SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-02-01 02:39:06 +00:00
parent fe0bbab526
commit 6d4aa64db6
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
32 changed files with 551 additions and 517 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/skel/dot.version
View file

@ -1 +1 @@
# SecBSD 1.4-266d9df: Thu Jan 18 08:15:34 UTC 2024 (Mictlantecuhtli)
# SecBSD 1.4-ddf4db4: Thu Feb 1 02:09:51 UTC 2024 (Mictlantecuhtli)

4
gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c
View file

@ -362,7 +362,7 @@ static int amd64obsd_tf_reg_offset[] =
{
14 * 8, /* %rax */
13 * 8, /* %rbx */
3 * 8, /* %rcx */
6 * 8, /* %rcx */
2 * 8, /* %rdx */
1 * 8, /* %rsi */
0 * 8, /* %rdi */
@ -370,7 +370,7 @@ static int amd64obsd_tf_reg_offset[] =
20 * 8, /* %rsp */
4 * 8, /* %r8 ... */
5 * 8,
6 * 8,
3 * 8,
7 * 8,
8 * 8,
9 * 8,

97
lib/libcrypto/man/EVP_CIPHER_do_all.3
View file

@ -1,6 +1,7 @@
.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.1 2023/08/30 00:58:57 tb Exp $
.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.2 2024/01/31 08:02:53 tb Exp $
.\"
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
.\" Copyright (c) 2023,2024 Theo Buehler <tb@openbsd.org>
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -14,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: August 30 2023 $
.Dd $Mdocdate: January 31 2024 $
.Dt EVP_CIPHER_DO_ALL 3
.Os
.Sh NAME
@ -49,6 +50,27 @@
const char *to, void *arg)"
.Fa "void *arg"
.Fc
.Bd -literal
typedef struct {
int type;
int alias;
const char *name;
const char *data;
} OBJ_NAME;
.Ed
.Pp
.Ft void
.Fo OBJ_NAME_do_all
.Fa "int type"
.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)"
.Fa "void *arg"
.Fc
.Ft void
.Fo OBJ_NAME_do_all_sorted
.Fa "int type"
.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)"
.Fa "void *arg"
.Fc
.Sh DESCRIPTION
.Fn EVP_CIPHER_do_all
calls
@ -117,18 +139,71 @@ in lexicographic order of their
.Fa from
names as determined by
.Xr strcmp 3 .
.Pp
.Vt OBJ_NAME
is an abstraction of the types underlying the lookup tables
for ciphers and their aliases, and digests and their aliases, respectively.
For a cipher,
.Fa type
is
.Dv OBJ_NAME_TYPE_CIPHER_METH ,
.Fa alias
is 0,
.Fa name
is its lookup name and
.Fa data
is the
.Vt EVP_CIPHER
object it represents, cast to
.Vt const char * .
For a cipher alias,
.Fa type
is
.Dv OBJ_NAME_TYPE_CIPHER_METH ,
.Fa alias
is
.Dv OBJ_NAME_ALIAS ,
.Fa name
is its lookup name and
.Fa data
is the name it aliases.
Digests representing an
.Vt EVP_MD
object and their aliases are represented similarly, except that their type is
.Dv OBJ_NAME_TYPE_MD_METH .
.Pp
.Fn OBJ_NAME_do_all
calls
.Fa fn
on every
.Fa obj_name
in the table that has the given
.Fa type
(either
.Dv OBJ_NAME_TYPE_CIPHER_METH
or
.Dv OBJ_NAME_TYPE_MD_METH ) ,
also passing the
.Fa arg
pointer.
.Fn OBJ_NAME_do_all_sorted
is similar except that it processes the
.Fa obj_name
in lexicographic order of their names as determined by
.Xr strcmp 3 .
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_add_cipher 3 ,
.Xr OBJ_NAME_do_all 3
.Xr EVP_get_cipherbyname 3 ,
.Xr EVP_get_digestbyname 3
.Sh HISTORY
These functions first appeared in OpenSSL 1.0.0 and have been available since
.Ox 4.9 .
.Sh BUGS
.Fn EVP_CIPHER_do_all_sorted
.Sh CAVEATS
.Fn EVP_CIPHER_do_all_sorted ,
.Fn EVP_MD_do_all_sorted ,
and
.Fn EVP_MD_do_all_sorted
are wrappers of
.Xr OBJ_NAME_do_all_sorted 3 .
In particular, if memory allocation fails, they do nothing at all
.Fn OBJ_NAME_do_all_sorted
cannot report errors.
In some implementations they need to allocate internally and
if memory allocation fails they do nothing at all,
without telling the caller about the problem.

45
lib/libcrypto/man/OBJ_NAME_add.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: OBJ_NAME_add.3,v 1.5 2023/09/01 12:13:13 schwarze Exp $
.\" $OpenBSD: OBJ_NAME_add.3,v 1.6 2024/01/31 08:02:53 tb Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 1 2023 $
.Dd $Mdocdate: January 31 2024 $
.Dt OBJ_NAME_ADD 3
.Os
.Sh NAME
@ -23,9 +23,7 @@
.Nm OBJ_NAME_get ,
.Nm OBJ_NAME_new_index ,
.Nm OBJ_NAME_init ,
.Nm OBJ_NAME_cleanup ,
.Nm OBJ_NAME_do_all ,
.Nm OBJ_NAME_do_all_sorted
.Nm OBJ_NAME_cleanup
.Nd global associative array
.Sh SYNOPSIS
.In openssl/objects.h
@ -63,19 +61,6 @@ typedef struct {
const char *data;
} OBJ_NAME;
.Ed
.Pp
.Ft void
.Fo OBJ_NAME_do_all
.Fa "int type"
.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)"
.Fa "void *arg"
.Fc
.Ft void
.Fo OBJ_NAME_do_all_sorted
.Fa "int type"
.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)"
.Fa "void *arg"
.Fc
.Sh DESCRIPTION
These functions implement a single, static associative array
with the following properties:
@ -264,25 +249,6 @@ If the
field is 0, the
.Fa data
field contains the value; otherwise, it contains the alias target name.
.Pp
.Fn OBJ_NAME_do_all
calls
.Fa fn
on every
.Fa pair
and alias in the array that has the given
.Fa type ,
also passing the
.Fa arg
pointer.
.Fn OBJ_NAME_do_all_sorted
is similar except that it processes the pairs and aliases
in lexicographic order of their names as determined by
.Xr strcmp 3 ,
ignoring any
.Fa cmp_func
that may be defined for the
.Fa type .
.Sh RETURN VALUES
.Fn OBJ_NAME_add
and
@ -339,8 +305,3 @@ that requires more cleanup than merely calling
.Xr free 3
on it, instances of the type need to begin with a magic number or string
that cannot occur at the beginning of a name.
.Pp
.Fn OBJ_NAME_do_all_sorted
is unable to report errors.
If memory allocations fails, it does nothing at all
without telling the caller about the problem.

5
lib/libcrypto/man/OBJ_create.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: OBJ_create.3,v 1.9 2024/01/13 19:06:20 tb Exp $
.\" $OpenBSD: OBJ_create.3,v 1.10 2024/01/31 08:02:53 tb Exp $
.\" full merge up to:
.\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400
.\" selective merge up to:
@ -69,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 13 2024 $
.Dd $Mdocdate: January 31 2024 $
.Dt OBJ_CREATE 3
.Os
.Sh NAME
@ -200,7 +200,6 @@ obj = OBJ_nid2obj(new_nid);
.Ed
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr OBJ_NAME_add 3 ,
.Xr OBJ_nid2obj 3
.Sh HISTORY
.Fn OBJ_new_nid ,

5
lib/libcrypto/man/OBJ_find_sigid_algs.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.1 2023/07/22 06:35:26 tb Exp $
.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.2 2024/01/31 08:02:53 tb Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 22 2023 $
.Dd $Mdocdate: January 31 2024 $
.Dt OBJ_FIND_SIGID_ALGS 3
.Os
.Sh NAME
@ -82,7 +82,6 @@ is not built into the library.
.Sh SEE ALSO
.Xr EVP_cleanup 3 ,
.Xr OBJ_create 3 ,
.Xr OBJ_NAME_add 3 ,
.Xr OBJ_nid2obj 3
.Sh HISTORY
These functions first appeared in OpenSSL 1.0.0

7
lib/libcrypto/man/OBJ_nid2obj.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: OBJ_nid2obj.3,v 1.21 2023/09/05 13:50:22 schwarze Exp $
.\" $OpenBSD: OBJ_nid2obj.3,v 1.22 2024/01/31 08:02:53 tb Exp $
.\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
.\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\"
@ -67,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 5 2023 $
.Dd $Mdocdate: January 31 2024 $
.Dt OBJ_NID2OBJ 3
.Os
.Sh NAME
@ -435,8 +435,7 @@ object = OBJ_txt2obj("1.2.3.4", 1);
.Xr ASN1_OBJECT_new 3 ,
.Xr BIO_new 3 ,
.Xr d2i_ASN1_OBJECT 3 ,
.Xr OBJ_create 3 ,
.Xr OBJ_NAME_add 3
.Xr OBJ_create 3
.Sh HISTORY
.Fn OBJ_nid2obj ,
.Fn OBJ_nid2ln ,

10
share/man/man4/pfsync.4
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: pfsync.4,v 1.38 2023/10/18 07:56:45 benno Exp $
.\" $OpenBSD: pfsync.4,v 1.39 2024/01/31 06:50:16 jmc Exp $
.\"
.\" Copyright (c) 2002 Michael Shalayeff
.\" Copyright (c) 2003-2004 Ryan McBride
@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 18 2023 $
.Dd $Mdocdate: January 31 2024 $
.Dt PFSYNC 4
.Os
.Sh NAME
@ -69,11 +69,9 @@ packet where possible.
The maximum number of times a single state can be updated before a
.Nm
packet will be sent out is controlled by the
.Ar maxupd
parameter to ifconfig
(see
.Xr ifconfig 8
and the example below for more details).
.Ar maxupd
parameter.
The sending out of a
.Nm
packet will be delayed by a maximum of one second.

22
sys/arch/amd64/amd64/trap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: trap.c,v 1.103 2024/01/11 19:16:26 miod Exp $ */
/* $OpenBSD: trap.c,v 1.104 2024/01/31 06:06:28 guenther Exp $ */
/* $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $ */
/*-
@ -553,7 +553,7 @@ syscall(struct trapframe *frame)
const struct sysent *callp;
struct proc *p;
int error = ENOSYS;
register_t code, args[6], rval[2], *argp;
register_t code, *args, rval[2];
verify_smap(__func__);
uvmexp.syscalls++;
@ -565,30 +565,16 @@ syscall(struct trapframe *frame)
}
code = frame->tf_rax;
argp = &args[0];
args = (register_t *)&frame->tf_rdi;
if (code <= 0 || code >= SYS_MAXSYSCALL)
goto bad;
callp = sysent + code;
switch (callp->sy_narg) {
case 6:
args[5] = frame->tf_r9;
case 5:
args[4] = frame->tf_r8;
case 4:
args[3] = frame->tf_r10;
case 3:
args[2] = frame->tf_rdx;
case 2:
args[1] = frame->tf_rsi;
case 1:
args[0] = frame->tf_rdi;
}
rval[0] = 0;
rval[1] = 0;
error = mi_syscall(p, code, callp, argp, rval);
error = mi_syscall(p, code, callp, args, rval);
switch (error) {
case 0:

10
sys/arch/amd64/amd64/vmm_machdep.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmm_machdep.c,v 1.15 2024/01/11 17:13:48 jan Exp $ */
/* $OpenBSD: vmm_machdep.c,v 1.16 2024/01/31 05:49:33 guenther Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -4187,7 +4187,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
/* Restore any guest PKRU state. */
if (vmm_softc->sc_md.pkru_enabled)
wrpkru(vcpu->vc_pkru);
wrpkru(0, vcpu->vc_pkru);
ret = vmx_enter_guest(&vcpu->vc_control_pa,
&vcpu->vc_gueststate,
@ -4197,7 +4197,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
/* Restore host PKRU state. */
if (vmm_softc->sc_md.pkru_enabled) {
vcpu->vc_pkru = rdpkru(0);
wrpkru(PGK_VALUE);
wrpkru(0, PGK_VALUE);
}
lidt(&idtr);
@ -6500,7 +6500,7 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
/* Restore any guest PKRU state. */
if (vmm_softc->sc_md.pkru_enabled)
wrpkru(vcpu->vc_pkru);
wrpkru(0, vcpu->vc_pkru);
KASSERT(vmcb->v_intercept1 & SVM_INTERCEPT_INTR);
wrmsr(MSR_AMD_VM_HSAVE_PA, vcpu->vc_svm_hsa_pa);
@ -6511,7 +6511,7 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
/* Restore host PKRU state. */
if (vmm_softc->sc_md.pkru_enabled) {
vcpu->vc_pkru = rdpkru(0);
wrpkru(PGK_VALUE);
wrpkru(0, PGK_VALUE);
}
/*

8
sys/arch/amd64/include/cpufunc.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpufunc.h,v 1.39 2023/01/30 02:32:01 dv Exp $ */
/* $OpenBSD: cpufunc.h,v 1.40 2024/01/31 05:49:33 guenther Exp $ */
/* $NetBSD: cpufunc.h,v 1.3 2003/05/08 10:27:43 fvdl Exp $ */
/*-
@ -241,10 +241,10 @@ rdpkru(u_int ecx)
}
static __inline void
wrpkru(uint32_t pkru)
wrpkru(u_int ecx, uint32_t pkru)
{
uint32_t ecx = 0, edx = 0;
__asm volatile("wrpkru" : : "a" (pkru), "c" (ecx), "d" (edx));
uint32_t edx = 0;
asm volatile("wrpkru" : : "a" (pkru), "c" (ecx), "d" (edx));
}
static __inline void

14
sys/arch/amd64/include/frame.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: frame.h,v 1.10 2018/07/10 08:57:44 guenther Exp $ */
/* $OpenBSD: frame.h,v 1.11 2024/01/31 06:06:28 guenther Exp $ */
/* $NetBSD: frame.h,v 1.1 2003/04/26 18:39:40 fvdl Exp $ */
/*-
@ -82,13 +82,13 @@
* Exception/Trap Stack Frame
*/
struct trapframe {
int64_t tf_rdi;
int64_t tf_rdi; /* ordered by syscall args... */
int64_t tf_rsi;
int64_t tf_rdx;
int64_t tf_rcx;
int64_t tf_r8;
int64_t tf_r9;
int64_t tf_r10;
int64_t tf_r8;
int64_t tf_r9; /* ...to here */
int64_t tf_rcx;
int64_t tf_r11;
int64_t tf_r12;
int64_t tf_r13;
@ -115,10 +115,10 @@ struct intrframe {
int64_t if_rdi;
int64_t if_rsi;
int64_t if_rdx;
int64_t if_rcx;
int64_t if_r10;
int64_t if_r8;
int64_t if_r9;
int64_t if_r10;
int64_t if_rcx;
int64_t if_r11;
int64_t if_r12;
int64_t if_r13;

5
sys/arch/arm/include/vmparam.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmparam.h,v 1.19 2018/03/05 01:39:13 deraadt Exp $ */
/* $OpenBSD: vmparam.h,v 1.20 2024/02/01 00:39:57 deraadt Exp $ */
/* $NetBSD: vmparam.h,v 1.18 2003/05/21 18:04:44 thorpej Exp $ */
/*
@ -46,7 +46,8 @@
#define USRSTACK VM_MAXUSER_ADDRESS
#define KERNBASE VM_MAXUSER_ADDRESS
#define MAXTSIZ (64*1024*1024) /* max text size */
#define MAXTSIZ (128*1024*1024) /* max text size */
#ifndef DFLDSIZ
#define DFLDSIZ (128*1024*1024) /* initial data size limit */
#endif

7
sys/dev/fdt/com_fdt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: com_fdt.c,v 1.8 2023/08/15 07:56:27 miod Exp $ */
/* $OpenBSD: com_fdt.c,v 1.9 2024/01/31 01:01:10 hastings Exp $ */
/*
* Copyright (c) 2016 Patrick Wildt <patrick@blueri.se>
*
@ -55,6 +55,7 @@ com_fdt_init_cons(void)
if ((node = fdt_find_cons("brcm,bcm2835-aux-uart")) == NULL &&
(node = fdt_find_cons("marvell,armada-38x-uart")) == NULL &&
(node = fdt_find_cons("mediatek,mt6577-uart")) == NULL &&
(node = fdt_find_cons("ns16550a")) == NULL &&
(node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
(node = fdt_find_cons("ti,omap3-uart")) == NULL &&
@ -96,6 +97,7 @@ com_fdt_match(struct device *parent, void *match, void *aux)
return (OF_is_compatible(faa->fa_node, "brcm,bcm2835-aux-uart") ||
OF_is_compatible(faa->fa_node, "marvell,armada-38x-uart") ||
OF_is_compatible(faa->fa_node, "mediatek,mt6577-uart") ||
OF_is_compatible(faa->fa_node, "ns16550a") ||
OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
@ -141,6 +143,9 @@ com_fdt_attach(struct device *parent, struct device *self, void *aux)
sc->sc_reg_width = OF_getpropint(faa->fa_node, "reg-io-width", width);
sc->sc_reg_shift = OF_getpropint(faa->fa_node, "reg-shift", shift);
if (OF_is_compatible(faa->fa_node, "mediatek,mt6577-uart"))
sc->sc_uarttype = COM_UART_16550A;
if (OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "marvell,armada-38x-uart")) {
sc->sc_uarttype = COM_UART_DW_APB;

45
sys/net/route.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: route.c,v 1.426 2023/11/13 17:18:27 bluhm Exp $ */
/* $OpenBSD: route.c,v 1.427 2024/01/31 14:56:42 bluhm Exp $ */
/* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */
/*
@ -140,6 +140,7 @@
/*
* Locks used to protect struct members:
* a atomic operations
* I immutable after creation
* L rtlabel_mtx
* T rttimer_mtx
@ -152,8 +153,9 @@ static uint32_t rt_hashjitter;
extern unsigned int rtmap_limit;
struct cpumem * rtcounters;
int rttrash; /* routes not in table but not freed */
struct cpumem *rtcounters;
int rttrash; /* [a] routes not in table but not freed */
u_long rtgeneration; /* [a] generation number, routes changed */
struct pool rtentry_pool; /* pool for rtentry structures */
struct pool rttimer_pool; /* pool for rttimer structures */
@ -199,6 +201,33 @@ route_init(void)
#endif
}
void
route_cache(struct route *ro, struct in_addr addr, u_int rtableid)
{
u_long gen;
gen = atomic_load_long(&rtgeneration);
membar_consumer();
if (rtisvalid(ro->ro_rt) &&
ro->ro_generation == gen &&
ro->ro_tableid == rtableid &&
ro->ro_dst.sa_family == AF_INET &&
satosin(&ro->ro_dst)->sin_addr.s_addr == addr.s_addr) {
return;
}
rtfree(ro->ro_rt);
ro->ro_rt = NULL;
ro->ro_generation = gen;
ro->ro_tableid = rtableid;
memset(&ro->ro_dst, 0, sizeof(ro->ro_dst));
satosin(&ro->ro_dst)->sin_family = AF_INET;
satosin(&ro->ro_dst)->sin_len = sizeof(struct sockaddr_in);
satosin(&ro->ro_dst)->sin_addr = addr;
}
/*
* Returns 1 if the (cached) ``rt'' entry is still valid, 0 otherwise.
*/
@ -824,6 +853,9 @@ rtrequest_delete(struct rt_addrinfo *info, u_int8_t prio, struct ifnet *ifp,
else
rtfree(rt);
membar_producer();
atomic_inc_long(&rtgeneration);
return (0);
}
@ -992,6 +1024,10 @@ rtrequest(int req, struct rt_addrinfo *info, u_int8_t prio,
*ret_nrt = rt;
else
rtfree(rt);
membar_producer();
atomic_inc_long(&rtgeneration);
break;
}
@ -1829,6 +1865,9 @@ rt_if_linkstate_change(struct rtentry *rt, void *arg, u_int id)
}
if_group_routechange(rt_key(rt), rt_plen2mask(rt, &sa_mask));
membar_producer();
atomic_inc_long(&rtgeneration);
return (error);
}

6
sys/net/route.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: route.h,v 1.203 2023/11/12 17:51:40 bluhm Exp $ */
/* $OpenBSD: route.h,v 1.204 2024/01/31 14:56:42 bluhm Exp $ */
/* $NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $ */
/*
@ -377,6 +377,7 @@ struct sockaddr_rtsearch {
*/
struct route {
struct rtentry *ro_rt;
u_long ro_generation;
u_long ro_tableid; /* u_long because of alignment */
struct sockaddr ro_dst;
};
@ -438,15 +439,18 @@ void rtlabel_unref(u_int16_t);
#define RT_RESOLVE 1
extern struct rtstat rtstat;
extern u_long rtgeneration;
struct mbuf;
struct socket;
struct ifnet;
struct in_addr;
struct sockaddr_in6;
struct if_ieee80211_data;
struct bfd_config;
void route_init(void);
void route_cache(struct route *, struct in_addr, u_int);
void rtm_ifchg(struct ifnet *);
void rtm_ifannounce(struct ifnet *, int);
void rtm_bfd(struct bfd_config *);

41
sys/netinet/in_pcb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in_pcb.c,v 1.287 2024/01/28 20:34:25 bluhm Exp $ */
/* $OpenBSD: in_pcb.c,v 1.288 2024/01/31 12:27:57 bluhm Exp $ */
/* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */
/*
@ -909,6 +909,11 @@ in_pcbrtentry(struct inpcb *inp)
{
struct route *ro;
#ifdef INET6
if (ISSET(inp->inp_flags, INP_IPV6))
in6_pcbrtentry(inp);
#endif
ro = &inp->inp_route;
/* check if route is still valid */
@ -921,34 +926,16 @@ in_pcbrtentry(struct inpcb *inp)
* No route yet, so try to acquire one.
*/
if (ro->ro_rt == NULL) {
#ifdef INET6
memset(ro, 0, sizeof(struct route_in6));
#else
memset(ro, 0, sizeof(struct route));
#endif
#ifdef INET6
if (ISSET(inp->inp_flags, INP_IPV6)) {
if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6))
return (NULL);
ro->ro_dst.sa_family = AF_INET6;
ro->ro_dst.sa_len = sizeof(struct sockaddr_in6);
satosin6(&ro->ro_dst)->sin6_addr = inp->inp_faddr6;
ro->ro_tableid = inp->inp_rtableid;
ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
&inp->inp_laddr6.s6_addr32[0], ro->ro_tableid);
} else
#endif /* INET6 */
{
if (inp->inp_faddr.s_addr == INADDR_ANY)
return (NULL);
ro->ro_dst.sa_family = AF_INET;
ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr;
ro->ro_tableid = inp->inp_rtableid;
ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
&inp->inp_laddr.s_addr, ro->ro_tableid);
}
if (inp->inp_faddr.s_addr == INADDR_ANY)
return (NULL);
ro->ro_dst.sa_family = AF_INET;
ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr;
ro->ro_tableid = inp->inp_rtableid;
ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
&inp->inp_laddr.s_addr, ro->ro_tableid);
}
return (ro->ro_rt);
}

4
sys/netinet/in_pcb.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in_pcb.h,v 1.149 2024/01/28 20:34:25 bluhm Exp $ */
/* $OpenBSD: in_pcb.h,v 1.150 2024/01/31 12:27:57 bluhm Exp $ */
/* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */
/*
@ -367,6 +367,8 @@ struct rtentry *
in_pcbrtentry(struct inpcb *);
/* INET6 stuff */
struct rtentry *
in6_pcbrtentry(struct inpcb *);
void in6_pcbnotify(struct inpcbtable *, const struct sockaddr_in6 *,
u_int, const struct sockaddr_in6 *, u_int, u_int, int, void *,
void (*)(struct inpcb *, int));

16
sys/netinet/ip_input.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ip_input.c,v 1.387 2023/09/16 09:33:27 mpi Exp $ */
/* $OpenBSD: ip_input.c,v 1.388 2024/01/31 14:56:42 bluhm Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@ -1475,7 +1475,6 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
{
struct mbuf mfake, *mcopy = NULL;
struct ip *ip = mtod(m, struct ip *);
struct sockaddr_in *sin;
struct route ro;
int error = 0, type = 0, code = 0, destmtu = 0, fake = 0, len;
u_int32_t dest;
@ -1491,15 +1490,11 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
goto freecopy;
}
memset(&ro, 0, sizeof(ro));
sin = satosin(&ro.ro_dst);
sin->sin_family = AF_INET;
sin->sin_len = sizeof(*sin);
sin->sin_addr = ip->ip_dst;
ro.ro_rt = NULL;
route_cache(&ro, ip->ip_dst, m->m_pkthdr.ph_rtableid);
if (!rtisvalid(rt)) {
rtfree(rt);
rt = rtalloc_mpath(sintosa(sin), &ip->ip_src.s_addr,
rt = rtalloc_mpath(&ro.ro_dst, &ip->ip_src.s_addr,
m->m_pkthdr.ph_rtableid);
if (rt == NULL) {
ipstat_inc(ips_noroute);
@ -1507,6 +1502,7 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
return;
}
}
ro.ro_rt = rt;
/*
* Save at most 68 bytes of the packet in case
@ -1557,8 +1553,6 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
}
}
ro.ro_rt = rt;
ro.ro_tableid = m->m_pkthdr.ph_rtableid;
error = ip_output(m, NULL, &ro,
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)),
NULL, NULL, 0);

21
sys/netinet/ip_output.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ip_output.c,v 1.393 2024/01/18 11:03:16 claudio Exp $ */
/* $OpenBSD: ip_output.c,v 1.394 2024/01/31 14:56:43 bluhm Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@ -159,28 +159,15 @@ reroute:
*/
if (ro == NULL) {
ro = &iproute;
memset(ro, 0, sizeof(*ro));
ro->ro_rt = NULL;
}
dst = satosin(&ro->ro_dst);
/*
* If there is a cached route, check that it is to the same
* destination and is still up. If not, free it and try again.
*/
if (!rtisvalid(ro->ro_rt) ||
dst->sin_addr.s_addr != ip->ip_dst.s_addr ||
ro->ro_tableid != m->m_pkthdr.ph_rtableid) {
rtfree(ro->ro_rt);
ro->ro_rt = NULL;
}
if (ro->ro_rt == NULL) {
dst->sin_family = AF_INET;
dst->sin_len = sizeof(*dst);
dst->sin_addr = ip->ip_dst;
ro->ro_tableid = m->m_pkthdr.ph_rtableid;
}
route_cache(ro, ip->ip_dst, m->m_pkthdr.ph_rtableid);
dst = satosin(&ro->ro_dst);
if ((IN_MULTICAST(ip->ip_dst.s_addr) ||
(ip->ip_dst.s_addr == INADDR_BROADCAST)) &&

5
sys/netinet6/in6.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in6.h,v 1.112 2024/01/27 21:13:46 bluhm Exp $ */
/* $OpenBSD: in6.h,v 1.113 2024/01/31 14:56:43 bluhm Exp $ */
/* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */
/*
@ -145,10 +145,11 @@ extern const struct in6_addr in6addr_linklocal_allrouters;
#if __BSD_VISIBLE
/*
* IPv6 route structure
* IPv6 route structure, keep fields in sync with struct route
*/
struct route_in6 {
struct rtentry *ro_rt;
u_long ro_generation;
u_long ro_tableid; /* padded to long for alignment */
struct sockaddr_in6 ro_dst;
};

31
sys/netinet6/in6_pcb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in6_pcb.c,v 1.133 2024/01/28 20:34:25 bluhm Exp $ */
/* $OpenBSD: in6_pcb.c,v 1.134 2024/01/31 12:27:57 bluhm Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -561,6 +561,35 @@ in6_pcbnotify(struct inpcbtable *table, const struct sockaddr_in6 *dst,
rw_exit_write(&table->inpt_notify);
}
struct rtentry *
in6_pcbrtentry(struct inpcb *inp)
{
struct route_in6 *ro = &inp->inp_route6;
/* check if route is still valid */
if (!rtisvalid(ro->ro_rt)) {
rtfree(ro->ro_rt);
ro->ro_rt = NULL;
}
/*
* No route yet, so try to acquire one.
*/
if (ro->ro_rt == NULL) {
memset(ro, 0, sizeof(struct route_in6));
if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6))
return (NULL);
ro->ro_dst.sin6_family = AF_INET6;
ro->ro_dst.sin6_len = sizeof(struct sockaddr_in6);
ro->ro_dst.sin6_addr = inp->inp_faddr6;
ro->ro_tableid = inp->inp_rtableid;
ro->ro_rt = rtalloc_mpath(sin6tosa(&ro->ro_dst),
&inp->inp_laddr6.s6_addr32[0], ro->ro_tableid);
}
return (ro->ro_rt);
}
struct inpcb *
in6_pcbhash_lookup(struct inpcbtable *table, uint64_t hash, u_int rdomain,
const struct in6_addr *faddr, u_short fport,

4
sys/netinet6/ip6_output.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ip6_output.c,v 1.283 2024/01/18 11:03:16 claudio Exp $ */
/* $OpenBSD: ip6_output.c,v 1.284 2024/01/31 12:27:57 bluhm Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@ -1486,7 +1486,7 @@ do { \
if (!(so->so_state & SS_ISCONNECTED))
return (ENOTCONN);
rt = in_pcbrtentry(inp);
rt = in6_pcbrtentry(inp);
if (!rtisvalid(rt))
return (EHOSTUNREACH);

24
usr.sbin/bgpctl/bgpctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bgpctl.c,v 1.303 2024/01/30 13:51:13 claudio Exp $ */
/* $OpenBSD: bgpctl.c,v 1.304 2024/01/31 11:23:19 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -471,7 +471,7 @@ show(struct imsg *imsg, struct parse_result *res)
struct ctl_show_rib rib;
struct rde_memstats stats;
struct ibuf ibuf;
u_int rescode, ilen;
u_int rescode;
switch (imsg->hdr.type) {
case IMSG_CTL_SHOW_NEIGHBOR:
@ -542,14 +542,11 @@ show(struct imsg *imsg, struct parse_result *res)
output->communities(&ibuf, res);
break;
case IMSG_CTL_SHOW_RIB_ATTR:
ilen = imsg->hdr.len - IMSG_HEADER_SIZE;
if (ilen < 3) {
warnx("bad IMSG_CTL_SHOW_RIB_ATTR received");
break;
}
if (output->attr == NULL)
break;
output->attr(imsg->data, ilen, res->flags, 0);
if (imsg_get_ibuf(imsg, &ibuf) == -1)
err(1, "imsg_get_ibuf");
output->attr(&ibuf, res->flags, 0);
break;
case IMSG_CTL_SHOW_RIB_MEM:
if (output->rib_mem == NULL)
@ -1295,9 +1292,11 @@ show_mrt_dump(struct mrt_rib *mr, struct mrt_peer *mp, void *arg)
ibuf_from_buffer(&ibuf, mre->aspath, mre->aspath_len);
output->rib(&ctl, &ibuf, &res);
if (req->flags & F_CTL_DETAIL) {
for (j = 0; j < mre->nattrs; j++)
output->attr(mre->attrs[j].attr,
mre->attrs[j].attr_len, req->flags, 0);
for (j = 0; j < mre->nattrs; j++) {
ibuf_from_buffer(&ibuf, mre->attrs[j].attr,
mre->attrs[j].attr_len);
output->attr(&ibuf, req->flags, 0);
}
}
}
}
@ -1752,8 +1751,7 @@ show_mrt_update(u_char *p, uint16_t len, int reqflags, int addpath)
if (ibuf_skip(&abuf, ibuf_size(&attrbuf)) == -1)
goto trunc;
output->attr(ibuf_data(&attrbuf), ibuf_size(&attrbuf),
reqflags, addpath);
output->attr(&attrbuf, reqflags, addpath);
}
if (ibuf_size(b) > 0) {

4
usr.sbin/bgpctl/bgpctl.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bgpctl.h,v 1.23 2024/01/30 13:51:13 claudio Exp $ */
/* $OpenBSD: bgpctl.h,v 1.24 2024/01/31 11:23:20 claudio Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
@ -27,7 +27,7 @@ struct output {
void (*flowspec)(struct flowspec *);
void (*nexthop)(struct ctl_show_nexthop *);
void (*interface)(struct ctl_show_interface *);
void (*attr)(u_char *, size_t, int, int);
void (*attr)(struct ibuf *, int, int);
void (*communities)(struct ibuf *, struct parse_result *);
void (*rib)(struct ctl_show_rib *, struct ibuf *,
struct parse_result *);

241
usr.sbin/bgpctl/output.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: output.c,v 1.49 2024/01/30 13:51:13 claudio Exp $ */
/* $OpenBSD: output.c,v 1.50 2024/01/31 11:23:20 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -698,128 +698,103 @@ show_communities(struct ibuf *data, struct parse_result *res)
}
static void
show_community(u_char *data, uint16_t len)
show_community(struct ibuf *buf)
{
uint16_t a, v;
uint16_t i;
if (len & 0x3) {
printf("bad length");
return;
}
for (i = 0; i < len; i += 4) {
memcpy(&a, data + i, sizeof(a));
memcpy(&v, data + i + 2, sizeof(v));
a = ntohs(a);
v = ntohs(v);
while (ibuf_size(buf) > 0) {
if (ibuf_get_n16(buf, &a) == -1 ||
ibuf_get_n16(buf, &v) == -1) {
printf("bad length");
return;
}
printf("%s", fmt_community(a, v));
if (i + 4 < len)
if (ibuf_size(buf) > 0)
printf(" ");
}
}
static void
show_large_community(u_char *data, uint16_t len)
show_large_community(struct ibuf *buf)
{
uint32_t a, l1, l2;
uint16_t i;
if (len % 12) {
printf("bad length");
return;
}
for (i = 0; i < len; i += 12) {
memcpy(&a, data + i, sizeof(a));
memcpy(&l1, data + i + 4, sizeof(l1));
memcpy(&l2, data + i + 8, sizeof(l2));
a = ntohl(a);
l1 = ntohl(l1);
l2 = ntohl(l2);
while (ibuf_size(buf) > 0) {
if (ibuf_get_n32(buf, &a) == -1 ||
ibuf_get_n32(buf, &l1) == -1 ||
ibuf_get_n32(buf, &l2) == -1) {
printf("bad length");
return;
}
printf("%s", fmt_large_community(a, l1, l2));
if (i + 12 < len)
if (ibuf_size(buf) > 0)
printf(" ");
}
}
static void
show_ext_community(u_char *data, uint16_t len)
show_ext_community(struct ibuf *buf)
{
uint64_t ext;
uint16_t i;
if (len & 0x7) {
printf("bad length");
return;
}
for (i = 0; i < len; i += 8) {
memcpy(&ext, data + i, sizeof(ext));
ext = be64toh(ext);
while (ibuf_size(buf) > 0) {
if (ibuf_get_n64(buf, &ext) == -1) {
printf("bad length");
return;
}
printf("%s", fmt_ext_community(ext));
if (i + 8 < len)
if (ibuf_size(buf) > 0)
printf(" ");
}
}
static void
show_attr(u_char *data, size_t len, int reqflags, int addpath)
show_attr(struct ibuf *buf, int reqflags, int addpath)
{
struct in_addr id;
struct bgpd_addr prefix;
struct ibuf ibuf, *buf = &ibuf, asbuf, *path = NULL;
struct ibuf asbuf, *path = NULL;
char *aspath;
uint32_t as, pathid;
uint16_t alen, ioff, short_as, afi;
uint8_t flags, type, safi, aid, prefixlen;
int i, e2, e4;
size_t i, alen;
uint32_t as, pathid, val;
uint16_t short_as, afi;
uint8_t flags, type, safi, aid, prefixlen, origin, b;
int e2, e4;
if (len < 3) {
warnx("Too short BGP attribute");
return;
}
flags = data[0];
type = data[1];
if (ibuf_get_n8(buf, &flags) == -1 ||
ibuf_get_n8(buf, &type) == -1)
goto bad_len;
/* get the attribute length */
if (flags & ATTR_EXTLEN) {
if (len < 4) {
warnx("Too short BGP attribute");
return;
}
memcpy(&alen, data+2, sizeof(uint16_t));
alen = ntohs(alen);
data += 4;
len -= 4;
uint16_t attr_len;
if (ibuf_get_n16(buf, &attr_len) == -1)
goto bad_len;
alen = attr_len;
} else {
alen = data[2];
data += 3;
len -= 3;
uint8_t attr_len;
if (ibuf_get_n8(buf, &attr_len) == -1)
goto bad_len;
alen = attr_len;
}
/* bad imsg len how can that happen!? */
if (alen > len) {
warnx("Bad BGP attribute length");
return;
}
if (alen > ibuf_size(buf))
goto bad_len;
printf(" %s: ", fmt_attr(type, flags));
switch (type) {
case ATTR_ORIGIN:
if (alen == 1)
printf("%s", fmt_origin(*data, 0));
else
printf("bad length");
if (alen != 1 || ibuf_get_n8(buf, &origin) == -1)
goto bad_len;
printf("%s", fmt_origin(origin, 0));
break;
case ATTR_ASPATH:
case ATTR_AS4_PATH:
ibuf_from_buffer(buf, data, alen);
/* prefer 4-byte AS here */
e4 = aspath_verify(buf, 1, 0);
e2 = aspath_verify(buf, 0, 0);
@ -842,68 +817,48 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
ibuf_free(path);
break;
case ATTR_NEXTHOP:
if (alen == 4) {
memcpy(&id, data, sizeof(id));
printf("%s", inet_ntoa(id));
} else
printf("bad length");
case ATTR_ORIGINATOR_ID:
if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
printf("%s", inet_ntoa(id));
break;
case ATTR_MED:
case ATTR_LOCALPREF:
if (alen == 4) {
uint32_t val;
memcpy(&val, data, sizeof(val));
val = ntohl(val);
printf("%u", val);
} else
printf("bad length");
if (alen != 4 || ibuf_get_n32(buf, &val) == -1)
goto bad_len;
printf("%u", val);
break;
case ATTR_AGGREGATOR:
case ATTR_AS4_AGGREGATOR:
if (alen == 8) {
memcpy(&as, data, sizeof(as));
memcpy(&id, data + sizeof(as), sizeof(id));
as = ntohl(as);
if (ibuf_get_n32(buf, &as) == -1 ||
ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
} else if (alen == 6) {
memcpy(&short_as, data, sizeof(short_as));
memcpy(&id, data + sizeof(short_as), sizeof(id));
as = ntohs(short_as);
if (ibuf_get_n16(buf, &short_as) == -1 ||
ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
as = short_as;
} else {
printf("bad length");
break;
goto bad_len;
}
printf("%s [%s]", log_as(as), inet_ntoa(id));
break;
case ATTR_COMMUNITIES:
show_community(data, alen);
break;
case ATTR_ORIGINATOR_ID:
if (alen == 4) {
memcpy(&id, data, sizeof(id));
printf("%s", inet_ntoa(id));
} else
printf("bad length");
show_community(buf);
break;
case ATTR_CLUSTER_LIST:
for (ioff = 0; ioff + sizeof(id) <= alen;
ioff += sizeof(id)) {
memcpy(&id, data + ioff, sizeof(id));
while (ibuf_size(buf) > 0) {
if (ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
printf(" %s", inet_ntoa(id));
}
break;
case ATTR_MP_REACH_NLRI:
case ATTR_MP_UNREACH_NLRI:
if (alen < 3) {
bad_len:
printf("bad length");
break;
}
memcpy(&afi, data, 2);
data += 2;
alen -= 2;
afi = ntohs(afi);
safi = *data++;
alen--;
if (ibuf_get_n16(buf, &afi) == -1 ||
ibuf_get_n8(buf, &safi) == -1)
goto bad_len;
if (afi2aid(afi, safi, &aid) == -1) {
printf("bad AFI/SAFI pair");
@ -914,11 +869,7 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
if (type == ATTR_MP_REACH_NLRI) {
struct bgpd_addr nexthop;
uint8_t nhlen;
if (len == 0)
goto bad_len;
nhlen = *data++;
alen--;
if (nhlen > len)
if (ibuf_get_n8(buf, &nhlen) == -1)
goto bad_len;
memset(&nexthop, 0, sizeof(nexthop));
switch (aid) {
@ -926,35 +877,39 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
nexthop.aid = aid;
if (nhlen != 16 && nhlen != 32)
goto bad_len;
memcpy(&nexthop.v6.s6_addr, data, 16);
if (ibuf_get(buf, &nexthop.v6,
sizeof(nexthop.v6)) == -1)
goto bad_len;
break;
case AID_VPN_IPv4:
if (nhlen != 12)
goto bad_len;
nexthop.aid = AID_INET;
memcpy(&nexthop.v4, data + sizeof(uint64_t),
sizeof(nexthop.v4));
if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
ibuf_get(buf, &nexthop.v4,
sizeof(nexthop.v4)) == -1)
goto bad_len;
break;
case AID_VPN_IPv6:
if (nhlen != 24)
goto bad_len;
nexthop.aid = AID_INET6;
memcpy(&nexthop.v6, data + sizeof(uint64_t),
sizeof(nexthop.v6));
if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
ibuf_get(buf, &nexthop.v6,
sizeof(nexthop.v6)) == -1)
goto bad_len;
break;
default:
printf("unhandled AID #%u", aid);
goto done;
}
/* ignore reserved (old SNPA) field as per RFC4760 */
data += nhlen + 1;
alen -= nhlen + 1;
if (ibuf_skip(buf, 1) == -1)
goto bad_len;
printf(" nexthop: %s", log_addr(&nexthop));
}
ibuf_from_buffer(buf, data, alen);
while (ibuf_size(buf) > 0) {
if (addpath)
if (ibuf_get_n32(buf, &pathid) == -1)
@ -985,32 +940,36 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
}
break;
case ATTR_EXT_COMMUNITIES:
show_ext_community(data, alen);
show_ext_community(buf);
break;
case ATTR_LARGE_COMMUNITIES:
show_large_community(data, alen);
show_large_community(buf);
break;
case ATTR_OTC:
if (alen == 4) {
memcpy(&as, data, sizeof(as));
as = ntohl(as);
printf("%s", log_as(as));
} else {
printf("bad length");
}
if (alen != 4 || ibuf_get_n32(buf, &as) == -1)
goto bad_len;
printf("%s", log_as(as));
break;
case ATTR_ATOMIC_AGGREGATE:
default:
printf(" len %u", alen);
printf(" len %zu", alen);
if (alen) {
printf(":");
for (i=0; i < alen; i++)
printf(" %02x", *(data+i));
for (i = 0; i < alen; i++) {
if (ibuf_get_n8(buf, &b) == -1)
goto bad_len;
printf(" %02x", b);
}
}
break;
}
done:
printf("%c", EOL0(reqflags));
return;
bad_len:
printf("bad length%c", EOL0(reqflags));
}
static void

246
usr.sbin/bgpctl/output_json.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: output_json.c,v 1.41 2024/01/30 13:51:13 claudio Exp $ */
/* $OpenBSD: output_json.c,v 1.42 2024/01/31 11:23:20 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -512,22 +512,18 @@ json_communities(struct ibuf *data, struct parse_result *res)
}
static void
json_do_community(u_char *data, uint16_t len)
json_do_community(struct ibuf *buf)
{
uint16_t a, v, i;
if (len & 0x3) {
json_do_string("error", "bad length");
return;
}
uint16_t a, v;
json_do_array("communities");
for (i = 0; i < len; i += 4) {
memcpy(&a, data + i, sizeof(a));
memcpy(&v, data + i + 2, sizeof(v));
a = ntohs(a);
v = ntohs(v);
while (ibuf_size(buf) > 0) {
if (ibuf_get_n16(buf, &a) == -1 ||
ibuf_get_n16(buf, &v) == -1) {
json_do_string("error", "bad length");
return;
}
json_do_string("community", fmt_community(a, v));
}
@ -535,49 +531,36 @@ json_do_community(u_char *data, uint16_t len)
}
static void
json_do_large_community(u_char *data, uint16_t len)
json_do_large_community(struct ibuf *buf)
{
uint32_t a, l1, l2;
uint16_t i;
if (len % 12) {
json_do_string("error", "bad length");
return;
}
json_do_array("large_communities");
for (i = 0; i < len; i += 12) {
memcpy(&a, data + i, sizeof(a));
memcpy(&l1, data + i + 4, sizeof(l1));
memcpy(&l2, data + i + 8, sizeof(l2));
a = ntohl(a);
l1 = ntohl(l1);
l2 = ntohl(l2);
json_do_string("community",
fmt_large_community(a, l1, l2));
while (ibuf_size(buf) > 0) {
if (ibuf_get_n32(buf, &a) == -1 ||
ibuf_get_n32(buf, &l1) == -1 ||
ibuf_get_n32(buf, &l2) == -1) {
json_do_string("error", "bad length");
return;
}
json_do_string("community", fmt_large_community(a, l1, l2));
}
json_do_end();
}
static void
json_do_ext_community(u_char *data, uint16_t len)
json_do_ext_community(struct ibuf *buf)
{
uint64_t ext;
uint16_t i;
if (len & 0x7) {
json_do_string("error", "bad length");
return;
}
json_do_array("extended_communities");
for (i = 0; i < len; i += 8) {
memcpy(&ext, data + i, sizeof(ext));
ext = be64toh(ext);
while (ibuf_size(buf) > 0) {
if (ibuf_get_n64(buf, &ext) == -1) {
json_do_string("error", "bad length");
return;
}
json_do_string("community", fmt_ext_community(ext));
}
@ -585,66 +568,57 @@ json_do_ext_community(u_char *data, uint16_t len)
}
static void
json_attr(u_char *data, size_t len, int reqflags, int addpath)
json_attr(struct ibuf *buf, int reqflags, int addpath)
{
struct bgpd_addr prefix;
struct in_addr id;
struct ibuf ibuf, *buf = &ibuf, asbuf, *path = NULL;
struct ibuf asbuf, *path = NULL;
char *aspath;
uint32_t as, pathid;
uint16_t alen, afi, off, short_as;
uint8_t flags, type, safi, aid, prefixlen;
uint32_t as, pathid, val;
uint16_t alen, afi, short_as;
uint8_t flags, type, safi, aid, prefixlen, origin;
int e4, e2;
if (len < 3) {
warnx("Too short BGP attribute");
return;
}
flags = data[0];
type = data[1];
if (flags & ATTR_EXTLEN) {
if (len < 4) {
warnx("Too short BGP attribute");
return;
}
memcpy(&alen, data+2, sizeof(uint16_t));
alen = ntohs(alen);
data += 4;
len -= 4;
} else {
alen = data[2];
data += 3;
len -= 3;
}
/* bad imsg len how can that happen!? */
if (alen > len) {
warnx("Bad BGP attribute length");
return;
}
json_do_array("attributes");
json_do_object("attribute", 0);
if (ibuf_get_n8(buf, &flags) == -1 ||
ibuf_get_n8(buf, &type) == -1)
goto bad_len;
json_do_string("type", fmt_attr(type, -1));
json_do_uint("length", alen);
json_do_object("flags", 1);
json_do_bool("partial", flags & ATTR_PARTIAL);
json_do_bool("transitive", flags & ATTR_TRANSITIVE);
json_do_bool("optional", flags & ATTR_OPTIONAL);
json_do_end();
if (flags & ATTR_EXTLEN) {
uint16_t attr_len;
if (ibuf_get_n16(buf, &attr_len) == -1)
goto bad_len;
alen = attr_len;
} else {
uint8_t attr_len;
if (ibuf_get_n8(buf, &attr_len) == -1)
goto bad_len;
alen = attr_len;
}
json_do_uint("length", alen);
/* bad imsg len how can that happen!? */
if (alen > ibuf_size(buf))
goto bad_len;
switch (type) {
case ATTR_ORIGIN:
if (alen == 1)
json_do_string("origin", fmt_origin(*data, 0));
else
json_do_string("error", "bad length");
if (alen != 1 || ibuf_get_n8(buf, &origin) == -1)
goto bad_len;
json_do_string("origin", fmt_origin(origin, 0));
break;
case ATTR_ASPATH:
case ATTR_AS4_PATH:
ibuf_from_buffer(buf, data, alen);
/* prefer 4-byte AS here */
e4 = aspath_verify(buf, 1, 0);
e2 = aspath_verify(buf, 0, 0);
@ -668,70 +642,55 @@ json_attr(u_char *data, size_t len, int reqflags, int addpath)
ibuf_free(path);
break;
case ATTR_NEXTHOP:
if (alen == 4) {
memcpy(&id, data, sizeof(id));
json_do_string("nexthop", inet_ntoa(id));
} else
json_do_string("error", "bad length");
if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
json_do_string("nexthop", inet_ntoa(id));
break;
case ATTR_MED:
case ATTR_LOCALPREF:
if (alen == 4) {
uint32_t val;
memcpy(&val, data, sizeof(val));
json_do_uint("metric", ntohl(val));
} else
json_do_string("error", "bad length");
if (alen != 4 || ibuf_get_n32(buf, &val) == -1)
goto bad_len;
json_do_uint("metric", val);
break;
case ATTR_AGGREGATOR:
case ATTR_AS4_AGGREGATOR:
if (alen == 8) {
memcpy(&as, data, sizeof(as));
memcpy(&id, data + sizeof(as), sizeof(id));
as = ntohl(as);
if (ibuf_get_n32(buf, &as) == -1 ||
ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
} else if (alen == 6) {
memcpy(&short_as, data, sizeof(short_as));
memcpy(&id, data + sizeof(short_as), sizeof(id));
as = ntohs(short_as);
if (ibuf_get_n16(buf, &short_as) == -1 ||
ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
as = short_as;
} else {
json_do_string("error", "bad AS-Path");
break;
goto bad_len;
}
json_do_uint("AS", as);
json_do_string("router_id", inet_ntoa(id));
break;
case ATTR_COMMUNITIES:
json_do_community(data, alen);
json_do_community(buf);
break;
case ATTR_ORIGINATOR_ID:
if (alen == 4) {
memcpy(&id, data, sizeof(id));
json_do_string("originator", inet_ntoa(id));
} else
json_do_string("error", "bad length");
if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
json_do_string("originator", inet_ntoa(id));
break;
case ATTR_CLUSTER_LIST:
json_do_array("cluster_list");
for (off = 0; off + sizeof(id) <= alen;
off += sizeof(id)) {
memcpy(&id, data + off, sizeof(id));
while (ibuf_size(buf) > 0) {
if (ibuf_get(buf, &id, sizeof(id)) == -1)
goto bad_len;
json_do_string("cluster_id", inet_ntoa(id));
}
json_do_end();
break;
case ATTR_MP_REACH_NLRI:
case ATTR_MP_UNREACH_NLRI:
if (alen < 3) {
bad_len:
json_do_string("error", "bad length");
break;
}
memcpy(&afi, data, 2);
data += 2;
alen -= 2;
afi = ntohs(afi);
safi = *data++;
alen--;
if (ibuf_get_n16(buf, &afi) == -1 ||
ibuf_get_n8(buf, &safi) == -1)
goto bad_len;
if (afi2aid(afi, safi, &aid) == -1) {
json_do_printf("error", "bad AFI/SAFI pair: %d/%d",
@ -743,11 +702,7 @@ bad_len:
if (type == ATTR_MP_REACH_NLRI) {
struct bgpd_addr nexthop;
uint8_t nhlen;
if (len == 0)
goto bad_len;
nhlen = *data++;
alen--;
if (nhlen > len)
if (ibuf_get_n8(buf, &nhlen) == -1)
goto bad_len;
memset(&nexthop, 0, sizeof(nexthop));
switch (aid) {
@ -755,21 +710,27 @@ bad_len:
nexthop.aid = aid;
if (nhlen != 16 && nhlen != 32)
goto bad_len;
memcpy(&nexthop.v6.s6_addr, data, 16);
if (ibuf_get(buf, &nexthop.v6,
sizeof(nexthop.v6)) == -1)
goto bad_len;
break;
case AID_VPN_IPv4:
if (nhlen != 12)
goto bad_len;
nexthop.aid = AID_INET;
memcpy(&nexthop.v4, data + sizeof(uint64_t),
sizeof(nexthop.v4));
if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
ibuf_get(buf, &nexthop.v4,
sizeof(nexthop.v4)) == -1)
goto bad_len;
break;
case AID_VPN_IPv6:
if (nhlen != 24)
goto bad_len;
nexthop.aid = AID_INET6;
memcpy(&nexthop.v6, data + sizeof(uint64_t),
sizeof(nexthop.v6));
if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
ibuf_get(buf, &nexthop.v6,
sizeof(nexthop.v6)) == -1)
goto bad_len;
break;
default:
json_do_printf("error", "unhandled AID: %d",
@ -777,14 +738,12 @@ bad_len:
return;
}
/* ignore reserved (old SNPA) field as per RFC4760 */
data += nhlen + 1;
alen -= nhlen + 1;
if (ibuf_skip(buf, 1) == -1)
goto bad_len;
json_do_string("nexthop", log_addr(&nexthop));
}
ibuf_from_buffer(buf, data, alen);
json_do_array("NLRI");
while (ibuf_size(buf) > 0) {
json_do_object("prefix", 1);
@ -821,25 +780,26 @@ bad_len:
json_do_end();
break;
case ATTR_EXT_COMMUNITIES:
json_do_ext_community(data, alen);
json_do_ext_community(buf);
break;
case ATTR_LARGE_COMMUNITIES:
json_do_large_community(data, alen);
json_do_large_community(buf);
break;
case ATTR_OTC:
if (alen == 4) {
memcpy(&as, data, sizeof(as));
as = ntohl(as);
json_do_uint("as", as);
} else
json_do_string("error", "bad length");
if (alen != 4 || ibuf_get_n32(buf, &as) == -1)
goto bad_len;
json_do_uint("as", as);
break;
case ATTR_ATOMIC_AGGREGATE:
default:
if (alen)
json_do_hexdump("data", data, alen);
json_do_hexdump("data", ibuf_data(buf), ibuf_size(buf));
break;
}
return;
bad_len:
json_do_string("error", "bad length");
}
static void

5
usr.sbin/rpki-client/extern.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.199 2024/01/18 14:34:26 job Exp $ */
/* $OpenBSD: extern.h,v 1.201 2024/01/31 06:57:21 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -629,7 +629,8 @@ void mft_free(struct mft *);
struct mft *mft_parse(X509 **, const char *, int, const unsigned char *,
size_t);
struct mft *mft_read(struct ibuf *);
int mft_compare(const struct mft *, const struct mft *);
int mft_compare_issued(const struct mft *, const struct mft *);
int mft_compare_seqnum(const struct mft *, const struct mft *);
void roa_buffer(struct ibuf *, const struct roa *);
void roa_free(struct roa *);

26
usr.sbin/rpki-client/mft.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: mft.c,v 1.100 2023/12/11 15:50:23 job Exp $ */
/* $OpenBSD: mft.c,v 1.102 2024/01/31 06:57:21 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -545,20 +545,26 @@ mft_read(struct ibuf *b)
}
/*
* Compare the manifestNumber of two MFT files.
* Returns 1 if first MFT should be used, 0 if both are equal, and -1 if the
* second MFT should be used.
* Compare the thisupdate time of two mft files.
*/
int
mft_compare(const struct mft *a, const struct mft *b)
mft_compare_issued(const struct mft *a, const struct mft *b)
{
if (a->thisupdate > b->thisupdate)
return 1;
if (a->thisupdate < b->thisupdate)
return -1;
return 0;
}
/*
* Compare the manifestNumber of two mft files.
*/
int
mft_compare_seqnum(const struct mft *a, const struct mft *b)
{
int r;
if (b == NULL)
return 1;
if (a == NULL)
return -1;
r = strlen(a->seqnum) - strlen(b->seqnum);
if (r > 0) /* seqnum in a is longer -> higher */
return 1;

94
usr.sbin/rpki-client/parser.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.108 2024/01/18 14:34:26 job Exp $ */
/* $OpenBSD: parser.c,v 1.113 2024/01/31 06:57:21 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -258,22 +258,28 @@ parse_load_crl_from_mft(struct entity *entp, struct mft *mft, enum location loc,
*/
static struct mft *
proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
struct crl **crl, char **crlfile, const char **errstr)
struct crl **crl, char **crlfile, struct mft *cached_mft,
const char **errstr)
{
struct mft *mft;
X509 *x509;
struct auth *a;
unsigned char *der;
size_t len;
int issued_cmp, seqnum_cmp;
*crl = NULL;
*crlfile = NULL;
*errstr = NULL;
/* XXX - pull this into proc_parser_mft. */
*file = parse_filepath(entp->repoid, entp->path, entp->file, loc);
if (*file == NULL)
return NULL;
if (noop && loc == DIR_TEMP)
return NULL;
der = load_file(*file, &len);
if (der == NULL && errno != ENOENT)
warn("parse file %s", *file);
@ -293,21 +299,63 @@ proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
*crl = parse_load_crl_from_mft(entp, mft, DIR_VALID, crlfile);
a = valid_ski_aki(*file, &auths, mft->ski, mft->aki, NULL);
if (!valid_x509(*file, ctx, x509, a, *crl, errstr)) {
X509_free(x509);
mft_free(mft);
crl_free(*crl);
*crl = NULL;
free(*crlfile);
*crlfile = NULL;
return NULL;
}
if (!valid_x509(*file, ctx, x509, a, *crl, errstr))
goto err;
X509_free(x509);
x509 = NULL;
mft->repoid = entp->repoid;
mft->talid = a->cert->talid;
if (cached_mft == NULL)
return mft;
/*
* Check that the cached manifest is older in the sense that it was
* issued earlier and that it has a smaller sequence number.
*/
if ((issued_cmp = mft_compare_issued(mft, cached_mft)) < 0) {
warnx("%s: unexpected manifest issuance time (want >= %lld, "
"got %lld)", *file, (long long)cached_mft->thisupdate,
(long long)mft->thisupdate);
goto err;
}
if ((seqnum_cmp = mft_compare_seqnum(mft, cached_mft)) < 0) {
warnx("%s: unexpected manifest number (want >= #%s, got #%s)",
*file, cached_mft->seqnum, mft->seqnum);
goto err;
}
if (issued_cmp > 0 && seqnum_cmp == 0) {
warnx("%s#%s: reissued manifest at %lld and %lld with same "
"sequence number", *file, cached_mft->seqnum,
(long long)mft->thisupdate,
(long long)cached_mft->thisupdate);
goto err;
}
if (issued_cmp == 0 && seqnum_cmp > 0) {
warnx("%s#%s: reissued manifest same issuance time %lld as #%s",
*file, mft->seqnum, (long long)mft->thisupdate,
cached_mft->seqnum);
goto err;
}
if (issued_cmp == 0 && seqnum_cmp == 0 && memcmp(mft->mfthash,
cached_mft->mfthash, SHA256_DIGEST_LENGTH) != 0) {
warnx("%s: manifest misissuance, #%s was recycled",
*file, mft->seqnum);
goto err;
}
return mft;
err:
X509_free(x509);
mft_free(mft);
crl_free(*crl);
*crl = NULL;
free(*crlfile);
*crlfile = NULL;
return NULL;
}
/*
@ -367,32 +415,22 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
struct crl *crl, *crl1, *crl2;
char *file, *file1, *file2, *crl1file, *crl2file;
const char *err1, *err2;
int r, warned = 0;
int warned = 0;
*mp = NULL;
*crlmtime = 0;
mft1 = proc_parser_mft_pre(entp, DIR_TEMP, &file1, &crl1, &crl1file,
&err1);
mft2 = proc_parser_mft_pre(entp, DIR_VALID, &file2, &crl2, &crl2file,
&err2);
NULL, &err2);
mft1 = proc_parser_mft_pre(entp, DIR_TEMP, &file1, &crl1, &crl1file,
mft2, &err1);
/* overload error from temp file if it is set */
if (mft1 == NULL && mft2 == NULL)
if (err2 != NULL)
err1 = err2;
if (err1 != NULL)
err2 = err1;
r = mft_compare(mft1, mft2);
if (r == -1 && mft1 != NULL && mft2 != NULL)
warnx("%s: unexpected manifest number (want >= #%s, got #%s)",
file1, mft2->seqnum, mft1->seqnum);
if (r == 0 && memcmp(mft1->mfthash, mft2->mfthash,
SHA256_DIGEST_LENGTH) != 0)
warnx("%s: manifest misissuance, #%s was recycled",
file1, mft1->seqnum);
if (!noop && r == 1) {
if (!noop && mft1 != NULL) {
*mp = proc_parser_mft_post(file1, mft1, entp->path, err1,
&warned);
if (*mp == NULL) {

10
usr.sbin/rpki-client/rpki-client.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: rpki-client.8,v 1.99 2024/01/16 19:52:39 job Exp $
.\" $OpenBSD: rpki-client.8,v 1.100 2024/01/31 17:19:02 job Exp $
.\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 16 2024 $
.Dd $Mdocdate: January 31 2024 $
.Dt RPKI-CLIENT 8
.Os
.Sh NAME
@ -445,6 +445,12 @@ agreement regarding ARIN service restrictions.
.%U https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
.%D September, 2023
.Re
.Pp
.Rs
.%T Detecting RRDP Session Desynchronization
.%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rrdp-desynchronization-00
.%D Jan, 2024
.Re
.Sh HISTORY
.Nm
first appeared in

4
usr.sbin/rpki-client/x509.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509.c,v 1.75 2023/11/16 11:10:59 tb Exp $ */
/* $OpenBSD: x509.c,v 1.76 2024/01/31 15:01:13 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -956,7 +956,7 @@ x509_valid_subject(const char *fn, const X509 *x)
return 0;
default:
warnx("%s: RFC 6487 section 4.5: unexpected attribute "
"%s", fn, OBJ_nid2sn(nid));
"%d (%s)", fn, nid, OBJ_nid2ln(nid));
return 0;
}
}