", ba->ba_type);
> }
> @@ -1025,7 +1031,7 @@ ba2long(struct bt_arg *ba, struct dt_evt
> case B_AT_BI_RETVAL:
> val = dtev->dtev_sysretval[0];
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> val = baexpr2long(ba, dtev);
> break;
> default:
> @@ -1093,7 +1099,7 @@ ba2str(struct bt_arg *ba, struct dt_evt
> case B_AT_VAR:
> str = ba2str(ba_read(ba), dtev);
> break;
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> snprintf(buf, sizeof(buf) - 1, "%ld", ba2long(ba, dtev));
> str = buf;
> break;
> @@ -1152,7 +1158,7 @@ ba2dtflags(struct bt_arg *ba)
> case B_AT_MF_MAX:
> case B_AT_MF_MIN:
> case B_AT_MF_SUM:
> - case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
> + case B_AT_OP_ADD ... B_AT_OP_OR:
> break;
> default:
> xabort("invalid argument type %d", ba->ba_type);
> Index: regress/usr.sbin/btrace/Makefile
> ===
> RCS file: /cvs/src/regress/usr.sbin/btrace/Makefile,v
> retrieving revision 1.4
> diff -u -p -r1.4 Makefile
> ---
acme-client: improve account creation error message
not helpful:
$ doas acme-client $(hostname)
acme-client: https://api.test4.buypass.no/acme-v02/new-acct: bad HTTP: 400
vomitting unformated json is not better:
$ doas acme-client -v $(hostname)
acme-client: transfer buffer:
[{"type":"urn:ietf:params:acme:error:malformed","detail":"Email is a required
contact","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad
Request"}] (164 bytes)
let's do this:
$ doas obj/acme-client -v $(hostname)
acme-client: Email is a required contact
OK?
diff --git extern.h extern.h
index 529d3350205..364425b0500 100644
--- extern.h
+++ extern.h
@@ -259,6 +259,7 @@ int json_parse_order(struct jsmnn *, struct order
*);
int json_parse_upd_order(struct jsmnn *, struct order *);
voidjson_free_capaths(struct capaths *);
int json_parse_capaths(struct jsmnn *, struct capaths *);
+char *json_getstr(struct jsmnn *, const char *);
char *json_fmt_newcert(const char *);
char *json_fmt_chkacc(void);
diff --git json.c json.c
index 61d2631359f..a6762eeb258 100644
--- json.c
+++ json.c
@@ -297,7 +297,7 @@ json_getobj(struct jsmnn *n, const char *name)
* that it's the correct type.
* Returns NULL on failure.
*/
-static char *
+char *
json_getstr(struct jsmnn *n, const char *name)
{
size_t i;
diff --git netproc.c netproc.c
index 7b8152196d1..05e36897c38 100644
--- netproc.c
+++ netproc.c
@@ -371,15 +371,27 @@ sreq(struct conn *c, const char *addr, int kid, const
char *req, char **loc)
static int
donewacc(struct conn *c, const struct capaths *p)
{
+ struct jsmnn*j = NULL;
int rc = 0;
- char*req;
+ char*req, *detail, *error = NULL;
long lc;
if ((req = json_fmt_newacc()) == NULL)
warnx("json_fmt_newacc");
else if ((lc = sreq(c, p->newaccount, 0, req, >kid)) < 0)
warnx("%s: bad comm", p->newaccount);
- else if (lc != 200 && lc != 201)
+ else if (lc == 400) {
+ if ((j = json_parse(c->buf.buf, c->buf.sz)) == NULL)
+ warnx("%s: bad JSON object", p->newaccount);
+ else {
+ detail = json_getstr(j, "detail");
+ if (detail != NULL && stravis(, detail, VIS_SAFE)
+ != -1) {
+ warnx("%s", error);
+ free(error);
+ }
+ }
+ } else if (lc != 200 && lc != 201)
warnx("%s: bad HTTP: %ld", p->newaccount, lc);
else if (c->buf.buf == NULL || c->buf.sz == 0)
warnx("%s: empty response", p->newaccount);
--
I'm not entirely sure you are real.
Re: Document the WSDISPLAYIO_GETSCREENTYPE ioctl in wsdisplay.4
> Date: Mon, 14 Sep 2020 12:04:37 +0200
> From: Frederic Cambus
>
> Hi tech@,
>
> Here is a diff to document the WSDISPLAYIO_GETSCREENTYPE ioctl in
> wsdisplay.4.
>
> The wsdisplay_screentype structure definition can be found in
> .
>
> Comments? OK?
Sure, go for it.
> Index: wsdisplay.4
> ===
> RCS file: /cvs/src/share/man/man4/wsdisplay.4,v
> retrieving revision 1.54
> diff -u -p -r1.54 wsdisplay.4
> --- wsdisplay.4 25 May 2019 11:02:19 - 1.54
> +++ wsdisplay.4 14 Sep 2020 09:56:03 -
> @@ -174,6 +174,38 @@ indicates the number of color map entrie
> and
> .Dv WSDISPLAYIO_PUTCMAP .
> This call is likely to be unavailable on text-only displays.
> +.It Dv WSDISPLAYIO_GETSCREENTYPE Fa "struct wsdisplay_screentype"
> +Retrieve basic information about a screen.
> +The returned structure is as follows:
> +.Bd -literal -offset indent
> +struct wsdisplay_screentype {
> +int idx;
> +int nidx;
> +char name[WSSCREEN_NAME_SIZE];
> +int ncols, nrows;
> +int fontwidth, fontheight;
> +};
> +.Ed
> +.Pp
> +The
> +.Va idx
> +field indicates the index of the screen.
> +The
> +.Va nidx
> +field indicates the number of screens.
> +The
> +.Va name
> +field contains a human readable string used to identify the screen.
> +The
> +.Va ncols
> +and
> +.Va nrows
> +fields indicate the available number of columns and rows.
> +The
> +.Va fontwidth
> +and
> +.Va fontheight
> +fields indicate the dimensions of a character cell and are counted in pixels.
> .It Dv WSDISPLAYIO_GETCMAP Fa "struct wsdisplay_cmap"
> Retrieve the current color map from the display.
> This call needs the
>
>
Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote: > I struggled a bit to configure smtpd to relay to a remote server that > requires SSL client certificates. The solution is to just add a "pki > host.example.org" option, but "pki" is not listed as a valid option for > the relay delivery method, even though the parser accepts it. Committed. - todd
btrace: add boolean AND and OR operators
Hi,
This diff adds support for the '&' and '|' operators, along with
a new testcase.
OK?
Index: usr.sbin/btrace/bt_parse.y
===
RCS file: /cvs/src/usr.sbin/btrace/bt_parse.y,v
retrieving revision 1.16
diff -u -p -r1.16 bt_parse.y
--- usr.sbin/btrace/bt_parse.y 11 Jul 2020 14:52:14 - 1.16
+++ usr.sbin/btrace/bt_parse.y 14 Sep 2020 15:14:10 -
@@ -119,6 +119,7 @@ static int yylex(void);
%left '+' '-'
%left '/' '*'
+%left '&' '|'
%%
grammar: /* empty */
@@ -172,6 +173,8 @@ term: '(' term ')' { $$ =
$2; }
| term '-' term { $$ = ba_op('-', $1, $3); }
| term '/' term { $$ = ba_op('/', $1, $3); }
| term '*' term { $$ = ba_op('*', $1, $3); }
+ | term '&' term { $$ = ba_op('&', $1, $3); }
+ | term '|' term { $$ = ba_op('|', $1, $3); }
| NUMBER{ $$ = ba_new($1, B_AT_LONG); }
| builtin { $$ = ba_new(NULL, $1); }
| gvar { $$ = bv_get($1); }
@@ -331,6 +334,12 @@ ba_op(const char op, struct bt_arg *da0,
break;
case '/':
type = B_AT_OP_DIVIDE;
+ break;
+ case '&':
+ type = B_AT_OP_AND;
+ break;
+ case '|':
+ type = B_AT_OP_OR;
break;
default:
assert(0);
Index: usr.sbin/btrace/bt_parser.h
===
RCS file: /cvs/src/usr.sbin/btrace/bt_parser.h,v
retrieving revision 1.9
diff -u -p -r1.9 bt_parser.h
--- usr.sbin/btrace/bt_parser.h 13 Aug 2020 11:29:39 - 1.9
+++ usr.sbin/btrace/bt_parser.h 14 Sep 2020 15:14:10 -
@@ -143,6 +143,8 @@ struct bt_arg {
B_AT_OP_MINUS,
B_AT_OP_MULT,
B_AT_OP_DIVIDE,
+ B_AT_OP_AND,
+ B_AT_OP_OR,
}ba_type;
};
Index: usr.sbin/btrace/btrace.c
===
RCS file: /cvs/src/usr.sbin/btrace/btrace.c,v
retrieving revision 1.24
diff -u -p -r1.24 btrace.c
--- usr.sbin/btrace/btrace.c11 Sep 2020 08:16:15 - 1.24
+++ usr.sbin/btrace/btrace.c14 Sep 2020 15:14:10 -
@@ -812,7 +812,7 @@ stmt_store(struct bt_stmt *bs, struct dt
case B_AT_BI_NSECS:
bv->bv_value = ba_new(builtin_nsecs(dtev), B_AT_LONG);
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
bv->bv_value = ba_new(ba2long(ba, dtev), B_AT_LONG);
break;
default:
@@ -992,6 +992,12 @@ baexpr2long(struct bt_arg *ba, struct dt
case B_AT_OP_DIVIDE:
result = first / second;
break;
+ case B_AT_OP_AND:
+ result = first & second;
+ break;
+ case B_AT_OP_OR:
+ result = first | second;
+ break;
default:
xabort("unsuported operation %d", ba->ba_type);
}
@@ -1025,7 +1031,7 @@ ba2long(struct bt_arg *ba, struct dt_evt
case B_AT_BI_RETVAL:
val = dtev->dtev_sysretval[0];
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
val = baexpr2long(ba, dtev);
break;
default:
@@ -1093,7 +1099,7 @@ ba2str(struct bt_arg *ba, struct dt_evt
case B_AT_VAR:
str = ba2str(ba_read(ba), dtev);
break;
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
snprintf(buf, sizeof(buf) - 1, "%ld", ba2long(ba, dtev));
str = buf;
break;
@@ -1152,7 +1158,7 @@ ba2dtflags(struct bt_arg *ba)
case B_AT_MF_MAX:
case B_AT_MF_MIN:
case B_AT_MF_SUM:
- case B_AT_OP_ADD ... B_AT_OP_DIVIDE:
+ case B_AT_OP_ADD ... B_AT_OP_OR:
break;
default:
xabort("invalid argument type %d", ba->ba_type);
Index: regress/usr.sbin/btrace/Makefile
===
RCS file: /cvs/src/regress/usr.sbin/btrace/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- regress/usr.sbin/btrace/Makefile19 Mar 2020 15:53:09 - 1.4
+++ regress/usr.sbin/btrace/Makefile14 Sep 2020 15:14:10 -
@@ -3,8 +3,8 @@
BTRACE?=/usr/sbin/btrace
# scripts that don't need /dev/dt
-BT_LANG_SCRIPTS= arithm beginend comments delete exit map map-unnamed \
- maxoperand min+max+sum multismts nsecs+var
Re: dt: add static vfs probes
ok beck@
On Mon, Sep 14, 2020 at 12:45:55PM +0200, Jasper Lievisse Adriaanse wrote:
> Hi,
>
> Whilst analyzing the cleaner I added tracepoints called 'cleaner' and
> 'bufcache_take' to
> track its behaviour.
>
> For the sake of symmetry I've added one in bufcache_release() too and moved
> the assignment
> of 'pages' until after the KASSERT(), following the flow of bufcache_take().
>
> Sample usage of these probes:
>
> tracepoint:vfs:bufcache_take {
> printf("bcache_take:%d(%s) flags: 0x%x cache: %d pages: %d\n",
> tid, comm, arg0 , arg1, arg2);
> }
>
> tracepoint:vfs:bufcache_rel{
> printf("bcache_rel:%d(%s) flags: 0x%x cache: %d pages: %d\n",
> tid, comm, arg0, arg1, arg2);
> }
>
> tracepoint:vfs:cleaner{
> printf("cleaner:%d(%s) flags: 0x%x pushed: %d lodirtypages: %d,
> hidirtypages: %d\n",
> tid, comm, arg0, arg1, arg2, arg3);
> }
>
> OK to commit this?
>
> Index: dev/dt/dt_prov_static.c
> ===
> RCS file: /cvs/src/sys/dev/dt/dt_prov_static.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 dt_prov_static.c
> --- dev/dt/dt_prov_static.c 13 Sep 2020 14:55:08 - 1.4
> +++ dev/dt/dt_prov_static.c 14 Sep 2020 10:43:43 -
> @@ -58,6 +58,13 @@ DT_STATIC_PROBE3(uvm, map_insert, "vaddr
> DT_STATIC_PROBE3(uvm, map_remove, "vaddr_t", "vaddr_t", "vm_prot_t");
>
> /*
> + * VFS
> + */
> +DT_STATIC_PROBE3(vfs, bufcache_rel, "long", "int", "int64_t");
> +DT_STATIC_PROBE3(vfs, bufcache_take, "long", "int", "int64_t");
> +DT_STATIC_PROBE4(vfs, cleaner, "long", "int", "long", "long");
> +
> +/*
> * List of all static probes
> */
> struct dt_probe *dtps_static[] = {
> @@ -76,6 +83,10 @@ struct dt_probe *dtps_static[] = {
> &_DT_STATIC_P(uvm, fault),
> &_DT_STATIC_P(uvm, map_insert),
> &_DT_STATIC_P(uvm, map_remove),
> + /* VFS */
> + &_DT_STATIC_P(vfs, bufcache_rel),
> + &_DT_STATIC_P(vfs, bufcache_take),
> + &_DT_STATIC_P(vfs, cleaner),
> };
>
> int
> Index: kern/vfs_bio.c
> ===
> RCS file: /cvs/src/sys/kern/vfs_bio.c,v
> retrieving revision 1.202
> diff -u -p -r1.202 vfs_bio.c
> --- kern/vfs_bio.c12 Sep 2020 11:57:24 - 1.202
> +++ kern/vfs_bio.c14 Sep 2020 10:43:43 -
> @@ -57,6 +57,7 @@
> #include
> #include
> #include
> +#include
> #include
>
> /* XXX Should really be in buf.h, but for uvm_constraint_range.. */
> @@ -1209,6 +1210,9 @@ buf_daemon(void *arg)
> }
>
> while ((bp = bufcache_getdirtybuf())) {
> + TRACEPOINT(vfs, cleaner, bp->b_flags, pushed,
> + lodirtypages, hidirtypages);
> +
> if (UNCLEAN_PAGES < lodirtypages &&
> bcstats.kvaslots_avail > 2 * RESERVE_SLOTS &&
> pushed >= 16)
> @@ -1693,6 +1697,9 @@ bufcache_take(struct buf *bp)
> KASSERT((bp->cache < NUM_CACHES));
>
> pages = atop(bp->b_bufsize);
> +
> + TRACEPOINT(vfs, bufcache_take, bp->b_flags, bp->cache, pages);
> +
> struct bufcache *cache = [bp->cache];
> if (!ISSET(bp->b_flags, B_DELWRI)) {
> if (ISSET(bp->b_flags, B_COLD)) {
> @@ -1756,8 +1763,11 @@ bufcache_release(struct buf *bp)
> int64_t pages;
> struct bufcache *cache = [bp->cache];
>
> - pages = atop(bp->b_bufsize);
> KASSERT(ISSET(bp->b_flags, B_BC));
> + pages = atop(bp->b_bufsize);
> +
> + TRACEPOINT(vfs, bufcache_rel, bp->b_flags, bp->cache, pages);
> +
> if (fliphigh) {
> if (ISSET(bp->b_flags, B_DMA) && bp->cache > 0)
> panic("B_DMA buffer release from cache %d",
> --
> jasper
>
Re: go/rust vs uvm_map_inentry()
A similar fix for the "sh" cpu, which is in the landisk.
Index: sh/sh/trap.c
===
RCS file: /cvs/src/sys/arch/sh/sh/trap.c,v
retrieving revision 1.40
diff -u -p -u -r1.40 trap.c
--- sh/sh/trap.c6 Sep 2019 12:22:01 - 1.40
+++ sh/sh/trap.c14 Sep 2020 11:44:56 -
@@ -155,7 +155,7 @@ void
general_exception(struct proc *p, struct trapframe *tf, uint32_t va)
{
int expevt = tf->tf_expevt;
- int tra;
+ int tra = _reg_read_4(SH_(TRA));
int usermode = !KERNELMODE(tf->tf_ssr);
union sigval sv;
@@ -191,7 +193,6 @@ general_exception(struct proc *p, struct
case EXPEVT_TRAPA:
#ifdef DDB
/* Check for ddb request */
- tra = _reg_read_4(SH_(TRA));
if (tra == (_SH_TRA_BREAK << 2) &&
db_ktrap(expevt, tra, tf))
return;
@@ -201,7 +202,6 @@ general_exception(struct proc *p, struct
break;
case EXPEVT_TRAPA | EXP_USER:
/* Check for debugger break */
- tra = _reg_read_4(SH_(TRA));
switch (tra) {
case _SH_TRA_BREAK << 2:
tf->tf_spc -= 2; /* back to the breakpoint address */
Re: go/rust vs uvm_map_inentry()
i386 has the same problem.
Index: arch/i386/i386/trap.c
===
RCS file: /cvs/src/sys/arch/i386/i386/trap.c,v
retrieving revision 1.143
diff -u -p -u -r1.143 trap.c
--- arch/i386/i386/trap.c 19 Aug 2020 10:10:58 - 1.143
+++ arch/i386/i386/trap.c 14 Sep 2020 11:23:01 -
@@ -119,7 +119,7 @@ trap(struct trapframe *frame)
vm_prot_t ftype;
union sigval sv;
caddr_t onfault;
- uint32_t cr2;
+ uint32_t cr2 = rcr2();
uvmexp.traps++;
@@ -135,7 +135,7 @@ trap(struct trapframe *frame)
if (trapdebug) {
printf("trap %d code %x eip %x cs %x eflags %x cr2 %x cpl %x\n",
frame->tf_trapno, frame->tf_err, frame->tf_eip,
- frame->tf_cs, frame->tf_eflags, rcr2(), lapic_tpr);
+ frame->tf_cs, frame->tf_eflags, rcr2, lapic_tpr);
printf("curproc %p\n", curproc);
}
#endif
@@ -182,7 +182,7 @@ trap(struct trapframe *frame)
printf(" in %s mode\n", (type & T_USER) ? "user" :
"supervisor");
printf("trap type %d code %x eip %x cs %x eflags %x cr2 %x cpl
%x\n",
type, frame->tf_err, frame->tf_eip, frame->tf_cs,
- frame->tf_eflags, rcr2(), lapic_tpr);
+ frame->tf_eflags, rcr2, lapic_tpr);
panic("trap type %d, code=%x, pc=%x",
type, frame->tf_err, frame->tf_eip);
@@ -333,7 +333,6 @@ trap(struct trapframe *frame)
goto we_re_toast;
pcb = >p_addr->u_pcb;
- cr2 = rcr2();
KERNEL_LOCK();
/* This will only trigger if SMEP is enabled */
if (cr2 <= VM_MAXUSER_ADDRESS && frame->tf_err & PGEX_I)
@@ -353,7 +352,6 @@ trap(struct trapframe *frame)
int error;
int signal, sicode;
- cr2 = rcr2();
KERNEL_LOCK();
faultcommon:
vm = p->p_vmspace;
@@ -434,11 +432,11 @@ trap(struct trapframe *frame)
#endif
case T_BPTFLT|T_USER: /* bpt instruction fault */
- sv.sival_int = rcr2();
+ sv.sival_int = rcr2;
trapsignal(p, SIGTRAP, type &~ T_USER, TRAP_BRKPT, sv);
break;
case T_TRCTRAP|T_USER: /* trace trap */
- sv.sival_int = rcr2();
+ sv.sival_int = rcr2;
trapsignal(p, SIGTRAP, type &~ T_USER, TRAP_TRACE, sv);
break;
Re: go/rust vs uvm_map_inentry()
On Mon, Sep 14, 2020 at 01:25:03PM +0200, Mark Kettenis wrote:
> > Date: Sun, 13 Sep 2020 19:48:19 +0200
> > From: Sebastien Marie
> >
> > On Sun, Sep 13, 2020 at 04:49:48PM +0200, Sebastien Marie wrote:
> > > On Sun, Sep 13, 2020 at 03:29:57PM +0200, Martin Pieuchot wrote:
> > > > I'm no longer able to reproduce the corruption while building lang/go
> > > > with the diff below. Something relevant to threading change in go since
> > > > march?
> > > >
> > > > Can someone try this diff and tell me if go and/or rust still fail?
> > >
> > > quickly tested with rustc build (nightly here), and it is failing at
> > > random places (not always at the same) with memory errors (signal 11,
> > > compiler ICE signal 6...)
> > >
> >
> > A first hint.
> >
> > With the help of deraadt@, it was found that disabling
> > uvm_map_inentry() call in usertrap() is enough to avoid the crashes.
> >
> > To be clear, I am using the following diff:
>
> The diff below fixes at (for amd64).
>
> What's happening is that uvm_map_inentry() may sleep to grab the lock
> of the map. The fault address is read from cr2 in pageflttrap() which
> gets called after this check and if the check sleeps, cr2 is likely to
> be clobbered by a page fault in another process.
>
> Diff below fixes this by reading cr2 early and passing it to pageflttrap().
>
> ok?
it makes sens. and I can't trigger the crashes with rustc build anymore.
ok semarie@
>
> Index: arch/amd64/amd64/trap.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/trap.c,v
> retrieving revision 1.80
> diff -u -p -r1.80 trap.c
> --- arch/amd64/amd64/trap.c 19 Aug 2020 10:10:57 - 1.80
> +++ arch/amd64/amd64/trap.c 14 Sep 2020 11:17:35 -
> @@ -92,7 +92,7 @@
>
> #include "isa.h"
>
> -int pageflttrap(struct trapframe *, int _usermode);
> +int pageflttrap(struct trapframe *, uint64_t, int _usermode);
> void kerntrap(struct trapframe *);
> void usertrap(struct trapframe *);
> void ast(struct trapframe *);
> @@ -157,12 +157,11 @@ fault(const char *format, ...)
> * if something was so broken that we should panic.
> */
> int
> -pageflttrap(struct trapframe *frame, int usermode)
> +pageflttrap(struct trapframe *frame, uint64_t cr2, int usermode)
> {
> struct proc *p = curproc;
> struct pcb *pcb;
> int error;
> - uint64_t cr2;
> vaddr_t va;
> struct vm_map *map;
> vm_prot_t ftype;
> @@ -172,7 +171,6 @@ pageflttrap(struct trapframe *frame, int
>
> map = >p_vmspace->vm_map;
> pcb = >p_addr->u_pcb;
> - cr2 = rcr2();
> va = trunc_page((vaddr_t)cr2);
>
> KERNEL_LOCK();
> @@ -280,6 +278,7 @@ void
> kerntrap(struct trapframe *frame)
> {
> int type = (int)frame->tf_trapno;
> + uint64_t cr2 = rcr2();
>
> verify_smap(__func__);
> uvmexp.traps++;
> @@ -299,7 +298,7 @@ kerntrap(struct trapframe *frame)
> /*NOTREACHED*/
>
> case T_PAGEFLT: /* allow page faults in kernel mode */
> - if (pageflttrap(frame, 0))
> + if (pageflttrap(frame, cr2, 0))
> return;
> goto we_re_toast;
>
> @@ -333,6 +332,7 @@ usertrap(struct trapframe *frame)
> {
> struct proc *p = curproc;
> int type = (int)frame->tf_trapno;
> + uint64_t cr2 = rcr2();
> union sigval sv;
> int sig, code;
>
> @@ -381,7 +381,7 @@ usertrap(struct trapframe *frame)
> break;
>
> case T_PAGEFLT: /* page fault */
> - if (pageflttrap(frame, 1))
> + if (pageflttrap(frame, cr2, 1))
> goto out;
> /* FALLTHROUGH */
>
--
Sebastien Marie
Re: go/rust vs uvm_map_inentry()
> Date: Sun, 13 Sep 2020 19:48:19 +0200
> From: Sebastien Marie
>
> On Sun, Sep 13, 2020 at 04:49:48PM +0200, Sebastien Marie wrote:
> > On Sun, Sep 13, 2020 at 03:29:57PM +0200, Martin Pieuchot wrote:
> > > I'm no longer able to reproduce the corruption while building lang/go
> > > with the diff below. Something relevant to threading change in go since
> > > march?
> > >
> > > Can someone try this diff and tell me if go and/or rust still fail?
> >
> > quickly tested with rustc build (nightly here), and it is failing at random
> > places (not always at the same) with memory errors (signal 11, compiler ICE
> > signal 6...)
> >
>
> A first hint.
>
> With the help of deraadt@, it was found that disabling
> uvm_map_inentry() call in usertrap() is enough to avoid the crashes.
>
> To be clear, I am using the following diff:
The diff below fixes at (for amd64).
What's happening is that uvm_map_inentry() may sleep to grab the lock
of the map. The fault address is read from cr2 in pageflttrap() which
gets called after this check and if the check sleeps, cr2 is likely to
be clobbered by a page fault in another process.
Diff below fixes this by reading cr2 early and passing it to pageflttrap().
ok?
Index: arch/amd64/amd64/trap.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/trap.c,v
retrieving revision 1.80
diff -u -p -r1.80 trap.c
--- arch/amd64/amd64/trap.c 19 Aug 2020 10:10:57 - 1.80
+++ arch/amd64/amd64/trap.c 14 Sep 2020 11:17:35 -
@@ -92,7 +92,7 @@
#include "isa.h"
-intpageflttrap(struct trapframe *, int _usermode);
+intpageflttrap(struct trapframe *, uint64_t, int _usermode);
void kerntrap(struct trapframe *);
void usertrap(struct trapframe *);
void ast(struct trapframe *);
@@ -157,12 +157,11 @@ fault(const char *format, ...)
* if something was so broken that we should panic.
*/
int
-pageflttrap(struct trapframe *frame, int usermode)
+pageflttrap(struct trapframe *frame, uint64_t cr2, int usermode)
{
struct proc *p = curproc;
struct pcb *pcb;
int error;
- uint64_t cr2;
vaddr_t va;
struct vm_map *map;
vm_prot_t ftype;
@@ -172,7 +171,6 @@ pageflttrap(struct trapframe *frame, int
map = >p_vmspace->vm_map;
pcb = >p_addr->u_pcb;
- cr2 = rcr2();
va = trunc_page((vaddr_t)cr2);
KERNEL_LOCK();
@@ -280,6 +278,7 @@ void
kerntrap(struct trapframe *frame)
{
int type = (int)frame->tf_trapno;
+ uint64_t cr2 = rcr2();
verify_smap(__func__);
uvmexp.traps++;
@@ -299,7 +298,7 @@ kerntrap(struct trapframe *frame)
/*NOTREACHED*/
case T_PAGEFLT: /* allow page faults in kernel mode */
- if (pageflttrap(frame, 0))
+ if (pageflttrap(frame, cr2, 0))
return;
goto we_re_toast;
@@ -333,6 +332,7 @@ usertrap(struct trapframe *frame)
{
struct proc *p = curproc;
int type = (int)frame->tf_trapno;
+ uint64_t cr2 = rcr2();
union sigval sv;
int sig, code;
@@ -381,7 +381,7 @@ usertrap(struct trapframe *frame)
break;
case T_PAGEFLT: /* page fault */
- if (pageflttrap(frame, 1))
+ if (pageflttrap(frame, cr2, 1))
goto out;
/* FALLTHROUGH */
pppoe: little cleanup
I'm going through the pppoeintr() code path wrt. KERNEL_LOCK(), first
step is discovery packet handling.
Reading the code makes me want to clean/simplify it a bit by zapping
needless variable assignments (dead store because next usage is another
assign) and merging initializations into declerations.
I'm running with this (and other diffs) just fine.
Feedback? OK?
Index: if_pppoe.c
===
RCS file: /cvs/src/sys/net/if_pppoe.c,v
retrieving revision 1.73
diff -u -p -r1.73 if_pppoe.c
--- if_pppoe.c 13 Sep 2020 11:00:40 - 1.73
+++ if_pppoe.c 13 Sep 2020 15:45:00 -
@@ -359,26 +359,22 @@ pppoeintr(void)
/* Analyze and handle a single received packet while not in session state. */
static void pppoe_dispatch_disc_pkt(struct mbuf *m, int off)
{
- struct pppoe_softc *sc;
+ struct pppoe_softc *sc = NULL;
struct pppoehdr *ph;
struct pppoetag *pt;
struct mbuf *n;
struct ether_header *eh;
- const char *err_msg, *devname;
- size_t ac_cookie_len;
- size_t relay_sid_len;
- int noff, err, errortag;
- u_int16_t *max_payload;
+ const char *err_msg = NULL, *devname = "pppoe";
+ size_t ac_cookie_len = 0;
+ size_t relay_sid_len = 0;
+ int noff, err, errortag = 0;
+ u_int16_t *max_payload = NULL;
u_int16_t tag, len;
u_int16_t session, plen;
- u_int8_t *ac_cookie;
- u_int8_t *relay_sid;
+ u_int8_t *ac_cookie = NULL;
+ u_int8_t *relay_sid = 0;
u_int8_t code;
- err_msg = NULL;
- devname = "pppoe";
- errortag = 0;
-
if (m->m_len < sizeof(*eh)) {
m = m_pullup(m, sizeof(*eh));
if (m == NULL)
@@ -387,13 +383,6 @@ static void pppoe_dispatch_disc_pkt(stru
eh = mtod(m, struct ether_header *);
off += sizeof(*eh);
- ac_cookie = NULL;
- ac_cookie_len = 0;
- relay_sid = NULL;
- relay_sid_len = 0;
- max_payload = NULL;
-
- session = 0;
if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) {
printf("pppoe: packet too short: %d\n", m->m_pkthdr.len);
goto done;
@@ -425,9 +414,6 @@ static void pppoe_dispatch_disc_pkt(stru
/* ignore trailing garbage */
m_adj(m, off + plen - m->m_pkthdr.len);
- tag = 0;
- len = 0;
- sc = NULL;
while (off + sizeof(*pt) <= m->m_pkthdr.len) {
n = m_pulldown(m, off, sizeof(*pt), );
if (n == NULL) {
dt: add static vfs probes
Hi,
Whilst analyzing the cleaner I added tracepoints called 'cleaner' and
'bufcache_take' to
track its behaviour.
For the sake of symmetry I've added one in bufcache_release() too and moved the
assignment
of 'pages' until after the KASSERT(), following the flow of bufcache_take().
Sample usage of these probes:
tracepoint:vfs:bufcache_take {
printf("bcache_take:%d(%s) flags: 0x%x cache: %d pages: %d\n",
tid, comm, arg0 , arg1, arg2);
}
tracepoint:vfs:bufcache_rel{
printf("bcache_rel:%d(%s) flags: 0x%x cache: %d pages: %d\n",
tid, comm, arg0, arg1, arg2);
}
tracepoint:vfs:cleaner{
printf("cleaner:%d(%s) flags: 0x%x pushed: %d lodirtypages: %d,
hidirtypages: %d\n",
tid, comm, arg0, arg1, arg2, arg3);
}
OK to commit this?
Index: dev/dt/dt_prov_static.c
===
RCS file: /cvs/src/sys/dev/dt/dt_prov_static.c,v
retrieving revision 1.4
diff -u -p -r1.4 dt_prov_static.c
--- dev/dt/dt_prov_static.c 13 Sep 2020 14:55:08 - 1.4
+++ dev/dt/dt_prov_static.c 14 Sep 2020 10:43:43 -
@@ -58,6 +58,13 @@ DT_STATIC_PROBE3(uvm, map_insert, "vaddr
DT_STATIC_PROBE3(uvm, map_remove, "vaddr_t", "vaddr_t", "vm_prot_t");
/*
+ * VFS
+ */
+DT_STATIC_PROBE3(vfs, bufcache_rel, "long", "int", "int64_t");
+DT_STATIC_PROBE3(vfs, bufcache_take, "long", "int", "int64_t");
+DT_STATIC_PROBE4(vfs, cleaner, "long", "int", "long", "long");
+
+/*
* List of all static probes
*/
struct dt_probe *dtps_static[] = {
@@ -76,6 +83,10 @@ struct dt_probe *dtps_static[] = {
&_DT_STATIC_P(uvm, fault),
&_DT_STATIC_P(uvm, map_insert),
&_DT_STATIC_P(uvm, map_remove),
+ /* VFS */
+ &_DT_STATIC_P(vfs, bufcache_rel),
+ &_DT_STATIC_P(vfs, bufcache_take),
+ &_DT_STATIC_P(vfs, cleaner),
};
int
Index: kern/vfs_bio.c
===
RCS file: /cvs/src/sys/kern/vfs_bio.c,v
retrieving revision 1.202
diff -u -p -r1.202 vfs_bio.c
--- kern/vfs_bio.c 12 Sep 2020 11:57:24 - 1.202
+++ kern/vfs_bio.c 14 Sep 2020 10:43:43 -
@@ -57,6 +57,7 @@
#include
#include
#include
+#include
#include
/* XXX Should really be in buf.h, but for uvm_constraint_range.. */
@@ -1209,6 +1210,9 @@ buf_daemon(void *arg)
}
while ((bp = bufcache_getdirtybuf())) {
+ TRACEPOINT(vfs, cleaner, bp->b_flags, pushed,
+ lodirtypages, hidirtypages);
+
if (UNCLEAN_PAGES < lodirtypages &&
bcstats.kvaslots_avail > 2 * RESERVE_SLOTS &&
pushed >= 16)
@@ -1693,6 +1697,9 @@ bufcache_take(struct buf *bp)
KASSERT((bp->cache < NUM_CACHES));
pages = atop(bp->b_bufsize);
+
+ TRACEPOINT(vfs, bufcache_take, bp->b_flags, bp->cache, pages);
+
struct bufcache *cache = [bp->cache];
if (!ISSET(bp->b_flags, B_DELWRI)) {
if (ISSET(bp->b_flags, B_COLD)) {
@@ -1756,8 +1763,11 @@ bufcache_release(struct buf *bp)
int64_t pages;
struct bufcache *cache = [bp->cache];
- pages = atop(bp->b_bufsize);
KASSERT(ISSET(bp->b_flags, B_BC));
+ pages = atop(bp->b_bufsize);
+
+ TRACEPOINT(vfs, bufcache_rel, bp->b_flags, bp->cache, pages);
+
if (fliphigh) {
if (ISSET(bp->b_flags, B_DMA) && bp->cache > 0)
panic("B_DMA buffer release from cache %d",
--
jasper
Document the WSDISPLAYIO_GETSCREENTYPE ioctl in wsdisplay.4
Hi tech@,
Here is a diff to document the WSDISPLAYIO_GETSCREENTYPE ioctl in
wsdisplay.4.
The wsdisplay_screentype structure definition can be found in
.
Comments? OK?
Index: wsdisplay.4
===
RCS file: /cvs/src/share/man/man4/wsdisplay.4,v
retrieving revision 1.54
diff -u -p -r1.54 wsdisplay.4
--- wsdisplay.4 25 May 2019 11:02:19 - 1.54
+++ wsdisplay.4 14 Sep 2020 09:56:03 -
@@ -174,6 +174,38 @@ indicates the number of color map entrie
and
.Dv WSDISPLAYIO_PUTCMAP .
This call is likely to be unavailable on text-only displays.
+.It Dv WSDISPLAYIO_GETSCREENTYPE Fa "struct wsdisplay_screentype"
+Retrieve basic information about a screen.
+The returned structure is as follows:
+.Bd -literal -offset indent
+struct wsdisplay_screentype {
+int idx;
+int nidx;
+char name[WSSCREEN_NAME_SIZE];
+int ncols, nrows;
+int fontwidth, fontheight;
+};
+.Ed
+.Pp
+The
+.Va idx
+field indicates the index of the screen.
+The
+.Va nidx
+field indicates the number of screens.
+The
+.Va name
+field contains a human readable string used to identify the screen.
+The
+.Va ncols
+and
+.Va nrows
+fields indicate the available number of columns and rows.
+The
+.Va fontwidth
+and
+.Va fontheight
+fields indicate the dimensions of a character cell and are counted in pixels.
.It Dv WSDISPLAYIO_GETCMAP Fa "struct wsdisplay_cmap"
Retrieve the current color map from the display.
This call needs the
Re: trunk: keep interface up on port removal
On 2020/09/14 10:57, Klemens Nanni wrote: > On Sun, Sep 13, 2020 at 06:44:13PM +0100, Stuart Henderson wrote: > > I can't test at the moment, but the other case is removing a port from > > the trunk without destroying the trunk interface itself. That's almost > > certainly what I was testing at the time. > Right, that's different from destroying the trunk. > > > The other thing to be aware of is that you may then end up with two > > separate interfaces with the same MAC. This may cause some problems for > > incoming traffic now we don't use weak host model on non-router systems. > > Not sure there is much we can do about that though. > I tested removing a single port from trunk and observed that both > interfaces do end up with the same MAC address, but this happens without > my diff already - I still don't see any behaviour after my diff wrt. MAC > addresses or anything else but the UP flag on port interfaces. > Thanks, that sounds like it's alright then.
Re: diff: pfctl: error message for nonexisting rtable
On Mon, Sep 14, 2020 at 02:09:27PM +0900, YASUOKA Masahiko wrote: > Make pfctl check if the rtable really exists when parsing the config. I concur, but you can do this with less (duplicated) code. Instead of copying rdomain_exists() into rtable_exists() with the `rti_domainid' check omitted, tweak (and rename) rdomain_exists() into returning the information whether the given ID is just an rtable. rdomain_exists() merges the "invalid id" and "id is an rtable but not an rdmomain" cases - make those separate return codes, check/adjust existing callers and use it for your new checks.
Re: trunk: keep interface up on port removal
On Sun, Sep 13, 2020 at 06:44:13PM +0100, Stuart Henderson wrote: > I can't test at the moment, but the other case is removing a port from > the trunk without destroying the trunk interface itself. That's almost > certainly what I was testing at the time. Right, that's different from destroying the trunk. > The other thing to be aware of is that you may then end up with two > separate interfaces with the same MAC. This may cause some problems for > incoming traffic now we don't use weak host model on non-router systems. > Not sure there is much we can do about that though. I tested removing a single port from trunk and observed that both interfaces do end up with the same MAC address, but this happens without my diff already - I still don't see any behaviour after my diff wrt. MAC addresses or anything else but the UP flag on port interfaces.
Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)
On 9/13/20 11:09 PM, Todd C. Miller wrote: > On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote: > >> I struggled a bit to configure smtpd to relay to a remote server that >> requires SSL client certificates. The solution is to just add a "pki >> host.example.org" option, but "pki" is not listed as a valid option for >> the relay delivery method, even though the parser accepts it. > > Looks good to me. Anyone else want to OK this? > > - todd > ok giovanni@ Cheers Giovanni
