diff --git a/regress/lib/libssl/interop/Makefile b/regress/lib/libssl/interop/Makefile index 21dfce359..bdc67f627 100644 --- a/regress/lib/libssl/interop/Makefile +++ b/regress/lib/libssl/interop/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.20 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $ -SUBDIR = libressl openssl11 openssl31 openssl32 +SUBDIR = libressl openssl33 openssl34 # the above binaries must have been built before we can continue SUBDIR += netcat @@ -10,7 +10,7 @@ SUBDIR += botan # What is below takes a long time. # setting REGRESS_SKIP_SLOW to "yes" in mk.conf # will skip the tests that do not test libressl -# but do things like test openssl11 to openssl 3 +# but do things like test openssl 3.x to openssl 3.y SUBDIR += version SUBDIR += cipher # This takes a really long time. diff --git a/regress/lib/libssl/interop/botan/Makefile b/regress/lib/libssl/interop/botan/Makefile index e20553012..85877d429 100644 --- a/regress/lib/libssl/interop/botan/Makefile +++ b/regress/lib/libssl/interop/botan/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ .include @@ -20,14 +20,11 @@ CXX = /usr/local/bin/eg++ .endif LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -LIBRARIES += openssl31 -.endif -.if exists(/usr/local/bin/eopenssl32) -LIBRARIES += openssl32 +.if exists(/usr/local/bin/eopenssl34) +LIBRARIES += openssl34 .endif PROGS = client diff --git a/regress/lib/libssl/interop/cert/Makefile b/regress/lib/libssl/interop/cert/Makefile index ab35d03d7..74c63c86a 100644 --- a/regress/lib/libssl/interop/cert/Makefile +++ b/regress/lib/libssl/interop/cert/Makefile @@ -1,20 +1,17 @@ -# $OpenBSD: Makefile,v 1.13 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $ # Connect a client to a server. Both can be current libressl, or -# openssl 1.1 or 3.0. Create client and server certificates +# openssl 3.x. Create client and server certificates # that are signed by a CA and not signed by a fake CA. Try all # combinations with, without, and with wrong CA for client and server # and check the result of certificate verification. LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -LIBRARIES += openssl31 -.endif -.if exists(/usr/local/bin/eopenssl32) -LIBRARIES += openssl32 +.if exists(/usr/local/bin/eopenssl34) +LIBRARIES += openssl34 .endif .for cca in noca ca fakeca diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile index bf4a1e28d..fa7e25f9e 100644 --- a/regress/lib/libssl/interop/cipher/Makefile +++ b/regress/lib/libssl/interop/cipher/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.16 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or 3.0. Create lists of supported ciphers @@ -7,14 +7,11 @@ # have used correct cipher by grepping in their session print out. LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -LIBRARIES += openssl31 -.endif -.if exists(/usr/local/bin/eopenssl32) -LIBRARIES += openssl32 +.if exists(/usr/local/bin/eopenssl34) +LIBRARIES += openssl34 .endif CLEANFILES = *.tmp *.ciphers ciphers.mk @@ -44,9 +41,8 @@ client-${clib}-server-${slib}.ciphers: \ uniq -d <$@.tmp >$@ # we are only interested in ciphers supported by libressl sort $@ client-libressl.ciphers >$@.tmp -. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ - "${clib}" == "openssl31" || "${slib}" == "openssl31" || \ - "${clib}" == "openssl32" || "${slib}" == "openssl32" +. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ + "${clib}" == "openssl34" || "${slib}" == "openssl34" # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers sed -i '/^TLS_/d' $@.tmp . endif @@ -74,9 +70,8 @@ regress: ciphers.mk .endif LEVEL_libressl = -LEVEL_openssl11 = ,@SECLEVEL=0 -LEVEL_openssl31 = ,@SECLEVEL=0 -LEVEL_openssl32 = ,@SECLEVEL=0 +LEVEL_openssl33 = ,@SECLEVEL=0 +LEVEL_openssl34 = ,@SECLEVEL=0 .for clib in ${LIBRARIES} .for slib in ${LIBRARIES} @@ -137,7 +132,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ . endif . if "${clib}" == "libressl" # libressl client may prefer chacha-poly if aes-ni is not supported -. if "${slib}" == "openssl11" || "${slib}" == "openssl31" || "${slib}" == "openssl32" +. if "${slib}" == "openssl33" || "${slib}" == "openssl34" egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out . else egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile index ee6fc7e10..3b8e3f95b 100644 --- a/regress/lib/libssl/interop/netcat/Makefile +++ b/regress/lib/libssl/interop/netcat/Makefile @@ -1,14 +1,11 @@ -# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -LIBRARIES += openssl31 -.endif -.if exists(/usr/local/bin/eopenssl32) -LIBRARIES += openssl32 +.if exists(/usr/local/bin/eopenssl34) +LIBRARIES += openssl34 .endif # run netcat server and connect with test client diff --git a/regress/lib/libssl/interop/openssl11/Makefile b/regress/lib/libssl/interop/openssl11/Makefile deleted file mode 100644 index 27e735492..000000000 --- a/regress/lib/libssl/interop/openssl11/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# $OpenBSD: Makefile,v 1.8 2021/12/02 17:10:53 kn Exp $ - -.if ! exists(/usr/local/bin/eopenssl11) -regress: - # install openssl-1.1 from ports for interop tests - @echo 'Run "pkg_add openssl--%1.1" to run tests against OpenSSL 1.1' - @echo SKIPPED -.else - -PROGS = client server -CPPFLAGS = -I /usr/local/include/eopenssl11 -LDFLAGS = -L /usr/local/lib/eopenssl11 -LDADD = -lssl -lcrypto -DPADD = /usr/local/lib/eopenssl11/libssl.a \ - /usr/local/lib/eopenssl11/libcrypto.a -LD_LIBRARY_PATH = /usr/local/lib/eopenssl11 -REGRESS_TARGETS = run-self-client-server -.for p in ${PROGS} -REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p -.endfor - -.for p in ${PROGS} - -run-ldd-$p: ldd-$p.out - # check that $p is linked with OpenSSL 1.1 - grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out - grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out - # check that $p is not linked with LibreSSL - ! grep -v libc.so ldd-$p.out | grep /usr/lib/ - -run-version-$p: $p-self.out - # check that runtime version is OpenSSL 1.1 - grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out - -run-protocol-$p: $p-self.out - # check that OpenSSL 1.1 protocol version is TLS 1.3 - grep 'Protocol *: TLSv1.3' $p-self.out - -.endfor - -.endif # exists(/usr/local/bin/eopenssl11) - -.include diff --git a/regress/lib/libssl/interop/openssl32/Makefile b/regress/lib/libssl/interop/openssl32/Makefile deleted file mode 100644 index 87255138f..000000000 --- a/regress/lib/libssl/interop/openssl32/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# $OpenBSD: Makefile,v 1.2 2024/10/22 16:31:10 tb Exp $ - -.if ! exists(/usr/local/bin/eopenssl32) -regress: - # install openssl-3.2 ports for interop tests - @echo 'Run "pkg_add openssl--%3.2" to run tests against OpenSSL 3.2' - @echo SKIPPED -.else - -PROGS = client server -CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED -CPPFLAGS = -I /usr/local/include/eopenssl32 -LDFLAGS = -L /usr/local/lib/eopenssl32 -LDADD = -lssl -lcrypto -DPADD = /usr/local/lib/eopenssl32/libssl.a \ - /usr/local/lib/eopenssl32/libcrypto.a -LD_LIBRARY_PATH = /usr/local/lib/eopenssl32 -REGRESS_TARGETS = run-self-client-server -.for p in ${PROGS} -REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p -.endfor - -.for p in ${PROGS} - -run-ldd-$p: ldd-$p.out - # check that $p is linked with OpenSSL 3.2 - grep -q /usr/local/lib/eopenssl32/libcrypto.so ldd-$p.out - grep -q /usr/local/lib/eopenssl32/libssl.so ldd-$p.out - # check that $p is not linked with LibreSSL - ! grep -v libc.so ldd-$p.out | grep /usr/lib/ - -run-version-$p: $p-self.out - # check that runtime version is OpenSSL 3.2 - grep 'SSLEAY_VERSION: OpenSSL 3.2' $p-self.out - -run-protocol-$p: $p-self.out - # check that OpenSSL 3.2 protocol version is TLS 1.3 - grep 'Protocol *: TLSv1.3' $p-self.out - -.endfor - -.endif # exists(/usr/local/bin/eopenssl32) - -.include diff --git a/regress/lib/libssl/interop/openssl33/Makefile b/regress/lib/libssl/interop/openssl33/Makefile new file mode 100644 index 000000000..eff61704d --- /dev/null +++ b/regress/lib/libssl/interop/openssl33/Makefile @@ -0,0 +1,44 @@ +# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $ + +.if ! exists(/usr/local/bin/eopenssl33) +regress: + # install openssl-3.3 from ports for interop tests + @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3' + @echo SKIPPED +.else + +PROGS = client server +CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED +CPPFLAGS = -I /usr/local/include/eopenssl33 +LDFLAGS = -L /usr/local/lib/eopenssl33 +LDADD = -lssl -lcrypto +DPADD = /usr/local/lib/eopenssl33/libssl.a \ + /usr/local/lib/eopenssl33/libcrypto.a +LD_LIBRARY_PATH = /usr/local/lib/eopenssl33 +REGRESS_TARGETS = run-self-client-server +.for p in ${PROGS} +REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p +.endfor + +.for p in ${PROGS} + +run-ldd-$p: ldd-$p.out + # check that $p is linked with OpenSSL 3.3 + grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out + grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out + # check that $p is not linked with LibreSSL + ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p-self.out + # check that runtime version is OpenSSL 3.3 + grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out + +run-protocol-$p: $p-self.out + # check that OpenSSL 3.3 protocol version is TLS 1.3 + grep 'Protocol *: TLSv1.3' $p-self.out + +.endfor + +.endif # exists(/usr/local/bin/eopenssl33) + +.include diff --git a/regress/lib/libssl/interop/openssl34/Makefile b/regress/lib/libssl/interop/openssl34/Makefile new file mode 100644 index 000000000..72246bb62 --- /dev/null +++ b/regress/lib/libssl/interop/openssl34/Makefile @@ -0,0 +1,44 @@ +# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $ + +.if ! exists(/usr/local/bin/eopenssl34) +regress: + # install openssl-3.4 from ports for interop tests + @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4' + @echo SKIPPED +.else + +PROGS = client server +CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED +CPPFLAGS = -I /usr/local/include/eopenssl34 +LDFLAGS = -L /usr/local/lib/eopenssl34 +LDADD = -lssl -lcrypto +DPADD = /usr/local/lib/eopenssl34/libssl.a \ + /usr/local/lib/eopenssl34/libcrypto.a +LD_LIBRARY_PATH = /usr/local/lib/eopenssl34 +REGRESS_TARGETS = run-self-client-server +.for p in ${PROGS} +REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p +.endfor + +.for p in ${PROGS} + +run-ldd-$p: ldd-$p.out + # check that $p is linked with OpenSSL 3.4 + grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out + grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out + # check that $p is not linked with LibreSSL + ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p-self.out + # check that runtime version is OpenSSL 3.4 + grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out + +run-protocol-$p: $p-self.out + # check that OpenSSL 3.4 protocol version is TLS 1.3 + grep 'Protocol *: TLSv1.3' $p-self.out + +.endfor + +.endif # exists(/usr/local/bin/eopenssl34) + +.include diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile index ab6503c97..e9a353f99 100644 --- a/regress/lib/libssl/interop/session/Makefile +++ b/regress/lib/libssl/interop/session/Makefile @@ -1,20 +1,14 @@ -# $OpenBSD: Makefile,v 1.11 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $ LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +#LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -#LIBRARIES += openssl31 -.endif -.if exists(/usr/local/bin/eopenssl32) -#LIBRARIES += openssl32 +.if exists(/usr/local/bin/eopenssl34) +#LIBRARIES += openssl34 .endif -run-session-client-libressl-server-libressl \ -run-session-client-libressl-server-openssl11 \ -run-session-client-openssl11-server-libressl \ -run-session-client-openssl11-server-openssl11: +run-session-client-libressl-server-libressl: # TLS 1.3 needs some extra setup for session reuse @echo DISABLED diff --git a/regress/lib/libssl/interop/version/Makefile b/regress/lib/libssl/interop/version/Makefile index aa5883fa2..605fba252 100644 --- a/regress/lib/libssl/interop/version/Makefile +++ b/regress/lib/libssl/interop/version/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ +# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS @@ -7,11 +7,11 @@ # print out. LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 +.if exists(/usr/local/bin/eopenssl33) +LIBRARIES += openssl33 .endif -.if exists(/usr/local/bin/eopenssl31) -LIBRARIES += openssl31 +.if exists(/usr/local/bin/eopenssl34) +LIBRARIES += openssl34 .endif VERSIONS = any TLS1_2 TLS1_3 @@ -29,7 +29,8 @@ FAIL_${cver}_${sver} = ! .for slib in ${LIBRARIES} .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ - ((("${clib}" != openssl31 && "${slib}" != openssl31)) || \ + ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \ + (("${clib}" != openssl34 && "${slib}" != openssl34)) || \ (("${cver}" != any && "${sver}" != any) && \ ("${cver}" != TLS1 && "${sver}" != TLS1) && \ ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index 1912d0f88..22bae9d92 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.65 2024/08/23 04:57:12 tb Exp $ +# $OpenBSD: appstest.sh,v 1.66 2025/01/15 05:02:01 tb Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi # @@ -1883,7 +1883,7 @@ function test_version { #---------#---------#---------#---------#---------#---------#---------#--------- openssl_bin=${OPENSSL:-/usr/bin/openssl} -other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl11} +other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl33} other_openssl_version=`$other_openssl_bin version | cut -b 1-10` ecdsa_tests=0 diff --git a/regress/usr.sbin/rpki-client/Makefile b/regress/usr.sbin/rpki-client/Makefile index b116b6098..4f0f70606 100644 --- a/regress/usr.sbin/rpki-client/Makefile +++ b/regress/usr.sbin/rpki-client/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.14 2024/09/04 04:35:30 tb Exp $ +# $OpenBSD: Makefile,v 1.15 2025/01/15 11:00:09 tb Exp $ SUBDIR += libressl -.if exists(/usr/local/bin/eopenssl32) +.if exists(/usr/local/bin/eopenssl33) SUBDIR += openssl .endif diff --git a/regress/usr.sbin/rpki-client/openssl/Makefile b/regress/usr.sbin/rpki-client/openssl/Makefile index 0976c2b23..14753880c 100644 --- a/regress/usr.sbin/rpki-client/openssl/Makefile +++ b/regress/usr.sbin/rpki-client/openssl/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.2 2024/10/15 21:03:10 tb Exp $ +# $OpenBSD: Makefile,v 1.3 2025/01/15 11:00:09 tb Exp $ -EOPENSSL = eopenssl32 +EOPENSSL = eopenssl33 LDADD += -Wl,-rpath,/usr/local/lib/${EOPENSSL} -L/usr/local/lib/${EOPENSSL} CFLAGS += -I${.CURDIR}/ -I/usr/local/include/${EOPENSSL}/ diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 5707070ef..77c760fab 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.295 2025/01/07 05:36:52 guenther Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.296 2025/01/15 06:15:44 dlg Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -569,7 +569,8 @@ ether_input(struct ifnet *ifp, struct mbuf *m) if (mq_enqueue(&pppoediscinq, m) == 0) schednetisr(NETISR_PPPOE); } else { - if (mq_enqueue(&pppoeinq, m) == 0) + m = pppoe_vinput(ifp, m); + if (m != NULL && mq_enqueue(&pppoeinq, m) == 0) schednetisr(NETISR_PPPOE); } return; diff --git a/sys/net/if_pppoe.c b/sys/net/if_pppoe.c index ba194a5fe..e47733775 100644 --- a/sys/net/if_pppoe.c +++ b/sys/net/if_pppoe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pppoe.c,v 1.84 2024/06/26 01:40:49 jsg Exp $ */ +/* $OpenBSD: if_pppoe.c,v 1.85 2025/01/15 06:15:44 dlg Exp $ */ /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ /* @@ -42,6 +42,8 @@ #include #include #include +#include +#include #include #include #include @@ -124,7 +126,9 @@ struct pppoe_softc { struct sppp sc_sppp; /* contains a struct ifnet as first element */ LIST_ENTRY(pppoe_softc) sc_list;/* [K] */ unsigned int sc_eth_ifidx; /* [K] */ + caddr_t sc_bpf; + SMR_LIST_ENTRY(pppoe_softc) sc_session_entry; /* [K] */ int sc_state; /* [K] discovery phase or session connected */ struct ether_addr sc_dest; /* [K] hardware address of concentrator */ u_int16_t sc_session; /* [K] PPPoE session id */ @@ -175,6 +179,7 @@ static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int static struct mbuf *pppoe_get_mbuf(size_t len); LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; +SMR_LIST_HEAD(pppoe_softc_sessions, pppoe_softc) pppoe_sessions; /* [K] */ /* interface cloning */ int pppoe_clone_create(struct if_clone *, int); @@ -209,9 +214,19 @@ void pppoeattach(int count) { LIST_INIT(&pppoe_softc_list); + SMR_LIST_INIT(&pppoe_sessions); if_clone_attach(&pppoe_cloner); } +static void +pppoe_set_state(struct pppoe_softc *sc, int state) +{ + KERNEL_ASSERT_LOCKED(); + if (sc->sc_state == PPPOE_STATE_SESSION) + SMR_LIST_REMOVE_LOCKED(sc, sc_session_entry); + sc->sc_state = state; +} + /* Create a new interface. */ int pppoe_clone_create(struct if_clone *ifc, int unit) @@ -230,6 +245,8 @@ pppoe_clone_create(struct if_clone *ifc, int unit) sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ + sc->sc_sppp.pp_if.if_input = p2p_input; + sc->sc_sppp.pp_if.if_bpf_mtap = p2p_bpf_mtap; sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; sc->sc_sppp.pp_if.if_start = pppoe_start; sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; @@ -243,11 +260,14 @@ pppoe_clone_create(struct if_clone *ifc, int unit) /* init timer for interface watchdog */ timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc); + if_counters_alloc(&sc->sc_sppp.pp_if); if_attach(&sc->sc_sppp.pp_if); if_alloc_sadl(&sc->sc_sppp.pp_if); sppp_attach(&sc->sc_sppp.pp_if); #if NBPFILTER > 0 - bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); + bpfattach(&sc->sc_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); + bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, + DLT_LOOP, sizeof(uint32_t)); #endif NET_LOCK(); @@ -274,6 +294,7 @@ pppoe_clone_destroy(struct ifnet *ifp) NET_UNLOCK(); timeout_del(&sc->sc_timeout); + pppoe_set_state(sc, PPPOE_STATE_INITIAL); sppp_detach(&sc->sc_sppp.pp_if); if_detach(ifp); @@ -289,6 +310,8 @@ pppoe_clone_destroy(struct ifnet *ifp) if (sc->sc_relay_sid) free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); + smr_barrier(); + free(sc, M_DEVBUF, sizeof(*sc)); return (0); @@ -318,6 +341,28 @@ pppoe_find_softc_by_session(u_int session, u_int ifidx) return (NULL); } +static struct pppoe_softc * +pppoe_smr_find_by_session(u_int session, u_int ifidx) +{ + struct pppoe_softc *sc; + + if (session == 0) + return (NULL); + + smr_read_enter(); + SMR_LIST_FOREACH(sc, &pppoe_sessions, sc_session_entry) { + if (sc->sc_session == session && + sc->sc_eth_ifidx == ifidx) { + /* XXX if_ref() */ + refcnt_take(&sc->sc_sppp.pp_if.if_refcnt); + break; + } + } + smr_read_leave(); + + return (sc); +} + /* * Check host unique token passed and return appropriate softc pointer, * or NULL if token is bogus. @@ -603,7 +648,7 @@ breakbreak: memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); sc->sc_padr_retried = 0; - sc->sc_state = PPPOE_STATE_PADR_SENT; + pppoe_set_state(sc, PPPOE_STATE_PADR_SENT); if ((err = pppoe_send_padr(sc)) != 0) { PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", sc->sc_sppp.pp_if.if_xname, err)); @@ -616,12 +661,16 @@ breakbreak: if (sc == NULL) goto done; + KERNEL_ASSERT_LOCKED(); + sc->sc_session = session; timeout_del(&sc->sc_timeout); PPPOEDEBUG(("%s: session 0x%x connected\n", sc->sc_sppp.pp_if.if_xname, session)); sc->sc_state = PPPOE_STATE_SESSION; getmicrouptime(&sc->sc_session_time); + SMR_LIST_INSERT_HEAD_LOCKED(&pppoe_sessions, sc, + sc_session_entry); sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ break; @@ -635,7 +684,7 @@ breakbreak: sc->sc_sppp.pp_if.if_xname, session)); /* clean up softc */ - sc->sc_state = PPPOE_STATE_INITIAL; + pppoe_set_state(sc, PPPOE_STATE_PADR_SENT); memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); if (sc->sc_ac_cookie) { free(sc->sc_ac_cookie, M_DEVBUF, @@ -677,6 +726,108 @@ pppoe_disc_input(struct mbuf *m) m_freem(m); } +struct mbuf * +pppoe_vinput(struct ifnet *ifp0, struct mbuf *m) +{ + struct pppoe_softc *sc; + struct ifnet *ifp; + struct ether_header *eh; + struct pppoehdr *ph; + uint16_t proto; + int hlen = sizeof(*eh) + sizeof(*ph); + int phlen; + int plen; + int af = AF_UNSPEC; +#if NBPFILTER > 0 + caddr_t if_bpf; +#endif + time_t now; + + smr_read_enter(); + sc = SMR_LIST_FIRST(&pppoe_sessions); + smr_read_leave(); + if (sc == NULL) + return (m); + + if (m->m_pkthdr.len < hlen) + return (m); + if (m->m_len < hlen) { + m = m_pullup(m, hlen); + if (m == NULL) + return (NULL); + } + + eh = mtod(m, struct ether_header *); + ph = (struct pppoehdr *)(eh + 1); + if (ph->vertype != PPPOE_VERTYPE) + return (m); + if (ph->code != 0) + return (m); + + sc = pppoe_smr_find_by_session(ntohs(ph->session), ifp0->if_index); + if (sc == NULL) { + /* no session, don't waste any more time */ + m_freem(m); + return (NULL); + } + + ifp = &sc->sc_sppp.pp_if; + + plen = ntohs(ph->plen); + if (plen < sizeof(proto)) + goto drop; + + phlen = hlen + sizeof(proto); + if (m->m_pkthdr.len < phlen) + goto drop; + if (m->m_len < phlen) { + m = m_pullup(m, phlen); + if (m == NULL) + goto put; + } + + proto = *(uint16_t *)(mtod(m, caddr_t) + hlen); + af = sppp_proto_up(ifp, proto); + if (af == AF_UNSPEC) + goto put; + +#if NBPFILTER > 0 + if_bpf = sc->sc_bpf; + if (if_bpf) { + m_adj(m, sizeof(*eh)); + bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN); + m_adj(m, phlen - sizeof(*eh)); + } else +#endif + m_adj(m, phlen); + + plen -= sizeof(proto); + if (m->m_pkthdr.len < plen) { + counters_inc(ifp->if_counters, ifc_ierrors); + goto drop; + } + + if (m->m_pkthdr.len > plen) + m_adj(m, plen - m->m_pkthdr.len); + + /* XXX not 64bit or MP safe */ + now = getuptime(); + if (sc->sc_sppp.pp_last_activity < now) + sc->sc_sppp.pp_last_activity = now; + + m->m_pkthdr.ph_family = af; + if_vinput(ifp, m); +done: + m = NULL; +put: + if_put(ifp); + + return (m); +drop: + m_freem(m); + goto done; +} + /* Input function for data packets */ void pppoe_data_input(struct mbuf *m) @@ -731,8 +882,8 @@ pppoe_data_input(struct mbuf *m) plen = ntohs(ph->plen); #if NBPFILTER > 0 - if(sc->sc_sppp.pp_if.if_bpf) - bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN); + if (sc->sc_bpf) + bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN); #endif m_adj(m, PPPOE_HEADERLEN); @@ -927,7 +1078,7 @@ pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) && sc->sc_state >= PPPOE_STATE_PADI_SENT && sc->sc_state < PPPOE_STATE_SESSION) { timeout_del(&sc->sc_timeout); - sc->sc_state = PPPOE_STATE_INITIAL; + pppoe_set_state(sc, PPPOE_STATE_INITIAL); sc->sc_padi_retried = 0; sc->sc_padr_retried = 0; memcpy(&sc->sc_dest, etherbroadcastaddr, @@ -965,7 +1116,8 @@ pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) if (sc->sc_state >= PPPOE_STATE_PADI_SENT && sc->sc_state < PPPOE_STATE_SESSION) { timeout_del(&sc->sc_timeout); - sc->sc_state = PPPOE_STATE_INITIAL; + pppoe_set_state(sc, + PPPOE_STATE_INITIAL); sc->sc_padi_retried = 0; sc->sc_padr_retried = 0; memcpy(&sc->sc_dest, @@ -1136,7 +1288,7 @@ pppoe_timeout(void *arg) if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); - sc->sc_state = PPPOE_STATE_PADI_SENT; + pppoe_set_state(sc, PPPOE_STATE_PADI_SENT); sc->sc_padr_retried = 0; if ((err = pppoe_send_padi(sc)) != 0) { PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", @@ -1179,7 +1331,7 @@ pppoe_connect(struct pppoe_softc *sc) x = splnet(); /* save state, in case we fail to send PADI */ - sc->sc_state = PPPOE_STATE_PADI_SENT; + pppoe_set_state(sc, PPPOE_STATE_PADI_SENT); sc->sc_padr_retried = 0; err = pppoe_send_padi(sc); if (err != 0) @@ -1211,7 +1363,7 @@ pppoe_disconnect(struct pppoe_softc *sc) } /* cleanup softc */ - sc->sc_state = PPPOE_STATE_INITIAL; + pppoe_set_state(sc, PPPOE_STATE_INITIAL); memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); if (sc->sc_ac_cookie) { free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); @@ -1239,14 +1391,14 @@ pppoe_abort_connect(struct pppoe_softc *sc) { printf("%s: could not establish connection\n", sc->sc_sppp.pp_if.if_xname); - sc->sc_state = PPPOE_STATE_CLOSING; + pppoe_set_state(sc, PPPOE_STATE_CLOSING); /* notify upper layer */ sc->sc_sppp.pp_down(&sc->sc_sppp); /* clear connection state */ memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); - sc->sc_state = PPPOE_STATE_INITIAL; + pppoe_set_state(sc, PPPOE_STATE_INITIAL); } /* Send a PADR packet */ @@ -1385,7 +1537,7 @@ pppoe_tlf(struct sppp *sp) * machine gets confused by this. We must return from this * function and defer disconnecting to the timeout handler. */ - sc->sc_state = PPPOE_STATE_CLOSING; + pppoe_set_state(sc, PPPOE_STATE_CLOSING); timeout_add_msec(&sc->sc_timeout, 20); } @@ -1417,9 +1569,8 @@ pppoe_start(struct ifnet *ifp) PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); #if NBPFILTER > 0 - if(sc->sc_sppp.pp_if.if_bpf) - bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, - BPF_DIRECTION_OUT); + if (sc->sc_bpf) + bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_OUT); #endif pppoe_output(sc, m); diff --git a/sys/net/if_pppoe.h b/sys/net/if_pppoe.h index 997b17a5d..a4abacf89 100644 --- a/sys/net/if_pppoe.h +++ b/sys/net/if_pppoe.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pppoe.h,v 1.8 2022/06/29 09:08:07 mvs Exp $ */ +/* $OpenBSD: if_pppoe.h,v 1.9 2025/01/15 06:15:44 dlg Exp $ */ /* $NetBSD: if_pppoe.h,v 1.5 2003/11/28 08:56:48 keihan Exp $ */ /* @@ -69,5 +69,8 @@ struct pppoeconnectionstate { extern struct mbuf_queue pppoediscinq; extern struct mbuf_queue pppoeinq; +int pppoe_if_exists(void); +struct mbuf *pppoe_vinput(struct ifnet *, struct mbuf *); + #endif /* _KERNEL */ #endif /* _NET_IF_PPPOE_H_ */ diff --git a/sys/net/if_sppp.h b/sys/net/if_sppp.h index 40debe451..93f1af936 100644 --- a/sys/net/if_sppp.h +++ b/sys/net/if_sppp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sppp.h,v 1.30 2021/11/17 18:00:24 bket Exp $ */ +/* $OpenBSD: if_sppp.h,v 1.31 2025/01/15 06:15:44 dlg Exp $ */ /* $NetBSD: if_sppp.h,v 1.2.2.1 1999/04/04 06:57:39 explorer Exp $ */ /* @@ -232,6 +232,7 @@ struct sppp { void sppp_attach (struct ifnet *ifp); void sppp_detach (struct ifnet *ifp); void sppp_input (struct ifnet *ifp, struct mbuf *m); +int sppp_proto_up(struct ifnet *ifp, uint16_t); /* Workaround */ void spppattach (struct ifnet *ifp); diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index a6c6d52f6..371f2998b 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.194 2024/06/22 10:22:29 jsg Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.195 2025/01/15 06:15:44 dlg Exp $ */ /* * Synchronous PPP link level subroutines. * @@ -415,6 +415,30 @@ spppattach(struct ifnet *ifp) { } +int +sppp_proto_up(struct ifnet *ifp, uint16_t proto) +{ + struct sppp *sp = (struct sppp *)ifp; + int af = AF_UNSPEC; + + switch (ntohs(proto)) { + case PPP_IP: + if (sp->state[IDX_IPCP] == STATE_OPENED) + af = AF_INET; + break; +#ifdef INET6 + case PPP_IPV6: + if (sp->state[IDX_IPV6CP] == STATE_OPENED) + af = AF_INET6; + break; +#endif + default: + break; + } + + return (af); +} + /* * Process the received packet. */ diff --git a/usr.bin/pkg-config/OpenBSD/PkgConfig.pm b/usr.bin/pkg-config/OpenBSD/PkgConfig.pm index 89d36f37b..ce92c17bf 100644 --- a/usr.bin/pkg-config/OpenBSD/PkgConfig.pm +++ b/usr.bin/pkg-config/OpenBSD/PkgConfig.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: PkgConfig.pm,v 1.12 2024/02/11 03:57:10 gkoehler Exp $ +# $OpenBSD: PkgConfig.pm,v 1.13 2025/01/15 11:54:36 jca Exp $ # # Copyright (c) 2006 Marc Espie # @@ -19,6 +19,7 @@ use v5.36; # interface to the *.pc file format of pkg-config. package OpenBSD::PkgConfig; +use File::Basename; # specific properties may have specific needs. @@ -106,6 +107,8 @@ sub read_fh($class, $fh, $name = '') { my $cfg = $class->new; + $cfg->add_variable('pcfiledir', dirname($name)); + while (<$fh>) { chomp; # continuation lines @@ -145,6 +148,8 @@ sub read_file($class, $filename) sub write_fh($self, $fh) { foreach my $variable (@{$self->{vlist}}) { + # writing out pcfiledir makes no sense + next if $variable eq 'pcfiledir'; say $fh "$variable=", $self->{variables}{$variable}; } print $fh "\n\n";