summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-07-27Improve markup.Florian Obser
Suggested by schwarze
2021-07-27word fix; reported by debian at helgefjell deJason McIntyre
2021-07-27standardise the grammar in the options list;Jason McIntyre
issue reported by debian at helgefjell de ok dtucker djm
2021-07-27zap trailing comma in SEE ALSO;Jason McIntyre
2021-07-27Implemented from the Linux driver:Marcus Glocker
* Introduce split transaction order queues. * Improve the NAK interrupt handler routine. * Mostly move from list_move() to list_move_tail(). Those changes fix an attachment problem seen for certain devices which are issuing NAK interrupts during split transactions, which don't get handled correctly by the driver today. This could result in unexpected channel halting, printing "ChHltd set, but reason is unknown", which finally leaves the device back on a disabled USB port. ok kettenis@
2021-07-27'{' and '}' are fixed parts of the 'interface' decleration', not optional.Theo de Raadt
concern raised by kn. ok florian
2021-07-27new manual page X509_policy_check(3)Ingo Schwarze
2021-07-27more readable documentationMarc Espie
ok kmos@ sthen@ kn@
2021-07-27Introduce mutex(9) to protect pipex(4) session content.mvs
With bluhm@'s diff for parallel forwarding pipex(4) could be accessed in parallel through (*ifp->if_input)() -> ether_input() -> pipex_pppoe_input(). PPPOE pipex(4) sessions are mostly immutable except MPPE crypt. The new per-session `pxs_mtx' mutex(9) used to protect session's `ccp-id' which is incremented each time we send CCP reset-request. The new `pxm_mtx' mutex(9) used to protect MPPE context. Each pipex(4) session has two of them: one for the input and one for output path. Where is no lock order limitations because those new mutex(9)'es never held together. ok bluhm@
2021-07-27The SIOCAIFADDR_IN6 ioctl could lose a race against another processFlorian Obser
configuring the same IP. I forgot to fix slaacd after fixing the same problem in dhcpleased. Pointed out by afresh1
2021-07-27Restructure struct prefix a bit and move the rib pointer to the unionClaudio Jeker
that splits the normal RIB linkage vs the adjrib-out linkage. This is done to make a bit of space to put an extra add-path related id into the struct without blowing its size over 128 bytes. Long run this struct should be split up but the necessary changes are too large right now so this is the 2nd best option. OK benno@
2021-07-27Implemnt the RFC8050 in the MRT parser. With this MRT dumps containingClaudio Jeker
add-path information will be dumped properly. There is one bit where this implementation is not in line with the RFC. The encoding of DUMP_V2_RIB_GENERIC_ADDPATH for non IPv4 or IPv6 prefixes is implemented the way gobgp did it (which seems to be the only other BGP implementation that supports generic encoding). The RFC puts the path_id in the NLRI for generic encoding instead of adding it to RIB entry struct like in the IPv4 and IPv6 encoding. This is an open discussion point with the RFC author. OK benno@
2021-07-27Add the needed MRT dump defines for RFC8050 support. This will be usedClaudio Jeker
to dump add-path enabled systems because the NLRI format changes based on the add-path capability and there is no way to know which format is in use so new message types had to be added. Also extend the ctl_show_rib structure to include the path_id. OK benno@
2021-07-27replace efibind.h files with the small amount we needJonathan Gray
tested on armv7 arm64 and amd64 (bootx64) ok kettenis@ mpi@
2021-07-27Implement RFC9072: Extended Optional Parameters Length for BGP OPEN MessageClaudio Jeker
This allows to send more then 255 bytes of optional parameters. With this it is possible to send more capabilities. bgpd will switch automatically to the new extended lenght format if needed but by default the old 1 byte param length encoding is used to keep compatible with old systems. OK benno@
2021-07-27Fix Rx hash typeKevin Lo
This matches what Linux and FreeBSD do. ok jmatthew@
2021-07-26Use per-CPU counters for tunnel descriptor block (tdb) statistics.mvs
'tdb_data' struct became unused and was removed. ok bluhm@
2021-07-26Print a few more registers in dump_regs().Mark Kettenis
2021-07-26Do not queue crypto operations for IPsec. The packet entries inAlexander Bluhm
task queues were unlimited and could overflow during havy traffic. Even if we still use hardware drivers that sleep, softnet task instead of soft interrupt can handle this now. Without queues net lock is inherited and kernel lock is only needed once per packet. This results in less lock contention and faster IPsec. Also protect tdb drop counters with net lock and avoid a leak in crypto dispatch error handling. intense testing Hrvoje Popovski; OK mpi@
2021-07-26The mbuf header cleanup in revision 1.173 of ip_icmp.c was tooAlexander Bluhm
strict. ICMP error packets generated by pf were not passed immediately, but could be blocked. Preserve PF_TAG_GENERATED flag in icmp_reflect() and icmp6_reflect(). reported by sf@; OK patrick@ kn@
2021-07-26Fix typo.Alexander Bluhm
from alf schlichting
2021-07-26Add error checks for i2d_X509_NAME()Theo Buehler
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print(). ok schwarze
2021-07-26Adjust driver for device tree binding changes.Mark Kettenis
2021-07-26Fix accounting of the number of frames queued on an iwx(4) Tx ring.Stefan Sperling
Stop decrementing ring->queued inside the if-statement which guards maintenance of the OACTIVE flag. This is wrong and resulted in a negative counter value (visible in firmware error traces). The counter is already decremented in the loop above where frames are taken off the ring.
2021-07-26new manual page X509_policy_tree_level_count(3)Ingo Schwarze
documenting the X509_POLICY_TREE object and its sub-objects
2021-07-26Report write() and ioctl() errors encountered when writing GPT or MBR to disk.Kenneth R Westerback
Consolidate GPT/MBR read()/write() operations into DISK_writesectors() and DISK_readsectors(), producing clearer logic and consistent handling of i/o and errors. Add some DPRINTF() and #ifdef DEBUG sections to allow more detailed error reporting when desired.
2021-07-26small tweaks to dhcpleased.conf(5), ok jmc florianStuart Henderson
2021-07-26Pass make flags to kernel and lib buildskn
Running `make -j4' in /usr/src/distrib/amd64/ramdisk_cd/ et al. executes make(1) to both build the RAMDISK kernel and build libraries. Doing so does not propagate the flags specified to the ramdisk_cd invocation, which in turn means `-j4' for example is ignored and both kernel and libraries will not be built in parallel. Pass make(1)'s MFLAGS along to retain relevant flags; make is clever enough to separate flags, variable assignments and targets from each other and only pass along things to `MFLAGS' that'd make sense, i.e. `make -C. -j4 foo=bar' does *not* pass `-C.' to change directories. (can be easily tested with `make -p ... | grep MFLAGS'.) This makes hacking on ramdisks/the installer much faster, espescially since the `bsd' target does `make clean' and therefore builds a new kernel every time. OK deraadt
2021-07-26fix an mbuf leak with m_len 0 mbufsJonathan Gray
from niklas@ via mikeb@
2021-07-26Implement possibility to send vendor class identifier (option 60) andFlorian Obser
client identifier (option 61). Some dhcp servers expect these options and refuse to hand out a lease without them. Need for vendor class identifier pointed out & tested by bket Need for client identifier pointed out by sthen Input & reads OK sthen (as part of a larger diff) OK kn (as part of a larger diff)
2021-07-26The SIOCAIFADDR ioctl could lose a race against another processFlorian Obser
configuring the same IP. Found the hard way by afresh1
2021-07-26Qt4 cleanuprsadowski
Drop all references to qt4 and replace by qt5/6. Tweaks and OK espie@
2021-07-26retry i2c transfers on -EAGAIN up to the number of times specified inJonathan Gray
struct i2c_adapter inteldrm gmbus returns -EAGAIN to fallback to gpio bitbanging
2021-07-26Add mtx_enter/mtx_leave in kvp_pool_keys().asou
ok mikeb
2021-07-26Pass a socket pointer to various socket buffer routines in preparation forMartin Pieuchot
per-socket locking. No functional change.
2021-07-26Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert().Joel Sing
The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@
2021-07-25Consistently use __asm instead of asm/__asm__Jeremie Courreges-Anglas
ok kettenis@
2021-07-25The output of server_root_strip() is a string. Use the correct formatSebastian Benoit
"%s". Same for the output of relay_expand_http(). with and ok claudio@ Found by Cedric Tessier, thanks!
2021-07-25nanosleep.2: HISTORY: correct historic sleep() system call originscheloha
A sleep() system call first appeared in Research UNIX v2, not v3. See, e.g., the TOC here: https://www.tuhs.org/Archive/Distributions/Research/Dennis_v2/v2man.pdf Pointed out by jsg@ in a related discussion on tech@: https://marc.info/?l=openbsd-tech&m=162718667209936&w=2
2021-07-25Kill unused sbinsertoob().Martin Pieuchot
ok mvs@
2021-07-25Document X509_STORE_CTX_set_trust(3), X509_STORE_CTX_set_purpose(3),Ingo Schwarze
and X509_STORE_CTX_purpose_inherit(3). These functions look deceptively simple on first sight, but their semantics is surprisingly complicated.
2021-07-25If the lease didn't contain renewal or rebinding options set theFlorian Obser
defaults before validating the times to prevent excessive logging. Found the hard way & OK brynet
2021-07-25Skip unit and makefile-based key conversion tests when we're buildingDarren Tucker
with OPENSSL=no.
2021-07-25Replace OPENSSL as the variable that points to the openssl binaryDarren Tucker
with OPENSSL_BIN. This will allow us to use the OPENSSL variable from mk.conf or the make(1) command line indicating if we're building with our without OpenSSL, and ultimately get the regress tests working in the OPENSSL=no configuration.
2021-07-25nobody noticed, but the variable is still called "MODULES" with an SMarc Espie
2021-07-25Do not doubt a secure (i.e. validated) NXDOMAIN response when we justFlorian Obser
switched networks. We validated it, we can't do better than that! While here reorder the long list of conditions to make it easier to understand when we doubt a response because we might be behind a captive portal. First list all conditions when we do not doubt the response and then the two conditions when we do doubt the response. OK benno
2021-07-25We store a list of resolver strategies in order of their preference inFlorian Obser
the configuration struct. This is also an implicit list of enabled resolver strategies. We have also stored an explict lookup array of enabled strategies outside of the configuration to be able to quickly answer "is this strategy enabled" without traversing the preferences list. Move this table into the configuration so that we don't need to "repair" it on config reload. This fixes a bug where on startup the preferences list and enabled lookup table were not in sync. It didn't matter in practice since we do a config reload and then pass in DNSSEC trustanchors on startup. Both actions combined repaired things. OK benno
2021-07-25Force to use serial console when no graphic board is found.Kenji Aoyama
If no graphic board is found, LUNA's ROM monitor forces to use serial console even though DIP switch setting is 'use graphic console'. For the consistency, change the the kernel behavior the same as ROM monitor does. Tested on my LUNA-88K2.
2021-07-25Enable LEDs for the LAN7800 chip, as e.g. found on theMarcus Glocker
Raspberry Pi 3 Model B+. ok kevlo@
2021-07-25enable iwm(4)Jonathan Gray
from Ashton Fagg who tested on 9260