SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2025-01-15 17:41:16 +00:00
parent f11f16fb18
commit 9134045afa
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
20 changed files with 344 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

6
regress/lib/libssl/interop/Makefile
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.20 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $
SUBDIR = libressl openssl11 openssl31 openssl32
SUBDIR = libressl openssl33 openssl34
# the above binaries must have been built before we can continue
SUBDIR += netcat
@ -10,7 +10,7 @@ SUBDIR += botan
# What is below takes a long time.
# setting REGRESS_SKIP_SLOW to "yes" in mk.conf
# will skip the tests that do not test libressl
# but do things like test openssl11 to openssl 3
# but do things like test openssl 3.x to openssl 3.y
SUBDIR += version
SUBDIR += cipher
# This takes a really long time.

13
regress/lib/libssl/interop/botan/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
.include <bsd.own.mk>
@ -20,14 +20,11 @@ CXX = /usr/local/bin/eg++
.endif
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
LIBRARIES += openssl31
.endif
.if exists(/usr/local/bin/eopenssl32)
LIBRARIES += openssl32
.if exists(/usr/local/bin/eopenssl34)
LIBRARIES += openssl34
.endif
PROGS = client

15
regress/lib/libssl/interop/cert/Makefile
View file

@ -1,20 +1,17 @@
# $OpenBSD: Makefile,v 1.13 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or 3.0. Create client and server certificates
# openssl 3.x. Create client and server certificates
# that are signed by a CA and not signed by a fake CA. Try all
# combinations with, without, and with wrong CA for client and server
# and check the result of certificate verification.
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
LIBRARIES += openssl31
.endif
.if exists(/usr/local/bin/eopenssl32)
LIBRARIES += openssl32
.if exists(/usr/local/bin/eopenssl34)
LIBRARIES += openssl34
.endif
.for cca in noca ca fakeca

25
regress/lib/libssl/interop/cipher/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.16 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or 3.0. Create lists of supported ciphers
@ -7,14 +7,11 @@
# have used correct cipher by grepping in their session print out.
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
LIBRARIES += openssl31
.endif
.if exists(/usr/local/bin/eopenssl32)
LIBRARIES += openssl32
.if exists(/usr/local/bin/eopenssl34)
LIBRARIES += openssl34
.endif
CLEANFILES = *.tmp *.ciphers ciphers.mk
@ -44,9 +41,8 @@ client-${clib}-server-${slib}.ciphers: \
uniq -d <$@.tmp >$@
# we are only interested in ciphers supported by libressl
sort $@ client-libressl.ciphers >$@.tmp
. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
"${clib}" == "openssl31" || "${slib}" == "openssl31" || \
"${clib}" == "openssl32" || "${slib}" == "openssl32"
. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
"${clib}" == "openssl34" || "${slib}" == "openssl34"
# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
sed -i '/^TLS_/d' $@.tmp
. endif
@ -74,9 +70,8 @@ regress: ciphers.mk
.endif
LEVEL_libressl =
LEVEL_openssl11 = ,@SECLEVEL=0
LEVEL_openssl31 = ,@SECLEVEL=0
LEVEL_openssl32 = ,@SECLEVEL=0
LEVEL_openssl33 = ,@SECLEVEL=0
LEVEL_openssl34 = ,@SECLEVEL=0
.for clib in ${LIBRARIES}
.for slib in ${LIBRARIES}
@ -137,7 +132,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
. endif
. if "${clib}" == "libressl"
# libressl client may prefer chacha-poly if aes-ni is not supported
. if "${slib}" == "openssl11" || "${slib}" == "openssl31" || "${slib}" == "openssl32"
. if "${slib}" == "openssl33" || "${slib}" == "openssl34"
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
. else
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out

13
regress/lib/libssl/interop/netcat/Makefile
View file

@ -1,14 +1,11 @@
# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
LIBRARIES += openssl31
.endif
.if exists(/usr/local/bin/eopenssl32)
LIBRARIES += openssl32
.if exists(/usr/local/bin/eopenssl34)
LIBRARIES += openssl34
.endif
# run netcat server and connect with test client

43
regress/lib/libssl/interop/openssl11/Makefile
View file

@ -1,43 +0,0 @@
# $OpenBSD: Makefile,v 1.8 2021/12/02 17:10:53 kn Exp $
.if ! exists(/usr/local/bin/eopenssl11)
regress:
# install openssl-1.1 from ports for interop tests
@echo 'Run "pkg_add openssl--%1.1" to run tests against OpenSSL 1.1'
@echo SKIPPED
.else
PROGS = client server
CPPFLAGS = -I /usr/local/include/eopenssl11
LDFLAGS = -L /usr/local/lib/eopenssl11
LDADD = -lssl -lcrypto
DPADD = /usr/local/lib/eopenssl11/libssl.a \
/usr/local/lib/eopenssl11/libcrypto.a
LD_LIBRARY_PATH = /usr/local/lib/eopenssl11
REGRESS_TARGETS = run-self-client-server
.for p in ${PROGS}
REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
.endfor
.for p in ${PROGS}
run-ldd-$p: ldd-$p.out
# check that $p is linked with OpenSSL 1.1
grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out
grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
# check that $p is not linked with LibreSSL
! grep -v libc.so ldd-$p.out | grep /usr/lib/
run-version-$p: $p-self.out
# check that runtime version is OpenSSL 1.1
grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out
run-protocol-$p: $p-self.out
# check that OpenSSL 1.1 protocol version is TLS 1.3
grep 'Protocol *: TLSv1.3' $p-self.out
.endfor
.endif # exists(/usr/local/bin/eopenssl11)
.include <bsd.regress.mk>

44
regress/lib/libssl/interop/openssl32/Makefile
View file

@ -1,44 +0,0 @@
# $OpenBSD: Makefile,v 1.2 2024/10/22 16:31:10 tb Exp $
.if ! exists(/usr/local/bin/eopenssl32)
regress:
# install openssl-3.2 ports for interop tests
@echo 'Run "pkg_add openssl--%3.2" to run tests against OpenSSL 3.2'
@echo SKIPPED
.else
PROGS = client server
CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
CPPFLAGS = -I /usr/local/include/eopenssl32
LDFLAGS = -L /usr/local/lib/eopenssl32
LDADD = -lssl -lcrypto
DPADD = /usr/local/lib/eopenssl32/libssl.a \
/usr/local/lib/eopenssl32/libcrypto.a
LD_LIBRARY_PATH = /usr/local/lib/eopenssl32
REGRESS_TARGETS = run-self-client-server
.for p in ${PROGS}
REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
.endfor
.for p in ${PROGS}
run-ldd-$p: ldd-$p.out
# check that $p is linked with OpenSSL 3.2
grep -q /usr/local/lib/eopenssl32/libcrypto.so ldd-$p.out
grep -q /usr/local/lib/eopenssl32/libssl.so ldd-$p.out
# check that $p is not linked with LibreSSL
! grep -v libc.so ldd-$p.out | grep /usr/lib/
run-version-$p: $p-self.out
# check that runtime version is OpenSSL 3.2
grep 'SSLEAY_VERSION: OpenSSL 3.2' $p-self.out
run-protocol-$p: $p-self.out
# check that OpenSSL 3.2 protocol version is TLS 1.3
grep 'Protocol *: TLSv1.3' $p-self.out
.endfor
.endif # exists(/usr/local/bin/eopenssl32)
.include <bsd.regress.mk>

44
regress/lib/libssl/interop/openssl33/Makefile Normal file
View file

@ -0,0 +1,44 @@
# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
.if ! exists(/usr/local/bin/eopenssl33)
regress:
# install openssl-3.3 from ports for interop tests
@echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
@echo SKIPPED
.else
PROGS = client server
CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
CPPFLAGS = -I /usr/local/include/eopenssl33
LDFLAGS = -L /usr/local/lib/eopenssl33
LDADD = -lssl -lcrypto
DPADD = /usr/local/lib/eopenssl33/libssl.a \
/usr/local/lib/eopenssl33/libcrypto.a
LD_LIBRARY_PATH = /usr/local/lib/eopenssl33
REGRESS_TARGETS = run-self-client-server
.for p in ${PROGS}
REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
.endfor
.for p in ${PROGS}
run-ldd-$p: ldd-$p.out
# check that $p is linked with OpenSSL 3.3
grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
# check that $p is not linked with LibreSSL
! grep -v libc.so ldd-$p.out | grep /usr/lib/
run-version-$p: $p-self.out
# check that runtime version is OpenSSL 3.3
grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
run-protocol-$p: $p-self.out
# check that OpenSSL 3.3 protocol version is TLS 1.3
grep 'Protocol *: TLSv1.3' $p-self.out
.endfor
.endif # exists(/usr/local/bin/eopenssl33)
.include <bsd.regress.mk>

44
regress/lib/libssl/interop/openssl34/Makefile Normal file
View file

@ -0,0 +1,44 @@
# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
.if ! exists(/usr/local/bin/eopenssl34)
regress:
# install openssl-3.4 from ports for interop tests
@echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
@echo SKIPPED
.else
PROGS = client server
CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
CPPFLAGS = -I /usr/local/include/eopenssl34
LDFLAGS = -L /usr/local/lib/eopenssl34
LDADD = -lssl -lcrypto
DPADD = /usr/local/lib/eopenssl34/libssl.a \
/usr/local/lib/eopenssl34/libcrypto.a
LD_LIBRARY_PATH = /usr/local/lib/eopenssl34
REGRESS_TARGETS = run-self-client-server
.for p in ${PROGS}
REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
.endfor
.for p in ${PROGS}
run-ldd-$p: ldd-$p.out
# check that $p is linked with OpenSSL 3.4
grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
# check that $p is not linked with LibreSSL
! grep -v libc.so ldd-$p.out | grep /usr/lib/
run-version-$p: $p-self.out
# check that runtime version is OpenSSL 3.4
grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
run-protocol-$p: $p-self.out
# check that OpenSSL 3.4 protocol version is TLS 1.3
grep 'Protocol *: TLSv1.3' $p-self.out
.endfor
.endif # exists(/usr/local/bin/eopenssl34)
.include <bsd.regress.mk>

18
regress/lib/libssl/interop/session/Makefile
View file

@ -1,20 +1,14 @@
# $OpenBSD: Makefile,v 1.11 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
#LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
#LIBRARIES += openssl31
.endif
.if exists(/usr/local/bin/eopenssl32)
#LIBRARIES += openssl32
.if exists(/usr/local/bin/eopenssl34)
#LIBRARIES += openssl34
.endif
run-session-client-libressl-server-libressl \
run-session-client-libressl-server-openssl11 \
run-session-client-openssl11-server-libressl \
run-session-client-openssl11-server-openssl11:
run-session-client-libressl-server-libressl:
# TLS 1.3 needs some extra setup for session reuse
@echo DISABLED

13
regress/lib/libssl/interop/version/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $
# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@ -7,11 +7,11 @@
# print out.
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
LIBRARIES += openssl11
.if exists(/usr/local/bin/eopenssl33)
LIBRARIES += openssl33
.endif
.if exists(/usr/local/bin/eopenssl31)
LIBRARIES += openssl31
.if exists(/usr/local/bin/eopenssl34)
LIBRARIES += openssl34
.endif
VERSIONS = any TLS1_2 TLS1_3
@ -29,7 +29,8 @@ FAIL_${cver}_${sver} = !
.for slib in ${LIBRARIES}
.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
((("${clib}" != openssl31 && "${slib}" != openssl31)) || \
((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
(("${clib}" != openssl34 && "${slib}" != openssl34)) || \
(("${cver}" != any && "${sver}" != any) && \
("${cver}" != TLS1 && "${sver}" != TLS1) && \
("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))

4
regress/usr.bin/openssl/appstest.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# $OpenBSD: appstest.sh,v 1.65 2024/08/23 04:57:12 tb Exp $
# $OpenBSD: appstest.sh,v 1.66 2025/01/15 05:02:01 tb Exp $
#
# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
#
@ -1883,7 +1883,7 @@ function test_version {
#---------#---------#---------#---------#---------#---------#---------#---------
openssl_bin=${OPENSSL:-/usr/bin/openssl}
other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl11}
other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl33}
other_openssl_version=`$other_openssl_bin version | cut -b 1-10`
ecdsa_tests=0

4
regress/usr.sbin/rpki-client/Makefile
View file

@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.14 2024/09/04 04:35:30 tb Exp $
# $OpenBSD: Makefile,v 1.15 2025/01/15 11:00:09 tb Exp $
SUBDIR += libressl
.if exists(/usr/local/bin/eopenssl32)
.if exists(/usr/local/bin/eopenssl33)
SUBDIR += openssl
.endif

4
regress/usr.sbin/rpki-client/openssl/Makefile
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.2 2024/10/15 21:03:10 tb Exp $
# $OpenBSD: Makefile,v 1.3 2025/01/15 11:00:09 tb Exp $
EOPENSSL = eopenssl32
EOPENSSL = eopenssl33
LDADD += -Wl,-rpath,/usr/local/lib/${EOPENSSL} -L/usr/local/lib/${EOPENSSL}
CFLAGS += -I${.CURDIR}/ -I/usr/local/include/${EOPENSSL}/

5
sys/net/if_ethersubr.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_ethersubr.c,v 1.295 2025/01/07 05:36:52 guenther Exp $ */
/* $OpenBSD: if_ethersubr.c,v 1.296 2025/01/15 06:15:44 dlg Exp $ */
/* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */
/*
@ -569,7 +569,8 @@ ether_input(struct ifnet *ifp, struct mbuf *m)
if (mq_enqueue(&pppoediscinq, m) == 0)
schednetisr(NETISR_PPPOE);
} else {
if (mq_enqueue(&pppoeinq, m) == 0)
m = pppoe_vinput(ifp, m);
if (m != NULL && mq_enqueue(&pppoeinq, m) == 0)
schednetisr(NETISR_PPPOE);
}
return;

185
sys/net/if_pppoe.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_pppoe.c,v 1.84 2024/06/26 01:40:49 jsg Exp $ */
/* $OpenBSD: if_pppoe.c,v 1.85 2025/01/15 06:15:44 dlg Exp $ */
/* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */
/*
@ -42,6 +42,8 @@
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/ioctl.h>
#include <sys/smr.h>
#include <sys/percpu.h>
#include <net/if.h>
#include <net/if_var.h>
#include <net/if_types.h>
@ -124,7 +126,9 @@ struct pppoe_softc {
struct sppp sc_sppp; /* contains a struct ifnet as first element */
LIST_ENTRY(pppoe_softc) sc_list;/* [K] */
unsigned int sc_eth_ifidx; /* [K] */
caddr_t sc_bpf;
SMR_LIST_ENTRY(pppoe_softc) sc_session_entry; /* [K] */
int sc_state; /* [K] discovery phase or session connected */
struct ether_addr sc_dest; /* [K] hardware address of concentrator */
u_int16_t sc_session; /* [K] PPPoE session id */
@ -175,6 +179,7 @@ static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int
static struct mbuf *pppoe_get_mbuf(size_t len);
LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list;
SMR_LIST_HEAD(pppoe_softc_sessions, pppoe_softc) pppoe_sessions; /* [K] */
/* interface cloning */
int pppoe_clone_create(struct if_clone *, int);
@ -209,9 +214,19 @@ void
pppoeattach(int count)
{
LIST_INIT(&pppoe_softc_list);
SMR_LIST_INIT(&pppoe_sessions);
if_clone_attach(&pppoe_cloner);
}
static void
pppoe_set_state(struct pppoe_softc *sc, int state)
{
KERNEL_ASSERT_LOCKED();
if (sc->sc_state == PPPOE_STATE_SESSION)
SMR_LIST_REMOVE_LOCKED(sc, sc_session_entry);
sc->sc_state = state;
}
/* Create a new interface. */
int
pppoe_clone_create(struct if_clone *ifc, int unit)
@ -230,6 +245,8 @@ pppoe_clone_create(struct if_clone *ifc, int unit)
sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN;
sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */
sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */
sc->sc_sppp.pp_if.if_input = p2p_input;
sc->sc_sppp.pp_if.if_bpf_mtap = p2p_bpf_mtap;
sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl;
sc->sc_sppp.pp_if.if_start = pppoe_start;
sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest;
@ -243,11 +260,14 @@ pppoe_clone_create(struct if_clone *ifc, int unit)
/* init timer for interface watchdog */
timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc);
if_counters_alloc(&sc->sc_sppp.pp_if);
if_attach(&sc->sc_sppp.pp_if);
if_alloc_sadl(&sc->sc_sppp.pp_if);
sppp_attach(&sc->sc_sppp.pp_if);
#if NBPFILTER > 0
bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0);
bpfattach(&sc->sc_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0);
bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if,
DLT_LOOP, sizeof(uint32_t));
#endif
NET_LOCK();
@ -274,6 +294,7 @@ pppoe_clone_destroy(struct ifnet *ifp)
NET_UNLOCK();
timeout_del(&sc->sc_timeout);
pppoe_set_state(sc, PPPOE_STATE_INITIAL);
sppp_detach(&sc->sc_sppp.pp_if);
if_detach(ifp);
@ -289,6 +310,8 @@ pppoe_clone_destroy(struct ifnet *ifp)
if (sc->sc_relay_sid)
free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len);
smr_barrier();
free(sc, M_DEVBUF, sizeof(*sc));
return (0);
@ -318,6 +341,28 @@ pppoe_find_softc_by_session(u_int session, u_int ifidx)
return (NULL);
}
static struct pppoe_softc *
pppoe_smr_find_by_session(u_int session, u_int ifidx)
{
struct pppoe_softc *sc;
if (session == 0)
return (NULL);
smr_read_enter();
SMR_LIST_FOREACH(sc, &pppoe_sessions, sc_session_entry) {
if (sc->sc_session == session &&
sc->sc_eth_ifidx == ifidx) {
/* XXX if_ref() */
refcnt_take(&sc->sc_sppp.pp_if.if_refcnt);
break;
}
}
smr_read_leave();
return (sc);
}
/*
* Check host unique token passed and return appropriate softc pointer,
* or NULL if token is bogus.
@ -603,7 +648,7 @@ breakbreak:
memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest));
sc->sc_padr_retried = 0;
sc->sc_state = PPPOE_STATE_PADR_SENT;
pppoe_set_state(sc, PPPOE_STATE_PADR_SENT);
if ((err = pppoe_send_padr(sc)) != 0) {
PPPOEDEBUG(("%s: failed to send PADR, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
@ -616,12 +661,16 @@ breakbreak:
if (sc == NULL)
goto done;
KERNEL_ASSERT_LOCKED();
sc->sc_session = session;
timeout_del(&sc->sc_timeout);
PPPOEDEBUG(("%s: session 0x%x connected\n",
sc->sc_sppp.pp_if.if_xname, session));
sc->sc_state = PPPOE_STATE_SESSION;
getmicrouptime(&sc->sc_session_time);
SMR_LIST_INSERT_HEAD_LOCKED(&pppoe_sessions, sc,
sc_session_entry);
sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */
break;
@ -635,7 +684,7 @@ breakbreak:
sc->sc_sppp.pp_if.if_xname, session));
/* clean up softc */
sc->sc_state = PPPOE_STATE_INITIAL;
pppoe_set_state(sc, PPPOE_STATE_PADR_SENT);
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
if (sc->sc_ac_cookie) {
free(sc->sc_ac_cookie, M_DEVBUF,
@ -677,6 +726,108 @@ pppoe_disc_input(struct mbuf *m)
m_freem(m);
}
struct mbuf *
pppoe_vinput(struct ifnet *ifp0, struct mbuf *m)
{
struct pppoe_softc *sc;
struct ifnet *ifp;
struct ether_header *eh;
struct pppoehdr *ph;
uint16_t proto;
int hlen = sizeof(*eh) + sizeof(*ph);
int phlen;
int plen;
int af = AF_UNSPEC;
#if NBPFILTER > 0
caddr_t if_bpf;
#endif
time_t now;
smr_read_enter();
sc = SMR_LIST_FIRST(&pppoe_sessions);
smr_read_leave();
if (sc == NULL)
return (m);
if (m->m_pkthdr.len < hlen)
return (m);
if (m->m_len < hlen) {
m = m_pullup(m, hlen);
if (m == NULL)
return (NULL);
}
eh = mtod(m, struct ether_header *);
ph = (struct pppoehdr *)(eh + 1);
if (ph->vertype != PPPOE_VERTYPE)
return (m);
if (ph->code != 0)
return (m);
sc = pppoe_smr_find_by_session(ntohs(ph->session), ifp0->if_index);
if (sc == NULL) {
/* no session, don't waste any more time */
m_freem(m);
return (NULL);
}
ifp = &sc->sc_sppp.pp_if;
plen = ntohs(ph->plen);
if (plen < sizeof(proto))
goto drop;
phlen = hlen + sizeof(proto);
if (m->m_pkthdr.len < phlen)
goto drop;
if (m->m_len < phlen) {
m = m_pullup(m, phlen);
if (m == NULL)
goto put;
}
proto = *(uint16_t *)(mtod(m, caddr_t) + hlen);
af = sppp_proto_up(ifp, proto);
if (af == AF_UNSPEC)
goto put;
#if NBPFILTER > 0
if_bpf = sc->sc_bpf;
if (if_bpf) {
m_adj(m, sizeof(*eh));
bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN);
m_adj(m, phlen - sizeof(*eh));
} else
#endif
m_adj(m, phlen);
plen -= sizeof(proto);
if (m->m_pkthdr.len < plen) {
counters_inc(ifp->if_counters, ifc_ierrors);
goto drop;
}
if (m->m_pkthdr.len > plen)
m_adj(m, plen - m->m_pkthdr.len);
/* XXX not 64bit or MP safe */
now = getuptime();
if (sc->sc_sppp.pp_last_activity < now)
sc->sc_sppp.pp_last_activity = now;
m->m_pkthdr.ph_family = af;
if_vinput(ifp, m);
done:
m = NULL;
put:
if_put(ifp);
return (m);
drop:
m_freem(m);
goto done;
}
/* Input function for data packets */
void
pppoe_data_input(struct mbuf *m)
@ -731,8 +882,8 @@ pppoe_data_input(struct mbuf *m)
plen = ntohs(ph->plen);
#if NBPFILTER > 0
if(sc->sc_sppp.pp_if.if_bpf)
bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN);
if (sc->sc_bpf)
bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN);
#endif
m_adj(m, PPPOE_HEADERLEN);
@ -927,7 +1078,7 @@ pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data)
&& sc->sc_state >= PPPOE_STATE_PADI_SENT
&& sc->sc_state < PPPOE_STATE_SESSION) {
timeout_del(&sc->sc_timeout);
sc->sc_state = PPPOE_STATE_INITIAL;
pppoe_set_state(sc, PPPOE_STATE_INITIAL);
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
memcpy(&sc->sc_dest, etherbroadcastaddr,
@ -965,7 +1116,8 @@ pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data)
if (sc->sc_state >= PPPOE_STATE_PADI_SENT &&
sc->sc_state < PPPOE_STATE_SESSION) {
timeout_del(&sc->sc_timeout);
sc->sc_state = PPPOE_STATE_INITIAL;
pppoe_set_state(sc,
PPPOE_STATE_INITIAL);
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
memcpy(&sc->sc_dest,
@ -1136,7 +1288,7 @@ pppoe_timeout(void *arg)
if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) {
memcpy(&sc->sc_dest, etherbroadcastaddr,
sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_PADI_SENT;
pppoe_set_state(sc, PPPOE_STATE_PADI_SENT);
sc->sc_padr_retried = 0;
if ((err = pppoe_send_padi(sc)) != 0) {
PPPOEDEBUG(("%s: failed to send PADI, error=%d\n",
@ -1179,7 +1331,7 @@ pppoe_connect(struct pppoe_softc *sc)
x = splnet();
/* save state, in case we fail to send PADI */
sc->sc_state = PPPOE_STATE_PADI_SENT;
pppoe_set_state(sc, PPPOE_STATE_PADI_SENT);
sc->sc_padr_retried = 0;
err = pppoe_send_padi(sc);
if (err != 0)
@ -1211,7 +1363,7 @@ pppoe_disconnect(struct pppoe_softc *sc)
}
/* cleanup softc */
sc->sc_state = PPPOE_STATE_INITIAL;
pppoe_set_state(sc, PPPOE_STATE_INITIAL);
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
if (sc->sc_ac_cookie) {
free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len);
@ -1239,14 +1391,14 @@ pppoe_abort_connect(struct pppoe_softc *sc)
{
printf("%s: could not establish connection\n",
sc->sc_sppp.pp_if.if_xname);
sc->sc_state = PPPOE_STATE_CLOSING;
pppoe_set_state(sc, PPPOE_STATE_CLOSING);
/* notify upper layer */
sc->sc_sppp.pp_down(&sc->sc_sppp);
/* clear connection state */
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_INITIAL;
pppoe_set_state(sc, PPPOE_STATE_INITIAL);
}
/* Send a PADR packet */
@ -1385,7 +1537,7 @@ pppoe_tlf(struct sppp *sp)
* machine gets confused by this. We must return from this
* function and defer disconnecting to the timeout handler.
*/
sc->sc_state = PPPOE_STATE_CLOSING;
pppoe_set_state(sc, PPPOE_STATE_CLOSING);
timeout_add_msec(&sc->sc_timeout, 20);
}
@ -1417,9 +1569,8 @@ pppoe_start(struct ifnet *ifp)
PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
#if NBPFILTER > 0
if(sc->sc_sppp.pp_if.if_bpf)
bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m,
BPF_DIRECTION_OUT);
if (sc->sc_bpf)
bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_OUT);
#endif
pppoe_output(sc, m);

5
sys/net/if_pppoe.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_pppoe.h,v 1.8 2022/06/29 09:08:07 mvs Exp $ */
/* $OpenBSD: if_pppoe.h,v 1.9 2025/01/15 06:15:44 dlg Exp $ */
/* $NetBSD: if_pppoe.h,v 1.5 2003/11/28 08:56:48 keihan Exp $ */
/*
@ -69,5 +69,8 @@ struct pppoeconnectionstate {
extern struct mbuf_queue pppoediscinq;
extern struct mbuf_queue pppoeinq;
int pppoe_if_exists(void);
struct mbuf *pppoe_vinput(struct ifnet *, struct mbuf *);
#endif /* _KERNEL */
#endif /* _NET_IF_PPPOE_H_ */

3
sys/net/if_sppp.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_sppp.h,v 1.30 2021/11/17 18:00:24 bket Exp $ */
/* $OpenBSD: if_sppp.h,v 1.31 2025/01/15 06:15:44 dlg Exp $ */
/* $NetBSD: if_sppp.h,v 1.2.2.1 1999/04/04 06:57:39 explorer Exp $ */
/*
@ -232,6 +232,7 @@ struct sppp {
void sppp_attach (struct ifnet *ifp);
void sppp_detach (struct ifnet *ifp);
void sppp_input (struct ifnet *ifp, struct mbuf *m);
int sppp_proto_up(struct ifnet *ifp, uint16_t);
/* Workaround */
void spppattach (struct ifnet *ifp);

26
sys/net/if_spppsubr.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_spppsubr.c,v 1.194 2024/06/22 10:22:29 jsg Exp $ */
/* $OpenBSD: if_spppsubr.c,v 1.195 2025/01/15 06:15:44 dlg Exp $ */
/*
* Synchronous PPP link level subroutines.
*
@ -415,6 +415,30 @@ spppattach(struct ifnet *ifp)
{
}
int
sppp_proto_up(struct ifnet *ifp, uint16_t proto)
{
struct sppp *sp = (struct sppp *)ifp;
int af = AF_UNSPEC;
switch (ntohs(proto)) {
case PPP_IP:
if (sp->state[IDX_IPCP] == STATE_OPENED)
af = AF_INET;
break;
#ifdef INET6
case PPP_IPV6:
if (sp->state[IDX_IPV6CP] == STATE_OPENED)
af = AF_INET6;
break;
#endif
default:
break;
}
return (af);
}
/*
* Process the received packet.
*/

7
usr.bin/pkg-config/OpenBSD/PkgConfig.pm
View file

@ -1,5 +1,5 @@
# ex:ts=8 sw=4:
# $OpenBSD: PkgConfig.pm,v 1.12 2024/02/11 03:57:10 gkoehler Exp $
# $OpenBSD: PkgConfig.pm,v 1.13 2025/01/15 11:54:36 jca Exp $
#
# Copyright (c) 2006 Marc Espie <espie@openbsd.org>
#
@ -19,6 +19,7 @@ use v5.36;
# interface to the *.pc file format of pkg-config.
package OpenBSD::PkgConfig;
use File::Basename;
# specific properties may have specific needs.
@ -106,6 +107,8 @@ sub read_fh($class, $fh, $name = '')
{
my $cfg = $class->new;
$cfg->add_variable('pcfiledir', dirname($name));
while (<$fh>) {
chomp;
# continuation lines
@ -145,6 +148,8 @@ sub read_file($class, $filename)
sub write_fh($self, $fh)
{
foreach my $variable (@{$self->{vlist}}) {
# writing out pcfiledir makes no sense
next if $variable eq 'pcfiledir';
say $fh "$variable=", $self->{variables}{$variable};
}
print $fh "\n\n";