diff --git a/etc/skel/dot.profile b/etc/skel/dot.profile index 52ff7ba68..e58de9075 100644 --- a/etc/skel/dot.profile +++ b/etc/skel/dot.profile @@ -3,4 +3,5 @@ # sh/ksh initialization PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin +export PS1="\[\033[38;5;69m\]┌─(\[\033[38;5;15m\]\u\[\033[38;5;69m\]@\[\033[38;5;15m\]\h\[\033[38;5;69m\])\[\033[38;5;69m\]─[\[\033[38;5;69m\]\w\[\033[38;5;69m\]]\n\[\033[38;5;69m\]└─$\[$(tput sgr0)\] " export PATH HOME TERM diff --git a/lib/libz/infback.c b/lib/libz/infback.c index 2f884e735..8984a68d3 100644 --- a/lib/libz/infback.c +++ b/lib/libz/infback.c @@ -46,7 +46,7 @@ int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits, #ifdef Z_SOLO return Z_STREAM_ERROR; #else - strm->zfree = zcfree; + strm->zfree = zcfree; #endif state = (struct inflate_state FAR *)ZALLOC(strm, 1, sizeof(struct inflate_state)); diff --git a/regress/sys/netinet/frag/frag_adjhole.py b/regress/sys/netinet/frag/frag_adjhole.py new file mode 100644 index 000000000..3b17062bc --- /dev/null +++ b/regress/sys/netinet/frag/frag_adjhole.py @@ -0,0 +1,57 @@ +#!/usr/local/bin/python3 + +print("overlapping ping fragments which modifies pf hole counter") + +# |--------| +# |--------| +# |-------| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() +eid=pid & 0xffff +payload=b"ABCDEFGHIJKLMNOP" * 2 +packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ + ICMP(type='echo-request', id=eid)/payload +frag=[] +fid=pid & 0xffff +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + flags='MF')/bytes(packet)[20:36]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=2, flags='MF')/bytes(packet)[36:52]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=1, flags='MF')/bytes(packet)[28:44]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=4)/bytes(packet)[52:60]) +eth=[] +for f in frag: + eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=LOCAL_IF) + os._exit(0) + +ans=sniff(iface=LOCAL_IF, timeout=3, filter= + "ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp") +for a in ans: + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag == 0 and a.payload.flags == 0 and \ + icmptypes[a.payload.payload.type] == 'echo-reply': + id=a.payload.payload.id + print("id=%#x" % (id)) + if id != eid: + print("WRONG ECHO REPLY ID") + exit(2) + data=a.payload.payload.payload.load + print("payload=%s" % (data)) + if data == payload: + exit(0) + print("PAYLOAD!=%s" % (payload)) + exit(1) +print("NO ECHO REPLY") +exit(2) diff --git a/regress/sys/netinet/frag/frag_overhole.py b/regress/sys/netinet/frag/frag_overhole.py new file mode 100644 index 000000000..c95508630 --- /dev/null +++ b/regress/sys/netinet/frag/frag_overhole.py @@ -0,0 +1,82 @@ +#!/usr/local/bin/python3 + +print("ping fragment at index boundary which modifies pf hole counter") + +# index boundary 4096 | +# |--------------| +# .... +# |--------------| +# |----------| +# |XXXX----------| +# |XXXX----| +# |---| + +# this should trigger "frag tail overlap %d" and "frag head overlap %d" + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() +eid=pid & 0xffff +payload=b"ABCDEFGHIJKLMNOP" +dummy=b"01234567" +fragsize=1024 +boundary=4096 +fragnum=int(boundary/fragsize) +packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ + ICMP(type='echo-request', id=eid)/ \ + ((int((boundary+fragsize)/len(payload)) + 1) * payload) +packet_length=len(packet) +frag=[] +fid=pid & 0xffff +for i in range(fragnum-1): + frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=(i*fragsize)>>3, flags='MF')/ + bytes(packet)[20+i*fragsize:20+(i+1)*fragsize]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=(boundary-fragsize)>>3, flags='MF')/ + bytes(packet)[20+boundary-fragsize:20+boundary-len(dummy)]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=(boundary-len(dummy))>>3, flags='MF')/ + (dummy+bytes(packet)[20+boundary:20+boundary+fragsize])) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=(boundary-8-len(dummy))>>3, flags='MF')/ + (dummy+bytes(packet)[20+boundary-8:20+boundary])) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=(boundary+fragsize)>>3)/bytes(packet)[20+boundary+fragsize:]) +eth=[] +for f in frag: + eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f) + +if os.fork() == 0: + time.sleep(1) + for e in eth: + sendp(e, iface=LOCAL_IF) + time.sleep(0.001) + os._exit(0) + +ans=sniff(iface=LOCAL_IF, timeout=3, filter= + "ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp") +for a in ans: + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag == 0 and \ + icmptypes[a.payload.payload.type] == 'echo-reply': + id=a.payload.payload.id + print("id=%#x" % (id)) + if id != eid: + print("WRONG ECHO REPLY ID") + exit(2) + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag > 0 and \ + a.payload.flags == '': + len=(a.payload.frag<<3)+a.payload.len + print("len=%d" % (len)) + if len != packet_length: + print("WRONG ECHO REPLY LENGTH") + exit(1) + exit(0) +print("NO ECHO REPLY") +exit(1) diff --git a/regress/sys/netinet/frag/frag_overindex.py b/regress/sys/netinet/frag/frag_overindex.py index 52f44a626..a401a734f 100644 --- a/regress/sys/netinet/frag/frag_overindex.py +++ b/regress/sys/netinet/frag/frag_overindex.py @@ -9,8 +9,6 @@ print("ping fragment that overlaps the first fragment at index boundary") # |XXXX-----| # |--------------| -# this should trigger "frag index %d, new %d" log in kernel - import os from addr import * from scapy.all import * @@ -25,6 +23,7 @@ fragnum=int(boundary/fragsize) packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ ICMP(type='echo-request', id=eid)/ \ (int((boundary+8)/len(payload)) * payload) +packet_length=len(packet) frag=[] fid=pid & 0xffff for i in range(fragnum-1): @@ -60,6 +59,15 @@ for a in ans: if id != eid: print("WRONG ECHO REPLY ID") exit(2) + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag > 0 and \ + a.payload.flags == '': + len=(a.payload.frag<<3)+a.payload.len + print("len=%d" % (len)) + if len != packet_length: + print("WRONG ECHO REPLY LENGTH") + exit(1) exit(0) print("NO ECHO REPLY") exit(1) diff --git a/regress/sys/netinet/frag/frag_overlimit.py b/regress/sys/netinet/frag/frag_overlimit.py index 376e8edf0..7ab41cff5 100644 --- a/regress/sys/netinet/frag/frag_overlimit.py +++ b/regress/sys/netinet/frag/frag_overlimit.py @@ -11,8 +11,6 @@ print("ping fragment at index boundary that cannot be requeued") # |XXXX-----| # |--------------| -# this should trigger "fragment requeue limit exceeded" log in kernel - import os from itertools import chain from addr import * diff --git a/regress/sys/netinet/frag/frag_overreplace.py b/regress/sys/netinet/frag/frag_overreplace.py index 0335d9463..61e23993a 100644 --- a/regress/sys/netinet/frag/frag_overreplace.py +++ b/regress/sys/netinet/frag/frag_overreplace.py @@ -26,6 +26,7 @@ fragnum=int(boundary/fragsize) packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ ICMP(type='echo-request', id=eid)/ \ (int((boundary+fragsize)/len(payload)) * payload) +packet_length=len(packet) frag=[] fid=pid & 0xffff for i in range(fragnum-1): @@ -63,6 +64,15 @@ for a in ans: if id != eid: print("WRONG ECHO REPLY ID") exit(2) + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag > 0 and \ + a.payload.flags == '': + len=(a.payload.frag<<3)+a.payload.len + print("len=%d" % (len)) + if len != packet_length: + print("WRONG ECHO REPLY LENGTH") + exit(1) exit(0) print("NO ECHO REPLY") exit(1) diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index f4ca11405..cd8eb9244 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.148 2024/08/02 22:24:51 guenther Exp $ */ +/* $OpenBSD: locore.S,v 1.150 2025/02/02 05:45:20 guenther Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* @@ -882,8 +882,30 @@ KTEXT_PAGE_START 0: pause lfence jmp 0b - .space (.Liretq_swapgs - XUsyscall_meltdown) - \ - (. - Xsyscall_meltdown), 0xcc +.LKiretq_swapgs: + /* + * The desired directive here would be: + * .space (.Liretq_swapgs - XUsyscall_meltdown) - \ + * (.LKiretq_swapgs - Xsyscall_meltdown), 0xcc + * + * While llvm-18 and earlier handled that, llvm/clang-19 miscalculates + * it and thinks that's a negative number; it's not: the correct value + * at this time is "2". Indeed, it calculates the value correctly if + * you append this bit to the end of locore.S: + * .section .rodata + * right_value: + * .quad (.Liretq_swapgs - XUsyscall_meltdown) - \ + * (.LKiretq_swapgs - Xsyscall_meltdown) + * You can build locore.o manually, use objdump on it, and see what + * value was stored at 'right_value'! So compiler updates go. + * Fortunately(?), this has broken before so the kernel Makefile + * checks the compiled locore.o to verify that the iretq instructions + * line up (that being the most critical part of what matters). If + * the intr_user_exit sequence changes such that the correct value is + * _not_ "2" and builds fail, then append that chunk above and get the + * correct new value to use here. :( + */ + .space 2, 0xcc CODEPATCH_END(CPTAG_MELTDOWN_NOP) swapgs diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c index 4fb10f14a..cff4a74df 100644 --- a/sys/arch/arm64/arm64/cpu.c +++ b/sys/arch/arm64/arm64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.135 2025/01/25 12:29:35 kettenis Exp $ */ +/* $OpenBSD: cpu.c,v 1.137 2025/02/02 13:36:09 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn @@ -673,7 +673,10 @@ cpu_identify(struct cpu_info *ci) printf("\n%s: mismatched ID_AA64MMFR0_EL1", ci->ci_dev->dv_xname); } - if (READ_SPECIALREG(id_aa64mmfr1_el1) != cpu_id_aa64mmfr1) { + id = READ_SPECIALREG(id_aa64mmfr1_el1); + /* Allow SpecSEI to be different. */ + id &= ~ID_AA64MMFR1_SPECSEI_MASK; + if (id != cpu_id_aa64mmfr1) { printf("\n%s: mismatched ID_AA64MMFR1_EL1", ci->ci_dev->dv_xname); } @@ -1251,10 +1254,12 @@ cpu_identify_cleanup(void) if (ID_AA64ISAR1_SB(cpu_id_aa64isar1) >= ID_AA64ISAR1_SB_IMPL) hwcap |= HWCAP_SB; if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC || - ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC) + ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC || + ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC) hwcap |= HWCAP_PACA; if (ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL || - ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL) + ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL || + ID_AA64ISAR2_GPA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_GPA3_IMPL) hwcap |= HWCAP_PACG; /* HWCAP2 */ @@ -1430,6 +1435,14 @@ cpu_attach(struct device *parent, struct device *dev, void *aux) cpu_id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1); cpu_id_aa64pfr1 = READ_SPECIALREG(id_aa64pfr1_el1); + /* + * The SpecSEI "feature" isn't relevant for userland. + * So it is fine if this field differs between CPU + * cores. Mask off this field to prevent exporting it + * to userland. + */ + cpu_id_aa64mmfr1 &= ~ID_AA64MMFR1_SPECSEI_MASK; + /* * The CSV2/CSV3 "features" are handled on a * per-processor basis. So it is fine if these fields @@ -1524,7 +1537,8 @@ cpu_init(void) /* Enable PAuth. */ if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC || - ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC) { + ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC || + ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC) { sctlr = READ_SPECIALREG(sctlr_el1); sctlr |= SCTLR_EnIA | SCTLR_EnDA; sctlr |= SCTLR_EnIB | SCTLR_EnDB; diff --git a/sys/arch/arm64/arm64/pmap.c b/sys/arch/arm64/arm64/pmap.c index 82aabcee0..274267a1f 100644 --- a/sys/arch/arm64/arm64/pmap.c +++ b/sys/arch/arm64/arm64/pmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.c,v 1.108 2025/01/31 20:49:25 kettenis Exp $ */ +/* $OpenBSD: pmap.c,v 1.110 2025/02/03 17:59:40 jca Exp $ */ /* * Copyright (c) 2008-2009,2014-2016 Dale Rahn * @@ -729,10 +729,6 @@ pmap_remove_pted(pmap_t pm, struct pte_desc *pted) pmap_pte_remove(pted, pm != pmap_kernel()); ttlb_flush(pm, pted->pted_va & ~PAGE_MASK); - if (pted->pted_va & PTED_VA_EXEC_M) { - pted->pted_va &= ~PTED_VA_EXEC_M; - } - if (PTED_MANAGED(pted)) pmap_remove_pv(pted); @@ -821,9 +817,6 @@ pmap_kremove_pg(vaddr_t va) pmap_pte_remove(pted, 0); ttlb_flush(pm, pted->pted_va & ~PAGE_MASK); - if (pted->pted_va & PTED_VA_EXEC_M) - pted->pted_va &= ~PTED_VA_EXEC_M; - if (PTED_MANAGED(pted)) pmap_remove_pv(pted); @@ -2335,7 +2328,8 @@ void pmap_setpauthkeys(struct pmap *pm) { if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC || - ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC) { + ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC || + ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC) { __asm volatile ("msr apiakeylo_el1, %0" :: "r"(pm->pm_apiakey[0])); __asm volatile ("msr apiakeyhi_el1, %0" @@ -2355,7 +2349,8 @@ pmap_setpauthkeys(struct pmap *pm) } if (ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL || - ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL) { + ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL || + ID_AA64ISAR2_GPA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_GPA3_IMPL) { __asm volatile ("msr apgakeylo_el1, %0" :: "r"(pm->pm_apgakey[0])); __asm volatile ("msr apgakeyhi_el1, %0" diff --git a/sys/arch/arm64/include/armreg.h b/sys/arch/arm64/include/armreg.h index 0f1192736..f1bc37031 100644 --- a/sys/arch/arm64/include/armreg.h +++ b/sys/arch/arm64/include/armreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: armreg.h,v 1.40 2025/01/25 12:29:35 kettenis Exp $ */ +/* $OpenBSD: armreg.h,v 1.41 2025/02/02 11:21:45 kettenis Exp $ */ /*- * Copyright (c) 2013, 2014 Andrew Turner * Copyright (c) 2015 The FreeBSD Foundation @@ -453,7 +453,7 @@ #define ID_AA64ISAR1_LS64_ACCDATA (0x3ULL << ID_AA64ISAR1_LS64_SHIFT) /* ID_AA64ISAR2_EL1 */ -#define ID_AA64ISAR2_MASK 0x00ff0000f0ff00ffULL +#define ID_AA64ISAR2_MASK 0x00ff0000f0ffffffULL #define ID_AA64ISAR2_WFXT_SHIFT 0 #define ID_AA64ISAR2_WFXT_MASK (0xfULL << ID_AA64ISAR2_WFXT_SHIFT) #define ID_AA64ISAR2_WFXT(x) ((x) & ID_AA64ISAR2_WFXT_MASK) diff --git a/sys/arch/arm64/include/pmap.h b/sys/arch/arm64/include/pmap.h index c49f077ce..125d073e9 100644 --- a/sys/arch/arm64/include/pmap.h +++ b/sys/arch/arm64/include/pmap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.h,v 1.27 2025/01/31 20:49:25 kettenis Exp $ */ +/* $OpenBSD: pmap.h,v 1.28 2025/02/03 17:59:40 jca Exp $ */ /* * Copyright (c) 2008,2009,2014 Dale Rahn * @@ -48,7 +48,6 @@ #define PTED_VA_MANAGED_M (PMAP_MD3) #define PTED_VA_WIRED_M (PMAP_MD3 << 1) -#define PTED_VA_EXEC_M (PMAP_MD3 << 2) #if defined(_KERNEL) && !defined(_LOCORE) diff --git a/sys/dev/acpi/acpireg.h b/sys/dev/acpi/acpireg.h index 67b7fa085..075059c7e 100644 --- a/sys/dev/acpi/acpireg.h +++ b/sys/dev/acpi/acpireg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: acpireg.h,v 1.61 2024/08/08 07:01:22 kettenis Exp $ */ +/* $OpenBSD: acpireg.h,v 1.62 2025/02/02 15:52:20 patrick Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * Copyright (c) 2005 Marco Peereboom @@ -800,6 +800,27 @@ struct acpi_iort_smmu_pmu_interrupt { uint32_t flags; } __packed; +struct acpi_iort_smmu_v3_node { + uint64_t base_address; + uint32_t flags; +#define ACPI_IORT_SMMU_V3_COHACC_OVERRIDE(x) (((x) >> 0) & 0x1) +#define ACPI_IORT_SMMU_V3_HTTU_OVERRIDE(x) (((x) >> 1) & 0x3) +#define ACPI_IORT_SMMU_V3_PROX_DOM_VALID (1 << 3) +#define ACPI_IORT_SMMU_V3_DEVID_MAP_VALID (1 << 4) + uint32_t reserved; + uint64_t vatos_address; + uint32_t model; +#define ACPI_IORT_SMMU_V3_GENERIC 0 +#define ACPI_IORT_SMMU_V3_HISILICON_HI161X 1 +#define ACPI_IORT_SMMU_V3_CAVIUM_CN99X 2 + uint32_t event; + uint32_t pri; + uint32_t gerr; + uint32_t sync; + uint32_t proximity_domain; + uint32_t deviceid_mapping_index; +} __packed; + struct acpi_iort_mapping { uint32_t input_base; uint32_t number_of_ids; diff --git a/sys/dev/kcov.c b/sys/dev/kcov.c index 17574fa1e..163d31c43 100644 --- a/sys/dev/kcov.c +++ b/sys/dev/kcov.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kcov.c,v 1.50 2024/11/10 10:04:33 jsg Exp $ */ +/* $OpenBSD: kcov.c,v 1.51 2025/02/02 21:05:12 gnezdo Exp $ */ /* * Copyright (c) 2018 Anton Lindqvist @@ -34,7 +34,7 @@ #include #define KCOV_BUF_MEMB_SIZE sizeof(uintptr_t) -#define KCOV_BUF_MAX_NMEMB (256 << 10) +#define KCOV_BUF_MAX_NMEMB (512 << 10) #define KCOV_CMP_CONST 0x1 #define KCOV_CMP_SIZE(x) ((x) << 1) diff --git a/sys/dev/pci/if_aq_pci.c b/sys/dev/pci/if_aq_pci.c index 90dc1d5fa..287705d85 100644 --- a/sys/dev/pci/if_aq_pci.c +++ b/sys/dev/pci/if_aq_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_aq_pci.c,v 1.29 2025/01/26 23:09:48 jmatthew Exp $ */ +/* $OpenBSD: if_aq_pci.c,v 1.30 2025/02/02 08:28:14 jmatthew Exp $ */ /* $NetBSD: if_aq.c,v 1.27 2021/06/16 00:21:18 riastradh Exp $ */ /* @@ -365,6 +365,7 @@ #define TPB_TX_BUF_SCP_INS_EN (1 << 2) #define TPB_TX_BUF_CLK_GATE_EN (1 << 5) #define TPB_TX_BUF_TC_MODE_EN (1 << 8) +#define TPB_TX_BUF_TC_Q_RAND_MAP_EN (1 << 9) /* TPB_TXB_BUFSIZE_REG[AQ_TRAFFICCLASS_NUM] 0x7910-7990 */ @@ -467,7 +468,7 @@ #define AQ2_RPF_REDIR2_REG 0x54c8 #define AQ2_RPF_REDIR2_INDEX (1 << 12) -#define AQ2_RPF_REDIR2_HASHTYPE 0x00000100 +#define AQ2_RPF_REDIR2_HASHTYPE 0x000001FF #define AQ2_RPF_REDIR2_HASHTYPE_NONE 0 #define AQ2_RPF_REDIR2_HASHTYPE_IP (1 << 0) #define AQ2_RPF_REDIR2_HASHTYPE_TCP4 (1 << 1) @@ -478,7 +479,16 @@ #define AQ2_RPF_REDIR2_HASHTYPE_IP6EX (1 << 6) #define AQ2_RPF_REDIR2_HASHTYPE_TCP6EX (1 << 7) #define AQ2_RPF_REDIR2_HASHTYPE_UDP6EX (1 << 8) -#define AQ2_RPF_REDIR2_HASHTYPE_ALL 0x00000100 +#define AQ2_RPF_REDIR2_HASHTYPE_ALL 0x000001FF + +#define AQ2_RX_Q_TC_MAP_REG(i) (0x5900 + (i) * 4) +#define AQ2_TX_Q_TC_MAP_REG(i) (0x799c + (i) * 4) + +#define AQ2_RPF_RSS_REDIR_MAX 64 +#define AQ2_RPF_RSS_REDIR_REG(tc, i) \ + (0x6200 + (0x100 * ((tc) >> 2)) + (i) * 4) +#define AQ2_RPF_RSS_REDIR_TC_MASK(tc) \ + (0x1f << (5 * ((tc) & 3))) #define AQ2_RPF_REC_TAB_ENABLE_REG 0x6ff0 #define AQ2_RPF_REC_TAB_ENABLE_MASK 0x0000ffff @@ -1282,8 +1292,7 @@ aq_attach(struct device *parent, struct device *self, void *aux) if (pci_intr_map_msix(pa, 0, &ih) == 0) { int nmsix = pci_intr_msix_count(pa); - /* don't do rss on aq2 yet */ - if (aqp->aq_hwtype == HWTYPE_AQ1 && nmsix > 1) { + if (nmsix > 1) { nmsix--; sc->sc_intrmap = intrmap_create(&sc->sc_dev, nmsix, AQ_MAXQ, INTRMAP_POWEROF2); @@ -2803,6 +2812,26 @@ aq_hw_qos_set(struct aq_softc *sc) AQ_WRITE_REG_BIT(sc, RPF_RPB_RX_TC_UPT_REG, RPF_RPB_RX_TC_UPT_MASK(i_priority), 0); } + + /* ring to TC mapping */ + if (HWTYPE_AQ2_P(sc)) { + AQ_WRITE_REG_BIT(sc, TPB_TX_BUF_REG, + TPB_TX_BUF_TC_Q_RAND_MAP_EN, 1); + + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(0), 0x00000000); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(1), 0x00000000); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(2), 0x01010101); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(3), 0x01010101); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(4), 0x02020202); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(5), 0x02020202); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(6), 0x03030303); + AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(7), 0x03030303); + + AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(0), 0x00000000); + AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(1), 0x11111111); + AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(2), 0x22222222); + AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(3), 0x33333333); + } } int @@ -2817,6 +2846,19 @@ aq_init_rss(struct aq_softc *sc) if (sc->sc_nqueues == 1) return 0; + if (HWTYPE_AQ2_P(sc)) { + AQ_WRITE_REG_BIT(sc, AQ2_RPF_REDIR2_REG, AQ2_RPF_REDIR2_INDEX, 0); + for (i = 0; i < AQ2_RPF_RSS_REDIR_MAX; i++) { + int tc; + int q; + for (tc = 0; tc < 4; tc++) { + q = (tc * 8) + (i % sc->sc_nqueues); + AQ_WRITE_REG_BIT(sc, AQ2_RPF_RSS_REDIR_REG(tc, i), + AQ2_RPF_RSS_REDIR_TC_MASK(tc), q); + } + } + } + /* rss key is composed of 32 bit registers */ stoeplitz_to_key(rss_key, sizeof(rss_key)); for (i = 0; i < nitems(rss_key); i++) { diff --git a/sys/dev/usb/xhcivar.h b/sys/dev/usb/xhcivar.h index 884cd5b73..7cf70ea94 100644 --- a/sys/dev/usb/xhcivar.h +++ b/sys/dev/usb/xhcivar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xhcivar.h,v 1.16 2024/08/17 01:55:03 jsg Exp $ */ +/* $OpenBSD: xhcivar.h,v 1.17 2025/02/01 22:46:34 patrick Exp $ */ /* * Copyright (c) 2014 Martin Pieuchot @@ -133,8 +133,24 @@ int xhci_intr(void *); int xhci_detach(struct device *, int); int xhci_activate(struct device *, int); -#define XREAD1(sc, a) bus_space_read_1((sc)->iot, (sc)->ioh, (a)) -#define XREAD2(sc, a) bus_space_read_2((sc)->iot, (sc)->ioh, (a)) +static inline uint8_t +xhci_read_1(bus_space_tag_t iot, bus_space_handle_t ioh, bus_size_t offset) +{ + uint32_t reg; + reg = bus_space_read_4(iot, ioh, offset & ~3); + return (reg >> ((offset & 3) * 8)) & 0xff; +} + +static inline uint16_t +xhci_read_2(bus_space_tag_t iot, bus_space_handle_t ioh, bus_size_t offset) +{ + uint32_t reg; + reg = bus_space_read_4(iot, ioh, offset & ~2); + return (reg >> ((offset & 2) * 8)) & 0xffff; +} + +#define XREAD1(sc, a) xhci_read_1((sc)->iot, (sc)->ioh, (a)) +#define XREAD2(sc, a) xhci_read_2((sc)->iot, (sc)->ioh, (a)) #define XREAD4(sc, a) bus_space_read_4((sc)->iot, (sc)->ioh, (a)) #define XWRITE1(sc, a, x) bus_space_write_1((sc)->iot, (sc)->ioh, (a), (x)) #define XWRITE2(sc, a, x) bus_space_write_2((sc)->iot, (sc)->ioh, (a), (x)) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 7d9e5095c..88a063845 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.369 2025/01/31 13:49:18 mvs Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.370 2025/02/03 09:00:55 mvs Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -2444,9 +2444,9 @@ filt_sowmodify(struct kevent *kev, struct knote *kn) struct socket *so = kn->kn_fp->f_data; int rv; - sofilt_lock(so, &so->so_snd); + mtx_enter(&so->so_snd.sb_mtx); rv = knote_modify(kev, kn); - sofilt_unlock(so, &so->so_snd); + mtx_leave(&so->so_snd.sb_mtx); return (rv); } @@ -2457,9 +2457,9 @@ filt_sowprocess(struct knote *kn, struct kevent *kev) struct socket *so = kn->kn_fp->f_data; int rv; - sofilt_lock(so, &so->so_snd); + mtx_enter(&so->so_snd.sb_mtx); rv = knote_process(kn, kev); - sofilt_unlock(so, &so->so_snd); + mtx_leave(&so->so_snd.sb_mtx); return (rv); } diff --git a/sys/lib/libz/infback.c b/sys/lib/libz/infback.c index d930af912..c9a45dafb 100644 --- a/sys/lib/libz/infback.c +++ b/sys/lib/libz/infback.c @@ -46,7 +46,7 @@ int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits, #ifdef Z_SOLO return Z_STREAM_ERROR; #else - strm->zfree = zcfree; + strm->zfree = zcfree; #endif state = (struct inflate_state FAR *)ZALLOC(strm, 1, sizeof(struct inflate_state)); diff --git a/sys/net/if.c b/sys/net/if.c index 3dceba451..c60e5e62e 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.725 2025/01/25 10:53:36 mvs Exp $ */ +/* $OpenBSD: if.c,v 1.726 2025/02/03 08:58:52 mvs Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -975,7 +975,7 @@ if_output_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af) ifiq = ifp->if_iqs[flow % ifp->if_niqs]; - return (ifiq_enqueue(ifiq, m) == 0 ? 0 : ENOBUFS); + return (ifiq_enqueue_qlim(ifiq, m, 8192) == 0 ? 0 : ENOBUFS); } void diff --git a/sys/net/ifq.c b/sys/net/ifq.c index 747709942..230fa98f0 100644 --- a/sys/net/ifq.c +++ b/sys/net/ifq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifq.c,v 1.55 2024/11/20 02:18:45 dlg Exp $ */ +/* $OpenBSD: ifq.c,v 1.56 2025/02/03 08:58:52 mvs Exp $ */ /* * Copyright (c) 2015 David Gwynne @@ -796,9 +796,10 @@ ifiq_add_data(struct ifiqueue *ifiq, struct if_data *data) } int -ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m) +ifiq_enqueue_qlim(struct ifiqueue *ifiq, struct mbuf *m, unsigned int qlim) { struct ifnet *ifp = ifiq->ifiq_if; + unsigned int len; #if NBPFILTER > 0 caddr_t if_bpf = ifp->if_bpf; #endif @@ -825,10 +826,22 @@ ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m) mtx_enter(&ifiq->ifiq_mtx); ifiq->ifiq_packets++; ifiq->ifiq_bytes += m->m_pkthdr.len; - ifiq->ifiq_enqueues++; - ml_enqueue(&ifiq->ifiq_ml, m); + + if (qlim && ((len = ml_len(&ifiq->ifiq_ml) >= qlim))) { + ifiq->ifiq_qdrops++; + } else { + ifiq->ifiq_enqueues++; + ml_enqueue(&ifiq->ifiq_ml, m); + m = NULL; + } + mtx_leave(&ifiq->ifiq_mtx); + if (m) { + m_freem(m); + return (0); + } + task_add(ifiq->ifiq_softnet, &ifiq->ifiq_task); return (0); diff --git a/sys/net/ifq.h b/sys/net/ifq.h index 18fdb4180..e8b052cff 100644 --- a/sys/net/ifq.h +++ b/sys/net/ifq.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ifq.h,v 1.42 2024/11/20 02:18:45 dlg Exp $ */ +/* $OpenBSD: ifq.h,v 1.43 2025/02/03 08:58:52 mvs Exp $ */ /* * Copyright (c) 2015 David Gwynne @@ -488,12 +488,19 @@ ifq_idx(struct ifqueue *ifq, unsigned int nifqs, const struct mbuf *m) void ifiq_init(struct ifiqueue *, struct ifnet *, unsigned int); void ifiq_destroy(struct ifiqueue *); int ifiq_input(struct ifiqueue *, struct mbuf_list *); -int ifiq_enqueue(struct ifiqueue *, struct mbuf *); +int ifiq_enqueue_qlim(struct ifiqueue *, struct mbuf *, + unsigned int); void ifiq_add_data(struct ifiqueue *, struct if_data *); #define ifiq_len(_ifiq) READ_ONCE(ml_len(&(_ifiq)->ifiq_ml)) #define ifiq_empty(_ifiq) (ifiq_len(_ifiq) == 0) +static inline int +ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m) +{ + return ifiq_enqueue_qlim(ifiq, m, 0); +} + #endif /* _KERNEL */ #endif /* _NET_IFQ_H_ */ diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 2bfad7873..173ad39d5 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.233 2024/07/14 18:53:39 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.234 2025/02/01 21:10:02 bluhm Exp $ */ /* * Copyright 2001 Niels Provos @@ -667,34 +667,21 @@ pf_fillup_fragment(struct pf_frnode *key, u_int32_t id, aftercut = frent->fe_off + frent->fe_len - after->fe_off; if (aftercut < after->fe_len) { - int old_index, new_index; - DPFPRINTF(LOG_NOTICE, "frag tail overlap %d", aftercut); m_adj(after->fe_m, aftercut); - old_index = pf_frent_index(after); + /* Fragment may switch queue as fe_off changes */ + pf_frent_remove(frag, after); after->fe_off += aftercut; after->fe_len -= aftercut; - new_index = pf_frent_index(after); - if (old_index != new_index) { - DPFPRINTF(LOG_DEBUG, "frag index %d, new %d", - old_index, new_index); - /* Fragment switched queue as fe_off changed */ - after->fe_off -= aftercut; - after->fe_len += aftercut; - /* Remove restored fragment from old queue */ - pf_frent_remove(frag, after); - after->fe_off += aftercut; - after->fe_len -= aftercut; - /* Insert into correct queue */ - if (pf_frent_insert(frag, after, prev)) { - DPFPRINTF(LOG_WARNING, - "fragment requeue limit exceeded"); - m_freem(after->fe_m); - pool_put(&pf_frent_pl, after); - pf_status.fragments--; - /* There is not way to recover */ - goto free_fragment; - } + /* Insert into correct queue */ + if (pf_frent_insert(frag, after, prev)) { + DPFPRINTF(LOG_WARNING, + "fragment requeue limit exceeded"); + m_freem(after->fe_m); + pool_put(&pf_frent_pl, after); + pf_status.fragments--; + /* There is not way to recover */ + goto free_fragment; } break; } diff --git a/sys/net/pipex.c b/sys/net/pipex.c index d58b93da6..285f352f1 100644 --- a/sys/net/pipex.c +++ b/sys/net/pipex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.c,v 1.157 2025/01/25 02:06:40 yasuoka Exp $ */ +/* $OpenBSD: pipex.c,v 1.158 2025/02/03 09:44:30 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -1274,6 +1274,7 @@ pipex_pppoe_lookup_session(struct mbuf *m0) { struct pipex_session *session; struct pipex_pppoe_header pppoe; + struct ether_header eh; /* short packet */ if (m0->m_pkthdr.len < (sizeof(struct ether_header) + sizeof(pppoe))) @@ -1289,8 +1290,14 @@ pipex_pppoe_lookup_session(struct mbuf *m0) PIPEX_DBG((NULL, LOG_DEBUG, "<%s> session not found (id=%d)", __func__, pppoe.session_id)); #endif - if (session && session->proto.pppoe.over_ifidx != - m0->m_pkthdr.ph_ifidx) { + m_copydata(m0, 0, sizeof(struct ether_header), &eh); + if (session && (session->proto.pppoe.over_ifidx != + m0->m_pkthdr.ph_ifidx || memcmp( + ((struct ether_header *)session->peer.sa.sa_data)->ether_dhost, + eh.ether_shost, ETHER_ADDR_LEN) != 0)) { + PIPEX_DBG((NULL, LOG_DEBUG, + "<%s> received packet from wrong host (id=%d)", __func__, + pppoe.session_id)); pipex_rele_session(session); session = NULL; } @@ -1518,7 +1525,8 @@ pipex_pptp_lookup_session(struct mbuf *m0) PIPEX_DBG((NULL, LOG_DEBUG, "<%s> the source address of the session is not matched", __func__)); - goto not_ours; + pipex_rele_session(session); + session = NULL; } return (session); @@ -2036,7 +2044,8 @@ pipex_l2tp_lookup_session(struct mbuf *m0, int off, struct sockaddr *sasrc) PIPEX_DBG((NULL, LOG_DEBUG, "<%s> the source address of the session is not matched", __func__)); - goto not_ours; + pipex_rele_session(session); + session = NULL; } return (session); diff --git a/usr.sbin/npppd/npppd/ppp.c b/usr.sbin/npppd/npppd/ppp.c index 5aff7506f..fd3d6dcbc 100644 --- a/usr.sbin/npppd/npppd/ppp.c +++ b/usr.sbin/npppd/npppd/ppp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */ +/* $OpenBSD: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */ +/* $Id: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */ /**@file * This file provides PPP(Point-to-Point Protocol, RFC 1661) and * {@link :: _npppd_ppp PPP instance} related functions. @@ -192,11 +192,16 @@ ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf) { int flag, af; char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; + u_char *ea; hbuf[0] = 0; sbuf[0] = 0; af = ((struct sockaddr *)&_this->phy_info)->sa_family; - if (af < AF_MAX) { + if (af == AF_LINK) { + ea = LLADDR((struct sockaddr_dl *)&_this->phy_info); + snprintf(buf, lbuf, "%02x:%02x:%02x:%02x:%02x:%02x", *ea, + *(ea + 1), *(ea + 2), *(ea + 3), *(ea + 4), *(ea + 5)); + } else if (af < AF_MAX) { flag = NI_NUMERICHOST; if (af == AF_INET || af == AF_INET6) flag |= NI_NUMERICSERV; diff --git a/usr.sbin/npppd/pppoe/pppoed.c b/usr.sbin/npppd/pppoe/pppoed.c index 9e1338967..e8d22426d 100644 --- a/usr.sbin/npppd/pppoe/pppoed.c +++ b/usr.sbin/npppd/pppoe/pppoed.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pppoed.c,v 1.25 2021/03/29 03:54:40 yasuoka Exp $ */ +/* $OpenBSD: pppoed.c,v 1.26 2025/02/03 07:46:06 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -28,7 +28,7 @@ /**@file * This file provides the PPPoE(RFC2516) server(access concentrator) * implementation. - * $Id: pppoed.c,v 1.25 2021/03/29 03:54:40 yasuoka Exp $ + * $Id: pppoed.c,v 1.26 2025/02/03 07:46:06 yasuoka Exp $ */ #include /* ALIGN */ #include @@ -671,8 +671,14 @@ pppoed_input(pppoed_listener *_this, uint8_t shost[ETHER_ADDR_LEN], int is_disc, if (session_id != 0) { hl = hash_lookup(_this->self->session_hash, (void *)(intptr_t)session_id); - if (hl != NULL) + if (hl != NULL) { + if (memcmp(((pppoe_session *)hl->item)->ether_addr, + shost, ETHER_ADDR_LEN) != 0) { + reason = "received packet from wrong host."; + goto bad_packet; + } session = (pppoe_session *)hl->item; + } } if (!is_disc) { if (session != NULL) diff --git a/usr.sbin/npppd/pptp/pptpd.c b/usr.sbin/npppd/pptp/pptpd.c index e2901c51b..e6e1a9d0a 100644 --- a/usr.sbin/npppd/pptp/pptpd.c +++ b/usr.sbin/npppd/pptp/pptpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $ */ +/* $OpenBSD: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -25,12 +25,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $ */ +/* $Id: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $ */ /**@file * This file provides a implementation of PPTP daemon. Currently it * provides functions for PAC (PPTP Access Concentrator) only. - * $Id: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $ + * $Id: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $ */ #include #include @@ -786,12 +786,22 @@ pptpd_gre_input(pptpd_listener *listener, struct sockaddr *peer, u_char *pkt, /* route to pptp_call */ call_id = grehdr->call_id; - hl = hash_lookup(_this->call_id_map, CALL_ID_KEY(call_id, listener->index)); + hl = hash_lookup(_this->call_id_map, CALL_ID_KEY(call_id, + listener->index)); if (hl == NULL) { reason = "Received GRE packet has unknown call_id"; goto bad_gre; } call = hl->item; + + if (!(peer->sa_family == AF_INET && + call->ctrl->peer.ss_family == AF_INET && + ((struct sockaddr_in *)peer)->sin_addr.s_addr == + ((struct sockaddr_in *)&call->ctrl->peer)->sin_addr.s_addr)) { + reason = "Received GRE packet from invalid host"; + goto bad_gre; + } + pptp_call_gre_input(call, seq, ack, input_flags, pkt, lpkt); return; diff --git a/usr.sbin/smtpd/smtpd-filters.7 b/usr.sbin/smtpd/smtpd-filters.7 index 5a1bcbb39..73a7152ef 100644 --- a/usr.sbin/smtpd/smtpd-filters.7 +++ b/usr.sbin/smtpd/smtpd-filters.7 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd-filters.7,v 1.13 2024/11/05 19:36:53 jmc Exp $ +.\" $OpenBSD: smtpd-filters.7,v 1.14 2025/02/02 18:19:42 op Exp $ .\" .\" Copyright (c) 2008 Janne Johansson .\" Copyright (c) 2009 Jacek Masiulaniec @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: November 5 2024 $ +.Dd $Mdocdate: February 2 2025 $ .Dt SMTPD-FILTERS 7 .Os .Sh NAME @@ -465,7 +465,7 @@ Fields are separated by the .Dq | character. .Bd -literal -offset indent -filter|0.7|1576146008.006099|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d|mail.openbsd.org|pass|199.185.178.25:33174|45.77.67.80:25 +filter|0.7|1576146008.006099|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d|mail.openbsd.org|199.185.178.25 .Ed .Pp The format consists of a protocol prefix containing the stream, @@ -484,7 +484,7 @@ filter request, also separated by .Dq | : .Bd -literal -offset indent -mail.openbsd.org|pass|199.185.178.25:33174|45.77.67.80:25 +mail.openbsd.org|199.185.178.25 .Ed .Pp Unlike with report events, @@ -553,9 +553,16 @@ filter-dataline|7641df9771b4ed00|1ef1c203cc576e5d|. .Pp The list of events and event-specific parameters for smtp-in are as follows: .Bl -tag -width Ds -.It Ic connect : Ar rdns fcrdns src dest +.It Ic connect : Ar rdns src This request is emitted after connection, before the banner is displayed. +.Pp +.Ar src +contains either the IP address of the source +(a.b.c.d for IPv4 or [x:x:x:x:x:x:x:x] IPv6) +or +.Dq local +(for UNIX sockets). .It Ic helo : Ar identity This request is emitted after the client has emitted .Dq HELO . diff --git a/usr.sbin/sysupgrade/sysupgrade.sh b/usr.sbin/sysupgrade/sysupgrade.sh index 39f49d4bf..a1bf2efab 100644 --- a/usr.sbin/sysupgrade/sysupgrade.sh +++ b/usr.sbin/sysupgrade/sysupgrade.sh @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: sysupgrade.sh,v 1.57 2024/10/25 03:42:06 deraadt Exp $ +# $OpenBSD: sysupgrade.sh,v 1.58 2025/02/03 18:55:55 florian Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015 Robert Peichaer @@ -220,7 +220,7 @@ Directory does not contain SHA256.sig. Continue without verification = yes __EOT if ! ${KEEP}; then - CLEAN=$(echo SHA256 ${SETS} | sed -e 's/ /,/g') + CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g') cat <<__EOT > /etc/rc.firsttime rm -f ${SETSDIR}/{${CLEAN}} __EOT