From 8a7e26f80e8fadfbb3368b122245f25d24e82059 Mon Sep 17 00:00:00 2001 From: purplerain Date: Wed, 25 Sep 2024 21:42:52 +0000 Subject: [PATCH] sync with OpenBSD -current --- bin/ksh/ksh.1 | 6 +- bin/ksh/shf.c | 10 +- etc/rc.d/iked | 7 +- etc/rc.d/isakmpd | 6 +- etc/rc.d/unbound | 5 +- lib/libpcap/scanner.l | 44 +- .../usr.sbin/bgpd/integrationtests/Makefile | 9 +- .../bgpd.maxattr.rdomain1.conf | 35 ++ .../bgpd.maxattr.rdomain2_1.conf | 393 ++++++++++++++++++ .../bgpd.maxattr.rdomain2_2.conf | 23 + .../usr.sbin/bgpd/integrationtests/maxattr.sh | 131 ++++++ .../bgpd/integrationtests/maxattr.test1.ok | 42 ++ .../bgpd/integrationtests/maxattr.test2.ok | 34 ++ share/man/man4/netintro.4 | 67 +-- sys/conf/newvers.sh | 8 +- sys/dev/pci/drm/i915/gt/uc/intel_guc_ads.c | 2 +- sys/kern/kern_pledge.c | 7 +- sys/kern/kern_sysctl.c | 10 +- sys/kern/subr_witness.c | 33 +- usr.bin/dig/dig.1 | 24 +- usr.bin/ssh/misc.c | 23 +- usr.bin/ssh/misc.h | 3 +- usr.bin/ssh/readconf.c | 28 +- usr.bin/ssh/servconf.c | 57 ++- usr.bin/ssh/ssh-agent.c | 6 +- usr.bin/ssh/ssh_config.5 | 8 +- usr.bin/systat/systat.1 | 6 +- usr.sbin/bgpd/rde.c | 14 +- usr.sbin/bgpd/rde.h | 6 +- usr.sbin/bgpd/rde_update.c | 160 +++++-- usr.sbin/sysupgrade/sysupgrade.8 | 23 +- usr.sbin/sysupgrade/sysupgrade.sh | 105 +++-- usr.sbin/vmd/sev.c | 4 +- usr.sbin/vmd/vmd.8 | 26 +- 34 files changed, 1118 insertions(+), 247 deletions(-) create mode 100644 regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain1.conf create mode 100644 regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_1.conf create mode 100644 regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_2.conf create mode 100644 regress/usr.sbin/bgpd/integrationtests/maxattr.sh create mode 100644 regress/usr.sbin/bgpd/integrationtests/maxattr.test1.ok create mode 100644 regress/usr.sbin/bgpd/integrationtests/maxattr.test2.ok diff --git a/bin/ksh/ksh.1 b/bin/ksh/ksh.1 index d60769e27..1cbd58468 100644 --- a/bin/ksh/ksh.1 +++ b/bin/ksh/ksh.1 @@ -1,8 +1,8 @@ -.\" $OpenBSD: ksh.1,v 1.220 2023/10/20 18:51:09 schwarze Exp $ +.\" $OpenBSD: ksh.1,v 1.221 2024/09/25 06:13:01 jmc Exp $ .\" .\" Public Domain .\" -.Dd $Mdocdate: October 20 2023 $ +.Dd $Mdocdate: September 25 2024 $ .Dt KSH 1 .Os .Sh NAME @@ -1800,10 +1800,8 @@ command may be used to list, change, and add to this cache (e.g.\& Brace expressions take the following form: .Bd -unfilled -offset indent .Sm off -.Xo .Ar prefix No { Ar str1 No ,..., .Ar strN No } Ar suffix -.Xc .Sm on .Ed .Pp diff --git a/bin/ksh/shf.c b/bin/ksh/shf.c index b2670b93f..a9347444c 100644 --- a/bin/ksh/shf.c +++ b/bin/ksh/shf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: shf.c,v 1.34 2019/06/28 13:34:59 deraadt Exp $ */ +/* $OpenBSD: shf.c,v 1.35 2024/09/23 21:18:33 deraadt Exp $ */ /* * Shell file I/O routines @@ -450,6 +450,10 @@ shf_read(char *buf, int bsize, struct shf *shf) ncopy = shf->rnleft; if (ncopy > bsize) ncopy = bsize; + if (memchr((char *)shf->rp, '\0', ncopy) != NULL) { + errorf("syntax error: NUL byte unexpected"); + return EOF; + } memcpy(buf, shf->rp, ncopy); buf += ncopy; bsize -= ncopy; @@ -493,6 +497,10 @@ shf_getse(char *buf, int bsize, struct shf *shf) ncopy = end ? end - shf->rp + 1 : shf->rnleft; if (ncopy > bsize) ncopy = bsize; + if (memchr((char *)shf->rp, '\0', ncopy) != NULL) { + errorf("syntax error: NUL byte unexpected"); + return NULL; + } memcpy(buf, (char *) shf->rp, ncopy); shf->rp += ncopy; shf->rnleft -= ncopy; diff --git a/etc/rc.d/iked b/etc/rc.d/iked index 44861ace9..005e57829 100644 --- a/etc/rc.d/iked +++ b/etc/rc.d/iked @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: iked,v 1.10 2022/09/04 06:57:13 ajacoutot Exp $ +# $OpenBSD: iked,v 1.11 2024/09/23 20:54:01 kn Exp $ daemon="/sbin/iked" @@ -12,10 +12,11 @@ rc_configtest() { # use rc_exec here since daemon_flags may contain arguments with spaces rc_exec "${daemon} -n ${daemon_flags}" } + rc_pre() { - [[ ${sasyncd_flags} != NO ]] && + if [[ ${sasyncd_flags} != NO ]]; then daemon_flags="-S ${daemon_flags}" - return 0 + fi } rc_cmd $1 diff --git a/etc/rc.d/isakmpd b/etc/rc.d/isakmpd index 1f554005b..559d0af3e 100644 --- a/etc/rc.d/isakmpd +++ b/etc/rc.d/isakmpd @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: isakmpd,v 1.3 2018/01/11 21:09:26 rpe Exp $ +# $OpenBSD: isakmpd,v 1.4 2024/09/23 20:54:01 kn Exp $ daemon="/sbin/isakmpd" @@ -9,9 +9,9 @@ daemon="/sbin/isakmpd" pexp="isakmpd: monitor \[priv\]" rc_pre() { - [[ ${sasyncd_flags} != NO ]] && + if [[ ${sasyncd_flags} != NO ]]; then daemon_flags="-S ${daemon_flags}" - return 0 + fi } rc_cmd $1 diff --git a/etc/rc.d/unbound b/etc/rc.d/unbound index 0f19c90fd..4429c0bbe 100644 --- a/etc/rc.d/unbound +++ b/etc/rc.d/unbound @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: unbound,v 1.7 2022/05/21 10:10:45 ajacoutot Exp $ +# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $ daemon="/usr/sbin/unbound" daemon_flags="-c /var/unbound/etc/unbound.conf" @@ -12,7 +12,8 @@ rc_pre() { /var/unbound/etc/unbound.conf > /dev/null 2>&1; then /usr/sbin/unbound-anchor -v fi - /usr/sbin/unbound-checkconf || return 1 + + /usr/sbin/unbound-checkconf } rc_cmd $1 diff --git a/lib/libpcap/scanner.l b/lib/libpcap/scanner.l index 85587fa1c..18f4f1619 100644 --- a/lib/libpcap/scanner.l +++ b/lib/libpcap/scanner.l @@ -1,5 +1,5 @@ %{ -/* $OpenBSD: scanner.l,v 1.32 2024/08/29 07:33:50 anton Exp $ */ +/* $OpenBSD: scanner.l,v 1.33 2024/09/24 14:20:31 sthen Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -26,7 +26,6 @@ #include #include -#include #include #include #include @@ -48,6 +47,7 @@ #include "grammar.h" static int stoi(char *); +static inline int xdtoi(int); #ifdef FLEX_SCANNER #define YY_NO_UNPUT @@ -333,23 +333,41 @@ yywrap(void) return 1; } +/* Hex digit to integer. */ +static inline int +xdtoi(int c) +{ + if (isdigit(c)) + return c - '0'; + else if (islower(c)) + return c - 'a' + 10; + else + return c - 'A' + 10; +} + /* - * Convert string to integer supporting also octal and hex notations. + * Convert string to integer. Just like atoi(), but checks for + * preceding 0x or 0 and uses hex or octal instead of decimal. */ static int stoi(char *s) { - long lval; - char *ep; + int base = 10; + int n = 0; - errno = 0; - lval = strtol(s, &ep, 0); - if (*s == '\0' || *ep != '\0') - bpf_error("invalid number %s", s); - if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || - (lval > INT_MAX || lval < INT_MIN)) - bpf_error("out of range: %s", s); + if (*s == '0') { + if (s[1] == 'x' || s[1] == 'X') { + s += 2; + base = 16; + } + else { + base = 8; + s += 1; + } + } + while (*s) + n = n * base + xdtoi(*s++); - return lval; + return n; } diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile index 5208dc2d2..48e201282 100644 --- a/regress/usr.sbin/bgpd/integrationtests/Makefile +++ b/regress/usr.sbin/bgpd/integrationtests/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.24 2024/04/09 09:35:57 claudio Exp $ +# $OpenBSD: Makefile,v 1.25 2024/09/25 14:42:39 claudio Exp $ REGRESS_TARGETS = network_statement md5 ovs capa policy pftable \ - mrt maxprefix maxprefixout maxcomm l3vpn \ - ixp lladdr \ + mrt maxprefix maxprefixout maxcomm maxattr \ + l3vpn ixp lladdr \ as0 med eval_all attr BGPD ?= /usr/sbin/bgpd @@ -42,6 +42,9 @@ maxprefixout: maxcomm: ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 +maxattr: + ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 + l3vpn: ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 13 14 diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain1.conf new file mode 100644 index 000000000..7e78a7137 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain1.conf @@ -0,0 +1,35 @@ +AS 4200000001 +router-id 10.12.57.1 +fib-update no + +log updates + +group rdomain2_1 { + descr "RDOMAIN2_1" + remote-as 4200000002 + + neighbor 10.12.57.2 + neighbor 2001:db8:57::2 +} +group rdomain2_2 { + descr "RDOMAIN2_2" + remote-as 4200000003 + + neighbor 10.12.57.3 + neighbor 2001:db8:57::3 +} + +match from any community 42:1 set prepend-self 1 +match from any community 42:2 set prepend-self 10 +match from any community 42:3 set { community 42:43 } +match from any community 42:4 set { + community 42:43 + community 42:10 + community 42:11 + community 42:12 + large-community 42:42:42 + large-community 42:42:43 +} + +allow from any +allow to any diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_1.conf new file mode 100644 index 000000000..9a999c30d --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_1.conf @@ -0,0 +1,393 @@ +AS 4200000002 +router-id 10.12.57.2 +fib-update no + +log updates + +listen on 10.12.57.2 +listen on 2001:db8:57::2 + +group rdomain1 { + descr "RDOMAIN1" + remote-as 4200000001 + local-address 10.12.57.2 + local-address 2001:db8:57::2 + + neighbor 10.12.57.1 + neighbor 2001:db8:57::1 +} + +match to any community 0:1 set { + community 0:10 + community 0:11 + community 0:12 + community 0:13 + community 0:14 + community 0:15 + community 0:16 + community 0:17 +} + +match to any community 0:2 set { + community 0:10 + community 0:11 + community 0:12 + community 0:13 + community 0:14 + community 0:15 + community 0:16 + community 0:20 + community 0:21 +} +match to any community 0:10 set { + large-community local-as:0:1 + large-community local-as:0:2 + large-community local-as:0:3 + large-community local-as:0:4 + large-community local-as:0:5 + large-community local-as:0:6 + large-community local-as:0:7 + large-community local-as:0:8 + large-community local-as:0:9 + large-community local-as:0:10 + large-community local-as:0:11 + large-community local-as:0:12 + large-community local-as:0:13 + large-community local-as:0:14 + large-community local-as:0:15 + large-community local-as:0:16 + large-community local-as:0:17 + large-community local-as:0:18 + large-community local-as:0:19 + large-community local-as:0:20 + large-community local-as:0:21 + large-community local-as:0:22 + large-community local-as:0:23 + large-community local-as:0:24 + large-community local-as:0:25 + large-community local-as:0:26 + large-community local-as:0:27 + large-community local-as:0:28 + large-community local-as:0:29 + large-community local-as:0:30 + large-community local-as:0:31 + large-community local-as:0:32 + large-community local-as:0:33 + large-community local-as:0:34 + large-community local-as:0:35 + large-community local-as:0:36 + large-community local-as:0:37 + large-community local-as:0:38 + large-community local-as:0:39 + large-community local-as:0:40 + large-community local-as:0:41 + large-community local-as:0:42 + large-community local-as:0:43 + large-community local-as:0:44 + large-community local-as:0:45 + large-community local-as:0:46 + large-community local-as:0:47 + large-community local-as:0:48 + large-community local-as:0:49 + large-community local-as:0:50 +} +match to any community 0:11 set { + large-community local-as:1:1 + large-community local-as:1:2 + large-community local-as:1:3 + large-community local-as:1:4 + large-community local-as:1:5 + large-community local-as:1:6 + large-community local-as:1:7 + large-community local-as:1:8 + large-community local-as:1:9 + large-community local-as:1:10 + large-community local-as:1:11 + large-community local-as:1:12 + large-community local-as:1:13 + large-community local-as:1:14 + large-community local-as:1:15 + large-community local-as:1:16 + large-community local-as:1:17 + large-community local-as:1:18 + large-community local-as:1:19 + large-community local-as:1:20 + large-community local-as:1:21 + large-community local-as:1:22 + large-community local-as:1:23 + large-community local-as:1:24 + large-community local-as:1:25 + large-community local-as:1:26 + large-community local-as:1:27 + large-community local-as:1:28 + large-community local-as:1:29 + large-community local-as:1:30 + large-community local-as:1:31 + large-community local-as:1:32 + large-community local-as:1:33 + large-community local-as:1:34 + large-community local-as:1:35 + large-community local-as:1:36 + large-community local-as:1:37 + large-community local-as:1:38 + large-community local-as:1:39 + large-community local-as:1:40 + large-community local-as:1:41 + large-community local-as:1:42 + large-community local-as:1:43 + large-community local-as:1:44 + large-community local-as:1:45 + large-community local-as:1:46 + large-community local-as:1:47 + large-community local-as:1:48 + large-community local-as:1:49 + large-community local-as:1:50 +} +match to any community 0:12 set { + large-community local-as:2:1 + large-community local-as:2:2 + large-community local-as:2:3 + large-community local-as:2:4 + large-community local-as:2:5 + large-community local-as:2:6 + large-community local-as:2:7 + large-community local-as:2:8 + large-community local-as:2:9 + large-community local-as:2:10 + large-community local-as:2:11 + large-community local-as:2:12 + large-community local-as:2:13 + large-community local-as:2:14 + large-community local-as:2:15 + large-community local-as:2:16 + large-community local-as:2:17 + large-community local-as:2:18 + large-community local-as:2:19 + large-community local-as:2:20 + large-community local-as:2:21 + large-community local-as:2:22 + large-community local-as:2:23 + large-community local-as:2:24 + large-community local-as:2:25 + large-community local-as:2:26 + large-community local-as:2:27 + large-community local-as:2:28 + large-community local-as:2:29 + large-community local-as:2:30 + large-community local-as:2:31 + large-community local-as:2:32 + large-community local-as:2:33 + large-community local-as:2:34 + large-community local-as:2:35 + large-community local-as:2:36 + large-community local-as:2:37 + large-community local-as:2:38 + large-community local-as:2:39 + large-community local-as:2:40 + large-community local-as:2:41 + large-community local-as:2:42 + large-community local-as:2:43 + large-community local-as:2:44 + large-community local-as:2:45 + large-community local-as:2:46 + large-community local-as:2:47 + large-community local-as:2:48 + large-community local-as:2:49 + large-community local-as:2:50 +} +match to any community 0:13 set { + large-community local-as:3:1 + large-community local-as:3:2 + large-community local-as:3:3 + large-community local-as:3:4 + large-community local-as:3:5 + large-community local-as:3:6 + large-community local-as:3:7 + large-community local-as:3:8 + large-community local-as:3:9 + large-community local-as:3:10 + large-community local-as:3:11 + large-community local-as:3:12 + large-community local-as:3:13 + large-community local-as:3:14 + large-community local-as:3:15 + large-community local-as:3:16 + large-community local-as:3:17 + large-community local-as:3:18 + large-community local-as:3:19 + large-community local-as:3:20 + large-community local-as:3:21 + large-community local-as:3:22 + large-community local-as:3:23 + large-community local-as:3:24 + large-community local-as:3:25 + large-community local-as:3:26 + large-community local-as:3:27 + large-community local-as:3:28 + large-community local-as:3:29 + large-community local-as:3:30 + large-community local-as:3:31 + large-community local-as:3:32 + large-community local-as:3:33 + large-community local-as:3:34 + large-community local-as:3:35 + large-community local-as:3:36 + large-community local-as:3:37 + large-community local-as:3:38 + large-community local-as:3:39 + large-community local-as:3:40 + large-community local-as:3:41 + large-community local-as:3:42 + large-community local-as:3:43 + large-community local-as:3:44 + large-community local-as:3:45 + large-community local-as:3:46 + large-community local-as:3:47 + large-community local-as:3:48 + large-community local-as:3:49 + large-community local-as:3:50 +} +match to any community 0:14 set { + large-community local-as:4:1 + large-community local-as:4:2 + large-community local-as:4:3 + large-community local-as:4:4 + large-community local-as:4:5 + large-community local-as:4:6 + large-community local-as:4:7 + large-community local-as:4:8 + large-community local-as:4:9 + large-community local-as:4:10 + large-community local-as:4:11 + large-community local-as:4:12 + large-community local-as:4:13 + large-community local-as:4:14 + large-community local-as:4:15 + large-community local-as:4:16 + large-community local-as:4:17 + large-community local-as:4:18 + large-community local-as:4:19 + large-community local-as:4:20 + large-community local-as:4:21 + large-community local-as:4:22 + large-community local-as:4:23 + large-community local-as:4:24 + large-community local-as:4:25 + large-community local-as:4:26 + large-community local-as:4:27 + large-community local-as:4:28 + large-community local-as:4:29 + large-community local-as:4:30 + large-community local-as:4:31 + large-community local-as:4:32 + large-community local-as:4:33 + large-community local-as:4:34 + large-community local-as:4:35 + large-community local-as:4:36 + large-community local-as:4:37 + large-community local-as:4:38 + large-community local-as:4:39 + large-community local-as:4:40 + large-community local-as:4:41 + large-community local-as:4:42 + large-community local-as:4:43 + large-community local-as:4:44 + large-community local-as:4:45 + large-community local-as:4:46 + large-community local-as:4:47 + large-community local-as:4:48 + large-community local-as:4:49 + large-community local-as:4:50 +} +match to any community 0:15 set { + large-community local-as:5:1 + large-community local-as:5:2 + large-community local-as:5:3 + large-community local-as:5:4 + large-community local-as:5:5 + large-community local-as:5:6 + large-community local-as:5:7 + large-community local-as:5:8 + large-community local-as:5:9 + large-community local-as:5:10 + large-community local-as:5:11 + large-community local-as:5:12 + large-community local-as:5:13 + large-community local-as:5:14 + large-community local-as:5:15 + large-community local-as:5:16 + large-community local-as:5:17 + large-community local-as:5:18 + large-community local-as:5:19 + large-community local-as:5:20 + large-community local-as:5:21 + large-community local-as:5:22 + large-community local-as:5:23 + large-community local-as:5:24 + large-community local-as:5:25 + large-community local-as:5:26 + large-community local-as:5:27 + large-community local-as:5:28 + large-community local-as:5:29 + large-community local-as:5:30 + large-community local-as:5:31 + large-community local-as:5:32 + large-community local-as:5:33 + large-community local-as:5:34 + large-community local-as:5:35 + large-community local-as:5:36 + large-community local-as:5:37 + large-community local-as:5:38 + large-community local-as:5:39 + large-community local-as:5:40 + large-community local-as:5:41 + large-community local-as:5:42 + large-community local-as:5:43 + large-community local-as:5:44 + large-community local-as:5:45 + large-community local-as:5:46 + large-community local-as:5:47 + large-community local-as:5:48 + large-community local-as:5:49 + large-community local-as:5:50 +} +match to any community 0:16 set { + large-community local-as:6:1 + large-community local-as:6:2 + large-community local-as:6:3 + large-community local-as:6:4 + large-community local-as:6:5 + large-community local-as:6:6 + large-community local-as:6:7 + large-community local-as:6:8 + large-community local-as:6:9 + large-community local-as:6:10 + large-community local-as:6:11 + large-community local-as:6:12 + large-community local-as:6:13 + large-community local-as:6:14 + large-community local-as:6:15 + large-community local-as:6:16 + large-community local-as:6:17 + large-community local-as:6:18 + large-community local-as:6:19 + large-community local-as:6:20 + large-community local-as:6:21 + large-community local-as:6:22 + large-community local-as:6:23 + large-community local-as:6:24 + large-community local-as:6:25 + large-community local-as:6:26 + large-community local-as:6:27 + large-community local-as:6:28 + large-community local-as:6:29 + large-community local-as:6:30 + large-community local-as:6:31 +} +match to any community 0:17 set { + large-community local-as:7:1 + large-community local-as:7:2 +} + +allow from any +allow to any diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_2.conf new file mode 100644 index 000000000..e9f3fd28b --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.maxattr.rdomain2_2.conf @@ -0,0 +1,23 @@ +AS 4200000003 +router-id 10.12.57.3 +fib-update no + +log updates + +listen on 10.12.57.3 +listen on 2001:db8:57::3 + +socket "/var/run/bgpd.sock.12_2" + +group rdomain1 { + descr "RDOMAIN1" + remote-as 4200000001 + local-address 10.12.57.3 + local-address 2001:db8:57::3 + + neighbor 10.12.57.1 + neighbor 2001:db8:57::1 +} + +allow from any +allow to any diff --git a/regress/usr.sbin/bgpd/integrationtests/maxattr.sh b/regress/usr.sbin/bgpd/integrationtests/maxattr.sh new file mode 100644 index 000000000..693ae3479 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/maxattr.sh @@ -0,0 +1,131 @@ +#!/bin/ksh +# $OpenBSD: maxattr.sh,v 1.2 2024/09/25 15:38:39 claudio Exp $ + +set -e + +BGPD=$1 +BGPDCONFIGDIR=$2 +RDOMAIN1=$3 +RDOMAIN2=$4 +PAIR1=$5 +PAIR2=$6 + +RDOMAINS="${RDOMAIN1} ${RDOMAIN2}" +PAIRS="${PAIR1} ${PAIR2}" +PAIR1IP=10.12.57.1 +PAIR2IP=10.12.57.2 +PAIR2IP_2=10.12.57.3 +PAIR1IP6=2001:db8:57::1 +PAIR2IP6=2001:db8:57::2 +PAIR2IP6_2=2001:db8:57::3 + +error_notify() { + echo cleanup + pfctl -q -t bgpd_integ_test -T kill + pkill -T ${RDOMAIN1} bgpd || true + pkill -T ${RDOMAIN2} bgpd || true + sleep 1 + ifconfig ${PAIR2} destroy || true + ifconfig ${PAIR1} destroy || true + route -qn -T ${RDOMAIN1} flush || true + route -qn -T ${RDOMAIN2} flush || true + ifconfig lo${RDOMAIN1} destroy || true + ifconfig lo${RDOMAIN2} destroy || true + if [ $1 -ne 0 ]; then + echo FAILED + exit 1 + else + echo SUCCESS + fi +} + +if [ "$(id -u)" -ne 0 ]; then + echo need root privileges >&2 + exit 1 +fi + +trap 'error_notify $?' EXIT + +echo check if rdomains are busy +for n in ${RDOMAINS}; do + if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then + echo routing domain ${n} is already used >&2 + exit 1 + fi +done + +echo check if interfaces are busy +for n in ${PAIRS}; do + /sbin/ifconfig "${n}" >/dev/null 2>&1 && \ + ( echo interface ${n} is already used >&2; exit 1 ) +done + +set -x + +echo setup +ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/29 up +ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/29 up +ifconfig ${PAIR1} inet6 ${PAIR1IP6}/64 +ifconfig ${PAIR2} inet6 ${PAIR2IP6}/64 +ifconfig ${PAIR2} alias ${PAIR2IP_2}/32 +ifconfig ${PAIR2} inet6 ${PAIR2IP6_2}/128 +ifconfig ${PAIR1} patch ${PAIR2} +ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 +ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 + +tcpdump -s 2000 -w /tmp/bgp.pcap -i ${PAIR1} & + +echo run bgpds +route -T ${RDOMAIN1} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain1.conf +sleep 2 +route -T ${RDOMAIN2} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain2_1.conf +route -T ${RDOMAIN2} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain2_2.conf +sleep 1 + +echo inject initial prefixes +route -T ${RDOMAIN2} exec bgpctl network add 10.12.60.0/24 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.61.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.62.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.63.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.64.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.65.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.66.0/24 community 0:1 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:60::/48 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:61::/48 community 0:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:62::/48 community 0:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:63::/48 community 0:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:64::/48 community 0:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:65::/48 community 0:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:66::/48 community 0:2 + +sleep 4 +echo test1: check propagation +route -T ${RDOMAIN1} exec bgpctl show rib out | tee maxattr.test1.out +route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 show rib | tee -a maxattr.test1.out + +echo update prefixes +route -T ${RDOMAIN2} exec bgpctl network add 10.12.62.0/24 community 0:1 community 42:1 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.63.0/24 community 0:1 community 42:2 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.64.0/24 community 0:1 community 42:3 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.65.0/24 community 0:1 community 42:4 +route -T ${RDOMAIN2} exec bgpctl network add 10.12.66.0/24 community 0:1 community 42:5 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:62::/48 community 0:2 community 42:1 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:63::/48 community 0:2 community 42:2 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:64::/48 community 0:2 community 42:3 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:65::/48 community 0:2 community 42:4 +route -T ${RDOMAIN2} exec bgpctl network add 2001:db8:66::/48 community 0:2 community 42:5 + +sleep 2 +echo test2: check propagation +route -T ${RDOMAIN1} exec bgpctl show rib out | tee maxattr.test2.out +route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 show rib | tee -a maxattr.test2.out + +echo check results +diff -u ${BGPDCONFIGDIR}/maxattr.test1.ok maxattr.test1.out +diff -u ${BGPDCONFIGDIR}/maxattr.test2.ok maxattr.test2.out +echo OK + +exit 0 diff --git a/regress/usr.sbin/bgpd/integrationtests/maxattr.test1.ok b/regress/usr.sbin/bgpd/integrationtests/maxattr.test1.ok new file mode 100644 index 000000000..ccc86b5f5 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/maxattr.test1.ok @@ -0,0 +1,42 @@ +flags: * = Valid, > = Selected, I = via IBGP, A = Announced, + S = Stale, E = Error, F = Filtered +origin validation state: N = not-found, V = valid, ! = invalid +aspa validation state: ? = unknown, V = valid, ! = invalid +origin: i = IGP, e = EGP, ? = Incomplete + +flags vs destination gateway lpref med aspath origin +* N-? 10.12.60.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.61.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.62.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.63.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.64.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.65.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.66.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 2001:db8:60::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:61::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:62::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:63::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:64::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:65::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:66::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +flags: * = Valid, > = Selected, I = via IBGP, A = Announced, + S = Stale, E = Error, F = Filtered +origin validation state: N = not-found, V = valid, ! = invalid +aspa validation state: ? = unknown, V = valid, ! = invalid +origin: i = IGP, e = EGP, ? = Incomplete + +flags vs destination gateway lpref med aspath origin +*> N-? 10.12.60.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.61.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.62.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.63.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.64.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.65.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.66.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:60::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:61::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:62::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:63::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:64::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:65::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:66::/48 2001:db8:57::2 100 0 4200000001 4200000002 i diff --git a/regress/usr.sbin/bgpd/integrationtests/maxattr.test2.ok b/regress/usr.sbin/bgpd/integrationtests/maxattr.test2.ok new file mode 100644 index 000000000..f6b8cc08a --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/maxattr.test2.ok @@ -0,0 +1,34 @@ +flags: * = Valid, > = Selected, I = via IBGP, A = Announced, + S = Stale, E = Error, F = Filtered +origin validation state: N = not-found, V = valid, ! = invalid +aspa validation state: ? = unknown, V = valid, ! = invalid +origin: i = IGP, e = EGP, ? = Incomplete + +flags vs destination gateway lpref med aspath origin +* N-? 10.12.60.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.61.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.62.0/24 10.12.57.2 100 0 4200000001 4200000001 4200000002 i +* N-? 10.12.63.0/24 10.12.57.2 100 0 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000002 i +* N-? 10.12.64.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.65.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 10.12.66.0/24 10.12.57.2 100 0 4200000001 4200000002 i +* N-? 2001:db8:60::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:61::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:62::/48 2001:db8:57::2 100 0 4200000001 4200000001 4200000002 i +* N-? 2001:db8:63::/48 2001:db8:57::2 100 0 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000001 4200000002 i +* N-? 2001:db8:64::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:65::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +* N-? 2001:db8:66::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +flags: * = Valid, > = Selected, I = via IBGP, A = Announced, + S = Stale, E = Error, F = Filtered +origin validation state: N = not-found, V = valid, ! = invalid +aspa validation state: ? = unknown, V = valid, ! = invalid +origin: i = IGP, e = EGP, ? = Incomplete + +flags vs destination gateway lpref med aspath origin +*> N-? 10.12.60.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.61.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 10.12.66.0/24 10.12.57.2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:60::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:61::/48 2001:db8:57::2 100 0 4200000001 4200000002 i +*> N-? 2001:db8:66::/48 2001:db8:57::2 100 0 4200000001 4200000002 i diff --git a/share/man/man4/netintro.4 b/share/man/man4/netintro.4 index c212626f9..773dac208 100644 --- a/share/man/man4/netintro.4 +++ b/share/man/man4/netintro.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: netintro.4,v 1.53 2018/07/09 09:18:52 schwarze Exp $ +.\" $OpenBSD: netintro.4,v 1.55 2024/09/23 20:38:49 kn Exp $ .\" $NetBSD: netintro.4,v 1.4 1995/10/19 08:03:40 jtc Exp $ .\" .\" Copyright (c) 1983, 1990, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)netintro.4 8.2 (Berkeley) 11/30/93 .\" -.Dd $Mdocdate: July 9 2018 $ +.Dd $Mdocdate: September 23 2024 $ .Dt NETINTRO 4 .Os .Sh NAME @@ -201,8 +201,7 @@ structure pointer as their parameter. This structure is as follows: .Bd -literal struct ifreq { -#define IFNAMSIZ 16 - char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */ union { struct sockaddr ifru_addr; struct sockaddr ifru_dstaddr; @@ -223,11 +222,14 @@ struct ifreq { #define ifr_hardmtu ifr_ifru.ifru_metric /* hardmtu (overload) */ #define ifr_media ifr_ifru.ifru_media /* media options */ #define ifr_rdomainid ifr_ifru.ifru_metric /* VRF instance (overload) */ -#define ifr_vnetid ifr_ifru.ifru_vnetid /* Virtual Net Id */ -#define ifr_ttl ifr_ifru.ifru_metric /* tunnel TTL (overload) */ +#define ifr_vnetid ifr_ifru.ifru_vnetid /* Virtual Net Id */ +#define ifr_ttl ifr_ifru.ifru_metric /* tunnel TTL (overload) */ +#define ifr_df ifr_ifru.ifru_metric /* tunnel DF (overload) */ #define ifr_data ifr_ifru.ifru_data /* for use by interface */ -#define ifr_index ifr_ifru.ifru_index /* interface index */ -#define ifr_llprio ifr_ifru.ifru_metric /* link layer priority */ +#define ifr_index ifr_ifru.ifru_index /* interface index */ +#define ifr_llprio ifr_ifru.ifru_metric /* link layer priority */ +#define ifr_hdrprio ifr_ifru.ifru_metric /* header prio field config */ +#define ifr_pwe3 ifr_ifru.ifru_metric /* PWE3 type */ }; .Ed .Pp @@ -282,6 +284,8 @@ When marked up again, the interface is reinitialized. Get the interface flags. .It Dv SIOCGIFXFLAGS Fa "struct ifreq *" Get the extended interface flags. +.It Dv SIOCSIFMTU Fa "struct ifreq *" +Set the MTU of the interface. .It Dv SIOCGIFMTU Fa "struct ifreq *" Get the current MTU of the interface. .It Dv SIOCGIFHARDMTU Fa "struct ifreq *" @@ -299,12 +303,12 @@ structure is as follows: .Bd -literal struct ifmediareq { char ifm_name[IFNAMSIZ]; /* if name, e.g. "en0" */ - uint64_t ifm_current; /* current media options */ - uint64_t ifm_mask; /* don't care mask */ - uint64_t ifm_status; /* media status */ - uint64_t ifm_active; /* active options */ - int ifm_count; /* #entries in ifm_ulist array */ - uint64_t *ifm_ulist; /* media words */ + uint64_t ifm_current; /* get/set current media options */ + uint64_t ifm_mask; /* don't care mask */ + uint64_t ifm_status; /* media status */ + uint64_t ifm_active; /* active options */ + int ifm_count; /* # entries in ifm_ulist array */ + uint64_t *ifm_ulist; /* media words */ }; .Ed .Pp @@ -353,10 +357,16 @@ The structure is as follows: .Bd -literal struct ifaliasreq { - char ifra_name[IFNAMSIZ]; /* if name, e.g. "en0" */ - struct sockaddr ifra_addr; + char ifra_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + union { + struct sockaddr ifrau_addr; + int ifrau_align; + } ifra_ifrau; +#ifndef ifra_addr +#define ifra_addr ifra_ifrau.ifrau_addr +#endif struct sockaddr ifra_dstaddr; -#define ifra_broadaddr ifra_dstaddr +#define ifra_broadaddr ifra_dstaddr struct sockaddr ifra_mask; }; .Ed @@ -399,14 +409,14 @@ needs to be in advance. Note, however, that this is an extension that not all operating systems support. .Bd -literal -struct ifconf { - int ifc_len; /* size of associated buffer */ +struct ifconf { + int ifc_len; /* size of associated buffer */ union { caddr_t ifcu_buf; struct ifreq *ifcu_req; } ifc_ifcu; -#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ -#define ifc_req ifc_ifcu.ifcu_req /* array of structures ret'd */ +#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ +#define ifc_req ifc_ifcu.ifcu_req /* array of structures returned */ }; .Ed .It Dv SIOCIFCREATE Fa "struct ifreq *" @@ -439,7 +449,7 @@ structure is as follows: .Bd -literal struct if_clonereq { int ifcr_total; /* total cloners (out) */ - int ifcr_count; /* room for this many in user buf */ + int ifcr_count; /* room for this many in user buffer */ char *ifcr_buffer; /* buffer for cloner names */ }; .Ed @@ -453,18 +463,25 @@ The structure is as follows: .Bd -literal struct ifg_req { - char ifgrq_group[IFNAMSIZ]; + union { + char ifgrqu_group[IFNAMSIZ]; + char ifgrqu_member[IFNAMSIZ]; + } ifgrq_ifgrqu; +#define ifgrq_group ifgrq_ifgrqu.ifgrqu_group +#define ifgrq_member ifgrq_ifgrqu.ifgrqu_member }; struct ifgroupreq { char ifgr_name[IFNAMSIZ]; u_int ifgr_len; union { - char ifgru_group[IFNAMSIZ]; - struct ifg_req *ifgru_groups; + char ifgru_group[IFNAMSIZ]; + struct ifg_req *ifgru_groups; + struct ifg_attrib ifgru_attrib; } ifgr_ifgru; #define ifgr_group ifgr_ifgru.ifgru_group #define ifgr_groups ifgr_ifgru.ifgru_groups +#define ifgr_attrib ifgr_ifgru.ifgru_attrib }; .Ed .It Dv SIOCGIFGROUP Fa "struct ifgroupreq *" diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 03980f8d2..c3c53aaa0 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: newvers.sh,v 1.205 2024/09/17 13:39:17 deraadt Exp $ +# $OpenBSD: newvers.sh,v 1.207 2024/09/23 21:05:28 deraadt Exp $ # $NetBSD: newvers.sh,v 1.17.2.1 1995/10/12 05:17:11 jtc Exp $ # # Copyright (c) 1984, 1986, 1990, 1993 @@ -71,10 +71,10 @@ ost="SecBSD" osr="1.6" cat >vers.c <= regset->storage_max) { size_t size = ALIGN((pos + 1) * sizeof(*slot), PAGE_SIZE); -#ifdef ___linux__ +#ifdef __linux__ struct guc_mmio_reg *r = krealloc(regset->storage, size, GFP_KERNEL); if (!r) { diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index c51c93a1f..51d29d56c 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.319 2024/09/04 07:45:08 jsg Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.320 2024/09/24 02:22:42 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -997,6 +997,11 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new) mib[0] == CTL_MACHDEP && mib[1] == CPU_ID_AA64ISAR0) return (0); #endif /* CPU_ID_AA64ISAR0 */ +#ifdef CPU_ID_AA64ISAR1 + if (miblen == 2 && /* arm64 libcrypto inspects CPU features */ + mib[0] == CTL_MACHDEP && mib[1] == CPU_ID_AA64ISAR1) + return (0); +#endif /* CPU_ID_AA64ISAR1 */ snprintf(buf, sizeof(buf), "%s(%d): pledge sysctl %d:", p->p_p->ps_comm, p->p_p->ps_pid, miblen); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index c732087b8..57999ac5b 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.446 2024/08/29 10:44:40 bluhm Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.447 2024/09/24 12:37:11 bluhm Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -2491,7 +2491,7 @@ sysctl_diskinit(int update, struct proc *p) /* Run in a loop, disks may change while malloc sleeps. */ while (disk_change) { - int tlen; + int tlen, count; disk_change = 0; @@ -2502,6 +2502,8 @@ sysctl_diskinit(int update, struct proc *p) tlen += 18; /* label uid + separators */ } tlen++; + /* disk_count may change when malloc sleeps */ + count = disk_count; /* * The sysctl_disklock ensures that no other process can @@ -2511,9 +2513,9 @@ sysctl_diskinit(int update, struct proc *p) free(diskstats, M_SYSCTL, diskstatslen); diskstats = NULL; disknames = NULL; - diskstats = mallocarray(disk_count, sizeof(struct diskstats), + diskstats = mallocarray(count, sizeof(struct diskstats), M_SYSCTL, M_WAITOK|M_ZERO); - diskstatslen = disk_count * sizeof(struct diskstats); + diskstatslen = count * sizeof(struct diskstats); disknames = malloc(tlen, M_SYSCTL, M_WAITOK|M_ZERO); disknameslen = tlen; disknames[0] = '\0'; diff --git a/sys/kern/subr_witness.c b/sys/kern/subr_witness.c index 9f0919013..7110414f2 100644 --- a/sys/kern/subr_witness.c +++ b/sys/kern/subr_witness.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_witness.c,v 1.53 2024/06/03 14:34:19 claudio Exp $ */ +/* $OpenBSD: subr_witness.c,v 1.54 2024/09/25 18:24:13 bluhm Exp $ */ /*- * Copyright (c) 2008 Isilon Systems, Inc. @@ -766,7 +766,6 @@ witness_checkorder(struct lock_object *lock, int flags, struct lock_list_entry *lock_list, *lle; struct lock_instance *lock1, *lock2, *plock; struct lock_class *class, *iclass; - struct proc *p; struct witness *w, *w1; int i, j, s; @@ -792,9 +791,9 @@ witness_checkorder(struct lock_object *lock, int flags, w = lock->lo_witness = enroll(lock->lo_type, lock->lo_name, class); - p = curproc; - if (class->lc_flags & LC_SLEEPLOCK) { + struct proc *p; + /* * Since spin locks include a critical section, this check * implicitly enforces a lock order of all sleep locks before @@ -811,6 +810,9 @@ witness_checkorder(struct lock_object *lock, int flags, * If this is the first lock acquired then just return as * no order checking is needed. */ + p = curproc; + if (p == NULL) + return; lock_list = p->p_sleeplocks; if (lock_list == NULL || lock_list->ll_count == 0) return; @@ -1097,7 +1099,6 @@ witness_lock(struct lock_object *lock, int flags) { struct lock_list_entry **lock_list, *lle; struct lock_instance *instance; - struct proc *p; struct witness *w; int s; @@ -1110,12 +1111,15 @@ witness_lock(struct lock_object *lock, int flags) w = lock->lo_witness = enroll(lock->lo_type, lock->lo_name, LOCK_CLASS(lock)); - p = curproc; - /* Determine lock list for this lock. */ - if (LOCK_CLASS(lock)->lc_flags & LC_SLEEPLOCK) + if (LOCK_CLASS(lock)->lc_flags & LC_SLEEPLOCK) { + struct proc *p; + + p = curproc; + if (p == NULL) + return; lock_list = &p->p_sleeplocks; - else + } else lock_list = &witness_cpu[cpu_number()].wc_spinlocks; s = splhigh(); @@ -1243,20 +1247,23 @@ witness_unlock(struct lock_object *lock, int flags) struct lock_list_entry **lock_list, *lle; struct lock_instance *instance; struct lock_class *class; - struct proc *p; int i, j; int s; if (witness_cold || lock->lo_witness == NULL || panicstr != NULL || db_active) return; - p = curproc; class = LOCK_CLASS(lock); /* Find lock instance associated with this lock. */ - if (class->lc_flags & LC_SLEEPLOCK) + if (class->lc_flags & LC_SLEEPLOCK) { + struct proc *p; + + p = curproc; + if (p == NULL) + return; lock_list = &p->p_sleeplocks; - else + } else lock_list = &witness_cpu[cpu_number()].wc_spinlocks; s = splhigh(); diff --git a/usr.bin/dig/dig.1 b/usr.bin/dig/dig.1 index 86145e812..1031c377c 100644 --- a/usr.bin/dig/dig.1 +++ b/usr.bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dig.1,v 1.6 2022/02/17 14:08:11 jsg Exp $ +.\" $OpenBSD: dig.1,v 1.7 2024/09/25 06:13:01 jmc Exp $ .\" .\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC") .\" @@ -14,7 +14,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 17 2022 $ +.Dd $Mdocdate: September 25 2024 $ .Dt DIG 1 .Os .Sh NAME @@ -307,11 +307,9 @@ The query options are: .Cm aaflag .Xc A synonym for -.Xo .Cm + Ns .Op Cm no Ns .Cm aaonly . -.Xc .It Xo .Cm + Ns .Op Cm no Ns @@ -413,11 +411,9 @@ is automatically set when is in use, to better emulate the default queries from a name server. .Pp This option was formerly called -.Xo .Cm + Ns .Op Cm no Ns .Cm sit -.Xc (Server Identity Token). In BIND 9.10.0 through BIND 9.10.2, it sent the experimental option code 65001. @@ -425,17 +421,13 @@ This was changed to option code 10 in BIND 9.10.3 when the DNS COOKIE option was allocated. .Pp The -.Xo .Cm + Ns .Op Cm no Ns .Cm sit -.Xc option is now deprecated, but has been retained as a synonym for -.Xo .Cm + Ns .Op Cm no Ns .Cm cookie -.Xc for backward compatibility within the BIND 9.10 branch. .It Xo .Cm + Ns @@ -453,11 +445,9 @@ the key id is displayed as the replacement, e.g. "[ key id = value ]". .Cm defname .Xc Deprecated, treated as a synonym for -.Xo .Cm + Ns .Op Cm no Ns -.Cm search -.Xc . +.Cm search . .It Xo .Cm + Ns .Op Cm no Ns @@ -650,11 +640,9 @@ is returned (on by default). .Cm rdflag .Xc A synonym for -.Xo .Cm + Ns .Op Cm no Ns -.Cm recurse -.Xc . +.Cm recurse . .It Xo .Cm + Ns .Op Cm no Ns @@ -817,11 +805,9 @@ Display the TTL when printing the record (on by default). .Xc Use TCP when querying name servers. This alternate syntax to -.Xo .Cm + Ns .Op Cm no Ns .Cm tcp -.Xc is provided for backwards compatibility. The "vc" stands for "virtual circuit". .El @@ -848,11 +834,9 @@ also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the -.Xo .Cm + Ns .Op Cm no Ns .Cm cmd -.Xc option) can be overridden by a query-specific set of query options. For example: .Bd -literal -offset indent diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 33327ad5c..a7b5b95d1 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.196 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.197 2024/09/25 01:24:04 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -87,6 +87,27 @@ rtrim(char *s) } } +/* + * returns pointer to character after 'prefix' in 's' or otherwise NULL + * if the prefix is not present. + */ +const char * +strprefix(const char *s, const char *prefix, int ignorecase) +{ + size_t prefixlen; + + if ((prefixlen = strlen(prefix)) == 0) + return s; + if (ignorecase) { + if (strncasecmp(s, prefix, prefixlen) != 0) + return NULL; + } else { + if (strncmp(s, prefix, prefixlen) != 0) + return NULL; + } + return s + prefixlen; +} + /* set/unset filedescriptor to non-blocking */ int set_nonblock(int fd) diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index 7589d28e8..ee5d51d0b 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.109 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.110 2024/09/25 01:24:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -56,6 +56,7 @@ struct ForwardOptions { char *chop(char *); void rtrim(char *); void skip_space(char **); +const char *strprefix(const char *, const char *, int); char *strdelim(char **); char *strdelimw(char **); int set_nonblock(int); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 33bb91adb..3ba4355a9 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.390 2024/09/15 00:57:36 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.391 2024/09/25 01:24:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -687,7 +687,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, struct passwd *pw, const char *host_arg, const char *original_host, int final_pass, int *want_final_pass, const char *filename, int linenum) { - char *arg, *oattrib, *attrib, *cmd, *host, *criteria; + char *arg, *oattrib, *attrib = NULL, *cmd, *host, *criteria; const char *ruser; int r, this_result, result = 1, attributes = 0, negate; @@ -708,7 +708,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, debug2("checking match for '%s' host %s originally %s", full_line, host, original_host); - while ((oattrib = attrib = argv_next(acp, avp)) != NULL) { + while ((oattrib = argv_next(acp, avp)) != NULL) { + attrib = xstrdup(oattrib); /* Terminate on comment */ if (*attrib == '#') { argv_consume(acp); @@ -754,9 +755,23 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, this_result ? "" : "not ", oattrib); continue; } + + /* Keep this list in sync with below */ + if (strprefix(attrib, "host=", 1) != NULL || + strprefix(attrib, "originalhost=", 1) != NULL || + strprefix(attrib, "user=", 1) != NULL || + strprefix(attrib, "localuser=", 1) != NULL || + strprefix(attrib, "localnetwork=", 1) != NULL || + strprefix(attrib, "tagged=", 1) != NULL || + strprefix(attrib, "exec=", 1) != NULL) { + arg = strchr(attrib, '='); + *(arg++) = '\0'; + } else { + arg = argv_next(acp, avp); + } + /* All other criteria require an argument */ - if ((arg = argv_next(acp, avp)) == NULL || - *arg == '\0' || *arg == '#') { + if (arg == NULL || *arg == '\0' || *arg == '#') { error("Missing Match criteria for %s", attrib); result = -1; goto out; @@ -833,6 +848,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, criteria == NULL ? "" : criteria, criteria == NULL ? "" : "\""); free(criteria); + free(attrib); + attrib = NULL; } if (attributes == 0) { error("One or more attributes required for Match"); @@ -842,6 +859,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, out: if (result != -1) debug2("match %sfound", result ? "" : "not "); + free(attrib); free(host); return result; } diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 347300e12..cd57ca011 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.418 2024/09/15 03:09:44 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.419 2024/09/25 01:24:04 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -973,7 +973,7 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, int line, struct connection_info *ci) { int result = 1, attributes = 0, port; - char *arg, *attrib; + char *arg, *attrib = NULL, *oattrib; if (ci == NULL) debug3("checking syntax for 'Match %s'", full_line); @@ -987,7 +987,8 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, ci->laddress ? ci->laddress : "(null)", ci->lport); } - while ((attrib = argv_next(acp, avp)) != NULL) { + while ((oattrib = argv_next(acp, avp)) != NULL) { + attrib = xstrdup(oattrib); /* Terminate on comment */ if (*attrib == '#') { argv_consume(acp); /* mark all arguments consumed */ @@ -1002,11 +1003,13 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, *arg != '\0' && *arg != '#')) { error("'all' cannot be combined with other " "Match attributes"); - return -1; + result = -1; + goto out; } if (arg != NULL && *arg == '#') argv_consume(acp); /* consume remaining args */ - return 1; + result = 1; + goto out; } /* Criterion "invalid-user" also has no argument */ if (strcasecmp(attrib, "invalid-user") == 0) { @@ -1018,11 +1021,26 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, debug("matched invalid-user at line %d", line); continue; } + + /* Keep this list in sync with below */ + if (strprefix(attrib, "user=", 1) != NULL || + strprefix(attrib, "group=", 1) != NULL || + strprefix(attrib, "host=", 1) != NULL || + strprefix(attrib, "address=", 1) != NULL || + strprefix(attrib, "localaddress=", 1) != NULL || + strprefix(attrib, "localport=", 1) != NULL || + strprefix(attrib, "rdomain=", 1) != NULL) { + arg = strchr(attrib, '='); + *(arg++) = '\0'; + } else { + arg = argv_next(acp, avp); + } + /* All other criteria require an argument */ - if ((arg = argv_next(acp, avp)) == NULL || - *arg == '\0' || *arg == '#') { + if (arg == NULL || *arg == '\0' || *arg == '#') { error("Missing Match criteria for %s", attrib); - return -1; + result = -1; + goto out; } if (strcasecmp(attrib, "user") == 0) { if (ci == NULL || (ci->test && ci->user == NULL)) { @@ -1045,7 +1063,8 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, match_test_missing_fatal("Group", "user"); switch (match_cfg_line_group(arg, line, ci->user)) { case -1: - return -1; + result = -1; + goto out; case 0: result = 0; } @@ -1081,7 +1100,8 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, result = 0; break; case -2: - return -1; + result = -1; + goto out; } } else if (strcasecmp(attrib, "localaddress") == 0){ if (ci == NULL || (ci->test && ci->laddress == NULL)) { @@ -1106,13 +1126,15 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, result = 0; break; case -2: - return -1; + result = -1; + goto out; } } else if (strcasecmp(attrib, "localport") == 0) { if ((port = a2port(arg)) == -1) { error("Invalid LocalPort '%s' on Match line", arg); - return -1; + result = -1; + goto out; } if (ci == NULL || (ci->test && ci->lport == -1)) { result = 0; @@ -1140,16 +1162,21 @@ match_cfg_line(const char *full_line, int *acp, char ***avp, debug("user %.100s matched 'RDomain %.100s' at " "line %d", ci->rdomain, arg, line); } else { - error("Unsupported Match attribute %s", attrib); - return -1; + error("Unsupported Match attribute %s", oattrib); + result = -1; + goto out; } + free(attrib); + attrib = NULL; } if (attributes == 0) { error("One or more attributes required for Match"); return -1; } - if (ci != NULL) + out: + if (ci != NULL && result != -1) debug3("match %sfound", result ? "" : "not "); + free(attrib); return result; } diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 1b4c96500..dbbaf3192 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.306 2024/03/09 05:12:13 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.307 2024/09/24 02:28:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1690,6 +1690,10 @@ process_ext_session_bind(SocketEntry *e) error_fr(r, "parse"); goto out; } + if (sshbuf_len(sid) > AGENT_MAX_SID_LEN) { + error_f("session ID too long"); + goto out; + } if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) fatal_f("fingerprint failed"); diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index f3fef23ab..020651338 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.402 2024/09/09 14:41:21 naddy Exp $ -.Dd $Mdocdate: September 9 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.403 2024/09/25 06:13:01 jmc Exp $ +.Dd $Mdocdate: September 25 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1585,14 +1585,12 @@ ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p .Ed .It Cm ProxyJump Specifies one or more jump proxies as either -.Xo .Sm off .Op Ar user No @ .Ar host .Op : Ns Ar port .Sm on -or an ssh URI -.Xc . +or an ssh URI. Multiple proxies may be separated by comma characters and will be visited sequentially. Setting this option will cause diff --git a/usr.bin/systat/systat.1 b/usr.bin/systat/systat.1 index 2b382bf50..c1d12994a 100644 --- a/usr.bin/systat/systat.1 +++ b/usr.bin/systat/systat.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: systat.1,v 1.122 2022/11/27 22:52:21 kn Exp $ +.\" $OpenBSD: systat.1,v 1.123 2024/09/25 06:13:01 jmc Exp $ .\" $NetBSD: systat.1,v 1.6 1996/05/10 23:16:39 thorpej Exp $ .\" .\" Copyright (c) 1985, 1990, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)systat.1 8.2 (Berkeley) 12/30/93 .\" -.Dd $Mdocdate: November 27 2022 $ +.Dd $Mdocdate: September 25 2024 $ .Dt SYSTAT 1 .Os .Sh NAME @@ -265,10 +265,8 @@ The .Dq State column has the format .Sm off -.Xo .Cm up | dn .Bq : Cm U | D . -.Xc .Sm on .Sq up and diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 4cd26fa63..65d274461 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.633 2024/09/10 09:38:45 claudio Exp $ */ +/* $OpenBSD: rde.c,v 1.634 2024/09/25 14:46:51 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -3383,11 +3383,7 @@ rde_update_queue_runner(uint8_t aid) if (RB_EMPTY(&peer->withdraws[aid])) continue; - if ((buf = ibuf_dynamic(4, 4096 - MSGSIZE_HEADER)) == - NULL) - fatal("%s", __func__); - if (up_dump_withdraws(buf, peer, aid) == -1) { - ibuf_free(buf); + if ((buf = up_dump_withdraws(peer, aid)) == NULL) { continue; } if (imsg_compose_ibuf(ibuf_se, IMSG_UPDATE, @@ -3422,11 +3418,7 @@ rde_update_queue_runner(uint8_t aid) continue; } - if ((buf = ibuf_dynamic(4, 4096 - MSGSIZE_HEADER)) == - NULL) - fatal("%s", __func__); - if (up_dump_update(buf, peer, aid) == -1) { - ibuf_free(buf); + if ((buf = up_dump_update(peer, aid)) == NULL) { continue; } if (imsg_compose_ibuf(ibuf_se, IMSG_UPDATE, diff --git a/usr.sbin/bgpd/rde.h b/usr.sbin/bgpd/rde.h index 78494240a..be9d2f2dc 100644 --- a/usr.sbin/bgpd/rde.h +++ b/usr.sbin/bgpd/rde.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.h,v 1.305 2024/08/28 13:21:39 claudio Exp $ */ +/* $OpenBSD: rde.h,v 1.306 2024/09/25 14:46:51 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Claudio Jeker and @@ -702,8 +702,8 @@ void up_generate_addpath_all(struct rde_peer *, struct rib_entry *, struct prefix *, struct prefix *); void up_generate_default(struct rde_peer *, uint8_t); int up_is_eor(struct rde_peer *, uint8_t); -int up_dump_withdraws(struct ibuf *, struct rde_peer *, uint8_t); -int up_dump_update(struct ibuf *, struct rde_peer *, uint8_t); +struct ibuf *up_dump_withdraws(struct rde_peer *, uint8_t); +struct ibuf *up_dump_update(struct rde_peer *, uint8_t); /* rde_aspa.c */ void aspa_validation(struct rde_aspa *, struct aspath *, diff --git a/usr.sbin/bgpd/rde_update.c b/usr.sbin/bgpd/rde_update.c index e9c51b7a7..7dd4cffc2 100644 --- a/usr.sbin/bgpd/rde_update.c +++ b/usr.sbin/bgpd/rde_update.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_update.c,v 1.168 2024/05/30 08:29:30 claudio Exp $ */ +/* $OpenBSD: rde_update.c,v 1.169 2024/09/25 14:46:51 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker @@ -25,6 +25,7 @@ #include #include "bgpd.h" +#include "session.h" #include "rde.h" #include "log.h" @@ -948,7 +949,7 @@ up_generate_mp_reach(struct ibuf *buf, struct rde_peer *peer, if (up_dump_prefix(buf, &peer->updates[aid], peer, 0) == -1) /* no prefixes written, fail update */ - return (-1); + return -1; /* update MP_REACH attribute length field */ len = ibuf_size(buf) - off - sizeof(len); @@ -983,61 +984,144 @@ up_generate_mp_reach(struct ibuf *buf, struct rde_peer *peer, * how may routes can be added. Return 0 on success -1 on error which * includes generating an empty withdraw message. */ -int -up_dump_withdraws(struct ibuf *buf, struct rde_peer *peer, uint8_t aid) +struct ibuf * +up_dump_withdraws(struct rde_peer *peer, uint8_t aid) { + struct ibuf *buf; size_t off; uint16_t afi, len; uint8_t safi; + if ((buf = ibuf_dynamic(4, 4096 - MSGSIZE_HEADER)) == NULL) + goto fail; + /* reserve space for the withdrawn routes length field */ off = ibuf_size(buf); if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + goto fail; if (aid != AID_INET) { /* reserve space for 2-byte path attribute length */ off = ibuf_size(buf); if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + goto fail; /* attribute header, defaulting to extended length one */ if (ibuf_add_n8(buf, ATTR_OPTIONAL | ATTR_EXTLEN) == -1) - return -1; + goto fail; if (ibuf_add_n8(buf, ATTR_MP_UNREACH_NLRI) == -1) - return -1; + goto fail; if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + goto fail; /* afi & safi */ if (aid2afi(aid, &afi, &safi)) - fatalx("up_dump_mp_unreach: bad AID"); + fatalx("%s: bad AID", __func__); if (ibuf_add_n16(buf, afi) == -1) - return -1; + goto fail; if (ibuf_add_n8(buf, safi) == -1) - return -1; + goto fail; } if (up_dump_prefix(buf, &peer->withdraws[aid], peer, 1) == -1) - return -1; + goto fail; /* update length field (either withdrawn routes or attribute length) */ len = ibuf_size(buf) - off - sizeof(len); if (ibuf_set_n16(buf, off, len) == -1) - return -1; + goto fail; if (aid != AID_INET) { /* write MP_UNREACH_NLRI attribute length (always extended) */ len -= 4; /* skip attribute header */ if (ibuf_set_n16(buf, off + sizeof(len) + 2, len) == -1) - return -1; + goto fail; } else { /* no extra attributes so set attribute len to 0 */ - if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + if (ibuf_add_zero(buf, sizeof(len)) == -1) { + goto fail; + } } - return 0; + return buf; + + fail: + /* something went horribly wrong */ + log_peer_warn(&peer->conf, "generating withdraw failed, peer desynced"); + ibuf_free(buf); + return NULL; +} + +/* + * Withdraw a single prefix after an error. + */ +static struct ibuf * +up_dump_withdraw_one(struct rde_peer *peer, struct prefix *p, struct ibuf *buf) +{ + size_t off; + int has_ap; + uint16_t afi, len; + uint8_t safi; + + /* reset the buffer and start fresh */ + ibuf_truncate(buf, 0); + + /* reserve space for the withdrawn routes length field */ + off = ibuf_size(buf); + if (ibuf_add_zero(buf, sizeof(len)) == -1) + goto fail; + + if (p->pt->aid != AID_INET) { + /* reserve space for 2-byte path attribute length */ + off = ibuf_size(buf); + if (ibuf_add_zero(buf, sizeof(len)) == -1) + goto fail; + + /* attribute header, defaulting to extended length one */ + if (ibuf_add_n8(buf, ATTR_OPTIONAL | ATTR_EXTLEN) == -1) + goto fail; + if (ibuf_add_n8(buf, ATTR_MP_UNREACH_NLRI) == -1) + goto fail; + if (ibuf_add_zero(buf, sizeof(len)) == -1) + goto fail; + + /* afi & safi */ + if (aid2afi(p->pt->aid, &afi, &safi)) + fatalx("%s: bad AID", __func__); + if (ibuf_add_n16(buf, afi) == -1) + goto fail; + if (ibuf_add_n8(buf, safi) == -1) + goto fail; + } + + has_ap = peer_has_add_path(peer, p->pt->aid, CAPA_AP_SEND); + if (pt_writebuf(buf, p->pt, 1, has_ap, p->path_id_tx) == -1) + goto fail; + + /* update length field (either withdrawn routes or attribute length) */ + len = ibuf_size(buf) - off - sizeof(len); + if (ibuf_set_n16(buf, off, len) == -1) + goto fail; + + if (p->pt->aid != AID_INET) { + /* write MP_UNREACH_NLRI attribute length (always extended) */ + len -= 4; /* skip attribute header */ + if (ibuf_set_n16(buf, off + sizeof(len) + 2, len) == -1) + goto fail; + } else { + /* no extra attributes so set attribute len to 0 */ + if (ibuf_add_zero(buf, sizeof(len)) == -1) { + goto fail; + } + } + + return buf; + + fail: + /* something went horribly wrong */ + log_peer_warn(&peer->conf, "generating withdraw failed, peer desynced"); + ibuf_free(buf); + return NULL; } /* @@ -1046,9 +1130,10 @@ up_dump_withdraws(struct ibuf *buf, struct rde_peer *peer, uint8_t aid) * and then tries to add as many prefixes using these attributes. * Return 0 on success -1 on error which includes producing an empty message. */ -int -up_dump_update(struct ibuf *buf, struct rde_peer *peer, uint8_t aid) +struct ibuf * +up_dump_update(struct rde_peer *peer, uint8_t aid) { + struct ibuf *buf; struct bgpd_addr addr; struct prefix *p; size_t off; @@ -1056,20 +1141,23 @@ up_dump_update(struct ibuf *buf, struct rde_peer *peer, uint8_t aid) p = RB_MIN(prefix_tree, &peer->updates[aid]); if (p == NULL) - return -1; + return NULL; + + if ((buf = ibuf_dynamic(4, 4096 - MSGSIZE_HEADER)) == NULL) + goto fail; /* withdrawn routes length field is 0 */ if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + goto fail; /* reserve space for 2-byte path attribute length */ off = ibuf_size(buf); if (ibuf_add_zero(buf, sizeof(len)) == -1) - return -1; + goto fail; if (up_generate_attr(buf, peer, prefix_aspath(p), prefix_communities(p), prefix_nexthop(p), aid) == -1) - goto fail; + goto drop; if (aid != AID_INET) { /* write mp attribute including nlri */ @@ -1082,29 +1170,35 @@ up_dump_update(struct ibuf *buf, struct rde_peer *peer, uint8_t aid) */ if (up_generate_mp_reach(buf, peer, prefix_nexthop(p), aid) == -1) - goto fail; + goto drop; } /* update attribute length field */ len = ibuf_size(buf) - off - sizeof(len); if (ibuf_set_n16(buf, off, len) == -1) - return -1; + goto fail; if (aid == AID_INET) { /* last but not least dump the IPv4 nlri */ if (up_dump_prefix(buf, &peer->updates[aid], peer, 0) == -1) - goto fail; + goto drop; } - return 0; + return buf; -fail: - /* Not enough space. Drop prefix, it will never fit. */ + drop: + /* Not enough space. Drop current prefix, it will never fit. */ + p = RB_MIN(prefix_tree, &peer->updates[aid]); pt_getaddr(p->pt, &addr); - log_peer_warnx(&peer->conf, "dump of path attributes failed, " + log_peer_warnx(&peer->conf, "generating update failed, " "prefix %s/%d dropped", log_addr(&addr), p->pt->prefixlen); up_prefix_free(&peer->updates[aid], p, peer, 0); - /* XXX should probably send a withdraw for this prefix */ - return -1; + return up_dump_withdraw_one(peer, p, buf); + + fail: + /* something went horribly wrong */ + log_peer_warn(&peer->conf, "generating update failed, peer desynced"); + ibuf_free(buf); + return NULL; } diff --git a/usr.sbin/sysupgrade/sysupgrade.8 b/usr.sbin/sysupgrade/sysupgrade.8 index 7fb1f18b4..38ca0c98e 100644 --- a/usr.sbin/sysupgrade/sysupgrade.8 +++ b/usr.sbin/sysupgrade/sysupgrade.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysupgrade.8,v 1.14 2024/09/05 06:39:54 jmc Exp $ +.\" $OpenBSD: sysupgrade.8,v 1.18 2024/09/25 16:26:37 florian Exp $ .\" .\" Copyright (c) 2019 Florian Obser .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 5 2024 $ +.Dd $Mdocdate: September 25 2024 $ .Dt SYSUPGRADE 8 .Os .Sh NAME @@ -22,15 +22,15 @@ .Nd upgrade system to the next release or a new snapshot .Sh SYNOPSIS .Nm -.Op Fl fkn -.Op Fl r | s +.Op Fl fkns .Op Fl b Ar base-directory +.Op Fl R Ar version .Op Ar installurl .Sh DESCRIPTION .Nm is a utility to upgrade .Ox -to the next release or a new snapshot if available. +to a new release or snapshot if available. .Pp .Nm downloads the necessary files to @@ -55,8 +55,7 @@ Download files to instead of .Pa /home/_sysupgrade . .It Fl f -Force an already applied upgrade. -The default is to upgrade to latest snapshot only if available. +For snapshots, force an already applied upgrade. This option has no effect on releases. .It Fl k Keep the files in @@ -66,12 +65,14 @@ By default they will be deleted after the upgrade. Fetch and verify the files and create .Pa /bsd.upgrade but do not reboot. -.It Fl r -Upgrade to the next release. -This is the default if the system is currently running a release. +.It Fl R Ar version +Upgrade to a specific release version. +Only upgrades from one version to the next are tested. +Skipping versions may work. +Downgrading is unlikely to work. .It Fl s Upgrade to a snapshot. -This is the default if the system is currently running a snapshot. +The default is to upgrade to the next release. .El .Pp See diff --git a/usr.sbin/sysupgrade/sysupgrade.sh b/usr.sbin/sysupgrade/sysupgrade.sh index 82d328244..9cc4a246d 100644 --- a/usr.sbin/sysupgrade/sysupgrade.sh +++ b/usr.sbin/sysupgrade/sysupgrade.sh @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: sysupgrade.sh,v 1.52 2024/06/19 05:22:33 otto Exp $ +# $OpenBSD: sysupgrade.sh,v 1.54 2024/09/25 13:55:23 sthen Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015 Robert Peichaer @@ -35,7 +35,7 @@ err() usage() { - echo "usage: ${0##*/} [-fkn] [-r | -s] [-b base-directory] [installurl]" 1>&2 + echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl]" 1>&2 return 1 } @@ -72,19 +72,27 @@ rmel() { echo -n "$_c" } -RELEASE=false SNAP=false FORCE=false +FORCE_VERSION=false KEEP=false REBOOT=true +WHAT='release' -while getopts b:fknrs arg; do +VERSION=$(uname -r) +NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc) + +while getopts b:fknrR:s arg; do case ${arg} in b) SETSDIR=${OPTARG}/_sysupgrade;; f) FORCE=true;; k) KEEP=true;; n) REBOOT=false;; - r) RELEASE=true;; + r) ;; + R) FORCE_VERSION=true + [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] || + err "invalid version: ${OPTARG}" + NEXT_VERSION=${OPTARG};; s) SNAP=true;; *) usage;; esac @@ -92,13 +100,6 @@ done (($(id -u) != 0)) && err "need root privileges" -if $RELEASE && $SNAP; then - usage -fi - -set -A _KERNV -- $(sysctl -n kern.version | - sed 's/^SecBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/;q') - shift $(( OPTIND -1 )) case $# in @@ -111,59 +112,64 @@ case $# in esac [[ $MIRROR == @(file|ftp|http|https)://* ]] || err "invalid installurl: $MIRROR" - -if ! $RELEASE && [[ ${#_KERNV[*]} == 2 ]]; then - if [[ ${_KERNV[1]} != '-stable' ]]; then - SNAP=true - fi -fi - -if $RELEASE && [[ ${_KERNV[1]} == '-beta' ]]; then - NEXT_VERSION=${_KERNV[0]} -else - NEXT_VERSION=$(echo ${_KERNV[0]} + 0.1 | bc) -fi +$FORCE_VERSION && $SNAP && + err "incompatible options: -s -R $NEXT_VERSION" +$FORCE && ! $SNAP && + err "incompatible options: -f without -s" if $SNAP; then + WHAT='snapshot' URL=${MIRROR}/snapshots/${ARCH}/ else URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/ + $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/ fi install -d -o 0 -g 0 -m 0755 ${SETSDIR} cd ${SETSDIR} echo "Fetching from ${URL}" -unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig - -_KEY=secbsd-${_KERNV[0]%.*}${_KERNV[0]#*.}-base.pub -_NEXTKEY=secbsd-${NEXT_VERSION%.*}${NEXT_VERSION#*.}-base.pub - -if $SNAP; then - unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256 -else - read _LINE &2 + echo "https://ftp.secbsd.org/pub/SecBSD/signify/secbsd-${SHORT_VERSION}-base.pub" 1>&2 + exit 1 +fi + +unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256 rm SHA256.sig if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then - echo "Already on latest snapshot." + echo "Already on latest ${WHAT}." exit 0 fi -# BUILDINFO INSTALL.*, bsd*, *.tgz +unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO +unpriv cksum -qC SHA256 BUILDINFO + +if [[ -e /var/db/installed.BUILDINFO ]]; then + installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO) + build_ts=$(cut -f3 -d' ' BUILDINFO) + if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then + echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade." + exit 1 + fi +fi + +# INSTALL.*, bsd*, *.tgz SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \ - -e '/^BUILDINFO$/p;/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256) + -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256) OLD_FILES=$(ls) OLD_FILES=$(rmel SHA256 $OLD_FILES) @@ -187,15 +193,6 @@ if [[ -n ${DL} ]]; then unpriv cksum -qC SHA256 ${DL} fi -if [[ -e /var/db/installed.BUILDINFO && -e BUILDINFO ]]; then - installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO) - build_ts=$(cut -f3 -d' ' BUILDINFO) - if (( $build_ts < $installed_build_ts )) && ! $FORCE; then - echo "Downloaded snapshot is older than installed snapshot. Use -f to force downgrade." - exit 1 - fi -fi - cat <<__EOT >/auto_upgrade.conf Location of sets = disk Pathname to the sets = ${SETSDIR}/ diff --git a/usr.sbin/vmd/sev.c b/usr.sbin/vmd/sev.c index 11eed72b4..6869f257f 100644 --- a/usr.sbin/vmd/sev.c +++ b/usr.sbin/vmd/sev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sev.c,v 1.2 2024/09/20 02:00:46 jsg Exp $ */ +/* $OpenBSD: sev.c,v 1.3 2024/09/25 04:19:36 deraadt Exp $ */ /* * Copyright (c) 2023, 2024 Hans-Joerg Hoexer @@ -17,8 +17,8 @@ */ #include +#include /* roundup */ #include -#include #include #include diff --git a/usr.sbin/vmd/vmd.8 b/usr.sbin/vmd/vmd.8 index 6818a2112..30402ec93 100644 --- a/usr.sbin/vmd/vmd.8 +++ b/usr.sbin/vmd/vmd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vmd.8,v 1.10 2022/01/05 17:39:25 jmc Exp $ +.\" $OpenBSD: vmd.8,v 1.12 2024/09/24 20:02:39 jmc Exp $ .\" .\" Copyright (c) 2015 Mike Larkin .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 5 2022 $ +.Dd $Mdocdate: September 24 2024 $ .Dt VMD 8 .Os .Sh NAME @@ -63,8 +63,24 @@ such as stopping VMs, and retrieving information from .Xr vmm 4 about running VMs. .Pp +When the host machine is shut down, +.Nm +sends each running VM a shutdown request via the +.Xr vmmci 4 +device. +If the VMs are vmmci-aware, +this provides each VM the chance to shut down cleanly in anticipation +of host shutdown. +During shutdown, +.Nm +waits 30 seconds for the VMs to terminate cleanly before forcibly +stopping them. +This 30 second default can be changed by +.Dq rcctl set vmd timeout n , +where 'n' is the desired timeout in seconds. +.Pp The options are as follows: -.Bl -tag -width Dssmacro=value +.Bl -tag -width Ds .It Fl D Ar macro Ns = Ns Ar value Define .Ar macro @@ -108,6 +124,7 @@ socket used for communication with .El .Sh SEE ALSO .Xr vmm 4 , +.Xr vmmci 4 , .Xr vm.conf 5 , .Xr rc.conf 8 , .Xr vmctl 8 @@ -117,6 +134,7 @@ The command first appeared in .Ox 5.9 . .Sh AUTHORS +.An -nosplit .An Mike Larkin Aq Mt mlarkin@openbsd.org and -.An Reyk Floeter Aq Mt reyk@openbsd.org +.An Reyk Floeter Aq Mt reyk@openbsd.org .